⚡ 增加租户账号授权码保护机制，防止私有部署客户篡改数据库增加账号时间和账号额度

5 years ago · 57f7d9343a
9 changed files with 83 additions and 8 deletions
--- a/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
+++ b/blade-auth/src/main/java/org/springblade/auth/utils/TokenUtil.java
@ -17,8 +17,11 @@
 package org.springblade.auth.utils;

 import lombok.SneakyThrows;
+import org.springblade.common.constant.TenantConstant;
 import org.springblade.core.launch.constant.TokenConstant;
+import org.springblade.core.tenant.BladeTenantProperties;
 import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
 import org.springblade.core.tool.utils.*;
 import org.springblade.system.entity.Tenant;
 import org.springframework.security.authentication.BadCredentialsException;
@ -69,6 +72,20 @@ public class TokenUtil {
 	public final static String HEADER_PREFIX = "Basic ";
 	public final static String DEFAULT_AVATAR = "";

+	private static BladeTenantProperties tenantProperties;
+
+	/**
+	 * 获取租户配置
+	 *
+	 * @return tenantProperties
+	 */
+	private static BladeTenantProperties getTenantProperties() {
+		if (tenantProperties == null) {
+			tenantProperties = SpringUtil.getBean(BladeTenantProperties.class);
+		}
+		return tenantProperties;
+	}
+
 	/**
 	 * 解码
 	 */
@ -143,6 +160,11 @@ public class TokenUtil {
 			return false;
 		}
 		Date expireTime = tenant.getExpireTime();
+		if (getTenantProperties().getLicense()) {
+			String licenseKey = tenant.getLicenseKey();
+			String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
+			expireTime = JsonUtil.parse(decrypt, Tenant.class).getExpireTime();
+		}
 		if (expireTime != null && expireTime.before(DateUtil.now())) {
 			throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
 		}
--- a/blade-common/src/main/java/org/springblade/common/constant/TenantConstant.java
+++ b/blade-common/src/main/java/org/springblade/common/constant/TenantConstant.java
@ -40,15 +40,22 @@ public interface TenantConstant {
 	 * 租户默认菜单集合KEY
 	 */
 	String ACCOUNT_MENU_CODE_KEY = "tenant.default.menuCode";
+
 	/**
 	 * 租户默认密码
 	 */
 	String DEFAULT_PASSWORD = "123456";

+	/**
+	 * 租户授权码默认16位密钥
+	 */
+	String DES_KEY = "0000000000000000";
+
 	/**
 	 * 租户默认账号额度
 	 */
 	Integer DEFAULT_ACCOUNT_NUMBER = -1;
+
 	/**
 	 * 租户默认菜单集合
 	 */
--- a/blade-service-api/blade-system-api/src/main/java/org/springblade/system/entity/Tenant.java
+++ b/blade-service-api/blade-system-api/src/main/java/org/springblade/system/entity/Tenant.java
@ -88,6 +88,11 @@ public class Tenant extends BaseEntity {
 	@JsonFormat(pattern = DateUtil.PATTERN_DATETIME)
 	@ApiModelProperty(value = "过期时间")
 	private Date expireTime;
+	/**
+	 * 授权码
+	 */
+	@ApiModelProperty(value = "授权码")
+	private String licenseKey;


 }
--- a/blade-service/blade-system/src/main/java/org/springblade/system/controller/TenantController.java
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/controller/TenantController.java
@ -147,14 +147,7 @@ public class TenantController extends BladeController {
 	@ApiOperation(value = "授权配置", notes = "传入ids,accountNumber,expireTime")
 	@PreAuth(RoleConstant.HAS_ROLE_ADMINISTRATOR)
 	public R setting(@ApiParam(value = "主键集合", required = true) @RequestParam String ids, @ApiParam(value = "账号额度") Integer accountNumber, @ApiParam(value = "过期时间") Date expireTime) {
-		CacheUtil.clear(SYS_CACHE);
-		boolean temp = tenantService.update(
-			Wrappers.<Tenant>update().lambda()
-				.set(Tenant::getAccountNumber, accountNumber)
-				.set(Tenant::getExpireTime, expireTime)
-				.in(Tenant::getId, Func.toLongList(ids))
-		);
-		return R.status(temp);
+		return R.status(tenantService.setting(accountNumber, expireTime, ids));
 	}

 	/**
--- a/blade-service/blade-system/src/main/java/org/springblade/system/mapper/TenantMapper.xml
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/mapper/TenantMapper.xml
@ -20,6 +20,7 @@
        <result column="address" property="address"/>
        <result column="account_number" property="accountNumber"/>
        <result column="expire_time" property="expireTime"/>
+        <result column="license_key" property="licenseKey"/>
    </resultMap>


--- a/blade-service/blade-system/src/main/java/org/springblade/system/service/ITenantService.java
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/service/ITenantService.java
@ -20,6 +20,7 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import org.springblade.core.mp.base.BaseService;
 import org.springblade.system.entity.Tenant;

+import java.util.Date;
 import java.util.List;

 /**
@ -62,4 +63,14 @@ public interface ITenantService extends BaseService<Tenant> {
 	 */
 	boolean removeTenant(List<Long> ids);

+	/**
+	 * 配置租户授权
+	 *
+	 * @param accountNumber
+	 * @param expireTime
+	 * @param ids
+	 * @return
+	 */
+	boolean setting(Integer accountNumber, Date expireTime, String ids);
+
 }
--- a/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/TenantServiceImpl.java
+++ b/blade-service/blade-system/src/main/java/org/springblade/system/service/impl/TenantServiceImpl.java
@ -16,14 +16,20 @@
 */
 package org.springblade.system.service.impl;

+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import lombok.AllArgsConstructor;
+import org.springblade.core.cache.utils.CacheUtil;
 import org.springblade.core.log.exception.ServiceException;
 import org.springblade.core.mp.base.BaseServiceImpl;
+import org.springblade.core.tenant.BladeTenantProperties;
 import org.springblade.core.tenant.TenantId;
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
+import org.springblade.core.tool.support.Kv;
+import org.springblade.core.tool.utils.DesUtil;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.core.tool.utils.StringUtil;
 import org.springblade.system.cache.ParamCache;
@ -42,6 +48,7 @@ import java.util.List;
 import java.util.stream.Collectors;

 import static org.springblade.common.constant.TenantConstant.*;
+import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE;

 /**
 * 服务实现类
@ -60,6 +67,7 @@ public class TenantServiceImpl extends BaseServiceImpl<TenantMapper, Tenant> imp
 	private final IRoleMenuService roleMenuService;
 	private final IDictBizService dictBizService;
 	private final IUserClient userClient;
+	private final BladeTenantProperties tenantProperties;

 	@Override
 	public IPage<Tenant> selectTenantPage(IPage<Tenant> page, Tenant tenant) {
@ -172,6 +180,24 @@ public class TenantServiceImpl extends BaseServiceImpl<TenantMapper, Tenant> imp
 		return tenantTemp;
 	}

+	@Override
+	public boolean setting(Integer accountNumber, Date expireTime, String ids) {
+		CacheUtil.clear(SYS_CACHE);
+		Func.toLongList(ids).forEach(id -> {
+			LambdaUpdateWrapper<Tenant> luw = Wrappers.<Tenant>update().lambda()
+				.set(Tenant::getAccountNumber, accountNumber)
+				.set(Tenant::getExpireTime, expireTime)
+				.eq(Tenant::getId, id);
+			if (tenantProperties.getLicense()) {
+				Kv kv = Kv.create().set("accountNumber", accountNumber).set("expireTime", expireTime).set("id", id);
+				String licenseKey = DesUtil.encryptToHex(JsonUtil.toJson(kv), DES_KEY);
+				luw.set(Tenant::getLicenseKey, licenseKey);
+			}
+			update(luw);
+		});
+		return true;
+	}
+
 	private String getTenantId(List<String> codes) {
 		String code = tenantId.generate();
 		if (codes.contains(code)) {
--- a/blade-service/blade-user/src/main/java/org/springblade/system/user/service/impl/UserServiceImpl.java
+++ b/blade-service/blade-user/src/main/java/org/springblade/system/user/service/impl/UserServiceImpl.java
@ -23,11 +23,14 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.exceptions.ApiException;
 import lombok.AllArgsConstructor;
 import org.springblade.common.constant.CommonConstant;
+import org.springblade.common.constant.TenantConstant;
 import org.springblade.core.log.exception.ServiceException;
 import org.springblade.core.mp.base.BaseServiceImpl;
 import org.springblade.core.secure.utils.AuthUtil;
+import org.springblade.core.tenant.BladeTenantProperties;
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
 import org.springblade.core.tool.utils.*;
 import org.springblade.system.cache.ParamCache;
 import org.springblade.system.cache.SysCache;
@ -66,6 +69,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, User> implement
 	private final IUserDeptService userDeptService;
 	private final IUserOauthService userOauthService;
 	private final ISysClient sysClient;
+	private final BladeTenantProperties tenantProperties;

 	@Override
 	@Transactional(rollbackFor = Exception.class)
@ -77,6 +81,11 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, User> implement
 		Tenant tenant = SysCache.getTenant(tenantId);
 		if (Func.isNotEmpty(tenant)) {
 			Integer accountNumber = tenant.getAccountNumber();
+			if (tenantProperties.getLicense()) {
+				String licenseKey = tenant.getLicenseKey();
+				String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
+				accountNumber = JsonUtil.parse(decrypt, Tenant.class).getAccountNumber();
+			}
 			Integer tenantCount = baseMapper.selectCount(Wrappers.<User>query().lambda().eq(User::getTenantId, tenantId));
 			if (accountNumber != null && accountNumber > 0 && accountNumber <= tenantCount) {
 				throw new ServiceException("当前租户已到最大账号额度!");
--- a/doc/nacos/blade.yaml
+++ b/doc/nacos/blade.yaml
@ -86,6 +86,7 @@ blade:
          - /saber/**
  tenant:
    enhance: true
+    license: false
    column: tenant_id
    exclude-tables:
      - blade_user