⬆️ 升级 JustAuth -> 1.8.1 完成，支持 state 校验

fashionzzZ · Jul 16, 2019 · 9d2ca4d · 9d2ca4d
1 parent 34c0047
commit 9d2ca4d
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 45 deletions.
diff --git a/spring-boot-demo-social/README.md b/spring-boot-demo-social/README.md
@@ -267,7 +267,7 @@ $ nginx -s reload
     <dependency>
       <groupId>me.zhyd.oauth</groupId>
       <artifactId>JustAuth</artifactId>
-      <version>1.6.0-beta</version>
+      <version>1.8.1</version>
     </dependency>
 
     <dependency>
@@ -440,57 +440,73 @@ public class OauthController {
      * 登录成功后的回调
      *
      * @param oauthType 第三方登录类型
-     * @param code      携带的授权码
+     * @param callback  携带返回的信息
      * @return 登录成功后的信息
      */
     @RequestMapping("/{oauthType}/callback")
-    public AuthResponse login(@PathVariable String oauthType, String code) {
+    public AuthResponse login(@PathVariable String oauthType, AuthCallback callback) {
         AuthRequest authRequest = getAuthRequest(oauthType);
-        return authRequest.login(code);
+        AuthResponse response = authRequest.login(callback);
+        // 移除校验通过的state
+        AuthState.delete(oauthType);
+        return response;
     }
 
     private AuthRequest getAuthRequest(String oauthType) {
         AuthSource authSource = AuthSource.valueOf(oauthType.toUpperCase());
+        String state = AuthState.create(oauthType);
         switch (authSource) {
             case QQ:
-                return getQqAuthRequest();
+                return getQqAuthRequest(state);
             case GITHUB:
-                return getGithubAuthRequest();
+                return getGithubAuthRequest(state);
             case WECHAT:
-                return getWechatAuthRequest();
+                return getWechatAuthRequest(state);
             case GOOGLE:
-                return getGoogleAuthRequest();
+                return getGoogleAuthRequest(state);
             case MICROSOFT:
-                return getMicrosoftAuthRequest();
+                return getMicrosoftAuthRequest(state);
             case MI:
-                return getMiAuthRequest();
+                return getMiAuthRequest(state);
             default:
                 throw new RuntimeException("暂不支持的第三方登录");
         }
     }
 
-    private AuthRequest getQqAuthRequest() {
-        return new AuthQqRequest(properties.getQq());
+    private AuthRequest getQqAuthRequest(String state) {
+        AuthConfig authConfig = properties.getQq();
+        authConfig.setState(state);
+        return new AuthQqRequest(authConfig);
     }
 
-    private AuthRequest getGithubAuthRequest() {
-        return new AuthGithubRequest(properties.getGithub());
+    private AuthRequest getGithubAuthRequest(String state) {
+        AuthConfig authConfig = properties.getGithub();
+        authConfig.setState(state);
+        return new AuthGithubRequest(authConfig);
     }
 
-    private AuthRequest getWechatAuthRequest() {
-        return new AuthWeChatRequest(properties.getWechat());
+    private AuthRequest getWechatAuthRequest(String state) {
+        AuthConfig authConfig = properties.getWechat();
+        authConfig.setState(state);
+        return new AuthWeChatRequest(authConfig);
     }
 
-    private AuthRequest getGoogleAuthRequest() {
-        return new AuthGoogleRequest(properties.getGoogle());
+    private AuthRequest getGoogleAuthRequest(String state) {
+        AuthConfig authConfig = properties.getGoogle();
+        authConfig.setState(state);
+        return new AuthGoogleRequest(authConfig);
     }
 
-    private AuthRequest getMicrosoftAuthRequest() {
-        return new AuthMicrosoftRequest(properties.getMicrosoft());
+    private AuthRequest getMicrosoftAuthRequest(String state) {
+        AuthConfig authConfig = properties.getMicrosoft();
+        authConfig.setState(state);
+        return new AuthMicrosoftRequest(authConfig);
     }
 
-    private AuthRequest getMiAuthRequest() {
-        return new AuthMiRequest(properties.getMi());
+    private AuthRequest getMiAuthRequest(String state) {
+        AuthConfig authConfig = properties.getMi();
+        authConfig.setState(state);
+        return new AuthMiRequest(authConfig);
     }
 }
 ```

diff --git a/spring-boot-demo-social/pom.xml b/spring-boot-demo-social/pom.xml
@@ -39,7 +39,7 @@
     <dependency>
       <groupId>me.zhyd.oauth</groupId>
       <artifactId>JustAuth</artifactId>
-      <version>1.6.0-beta</version>
+      <version>1.8.1</version>
     </dependency>
 
     <dependency>

diff --git a/spring-boot-demo-social/src/main/java/com/xkcoding/social/controller/OauthController.java b/spring-boot-demo-social/src/main/java/com/xkcoding/social/controller/OauthController.java
@@ -3,9 +3,12 @@
 import cn.hutool.core.lang.Dict;
 import com.xkcoding.social.props.OAuthProperties;
 import lombok.RequiredArgsConstructor;
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.config.AuthSource;
+import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
-import me.zhyd.oauth.model.AuthSource;
 import me.zhyd.oauth.request.*;
+import me.zhyd.oauth.utils.AuthState;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -65,56 +68,72 @@ public void renderAuth(@PathVariable String oauthType, HttpServletResponse respo
      * 登录成功后的回调
      *
      * @param oauthType 第三方登录类型
-     * @param code      携带的授权码
+     * @param callback  携带返回的信息
      * @return 登录成功后的信息
      */
     @RequestMapping("/{oauthType}/callback")
-    public AuthResponse login(@PathVariable String oauthType, String code) {
+    public AuthResponse login(@PathVariable String oauthType, AuthCallback callback) {
         AuthRequest authRequest = getAuthRequest(oauthType);
-        return authRequest.login(code);
+        AuthResponse response = authRequest.login(callback);
+        // 移除校验通过的state
+        AuthState.delete(oauthType);
+        return response;
     }
 
     private AuthRequest getAuthRequest(String oauthType) {
         AuthSource authSource = AuthSource.valueOf(oauthType.toUpperCase());
+        String state = AuthState.create(oauthType);
         switch (authSource) {
             case QQ:
-                return getQqAuthRequest();
+                return getQqAuthRequest(state);
             case GITHUB:
-                return getGithubAuthRequest();
+                return getGithubAuthRequest(state);
             case WECHAT:
-                return getWechatAuthRequest();
+                return getWechatAuthRequest(state);
             case GOOGLE:
-                return getGoogleAuthRequest();
+                return getGoogleAuthRequest(state);
             case MICROSOFT:
-                return getMicrosoftAuthRequest();
+                return getMicrosoftAuthRequest(state);
             case MI:
-                return getMiAuthRequest();
+                return getMiAuthRequest(state);
             default:
                 throw new RuntimeException("暂不支持的第三方登录");
         }
     }
 
-    private AuthRequest getQqAuthRequest() {
-        return new AuthQqRequest(properties.getQq());
+    private AuthRequest getQqAuthRequest(String state) {
+        AuthConfig authConfig = properties.getQq();
+        authConfig.setState(state);
+        return new AuthQqRequest(authConfig);
     }
 
-    private AuthRequest getGithubAuthRequest() {
-        return new AuthGithubRequest(properties.getGithub());
+    private AuthRequest getGithubAuthRequest(String state) {
+        AuthConfig authConfig = properties.getGithub();
+        authConfig.setState(state);
+        return new AuthGithubRequest(authConfig);
     }
 
-    private AuthRequest getWechatAuthRequest() {
-        return new AuthWeChatRequest(properties.getWechat());
+    private AuthRequest getWechatAuthRequest(String state) {
+        AuthConfig authConfig = properties.getWechat();
+        authConfig.setState(state);
+        return new AuthWeChatRequest(authConfig);
     }
 
-    private AuthRequest getGoogleAuthRequest() {
-        return new AuthGoogleRequest(properties.getGoogle());
+    private AuthRequest getGoogleAuthRequest(String state) {
+        AuthConfig authConfig = properties.getGoogle();
+        authConfig.setState(state);
+        return new AuthGoogleRequest(authConfig);
     }
 
-    private AuthRequest getMicrosoftAuthRequest() {
-        return new AuthMicrosoftRequest(properties.getMicrosoft());
+    private AuthRequest getMicrosoftAuthRequest(String state) {
+        AuthConfig authConfig = properties.getMicrosoft();
+        authConfig.setState(state);
+        return new AuthMicrosoftRequest(authConfig);
     }
 
-    private AuthRequest getMiAuthRequest() {
-        return new AuthMiRequest(properties.getMi());
+    private AuthRequest getMiAuthRequest(String state) {
+        AuthConfig authConfig = properties.getMi();
+        authConfig.setState(state);
+        return new AuthMiRequest(authConfig);
     }
 }