add: 手持登录接口
This commit is contained in:
@@ -0,0 +1,92 @@
|
||||
package org.nl.system.controller.secutiry;
|
||||
|
||||
import cn.dev33.satoken.annotation.SaIgnore;
|
||||
import cn.dev33.satoken.secure.SaSecureUtil;
|
||||
import cn.dev33.satoken.stp.SaLoginModel;
|
||||
import cn.dev33.satoken.stp.StpUtil;
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.nl.common.exception.BadRequestException;
|
||||
import org.nl.common.utils.RedisUtils;
|
||||
import org.nl.common.utils.RsaUtils;
|
||||
import org.nl.common.utils.dto.CurrentUser;
|
||||
import org.nl.config.RsaProperties;
|
||||
import org.nl.system.service.role.ISysRoleService;
|
||||
import org.nl.system.service.secutiry.dto.AuthUserDto;
|
||||
import org.nl.system.service.user.ISysUserService;
|
||||
import org.nl.system.service.user.dao.SysUser;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.validation.annotation.Validated;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @Author: lyd
|
||||
* @Description: 手持登录鉴权
|
||||
* @Date: 2023/7/31
|
||||
*/
|
||||
@Slf4j
|
||||
@RestController
|
||||
@RequestMapping("/api/pda")
|
||||
@Api(tags = "手持:系统授权接口")
|
||||
public class MobileAuthorizationController {
|
||||
@Autowired
|
||||
private ISysUserService userService;
|
||||
@Autowired
|
||||
private ISysRoleService roleService;
|
||||
@ApiOperation("登录授权")
|
||||
@PostMapping(value = "/login")
|
||||
@SaIgnore
|
||||
public JSONObject login(@Validated @RequestBody AuthUserDto authUser, HttpServletRequest request) throws Exception {
|
||||
// 密码解密 - 前端的加密规则: encrypt(根据实际更改)
|
||||
String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword());
|
||||
// 校验数据库
|
||||
// 根据用户名查询,在比对密码
|
||||
SysUser userInfo = userService.getOne(new LambdaQueryWrapper<SysUser>()
|
||||
.eq(SysUser::getUsername, authUser.getUsername())); // 拿不到已经抛出异常
|
||||
if (!userInfo.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) { // 这里需要密码加密
|
||||
throw new BadRequestException("账号或密码错误!");
|
||||
}
|
||||
// 获取权限列表 - 登录查找权限
|
||||
List<String> permissionList = roleService.getPermissionList((JSONObject) JSON.toJSON(userInfo));
|
||||
|
||||
if (!userInfo.getIs_used()) {
|
||||
throw new BadRequestException("账号未激活");
|
||||
}
|
||||
|
||||
// 登录输入,登出删除
|
||||
CurrentUser user = new CurrentUser();
|
||||
user.setId(userInfo.getUser_id());
|
||||
user.setUsername(userInfo.getUsername());
|
||||
user.setPresonName(userInfo.getPerson_name());
|
||||
user.setUser(userInfo);
|
||||
user.setPermissions(permissionList);
|
||||
|
||||
// SaLoginModel 配置登录相关参数
|
||||
StpUtil.login(userInfo.getUser_id(), new SaLoginModel()
|
||||
.setDevice("PE") // 此次登录的客户端设备类型, 用于[同端互斥登录]时指定此次登录的设备类型
|
||||
.setExtra("loginInfo", user) // Token挂载的扩展参数 (此方法只有在集成jwt插件时才会生效)
|
||||
);
|
||||
|
||||
// 返回 token 与 用户信息
|
||||
JSONObject jsonObject = new JSONObject();
|
||||
// jsonObject.put("roles", permissionList);
|
||||
jsonObject.put("user", userInfo);
|
||||
JSONObject authInfo = new JSONObject(2) {{
|
||||
put("token", "Bearer " + StpUtil.getTokenValue());
|
||||
put("user", jsonObject);
|
||||
}};
|
||||
|
||||
return authInfo;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user