Merge pull request #231 from orangebabu/main

添加state校验
2025-12-06 17:08:29 +08:00 · 2024-08-19 15:19:27 +08:00 · 2024-08-19 15:19:27 +08:00 · b7b0cd21c6
commit b7b0cd21c6
parent 7fa219a3dc da9a0387c1
3 changed files with 27 additions and 13 deletions
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/ScanCode.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/dromara/maxkey/authn/ScanCode.java
@ -15,6 +15,9 @@ public class ScanCode {
    @NotEmpty(message = "登录方式不能为空")
    String authType;

+    @NotEmpty(message = "state不能为空")
+    String state;
+
    public @NotEmpty(message = "二维码内容不能为空") String getCode() {
        return code;
    }
@ -30,4 +33,12 @@ public class ScanCode {
    public void setAuthType(@NotEmpty(message = "登录方式不能为空") String authType) {
        this.authType = authType;
    }
+
+    public @NotEmpty(message = "state不能为空") String getState() {
+        return state;
+    }
+
+    public void setState(@NotEmpty(message = "state不能为空") String state) {
+        this.state = state;
+    }
 }
--- a/maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/app/routes/passport/login/login.component.ts
@ -332,6 +332,7 @@ export class UserLoginComponent implements OnInit, OnDestroy {
      this.qrCodeService.loginByQrCode({
        authType: 'scancode',
        code: this.ticket,
+        state: this.state,
      }).subscribe(res => {
        if (res.code === 0) {
          this.qrexpire = true;
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/dromara/maxkey/web/contorller/LoginEntryPoint.java
@ -296,25 +296,27 @@ public class LoginEntryPoint {

 	@Operation(summary = "web二维码登录", description = "web二维码登录", method = "POST")
 	@PostMapping("/sign/qrcode")
-	public Message<AuthJwt> signByQrcode( HttpServletRequest request,
-										  HttpServletResponse response,
-										  @Validated @RequestBody ScanCode scanCode) {
+	public Message<AuthJwt> signByQrcode(@Validated @RequestBody ScanCode scanCode) {
 		LoginCredential loginCredential = new LoginCredential();
 		loginCredential.setAuthType(scanCode.getAuthType());
 		loginCredential.setUsername(scanCode.getCode());

-		try {
-			Authentication authentication = authenticationProvider.authenticate(loginCredential);
-			if (Objects.nonNull(authentication)) {
-				//success
-				AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
-				return new Message<>(authJwt);
-			} else {
-				return new Message<>(Message.FAIL, "尚未扫码");
+		if(authTokenService.validateJwtToken(scanCode.getState())){
+			try {
+				Authentication authentication = authenticationProvider.authenticate(loginCredential);
+				if (Objects.nonNull(authentication)) {
+					//success
+					AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
+					return new Message<>(authJwt);
+				} else {
+					return new Message<>(Message.FAIL, "尚未扫码");
+				}
+			} catch (BusinessException businessException) {
+				return new Message<>(businessException.getCode(), businessException.getMessage());
 			}
-		} catch (BusinessException businessException) {
-			return new Message<>(businessException.getCode(), businessException.getMessage());
 		}
+
+		return new Message<>(Message.FAIL);
 	}

 	@Operation(summary = "app扫描二维码", description = "扫描二维码登录", method = "POST")