lxm_library_java/JustAuth
1
0
Fork 0
mirror of synced 2026-04-23 09:58:50 +08:00
Code Issues Projects Releases Wiki Activity

🔖 v1.9.3,详细更新内容参考update.md

Browse Source
This commit is contained in:
yadong.zhang
2019-07-30 09:12:28 +08:00
parent a2d6dfe707
commit 33076971fe
33 changed files with 561 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/main/java/me/zhyd/oauth/cache/AuthCache.java vendored Normal file
View File

@@ -0,0 +1,50 @@
package me.zhyd.oauth.cache;
/**
* JustAuth缓存用来缓存State
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @since 1.9.3
*/
public interface AuthCache {
/**
* 设置缓存
*
* @param key 缓存KEY
* @param value 缓存内容
*/
void set(String key, String value);
/**
* 设置缓存,指定过期时间
*
* @param key 缓存KEY
* @param value 缓存内容
* @param timeout 指定缓存过期时间(毫秒)
*/
void set(String key, String value, long timeout);
/**
* 获取缓存
*
* @param key 缓存KEY
* @return 缓存内容
*/
String get(String key);
/**
* 是否存在key如果对应key的value值已过期也返回false
*
* @param key 缓存KEY
* @return true存在key并且value没过期falsekey不存在或者已过期
*/
boolean containsKey(String key);
/**
* 清理过期的缓存
*/
default void pruneCache() {
}
}

39
src/main/java/me/zhyd/oauth/cache/AuthCacheScheduler.java vendored Normal file
View File

@@ -0,0 +1,39 @@
package me.zhyd.oauth.cache;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
/**
* 缓存调度器
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @since 1.9.3
*/
public enum AuthCacheScheduler {
INSTANCE;
private AtomicInteger cacheTaskNumber = new AtomicInteger(1);
private ScheduledExecutorService scheduler;
AuthCacheScheduler() {
create();
}
private void create() {
this.shutdown();
this.scheduler = new ScheduledThreadPoolExecutor(10, r -> new Thread(r, String.format("JustAuth-Task-%s", cacheTaskNumber.getAndIncrement())));
}
private void shutdown() {
if (null != scheduler) {
this.scheduler.shutdown();
}
}
public void schedule(Runnable task, long delay) {
this.scheduler.scheduleAtFixedRate(task, delay, delay, TimeUnit.MILLISECONDS);
}
}

144
src/main/java/me/zhyd/oauth/cache/AuthDefaultCache.java vendored Normal file
View File

@@ -0,0 +1,144 @@
package me.zhyd.oauth.cache;
import lombok.Getter;
import lombok.Setter;
import java.io.Serializable;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
/**
* 默认的缓存实现
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @since 1.9.3
*/
public class AuthDefaultCache implements AuthCache {
/**
* 默认缓存过期时间3分钟
* 鉴于授权过程中根据个人的操作习惯或者授权平台的不同google等每个授权流程的耗时也有差异不过单个授权流程一般不会太长
* 本缓存工具默认的过期时间设置为3分钟即程序默认认为3分钟内的授权有效超过3分钟则默认失效失效后删除
*/
private static final long DEF_TIMEOUT = 3 * 60 * 1000;
/**
* state cache
*/
private static Map<String, CacheState> stateCache = new ConcurrentHashMap<>();
private final ReentrantReadWriteLock cacheLock = new ReentrantReadWriteLock(true);
private final Lock writeLock = cacheLock.writeLock();
private final Lock readLock = cacheLock.readLock();
public AuthDefaultCache() {
this.schedulePrune(DEF_TIMEOUT);
}
/**
* 设置缓存
*
* @param key 缓存KEY
* @param value 缓存内容
*/
@Override
public void set(String key, String value) {
set(key, value, DEF_TIMEOUT);
}
/**
* 设置缓存
*
* @param key 缓存KEY
* @param value 缓存内容
* @param timeout 指定缓存过期时间(毫秒)
*/
@Override
public void set(String key, String value, long timeout) {
writeLock.lock();
try {
stateCache.put(key, new CacheState(value, timeout));
} finally {
writeLock.unlock();
}
}
/**
* 获取缓存
*
* @param key 缓存KEY
* @return 缓存内容
*/
@Override
public String get(String key) {
readLock.lock();
try {
CacheState cacheState = stateCache.get(key);
if (null == cacheState || cacheState.isExpired()) {
return null;
}
return cacheState.getState();
} finally {
readLock.unlock();
}
}
/**
* 是否存在key如果对应key的value值已过期也返回false
*
* @param key 缓存KEY
* @return true存在key并且value没过期falsekey不存在或者已过期
*/
@Override
public boolean containsKey(String key) {
readLock.lock();
try {
CacheState cacheState = stateCache.get(key);
return null != cacheState && !cacheState.isExpired();
} finally {
readLock.unlock();
}
}
/**
* 清理过期的缓存
*/
@Override
public void pruneCache() {
Iterator<CacheState> values = stateCache.values().iterator();
CacheState cacheState;
while (values.hasNext()) {
cacheState = values.next();
if (cacheState.isExpired()) {
values.remove();
}
}
}
/**
* 定时清理
*
* @param delay 间隔时长,单位毫秒
*/
public void schedulePrune(long delay) {
AuthCacheScheduler.INSTANCE.schedule(this::pruneCache, delay);
}
@Getter
@Setter
private class CacheState implements Serializable {
private String state;
private long expire;
CacheState(String state, long expire) {
this.state = state;
// 实际过期时间等于当前时间加上有效期
this.expire = System.currentTimeMillis() + expire;
}
boolean isExpired() {
return System.currentTimeMillis() > this.expire;
}
}
}

51
src/main/java/me/zhyd/oauth/cache/AuthStateCache.java vendored Normal file
View File

@@ -0,0 +1,51 @@
package me.zhyd.oauth.cache;
/**
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @since 1.8
*/
public class AuthStateCache {
private static AuthCache authCache = new AuthDefaultCache();
/**
* 存入缓存
*
* @param key 缓存key
* @param value 缓存内容
*/
public static void cache(String key, String value) {
authCache.set(key, value);
}
/**
* 存入缓存
*
* @param key 缓存key
* @param value 缓存内容
* @param timeout 指定缓存过期时间(毫秒)
*/
public static void cache(String key, String value, long timeout) {
authCache.set(key, value, timeout);
}
/**
* 获取缓存内容
*
* @param key 缓存key
* @return 缓存内容
*/
public static String get(String key) {
return authCache.get(key);
}
/**
* 是否存在key如果对应key的value值已过期也返回false
*
* @param key 缓存key
* @return true存在key并且value没过期falsekey不存在或者已过期
*/
public static boolean containsKey(String key) {
return authCache.containsKey(key);
}
}

11
src/main/java/me/zhyd/oauth/model/AuthCallback.java
View File

@@ -2,6 +2,7 @@ package me.zhyd.oauth.model;
import lombok.Getter;
import lombok.Setter;
import me.zhyd.oauth.cache.AuthStateCache;
/**
* 授权回调时的参数类
@@ -27,4 +28,14 @@ public class AuthCallback {
* 访问AuthorizeUrl后回调时带的参数state用于和请求AuthorizeUrl前的state比较防止CSRF攻击
*/
private String state;
/**
* 内置的检验state合法性的方法
*
* @return true state正常falsestate不正常可能授权时间过长导致state失效
* @since 1.9.3
*/
public boolean checkState() {
return AuthStateCache.containsKey(this.state);
}
}

2
src/main/java/me/zhyd/oauth/request/AuthAlipayRequest.java
View File

@@ -85,7 +85,7 @@ public class AuthAlipayRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthBaiduRequest.java
View File

@@ -78,7 +78,7 @@ public class AuthBaiduRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthCodingRequest.java
View File

@@ -70,7 +70,7 @@ public class AuthCodingRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

13
src/main/java/me/zhyd/oauth/request/AuthDefaultRequest.java
View File

@@ -3,6 +3,7 @@ package me.zhyd.oauth.request;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import lombok.extern.slf4j.Slf4j;
import me.zhyd.oauth.cache.AuthStateCache;
import me.zhyd.oauth.config.AuthConfig;
import me.zhyd.oauth.config.AuthSource;
import me.zhyd.oauth.exception.AuthException;
@@ -10,6 +11,7 @@ import me.zhyd.oauth.model.*;
import me.zhyd.oauth.utils.AuthChecker;
import me.zhyd.oauth.utils.StringUtils;
import me.zhyd.oauth.utils.UrlBuilder;
import me.zhyd.oauth.utils.UuidUtils;
/**
* 默认的request处理类
@@ -60,7 +62,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
}
/**
* 返回认证url可自行跳转页面
* 返回授权url可自行跳转页面
* <p>
* 不建议使用该方式获取授权地址,不带{@code state}的授权地址容易受到csrf攻击。
* 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验
@@ -75,7 +77,7 @@ public abstract class AuthDefaultRequest implements AuthRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址
@@ -150,7 +152,12 @@ public abstract class AuthDefaultRequest implements AuthRequest {
* @return 返回不为null的state
*/
protected String getRealState(String state) {
return StringUtils.isEmpty(state) ? String.valueOf(System.currentTimeMillis()) : state;
if (StringUtils.isEmpty(state)) {
state = UuidUtils.getUUID();
}
// 缓存state
AuthStateCache.cache(state, state);
return state;
}
/**

2
src/main/java/me/zhyd/oauth/request/AuthDingTalkRequest.java
View File

@@ -57,7 +57,7 @@ public class AuthDingTalkRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthDouyinRequest.java
View File

@@ -88,7 +88,7 @@ public class AuthDouyinRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthGoogleRequest.java
View File

@@ -60,7 +60,7 @@ public class AuthGoogleRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthLinkedinRequest.java
View File

@@ -181,7 +181,7 @@ public class AuthLinkedinRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthMiRequest.java
View File

@@ -108,7 +108,7 @@ public class AuthMiRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthMicrosoftRequest.java
View File

@@ -101,7 +101,7 @@ public class AuthMicrosoftRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthPinterestRequest.java
View File

@@ -69,7 +69,7 @@ public class AuthPinterestRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

4
src/main/java/me/zhyd/oauth/request/AuthRequest.java
View File

@@ -13,7 +13,7 @@ import me.zhyd.oauth.model.AuthToken;
public interface AuthRequest {
/**
* 返回认证url可自行跳转页面
* 返回授权url可自行跳转页面
* <p>
* 不建议使用该方式获取授权地址,不带{@code state}的授权地址容易受到csrf攻击。
* 建议使用{@link AuthDefaultRequest#authorize(String)}方法生成授权地址,在回调方法中对{@code state}进行校验
@@ -26,7 +26,7 @@ public interface AuthRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthStackOverflowRequest.java
View File

@@ -67,7 +67,7 @@ public class AuthStackOverflowRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthTaobaoRequest.java
View File

@@ -54,7 +54,7 @@ public class AuthTaobaoRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthTencentCloudRequest.java
View File

@@ -70,7 +70,7 @@ public class AuthTencentCloudRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthToutiaoRequest.java
View File

@@ -64,7 +64,7 @@ public class AuthToutiaoRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

2
src/main/java/me/zhyd/oauth/request/AuthWeChatRequest.java
View File

@@ -99,7 +99,7 @@ public class AuthWeChatRequest extends AuthDefaultRequest {
}
/**
* 返回带{@code state}参数的认证url授权回调时会带上这个{@code state}
* 返回带{@code state}参数的授权url授权回调时会带上这个{@code state}
*
* @param state state 验证授权流程的参数可以防止csrf
* @return 返回授权地址

19
src/main/java/me/zhyd/oauth/utils/AuthStateUtils.java Normal file
View File

@@ -0,0 +1,19 @@
package me.zhyd.oauth.utils;
/**
* AuthState工具类默认只提供一个创建随机uuid的方法
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @since 1.9.3
*/
public class AuthStateUtils {
/**
* 生成随机state采用{@see https://github.com/lets-mica/mica}的UUID工具
*
* @return 随机的state字符串
*/
public static String createState() {
return UuidUtils.getUUID();
}
}

26
src/main/java/me/zhyd/oauth/utils/StringUtils.java
View File

@@ -1,9 +1,11 @@
package me.zhyd.oauth.utils;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.ThreadLocalRandom;
/**
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0
* @since 1.8
* @since 1.0.0
*/
public class StringUtils {
@@ -14,4 +16,24 @@ public class StringUtils {
public static boolean isNotEmpty(String str) {
return !isEmpty(str);
}
/**
* 如果给定字符串{@code str}中不包含{@code appendStr},则在{@code str}后追加{@code appendStr}
* 如果已包含{@code appendStr},则在{@code str}后追加{@code otherwise}
*
* @param str 给定的字符串
* @param appendStr 需要追加的内容
* @param otherwise 当{@code appendStr}不满足时追加到{@code str}后的内容
* @return 追加后的字符串
*/
public static String appendIfNotContain(String str, String appendStr, String otherwise) {
if (isEmpty(str) || isEmpty(appendStr)) {
return str;
}
if (str.contains(appendStr)) {
return str.concat(otherwise);
}
return str.concat(appendStr);
}
}

2
src/main/java/me/zhyd/oauth/utils/UrlBuilder.java
View File

@@ -71,7 +71,7 @@ public class UrlBuilder {
if (MapUtil.isEmpty(this.params)) {
return this.baseUrl;
}
String baseUrl = StrUtil.addSuffixIfNot(this.baseUrl, "?");
String baseUrl = StringUtils.appendIfNotContain(this.baseUrl, "?", "&");
String paramString = GlobalAuthUtil.parseMapToString(this.params, encode);
return baseUrl + paramString;
}

65
src/main/java/me/zhyd/oauth/utils/UuidUtils.java Normal file
View File

@@ -0,0 +1,65 @@
package me.zhyd.oauth.utils;
import java.nio.charset.StandardCharsets;
import java.util.concurrent.ThreadLocalRandom;
/**
* 高性能的创建UUID的工具类{@see https://github.com/lets-mica/mica}
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @since 1.9.3
*/
public class UuidUtils {
/**
* All possible chars for representing a number as a String
* copy from micahttps://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/NumberUtil.java#L113
*/
private final static byte[] DIGITS = {
'0', '1', '2', '3', '4', '5',
'6', '7', '8', '9', 'a', 'b',
'c', 'd', 'e', 'f', 'g', 'h',
'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't',
'u', 'v', 'w', 'x', 'y', 'z',
'A', 'B', 'C', 'D', 'E', 'F',
'G', 'H', 'I', 'J', 'K', 'L',
'M', 'N', 'O', 'P', 'Q', 'R',
'S', 'T', 'U', 'V', 'W', 'X',
'Y', 'Z'
};
/**
* 生成uuid采用 jdk 9 的形式,优化性能
* copy from micahttps://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java#L335
* <p>
* 关于mica uuid生成方式的压测结果可以参考https://github.com/lets-mica/mica-jmh/wiki/uuid
*
* @return UUID
*/
public static String getUUID() {
ThreadLocalRandom random = ThreadLocalRandom.current();
long lsb = random.nextLong();
long msb = random.nextLong();
byte[] buf = new byte[32];
formatUnsignedLong(lsb, buf, 20, 12);
formatUnsignedLong(lsb >>> 48, buf, 16, 4);
formatUnsignedLong(msb, buf, 12, 4);
formatUnsignedLong(msb >>> 16, buf, 8, 4);
formatUnsignedLong(msb >>> 32, buf, 0, 8);
return new String(buf, StandardCharsets.UTF_8);
}
/**
* copy from micahttps://github.com/lets-mica/mica/blob/master/mica-core/src/main/java/net/dreamlu/mica/core/utils/StringUtil.java#L348
*/
private static void formatUnsignedLong(long val, byte[] buf, int offset, int len) {
int charPos = offset + len;
int radix = 1 << 4;
int mask = radix - 1;
do {
buf[--charPos] = DIGITS[((int) val) & mask];
val >>>= 4;
} while (charPos > offset);
}
}