update 优化 截断token 避免日志输出具体token内容 防止盗用隐患

ruoyi-admin/src/main/java/org/dromara/web/listener/UserActionListener.java

@@ -11,6 +11,7 @@ import org.dromara.common.core.constant.Constants;
 import org.dromara.common.core.domain.dto.UserOnlineDTO;
 import org.dromara.common.core.utils.MessageUtils;
 import org.dromara.common.core.utils.ServletUtils;
+import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.core.utils.SpringUtils;
 import org.dromara.common.core.utils.ip.AddressUtils;
 import org.dromara.common.log.event.LoginInfoEvent;
@@ -67,7 +68,7 @@ public class UserActionListener implements SaTokenListener {
         SpringUtils.context().publishEvent(loginInfoEvent);
         // 更新登录信息
         loginService.recordLoginInfo((Long) loginParameter.getExtra(LoginHelper.USER_KEY), ip);
-        log.info("user doLogin, userId:{}, token:{}", loginId, tokenValue);
+        log.info("user doLogin, userId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
     }
 
     /**
@@ -76,7 +77,7 @@ public class UserActionListener implements SaTokenListener {
     @Override
     public void doLogout(String loginType, Object loginId, String tokenValue) {
         RedisUtils.deleteObject(CacheNames.ONLINE_TOKEN_KEY + tokenValue);
-        log.info("user doLogout, userId:{}, token:{}", loginId, tokenValue);
+        log.info("user doLogout, userId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
     }
 
     /**
@@ -85,7 +86,7 @@ public class UserActionListener implements SaTokenListener {
     @Override
     public void doKickout(String loginType, Object loginId, String tokenValue) {
         RedisUtils.deleteObject(CacheNames.ONLINE_TOKEN_KEY + tokenValue);
-        log.info("user doKickout, userId:{}, token:{}", loginId, tokenValue);
+        log.info("user doKickout, userId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
     }
 
     /**
@@ -94,7 +95,7 @@ public class UserActionListener implements SaTokenListener {
     @Override
     public void doReplaced(String loginType, Object loginId, String tokenValue) {
         RedisUtils.deleteObject(CacheNames.ONLINE_TOKEN_KEY + tokenValue);
-        log.info("user doReplaced, userId:{}, token:{}", loginId, tokenValue);
+        log.info("user doReplaced, userId:{}, token:***{}", loginId, StringUtils.right(tokenValue, 8));
     }
 
     /**

ruoyi-common/ruoyi-common-push/src/main/java/org/dromara/common/push/handler/PlusWebSocketHandler.java

@@ -5,6 +5,7 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.dromara.common.core.domain.dto.PushPayloadDTO;
 import org.dromara.common.core.domain.model.LoginUser;
+import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.core.enums.PushSourceEnum;
 import org.dromara.common.core.enums.PushTypeEnum;
 import org.dromara.common.push.constant.MessageConstants;
@@ -61,7 +62,7 @@ public class PlusWebSocketHandler extends AbstractWebSocketHandler {
             token,
             new ConcurrentWebSocketSessionDecorator(session, 10 * 1000, 64_000)
         );
-        log.info("[connect] sessionId: {}, userId:{}, token:{}", session.getId(), loginUser.getUserId(), token);
+        log.info("[connect] sessionId: {}, userId:{}, token:***{}", session.getId(), loginUser.getUserId(), StringUtils.right(token, 8));
     }
 
     /**
@@ -138,7 +139,7 @@ public class PlusWebSocketHandler extends AbstractWebSocketHandler {
 
         // 从会话管理器中移除连接
         webSocketSessionManager.disconnect(loginUser.getUserId(), token);
-        log.info("[disconnect] sessionId: {}, userId:{}, token:{}", session.getId(), loginUser.getUserId(), token);
+        log.info("[disconnect] sessionId: {}, userId:{}, token:***{}", session.getId(), loginUser.getUserId(), StringUtils.right(token, 8));
     }
 
     /**