tianwu.sun hai 9 meses
pai
achega
0f68b68de7

+ 11 - 4
src/main/java/com/bootdo/system/controller/SessionController.java

@@ -1,6 +1,7 @@
 package com.bootdo.system.controller;
 
 import com.bootdo.common.annotation.Log;
+import com.bootdo.common.utils.IPUtils;
 import com.bootdo.common.utils.R;
 import com.bootdo.system.domain.UserOnline;
 import com.bootdo.system.service.SessionService;
@@ -13,6 +14,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.mvc.support.RedirectAttributes;
 
+import javax.servlet.http.HttpServletRequest;
 import java.util.Collection;
 import java.util.List;
 
@@ -30,15 +32,20 @@ public class SessionController {
 
 	@ResponseBody
 	@RequestMapping("/list")
-	public List<UserOnline> list() {
-		return sessionService.list();
+	public List<UserOnline> list(HttpServletRequest request) {
+		try {
+			return sessionService.list(request);
+		} catch (Exception e) {
+			e.printStackTrace();
+			return null;
+		}
 	}
 
 	@ResponseBody
 	@RequestMapping("/forceLogout/{sessionId}")
-	public R forceLogout(@PathVariable("sessionId") String sessionId, RedirectAttributes redirectAttributes) {
+	public R forceLogout(@PathVariable("sessionId") String sessionId,HttpServletRequest request) {
 		try {
-			sessionService.forceLogout(sessionId);
+			sessionService.forceLogout(sessionId,request);
 			return R.ok();
 		} catch (Exception e) {
 			e.printStackTrace();

+ 4 - 2
src/main/java/com/bootdo/system/service/SessionService.java

@@ -11,13 +11,15 @@ import org.springframework.stereotype.Service;
 
 import com.bootdo.system.domain.UserOnline;
 
+import javax.servlet.http.HttpServletRequest;
+
 @Service
 public interface SessionService {
-	List<UserOnline> list();
+	List<UserOnline> list(HttpServletRequest request) throws Exception;
 
 	List<UserDO> listOnlineUser();
 
 	Collection<Session> sessionList();
 	
-	boolean forceLogout(String sessionId);
+	boolean forceLogout(String sessionId,HttpServletRequest request) throws Exception;
 }

+ 16 - 2
src/main/java/com/bootdo/system/service/impl/SessionServiceImpl.java

@@ -1,5 +1,6 @@
 package com.bootdo.system.service.impl;
 
+import com.bootdo.common.utils.IPUtils;
 import com.bootdo.system.domain.UserDO;
 import com.bootdo.system.domain.UserOnline;
 import com.bootdo.system.domain.UserToken;
@@ -9,8 +10,10 @@ import org.apache.shiro.session.mgt.eis.SessionDAO;
 import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.apache.shiro.subject.support.DefaultSubjectContext;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -25,13 +28,20 @@ import java.util.List;
 public class SessionServiceImpl implements SessionService {
     private final SessionDAO sessionDAO;
 
+    @Value("${api-allow-ip}")
+    private String apiAllowIp;
+
     @Autowired
     public SessionServiceImpl(SessionDAO sessionDAO) {
         this.sessionDAO = sessionDAO;
     }
 
     @Override
-    public List<UserOnline> list() {
+    public List<UserOnline> list(HttpServletRequest request) throws Exception{
+        String ip = IPUtils.getIpAddr(request);
+        if (!apiAllowIp.contains(ip)) {
+            throw new Exception("不允许访问");
+        }
         List<UserOnline> list = new ArrayList<>();
         Collection<Session> sessions = sessionDAO.getActiveSessions();
         for (Session session : sessions) {
@@ -79,7 +89,11 @@ public class SessionServiceImpl implements SessionService {
     }
 
     @Override
-    public boolean forceLogout(String sessionId) {
+    public boolean forceLogout(String sessionId,HttpServletRequest request) throws Exception {
+        String ip = IPUtils.getIpAddr(request);
+        if (!apiAllowIp.contains(ip)) {
+            throw new Exception("不允许访问");
+        }
         Session session = sessionDAO.readSession(sessionId);
         sessionDAO.delete(session);
         return true;

A diferenza do arquivo foi suprimida porque é demasiado grande
+ 3 - 0
src/main/resources/application-dev.yml


A diferenza do arquivo foi suprimida porque é demasiado grande
+ 3 - 0
src/main/resources/application-prod.yml


A diferenza do arquivo foi suprimida porque é demasiado grande
+ 3 - 0
src/main/resources/application-test.yml