From 067cd9a1af8c1d013f4ff42d9ddc3ac181a48853 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Tue, 16 Jan 2024 09:36:05 +0800 Subject: [PATCH 01/12] =?UTF-8?q?TASK:docker=E5=9B=9E=E9=80=80;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c1843a76..b9bca48c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,10 @@ version: "3" services: aida_back: - container_name: stable-version-aida-back + container_name: develop-version-aida-back build: . volumes: # 数据挂载 - /workspace/home/aida/file/:/workspace/home/aida/file/ ports: - - "10086:5567" \ No newline at end of file + - "10090:5567" \ No newline at end of file From 393c9ec941dd925eee00fd96564ffe3a699cb6cb Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Wed, 17 Jan 2024 10:33:37 +0800 Subject: [PATCH 02/12] =?UTF-8?q?TASK:=E8=AF=81=E4=B9=A6=E6=8E=A5=E6=94=B6?= =?UTF-8?q?=E6=B5=8B=E8=AF=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/config/SecurityConfig.java | 61 +++++++++++++------ .../da/controller/ThirdPartyController.java | 21 +++++++ 2 files changed, 62 insertions(+), 20 deletions(-) diff --git a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java index 773587c9..b0ebc161 100644 --- a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java +++ b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java @@ -3,6 +3,7 @@ package com.ai.da.common.security.config; import com.ai.da.common.security.*; import com.ai.da.common.security.filter.AuthenticationFilter; import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter; +import com.ai.da.mapper.AccountMapper; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.security.authentication.AuthenticationManager; @@ -12,11 +13,14 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; +import java.util.ArrayList; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @@ -45,6 +49,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private AuthenticationFilter authenticationFilter; @Resource private UserPermissionEvaluator userPermissionEvaluator; + @Resource + private AccountMapper accountMapper; @Override @@ -53,26 +59,32 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } @Override - protected void configure(HttpSecurity httpSecurity/*, WebSecurity web*/) throws Exception { -// web.ignoring().antMatchers("/test/**");//禁止所有过滤器 - httpSecurity.cors().disable()//禁用 CSRF - .authorizeRequests()//认证请求 - .antMatchers(securityProperties.getIgnorePaths()).permitAll()//忽略的请求 - .anyRequest().authenticated()//其余所有的请求都需要认证 - .and().headers().frameOptions().disable()// 防止iframe 造成跨域 - .and().exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPointHandler)//未登录请求处理 - .accessDeniedHandler(userAuthAccessDeniedHandler)//无权限访问处理类 (此配置可以忽略,全局异常会先于Security框架处理异常,全局异常已特殊处理) - .and().formLogin().loginProcessingUrl(securityProperties.getAuthApi())//指定认证接口 - .successHandler(userLoginSuccessHandler)//登录成功处理器 - .failureHandler(userLoginFailureHandler)//登录失败处理器 - .and().cors().and().csrf().disable();//允许跨域 - //自定义过滤器在登录时认证用户名、密码 - httpSecurity.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class) - .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class); - //不创建session会话 - httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); - //取消头缓存控制 - httpSecurity.headers().cacheControl(); + protected void configure(HttpSecurity httpSecurity) throws Exception { + httpSecurity.cors().disable() // 禁用 CSRF + .authorizeRequests() + .antMatchers(securityProperties.getIgnorePaths()).permitAll() + .antMatchers("/api/third/party/your-secured-endpoint").authenticated() // 需要验证的接口 + .anyRequest().permitAll() + .and() + .x509() + .subjectPrincipalRegex("CN=(.*?)(?:,|$)") + .userDetailsService(userDetailsService()) + .and() + .exceptionHandling() + .authenticationEntryPoint(userAuthenticationEntryPointHandler) + .accessDeniedHandler(userAuthAccessDeniedHandler) + .and() + .formLogin() + .loginProcessingUrl(securityProperties.getAuthApi()) + .successHandler(userLoginSuccessHandler) + .failureHandler(userLoginFailureHandler) + .and() + .addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class) + .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class) + .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .headers().cacheControl() + ; } @Bean @@ -81,4 +93,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { handler.setPermissionEvaluator(userPermissionEvaluator); return handler; } + @Bean + public UserDetailsService userDetailsService() { +// return (UserDetailsService) accountMapper.selectById(88L); + return username -> { + // 这里可以根据用户名查找用户信息,例如从数据库中查询 + // 返回 UserDetails 对象 + return new User(username, "", new ArrayList<>()); + }; + } } diff --git a/src/main/java/com/ai/da/controller/ThirdPartyController.java b/src/main/java/com/ai/da/controller/ThirdPartyController.java index 72167882..13b17c73 100644 --- a/src/main/java/com/ai/da/controller/ThirdPartyController.java +++ b/src/main/java/com/ai/da/controller/ThirdPartyController.java @@ -7,11 +7,14 @@ import com.ai.da.service.AccountService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.validation.Valid; +import java.security.cert.X509Certificate; @Api(tags = "Third Party Modules") @@ -62,4 +65,22 @@ public class ThirdPartyController { public Response existNoLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO) { return Response.success(accountService.existNoLoginRequired(noLoginRequiredDTO)); } + + @GetMapping("/your-secured-endpoint") +// @PreAuthorize("hasRole('ROLE_USER')") + public String securedEndpoint(HttpServletRequest request, @AuthenticationPrincipal PreAuthenticatedAuthenticationToken authenticationToken) { + // 从请求属性中获取证书 + X509Certificate[] certificates = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); + if (certificates != null && certificates.length > 0) { + X509Certificate clientCertificate = certificates[0]; + // 可以从 clientCertificate 中获取证书信息,例如主题、颁发者等 + String subject = clientCertificate.getSubjectX500Principal().getName(); + String issuer = clientCertificate.getIssuerX500Principal().getName(); + // 处理逻辑 + return "Secured Endpoint. Client Subject: " + subject + ", Issuer: " + issuer; + } else { + // 证书不存在或获取失败 + return "Failed to retrieve client certificate."; + } + } } From 5d3657bba2e44cf06874d290bf0fb587d46f0f86 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Wed, 17 Jan 2024 10:52:27 +0800 Subject: [PATCH 03/12] =?UTF-8?q?TASK:=E8=AF=81=E4=B9=A6=E6=8E=A5=E6=94=B6?= =?UTF-8?q?=E6=B5=8B=E8=AF=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/ai/da/common/security/config/SecurityConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java index b0ebc161..f7284dc6 100644 --- a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java +++ b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java @@ -63,7 +63,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { httpSecurity.cors().disable() // 禁用 CSRF .authorizeRequests() .antMatchers(securityProperties.getIgnorePaths()).permitAll() - .antMatchers("/api/third/party/your-secured-endpoint").authenticated() // 需要验证的接口 +// .antMatchers("/api/third/party/your-secured-endpoint").authenticated() // 需要验证的接口 .anyRequest().permitAll() .and() .x509() From 3452e4c335ce0c2836ff11bad1da6a5b666ce37a Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Wed, 17 Jan 2024 10:57:41 +0800 Subject: [PATCH 04/12] =?UTF-8?q?TASK:=E5=9B=9E=E9=80=80;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/config/SecurityConfig.java | 53 ++++++++----------- 1 file changed, 22 insertions(+), 31 deletions(-) diff --git a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java index f7284dc6..e10500e8 100644 --- a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java +++ b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java @@ -3,7 +3,6 @@ package com.ai.da.common.security.config; import com.ai.da.common.security.*; import com.ai.da.common.security.filter.AuthenticationFilter; import com.ai.da.common.security.filter.UserAuthenticationProcessingFilter; -import com.ai.da.mapper.AccountMapper; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.security.authentication.AuthenticationManager; @@ -20,7 +19,6 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; -import java.util.ArrayList; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @@ -49,8 +47,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { private AuthenticationFilter authenticationFilter; @Resource private UserPermissionEvaluator userPermissionEvaluator; - @Resource - private AccountMapper accountMapper; @Override @@ -59,32 +55,27 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { } @Override - protected void configure(HttpSecurity httpSecurity) throws Exception { - httpSecurity.cors().disable() // 禁用 CSRF - .authorizeRequests() - .antMatchers(securityProperties.getIgnorePaths()).permitAll() -// .antMatchers("/api/third/party/your-secured-endpoint").authenticated() // 需要验证的接口 - .anyRequest().permitAll() - .and() - .x509() - .subjectPrincipalRegex("CN=(.*?)(?:,|$)") - .userDetailsService(userDetailsService()) - .and() - .exceptionHandling() - .authenticationEntryPoint(userAuthenticationEntryPointHandler) - .accessDeniedHandler(userAuthAccessDeniedHandler) - .and() - .formLogin() - .loginProcessingUrl(securityProperties.getAuthApi()) - .successHandler(userLoginSuccessHandler) - .failureHandler(userLoginFailureHandler) - .and() - .addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class) - .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class) - .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) - .and() - .headers().cacheControl() - ; + protected void configure(HttpSecurity httpSecurity/*, WebSecurity web*/) throws Exception { +// web.ignoring().antMatchers("/test/**");//禁止所有过滤器 + httpSecurity.cors().disable()//禁用 CSRF + .authorizeRequests()//认证请求 + .antMatchers(securityProperties.getIgnorePaths()).permitAll()//忽略的请求 + .anyRequest().authenticated()//其余所有的请求都需要认证 + .and().headers().frameOptions().disable()// 防止iframe 造成跨域 + .and().x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService()) + .and().exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPointHandler)//未登录请求处理 + .accessDeniedHandler(userAuthAccessDeniedHandler)//无权限访问处理类 (此配置可以忽略,全局异常会先于Security框架处理异常,全局异常已特殊处理) + .and().formLogin().loginProcessingUrl(securityProperties.getAuthApi())//指定认证接口 + .successHandler(userLoginSuccessHandler)//登录成功处理器 + .failureHandler(userLoginFailureHandler)//登录失败处理器 + .and().cors().and().csrf().disable();//允许跨域 + //自定义过滤器在登录时认证用户名、密码 + httpSecurity.addFilterAt(userAuthenticationProcessingFilter, UsernamePasswordAuthenticationFilter.class) + .addFilterBefore(authenticationFilter, BasicAuthenticationFilter.class); + //不创建session会话 + httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + //取消头缓存控制 + httpSecurity.headers().cacheControl(); } @Bean @@ -93,9 +84,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { handler.setPermissionEvaluator(userPermissionEvaluator); return handler; } + @Bean public UserDetailsService userDetailsService() { -// return (UserDetailsService) accountMapper.selectById(88L); return username -> { // 这里可以根据用户名查找用户信息,例如从数据库中查询 // 返回 UserDetails 对象 From c5d540686e3dcf493477eff64f83ff50199fa6b2 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Wed, 17 Jan 2024 10:59:43 +0800 Subject: [PATCH 05/12] =?UTF-8?q?TASK:=E5=9B=9E=E9=80=80;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/ai/da/common/security/config/SecurityConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java index e10500e8..fe600140 100644 --- a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java +++ b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java @@ -19,6 +19,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; +import java.util.ArrayList; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) From 90634f73c71b2ef26d9503c884c2f678ebe5df68 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Wed, 17 Jan 2024 17:49:40 +0800 Subject: [PATCH 06/12] =?UTF-8?q?TASK:=E5=85=8D=E5=AF=86=E7=99=BB=E5=BD=95?= =?UTF-8?q?;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/config/SecurityConfig.java | 13 -- .../security/filter/AuthenticationFilter.java | 2 +- .../ai/da/controller/AccountController.java | 6 +- .../da/controller/ThirdPartyController.java | 18 +- .../ai/da/model/dto/NoLoginRequiredDTO.java | 2 + .../com/ai/da/service/AccountService.java | 8 +- .../da/service/impl/AccountServiceImpl.java | 170 +++++++++++++++++- 7 files changed, 191 insertions(+), 28 deletions(-) diff --git a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java index fe600140..773587c9 100644 --- a/src/main/java/com/ai/da/common/security/config/SecurityConfig.java +++ b/src/main/java/com/ai/da/common/security/config/SecurityConfig.java @@ -12,14 +12,11 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; import javax.annotation.Resource; -import java.util.ArrayList; @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) @@ -63,7 +60,6 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .antMatchers(securityProperties.getIgnorePaths()).permitAll()//忽略的请求 .anyRequest().authenticated()//其余所有的请求都需要认证 .and().headers().frameOptions().disable()// 防止iframe 造成跨域 - .and().x509().subjectPrincipalRegex("CN=(.*?)(?:,|$)").userDetailsService(userDetailsService()) .and().exceptionHandling().authenticationEntryPoint(userAuthenticationEntryPointHandler)//未登录请求处理 .accessDeniedHandler(userAuthAccessDeniedHandler)//无权限访问处理类 (此配置可以忽略,全局异常会先于Security框架处理异常,全局异常已特殊处理) .and().formLogin().loginProcessingUrl(securityProperties.getAuthApi())//指定认证接口 @@ -85,13 +81,4 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { handler.setPermissionEvaluator(userPermissionEvaluator); return handler; } - - @Bean - public UserDetailsService userDetailsService() { - return username -> { - // 这里可以根据用户名查找用户信息,例如从数据库中查询 - // 返回 UserDetails 对象 - return new User(username, "", new ArrayList<>()); - }; - } } diff --git a/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java b/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java index 7974a487..fcb1d8f7 100644 --- a/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java +++ b/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java @@ -45,7 +45,7 @@ public class AuthenticationFilter extends OncePerRequestFilter { "/webjars/", "/swagger-resources", "/v2/api-docs", "api/account/resetPwd", "/api/python/saveGeneratePicture", "/api/python/getLibraryByUserId", "/api/third/party/addUser","/api/third/party/addTrialUser", "/api/third/party/editUser", "/api/element/initDefaultSysFile", - "/api/third/party/addNoLoginRequired","/api/third/party/deleteNoLoginRequired", + "/api/third/party/addNoLoginRequiredNew","/api/third/party/deleteNoLoginRequiredNew", "/api/third/party/existNoLoginRequired", "/api/python/chatStream", "/api/python/flush", diff --git a/src/main/java/com/ai/da/controller/AccountController.java b/src/main/java/com/ai/da/controller/AccountController.java index d62d7335..1a91a5e5 100644 --- a/src/main/java/com/ai/da/controller/AccountController.java +++ b/src/main/java/com/ai/da/controller/AccountController.java @@ -144,9 +144,9 @@ public class AccountController { return Response.success(accountService.getExpiredTime()); } - @ApiOperation(value = "查询账号到期时间") + @ApiOperation(value = "免密登录") @PostMapping("/noLoginRequired") - public Response noLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO){ - return Response.success(accountService.noLoginRequired(noLoginRequiredDTO)); + public Response noLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request){ + return Response.success(accountService.noLoginRequired(noLoginRequiredDTO, request)); } } diff --git a/src/main/java/com/ai/da/controller/ThirdPartyController.java b/src/main/java/com/ai/da/controller/ThirdPartyController.java index 13b17c73..9cc7dd4c 100644 --- a/src/main/java/com/ai/da/controller/ThirdPartyController.java +++ b/src/main/java/com/ai/da/controller/ThirdPartyController.java @@ -62,8 +62,8 @@ public class ThirdPartyController { @CrossOrigin @ApiOperation(value = "add No Login Required") @PostMapping("/existNoLoginRequired") - public Response existNoLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO) { - return Response.success(accountService.existNoLoginRequired(noLoginRequiredDTO)); + public Response existNoLoginRequired(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + return Response.success(accountService.existNoLoginRequired(noLoginRequiredDTO, request)); } @GetMapping("/your-secured-endpoint") @@ -83,4 +83,18 @@ public class ThirdPartyController { return "Failed to retrieve client certificate."; } } + + @CrossOrigin + @ApiOperation(value = "add No Login Required") + @PostMapping("/addNoLoginRequiredNew") + public Response addNoLoginRequiredNew(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + return Response.success(accountService.addNoLoginRequiredNew(noLoginRequiredDTO, request)); + } + + @CrossOrigin + @ApiOperation(value = "add No Login Required") + @PostMapping("/deleteNoLoginRequiredNew") + public Response deleteNoLoginRequiredNew(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + return Response.success(accountService.deleteNoLoginRequiredNew(noLoginRequiredDTO, request)); + } } diff --git a/src/main/java/com/ai/da/model/dto/NoLoginRequiredDTO.java b/src/main/java/com/ai/da/model/dto/NoLoginRequiredDTO.java index 661703fd..81d94583 100644 --- a/src/main/java/com/ai/da/model/dto/NoLoginRequiredDTO.java +++ b/src/main/java/com/ai/da/model/dto/NoLoginRequiredDTO.java @@ -5,4 +5,6 @@ import lombok.Data; @Data public class NoLoginRequiredDTO { private String browserIdentifiers; + private String id; + private Boolean deleteById; } diff --git a/src/main/java/com/ai/da/service/AccountService.java b/src/main/java/com/ai/da/service/AccountService.java index d6c7aede..86293174 100644 --- a/src/main/java/com/ai/da/service/AccountService.java +++ b/src/main/java/com/ai/da/service/AccountService.java @@ -120,7 +120,11 @@ public interface AccountService extends IService { Boolean deleteNoLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO); - AccountLoginVO noLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO); + AccountLoginVO noLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request); - Boolean existNoLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO); + Boolean existNoLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request); + + String addNoLoginRequiredNew(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request); + + Boolean deleteNoLoginRequiredNew(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request); } diff --git a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java index f66a9369..99b8cb20 100644 --- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java +++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java @@ -647,12 +647,29 @@ public class AccountServiceImpl extends ServiceImpl impl @Override - public AccountLoginVO noLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO) { + public AccountLoginVO noLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + String id = noLoginRequiredDTO.getId(); + if (!isStringInRange(id)) { + throw new BusinessException("Illegal serial number!"); + } + // 获取真实 IP 地址,考虑了经过代理的情况 + String ipAddress = request.getHeader("X-Forwarded-For"); + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("WL-Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getRemoteAddr(); + } + String browserIdentifiers = ipAddress + "," + id; QueryWrapper qw = new QueryWrapper<>(); - qw.lambda().eq(Account::getBrowserIdentifiers, noLoginRequiredDTO.getBrowserIdentifiers()); + qw.lambda().eq(Account::getUserName, "PolyU-SFT-" + id); + qw.lambda().eq(Account::getBrowserIdentifiers, browserIdentifiers); List accountList = accountMapper.selectList(qw); if (CollectionUtil.isEmpty(accountList)) { - throw new BusinessException("This browser is not registered as login free"); + throw new BusinessException("Machine identification has changed, login free has failed, please contact us at help@aida.com.hk."); } Account account = accountList.get(0); AccountLoginVO response = CopyUtil.copyObject(account, AccountLoginVO.class); @@ -668,12 +685,151 @@ public class AccountServiceImpl extends ServiceImpl impl } @Override - public Boolean existNoLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO) { + public Boolean existNoLoginRequired(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + String id = noLoginRequiredDTO.getId(); + // 获取真实 IP 地址,考虑了经过代理的情况 + String ipAddress = request.getHeader("X-Forwarded-For"); + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("WL-Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getRemoteAddr(); + } + String browserIdentifiers = ipAddress + "," + id; QueryWrapper qw = new QueryWrapper<>(); - qw.lambda().eq(Account::getBrowserIdentifiers, noLoginRequiredDTO.getBrowserIdentifiers()); + qw.lambda().eq(Account::getUserName, "PolyU-SFT-" + id); List accountList = accountMapper.selectList(qw); - if (CollectionUtil.isEmpty(accountList)) { - return Boolean.FALSE; + if (!CollectionUtil.isEmpty(accountList)) { + throw new BusinessException(""); + } + return Boolean.TRUE; + } + + @Override + @Transactional(rollbackFor = Exception.class) + public String addNoLoginRequiredNew(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + // 验证机房注册序列号(001-100) + String id = noLoginRequiredDTO.getId(); + if (!isStringInRange(id)) { + throw new BusinessException("Illegal serial number."); + } + // 获取真实 IP 地址,考虑了经过代理的情况 + String ipAddress = request.getHeader("X-Forwarded-For"); + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("WL-Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getRemoteAddr(); + } + String browserIdentifiers = ipAddress + "," + id; + // 构建查询条件,查找已注册的账户数量 + QueryWrapper queryWrapper = new QueryWrapper<>(); + queryWrapper.lambda().eq(Account::getUserName, "PolyU-SFT-" + id); +// queryWrapper.lambda().eq(Account::getBrowserIdentifiers, browserIdentifiers); + List existingAccounts = accountMapper.selectList(queryWrapper); + + // 检查序列号是否被注册 + if (CollectionUtil.isNotEmpty(existingAccounts)) { + throw new BusinessException("The serial number has already been registered."); + } + + // 检查机器是否已经注册了别的序列号 + queryWrapper.clear(); + queryWrapper.lambda().like(Account::getBrowserIdentifiers, ipAddress); + List accountList = accountMapper.selectList(queryWrapper); + if (CollectionUtil.isNotEmpty(accountList)) { + throw new BusinessException("This machine has already been registered with serial number " + accountList.get(0).getUserName().split("-")[2]); + } + + // 创建新账户 + Account newAccount = new Account(); + newAccount.setUserName("PolyU-SFT-" + id); + newAccount.setUserPassword("Third-000000"); + newAccount.setValidStartTime(System.currentTimeMillis()); + newAccount.setValidEndTime(System.currentTimeMillis() + 365L * 24 * 60 * 60 * 1000); + newAccount.setCreateDate(new Date()); + newAccount.setIsBeginner(1); + newAccount.setIsTrial(0); + newAccount.setBrowserIdentifiers(browserIdentifiers); + newAccount.setLanguage(Language.ENGLISH.name()); + + // 插入新账户 + accountMapper.insert(newAccount); + + return "\n" + + "                        \n" + + "                        \n" + + "                            \n" + + "                            \n" + + "                            Document\n" + + "                        \n" + + "                        \n" + + "                        \n" + + "                            \n" + + "                        "; + } + + public static boolean isStringInRange(String input) { + // 去除字符串两端的空格 + input = input.trim(); + + // 使用正则表达式检查是否是三位数字 + if (input.matches("\\d{3}")) { + // 将字符串转换为整数 + int number = Integer.parseInt(input); + + // 检查是否在指定范围内 + return number >= 1 && number <= 100; + } + + return false; + } + + @Override + @Transactional(rollbackFor = Exception.class) + public Boolean deleteNoLoginRequiredNew(NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { + // 获取真实 IP 地址,考虑了经过代理的情况 + String ipAddress = request.getHeader("X-Forwarded-For"); + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getHeader("WL-Proxy-Client-IP"); + } + if (ipAddress == null || ipAddress.isEmpty() || "unknown".equalsIgnoreCase(ipAddress)) { + ipAddress = request.getRemoteAddr(); + } + // 删除将被注销的用户 + QueryWrapper queryWrapperDelete = new QueryWrapper<>(); + if (StringUtils.isNotBlank(noLoginRequiredDTO.getId()) && noLoginRequiredDTO.getDeleteById()) { + // 验证机房注册序列号(001-100) + String id = noLoginRequiredDTO.getId(); + if (!isStringInRange(id)) { + throw new BusinessException("Illegal serial number."); + } + queryWrapperDelete.lambda().eq(Account::getUserName, "PolyU-SFT-" + noLoginRequiredDTO.getId()); + }else { + queryWrapperDelete.lambda().like(Account::getBrowserIdentifiers, ipAddress); + } + List accountList = accountMapper.selectList(queryWrapperDelete); + if (CollectionUtil.isNotEmpty(accountList)) { + for (Account account : accountList) { + //jwt本身失效比较难做 统一用缓存实现 删除缓存就失效 + String token = LocalCacheUtils.getTokenCache(String.valueOf(account.getId())); + if (StringUtils.isNotBlank(token)) { + LocalCacheUtils.delTokenCache(String.valueOf(account.getId())); + } + accountMapper.deleteById(account.getId()); + // TODO:注销时删除用户数据,workspace,like,library等 + } } return Boolean.TRUE; } From d8c09f9597a8c3d6ed588c5b50b951c86f472552 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Wed, 17 Jan 2024 17:50:58 +0800 Subject: [PATCH 07/12] =?UTF-8?q?TASK:docker=E9=85=8D=E7=BD=AE=E6=96=87?= =?UTF-8?q?=E4=BB=B6;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docker-compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b9bca48c..c1843a76 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,10 @@ version: "3" services: aida_back: - container_name: develop-version-aida-back + container_name: stable-version-aida-back build: . volumes: # 数据挂载 - /workspace/home/aida/file/:/workspace/home/aida/file/ ports: - - "10090:5567" \ No newline at end of file + - "10086:5567" \ No newline at end of file From 365c04375a02156c91c37d8c753eced671996d90 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Thu, 18 Jan 2024 09:56:50 +0800 Subject: [PATCH 08/12] =?UTF-8?q?TASK:=E5=85=8D=E7=99=BB=E5=BD=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/ai/da/controller/ThirdPartyController.java | 10 ++++++++++ src/main/resources/application-prod.properties | 1 + 2 files changed, 11 insertions(+) diff --git a/src/main/java/com/ai/da/controller/ThirdPartyController.java b/src/main/java/com/ai/da/controller/ThirdPartyController.java index 9cc7dd4c..2572ed5b 100644 --- a/src/main/java/com/ai/da/controller/ThirdPartyController.java +++ b/src/main/java/com/ai/da/controller/ThirdPartyController.java @@ -7,6 +7,7 @@ import com.ai.da.service.AccountService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.web.bind.annotation.*; @@ -97,4 +98,13 @@ public class ThirdPartyController { public Response deleteNoLoginRequiredNew(@RequestBody NoLoginRequiredDTO noLoginRequiredDTO, HttpServletRequest request) { return Response.success(accountService.deleteNoLoginRequiredNew(noLoginRequiredDTO, request)); } + + @Value("${redirect_url}") + private String REDIRECT_URL; + @CrossOrigin + @ApiOperation(value = "add No Login Required") + @PostMapping("/getRedirectUrl") + public Response getRedirectUrl() { + return Response.success(REDIRECT_URL); + } } diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties index ff77a4e2..3abdcf3b 100644 --- a/src/main/resources/application-prod.properties +++ b/src/main/resources/application-prod.properties @@ -53,3 +53,4 @@ minio.bucketName.results=aida-results minio.bucketName.sysImage=aida-sys-image minio.bucketName.users=aida-users minio.bucketName.collectionElement=aida-collection-element +redirect_url=http://18.167.251.121:7788 From bccb6d7bd272e51c58d97e64e493a8f2d20b8f13 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Thu, 18 Jan 2024 10:03:48 +0800 Subject: [PATCH 09/12] =?UTF-8?q?TASK:=E5=85=8D=E7=99=BB=E5=BD=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../com/ai/da/common/security/filter/AuthenticationFilter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java b/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java index fcb1d8f7..c2625612 100644 --- a/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java +++ b/src/main/java/com/ai/da/common/security/filter/AuthenticationFilter.java @@ -46,7 +46,7 @@ public class AuthenticationFilter extends OncePerRequestFilter { "/api/python/saveGeneratePicture", "/api/python/getLibraryByUserId", "/api/third/party/addUser","/api/third/party/addTrialUser", "/api/third/party/editUser", "/api/element/initDefaultSysFile", "/api/third/party/addNoLoginRequiredNew","/api/third/party/deleteNoLoginRequiredNew", - "/api/third/party/existNoLoginRequired", + "/api/third/party/existNoLoginRequired","/api/third/party/getRedirectUrl", "/api/python/chatStream", "/api/python/flush", "/api/account/healthy" From 557041335a778e5643fb3bea382c8765002b82ca Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Thu, 18 Jan 2024 11:23:25 +0800 Subject: [PATCH 10/12] =?UTF-8?q?TASK:=E5=85=8D=E7=99=BB=E5=BD=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/ai/da/service/impl/AccountServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java index 99b8cb20..5f1a38aa 100644 --- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java +++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java @@ -772,7 +772,7 @@ public class AccountServiceImpl extends ServiceImpl impl "                        \n" + "                        \n" + "                            \n" + "                        "; } From b828c8fcded335d4e0c06c4fa3e651576715fba5 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Thu, 18 Jan 2024 11:58:37 +0800 Subject: [PATCH 11/12] =?UTF-8?q?TASK:=E5=85=8D=E7=99=BB=E5=BD=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/ai/da/service/impl/AccountServiceImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java index 5f1a38aa..b9d6e8c1 100644 --- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java +++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java @@ -669,7 +669,7 @@ public class AccountServiceImpl extends ServiceImpl impl qw.lambda().eq(Account::getBrowserIdentifiers, browserIdentifiers); List accountList = accountMapper.selectList(qw); if (CollectionUtil.isEmpty(accountList)) { - throw new BusinessException("Machine identification has changed, login free has failed, please contact us at help@aida.com.hk."); + throw new BusinessException("Machine not registered or machine identification has changed, login free has failed, please contact us at help@aida.com.hk."); } Account account = accountList.get(0); AccountLoginVO response = CopyUtil.copyObject(account, AccountLoginVO.class); @@ -772,7 +772,7 @@ public class AccountServiceImpl extends ServiceImpl impl "                        \n" + "                        \n" + "                            \n" + "                        "; } From 449c568907d0adcd08d7bf76b32933a9e3898a68 Mon Sep 17 00:00:00 2001 From: shahaibo <1023316923@qq.com> Date: Thu, 18 Jan 2024 12:05:06 +0800 Subject: [PATCH 12/12] =?UTF-8?q?TASK:=E5=85=8D=E7=99=BB=E5=BD=95;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/java/com/ai/da/service/impl/AccountServiceImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java index b9d6e8c1..97ad6bc6 100644 --- a/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java +++ b/src/main/java/com/ai/da/service/impl/AccountServiceImpl.java @@ -768,6 +768,7 @@ public class AccountServiceImpl extends ServiceImpl impl "                            \n" + "                            \n" + "                            Document\n" + + " \n" + "                        \n" + "                        \n" + "                        \n" +