1 changed files with 92 additions and 0 deletions
@ -0,0 +1,92 @@ |
|||
package org.nl.system.controller.secutiry; |
|||
|
|||
import cn.dev33.satoken.annotation.SaIgnore; |
|||
import cn.dev33.satoken.secure.SaSecureUtil; |
|||
import cn.dev33.satoken.stp.SaLoginModel; |
|||
import cn.dev33.satoken.stp.StpUtil; |
|||
import com.alibaba.fastjson.JSON; |
|||
import com.alibaba.fastjson.JSONObject; |
|||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; |
|||
import io.swagger.annotations.Api; |
|||
import io.swagger.annotations.ApiOperation; |
|||
import lombok.RequiredArgsConstructor; |
|||
import lombok.extern.slf4j.Slf4j; |
|||
import org.nl.common.exception.BadRequestException; |
|||
import org.nl.common.utils.RedisUtils; |
|||
import org.nl.common.utils.RsaUtils; |
|||
import org.nl.common.utils.dto.CurrentUser; |
|||
import org.nl.config.RsaProperties; |
|||
import org.nl.system.service.role.ISysRoleService; |
|||
import org.nl.system.service.secutiry.dto.AuthUserDto; |
|||
import org.nl.system.service.user.ISysUserService; |
|||
import org.nl.system.service.user.dao.SysUser; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.validation.annotation.Validated; |
|||
import org.springframework.web.bind.annotation.PostMapping; |
|||
import org.springframework.web.bind.annotation.RequestBody; |
|||
import org.springframework.web.bind.annotation.RequestMapping; |
|||
import org.springframework.web.bind.annotation.RestController; |
|||
|
|||
import javax.servlet.http.HttpServletRequest; |
|||
import java.util.List; |
|||
|
|||
/** |
|||
* @Author: lyd |
|||
* @Description: 手持登录鉴权 |
|||
* @Date: 2023/7/31 |
|||
*/ |
|||
@Slf4j |
|||
@RestController |
|||
@RequestMapping("/api/pda") |
|||
@Api(tags = "手持:系统授权接口") |
|||
public class MobileAuthorizationController { |
|||
@Autowired |
|||
private ISysUserService userService; |
|||
@Autowired |
|||
private ISysRoleService roleService; |
|||
@ApiOperation("登录授权") |
|||
@PostMapping(value = "/login") |
|||
@SaIgnore |
|||
public JSONObject login(@Validated @RequestBody AuthUserDto authUser, HttpServletRequest request) throws Exception { |
|||
// 密码解密 - 前端的加密规则: encrypt(根据实际更改)
|
|||
String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword()); |
|||
// 校验数据库
|
|||
// 根据用户名查询,在比对密码
|
|||
SysUser userInfo = userService.getOne(new LambdaQueryWrapper<SysUser>() |
|||
.eq(SysUser::getUsername, authUser.getUsername())); // 拿不到已经抛出异常
|
|||
if (!userInfo.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) { // 这里需要密码加密
|
|||
throw new BadRequestException("账号或密码错误!"); |
|||
} |
|||
// 获取权限列表 - 登录查找权限
|
|||
List<String> permissionList = roleService.getPermissionList((JSONObject) JSON.toJSON(userInfo)); |
|||
|
|||
if (!userInfo.getIs_used()) { |
|||
throw new BadRequestException("账号未激活"); |
|||
} |
|||
|
|||
// 登录输入,登出删除
|
|||
CurrentUser user = new CurrentUser(); |
|||
user.setId(userInfo.getUser_id()); |
|||
user.setUsername(userInfo.getUsername()); |
|||
user.setPresonName(userInfo.getPerson_name()); |
|||
user.setUser(userInfo); |
|||
user.setPermissions(permissionList); |
|||
|
|||
// SaLoginModel 配置登录相关参数
|
|||
StpUtil.login(userInfo.getUser_id(), new SaLoginModel() |
|||
.setDevice("PE") // 此次登录的客户端设备类型, 用于[同端互斥登录]时指定此次登录的设备类型
|
|||
.setExtra("loginInfo", user) // Token挂载的扩展参数 (此方法只有在集成jwt插件时才会生效)
|
|||
); |
|||
|
|||
// 返回 token 与 用户信息
|
|||
JSONObject jsonObject = new JSONObject(); |
|||
// jsonObject.put("roles", permissionList);
|
|||
jsonObject.put("user", userInfo); |
|||
JSONObject authInfo = new JSONObject(2) {{ |
|||
put("token", "Bearer " + StpUtil.getTokenValue()); |
|||
put("user", jsonObject); |
|||
}}; |
|||
|
|||
return authInfo; |
|||
} |
|||
} |
|||
Loading…
Reference in new issue