From 5a7463dc91ce11a6517968b9bdc46947b960c3f5 Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Fri, 3 May 2024 14:22:27 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E7=99=BB=E5=BD=95=E6=9C=89?=
 =?UTF-8?q?=E6=95=88=E6=9C=9F=E7=AD=96=E7=95=A5=EF=BC=8CSSO=20Client=20?=
 =?UTF-8?q?=E7=AB=AF=E7=99=BB=E5=BD=95=E6=97=B6=E5=B0=86=E5=BB=B6=E7=BB=AD?=
 =?UTF-8?q?=20SSO=20Server=20=E7=AB=AF=E7=9A=84=E4=BC=9A=E8=AF=9D=E5=89=A9?=
 =?UTF-8?q?=E4=BD=99=E6=9C=89=E6=95=88=E6=9C=9F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../satoken/sso/exception/SaSsoException.java | 33 +++++++++-
 .../function/TicketResultHandleFunction.java  |  4 +-
 .../cn/dev33/satoken/sso/name/ParamName.java  |  3 +
 .../sso/processor/SaSsoClientProcessor.java   | 65 ++++++++++++++-----
 .../sso/processor/SaSsoServerProcessor.java   |  4 +-
 5 files changed, 88 insertions(+), 21 deletions(-)

diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/exception/SaSsoException.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/exception/SaSsoException.java
index a33a3453..b4c50995 100644
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/exception/SaSsoException.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/exception/SaSsoException.java
@@ -16,6 +16,7 @@
 package cn.dev33.satoken.sso.exception;
 
 import cn.dev33.satoken.exception.SaTokenException;
+import cn.dev33.satoken.util.SaFoxUtil;
 
 
 /**
@@ -57,12 +58,38 @@ public class SaSsoException extends SaTokenException {
 		super.setCode(code);
 		return this;
 	}
-	
+
+
 	/**
-	 * 如果flag==true，则抛出message异常 
+	 * 断言 flag 不为 true，否则抛出 message 异常
 	 * @param flag 标记
-	 * @param message 异常信息 
+	 * @param message 异常信息
+	 * @param code 异常细分状态码
 	 */
+	public static void notTrue(boolean flag, String message, int code) {
+		if(flag) {
+			throw new SaSsoException(message).setCode(code);
+		}
+	}
+
+	/**
+	 * 断言 value 不为空，否则抛出 message 异常
+	 * @param value 值
+	 * @param message 异常信息
+	 * @param code 异常细分状态码
+	 */
+	public static void notEmpty(Object value, String message, int code) {
+		if(SaFoxUtil.isEmpty(value)) {
+			throw new SaSsoException(message).setCode(code);
+		}
+	}
+
+	/**
+	 * 如果flag==true，则抛出message异常
+	 * @param flag 标记
+	 * @param message 异常信息
+	 */
+	@Deprecated
 	public static void throwBy(boolean flag, String message) {
 		if(flag) {
 			throw new SaSsoException(message);
diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/function/TicketResultHandleFunction.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/function/TicketResultHandleFunction.java
index 7fdc26e0..f1100000 100644
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/function/TicketResultHandleFunction.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/function/TicketResultHandleFunction.java
@@ -15,6 +15,8 @@
  */
 package cn.dev33.satoken.sso.function;
 
+import cn.dev33.satoken.sso.processor.SaSsoClientProcessor;
+
 import java.util.function.BiFunction;
 
 /**
@@ -27,6 +29,6 @@ import java.util.function.BiFunction;
  * @since 1.38.0
  */
 @FunctionalInterface
-public interface TicketResultHandleFunction extends BiFunction<Object, String, Object> {
+public interface TicketResultHandleFunction extends BiFunction<SaSsoClientProcessor.CheckTicketResult, String, Object> {
 
 }
\ No newline at end of file
diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/name/ParamName.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/name/ParamName.java
index ab456a06..c0f7b188 100644
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/name/ParamName.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/name/ParamName.java
@@ -57,4 +57,7 @@ public class ParamName {
 	public String nonce = "nonce";
 	public String sign = "sign";
 
+	/** Session 剩余有效期 参数名称 */
+	public String remainSessionTimeout = "remainSessionTimeout";
+
 }
diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoClientProcessor.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoClientProcessor.java
index 6665ff9e..9e589c81 100644
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoClientProcessor.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoClientProcessor.java
@@ -121,22 +121,17 @@ public class SaSsoClientProcessor {
 			String serverAuthUrl = ssoClientTemplate.buildServerAuthUrl(currSsoLoginUrl, back);
 			return res.redirect(serverAuthUrl);
 		} else {
-			// ------- 1、校验ticket，获取 loginId
-			Object loginId = checkTicketByMode2Or3(ticket, apiName.ssoLogin);
+			// 1、校验ticket，获取 loginId
+			CheckTicketResult ctr = checkTicketByMode2Or3(ticket, apiName.ssoLogin);
 
-			// Be: 如果开发者自定义了处理逻辑
+			// 2、如果开发者自定义了ticket结果值处理函数，则使用自定义的函数
 			if(cfg.ticketResultHandle != null) {
-				return cfg.ticketResultHandle.apply(loginId, back);
+				return cfg.ticketResultHandle.apply(ctr, back);
 			}
 
-			// ------- 2、如果 loginId 无值，说明 ticket 无效
-			if(SaFoxUtil.isEmpty(loginId)) {
-				throw new SaSsoException("无效ticket：" + ticket).setCode(SaSsoErrorCode.CODE_30004);
-			} else {
-				// 3、如果 loginId 有值，说明 ticket 有效，此时进行登录并重定向至back地址
-				stpLogic.login(loginId);
-				return res.redirect(back);
-			}
+			// 3、登录并重定向至back地址
+			stpLogic.login(ctr.loginId, ctr.remainSessionTimeout);
+			return res.redirect(back);
 		}
 	}
 
@@ -244,14 +239,15 @@ public class SaSsoClientProcessor {
 	// 工具方法
 
 	/**
-	 * 封装：校验ticket，取出loginId
+	 * 封装：校验ticket，取出loginId，如果 ticket 无效则抛出异常
 	 * @param ticket ticket码
 	 * @param currUri 当前路由的uri，用于计算单点注销回调地址
 	 * @return loginId
 	 */
-	public Object checkTicketByMode2Or3(String ticket, String currUri) {
+	public CheckTicketResult checkTicketByMode2Or3(String ticket, String currUri) {
 		SaSsoClientConfig cfg = ssoClientTemplate.getClientConfig();
 		ApiName apiName = ssoClientTemplate.apiName;
+		ParamName paramName = ssoClientTemplate.paramName;
 
 		// --------- 两种模式
 		if(cfg.getIsHttp()) {
@@ -281,7 +277,18 @@ public class SaSsoClientProcessor {
 
 			// 校验
 			if(result.getCode() != null && result.getCode() == SaResult.CODE_SUCCESS) {
-				return result.getData();
+				// 取出 loginId
+				Object loginId = result.getData();
+				if(SaFoxUtil.isEmpty(loginId)) {
+					throw new SaSsoException("无效ticket：" + ticket).setCode(SaSsoErrorCode.CODE_30004);
+				}
+				// 取出 Session 剩余有效期
+				Long remainSessionTimeout = result.get(paramName.remainSessionTimeout, Long.class);
+				if(remainSessionTimeout == null) {
+					remainSessionTimeout = ssoClientTemplate.getStpLogic().getConfig().getTimeout();
+				}
+				// 构建返回
+				return new CheckTicketResult(loginId, remainSessionTimeout);
 			} else {
 				// 将 sso-server 回应的消息作为异常抛出
 				throw new SaSsoException(result.getMsg()).setCode(SaSsoErrorCode.CODE_30005);
@@ -293,7 +300,16 @@ public class SaSsoClientProcessor {
 			// 		而在当前 sso-client 没有按照相应格式重写 SaSsoClientProcessor 里的方法，
 			// 		可能会导致调用失败（注意是可能，而非一定），
 			// 		解决方案为：在当前 sso-client 端也按照 sso-server 端的格式重写 SaSsoClientProcessor 里的方法
-			return SaSsoServerProcessor.instance.ssoServerTemplate.checkTicket(ticket, cfg.getClient());
+
+			// 取出 loginId
+			Object loginId = SaSsoServerProcessor.instance.ssoServerTemplate.checkTicket(ticket, cfg.getClient());
+			if(SaFoxUtil.isEmpty(loginId)) {
+				throw new SaSsoException("无效ticket：" + ticket).setCode(SaSsoErrorCode.CODE_30004);
+			}
+			// 取出 Session 剩余有效期
+			long remainSessionTimeout = ssoClientTemplate.getStpLogic().getSessionTimeoutByLoginId(loginId);
+			// 构建返回
+			return new CheckTicketResult(loginId, remainSessionTimeout);
 		}
 	}
 
@@ -307,4 +323,21 @@ public class SaSsoClientProcessor {
 		return SaSsoProcessorHelper.ssoLogoutBack(req, res, ssoClientTemplate.paramName);
 	}
 
+
+	public static class CheckTicketResult {
+		public Object loginId;
+		public long remainSessionTimeout;
+		public CheckTicketResult(Object loginId, long remainSessionTimeout) {
+			this.loginId = loginId;
+			this.remainSessionTimeout = remainSessionTimeout;
+		}
+		@Override
+		public String toString() {
+			return "CheckTicketResult{" +
+					"loginId=" + loginId +
+					", remainSessionTimeout=" + remainSessionTimeout +
+					'}';
+		}
+	}
+
 }
diff --git a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java
index e6d93561..3a917376 100644
--- a/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java
+++ b/sa-token-plugin/sa-token-sso/src/main/java/cn/dev33/satoken/sso/processor/SaSsoServerProcessor.java
@@ -193,7 +193,9 @@ public class SaSsoServerProcessor {
 		ssoServerTemplate.registerSloCallbackUrl(loginId, client, sloCallback);
 
 		// 6、给 client 端响应结果
-		return SaResult.data(loginId);
+		long remainSessionTimeout = ssoServerTemplate.getStpLogic().getSessionTimeoutByLoginId(loginId);
+		return SaResult.data(loginId)
+				.set(paramName.remainSessionTimeout, remainSessionTimeout);
 	}
 
 	/**