1 year ago · 17acf2ba7a
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/EmailAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/EmailAuthStrategy.java
@@ -66,6 +66,7 @@ public class EmailAuthStrategy implements IAuthStrategy {
 
				         // 例如: 后台用户30分钟过期 app用户1天过期
			
 
				         model.setTimeout(client.getTimeout());
			
 
				         model.setActiveTimeout(client.getActiveTimeout());
			
 
				+        model.setExtra(LoginHelper.CLIENT_KEY, clientId);
			
 
				         // 生成token
			
 
				         LoginHelper.login(loginUser, model);
			
 
				 
			
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/PasswordAuthStrategy.java
@@ -76,6 +76,7 @@ public class PasswordAuthStrategy implements IAuthStrategy {
 
				         // 例如: 后台用户30分钟过期 app用户1天过期
			
 
				         model.setTimeout(client.getTimeout());
			
 
				         model.setActiveTimeout(client.getActiveTimeout());
			
 
				+        model.setExtra(LoginHelper.CLIENT_KEY, clientId);
			
 
				         // 生成token
			
 
				         LoginHelper.login(loginUser, model);
			
 
				 
			
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SmsAuthStrategy.java
@@ -66,6 +66,7 @@ public class SmsAuthStrategy implements IAuthStrategy {
 
				         // 例如: 后台用户30分钟过期 app用户1天过期
			
 
				         model.setTimeout(client.getTimeout());
			
 
				         model.setActiveTimeout(client.getActiveTimeout());
			
 
				+        model.setExtra(LoginHelper.CLIENT_KEY, clientId);
			
 
				         // 生成token
			
 
				         LoginHelper.login(loginUser, model);
			
 
				 
			
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/SocialAuthStrategy.java
@@ -103,6 +103,7 @@ public class SocialAuthStrategy implements IAuthStrategy {
 
				         // 例如: 后台用户30分钟过期 app用户1天过期
			
 
				         model.setTimeout(client.getTimeout());
			
 
				         model.setActiveTimeout(client.getActiveTimeout());
			
 
				+        model.setExtra(LoginHelper.CLIENT_KEY, clientId);
			
 
				         // 生成token
			
 
				         LoginHelper.login(loginUser, model);
			
 
				 
			
--- a/ruoyi-admin/src/main/java/org/dromara/web/service/impl/XcxAuthStrategy.java
+++ b/ruoyi-admin/src/main/java/org/dromara/web/service/impl/XcxAuthStrategy.java
@@ -61,6 +61,7 @@ public class XcxAuthStrategy implements IAuthStrategy {
 
				         // 例如: 后台用户30分钟过期 app用户1天过期
			
 
				         model.setTimeout(client.getTimeout());
			
 
				         model.setActiveTimeout(client.getActiveTimeout());
			
 
				+        model.setExtra(LoginHelper.CLIENT_KEY, clientId);
			
 
				         // 生成token
			
 
				         LoginHelper.login(loginUser, model);
			
 
				 
			
--- a/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
+++ b/ruoyi-common/ruoyi-common-satoken/src/main/java/org/dromara/common/satoken/utils/LoginHelper.java
@@ -34,6 +34,7 @@ public class LoginHelper {
 
				     public static final String LOGIN_USER_KEY = "loginUser";
			
 
				     public static final String TENANT_KEY = "tenantId";
			
 
				     public static final String USER_KEY = "userId";
			
 
				+    public static final String CLIENT_KEY = "clientid";
			
 
				 
			
 
				     /**
			
 
				      * 登录系统 基于 设备类型
			
--- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfig.java
@@ -1,9 +1,13 @@
 
				 package org.dromara.common.security.config;
			
 
				 
			
 
				+import cn.dev33.satoken.exception.NotLoginException;
			
 
				 import cn.dev33.satoken.interceptor.SaInterceptor;
			
 
				 import cn.dev33.satoken.router.SaRouter;
			
 
				 import cn.dev33.satoken.stp.StpUtil;
			
 
				+import org.dromara.common.core.utils.ServletUtils;
			
 
				 import org.dromara.common.core.utils.SpringUtils;
			
 
				+import org.dromara.common.core.utils.StringUtils;
			
 
				+import org.dromara.common.satoken.utils.LoginHelper;
			
 
				 import org.dromara.common.security.config.properties.SecurityProperties;
			
 
				 import org.dromara.common.security.handler.AllUrlHandler;
			
 
				 import lombok.RequiredArgsConstructor;
			
@@ -44,6 +48,18 @@ public class SecurityConfig implements WebMvcConfigurer {
 
				                     // 检查是否登录 是否有token
			
 
				                     StpUtil.checkLogin();
			
 
				 
			
 
				+                    // 检查 header 里的 clientId 与 token 里的是否一致
			
 
				+                    String headerCid = ServletUtils.getRequest().getHeader(LoginHelper.CLIENT_KEY);
			
 
				+                    String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
			
 
				+                    if (!StringUtils.equals(headerCid, clientId)) {
			
 
				+                        // token 无效
			
 
				+                        throw NotLoginException.newInstance(
			
 
				+                            StpUtil.getLoginType(),
			
 
				+                            NotLoginException.INVALID_TOKEN,
			
 
				+                            NotLoginException.NOT_TOKEN_MESSAGE,
			
 
				+                            StpUtil.getTokenValue());
			
 
				+                    }
			
 
				+
			
 
				                     // 有效率影响 用于临时测试
			
 
				                     // if (log.isDebugEnabled()) {
			
 
				                     //     log.debug("剩余有效时间: {}", StpUtil.getTokenTimeout());