#

Junjie

2 天以前 bd6b518aae61608ddc2d82b43ccc283dc95b9c54

 src/main/java/com/zy/common/web/AuthController.java

@@ -2,16 +2,20 @@

import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.core.annotations.ManagerAuth;
import com.core.common.Cools;
import com.core.common.R;
import com.core.exception.CoolException;
import com.zy.common.CodeRes;
import com.zy.common.auth.MfaLoginTicketManager;
import com.zy.common.auth.PasskeyChallengeManager;
import com.zy.common.i18n.I18nMessageService;
import com.zy.common.entity.Parameter;
import com.zy.common.model.PowerDto;
import com.zy.common.model.enums.HtmlNavIconType;
import com.zy.common.utils.MfaTotpUtil;
import com.zy.common.utils.PasskeyWebAuthnUtil;
import com.zy.common.utils.QrCode;
import com.zy.common.utils.RandomValidateCodeUtil;
import com.zy.system.entity.*;
import com.zy.system.service.*;
@@ -25,6 +29,10 @@
import org.springframework.web.bind.annotation.RestController;

import jakarta.servlet.http.HttpServletResponse;
import javax.imageio.ImageIO;
import java.awt.image.BufferedImage;
import java.io.ByteArrayOutputStream;
import java.util.Base64;
import java.util.*;

/**
@@ -53,6 +61,10 @@
    private LicenseTimer licenseTimer;
    @Autowired
    private I18nMessageService i18nMessageService;
    @Autowired
    private MfaLoginTicketManager mfaLoginTicketManager;
    @Autowired
    private PasskeyChallengeManager passkeyChallengeManager;

    @RequestMapping("/login.action")
    @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "登录")
@@ -61,15 +73,16 @@
        if (!licenseTimer.getSystemSupport()){
            return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
        }
        if (Cools.isEmpty(mobile, password)) {
            return new R(10003, i18nMessageService.getMessage("response.user.passwordMismatch"));
        }
        if (mobile.equals("super") && password.equals(Cools.md5(superPwd))) {
            Map<String, Object> res = new HashMap<>();
            res.put("username", mobile);
            res.put("token", Cools.enToken(System.currentTimeMillis() + mobile, superPwd));
            return R.ok(res);
        }
        QueryWrapper<User> userWrapper = new QueryWrapper<>();
        userWrapper.eq("mobile", mobile);
        User user = userService.getOne(userWrapper);
        User user = userService.getByMobileWithSecurity(mobile);
        if (Cools.isEmpty(user)){
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
@@ -79,17 +92,123 @@
        if (!user.getPassword().equals(password)){
            return new R(10003, i18nMessageService.getMessage("response.user.passwordMismatch"));
        }
        String token = Cools.enToken(System.currentTimeMillis() + mobile, user.getPassword());
        userLoginService.remove(new QueryWrapper<UserLogin>().eq("user_id", user.getId()).eq("system_type", "WCS"));
        UserLogin userLogin = new UserLogin();
        userLogin.setUserId(user.getId());
        userLogin.setToken(token);
        userLogin.setSystemType("WCS");
        userLoginService.save(userLogin);
        Map<String, Object> res = new HashMap<>();
        res.put("username", user.getUsername());
        res.put("token", token);
        return R.ok(res);
        if (requiresMfa(user)) {
            Map<String, Object> res = new HashMap<>();
            res.put("username", user.getUsername());
            res.put("mfaRequired", true);
            res.put("mfaTicket", mfaLoginTicketManager.create(user.getId()));
            return R.ok(res);
        }
        return R.ok(buildLoginSuccess(user));
    }

    @RequestMapping("/login/mfa.action")
    @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "MFA登录")
    public R loginMfaAction(String ticket, String code) {
        Long userId = mfaLoginTicketManager.getUserId(ticket);
        if (userId == null) {
            return new R(10004, i18nMessageService.getMessage("response.user.mfaTicketExpired"));
        }
        User user = userService.getByIdWithSecurity(userId);
        if (Cools.isEmpty(user)) {
            mfaLoginTicketManager.remove(ticket);
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (user.getStatus() != 1) {
            mfaLoginTicketManager.remove(ticket);
            return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
        }
        if (!requiresMfa(user)) {
            mfaLoginTicketManager.remove(ticket);
            return new R(10005, i18nMessageService.getMessage("response.user.mfaNotEnabled"));
        }
        if (!MfaTotpUtil.verifyCode(user.getMfaSecret(), code, 1)) {
            return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
        }
        mfaLoginTicketManager.remove(ticket);
        return R.ok(buildLoginSuccess(user));
    }

    @RequestMapping("/login/passkey/options.action")
    @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "通行密钥登录参数")
    public R loginPasskeyOptions(String mobile) {
        if (!licenseTimer.getSystemSupport()) {
            return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
        }
        String origin = PasskeyWebAuthnUtil.buildOrigin(request);
        String rpId = PasskeyWebAuthnUtil.buildRpId(request);
        if (!PasskeyWebAuthnUtil.isSecureOriginAllowed(origin, rpId)) {
            return new R(10009, i18nMessageService.getMessage("response.user.passkeySecureContextRequired"));
        }
        User user = null;
        if (!Cools.isEmpty(mobile)) {
            user = userService.getByMobileWithSecurity(mobile);
            if (Cools.isEmpty(user)) {
                return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
            }
            if (user.getStatus() != 1) {
                return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
            }
            if (!hasPasskeyBound(user)) {
                return new R(10010, i18nMessageService.getMessage("response.user.passkeyNotBound"));
            }
        }
        PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.createAuthentication(user == null ? null : user.getId(), origin, rpId);
        return R.ok(buildPasskeyAuthenticationOptions(state, user));
    }

    @RequestMapping("/login/passkey/verify.action")
    @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "通行密钥登录")
    public R loginPasskeyVerify(String ticket,
                                String credentialId,
                                String clientDataJSON,
                                String authenticatorData,
                                String signature) {
        if (!licenseTimer.getSystemSupport()) {
            return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
        }
        PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.get(ticket, PasskeyChallengeManager.Purpose.AUTHENTICATION);
        if (state == null) {
            return new R(10011, i18nMessageService.getMessage("response.user.passkeyTicketExpired"));
        }
        try {
            com.alibaba.fastjson.JSONObject clientData = PasskeyWebAuthnUtil.parseClientData(clientDataJSON);
            PasskeyWebAuthnUtil.validateClientData(clientData, "webauthn.get", state.getChallenge(), state.getOrigin());
            PasskeyWebAuthnUtil.AuthenticatorData authData = PasskeyWebAuthnUtil.validateAuthenticatorData(authenticatorData, state.getRpId(), true);
            User user = state.getUserId() == null
                    ? userService.getByPasskeyCredentialId(credentialId)
                    : userService.getByIdWithSecurity(state.getUserId());
            if (Cools.isEmpty(user)) {
                return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
            }
            if (user.getStatus() != 1) {
                return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
            }
            if (!hasPasskeyBound(user) || !Cools.eq(user.getPasskeyCredentialId(), credentialId)) {
                return new R(10010, i18nMessageService.getMessage("response.user.passkeyNotBound"));
            }
            PasskeyWebAuthnUtil.verifyAssertionSignature(
                    user.getPasskeyPublicKey(),
                    user.getPasskeyAlgorithm(),
                    authenticatorData,
                    clientDataJSON,
                    signature
            );
            long nextSignCount = authData.getSignCount();
            Long currentSignCount = user.getPasskeySignCount();
            if (currentSignCount != null && currentSignCount > 0 && nextSignCount > 0 && nextSignCount <= currentSignCount) {
                return new R(10012, i18nMessageService.getMessage("response.user.passkeyCounterMismatch"));
            }
            userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
                    .eq("id", user.getId())
                    .set("passkey_sign_count", nextSignCount)
                    .set("passkey_last_used_time", new Date()));
            return R.ok(buildLoginSuccess(user));
        } catch (Exception ex) {
            return new R(10013, i18nMessageService.getMessage("response.user.passkeyVerifyFailed"));
        } finally {
            passkeyChallengeManager.remove(ticket);
        }
    }

    @RequestMapping("/code/switch.action")
@@ -122,7 +241,187 @@
    @RequestMapping("/user/detail/auth")
    @ManagerAuth
    public R userDetail(){
        return R.ok(userService.getById(getUserId()));
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return R.ok();
        }
        return R.ok(buildSafeUserDetail(user));
    }

    @RequestMapping("/user/mfa/setup/auth")
    @ManagerAuth
    public R userMfaSetup() {
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (!Integer.valueOf(1).equals(user.getMfaAllow())) {
            return new R(10007, i18nMessageService.getMessage("response.user.mfaNotAllowed"));
        }
        String secret = MfaTotpUtil.generateSecret();
        String account = !Cools.isEmpty(user.getMobile())
                ? user.getMobile()
                : (!Cools.isEmpty(user.getUsername()) ? user.getUsername() : String.valueOf(user.getId()));
        String otpAuth = MfaTotpUtil.buildOtpAuthUri("WCS", account, secret);
        Map<String, Object> data = new HashMap<>();
        data.put("secret", secret);
        data.put("otpAuth", otpAuth);
        data.put("qrCode", renderQrCodeDataUri(otpAuth));
        return R.ok(data);
    }

    @RequestMapping("/user/mfa/enable/auth")
    @ManagerAuth
    @Transactional
    public R userMfaEnable(String currentPassword, String secret, String code) {
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (!Integer.valueOf(1).equals(user.getMfaAllow())) {
            return new R(10007, i18nMessageService.getMessage("response.user.mfaNotAllowed"));
        }
        if (!Cools.eq(user.getPassword(), currentPassword)) {
            return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
        }
        String normalizedSecret = normalizeSecret(secret);
        if (Cools.isEmpty(normalizedSecret) || !MfaTotpUtil.verifyCode(normalizedSecret, code, 1)) {
            return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
        }
        userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
                .eq("id", user.getId())
                .set("mfa_allow", 1)
                .set("mfa_enabled", 1)
                .set("mfa_secret", normalizedSecret)
                .set("mfa_bound_time", new Date()));
        return R.ok();
    }

    @RequestMapping("/user/mfa/disable/auth")
    @ManagerAuth
    @Transactional
    public R userMfaDisable(String currentPassword, String code) {
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (!requiresMfa(user)) {
            return new R(10005, i18nMessageService.getMessage("response.user.mfaNotEnabled"));
        }
        if (!Cools.eq(user.getPassword(), currentPassword)) {
            return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
        }
        if (!MfaTotpUtil.verifyCode(user.getMfaSecret(), code, 1)) {
            return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
        }
        userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
                .eq("id", user.getId())
                .set("mfa_enabled", 0)
                .set("mfa_secret", null)
                .set("mfa_bound_time", null));
        return R.ok();
    }

    @RequestMapping("/user/passkey/register/options/auth")
    @ManagerAuth
    public R userPasskeyRegisterOptions() {
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (hasPasskeyBound(user)) {
            return new R(10014, i18nMessageService.getMessage("response.user.passkeyAlreadyBound"));
        }
        String origin = PasskeyWebAuthnUtil.buildOrigin(request);
        String rpId = PasskeyWebAuthnUtil.buildRpId(request);
        if (!PasskeyWebAuthnUtil.isSecureOriginAllowed(origin, rpId)) {
            return new R(10009, i18nMessageService.getMessage("response.user.passkeySecureContextRequired"));
        }
        PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.createRegistration(user.getId(), origin, rpId);
        return R.ok(buildPasskeyRegistrationOptions(state, user));
    }

    @RequestMapping("/user/passkey/register/finish/auth")
    @ManagerAuth
    @Transactional
    public R userPasskeyRegisterFinish(String ticket,
                                       String currentPassword,
                                       String name,
                                       String credentialId,
                                       String clientDataJSON,
                                       String authenticatorData,
                                       String publicKey,
                                       Integer publicKeyAlgorithm,
                                       String transports) {
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (!Cools.eq(user.getPassword(), currentPassword)) {
            return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
        }
        if (hasPasskeyBound(user)) {
            return new R(10014, i18nMessageService.getMessage("response.user.passkeyAlreadyBound"));
        }
        PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.get(ticket, PasskeyChallengeManager.Purpose.REGISTRATION);
        if (state == null || !Objects.equals(state.getUserId(), user.getId())) {
            return new R(10011, i18nMessageService.getMessage("response.user.passkeyTicketExpired"));
        }
        try {
            com.alibaba.fastjson.JSONObject clientData = PasskeyWebAuthnUtil.parseClientData(clientDataJSON);
            PasskeyWebAuthnUtil.validateClientData(clientData, "webauthn.create", state.getChallenge(), state.getOrigin());
            PasskeyWebAuthnUtil.AuthenticatorData authData = PasskeyWebAuthnUtil.validateAuthenticatorData(authenticatorData, state.getRpId(), true);
            PasskeyWebAuthnUtil.ensurePublicKeyMaterial(publicKey, publicKeyAlgorithm);
            if (Cools.isEmpty(credentialId)) {
                return new R(10013, i18nMessageService.getMessage("response.user.passkeyRegisterFailed"));
            }
            User exist = userService.getByPasskeyCredentialId(credentialId);
            if (!Cools.isEmpty(exist) && !Objects.equals(exist.getId(), user.getId())) {
                return new R(10015, i18nMessageService.getMessage("response.user.passkeyCredentialExists"));
            }
            userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
                    .eq("id", user.getId())
                    .set("passkey_name", normalizePasskeyName(name))
                    .set("passkey_credential_id", credentialId)
                    .set("passkey_public_key", publicKey)
                    .set("passkey_algorithm", publicKeyAlgorithm)
                    .set("passkey_sign_count", authData.getSignCount())
                    .set("passkey_transports", normalizePasskeyTransports(transports))
                    .set("passkey_bound_time", new Date())
                    .set("passkey_last_used_time", null));
            return R.ok();
        } catch (Exception ex) {
            return new R(10016, i18nMessageService.getMessage("response.user.passkeyRegisterFailed"));
        } finally {
            passkeyChallengeManager.remove(ticket);
        }
    }

    @RequestMapping("/user/passkey/remove/auth")
    @ManagerAuth
    @Transactional
    public R userPasskeyRemove(String currentPassword) {
        User user = userService.getByIdWithSecurity(getUserId());
        if (Cools.isEmpty(user)) {
            return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
        }
        if (!hasPasskeyBound(user)) {
            return new R(10010, i18nMessageService.getMessage("response.user.passkeyNotBound"));
        }
        if (!Cools.eq(user.getPassword(), currentPassword)) {
            return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
        }
        userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
                .eq("id", user.getId())
                .set("passkey_name", null)
                .set("passkey_credential_id", null)
                .set("passkey_public_key", null)
                .set("passkey_algorithm", null)
                .set("passkey_sign_count", 0)
                .set("passkey_transports", null)
                .set("passkey_bound_time", null)
                .set("passkey_last_used_time", null));
        return R.ok();
    }

    @RequestMapping("/menu/auth")
@@ -246,6 +545,187 @@
        return R.ok(result);
    }

    private Map<String, Object> buildLoginSuccess(User user) {
        String token = Cools.enToken(System.currentTimeMillis() + user.getMobile(), user.getPassword());
        userLoginService.remove(new QueryWrapper<UserLogin>().eq("user_id", user.getId()).eq("system_type", "WCS"));
        UserLogin userLogin = new UserLogin();
        userLogin.setUserId(user.getId());
        userLogin.setToken(token);
        userLogin.setSystemType("WCS");
        userLoginService.save(userLogin);
        Map<String, Object> result = new HashMap<>();
        result.put("username", user.getUsername());
        result.put("token", token);
        result.put("mfaRequired", false);
        return result;
    }

    private boolean requiresMfa(User user) {
        return user != null
                && Integer.valueOf(1).equals(user.getMfaAllow())
                && Integer.valueOf(1).equals(user.getMfaEnabled())
                && !Cools.isEmpty(user.getMfaSecret());
    }

    private boolean hasPasskeyBound(User user) {
        return user != null
                && !Cools.isEmpty(user.getPasskeyCredentialId())
                && !Cools.isEmpty(user.getPasskeyPublicKey());
    }

    private Map<String, Object> buildSafeUserDetail(User user) {
        Map<String, Object> result = new HashMap<>();
        result.put("id", user.getId());
        result.put("roleName", user.getRoleName());
        result.put("username", user.getUsername());
        result.put("mobile", user.getMobile());
        result.put("createTime$", user.getCreateTime$());
        result.put("mfaAllow", user.getMfaAllow());
        result.put("mfaAllow$", user.getMfaAllow$());
        result.put("mfaEnabled", user.getMfaEnabled());
        result.put("mfaEnabled$", user.getMfaEnabled$());
        result.put("mfaBoundTime$", user.getMfaBoundTime$());
        result.put("mfaMaskedSecret", MfaTotpUtil.maskSecret(user.getMfaSecret()));
        result.put("passkeyBound", hasPasskeyBound(user));
        result.put("passkeyName", user.getPasskeyName());
        result.put("passkeyBoundTime$", user.getPasskeyBoundTime$());
        result.put("passkeyLastUsedTime$", user.getPasskeyLastUsedTime$());
        result.put("passkeyTransports", user.getPasskeyTransports());
        return result;
    }

    private Map<String, Object> buildPasskeyRegistrationOptions(PasskeyChallengeManager.ChallengeState state, User user) {
        Map<String, Object> data = new HashMap<>();
        data.put("ticket", state.getTicket());
        data.put("challenge", state.getChallenge());
        data.put("rpId", state.getRpId());
        data.put("rpName", "WCS");
        data.put("userId", Base64.getUrlEncoder().withoutPadding().encodeToString(PasskeyWebAuthnUtil.buildUserHandle(user.getId())));
        data.put("userName", resolvePasskeyUserName(user));
        data.put("userDisplayName", resolvePasskeyDisplayName(user));
        data.put("timeout", 60000);
        data.put("attestation", "none");
        data.put("pubKeyCredParams", buildPasskeyAlgorithms());
        Map<String, Object> authenticatorSelection = new HashMap<>();
        authenticatorSelection.put("residentKey", "preferred");
        authenticatorSelection.put("userVerification", "required");
        data.put("authenticatorSelection", authenticatorSelection);
        data.put("excludeCredentials", Collections.emptyList());
        return data;
    }

    private Map<String, Object> buildPasskeyAuthenticationOptions(PasskeyChallengeManager.ChallengeState state, User user) {
        Map<String, Object> data = new HashMap<>();
        data.put("ticket", state.getTicket());
        data.put("challenge", state.getChallenge());
        data.put("rpId", state.getRpId());
        data.put("timeout", 60000);
        data.put("userVerification", "required");
        if (user == null) {
            data.put("allowCredentials", Collections.emptyList());
        } else {
            data.put("allowCredentials", Collections.singletonList(buildPasskeyDescriptor(user.getPasskeyCredentialId(), user.getPasskeyTransports())));
        }
        return data;
    }

    private List<Map<String, Object>> buildPasskeyAlgorithms() {
        List<Map<String, Object>> result = new ArrayList<>();
        result.add(buildPasskeyAlgorithm(-7));
        result.add(buildPasskeyAlgorithm(-257));
        result.add(buildPasskeyAlgorithm(-8));
        return result;
    }

    private Map<String, Object> buildPasskeyAlgorithm(int alg) {
        Map<String, Object> item = new HashMap<>();
        item.put("type", "public-key");
        item.put("alg", alg);
        return item;
    }

    private Map<String, Object> buildPasskeyDescriptor(String credentialId, String transports) {
        Map<String, Object> item = new HashMap<>();
        item.put("type", "public-key");
        item.put("id", credentialId);
        item.put("transports", parsePasskeyTransports(transports));
        return item;
    }

    private String renderQrCodeDataUri(String content) {
        try {
            BufferedImage image = QrCode.createImg(content, 220);
            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
            ImageIO.write(image, "jpg", outputStream);
            return "data:image/jpeg;base64," + Base64.getEncoder().encodeToString(outputStream.toByteArray());
        } catch (Exception e) {
            return "";
        }
    }

    private String normalizeSecret(String secret) {
        if (Cools.isEmpty(secret)) {
            return "";
        }
        return String.valueOf(secret)
                .trim()
                .replace(" ", "")
                .replace("-", "")
                .toUpperCase(Locale.ROOT);
    }

    private String resolvePasskeyUserName(User user) {
        if (!Cools.isEmpty(user.getMobile())) {
            return user.getMobile();
        }
        if (!Cools.isEmpty(user.getUsername())) {
            return user.getUsername();
        }
        return String.valueOf(user.getId());
    }

    private String resolvePasskeyDisplayName(User user) {
        if (!Cools.isEmpty(user.getUsername())) {
            return user.getUsername();
        }
        return resolvePasskeyUserName(user);
    }

    private String normalizePasskeyName(String name) {
        String value = Cools.isEmpty(name) ? "" : String.valueOf(name).trim();
        if (value.length() > 100) {
            value = value.substring(0, 100);
        }
        if (!Cools.isEmpty(value)) {
            return value;
        }
        return "通行密钥-" + new java.text.SimpleDateFormat("yyyyMMddHHmmss").format(new Date());
    }

    private String normalizePasskeyTransports(String transports) {
        List<String> values = parsePasskeyTransports(transports);
        return values.isEmpty() ? null : JSON.toJSONString(values);
    }

    private List<String> parsePasskeyTransports(String transports) {
        if (Cools.isEmpty(transports)) {
            return Collections.emptyList();
        }
        try {
            List<String> values = JSON.parseArray(transports, String.class);
            return values == null ? Collections.emptyList() : values;
        } catch (Exception ignored) {
        }
        List<String> result = new ArrayList<>();
        for (String value : String.valueOf(transports).split(",")) {
            String item = value == null ? "" : value.trim();
            if (!item.isEmpty()) {
                result.add(item);
            }
        }
        return result;
    }

    private String localizeResourceName(Resource resource) {
        return i18nMessageService.resolveResourceText(resource.getName(), resource.getCode(), resource.getId());
    }