diff --git a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java index cb35c8ff0f..0ef55d9fdd 100644 --- a/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java +++ b/framework/gateway/src/main/java/io/metersphere/gateway/controller/LoginController.java @@ -5,29 +5,31 @@ import io.metersphere.commons.constants.OperLogConstants; import io.metersphere.commons.constants.OperLogModule; import io.metersphere.commons.constants.SessionConstants; import io.metersphere.commons.user.SessionUser; +import io.metersphere.commons.utils.RsaKey; import io.metersphere.commons.utils.RsaUtil; import io.metersphere.controller.handler.ResultHolder; import io.metersphere.dto.ServiceDTO; import io.metersphere.dto.UserDTO; -import io.metersphere.gateway.log.annotation.MsAuditLog; import io.metersphere.gateway.service.AuthSourceService; import io.metersphere.gateway.service.BaseDisplayService; import io.metersphere.gateway.service.SystemParameterService; import io.metersphere.gateway.service.UserLoginService; +import io.metersphere.gateway.log.annotation.MsAuditLog; import io.metersphere.request.LoginRequest; -import jakarta.annotation.Resource; import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.cloud.client.discovery.DiscoveryClient; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.session.data.redis.RedisSessionRepository; +import org.springframework.session.data.redis.ReactiveRedisSessionRepository; import org.springframework.web.bind.annotation.*; import org.springframework.web.server.ResponseStatusException; import org.springframework.web.server.WebSession; import reactor.core.publisher.Mono; import reactor.core.scheduler.Schedulers; +import jakarta.annotation.Resource; + import java.io.IOException; import java.util.List; import java.util.Locale; @@ -48,26 +50,36 @@ public class LoginController { @Resource private SystemParameterService systemParameterService; @Resource - private RedisSessionRepository redisSessionRepository; + private ReactiveRedisSessionRepository reactiveRedisSessionRepository; @GetMapping(value = "/is-login") public Mono isLogin(@RequestHeader(name = SessionConstants.HEADER_TOKEN, required = false) String sessionId, @RequestHeader(name = SessionConstants.CSRF_TOKEN, required = false) String csrfToken) throws Exception { + RsaKey rsaKey = RsaUtil.getRsaKey(); + if (StringUtils.isNotBlank(sessionId) && StringUtils.isNotBlank(csrfToken)) { userLoginService.validateCsrfToken(sessionId, csrfToken); - Object userFromSession = redisSessionRepository.getSessionRedisOperations().opsForHash().get("spring:session:sessions:" + sessionId, "sessionAttr:user"); - if (userFromSession instanceof User) { - // 用户只有工作空间权限 - if (StringUtils.isBlank(((User) userFromSession).getLastProjectId())) { - ((User) userFromSession).setLastProjectId("no_such_project"); - } - // 使用数据库里的最新用户权限,不同的tab sessionId 不变 - UserDTO userDTO = userLoginService.getUserDTO(((User) userFromSession).getId()); - SessionUser sessionUser = SessionUser.fromUser(userDTO, sessionId); - return Mono.just(ResultHolder.success(sessionUser)); - } + return reactiveRedisSessionRepository.getSessionRedisOperations().opsForHash().get("spring:session:sessions:" + sessionId, "sessionAttr:user") + .switchIfEmpty(Mono.just(rsaKey)) + .map(r -> { + if (r instanceof RsaKey) { + return ResultHolder.error(rsaKey.getPublicKey()); + } + if (r instanceof User) { + // 用户只有工作空间权限 + if (StringUtils.isBlank(((User) r).getLastProjectId())) { + ((User) r).setLastProjectId("no_such_project"); + } + // 使用数据库里的最新用户权限,不同的tab sessionId 不变 + UserDTO userDTO = userLoginService.getUserDTO(((User) r).getId()); + SessionUser sessionUser = SessionUser.fromUser(userDTO, sessionId); + return ResultHolder.success(sessionUser); + } + return ResultHolder.success(r); + }); + } else { + return Mono.just(ResultHolder.error(rsaKey.getPublicKey())); } - return Mono.just(ResultHolder.error(RsaUtil.getRsaKey().getPublicKey())); } @PostMapping(value = "/signin")