添加state参数验证

zlt-demo/sso-demo/web-sso/src/main/resources/static/callback.html

@@ -5,23 +5,24 @@
     <meta charset="utf-8"/>
     <title>zlt</title>
     <script type="text/javascript" src="js/jquery-3.2.1.min.js"></script>
+    <script type="text/javascript" src="js/sso.js"></script>
 </head>
 <body>
 <script>
     window.onload = function() {
-        //获取url参数
-        function getQueryVariable(variable) {
-            var query = window.location.search.substring(1);
-            var vars = query.split("&");
-            for (var i=0;i<vars.length;i++) {
-                var pair = vars[i].split("=");
-                if(pair[0] == variable){return pair[1];}
-            }
-            return '';
+        //url获取state
+        let state = getQueryVariable('state');
+        let localState = sessionStorage.getItem("state");
+        //判断state防止CSRF攻击
+        if (localState !== state) {
+            alert('state参数无效！');
+            let state = getState();
+            sessionStorage.setItem("state", state);
+            window.location = getAuthorizeUri(state);
         }
-
         //url获取code
         let code = getQueryVariable('code');
+
         //获取token和用户信息
         $.ajax({url:'http://127.0.0.1:8081/token/'+code, success:function(result) {
             console.log(result);

zlt-demo/sso-demo/web-sso/src/main/resources/static/index.html

@@ -5,6 +5,7 @@
     <meta charset="utf-8"/>
     <title>zlt</title>
     <script type="text/javascript" src="js/jquery-3.2.1.min.js"></script>
+    <script type="text/javascript" src="js/sso.js"></script>
 </head>
 <body>
 <div>
@@ -15,11 +16,6 @@
     <p><input type="button" value="登出" onclick="logout()"/></p>
 </div>
 <script>
-    //应用id
-    let clientId = 'app';
-    //授权中心地址
-    let uaaUri = 'http://127.0.0.1:9900/api-uaa/oauth/';
-
     window.onload = function() {
         let accessToken = sessionStorage.getItem('access_token');
         if (accessToken) {//已登录
@@ -30,8 +26,10 @@
             $('#roles').html(roles);
             $('#clientId').html(clientId);
         } else {//未登录
+            let state = getState();
             sessionStorage.setItem("visitUri", window.location.href);
-            window.location = uaaUri+'authorize?client_id='+clientId+'&redirect_uri=http://127.0.0.1:8081/callback.html&response_type=code';
+            sessionStorage.setItem("state", state);
+            window.location = getAuthorizeUri(state);
         }
     };
 
@@ -40,7 +38,7 @@
         sessionStorage.removeItem('access_token');
         sessionStorage.removeItem('username');
         sessionStorage.removeItem("roles");
-        window.location = uaaUri+'remove/token?redirect_uri=http://127.0.0.1:8081/index.html&access_token='+accessToken;
+        window.location = getLogoutUri(accessToken);
     }
 </script>
 </body>

zlt-demo/sso-demo/web-sso/src/main/resources/static/js/sso.js

+const FULL_CHARTER = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopgrstuvwxyz';
+//应用id
+let clientId = 'app';
+//授权中心地址
+let uaaUri = 'http://127.0.0.1:9900/api-uaa/oauth/';
+
+function getAuthorizeUri(state) {
+    return uaaUri+'authorize?client_id='+clientId+'&redirect_uri=http://127.0.0.1:8081/callback.html&response_type=code&state='+state;
+}
+
+function getLogoutUri(accessToken) {
+    return uaaUri+'remove/token?redirect_uri=http://127.0.0.1:8081/index.html&access_token='+accessToken;
+}
+
+function getState() {
+    let state='';
+    for (let i = 0; i < 6; i++) {
+        state += FULL_CHARTER[Math.floor(Math.random() * 52)];
+    }
+    return state;
+}
+
+/**
+ * 获取url参数
+ */
+function getQueryVariable(variable) {
+    var query = window.location.search.substring(1);
+    var vars = query.split("&");
+    for (var i=0;i<vars.length;i++) {
+        var pair = vars[i].split("=");
+        if(pair[0] == variable){return pair[1];}
+    }
+    return '';
+}
\ No newline at end of file