海南加入10分钟不操作拦截

src/main/java/org/springblade/common/config/BladeConfiguration.java

@@ -17,8 +17,10 @@ package org.springblade.common.config;
 
 
 import org.springblade.core.secure.registry.SecureRegistry;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -30,6 +32,9 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @Configuration
 public class BladeConfiguration implements WebMvcConfigurer {
 
+	@Autowired
+	private UserHandlerConfig userHandlerConfig;
+
 	@Bean
 	public SecureRegistry secureRegistry() {
 		SecureRegistry secureRegistry = new SecureRegistry();
@@ -83,4 +88,10 @@ public class BladeConfiguration implements WebMvcConfigurer {
 			.addResourceLocations("classpath:/META-INF/resources/webjars/");
 	}
 
+	@Override
+	public void addInterceptors(InterceptorRegistry registry) {
+		registry.addInterceptor(userHandlerConfig)
+			.excludePathPatterns(secureRegistry().getExcludePatterns());
+	}
+
 }

src/main/java/org/springblade/common/config/UserHandlerConfig.java

+package org.springblade.common.config;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springblade.core.secure.utils.SecureUtil;
+import org.springblade.core.tool.api.R;
+import org.springblade.core.tool.api.ResultCode;
+import org.springblade.core.tool.jackson.JsonUtil;
+import org.springblade.core.tool.utils.WebUtil;
+import org.springblade.modules.system.entity.XzxtUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * 重写用户登录拦截
+ * @auther: Lilei
+ * @date: 2023/3/7 10:40
+ */
+@Component
+public class UserHandlerConfig implements HandlerInterceptor {
+
+	@Autowired
+	private RedisTemplate<String,String> redisTemplate;
+
+	private static final Logger log = LoggerFactory.getLogger(UserHandlerConfig.class);
+
+	@Override
+	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+		XzxtUser user = SecureUtil.getUserXzxt();
+		if (null != user) {
+			ValueOperations<String,String> ops = redisTemplate.opsForValue();
+			String key = "appUserIdleTime:" + user.getIdentitycard();
+			if (!"1".equals(ops.get(key))){
+				log.warn("用户十分钟未操作，请求接口：{}，请求IP：{}，请求参数：{}", new Object[]{request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap())});
+				R result = R.fail(ResultCode.REQ_REJECT,"用户十分钟未操作");
+				errorResult(response,JsonUtil.toJson(result));
+				return false;
+			}
+			ops.set(key, "1", 10, TimeUnit.MINUTES);//存入redis并设置过期时间
+			return true;
+		} else {
+			log.warn("签名认证失败，请求接口：{}，请求IP：{}，请求参数：{}", new Object[]{request.getRequestURI(), WebUtil.getIP(request), JsonUtil.toJson(request.getParameterMap())});
+			R result = R.fail(ResultCode.UN_AUTHORIZED);
+			errorResult(response,JsonUtil.toJson(result));
+			return false;
+		}
+	}
+
+	private void errorResult(HttpServletResponse response,String message){
+		response.setCharacterEncoding("UTF-8");
+		response.setHeader("Content-type", "application/json");
+		response.setStatus(200);
+		try {
+			response.getWriter().write(Objects.requireNonNull(message));
+		} catch (IOException var6) {
+			log.error(var6.getMessage());
+		}
+	}
+
+	public UserHandlerConfig() {
+
+	}
+
+}

src/main/java/org/springblade/modules/auth/controller/AuthController.java

@@ -44,8 +44,12 @@ import org.springblade.modules.system.entity.UserInfoResult;
 import org.springblade.modules.system.service.IUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.ValueOperations;
+import org.springframework.data.redis.serializer.StringRedisSerializer;
 import org.springframework.web.bind.annotation.*;
 
+import javax.annotation.Resource;
 import java.net.URLDecoder;
 import java.util.UUID;
 import java.util.concurrent.TimeUnit;
@@ -68,6 +72,9 @@ public class AuthController {
 	@Value("${secretKey}")
 	private String secretKey;
 
+	@Autowired
+	private RedisTemplate<String,String> redisTemplate;
+
 	@PostMapping("token")
 	@ApiOperation(value = "获取认证token", notes = "传入租户ID:tenantId,账号:account,密码:password")
 	@LogOper(czxxLbdm = "05", yymcJyqk = "0701", czxxJyqk = "登陆")
@@ -96,7 +103,10 @@ public class AuthController {
 		if (userInfo.getPermissions() == null || userInfo.getPermissions().size() == 0){
 			return R.fail(TokenUtil.USER_NOT_PERMISSIONS);
 		}
-
+		redisTemplate.setKeySerializer(new StringRedisSerializer());
+		ValueOperations<String,String> ops = redisTemplate.opsForValue();
+		String key = "appUserIdleTime:" + userInfo.getUser().getIdentitycard();
+		ops.set(key, "1", 10, TimeUnit.MINUTES);//存入redis并设置过期时间
 		return R.data(TokenUtil.createAuthInfo(userInfo));
 	}