From af5e89cb2316de0066cb87918f5aad32c1676ccb Mon Sep 17 00:00:00 2001
From: chen <1251790704@qq.com>
Date: Wed, 31 Aug 2022 16:42:50 +0800
Subject: [PATCH] =?UTF-8?q?=E5=85=A8=E9=83=A8=E8=BD=AC=E6=8D=A2=E4=B8=BA?=
=?UTF-8?q?=E8=87=AA=E5=A2=9Eid?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
pom.xml | 26 +++
.../common/aop/aspect/DataScopeAspect.java | 4 +-
.../iasf/common/aop/aspect/SysLogAspect.java | 4 +-
.../huoran/iasf/common/filter/AuthFilter.java | 25 +--
.../shiro/CustomAccessControlFilter.java | 22 +-
.../huoran/iasf/common/shiro/ShiroConfig.java | 15 +-
.../huoran/iasf/common/utils/EmailUtils.java | 70 +++++++
.../huoran/iasf/common/utils/RandomUtil.java | 64 ++++++
.../huoran/iasf/common/utils/SMSTemplate.java | 34 +++
.../iasf/common/utils/SendSMSUtils.java | 51 +++++
.../iasf/controller/RoleController.java | 4 +-
.../iasf/controller/UserController.java | 70 +++----
.../java/com/huoran/iasf/entity/SysDept.java | 8 +-
.../com/huoran/iasf/entity/SysPermission.java | 6 +-
.../java/com/huoran/iasf/entity/SysRole.java | 8 +-
.../huoran/iasf/entity/SysRoleDeptEntity.java | 49 -----
.../huoran/iasf/entity/SysRolePermission.java | 11 +-
.../java/com/huoran/iasf/entity/SysUser.java | 17 +-
.../com/huoran/iasf/entity/SysUserRole.java | 11 +-
.../java/com/huoran/iasf/entity/UserDept.java | 4 +-
.../huoran/iasf/mapper/SysRoleDeptMapper.java | 15 --
.../iasf/service/HttpSessionService.java | 24 +--
.../iasf/service/PermissionService.java | 14 +-
.../com/huoran/iasf/service/RoleService.java | 6 +-
.../huoran/iasf/service/UserRoleService.java | 4 +-
.../com/huoran/iasf/service/UserService.java | 37 +---
.../iasf/service/impl/DeptServiceImpl.java | 4 +-
.../service/impl/PermissionServiceImpl.java | 24 +--
.../impl/RolePermissionServiceImpl.java | 2 +-
.../iasf/service/impl/RoleServiceImpl.java | 12 +-
.../service/impl/SysFilesServiceImpl.java | 1 -
.../service/impl/SysRoleDeptServiceImpl.java | 14 --
.../service/impl/UserRoleServiceImpl.java | 6 +-
.../iasf/service/impl/UserServiceImpl.java | 194 ++++++++++++------
src/main/java/com/huoran/iasf/vo/CheckVo.java | 37 ++++
.../vo/req/RolePermissionOperationReqVO.java | 4 +-
.../iasf/vo/req/UpdatePhoneOrEmailReq.java | 30 +++
.../iasf/vo/req/UserRoleOperationReqVO.java | 4 +-
.../iasf/vo/resp/PermissionRespNode.java | 2 +-
src/main/resources/whiteList.properties | 2 +
.../com/company/project/CodeGenerator.java | 6 +-
41 files changed, 615 insertions(+), 330 deletions(-)
create mode 100644 src/main/java/com/huoran/iasf/common/utils/EmailUtils.java
create mode 100644 src/main/java/com/huoran/iasf/common/utils/RandomUtil.java
create mode 100644 src/main/java/com/huoran/iasf/common/utils/SMSTemplate.java
create mode 100644 src/main/java/com/huoran/iasf/common/utils/SendSMSUtils.java
delete mode 100644 src/main/java/com/huoran/iasf/entity/SysRoleDeptEntity.java
delete mode 100644 src/main/java/com/huoran/iasf/mapper/SysRoleDeptMapper.java
delete mode 100644 src/main/java/com/huoran/iasf/service/impl/SysRoleDeptServiceImpl.java
create mode 100644 src/main/java/com/huoran/iasf/vo/CheckVo.java
create mode 100644 src/main/java/com/huoran/iasf/vo/req/UpdatePhoneOrEmailReq.java
create mode 100644 src/main/resources/whiteList.properties
diff --git a/pom.xml b/pom.xml
index cc48dae..63f303b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,8 +37,34 @@
4.1.3
+
+
+
+
+ com.alibaba.cloud
+ spring-cloud-alibaba-dependencies
+ 2.1.0.RELEASE
+ pom
+ import
+
+
+
+
+
+
+ org.apache.commons
+ commons-email
+ 1.3.3
+
+
+
+
+ com.aliyun
+ aliyun-java-sdk-core
+
+
org.springframework.boot
spring-boot-starter-cache
diff --git a/src/main/java/com/huoran/iasf/common/aop/aspect/DataScopeAspect.java b/src/main/java/com/huoran/iasf/common/aop/aspect/DataScopeAspect.java
index 3264dd2..04e21d6 100644
--- a/src/main/java/com/huoran/iasf/common/aop/aspect/DataScopeAspect.java
+++ b/src/main/java/com/huoran/iasf/common/aop/aspect/DataScopeAspect.java
@@ -54,7 +54,7 @@ public class DataScopeAspect {
protected void handleDataScope(final JoinPoint joinPoint) {
//获取当前登陆人
- String id = sessionService.getCurrentUserId();
+ Integer id = sessionService.getCurrentUserId();
//获取当前登陆人角色, 如果无角色, 那么不限制
List sysRoles = roleService.getRoleInfoByUserId(id);
if (CollectionUtils.isEmpty(sysRoles) || sysRoles.size() == 0) {
@@ -86,7 +86,7 @@ public class DataScopeAspect {
* @param userId 当前用户id
* @return 用户id集合
*/
- private List getUserIdsByRoles(List sysRoles, String userId) {
+ private List getUserIdsByRoles(List sysRoles, Integer userId) {
//本人
SysUser sysUser = userService.getById(userId);
//本部门
diff --git a/src/main/java/com/huoran/iasf/common/aop/aspect/SysLogAspect.java b/src/main/java/com/huoran/iasf/common/aop/aspect/SysLogAspect.java
index c0f8d5c..14d8cbb 100644
--- a/src/main/java/com/huoran/iasf/common/aop/aspect/SysLogAspect.java
+++ b/src/main/java/com/huoran/iasf/common/aop/aspect/SysLogAspect.java
@@ -104,10 +104,10 @@ public class SysLogAspect {
sysLog.setIp(IPUtils.getIpAddr(request));
log.info("Ip{},接口地址{},请求方式{},入参:{}", sysLog.getIp(), request.getRequestURL(), request.getMethod(), sysLog.getParams());
//用户名
- String userId = httpSessionService.getCurrentUserId();
+ Integer userId = httpSessionService.getCurrentUserId();
String username = httpSessionService.getCurrentUsername();
sysLog.setUsername(username);
- sysLog.setUserId(userId);
+ sysLog.setUserId(userId.toString());
sysLog.setTime((int) time);
log.info(sysLog.toString());
sysLogMapper.insert(sysLog);
diff --git a/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java b/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java
index 5b3a8a6..af972ed 100644
--- a/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java
+++ b/src/main/java/com/huoran/iasf/common/filter/AuthFilter.java
@@ -1,4 +1,3 @@
-/*
package com.huoran.iasf.common.filter;
import com.alibaba.fastjson.JSON;
@@ -24,12 +23,13 @@ import static com.huoran.iasf.service.HttpApiSessionService.USER_USERNAME_KEY;
@WebFilter(filterName = "authFilter", urlPatterns = "/iasf/*")
@Order(1)
public class AuthFilter implements Filter {
-*/
-/**
- * 白名单*//*
-
+ /**
+ * 白名单
+ */
+ private static final String[] whiteList =
+ {"/iasf/sys/user/login",
+ "/iasf/sys/exportFailure"};
- private static final String[] whiteList = {"/iasf/app/api/login", "/iasf/app/api/open/test"};
@Resource
HttpApiSessionService httpApiSessionService;
//需要拦截的地址
@@ -55,12 +55,14 @@ public class AuthFilter implements Filter {
}
//token为空返回
if (StringUtils.isBlank(token)) {
+ resp.setStatus(401);
responseResult(resp, R.fail("token不能为空"));
}
// 校验并解析token,如果token过期或者篡改,则会返回null
Claims claims = httpApiSessionService.checkJWT(token);
if (null == claims) {
- responseResult(resp, R.fail("登陆失效, 请重新登陆"));
+ resp.setStatus(401);
+ responseResult(resp, R.fail("登陆失效,请重新登陆"));
}
//TODO 校验用户状态等
@@ -72,18 +74,14 @@ public class AuthFilter implements Filter {
}
-*/
/**
* responseResult
* @param response
- * @param result
- *//*
-
-
+ * @param result*/
private void responseResult(HttpServletResponse response, R result) {
response.setCharacterEncoding("UTF-8");
response.setHeader("Content-type", "application/json;charset=UTF-8");
- response.setStatus(200);
+ // response.setStatus(200);
try {
response.getWriter().write(JSON.toJSONString(result));
} catch (IOException ex) {
@@ -91,4 +89,3 @@ public class AuthFilter implements Filter {
}
}
}
-*/
diff --git a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
index 2fc8449..07d07ca 100644
--- a/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
+++ b/src/main/java/com/huoran/iasf/common/shiro/CustomAccessControlFilter.java
@@ -59,39 +59,39 @@ public class CustomAccessControlFilter extends AccessControlFilter {
UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(token, token);
getSubject(servletRequest, servletResponse).login(usernamePasswordToken);
} catch (BusinessException exception) {
-/* if (HttpContextUtils.isAjaxRequest(request)) {
- customResponse(exception.getBaseResponseCode(), exception.getMessage(), servletResponse);
- } else if (exception.getMessageCode() == BaseResponseCode.TOKEN_ERROR.getCode()) {
+ if (HttpContextUtils.isAjaxRequest(request)) {
+ customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse);
+ } else if (exception.getBaseResponseCode().getCode() == BaseResponseCode.TOKEN_ERROR.getCode()) {
servletRequest.getRequestDispatcher("/index/login").forward(servletRequest, servletResponse);
- } else if (exception.getMessageCode() == BaseResponseCode.UNAUTHORIZED_ERROR.getCode()) {
+ } else if (exception.getBaseResponseCode().getCode() == BaseResponseCode.UNAUTHORIZED_ERROR.getCode()) {
servletRequest.getRequestDispatcher("/index/403").forward(servletRequest, servletResponse);
} else {
servletRequest.getRequestDispatcher("/index/500").forward(servletRequest, servletResponse);
- }*/
+ }
return false;
} catch (AuthenticationException e) {
- /*if (HttpContextUtils.isAjaxRequest(request)) {
+ if (HttpContextUtils.isAjaxRequest(request)) {
if (e.getCause() instanceof BusinessException) {
BusinessException exception = (BusinessException) e.getCause();
- customResponse(exception.getBaseResponseCode(), exception.getMessage(), servletResponse);
+ customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse);
} else {
customResponse(BaseResponseCode.SYSTEM_BUSY.getCode(), BaseResponseCode.SYSTEM_BUSY.getMsg(), servletResponse);
}
} else {
servletRequest.getRequestDispatcher("/index/403").forward(servletRequest, servletResponse);
- }*/
+ }
return false;
} catch (Exception e) {
- /*if (HttpContextUtils.isAjaxRequest(request)) {
+ if (HttpContextUtils.isAjaxRequest(request)) {
if (e.getCause() instanceof BusinessException) {
BusinessException exception = (BusinessException) e.getCause();
- customResponse(exception.getMessageCode(), exception.getDetailMessage(), servletResponse);
+ customResponse(exception.getBaseResponseCode().getCode(), exception.getMessage(), servletResponse);
} else {
customResponse(BaseResponseCode.SYSTEM_BUSY.getCode(), BaseResponseCode.SYSTEM_BUSY.getMsg(), servletResponse);
}
} else {
servletRequest.getRequestDispatcher("/index/500").forward(servletRequest, servletResponse);
- }*/
+ }
return false;
}
return true;
diff --git a/src/main/java/com/huoran/iasf/common/shiro/ShiroConfig.java b/src/main/java/com/huoran/iasf/common/shiro/ShiroConfig.java
index 7bce29b..a7f2e4d 100644
--- a/src/main/java/com/huoran/iasf/common/shiro/ShiroConfig.java
+++ b/src/main/java/com/huoran/iasf/common/shiro/ShiroConfig.java
@@ -24,7 +24,6 @@ import java.util.Map;
* @date 2022年7月28日
*//*
-
@Configuration
@EnableConfigurationProperties(FileUploadProperties.class)
public class ShiroConfig {
@@ -41,7 +40,6 @@ public class ShiroConfig {
/**
* 创建realm*//*
-
@Bean
public CustomRealm customRealm() {
CustomRealm customRealm = new CustomRealm();
@@ -51,7 +49,6 @@ public class ShiroConfig {
@Bean
public SecurityManager securityManager() {
-
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
//关联realm
securityManager.setRealm(customRealm());
@@ -73,7 +70,8 @@ public class ShiroConfig {
shiroFilterFactoryBean.setFilters(filtersMap);
Map filterChainDefinitionMap = new LinkedHashMap<>();
// 配置不会被拦截的链接 顺序判断
- filterChainDefinitionMap.put("/sys/user/login", "anon");
+ */
+/*filterChainDefinitionMap.put("/sys/user/login", "anon");
filterChainDefinitionMap.put("/sys/user/token", "anon");
filterChainDefinitionMap.put("/sys/getVerify", "anon");
filterChainDefinitionMap.put("/sys/checkVerify", "anon");
@@ -96,9 +94,12 @@ public class ShiroConfig {
filterChainDefinitionMap.put("/layui/**", "anon");
filterChainDefinitionMap.put("/css/**", "anon");
filterChainDefinitionMap.put("/layui-ext/**", "anon");
- filterChainDefinitionMap.put("/app/api/**", "anon");
+ filterChainDefinitionMap.put("/app/api/**", "anon");*//*
+
+ filterChainDefinitionMap.put("/sys/getVerify", "anon");
+ filterChainDefinitionMap.put("/sys/user/login", "anon");
filterChainDefinitionMap.put("/**", "token,authc");
- shiroFilterFactoryBean.setLoginUrl("/index/login");
+ shiroFilterFactoryBean.setLoginUrl("/login");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
return shiroFilterFactoryBean;
}
@@ -110,8 +111,6 @@ public class ShiroConfig {
*
* @return org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor*//*
-
-
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
diff --git a/src/main/java/com/huoran/iasf/common/utils/EmailUtils.java b/src/main/java/com/huoran/iasf/common/utils/EmailUtils.java
new file mode 100644
index 0000000..ac2cf3d
--- /dev/null
+++ b/src/main/java/com/huoran/iasf/common/utils/EmailUtils.java
@@ -0,0 +1,70 @@
+package com.huoran.iasf.common.utils;
+
+import org.apache.commons.mail.DefaultAuthenticator;
+import org.apache.commons.mail.HtmlEmail;
+
+
+public class EmailUtils {
+
+ //服务器地址
+ private static final String SERVER_ADDRESS = "smtp.mxhichina.com";
+ //邮箱地址
+ private static final String EMAILADDRESS = "postmaster@huorantech.cn";
+ //发生邮箱密码
+ private static final String EMAILPASSWORD = "HR111aaa";
+ //发送人姓名
+ private static final String EMAILUSERNAME = "DataForward";
+ //授权码
+ //private static final String AUTHORIZATION_CODE = "smtp.mxhichina.com";
+ //邮件标题
+ private static final String EMAILHEAD = "粒子研究院";
+ //邮件信息(后接验证码)头部信息
+ private static final String EMAILMASSAGEHEAD = "尊敬的用户,欢迎使用粒子研究院,您本次的验证码是: ";
+ //邮件信息(后接验证码)尾部信息
+ private static final String EMAILMASSAGETAIL = ",有效时间为5分钟";
+
+
+ //邮箱验证码
+ public static boolean sendEmail(String emailaddress,String code){
+ try {
+ HtmlEmail email = new HtmlEmail();
+ email.setHostName(SERVER_ADDRESS);
+ email.setSSLOnConnect(true); //使用ssl加密true
+ email.setSslSmtpPort("465"); //使用465端口
+ email.setCharset("UTF-8");
+ email.addTo(emailaddress);
+
+ email.setFrom(EMAILADDRESS, EMAILUSERNAME);
+// -- 使用阿里企业邮箱无授权码
+// email.setAuthentication(EMAILADDRESS, AUTHORIZATION_CODE);
+
+ email.setAuthenticator(new DefaultAuthenticator(EMAILADDRESS,EMAILPASSWORD));
+ email.setSubject(EMAILHEAD);
+ email.setMsg( EMAILMASSAGEHEAD + code + EMAILMASSAGETAIL);
+
+ email.send();
+ return true;
+ }
+ catch(Exception e){
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * 描述:是否是邮箱.
+ *
+ * @param str 指定的字符串
+ * @return 是否是邮箱:是为true,否则false
+ */
+ public static Boolean isEmail(String str) {
+ Boolean isEmail = false;
+ String expr = "^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})$";
+
+ if (str.matches(expr)) {
+ isEmail = true;
+ }
+ return isEmail;
+ }
+
+}
\ No newline at end of file
diff --git a/src/main/java/com/huoran/iasf/common/utils/RandomUtil.java b/src/main/java/com/huoran/iasf/common/utils/RandomUtil.java
new file mode 100644
index 0000000..d352428
--- /dev/null
+++ b/src/main/java/com/huoran/iasf/common/utils/RandomUtil.java
@@ -0,0 +1,64 @@
+package com.huoran.iasf.common.utils;
+
+import java.text.DecimalFormat;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Random;
+
+/**
+ * 获取随机数
+ *
+ * @author cheney
+ *
+ */
+public class RandomUtil {
+
+ private static final Random random = new Random();
+
+ private static final DecimalFormat fourdf = new DecimalFormat("0000");
+
+ private static final DecimalFormat sixdf = new DecimalFormat("000000");
+
+ public static String getFourBitRandom() {
+ return fourdf.format(random.nextInt(10000));
+ }
+
+ public static String getSixBitRandom() {
+ return sixdf.format(random.nextInt(1000000));
+ }
+
+ /**
+ * 给定数组,抽取n个数据
+ * @param list
+ * @param n
+ * @return
+ */
+ public static ArrayList getRandom(List list, int n) {
+
+ Random random = new Random();
+
+ HashMap