河北安全测评整改需求

pqs-auth/src/main/java/com/njcn/auth/controller/AuthController.java

@@ -4,6 +4,7 @@ import cn.hutool.core.collection.CollectionUtil;
 import com.nimbusds.jose.jwk.JWKSet;
 import com.nimbusds.jose.jwk.RSAKey;
 import com.njcn.auth.service.UserTokenService;
+import com.njcn.auth.utils.AuthPubUtil;
 import com.njcn.common.pojo.annotation.OperateInfo;
 import com.njcn.common.pojo.constant.OperateType;
 import com.njcn.common.pojo.constant.SecurityConstants;
@@ -47,6 +48,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.stream.Collectors;
 
 /**
  * @author hongawen
@@ -73,7 +75,7 @@ public class AuthController extends BaseController {
 
 
     @ApiIgnore
-    @OperateInfo(info = LogEnum.SYSTEM_COMMON, operateType = OperateType.AUTHENTICATE)
+    @OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.AUTHENTICATE)
     @ApiOperation("登录认证")
     @ApiImplicitParams({
             @ApiImplicitParam(name = SecurityConstants.GRANT_TYPE, defaultValue = "password", value = "授权模式", required = true),
@@ -90,14 +92,7 @@ public class AuthController extends BaseController {
     public Object postAccessToken(@ApiIgnore Principal principal, @RequestParam @ApiIgnore Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
         String methodDescribe = getMethodDescribe("postAccessToken");
         String username = parameters.get(SecurityConstants.USERNAME);
-        UserStrategy data = passWordRuleFeugnClient.getUserStrategy().getData();
 
-        String onlineUserKey = SecurityConstants.TOKEN_ONLINE_PREFIX;
-        List<UserTokenInfo> onLineUser = (List<UserTokenInfo>) redisUtil.getLikeListAllValues(onlineUserKey);
-        Integer maxNum = data.getMaxNum();
-        if((CollectionUtil.isNotEmpty(onLineUser)?onLineUser.size():0)>=maxNum){
-            throw new BusinessException(UserResponseEnum.LOGIN_USER_OVERLIMIT);
-        }
 
         String grantType = parameters.get(SecurityConstants.GRANT_TYPE);
         if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_CAPTCHA) || grantType.equalsIgnoreCase(SecurityConstants.REFRESH_TOKEN_KEY)) {
@@ -106,6 +101,24 @@ public class AuthController extends BaseController {
             //短信方式登录，将手机号赋值为用户名
             username = parameters.get(SecurityConstants.PHONE);
         }
+
+        UserStrategy data = passWordRuleFeugnClient.getUserStrategy().getData();
+        String onlineUserKey = SecurityConstants.TOKEN_ONLINE_PREFIX;
+        List<UserTokenInfo> onLineUser = (List<UserTokenInfo>) redisUtil.getLikeListAllValues(onlineUserKey);
+        if(CollectionUtil.isNotEmpty(onLineUser)){
+            String finalUsername = username;
+            onLineUser = onLineUser.stream().filter(item->{
+                String login = AuthPubUtil.getLoginByToken(item.getRefreshToken());
+                return !login.equals(finalUsername);
+            }).collect(Collectors.toList());
+        }
+
+        Integer maxNum = data.getMaxNum();
+        if((CollectionUtil.isNotEmpty(onLineUser)?onLineUser.size():0)>=maxNum){
+            throw new BusinessException(UserResponseEnum.LOGIN_USER_OVERLIMIT);
+        }
+
+
         if (grantType.equalsIgnoreCase(SecurityConstants.REFRESH_TOKEN_KEY)) {
             //如果是刷新token，需要去黑名单校验
             userTokenService.judgeRefreshToken(parameters.get(SecurityConstants.REFRESH_TOKEN_KEY));
@@ -125,6 +138,7 @@ public class AuthController extends BaseController {
         }
     }
 
+    @OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.LOGOUT)
     @ApiOperation("用户登出系统")
     @DeleteMapping("/logout")
     public HttpResult<Object> logout() {