添加用户封禁处理逻辑

2025-01-02 18:44:01 +08:00 · 2025-01-02 18:44:01 +08:00 · 14587dceaa
commit 14587dceaa
parent 0375eaad2c
4 changed files with 38 additions and 5 deletions
--- a/my-project-backend/src/main/java/com/example/config/SecurityConfiguration.java
+++ b/my-project-backend/src/main/java/com/example/config/SecurityConfiguration.java
@ -105,6 +105,10 @@ public class SecurityConfiguration {
        } else if(exceptionOrAuthentication instanceof Authentication authentication){
            User user = (User) authentication.getPrincipal();
            Account account = service.findAccountByNameOrEmail(user.getUsername());
+            if(account.isBanned()){
+                writer.write(RestBean.forbidden("登录失败，此账户已被封禁，请俩系管理员").asJsonString());
+                return;
+            }
            String jwt = utils.createJwt(user, account.getUsername(), account.getId());
            if(jwt == null) {
                writer.write(RestBean.forbidden("登录验证频繁，请稍后再试").asJsonString());
--- a/my-project-backend/src/main/java/com/example/controller/admin/AccountAdminController.java
+++ b/my-project-backend/src/main/java/com/example/controller/admin/AccountAdminController.java
@ -10,11 +10,15 @@ import com.example.entity.vo.response.AccountVO;
 import com.example.service.AccountDetailsService;
 import com.example.service.AccountPrivacyService;
 import com.example.service.AccountService;
+import com.example.utils.Const;
 import jakarta.annotation.Resource;
 import org.springframework.beans.BeanUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.web.bind.annotation.*;

 import java.util.List;
+import java.util.concurrent.TimeUnit;

@RestController
@RequestMapping("/api/admin/user")
@ -29,6 +33,12 @@ public class AccountAdminController {
    @Resource
    AccountPrivacyService privacyService;

+    @Resource
+    StringRedisTemplate template;
+
+    @Value("${spring.security.jwt.expire}")
+    private int expire;
+
    @GetMapping("/list")
    public RestBean<JSONObject> accountList(int page, int size) {
        JSONObject object = new JSONObject();
@ -55,6 +65,7 @@ public class AccountAdminController {
        int id = object.getInteger("id");
        Account account = service.findAccountById(id);
        Account save = object.toJavaObject(Account.class);
+        handleBanned(account, save);
        BeanUtils.copyProperties(save, account, "password", "registerTime");
        service.saveOrUpdate(account);
        AccountDetails details = detailsService.findAccountDetailsById(id);
@ -66,4 +77,13 @@ public class AccountAdminController {
        BeanUtils.copyProperties(savePrivacy, privacy);
        return RestBean.success();
    }
+
+    private void handleBanned(Account old, Account current) {
+        String key = Const.BANNED_BLOCK + old.getId();
+        if(old.isBanned() && !current.isBanned()) {
+            template.delete(key);
+        } else if(!old.isBanned() && current.isBanned()) {
+            template.opsForValue().set(key, "true", expire, TimeUnit.HOURS);
+        }
+    }
 }
--- a/my-project-backend/src/main/java/com/example/filter/JwtAuthenticationFilter.java
+++ b/my-project-backend/src/main/java/com/example/filter/JwtAuthenticationFilter.java
@ -8,6 +8,7 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
@ -27,6 +28,9 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
    @Resource
    JwtUtils utils;

+    @Resource
+    private StringRedisTemplate template;
+
    @Override
    protected void doFilterInternal(HttpServletRequest request,
                                    HttpServletResponse response,
@ -35,11 +39,15 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
        DecodedJWT jwt = utils.resolveJwt(authorization);
        if(jwt != null) {
            UserDetails user = utils.toUser(jwt);
-            UsernamePasswordAuthenticationToken authentication =
-                    new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
-            authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-            SecurityContextHolder.getContext().setAuthentication(authentication);
-            request.setAttribute(Const.ATTR_USER_ID, utils.toId(jwt));
+            if(!template.hasKey(Const.BANNED_BLOCK + utils.toId(jwt))) {
+                UsernamePasswordAuthenticationToken authentication =
+                        new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
+                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+                request.setAttribute(Const.ATTR_USER_ID, utils.toId(jwt));
+            } else {
+                utils.invalidateJwt(authorization);
+            }
        }
        filterChain.doFilter(request, response);
    }
--- a/my-project-backend/src/main/java/com/example/utils/Const.java
+++ b/my-project-backend/src/main/java/com/example/utils/Const.java
@ -10,6 +10,7 @@ public final class Const {
    //请求频率限制
    public final static String FLOW_LIMIT_COUNTER = "flow:counter:";
    public final static String FLOW_LIMIT_BLOCK = "flow:block:";
+    public final static String BANNED_BLOCK = "banned:block:";
    //邮件验证码
    public final static String VERIFY_EMAIL_LIMIT = "verify:email:limit:";
    public final static String VERIFY_EMAIL_DATA = "verify:email:data:";