🍻 解决Issue #IY1QR 增加对Config属性的校验功能，主要校验redirect uri的合法性

2026-01-07 19:31:48 +08:00 · 2019-06-19 09:56:28 +08:00 · 2019-06-19 09:56:28 +08:00 · f5de7f93b5
commit f5de7f93b5
parent e534a4b62e
6 changed files with 49 additions and 5 deletions
--- a/src/main/java/me/zhyd/oauth/authorization/AuthorizationFactory.java
+++ b/src/main/java/me/zhyd/oauth/authorization/AuthorizationFactory.java
@ -10,7 +10,7 @@ import java.util.Map;
 /**
 * 授权工厂类，负责创建指定平台的授权类获取授权地址
 * <p>
- * 使用策略模式 + 工厂模式 避免大量的if else（swatch）操作
+ * 使用策略模式 + 工厂模式 避免大量的if else（switch）操作
 *
 * @author yadong.zhang (yadong.zhang0415(a)gmail.com)
 * @version 1.0
--- a/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
+++ b/src/main/java/me/zhyd/oauth/request/BaseAuthRequest.java
@ -23,9 +23,11 @@ public abstract class BaseAuthRequest implements AuthRequest {
    public BaseAuthRequest(AuthConfig config, AuthSource source) {
        this.config = config;
        this.source = source;
-        if (!AuthConfigChecker.isSupportedAuth(config)) {
+        if (!AuthConfigChecker.isSupportedAuth(config, source)) {
            throw new AuthException(ResponseStatus.PARAMETER_INCOMPLETE);
        }
+        // 校验配置合法性
+        AuthConfigChecker.check(config, source);
    }

    protected abstract AuthToken getAccessToken(String code);
--- a/src/main/java/me/zhyd/oauth/request/ResponseStatus.java
+++ b/src/main/java/me/zhyd/oauth/request/ResponseStatus.java
@ -13,6 +13,7 @@ public enum ResponseStatus {
    UNSUPPORTED(5003, "Unsupported operation"),
    NO_AUTH_SOURCE(5004, "AuthSource cannot be null"),
    UNIDENTIFIED_PLATFORM(5005, "Unidentified platform"),
+    ILLEGAL_REDIRECT_URI(5006, "Illegal redirect uri"),
    ;

    private int code;
--- a/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java
+++ b/src/main/java/me/zhyd/oauth/utils/AuthConfigChecker.java
@ -1,6 +1,9 @@
 package me.zhyd.oauth.utils;

 import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.exception.AuthException;
+import me.zhyd.oauth.model.AuthSource;
+import me.zhyd.oauth.request.ResponseStatus;

 /**
 * 授权配置类的校验器
@ -15,9 +18,30 @@ public class AuthConfigChecker {
     * 是否支持第三方登录
     *
     * @param config config
+     * @param source source
     * @return true or false
     */
-    public static boolean isSupportedAuth(AuthConfig config) {
-        return StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+    public static boolean isSupportedAuth(AuthConfig config, AuthSource source) {
+        boolean isSupported = StringUtils.isNotEmpty(config.getClientId()) && StringUtils.isNotEmpty(config.getClientSecret()) && StringUtils.isNotEmpty(config.getRedirectUri());
+        if (isSupported && AuthSource.ALIPAY == source) {
+            isSupported = StringUtils.isNotEmpty(config.getAlipayPublicKey());
+        }
+        return isSupported;
+    }
+
+    /**
+     * 检查配置合法性。针对部分平台， 对redirect uri有特定要求。一般来说redirect uri都是http://，而对于facebook平台， redirect uri 必须是https的链接
+     *
+     * @param config config
+     * @param source source
+     */
+    public static void check(AuthConfig config, AuthSource source) {
+        String redirectUri = config.getRedirectUri();
+        if (!GlobalAuthUtil.isHttpProtocol(redirectUri) && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) {
+            throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
+        }
+        if (AuthSource.FACEBOOK == source && !GlobalAuthUtil.isHttpsProtocol(redirectUri)) {
+            throw new AuthException(ResponseStatus.ILLEGAL_REDIRECT_URI);
+        }
    }
 }
--- a/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java
+++ b/src/main/java/me/zhyd/oauth/utils/GlobalAuthUtil.java
@ -84,4 +84,18 @@ public class GlobalAuthUtil {
        }
        return res;
    }
+
+    public static boolean isHttpProtocol(String url) {
+        if (StringUtils.isEmpty(url)) {
+            return false;
+        }
+        return url.startsWith("http://");
+    }
+
+    public static boolean isHttpsProtocol(String url) {
+        if (StringUtils.isEmpty(url)) {
+            return false;
+        }
+        return url.startsWith("https://");
+    }
 }
--- a/update.md
+++ b/update.md
@ -1,6 +1,9 @@
 ### 2019/06/18
 1. 解决Issue [#IY2HW](https://gitee.com/yadong.zhang/JustAuth/issues/IY2HW)
-1. 解决Issue [#IY2OH](https://gitee.com/yadong.zhang/JustAuth/issues/IY2OH)
+2. 解决Issue [#IY2OH](https://gitee.com/yadong.zhang/JustAuth/issues/IY2OH)
+3. 解决Issue [#IY2FV](https://gitee.com/yadong.zhang/JustAuth/issues/IY2FV)
+4. 修复部分注释、拼写错误
+5. 解决Issue [#IY1QR](https://gitee.com/yadong.zhang/JustAuth/issues/IY1QR) 增加对Config属性的校验功能，主要校验redirect uri的合法性

 ### 2019/06/06
 1. 增加今日头条的授权登陆