🍻 解决Issue #IY1QR 增加对Config属性的校验功能，主要校验redirect uri的合法性

2026-04-24 10:38:51 +08:00 · 2019-06-19 09:56:28 +08:00
parent e534a4b62e
commit f5de7f93b5
6 changed files with 49 additions and 5 deletions
--- a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java
@@ -1,6 +1,9 @@
 package me.zhyd.oauth.utils;

 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.request.ResponseStatus;

 /**
 * 授权配置类的校验器
@@ -15,9 +18,30 @@ public class AuthConfigChecker {
     * 是否支持第三方登录
     *
     * @param config config
+     * @param source source
     * @return true or false
     */
-    public static boolean isSupportedAuth(AuthConfig config) {
-        return StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+    public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
+        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+        if (isSupported && AuthSource.ALIPAY == source) {
+            isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
+        }
+        return isSupported;
+    }
+
+    /**
+     * 检查配置合法性。针对部分平台， 对redirect uri有特定要求。一般来说redirect uri都是http://，而对于facebook平台， redirect uri 必须是https的链接
+     *
+     * @param config config
+     * @param source source
+     */
+    public static void check(AuthConfig config, AuthSource source) {
+        String redirectUri = config.getRedirectUri();
+        if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) {
+            throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
+        }
+        if (AuthSource.FACEBOOK == source && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) {
+            throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
+        }
    }
 }
--- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java
+++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java
@@ -84,4 +84,18 @@ public class GlobalAuthUtil {
        }
        return res;
    }
+
+    public static boolean isHttpProtocol(String url) {
+        if (StringUtils.isEmpty(url)) {
+            return false;
+        }
+        return url.startsWith("http://");
+    }
+
+    public static boolean isHttpsProtocol(String url) {
+        if (StringUtils.isEmpty(url)) {
+            return false;
+        }
+        return url.startsWith("https://");
+    }
 }