update 优化截断token 避免日志输出具体token内容防止盗用隐患

2026-04-29 14:51:24 +08:00 · 2026-04-09 10:49:52 +08:00
parent 61dd3d6fe9
commit a3b1a22a75
2 changed files with 8 additions and 6 deletions
--- a/ruoyi-auth/src/main/java/org/dromara/auth/listener/UserActionListener.java
+++ b/ruoyi-auth/src/main/java/org/dromara/auth/listener/UserActionListener.java
@@ -14,6 +14,7 @@ import org.dromara.common.core.constant.Constants;
 import org.dromara.common.core.utils.MessageUtils;
 import org.dromara.common.core.utils.ServletUtils;
 import org.dromara.common.core.utils.SpringUtils;
+import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.core.utils.ip.AddressUtils;
 import org.dromara.common.log.event.LoginInfoEvent;
 import org.dromara.common.redis.utils.RedisUtils;
@@ -72,7 +73,7 @@ public class UserActionListener implements SaTokenListener {
        SpringUtils.context().publishEvent(loginInfoEvent);
        // 更新登录信息
        remoteUserService.recordLoginInfo((Long) loginParameter.getExtra(LoginHelper.USER_KEY), ip);
-        log.info("user doLogin, useId:{}, token:{}", loginId, tokenValue);
+        log.info("user doLogin, useId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
    }

    /**
@@ -81,7 +82,7 @@ public class UserActionListener implements SaTokenListener {
    @Override
    public void doLogout(String loginType, Object loginId, String tokenValue) {
        RedisUtils.deleteObject(CacheNames.ONLINE_TOKEN_KEY + tokenValue);
-        log.info("user doLogout, useId:{}, token:{}", loginId, tokenValue);
+        log.info("user doLogout, useId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
    }

    /**
@@ -90,7 +91,7 @@ public class UserActionListener implements SaTokenListener {
    @Override
    public void doKickout(String loginType, Object loginId, String tokenValue) {
        RedisUtils.deleteObject(CacheNames.ONLINE_TOKEN_KEY + tokenValue);
-        log.info("user doLogoutByLoginId, useId:{}, token:{}", loginId, tokenValue);
+        log.info("user doLogoutByLoginId, useId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
    }

    /**
@@ -99,7 +100,7 @@ public class UserActionListener implements SaTokenListener {
    @Override
    public void doReplaced(String loginType, Object loginId, String tokenValue) {
        RedisUtils.deleteObject(CacheNames.ONLINE_TOKEN_KEY + tokenValue);
-        log.info("user doReplaced, useId:{}, token:{}", loginId, tokenValue);
+        log.info("user doReplaced, useId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
    }

    /**