diff --git a/nladmin-common/src/main/java/org/nl/exception/handler/GlobalExceptionHandler.java b/nladmin-common/src/main/java/org/nl/exception/handler/GlobalExceptionHandler.java index 746dd0d91..dd8bc3e6e 100644 --- a/nladmin-common/src/main/java/org/nl/exception/handler/GlobalExceptionHandler.java +++ b/nladmin-common/src/main/java/org/nl/exception/handler/GlobalExceptionHandler.java @@ -56,7 +56,7 @@ public class GlobalExceptionHandler { */ @ExceptionHandler(value = NotLoginException.class) public ResponseEntity notLoginException(Exception e) { - log.error(ThrowableUtil.getStackTrace(e)); +// log.error(ThrowableUtil.getStackTrace(e)); return buildResponseEntity(ApiError.error(401,"token 失效")); } diff --git a/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java b/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java index 6dc733969..d6ab389cc 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java @@ -67,7 +67,6 @@ import java.util.concurrent.TimeUnit; @RequiredArgsConstructor @Api(tags = "系统:系统授权接口") public class AuthorizationController { -// private final SecurityProperties properties; private final RedisUtils redisUtils; private final OnlineUserService onlineUserService; private final UserService userService; @@ -126,7 +125,6 @@ public class AuthorizationController { return ResponseEntity.ok(authInfo); } - @ApiOperation("获取用户信息") @GetMapping(value = "/info") public ResponseEntity getUserInfo() { diff --git a/nladmin-system/src/main/java/org/nl/modules/security/rest/test.java b/nladmin-system/src/main/java/org/nl/modules/security/rest/test.java index 5eab8bd69..78d45c4ce 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/rest/test.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/rest/test.java @@ -4,7 +4,7 @@ import cn.dev33.satoken.secure.SaSecureUtil; /** * @author lyd - * @description + * @description 密码加密测试 */ public class test { public static void main(String[] args) { diff --git a/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java b/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java index 3adb0cd0b..f141ca3e3 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java @@ -4,6 +4,8 @@ import cn.dev33.satoken.interceptor.SaInterceptor; import cn.dev33.satoken.jwt.StpLogicJwtForSimple; import cn.dev33.satoken.stp.StpLogic; import cn.dev33.satoken.stp.StpUtil; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; @@ -15,26 +17,27 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; * @description: sa-token的配置路由拦截 * @Date: 2022-09-20 */ +@Slf4j +@RequiredArgsConstructor @Configuration public class SaTokenConfigure implements WebMvcConfigurer { + // 白名单 + private final SecurityProperties securityProperties; + // Sa-Token 整合 jwt (Simple 简单模式) @Bean public StpLogic getStpLogicJwt() { return new StpLogicJwtForSimple(); } - String[] whitelist = new String[]{"/auth/login", "/auth/code","auth/logout", "/swagger-ui.html", "/swagger-resources/**", - "/webjars/**", "/*/api-docs", "/avatar/**", "/file/**", "/druid/**", "/favicon.ico", - "/*.html", "/**/*.html", "/**/*.css", "/**/*.js","/webSocket/**"}; - // 注册 Sa-Token 拦截器,打开注解式鉴权功能 @Override public void addInterceptors(InterceptorRegistry registry) { // 注册 Sa-Token 拦截器,打开注解式鉴权功能 registry.addInterceptor(new SaInterceptor(handle -> StpUtil.checkLogin())) .addPathPatterns("/**") - .excludePathPatterns(whitelist); // 白名单 + .excludePathPatterns(securityProperties.getExcludes()); // 白名单 } /** diff --git a/nladmin-system/src/main/java/org/nl/modules/security/satoken/SecurityProperties.java b/nladmin-system/src/main/java/org/nl/modules/security/satoken/SecurityProperties.java new file mode 100644 index 000000000..9e2ac1bd1 --- /dev/null +++ b/nladmin-system/src/main/java/org/nl/modules/security/satoken/SecurityProperties.java @@ -0,0 +1,20 @@ +package org.nl.modules.security.satoken; + +import lombok.Data; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +/** + * @author: lyd + * @description: 白名单 - 统一放到yml管理 + * @Date: 2022/9/22 + */ +@Data +@Component +@ConfigurationProperties(prefix = "security") +public class SecurityProperties { + /** + * 排除路径 + */ + private String[] excludes; +} diff --git a/nladmin-system/src/main/java/org/nl/modules/security/satoken/hint.md b/nladmin-system/src/main/java/org/nl/modules/security/satoken/hint.md index 995291ba1..6c0cdb27c 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/satoken/hint.md +++ b/nladmin-system/src/main/java/org/nl/modules/security/satoken/hint.md @@ -61,4 +61,9 @@ public class UserDto extends BaseDTO implements Serializable { private Date pwdResetTime; } +``` + +### 加密规则 +``` +SaSecureUtil.md5BySalt("123456", "salt") ``` \ No newline at end of file diff --git a/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java b/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java index 78f1d2131..fc749be50 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java @@ -37,18 +37,12 @@ import java.util.*; @Slf4j public class OnlineUserService { -// private final SecurityProperties properties; private final RedisUtils redisUtils; public OnlineUserService(RedisUtils redisUtils) { this.redisUtils = redisUtils; } -// public OnlineUserService(SecurityProperties properties, RedisUtils redisUtils) { -// this.properties = properties; -// this.redisUtils = redisUtils; -// } - /** * 保存在线用户信息 * @param userDto / diff --git a/nladmin-system/src/main/java/org/nl/modules/system/rest/GridFieldController.java b/nladmin-system/src/main/java/org/nl/modules/system/rest/GridFieldController.java index 9913847e3..963bf3413 100644 --- a/nladmin-system/src/main/java/org/nl/modules/system/rest/GridFieldController.java +++ b/nladmin-system/src/main/java/org/nl/modules/system/rest/GridFieldController.java @@ -1,6 +1,5 @@ package org.nl.modules.system.rest; -import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; diff --git a/nladmin-system/src/main/java/org/nl/modules/system/rest/UserController.java b/nladmin-system/src/main/java/org/nl/modules/system/rest/UserController.java index 97a783c50..c97a737be 100644 --- a/nladmin-system/src/main/java/org/nl/modules/system/rest/UserController.java +++ b/nladmin-system/src/main/java/org/nl/modules/system/rest/UserController.java @@ -63,12 +63,10 @@ import java.util.stream.Collectors; @RequiredArgsConstructor public class UserController { -// private final PasswordEncoder passwordEncoder; private final UserService userService; private final DataService dataService; private final DeptService deptService; private final RoleService roleService; -// private final VerifyService verificationCodeService; @ApiOperation("导出用户数据") @GetMapping(value = "/download") @@ -109,7 +107,6 @@ public class UserController { public ResponseEntity create(@Validated @RequestBody User resources){ checkLevel(resources); // 默认密码 123456 -// resources.setPassword(passwordEncoder.encode("123456")); resources.setPassword(SaSecureUtil.md5BySalt("123456", "salt")); userService.create(resources); return new ResponseEntity<>(HttpStatus.CREATED); @@ -140,7 +137,7 @@ public class UserController { @ApiOperation("删除用户") @DeleteMapping @SaCheckPermission("user:del") - public ResponseEntity delete(@RequestBody Set ids){ + public ResponseEntity delete(@RequestBody Set ids) { for (Long id : ids) { Integer currentLevel = Collections.min(roleService.findByUsersId(StpUtil.getLoginIdAsLong()).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList())); Integer optLevel = Collections.min(roleService.findByUsersId(id).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList())); @@ -155,16 +152,17 @@ public class UserController { @ApiOperation("修改密码") @PostMapping(value = "/updatePass") public ResponseEntity updatePass(@RequestBody UserPassVo passVo) throws Exception { + // 解密,得到字符密码 String oldPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,passVo.getOldPass()); String newPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,passVo.getNewPass()); UserDto user = userService.findByName(SecurityUtils.getCurrentUsername()); -// if(!passwordEncoder.matches(oldPass, user.getPassword())){ -// throw new BadRequestException("修改失败,旧密码错误"); -// } -// if(passwordEncoder.matches(newPass, user.getPassword())){ -// throw new BadRequestException("新密码不能与旧密码相同"); -// } -// userService.updatePass(user.getUsername(),passwordEncoder.encode(newPass)); + if (!SaSecureUtil.md5BySalt(user.getPassword(), "salt").equals(SaSecureUtil.md5BySalt(oldPass, "salt"))) { + throw new BadRequestException("修改失败,旧密码错误"); + } + if (!SaSecureUtil.md5BySalt(user.getPassword(), "salt").equals(SaSecureUtil.md5BySalt(newPass, "salt"))) { + throw new BadRequestException("新密码不能与旧密码相同"); + } + userService.updatePass(user.getUsername(),SaSecureUtil.md5BySalt(newPass, "salt")); return new ResponseEntity<>(HttpStatus.OK); } @@ -174,19 +172,18 @@ public class UserController { return new ResponseEntity<>(userService.updateAvatar(avatar), HttpStatus.OK); } -// @Log("修改邮箱") -// @ApiOperation("修改邮箱") -// @PostMapping(value = "/updateEmail/{code}") -// public ResponseEntity updateEmail(@PathVariable String code,@RequestBody User user) throws Exception { -// String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,user.getPassword()); -// UserDto userDto = userService.findByName(SecurityUtils.getCurrentUsername()); -//// if(!passwordEncoder.matches(password, userDto.getPassword())){ -//// throw new BadRequestException("密码错误"); -//// } -// verificationCodeService.validated(CodeEnum.EMAIL_RESET_EMAIL_CODE.getKey() + user.getEmail(), code); -// userService.updateEmail(userDto.getUsername(),user.getEmail()); -// return new ResponseEntity<>(HttpStatus.OK); -// } + @Log("修改邮箱") + @ApiOperation("修改邮箱") + @PostMapping(value = "/updateEmail/{code}") + public ResponseEntity updateEmail(@PathVariable String code,@RequestBody User user) throws Exception { + String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,user.getPassword()); + UserDto userDto = userService.findByName(SecurityUtils.getCurrentUsername()); + if(!SaSecureUtil.md5BySalt(user.getPassword(), "salt").equals(SaSecureUtil.md5BySalt(password, "salt"))){ + throw new BadRequestException("密码错误"); + } + userService.updateEmail(userDto.getUsername(),user.getEmail()); + return new ResponseEntity<>(HttpStatus.OK); + } /** * 如果当前用户的角色级别低于创建用户的角色级别,则抛出权限不足的错误 diff --git a/nladmin-system/src/main/java/org/nl/modules/system/service/VerifyService.java b/nladmin-system/src/main/java/org/nl/modules/system/service/VerifyService.java deleted file mode 100644 index c7d7d6e63..000000000 --- a/nladmin-system/src/main/java/org/nl/modules/system/service/VerifyService.java +++ /dev/null @@ -1,41 +0,0 @@ -///* -// * Copyright 2019-2020 Zheng Jie -// * -// * Licensed under the Apache License, Version 2.0 (the "License"); -// * you may not use this file except in compliance with the License. -// * You may obtain a copy of the License at -// * -// * http://www.apache.org/licenses/LICENSE-2.0 -// * -// * Unless required by applicable law or agreed to in writing, software -// * distributed under the License is distributed on an "AS IS" BASIS, -// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// * See the License for the specific language governing permissions and -// * limitations under the License. -// */ -//package org.nl.modules.system.service; -// -//import org.nl.domain.vo.EmailVo; -// -///** -// * @author Zheng Jie -// * @date 2018-12-26 -// */ -//public interface VerifyService { -// -// /** -// * 发送验证码 -// * @param email / -// * @param key / -// * @return / -// */ -// EmailVo sendEmail(String email, String key); -// -// -// /** -// * 验证 -// * @param code / -// * @param key / -// */ -// void validated(String key, String code); -//} diff --git a/nladmin-system/src/main/resources/config/application.yml b/nladmin-system/src/main/resources/config/application.yml index 8f7f54429..62a49efae 100644 --- a/nladmin-system/src/main/resources/config/application.yml +++ b/nladmin-system/src/main/resources/config/application.yml @@ -46,3 +46,31 @@ logging: file: path: C:\log\wms config: classpath:logback-spring.xml +# sa-token白名单配置 +security: + # 排除路径 + excludes: + # 认证 + - /auth/login + - /auth/code + - /auth/logout + # swagger + - /swagger-ui.html + - /swagger-resources/** + - /webjars/** + - /file/** + - /webSocket/** + # 静态资源 + - /*.html + - /**/*.html + - /**/*.css + - /**/*.js + # swagger 文档配置 + - /favicon.ico + - /*/api-docs + - /*/api-docs/** + # druid 监控配置 + - /druid/** + # actuator 监控配置 + - /actuator + - /actuator/** \ No newline at end of file diff --git a/nladmin-ui/src/api/tools/alipay.js b/nladmin-ui/src/api/tools/alipay.js deleted file mode 100644 index 54090f5f5..000000000 --- a/nladmin-ui/src/api/tools/alipay.js +++ /dev/null @@ -1,25 +0,0 @@ -import request from '@/utils/request' - -export function get() { - return request({ - url: 'api/aliPay', - method: 'get' - }) -} - -export function update(data) { - return request({ - url: 'api/aliPay', - data, - method: 'put' - }) -} - -// 支付 -export function toAliPay(url, data) { - return request({ - url: 'api/' + url, - data, - method: 'post' - }) -} diff --git a/nladmin-ui/src/utils/request.js b/nladmin-ui/src/utils/request.js index 1d33f6564..986ba8f26 100644 --- a/nladmin-ui/src/utils/request.js +++ b/nladmin-ui/src/utils/request.js @@ -62,6 +62,7 @@ service.interceptors.response.use( console.log(code) if (code) { if (code === 401) { + // debugger store.dispatch('LogOut').then(() => { // 用户登录界面提示 Cookies.set('point', 401) diff --git a/nladmin-ui/src/views/login.vue b/nladmin-ui/src/views/login.vue index 2a07b3185..2a1367069 100644 --- a/nladmin-ui/src/views/login.vue +++ b/nladmin-ui/src/views/login.vue @@ -144,6 +144,7 @@ export default { }, point() { const point = Cookies.get('point') !== undefined + console.log(point) if (point) { this.$notify({ title: '提示', diff --git a/nladmin-ui/src/views/tools/aliPay/index.vue b/nladmin-ui/src/views/tools/aliPay/index.vue deleted file mode 100644 index 6461589fc..000000000 --- a/nladmin-ui/src/views/tools/aliPay/index.vue +++ /dev/null @@ -1,48 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -