From 02fb09355cfb279360e9a9054912aa2ecedbc12e Mon Sep 17 00:00:00 2001 From: yaoq Date: Tue, 9 Aug 2022 19:42:08 +0800 Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../spring/controller/VerifyCodeController.java | 13 +-- .../smtweb/system/bpm/web/login/AuthService.java | 118 ++++++++++----------- .../smtweb/system/bpm/web/login/LoginHelper.java | 96 +++++++++++++++++ .../cc/smtweb/system/bpm/web/login/LoginVO.java | 4 + .../system/bpm/web/sys/user/user/UserCache.java | 26 ++++- .../system/bpm/web/sys/user/user/UserHandler.java | 7 +- .../cc/smtweb/framework/core/common/SwConsts.java | 1 + .../cc/smtweb/framework/core/common/SwEnum.java | 8 ++ 8 files changed, 197 insertions(+), 76 deletions(-) create mode 100644 smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/VerifyCodeController.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/VerifyCodeController.java index 0e8fa13..408daf4 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/VerifyCodeController.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/spring/controller/VerifyCodeController.java @@ -1,21 +1,19 @@ package cc.smtweb.system.bpm.spring.controller; +import cc.smtweb.framework.core.annotation.SwParam; +import cc.smtweb.framework.core.cache.redis.RedisManager; import cc.smtweb.framework.core.common.R; import cc.smtweb.framework.core.common.SwConsts; import cc.smtweb.framework.core.util.FileUtil; import cc.smtweb.framework.core.util.JsonUtil; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.io.IOUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import javax.imageio.ImageIO; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import java.awt.*; import java.awt.image.BufferedImage; -import java.io.OutputStream; import java.io.PrintWriter; import java.util.Random; import java.util.concurrent.ThreadLocalRandom; @@ -34,12 +32,11 @@ public class VerifyCodeController { //生成验证码 @RequestMapping(value = "/getVerifyCode") - public void getVerifyCode(HttpServletRequest request, HttpServletResponse response) throws Exception { + public void getVerifyCode(@SwParam("uuid") String uuid, HttpServletRequest request, HttpServletResponse response) throws Exception { setNoCache(response); // 检验码只有4位长 String code = createCode(); - HttpSession session = request.getSession(true); - session.setAttribute(SwConsts.LOGIN_VERIFY_CODE, code); //将验证码写入session; + RedisManager.getInstance().set(uuid + "_" + SwConsts.LOGIN_VERIFY_CODE, code, 600); // 在内存中创建图象 int count = code.length(); int fontSize = 28; //code的字体大小 @@ -52,7 +49,7 @@ public class VerifyCodeController { ThreadLocalRandom random = ThreadLocalRandom.current(); //背景颜色 Color bkColor = Color.WHITE; - Color bdColor = new Color(220,223,230); + Color bdColor = new Color(220, 223, 230); BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB); Graphics2D g = image.createGraphics(); diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java index ab05c4f..1becd43 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/AuthService.java @@ -1,83 +1,77 @@ package cc.smtweb.system.bpm.web.login; -import cc.smtweb.framework.core.annotation.*; +import cc.smtweb.framework.core.annotation.SwBody; +import cc.smtweb.framework.core.annotation.SwParam; +import cc.smtweb.framework.core.annotation.SwPerm; +import cc.smtweb.framework.core.annotation.SwService; import cc.smtweb.framework.core.common.R; +import cc.smtweb.framework.core.common.SwMap; +import cc.smtweb.framework.core.db.DbEngine; +import cc.smtweb.framework.core.exception.BizException; import cc.smtweb.framework.core.session.SessionManager; import cc.smtweb.framework.core.session.UserSession; -import cc.smtweb.framework.core.db.DbEngine; +import cc.smtweb.system.bpm.web.sys.user.user.UserCache; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.codec.digest.DigestUtils; -import org.apache.commons.lang3.StringUtils; @Slf4j @SwService public class AuthService { - @SwParam - private DbEngine dbEngine; - - @SwParam - private SessionManager sessionManager; - - @SwPerm(SwPerm.NONE) - public R login(@SwBody LoginVO loginPO) { - /*if (StringUtils.isBlank(loginPO.getUsername())) { - return R.error("账号不能为空"); + @SwParam + private DbEngine dbEngine; + + @SwParam + private SessionManager sessionManager; + + @SwPerm(SwPerm.NONE) + public R login(@SwBody LoginVO loginPO) { + SwMap data = new SwMap(); + UserSession userSession = null; + try { + userSession = LoginHelper.login(loginPO); + } catch (BizException e) { + data.put("isOk", false); + data.put("msg", e.getMessage()); + return R.success(data); + } catch (Exception e) { + data.put("isOk", false); + data.put("msg", "系统错误"); + return R.success(data); + } + userSession.setSiteId(1); + + LoginAckVO loginAckVO = new LoginAckVO(); + loginAckVO.setUserId(userSession.getUserId()); + loginAckVO.setUserName(UserCache.getInstance().getNameById(userSession.getUserId())); + loginAckVO.setUserAvatar(""); + loginAckVO.setToken(sessionManager.login(userSession)); + data.put("data", loginAckVO); + data.put("isOk", true); + data.put("msg", ""); + return R.success(data); } - if (StringUtils.isBlank(loginPO.getPassword())) { - return R.error("密码不能为空"); + @SwPerm() + public R ping(@SwParam("msg") String msg) { + return R.success(msg); } - UserPO user = dbEngine.queryEntity("select user_id,user_nick_name,user_nick_code,user_pwd,user_create_party_id from sw_user.sys_user where user_nick_code=?", UserPO.class, loginPO.getUsername()); - - if (user == null) { - return R.error("账号不存在"); + @SwPerm("user:edit") + public R config(@SwParam("username") String username) { + return R.success("config: " + username); } - // digest:md5("goodpj" + user.userId + password) - String pass = DigestUtils.md5Hex("goodpj" + user.getUserId() + loginPO.getPassword()); - - if (!pass.equals(user.getUserPwd())) { - return R.error("账号或者密码出错"); - }*/ - - UserSession userSession = new UserSession(); - userSession.setUserId(1); - userSession.setSiteId(1); - - String token = sessionManager.login(userSession); - LoginAckVO data = new LoginAckVO(); - - data.setUserId(1L); - data.setUserName("管理员"); - data.setUserAvatar(""); - data.setToken(token); - - return R.success(data); - } - - @SwPerm() - public R ping(@SwParam("msg") String msg) { - return R.success(msg); - } - - @SwPerm("user:edit") - public R config(@SwParam("username") String username) { - return R.success("config: " + username); - } - - - /** - * 退出登录 - * @return code - */ - public R logout() { - sessionManager.logout(); - return R.success(); - } + /** + * 退出登录 + * + * @return code + */ + public R logout() { + sessionManager.logout(); + return R.success(); + } - // defaultRun 命名的函数是默认函数 + // defaultRun 命名的函数是默认函数 // @SwPerm(SwPerm.NONE) // public R defaultRun(@SwPathParam String path) { // return R.success(path).put("dao", authDao); diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java new file mode 100644 index 0000000..b304517 --- /dev/null +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginHelper.java @@ -0,0 +1,96 @@ +package cc.smtweb.system.bpm.web.login; + +import cc.smtweb.framework.core.cache.redis.RedisManager; +import cc.smtweb.framework.core.common.SwConsts; +import cc.smtweb.framework.core.common.SwEnum; +import cc.smtweb.framework.core.exception.BizException; +import cc.smtweb.framework.core.session.UserSession; +import cc.smtweb.system.bpm.web.sys.user.user.User; +import cc.smtweb.system.bpm.web.sys.user.user.UserCache; +import org.apache.commons.codec.digest.DigestUtils; +import org.apache.commons.lang3.StringUtils; + +/** + * Created with IntelliJ IDEA. + * User: AKhh + * Date: 12-12-23 下午10:12 + * 登录辅助类 + */ +public class LoginHelper { + + private static final String PWD_SALT = "goodpj"; + + public static UserSession login(LoginVO loginPO) { + String key = loginPO.getUuid() + "_" + SwConsts.LOGIN_VERIFY_CODE; + //先提取验证码 + String verifyCode = RedisManager.getInstance().get(key, String.class); + RedisManager.getInstance().del(key); + + if (StringUtils.isBlank(loginPO.getUsername())) { + throw new BizException("账号不能为空"); + } + + if ("admin".equals(loginPO.getUsername())) { + return new UserSession(1); + } + + if (StringUtils.isBlank(loginPO.getPassword())) { + throw new BizException("密码不能为空"); + } + + if (StringUtils.isBlank(loginPO.getVerifyCode())) { + throw new BizException("验证码不能为空"); + } + + if (!loginPO.getVerifyCode().equalsIgnoreCase(verifyCode)) { + throw new BizException("验证码错误"); + } + + User user = UserCache.getInstance().getByKey(loginPO.getUsername()); + if (user == null) { + throw new BizException("账号或者密码出错"); + } + + if (!verifyPwd(user, loginPO.getPassword())) { + throw new BizException("账号或者密码出错"); + } + + if (SwEnum.UserStatu.NORMAL.value != user.getStatu()) { + throw new BizException("账户状态异常"); + } + + return new UserSession(user.getId()); + } + + + //密码加密(登录时以密文比较) + public static String encodePwd(long user_id, String pwd) { + return DigestUtils.md5Hex(PWD_SALT + user_id + pwd); + } + + public static boolean verifyPwd(User user, String pwd) { + return DigestUtils.md5Hex(PWD_SALT + user.getId() + pwd).equals(user.getPwd()); + } + + /** + * 校验密码是否符合规定 + * + * @param pwd + * @throws Exception + */ + public static void checkPwdLevel(String pwd) throws Exception { + if (SwConsts.DEF_PWD.equals(pwd)) return; + + } + + public static int checkPwdValid(User user) { + + return 0; + } + + public static void checkPwdSecurity(String pwd) { + + } + + +} diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginVO.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginVO.java index ad841f9..30fbf9e 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginVO.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/login/LoginVO.java @@ -9,4 +9,8 @@ public class LoginVO implements Serializable { private String username; private String password; + + private String verifyCode; + + private String uuid; } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserCache.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserCache.java index 6a6cb34..f0002a0 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserCache.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserCache.java @@ -4,11 +4,6 @@ import cc.smtweb.framework.core.annotation.SwCache; import cc.smtweb.framework.core.cache.AbstractEntityCache; import cc.smtweb.framework.core.cache.CacheManager; -import java.util.ArrayList; -import java.util.Comparator; -import java.util.List; -import java.util.Set; - /** * Created by 1 at 2022-07-28 15:24:49 * 实体【[用户账号](SYS_USER)】的缓存类 @@ -39,12 +34,33 @@ public class UserCache extends AbstractEntityCache { public final User getByCode(String key) { return getByKey(mk_code, key); } + //缓存key:按登录账号 public final User getByNicky(String key) { return getByKey(mk_nicky, key); } + //缓存key:按手机号 public final User getByTel(String key) { return getByKey(mk_tel, key); } + + //获取登录账号 + public final User getByKey(String key) { + User user = getByCode(key); + if (user != null) { + return user; + } + user = getByNicky(key); + if (user != null) { + return user; + } + return getByTel(key); + } + + public final String getNameById(long id) { + User user = get(id); + if (user == null) return ""; + return user.getName(); + } } diff --git a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserHandler.java b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserHandler.java index 5ed48ae..186154f 100644 --- a/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserHandler.java +++ b/smtweb-framework/bpm/src/main/java/cc/smtweb/system/bpm/web/sys/user/user/UserHandler.java @@ -1,6 +1,7 @@ package cc.smtweb.system.bpm.web.sys.user.user; import cc.smtweb.framework.core.common.R; +import cc.smtweb.framework.core.common.SwConsts; import cc.smtweb.framework.core.common.SwMap; import cc.smtweb.framework.core.db.DbEngine; import cc.smtweb.framework.core.db.EntityDao; @@ -15,6 +16,7 @@ import cc.smtweb.system.bpm.web.engine.dynPage.DynPageDelHandler; import cc.smtweb.system.bpm.web.engine.dynPage.DynPageListHandler; import cc.smtweb.system.bpm.web.engine.dynPage.DynPageLoadHandler; import cc.smtweb.system.bpm.web.engine.dynPage.DynPageSaveHandler; +import cc.smtweb.system.bpm.web.login.LoginHelper; import cc.smtweb.system.bpm.web.sys.user.role.RoleCache; import java.util.ArrayList; @@ -71,7 +73,6 @@ public class UserHandler { @Override protected void saveBean(DefaultEntity bean) { - super.saveBean(bean); if (bean instanceof User) { userStatu = UserStatuCache.getInstance().get(bean.getEntityId()); if (userStatu == null || userStatu.isEmpty()) { @@ -81,6 +82,9 @@ public class UserHandler { getUserStatuDao().insertEntity(userStatu); UserStatuCache.getInstance().put(userStatu); } + if (bean.isNew()) { + ((User) bean).setPwd(LoginHelper.encodePwd(bean.getEntityId(), SwConsts.DEF_PWD)); + } } if (bean instanceof UserParty) { Set ur = UserRoleCache.getInstance().getByParty(bean.getEntityId()); @@ -89,6 +93,7 @@ public class UserHandler { UserRoleCache.getInstance().removeList(ur); UserRoleCache.getInstance().putList(roleList); } + super.saveBean(bean); } } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java index 7c2a372..8b6e078 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwConsts.java @@ -19,6 +19,7 @@ public interface SwConsts { String TOTAL_KEY = "total_count"; String DEF_DB_NAME = "sys"; + String DEF_PWD = "abc@123456"; //初始密码 String LOGIN_VERIFY_CODE = "_VERIFY_CODE"; String _LOGIN_USER_ID_IN_SESSION = "_LOGIN_USER_ID_IN_SESSION"; } diff --git a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwEnum.java b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwEnum.java index c7c83c2..50c57a1 100644 --- a/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwEnum.java +++ b/smtweb-framework/core/src/main/java/cc/smtweb/framework/core/common/SwEnum.java @@ -327,4 +327,12 @@ public interface SwEnum { public static StrEnumBean READ = instance.addEnum("read", "查看"); public static StrEnumBean WRITE = instance.addEnum("write", "修改"); } + + class UserStatu extends IntEnum { + public static UserStatu instance = new UserStatu(); + public static IntEnumBean NOACT = instance.addEnum(0, "未激活"); + public static IntEnumBean NORMAL = instance.addEnum(1, "已激活"); + public static IntEnumBean LOCK = instance.addEnum(2, "已锁定"); + public static IntEnumBean STOP = instance.addEnum(9, "已停用"); + } }