feat: 优化授权码登录 (#5914)

Author: KouShenhai

laokou-cloud/laokou-gateway/src/main/resources/application.yml

@@ -40,7 +40,7 @@ server:
     key-password: laokou
   http2:
     enabled: false
-  forward-headers-strategy: native
+  forward-headers-strategy: framework
   # 优雅停机
   shutdown: graceful
   netty:
@@ -199,7 +199,6 @@ request-matcher:
       - /doc.html=laokou-gateway
       - /webjars/**=laokou-gateway
       - /ws=laokou-gateway
-      - /api/login=laokou-gateway
     POST:
       - /api/v1/captchas/send/mail=laokou-gateway
       - /api/v1/captchas/send/mobile=laokou-gateway

laokou-common/laokou-common-oss/src/main/java/org/laokou/common/oss/template/MinIOStorage.java

@@ -19,24 +19,16 @@
 
 import io.minio.BucketExistsArgs;
 import io.minio.GetPresignedObjectUrlArgs;
+import io.minio.Http;
 import io.minio.MakeBucketArgs;
 import io.minio.MinioClient;
 import io.minio.PutObjectArgs;
-import io.minio.errors.ErrorResponseException;
-import io.minio.errors.InsufficientDataException;
-import io.minio.errors.InternalException;
-import io.minio.errors.InvalidResponseException;
-import io.minio.errors.ServerException;
-import io.minio.errors.XmlParserException;
-import io.minio.http.Method;
+import io.minio.errors.MinioException;
 import org.laokou.common.i18n.common.exception.BizException;
 import org.laokou.common.oss.model.BaseOss;
 import org.laokou.common.oss.model.FileInfo;
 import org.laokou.common.oss.model.MinIO;
 
-import java.io.IOException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
 import java.util.concurrent.TimeUnit;
 
 /**
@@ -61,9 +53,7 @@ protected MinioClient getObj() {
 	}
 
 	@Override
-	protected void checkBucket(MinioClient minioClient) throws ServerException, InsufficientDataException,
-			ErrorResponseException, IOException, NoSuchAlgorithmException, InvalidKeyException,
-			InvalidResponseException, XmlParserException, InternalException {
+	protected void checkBucket(MinioClient minioClient) throws MinioException {
 		String bucketName = this.minIO.getBucketName();
 		boolean isExist = minioClient.bucketExists(BucketExistsArgs.builder().bucket(bucketName).build());
 		if (!isExist) {
@@ -73,35 +63,29 @@ protected void checkBucket(MinioClient minioClient) throws ServerException, Insu
 	}
 
 	@Override
-	protected void upload(MinioClient minioClient) throws ServerException, InsufficientDataException,
-			ErrorResponseException, IOException, NoSuchAlgorithmException, InvalidKeyException,
-			InvalidResponseException, XmlParserException, InternalException {
+	protected void upload(MinioClient minioClient) throws MinioException {
 		PutObjectArgs objectArgs = PutObjectArgs.builder()
 			.bucket(this.minIO.getBucketName())
 			.object(fileInfo.name())
-			.stream(fileInfo.inputStream(), fileInfo.size(), -1)
+			.stream(fileInfo.inputStream(), fileInfo.size(), -1L)
 			.contentType(fileInfo.contentType())
 			.build();
 		minioClient.putObject(objectArgs);
 	}
 
 	@Override
-	protected String getUrl(MinioClient minioClient) throws ServerException, InsufficientDataException,
-			ErrorResponseException, IOException, NoSuchAlgorithmException, InvalidKeyException,
-			InvalidResponseException, XmlParserException, InternalException {
+	protected String getUrl(MinioClient minioClient) throws MinioException {
 		GetPresignedObjectUrlArgs objectUrlArgs = GetPresignedObjectUrlArgs.builder()
 			.bucket(this.minIO.getBucketName())
 			.object(fileInfo.name())
-			.method(Method.GET)
+			.method(Http.Method.GET)
 			.expiry(5, TimeUnit.DAYS)
 			.build();
 		return minioClient.getPresignedObjectUrl(objectUrlArgs);
 	}
 
 	@Override
-	public void createBucket() throws ServerException, InsufficientDataException, ErrorResponseException, IOException,
-			NoSuchAlgorithmException, InvalidKeyException, InvalidResponseException, XmlParserException,
-			InternalException {
+	public void createBucket() throws MinioException {
 		MinioClient minioClient = getObj();
 		String bucketName = this.minIO.getBucketName();
 		boolean isExist = minioClient.bucketExists(BucketExistsArgs.builder().bucket(bucketName).build());

laokou-service/laokou-admin/laokou-admin-start/src/main/resources/application.yml

@@ -34,7 +34,7 @@ server:
     key-store-password: laokou
   http2:
     enabled: false
-  forward-headers-strategy: native
+  forward-headers-strategy: framework
   shutdown: graceful
   servlet:
     context-path: /api

laokou-service/laokou-auth/laokou-auth-infrastructure/src/main/java/org/laokou/auth/config/OAuth2AuthenticationFailureHandler.java

@@ -65,7 +65,6 @@ SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http,
 			// https://docs.spring.io/spring-security/reference/servlet/authentication/passwords/form.html
 			// 登录页面 -> DefaultLoginPageGeneratingFilter
 			.formLogin(form -> form.loginPage("/login")
-				// .failureHandler(oAuth2AuthenticationFailureHandler)
 				.permitAll())
 			// 清除 session
 			.logout(logout -> logout.clearAuthentication(true).invalidateHttpSession(true))

laokou-service/laokou-auth/laokou-auth-infrastructure/src/main/java/org/laokou/auth/config/OAuth2ResourceServerConfig.java

@@ -34,7 +34,7 @@ server:
     key-store-password: laokou
   http2:
     enabled: false
-  forward-headers-strategy: native
+  forward-headers-strategy: framework
   shutdown: graceful
   port: ${SERVER_PORT:1111}
   servlet:
@@ -162,8 +162,8 @@ spring:
               - /v1/secrets=laokou-auth
               - /doc.html=laokou-auth
               - /webjars/**=laokou-auth
-              - /login=laokou-auth
               - /img/**=laokou-auth
+              - /js/**=laokou-auth
             POST:
               - /v1/captchas/send/mail=laokou-auth
               - /v1/captchas/send/mobile=laokou-auth

laokou-service/laokou-auth/laokou-auth-start/src/main/resources/application.yml

@@ -4,6 +4,7 @@
 	<meta charset="UTF-8"/>
 	<meta name="viewport" content="width=device-width,initial-scale=1"/>
 	<title>老寇IoT云平台统一认证</title>
+	<script src="js/axios.min.js"></script>
 	<style>
 		html, body {
 			height: 100%;
@@ -13,7 +14,7 @@
 			overflow-x: hidden;
 			min-height: 100vh;
 			font-family: Arial, Helvetica, sans-serif;
-			background: url('/api/img/FfdJeJRQWjEeGTpqgBKj.png') no-repeat center center;
+			background: url('img/FfdJeJRQWjEeGTpqgBKj.png') no-repeat center center;
 			background-size: cover;
 
 			/* 更健壮的居中布局：适配不同屏幕尺寸 */
@@ -98,32 +99,56 @@
 		<h2>老寇IoT云平台统一认证</h2>
 	</div>
 
-	<div class="alert alert-danger" th:if="${session.SPRING_SECURITY_LAST_EXCEPTION != null}">
+	<div class="alert alert-danger" th:if="${param.error != null and session.SPRING_SECURITY_LAST_EXCEPTION != null}">
 		<span th:text="${session.SPRING_SECURITY_LAST_EXCEPTION?.message}"></span>
 	</div>
-	<form method="post" th:action="@{/login}">
+	<form method="post" th:action="@{/login}" autocomplete="off">
+
 		<div class="form-item row" style="width: 100%;">
-			<input id="tenant" name="tenant" type="text" placeholder="请输入租户编号" required autofocus/>
+			<input id="uuid" name="uuid" type="text" autocomplete="new-password" hidden="hidden" placeholder="请输入唯一标识" required/>
 		</div>
 
 		<div class="form-item row" style="width: 100%;">
-			<input id="username" name="username" type="text" placeholder="请输入用户名" required/>
+			<input id="tenant_code" name="tenant_code" autocomplete="new-password" value="laokouyun" type="text" placeholder="请输入租户编号" required autofocus/>
 		</div>
 
 		<div class="form-item row" style="width: 100%;">
-			<input id="password" name="password" type="password" placeholder="请输入密码" required/>
+			<input id="username" name="username" type="text" autocomplete="new-password" value="admin" placeholder="请输入用户名" required/>
+		</div>
+
+		<div class="form-item row" style="width: 100%;">
+			<input id="password" name="password" type="password" autocomplete="new-password" value="admin123" placeholder="请输入密码" required/>
 		</div>
 
 		<div class="form-item">
 			<div class="row">
-				<input id="captcha" name="captcha" type="text" placeholder="请输入验证码" required/>
-				<img class="captcha" th:src="@{/captcha}" alt="captcha"
-					 onclick="this.src='/captcha?ts='+Date.now()"/>
+				<input id="captcha" name="captcha" autocomplete="new-password" type="text" placeholder="请输入验证码" required/>
+				<img id="captcha-img" class="captcha" alt="验证码" onclick="getCaptcha()"/>
 			</div>
 		</div>
 
 		<button class="btn" type="submit">登&nbsp;&nbsp;录</button>
 	</form>
 </div>
+<script>
+	function getUuid() {
+		if (window.crypto && crypto.randomUUID) {
+			return crypto.randomUUID();
+		}
+		return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
+			const r = Math.random() * 16 | 0;
+			const v = c === 'x' ? r : (r & 0x3 | 0x8);
+			return v.toString(16);
+		});
+	}
+	function getCaptcha() {
+		const uuid = getUuid()
+		document.getElementById("uuid").value = uuid
+		axios.get("v1/authorization-code/captchas/" + uuid).then(res => {
+			document.getElementById("captcha-img").src = res.data.data
+		})
+	}
+	getCaptcha()
+</script>
 </body>
 </html>

laokou-service/laokou-auth/laokou-auth-start/src/main/resources/static/js/axios.min.js

@@ -17,7 +17,7 @@ server:
     key-store-password: laokou
   http2:
     enabled: false
-  forward-headers-strategy: native
+  forward-headers-strategy: framework
   shutdown: graceful
   servlet:
     context-path: /api

laokou-service/laokou-auth/laokou-auth-start/src/main/resources/templates/login.html

@@ -34,7 +34,7 @@ server:
     key-store-password: laokou
   http2:
     enabled: false
-  forward-headers-strategy: native
+  forward-headers-strategy: framework
   shutdown: graceful
   servlet:
     context-path: /api