diff --git a/boot/platform/build.gradle b/boot/platform/build.gradle index a3ead568..2692eb21 100644 --- a/boot/platform/build.gradle +++ b/boot/platform/build.gradle @@ -25,6 +25,21 @@ tasks.named("bootBuildImage") { "-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager" ] publish = true + buildWorkspace { + bind { + source = "/tmp/cache-${rootProject.name}.work" + } + } + buildCache { + bind { + source = "/tmp/cache-${rootProject.name}.build" + } + } + launchCache { + bind { + source = "/tmp/cache-${rootProject.name}.launch" + } + } docker { publishRegistry { username = "${dockerUsername}" diff --git a/boot/platform/src/main/java/com/platform/boot/security/SecurityController.java b/boot/platform/src/main/java/com/platform/boot/security/SecurityController.java index dc3d18b1..071e9581 100644 --- a/boot/platform/src/main/java/com/platform/boot/security/SecurityController.java +++ b/boot/platform/src/main/java/com/platform/boot/security/SecurityController.java @@ -29,86 +29,38 @@ public class SecurityController { private final PasswordEncoder passwordEncoder; private final ServerOAuth2AuthorizedClientRepository clientRepository; - /** - * This endpoint is used to generate an authentication token. - * - * @param session The current web session. - * @param authentication The authentication object containing the user's credentials. - * @return A Mono object containing the authentication token. - * @GetMapping annotation is used to handle GET type requests. This endpoint is mapped to "/oauth2/token". - * The method uses the WebSession and Authentication parameters to build an AuthenticationToken. - * The building of the AuthenticationToken is deferred until subscription time to ensure that it is built with the most up-to-date session and authentication information. - *

- * The built AuthenticationToken is then wrapped in a Mono and returned. - */ @GetMapping("token") public Mono token(WebSession session, Authentication authentication) { return Mono.defer(() -> Mono.just(AuthenticationToken.build(session, authentication))); } - /** - * Retrieves the CSRF token from the current context. - * - * @return A Mono object containing the CSRF token, or an empty Mono if no CSRF token is found. - */ @GetMapping("csrf") public Mono csrfToken() { - // Defer the retrieval of the CSRF token to subscription time. - // This allows the CSRF token to be retrieved from the current context when the Mono is subscribed to. return Mono.deferContextual((contextView) -> { - // Retrieve the CSRF token from the current context. CsrfToken ctk = contextView.get(ContextUtils.CSRF_TOKEN_CONTEXT); - // Return the CSRF token wrapped in a Mono, or an empty Mono if no CSRF token is found. return Mono.justOrEmpty(ctk); }); } - /** - * Binds an OAuth2 client to the authenticated user. - * - * @param clientRegistrationId The registration ID of the OAuth2 client. - * @param authentication The authentication object containing the user's credentials. - * @param exchange The current server web exchange. - * @return A Mono object containing the access token of the OAuth2 client. - */ @GetMapping("bind") public Mono bindOauth2(String clientRegistrationId, Authentication authentication, ServerWebExchange exchange) { - // Load the authorized OAuth2 client using the client registration ID, authentication object, and server web exchange. - // Then, retrieve the access token of the OAuth2 client. return this.clientRepository.loadAuthorizedClient(clientRegistrationId, authentication, exchange) .flatMap(oAuth2AuthorizedClient -> Mono.just(oAuth2AuthorizedClient.getAccessToken())); } - /** - * Changes the password of the authenticated user. - * - * @param request The request object containing the current and new password. - * @param authentication The authentication object containing the user's credentials. - * @return A Mono object of the updated user. - * @throws RestServerException if the new password is the same as the current password. - * @throws RestServerException if the presented password does not match the current password. - */ @PostMapping("/change/password") public Mono changePassword(@Valid @RequestBody ChangePasswordRequest request, Authentication authentication) { - // Check if the new password is the same as the current password. if (!request.getPassword().equals(request.getNewPassword())) { - // Throw an exception if the new password is the same as the current password. throw RestServerException.withMsg("Password and newPassword not match", request); } - // Retrieve the presented password from the authentication object. String presentedPassword = (String) authentication.getCredentials(); - // Check if the presented password matches the current password. if (!this.passwordEncoder.matches(presentedPassword, request.getPassword())) { - // Throw an exception if the presented password does not match the current password. throw RestServerException.withMsg( "Password verification failed, presented password not match", presentedPassword); } - // Encode the new password. String newPassword = this.passwordEncoder.encode(request.getNewPassword()); - // Retrieve the UserDetails from the authentication object. UserDetails userDetails = (UserDetails) authentication.getDetails(); - // Update the user's password and return the updated UserDetails. return this.securityManager.updatePassword(userDetails, newPassword); } diff --git a/boot/platform/src/main/java/com/platform/boot/security/SecurityDetails.java b/boot/platform/src/main/java/com/platform/boot/security/SecurityDetails.java index fbd2079d..610eb4d8 100644 --- a/boot/platform/src/main/java/com/platform/boot/security/SecurityDetails.java +++ b/boot/platform/src/main/java/com/platform/boot/security/SecurityDetails.java @@ -75,20 +75,22 @@ public SecurityDetails password(String password) { } public String getTenantCode() { + var defaultTenantCode = "0"; if (ObjectUtils.isEmpty(this.getTenants())) { - return null; + return defaultTenantCode; } return this.getTenants().stream().filter(TenantMemberResponse::getEnabled).findAny() - .map(TenantMemberResponse::getTenantCode).orElse(null); + .map(TenantMemberResponse::getTenantCode).orElse(defaultTenantCode); } @JsonGetter public String getTenantName() { + var defaultTenantName = "默认租户"; if (ObjectUtils.isEmpty(this.getTenants())) { - return null; + return defaultTenantName; } return this.getTenants().stream().filter(TenantMemberResponse::getEnabled).findAny() - .map(TenantMemberResponse::getName).orElse(null); + .map(TenantMemberResponse::getName).orElse(defaultTenantName); } @Override diff --git a/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2SuccessHandler.java b/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2SuccessHandler.java index cae9c500..67195a52 100644 --- a/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2SuccessHandler.java +++ b/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2SuccessHandler.java @@ -32,7 +32,6 @@ public class Oauth2SuccessHandler extends RedirectServerAuthenticationSuccessHan @Override public Mono onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) { if (!(authentication instanceof OAuth2AuthenticationToken)) { - // 如果不是预期的认证类型,可以选择记录日志或返回错误响应 throw RestServerException.withMsg("Authentication token must be an instance of OAuth2AuthenticationToken", List.of()); } diff --git a/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2UserService.java b/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2UserService.java index 03419e75..9228d04d 100644 --- a/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2UserService.java +++ b/boot/platform/src/main/java/com/platform/boot/security/oauth2/Oauth2UserService.java @@ -30,6 +30,8 @@ @RequiredArgsConstructor public class Oauth2UserService extends DefaultReactiveOAuth2UserService { + private static final SecureRandom SECURE_RANDOM = new SecureRandom(); + private final SecurityManager securityManager; @Override @@ -104,8 +106,7 @@ public OAuth2User convertToOauth2User(User details, OAuth2User oAuth2User) { public static String generateRandoPassword() { byte[] randomBytes = new byte[16]; - SecureRandom secureRandom = new SecureRandom(); - secureRandom.nextBytes(randomBytes); + SECURE_RANDOM.nextBytes(randomBytes); return Base64.getEncoder().encodeToString(randomBytes); } } \ No newline at end of file diff --git a/boot/platform/src/main/resources/schema-postgres.sql b/boot/platform/src/main/resources/schema-postgres.sql index d590e48e..06fb6a65 100644 --- a/boot/platform/src/main/resources/schema-postgres.sql +++ b/boot/platform/src/main/resources/schema-postgres.sql @@ -144,8 +144,8 @@ create table if not exists se_menus pcode varchar(64) not null default '0', tenant_code varchar(64) not null default '0', type varchar(20) not null default 'MENU', - authority varchar(512) not null unique, - name varchar(512) not null, + authority varchar(256) not null unique, + name varchar(256) not null, path text, sort int default 0, extend jsonb, diff --git a/build.gradle b/build.gradle index 0c7d26aa..257dfcc3 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,7 @@ plugins { - id "org.springframework.boot" version "3.2.5" apply false - id 'io.spring.dependency-management' version '1.1.4' apply false - id 'org.graalvm.buildtools.native' version '0.10.1' apply false + id "org.springframework.boot" version "3.3.0" apply false + id 'io.spring.dependency-management' version '1.1.5' apply false + id 'org.graalvm.buildtools.native' version '0.10.2' apply false } ext {