feat: 支持配置单个账号最大 token 数量（默认 1 即不支持重复登录）

cadecode · cadecode · commit a7c3dbaf0e92 · 2024-07-23T13:48:16.000+08:00
diff --git a/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/config/SecurityConfig.java b/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/config/SecurityConfig.java
@@ -193,5 +193,12 @@ public static class TokenConfig {
          * 密钥
          */
         private String secret;
+
+        /**
+         * 单个账号最多允许几个 token（大于 0）
+         * 为 1 时即不允许多次登录同时在线
+         */
+        private Integer maxCount = 1;
+
     }
 }
diff --git a/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/security/strategy/RedisTokenAuthStrategyImpl.java b/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/security/strategy/RedisTokenAuthStrategyImpl.java
@@ -42,15 +42,18 @@ public void handler(HttpServletRequest request, HttpServletResponse response, Fi
             return;
         }
         // 查询 redis 中 token
-        String loginUserKey = KeyGeneUtil.key(KeyPrefixConst.LOGIN_USER, uuidToken);
-        SysUserDetails sysUserDetails = RedisUtil.get(loginUserKey, SysUserDetails.class);
+        String loginUserTokenKey = KeyGeneUtil.key(KeyPrefixConst.LOGIN_USER, uuidToken);
+        SysUserDetails sysUserDetails = RedisUtil.get(loginUserTokenKey, SysUserDetails.class);
         // redis 中用户不存在
         if (Objects.isNull(sysUserDetails)) {
             writeResponse(response, AuthErrorEnum.TOKEN_EXPIRED, requestURI);
             return;
         }
         // 用户存在，刷新过期时间
-        RedisUtil.expire(loginUserKey, SecurityUtil.getExpiration(), TimeUnit.SECONDS);
+        RedisUtil.expire(loginUserTokenKey, SecurityUtil.getExpiration(), TimeUnit.SECONDS);
+        String loginUsernameKey = KeyGeneUtil.key(KeyPrefixConst.LOGIN_USER, sysUserDetails.getUsername());
+        RedisUtil.expire(loginUsernameKey, SecurityUtil.getExpiration(), TimeUnit.SECONDS);
+
         ServletUtil.addCookie(response, HttpConst.HEAD_TOKEN, uuidToken, SecurityUtil.getExpiration().intValue());
         // 设置 AuthenticationToken
         setAuthentication(request, sysUserDetails);
diff --git a/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/util/SecurityUtil.java b/framework/framework_base/src/main/java/com/github/cadecode/uniboot/framework/base/util/SecurityUtil.java
@@ -32,6 +32,10 @@ public class SecurityUtil implements InitializingBean {
 
     // 从 SecurityConfig 获取 token 配置
 
+    public static SecurityProperties properties() {
+        return PROPERTIES;
+    }
+
     public static Long getExpiration() {
         return PROPERTIES.getTokenConfig().getExpiration();
     }
@@ -40,6 +44,10 @@ public static String getSecret() {
         return PROPERTIES.getTokenConfig().getSecret();
     }
 
+    public static Integer getMaxCount() {
+        return PROPERTIES.getTokenConfig().getMaxCount();
+    }
+
     /**
      * 从request对象解析token，cookie or header
      *
diff --git a/framework/framework_svc/src/main/java/com/github/cadecode/uniboot/framework/svc/security/RedisLoginSuccessHandleService.java b/framework/framework_svc/src/main/java/com/github/cadecode/uniboot/framework/svc/security/RedisLoginSuccessHandleService.java
@@ -1,5 +1,7 @@
 package com.github.cadecode.uniboot.framework.svc.security;
 
+import cn.hutool.core.util.ObjUtil;
+import com.fasterxml.jackson.core.type.TypeReference;
 import com.github.cadecode.uniboot.common.core.extension.strategy.StrategyContext;
 import com.github.cadecode.uniboot.common.core.web.response.ApiResult;
 import com.github.cadecode.uniboot.common.plugin.cache.util.KeyGeneUtil;
@@ -15,7 +17,12 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Objects;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Collectors;
 
 /**
  * 登录成功处理器
@@ -35,11 +42,39 @@ public ApiResult<SysUserDetails> getResult(HttpServletRequest request, HttpServl
         // token 放在请求头
         response.addHeader(HttpConst.HEAD_TOKEN, uuidToken);
         // 生成存放登录信息的 redis key
-        String loginUserKey = KeyGeneUtil.key(KeyPrefixConst.LOGIN_USER, uuidToken);
-        RedisUtil.set(loginUserKey, sysUserDetails, SecurityUtil.getExpiration(), TimeUnit.SECONDS);
+        String loginUserTokenKey = KeyGeneUtil.key(KeyPrefixConst.LOGIN_USER, uuidToken);
+        String loginUsernameKey = KeyGeneUtil.key(KeyPrefixConst.LOGIN_USER, sysUserDetails.getUsername());
+        // 获取当前账号 token 列表
+        List<String> tokenList = getTokenList(loginUsernameKey, loginUserTokenKey);
+        RedisUtil.set(loginUserTokenKey, sysUserDetails, SecurityUtil.getExpiration(), TimeUnit.SECONDS);
+        RedisUtil.set(loginUsernameKey, tokenList, SecurityUtil.getExpiration(), TimeUnit.SECONDS);
         return ApiResult.ok(sysUserDetails).path(FrameSecurityConfig.LOGOUT_URL);
     }
 
+    private List<String> getTokenList(String loginUsernameKey, String loginUserTokenKey) {
+        List<String> tokenList = RedisUtil.get(loginUsernameKey, new TypeReference<ArrayList<String>>() {});
+        if (ObjUtil.isEmpty(tokenList)) {
+            return new ArrayList<>(Collections.singletonList(loginUserTokenKey));
+        }
+        // 当配置了最大 token 数
+        Integer maxTokenCount = SecurityUtil.getMaxCount();
+        if (Objects.nonNull(maxTokenCount) && maxTokenCount > 0) {
+            tokenList.add(loginUserTokenKey);
+            if (tokenList.size() > maxTokenCount) {
+                // 清理超过限制的 token
+                tokenList.stream()
+                        .limit(tokenList.size() - maxTokenCount)
+                        .forEach(RedisUtil::del);
+                tokenList = tokenList.stream()
+                        .skip(tokenList.size() - maxTokenCount)
+                        .collect(Collectors.toList());
+            }
+        } else {
+            tokenList = new ArrayList<>(Collections.singletonList(loginUserTokenKey));
+        }
+        return tokenList;
+    }
+
     @Override
     public boolean supports(StrategyContext delimiter) {
         return delimiter.getStrategyType() == AuthModelEnum.REDIS;

Original file line number	Diff line number	Diff line change
`@@ -193,5 +193,12 @@ public static class TokenConfig {`
`193`	`193`	`* 密钥`
`194`	`194`	`*/`
`195`	`195`	`private String secret;`
	`196`	`+`
	`197`	`+ /**`
	`198`	`+ * 单个账号最多允许几个 token（大于 0）`
	`199`	`+ * 为 1 时即不允许多次登录同时在线`
	`200`	`+ */`
	`201`	`+ private Integer maxCount = 1;`
	`202`	`+`
`196`	`203`	`}`
`197`	`204`	`}`
Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,10 @@ public class SecurityUtil implements InitializingBean {`
`32`	`32`
`33`	`33`	`// 从 SecurityConfig 获取 token 配置`
`34`	`34`
	`35`	`+ public static SecurityProperties properties() {`
	`36`	`+ return PROPERTIES;`
	`37`	`+ }`
	`38`	`+`
`35`	`39`	`public static Long getExpiration() {`
`36`	`40`	`return PROPERTIES.getTokenConfig().getExpiration();`
`37`	`41`	`}`
`@@ -40,6 +44,10 @@ public static String getSecret() {`
`40`	`44`	`return PROPERTIES.getTokenConfig().getSecret();`
`41`	`45`	`}`
`42`	`46`
	`47`	`+ public static Integer getMaxCount() {`
	`48`	`+ return PROPERTIES.getTokenConfig().getMaxCount();`
	`49`	`+ }`
	`50`	`+`
`43`	`51`	`/**`
`44`	`52`	`* 从request对象解析token，cookie or header`
`45`	`53`	`*`