From 0008fb5e74588730e6eb7f8d480ee70f315944ac Mon Sep 17 00:00:00 2001
From: CaptainB <bin@fit2cloud.com>
Date: Thu, 4 May 2023 10:24:48 +0800
Subject: [PATCH] =?UTF-8?q?refactor:=20=E6=9F=A5=E8=AF=A2=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E6=98=AF=E5=90=A6=E5=9C=A8=E7=BA=BF=E4=BD=BF=E7=94=A8?=
 =?UTF-8?q?block=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../gateway/controller/LoginController.java   | 36 +++++++++----------
 .../gateway/service/UserLoginService.java     |  3 +-
 2 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java
index 0ef55d9fdd..6c10b9547f 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java
@@ -19,6 +19,8 @@ import io.metersphere.request.LoginRequest;
 import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.cloud.client.discovery.DiscoveryClient;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.session.data.redis.ReactiveRedisSessionRepository;
@@ -50,7 +52,7 @@ public class LoginController {
     @Resource
     private SystemParameterService systemParameterService;
     @Resource
-    private ReactiveRedisSessionRepository reactiveRedisSessionRepository;
+    private StringRedisTemplate stringRedisTemplate;
 
     @GetMapping(value = "/is-login")
     public Mono<ResultHolder> isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId,
@@ -58,25 +60,19 @@ public class LoginController {
         RsaKey rsaKey = RsaUtil.getRsaKey();
 
         if (StringUtils.isNotBlank(sessionId) && StringUtils.isNotBlank(csrfToken)) {
-            userLoginService.validateCsrfToken(sessionId, csrfToken);
-            return reactiveRedisSessionRepository.getSessionRedisOperations().opsForHash().get("spring:session:sessions:" + sessionId, "sessionAttr:user")
-                    .switchIfEmpty(Mono.just(rsaKey))
-                    .map(r -> {
-                        if (r instanceof RsaKey) {
-                            return ResultHolder.error(rsaKey.getPublicKey());
-                        }
-                        if (r instanceof User) {
-                            // 用户只有工作空间权限
-                            if (StringUtils.isBlank(((User) r).getLastProjectId())) {
-                                ((User) r).setLastProjectId("no_such_project");
-                            }
-                            // 使用数据库里的最新用户权限，不同的tab sessionId 不变
-                            UserDTO userDTO = userLoginService.getUserDTO(((User) r).getId());
-                            SessionUser sessionUser = SessionUser.fromUser(userDTO, sessionId);
-                            return ResultHolder.success(sessionUser);
-                        }
-                        return ResultHolder.success(r);
-                    });
+            String userId = userLoginService.validateCsrfToken(sessionId, csrfToken);
+            Boolean exist = stringRedisTemplate.opsForHash().hasKey("spring:session:sessions:" + sessionId, "sessionAttr:user");
+            if (BooleanUtils.isFalse(exist)) {
+                return Mono.just(ResultHolder.error(rsaKey.getPublicKey()));
+            }
+            // 使用数据库里的最新用户权限，不同的tab sessionId 不变
+            UserDTO userDTO = userLoginService.getUserDTO(userId);
+            SessionUser sessionUser = SessionUser.fromUser(userDTO, sessionId);
+            // 用户只有工作空间权限
+            if (StringUtils.isBlank(sessionUser.getLastProjectId())) {
+                sessionUser.setLastProjectId("no_such_project");
+            }
+            return Mono.just(ResultHolder.success(sessionUser));
         } else {
             return Mono.just(ResultHolder.error(rsaKey.getPublicKey()));
         }
diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java b/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java
index 7c82ccde6a..c7a1628e49 100644
--- a/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java
+++ b/framework/gateway/src/main/java/io/metersphere/gateway/service/UserLoginService.java
@@ -455,7 +455,7 @@ public class UserLoginService {
     }
 
 
-    public void validateCsrfToken(String sessionId, String csrfToken) {
+    public String validateCsrfToken(String sessionId, String csrfToken) {
         if (StringUtils.isBlank(csrfToken)) {
             throw new RuntimeException("csrf token is empty");
         }
@@ -468,6 +468,7 @@ public class UserLoginService {
         if (!StringUtils.equals(sessionId, signatureArray[2])) {
             throw new RuntimeException("Please check csrf token.");
         }
+        return signatureArray[0];
     }
 
     public boolean checkWhetherChangePasswordOrNot(LoginRequest request) {