:zap: 增加租户账号授权码保护机制，防止私有部署客户篡改数据库增加账号时间和账号额度

src/main/java/org/springblade/common/constant/TenantConstant.java

@@ -40,15 +40,22 @@ public interface TenantConstant {
 	 * 租户默认菜单集合KEY
 	 */
 	String ACCOUNT_MENU_CODE_KEY = "tenant.default.menuCode";
+
 	/**
 	 * 租户默认密码
 	 */
 	String DEFAULT_PASSWORD = "123456";
 
+	/**
+	 * 租户授权码默认16位密钥
+	 */
+	String DES_KEY = "0000000000000000";
+
 	/**
 	 * 租户默认账号额度
 	 */
 	Integer DEFAULT_ACCOUNT_NUMBER = -1;
+
 	/**
 	 * 租户默认菜单集合
 	 */

src/main/java/org/springblade/modules/auth/utils/TokenUtil.java

@@ -16,15 +16,16 @@
  */
 package org.springblade.modules.auth.utils;
 
+import org.springblade.common.constant.TenantConstant;
 import org.springblade.core.launch.constant.TokenConstant;
 import org.springblade.core.log.exception.ServiceException;
 import org.springblade.core.secure.TokenInfo;
 import org.springblade.core.secure.utils.SecureUtil;
+import org.springblade.core.tenant.BladeTenantProperties;
 import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
 import org.springblade.core.tool.support.Kv;
-import org.springblade.core.tool.utils.DateUtil;
-import org.springblade.core.tool.utils.Func;
-import org.springblade.core.tool.utils.StringUtil;
+import org.springblade.core.tool.utils.*;
 import org.springblade.modules.system.entity.Tenant;
 import org.springblade.modules.system.entity.User;
 import org.springblade.modules.system.entity.UserInfo;
@@ -56,6 +57,20 @@ public class TokenUtil {
 	public final static String HEADER_PREFIX = "Basic ";
 	public final static String DEFAULT_AVATAR = "https://gw.alipayobjects.com/zos/rmsportal/BiazfanxmamNRoxxVxka.png";
 
+	private static BladeTenantProperties tenantProperties;
+
+	/**
+	 * 获取租户配置
+	 *
+	 * @return tenantProperties
+	 */
+	private static BladeTenantProperties getTenantProperties() {
+		if (tenantProperties == null) {
+			tenantProperties = SpringUtil.getBean(BladeTenantProperties.class);
+		}
+		return tenantProperties;
+	}
+
 	/**
 	 * 创建认证token
 	 *
@@ -132,6 +147,11 @@ public class TokenUtil {
 			return false;
 		}
 		Date expireTime = tenant.getExpireTime();
+		if (getTenantProperties().getLicense()) {
+			String licenseKey = tenant.getLicenseKey();
+			String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
+			expireTime = JsonUtil.parse(decrypt, Tenant.class).getExpireTime();
+		}
 		if (expireTime != null && expireTime.before(DateUtil.now())) {
 			throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
 		}

src/main/java/org/springblade/modules/system/controller/TenantController.java

@@ -147,14 +147,7 @@ public class TenantController extends BladeController {
 	@ApiOperation(value = "授权配置", notes = "传入ids,accountNumber,expireTime")
 	@PreAuth(RoleConstant.HAS_ROLE_ADMINISTRATOR)
 	public R setting(@ApiParam(value = "主键集合", required = true) @RequestParam String ids, @ApiParam(value = "账号额度") Integer accountNumber, @ApiParam(value = "过期时间") Date expireTime) {
-		CacheUtil.clear(SYS_CACHE);
-		boolean temp = tenantService.update(
-			Wrappers.<Tenant>update().lambda()
-				.set(Tenant::getAccountNumber, accountNumber)
-				.set(Tenant::getExpireTime, expireTime)
-				.in(Tenant::getId, Func.toLongList(ids))
-		);
-		return R.status(temp);
+		return R.status(tenantService.setting(accountNumber, expireTime, ids));
 	}
 
 	/**

src/main/java/org/springblade/modules/system/entity/Tenant.java

@@ -88,6 +88,11 @@ public class Tenant extends BaseEntity {
 	@JsonFormat(pattern = DateUtil.PATTERN_DATETIME)
 	@ApiModelProperty(value = "过期时间")
 	private Date expireTime;
+	/**
+	 * 授权码
+	 */
+	@ApiModelProperty(value = "授权码")
+	private String licenseKey;
 
 
 }

src/main/java/org/springblade/modules/system/mapper/TenantMapper.xml

@@ -20,6 +20,7 @@
         <result column="address" property="address"/>
         <result column="account_number" property="accountNumber"/>
         <result column="expire_time" property="expireTime"/>
+        <result column="license_key" property="licenseKey"/>
     </resultMap>
 
 

src/main/java/org/springblade/modules/system/service/ITenantService.java

@@ -20,6 +20,7 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import org.springblade.core.mp.base.BaseService;
 import org.springblade.modules.system.entity.Tenant;
 
+import java.util.Date;
 import java.util.List;
 
 /**
@@ -62,4 +63,14 @@ public interface ITenantService extends BaseService<Tenant> {
 	 */
 	boolean removeTenant(List<Long> ids);
 
+	/**
+	 * 配置租户授权
+	 *
+	 * @param accountNumber
+	 * @param expireTime
+	 * @param ids
+	 * @return
+	 */
+	boolean setting(Integer accountNumber, Date expireTime, String ids);
+
 }

src/main/java/org/springblade/modules/system/service/impl/TenantServiceImpl.java

@@ -16,14 +16,20 @@
  */
 package org.springblade.modules.system.service.impl;
 
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import lombok.AllArgsConstructor;
 import org.springblade.common.cache.ParamCache;
+import org.springblade.core.cache.utils.CacheUtil;
 import org.springblade.core.log.exception.ServiceException;
 import org.springblade.core.mp.base.BaseServiceImpl;
+import org.springblade.core.tenant.BladeTenantProperties;
 import org.springblade.core.tenant.TenantId;
 import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
+import org.springblade.core.tool.support.Kv;
+import org.springblade.core.tool.utils.DesUtil;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.modules.system.entity.*;
 import org.springblade.modules.system.mapper.TenantMapper;
@@ -38,6 +44,7 @@ import java.util.List;
 import java.util.stream.Collectors;
 
 import static org.springblade.common.constant.TenantConstant.*;
+import static org.springblade.core.cache.constant.CacheConstant.SYS_CACHE;
 
 /**
  * 服务实现类
@@ -56,6 +63,7 @@ public class TenantServiceImpl extends BaseServiceImpl<TenantMapper, Tenant> imp
 	private final IRoleMenuService roleMenuService;
 	private final IDictBizService dictBizService;
 	private final IUserService userService;
+	private final BladeTenantProperties tenantProperties;
 
 	@Override
 	public IPage<Tenant> selectTenantPage(IPage<Tenant> page, Tenant tenant) {
@@ -159,6 +167,24 @@ public class TenantServiceImpl extends BaseServiceImpl<TenantMapper, Tenant> imp
 		return tenantTemp && userTemp;
 	}
 
+	@Override
+	public boolean setting(Integer accountNumber, Date expireTime, String ids) {
+		CacheUtil.clear(SYS_CACHE);
+		Func.toLongList(ids).forEach(id -> {
+			LambdaUpdateWrapper<Tenant> luw = Wrappers.<Tenant>update().lambda()
+				.set(Tenant::getAccountNumber, accountNumber)
+				.set(Tenant::getExpireTime, expireTime)
+				.eq(Tenant::getId, id);
+			if (tenantProperties.getLicense()) {
+				Kv kv = Kv.create().set("accountNumber", accountNumber).set("expireTime", expireTime).set("id", id);
+				String licenseKey = DesUtil.encryptToHex(JsonUtil.toJson(kv), DES_KEY);
+				luw.set(Tenant::getLicenseKey, licenseKey);
+			}
+			update(luw);
+		});
+		return true;
+	}
+
 	private String getTenantId(List<String> codes) {
 		String code = tenantId.generate();
 		if (codes.contains(code)) {

src/main/java/org/springblade/modules/system/service/impl/UserServiceImpl.java

@@ -26,15 +26,21 @@ import org.springblade.common.cache.ParamCache;
 import org.springblade.common.cache.SysCache;
 import org.springblade.common.cache.UserCache;
 import org.springblade.common.constant.CommonConstant;
+import org.springblade.common.constant.TenantConstant;
 import org.springblade.core.log.exception.ServiceException;
 import org.springblade.core.mp.base.BaseServiceImpl;
 import org.springblade.core.secure.utils.AuthUtil;
+import org.springblade.core.tenant.BladeTenantProperties;
 import org.springblade.core.tool.constant.BladeConstant;
+import org.springblade.core.tool.jackson.JsonUtil;
 import org.springblade.core.tool.utils.*;
 import org.springblade.modules.system.entity.*;
 import org.springblade.modules.system.excel.UserExcel;
 import org.springblade.modules.system.mapper.UserMapper;
-import org.springblade.modules.system.service.*;
+import org.springblade.modules.system.service.IRoleService;
+import org.springblade.modules.system.service.IUserDeptService;
+import org.springblade.modules.system.service.IUserOauthService;
+import org.springblade.modules.system.service.IUserService;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -58,6 +64,7 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, User> implement
 	private final IUserDeptService userDeptService;
 	private final IUserOauthService userOauthService;
 	private final IRoleService roleService;
+	private final BladeTenantProperties tenantProperties;
 
 	@Override
 	@Transactional(rollbackFor = Exception.class)
@@ -69,6 +76,11 @@ public class UserServiceImpl extends BaseServiceImpl<UserMapper, User> implement
 		Tenant tenant = SysCache.getTenant(tenantId);
 		if (Func.isNotEmpty(tenant)) {
 			Integer accountNumber = tenant.getAccountNumber();
+			if (tenantProperties.getLicense()) {
+				String licenseKey = tenant.getLicenseKey();
+				String decrypt = DesUtil.decryptFormHex(licenseKey, TenantConstant.DES_KEY);
+				accountNumber = JsonUtil.parse(decrypt, Tenant.class).getAccountNumber();
+			}
 			Integer tenantCount = baseMapper.selectCount(Wrappers.<User>query().lambda().eq(User::getTenantId, tenantId));
 			if (accountNumber != null && accountNumber > 0 && accountNumber <= tenantCount) {
 				throw new ServiceException("当前租户已到最大账号额度!");

src/main/resources/application.yml

@@ -146,6 +146,7 @@ blade:
   #多租户配置
   tenant:
     enhance: true
+    license: true
     column: tenant_id
     exclude-tables:
       - blade_user