psh
1 year ago
11 changed files with 285 additions and 86 deletions
@ -0,0 +1,63 @@ |
|||
/* |
|||
* Copyright 2019-2020 Zheng Jie |
|||
* |
|||
* Licensed under the Apache License, Version 2.0 (the "License"); |
|||
* you may not use this file except in compliance with the License. |
|||
* You may obtain a copy of the License at |
|||
* |
|||
* http://www.apache.org/licenses/LICENSE-2.0
|
|||
* |
|||
* Unless required by applicable law or agreed to in writing, software |
|||
* distributed under the License is distributed on an "AS IS" BASIS, |
|||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
* See the License for the specific language governing permissions and |
|||
* limitations under the License. |
|||
*/ |
|||
package org.nl.config; |
|||
|
|||
import org.springframework.context.annotation.Bean; |
|||
import org.springframework.context.annotation.Configuration; |
|||
import org.springframework.web.cors.CorsConfiguration; |
|||
import org.springframework.web.cors.UrlBasedCorsConfigurationSource; |
|||
import org.springframework.web.filter.CorsFilter; |
|||
import org.springframework.web.servlet.config.annotation.EnableWebMvc; |
|||
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; |
|||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; |
|||
|
|||
/** |
|||
* WebMvcConfigurer |
|||
* |
|||
* @author Zheng Jie |
|||
* @date 2018-11-30 |
|||
*/ |
|||
@Configuration |
|||
@EnableWebMvc |
|||
public class ConfigurerAdapter implements WebMvcConfigurer { |
|||
/** 文件配置 */ |
|||
private final FileProperties properties; |
|||
|
|||
public ConfigurerAdapter(FileProperties properties) { |
|||
this.properties = properties; |
|||
} |
|||
|
|||
@Bean |
|||
public CorsFilter corsFilter() { |
|||
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); |
|||
CorsConfiguration config = new CorsConfiguration(); |
|||
config.setAllowCredentials(true); |
|||
config.addAllowedOrigin("*"); |
|||
config.addAllowedHeader("*"); |
|||
config.addAllowedMethod("*"); |
|||
source.registerCorsConfiguration("/**", config); |
|||
return new CorsFilter(source); |
|||
} |
|||
@Override |
|||
public void addResourceHandlers(ResourceHandlerRegistry registry) { |
|||
FileProperties.ElPath path = properties.getPath(); |
|||
String avatarUtl = "file:" + path.getAvatar().replace("\\","/"); |
|||
String pathUtl = "file:" + path.getPath().replace("\\","/"); |
|||
registry.addResourceHandler("/avatar/**").addResourceLocations(avatarUtl).setCachePeriod(0); |
|||
registry.addResourceHandler("/file/**").addResourceLocations(pathUtl).setCachePeriod(0); |
|||
registry.addResourceHandler("/**").addResourceLocations("classpath:/META-INF/resources/").setCachePeriod(0); |
|||
} |
|||
} |
@ -1,56 +1,56 @@ |
|||
package org.nl.config.saconfig; |
|||
|
|||
import org.springframework.core.annotation.Order; |
|||
import org.springframework.stereotype.Component; |
|||
import org.springframework.web.cors.CorsConfiguration; |
|||
|
|||
import javax.servlet.*; |
|||
import javax.servlet.http.HttpServletRequest; |
|||
import javax.servlet.http.HttpServletResponse; |
|||
import java.io.IOException; |
|||
|
|||
/** |
|||
* 跨域过滤器 |
|||
* @author kong |
|||
*/ |
|||
@Component |
|||
@Order(-200) |
|||
public class CorsFilter implements Filter { |
|||
|
|||
static final String OPTIONS = "OPTIONS"; |
|||
|
|||
@Override |
|||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) |
|||
throws IOException, ServletException { |
|||
HttpServletRequest request = (HttpServletRequest) req; |
|||
HttpServletResponse response = (HttpServletResponse) res; |
|||
// 允许指定域访问跨域资源
|
|||
response.setHeader("Access-Control-Allow-Origin", "*"); |
|||
// 允许所有请求方式
|
|||
response.setHeader("Access-Control-Allow-Methods", "*"); |
|||
// 有效时间
|
|||
response.setHeader("Access-Control-Max-Age", "3600"); |
|||
// 允许的header参数
|
|||
response.setHeader("Access-Control-Allow-Headers", "*"); |
|||
response.setHeader("Access-Control-Allow-Credentials", "true"); |
|||
|
|||
// 如果是预检请求,直接返回
|
|||
if (OPTIONS.equals(request.getMethod())) { |
|||
System.out.println("=======================浏览器发来了OPTIONS预检请求=========="); |
|||
response.getWriter().print(""); |
|||
return; |
|||
} |
|||
|
|||
// System.out.println("*********************************过滤器被使用**************************");
|
|||
chain.doFilter(req, res); |
|||
} |
|||
|
|||
@Override |
|||
public void init(FilterConfig filterConfig) { |
|||
} |
|||
|
|||
@Override |
|||
public void destroy() { |
|||
} |
|||
|
|||
} |
|||
//package org.nl.config.saconfig;
|
|||
//
|
|||
//import org.springframework.core.annotation.Order;
|
|||
//import org.springframework.stereotype.Component;
|
|||
//import org.springframework.web.cors.CorsConfiguration;
|
|||
//
|
|||
//import javax.servlet.*;
|
|||
//import javax.servlet.http.HttpServletRequest;
|
|||
//import javax.servlet.http.HttpServletResponse;
|
|||
//import java.io.IOException;
|
|||
//
|
|||
///**
|
|||
// * 跨域过滤器
|
|||
// * @author kong
|
|||
// */
|
|||
//@Component
|
|||
//@Order(-200)
|
|||
//public class CorsFilter implements Filter {
|
|||
//
|
|||
// static final String OPTIONS = "OPTIONS";
|
|||
//
|
|||
// @Override
|
|||
// public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
|
|||
// throws IOException, ServletException {
|
|||
// HttpServletRequest request = (HttpServletRequest) req;
|
|||
// HttpServletResponse response = (HttpServletResponse) res;
|
|||
// // 允许指定域访问跨域资源
|
|||
// response.setHeader("Access-Control-Allow-Origin", "*");
|
|||
// // 允许所有请求方式
|
|||
// response.setHeader("Access-Control-Allow-Methods", "*");
|
|||
// // 有效时间
|
|||
// response.setHeader("Access-Control-Max-Age", "3600");
|
|||
// // 允许的header参数
|
|||
// response.setHeader("Access-Control-Allow-Headers", "*");
|
|||
// response.setHeader("Access-Control-Allow-Credentials", "true");
|
|||
//
|
|||
// // 如果是预检请求,直接返回
|
|||
// if (OPTIONS.equals(request.getMethod())) {
|
|||
// System.out.println("=======================浏览器发来了OPTIONS预检请求==========");
|
|||
// response.getWriter().print("");
|
|||
// return;
|
|||
// }
|
|||
//
|
|||
// // System.out.println("*********************************过滤器被使用**************************");
|
|||
// chain.doFilter(req, res);
|
|||
// }
|
|||
//
|
|||
// @Override
|
|||
// public void init(FilterConfig filterConfig) {
|
|||
// }
|
|||
//
|
|||
// @Override
|
|||
// public void destroy() {
|
|||
// }
|
|||
//
|
|||
//}
|
|||
|
@ -0,0 +1,92 @@ |
|||
package org.nl.system.controller.secutiry; |
|||
|
|||
import cn.dev33.satoken.annotation.SaIgnore; |
|||
import cn.dev33.satoken.secure.SaSecureUtil; |
|||
import cn.dev33.satoken.stp.SaLoginModel; |
|||
import cn.dev33.satoken.stp.StpUtil; |
|||
import cn.hutool.core.util.ObjectUtil; |
|||
import com.alibaba.fastjson.JSON; |
|||
import com.alibaba.fastjson.JSONObject; |
|||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; |
|||
import io.swagger.annotations.Api; |
|||
import io.swagger.annotations.ApiOperation; |
|||
import lombok.extern.slf4j.Slf4j; |
|||
import org.nl.common.exception.BadRequestException; |
|||
import org.nl.common.utils.RsaUtils; |
|||
import org.nl.common.utils.dto.CurrentUser; |
|||
import org.nl.config.RsaProperties; |
|||
import org.nl.system.service.role.ISysRoleService; |
|||
import org.nl.system.service.secutiry.dto.AuthUserDto; |
|||
import org.nl.system.service.user.ISysUserService; |
|||
import org.nl.system.service.user.dao.SysUser; |
|||
import org.springframework.beans.factory.annotation.Autowired; |
|||
import org.springframework.http.ResponseEntity; |
|||
import org.springframework.validation.annotation.Validated; |
|||
import org.springframework.web.bind.annotation.PostMapping; |
|||
import org.springframework.web.bind.annotation.RequestBody; |
|||
import org.springframework.web.bind.annotation.RequestMapping; |
|||
import org.springframework.web.bind.annotation.RestController; |
|||
|
|||
import javax.servlet.http.HttpServletRequest; |
|||
import java.util.List; |
|||
|
|||
/** |
|||
* @Author: lyd |
|||
* @Description: 手持登录鉴权 |
|||
* @Date: 2023/7/31 |
|||
*/ |
|||
@Slf4j |
|||
@RestController |
|||
@RequestMapping("/mobile/auth") |
|||
@Api(tags = "手持:系统授权接口") |
|||
public class MobileAuthorizationController { |
|||
@Autowired |
|||
private ISysUserService userService; |
|||
@Autowired |
|||
private ISysRoleService roleService; |
|||
@ApiOperation("登录授权") |
|||
@PostMapping(value = "/login") |
|||
@SaIgnore |
|||
public ResponseEntity<Object> login(@Validated @RequestBody AuthUserDto authUser, HttpServletRequest request) throws Exception { |
|||
// 密码解密 - 前端的加密规则: encrypt(根据实际更改)
|
|||
String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword()); |
|||
// 校验数据库
|
|||
// 根据用户名查询,在比对密码
|
|||
SysUser userInfo = userService.getOne(new LambdaQueryWrapper<SysUser>() |
|||
.eq(SysUser::getUsername, authUser.getUsername())); // 拿到多个已经抛出异常
|
|||
if (ObjectUtil.isEmpty(userInfo) || !userInfo.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) { // 这里需要密码加密
|
|||
throw new BadRequestException("账号或密码错误!"); |
|||
} |
|||
// 获取权限列表 - 登录查找权限
|
|||
List<String> permissionList = roleService.getPermissionList((JSONObject) JSON.toJSON(userInfo)); |
|||
|
|||
if (!userInfo.getIs_used()) { |
|||
throw new BadRequestException("账号未激活"); |
|||
} |
|||
|
|||
// 登录输入,登出删除
|
|||
CurrentUser user = new CurrentUser(); |
|||
user.setId(userInfo.getUser_id()); |
|||
user.setUsername(userInfo.getUsername()); |
|||
user.setPresonName(userInfo.getPerson_name()); |
|||
user.setUser(userInfo); |
|||
user.setPermissions(permissionList); |
|||
|
|||
// SaLoginModel 配置登录相关参数
|
|||
StpUtil.login(userInfo.getUser_id(), new SaLoginModel() |
|||
.setDevice("PE") // 此次登录的客户端设备类型, 用于[同端互斥登录]时指定此次登录的设备类型
|
|||
.setExtra("loginInfo", user) // Token挂载的扩展参数 (此方法只有在集成jwt插件时才会生效)
|
|||
); |
|||
|
|||
// 返回 token 与 用户信息
|
|||
JSONObject jsonObject = new JSONObject(); |
|||
// jsonObject.put("roles", permissionList);
|
|||
jsonObject.put("user", userInfo); |
|||
JSONObject authInfo = new JSONObject(2) {{ |
|||
put("token", "Bearer " + StpUtil.getTokenValue()); |
|||
put("user", jsonObject); |
|||
}}; |
|||
|
|||
return ResponseEntity.ok(authInfo); |
|||
} |
|||
} |
Loading…
Reference in new issue