root/longdianningxing
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复代码

Browse Source
This commit is contained in:
DESKTOP-BE1EA0I\14194
2022-09-22 18:08:06 +08:00
parent 8e8730d0bf
commit 8a78ac988f
15 changed files with 86 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java
View File

@@ -67,7 +67,6 @@ import java.util.concurrent.TimeUnit;
@RequiredArgsConstructor
@Api(tags = "系统:系统授权接口")
public class AuthorizationController {
// private final SecurityProperties properties;
private final RedisUtils redisUtils;
private final OnlineUserService onlineUserService;
private final UserService userService;
@@ -126,7 +125,6 @@ public class AuthorizationController {
return ResponseEntity.ok(authInfo);
}
@ApiOperation("获取用户信息")
@GetMapping(value = "/info")
public ResponseEntity<Object> getUserInfo() {

2
nladmin-system/src/main/java/org/nl/modules/security/rest/test.java
View File

@@ -4,7 +4,7 @@ import cn.dev33.satoken.secure.SaSecureUtil;
/**
* @author lyd
* @description
* @description 密码加密测试
*/
public class test {
public static void main(String[] args) {

13
nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java
View File

@@ -4,6 +4,8 @@ import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.jwt.StpLogicJwtForSimple;
import cn.dev33.satoken.stp.StpLogic;
import cn.dev33.satoken.stp.StpUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -15,26 +17,27 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
* @description: sa-token的配置路由拦截
* @Date: 2022-09-20
*/
@Slf4j
@RequiredArgsConstructor
@Configuration
public class SaTokenConfigure implements WebMvcConfigurer {
// 白名单
private final SecurityProperties securityProperties;
// Sa-Token 整合 jwt (Simple 简单模式)
@Bean
public StpLogic getStpLogicJwt() {
return new StpLogicJwtForSimple();
}
String[] whitelist = new String[]{"/auth/login", "/auth/code","auth/logout", "/swagger-ui.html", "/swagger-resources/**",
"/webjars/**", "/*/api-docs", "/avatar/**", "/file/**", "/druid/**", "/favicon.ico",
"/*.html", "/**/*.html", "/**/*.css", "/**/*.js","/webSocket/**"};
// 注册 Sa-Token 拦截器,打开注解式鉴权功能
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 注册 Sa-Token 拦截器,打开注解式鉴权功能
registry.addInterceptor(new SaInterceptor(handle -> StpUtil.checkLogin()))
.addPathPatterns("/**")
.excludePathPatterns(whitelist); // 白名单
.excludePathPatterns(securityProperties.getExcludes()); // 白名单
}
/**

20
nladmin-system/src/main/java/org/nl/modules/security/satoken/SecurityProperties.java Normal file
View File

@@ -0,0 +1,20 @@
package org.nl.modules.security.satoken;
import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
/**
* @author: lyd
* @description: 白名单 - 统一放到yml管理
* @Date: 2022/9/22
*/
@Data
@Component
@ConfigurationProperties(prefix = "security")
public class SecurityProperties {
/**
* 排除路径
*/
private String[] excludes;
}

5
nladmin-system/src/main/java/org/nl/modules/security/satoken/hint.md
View File

@@ -61,4 +61,9 @@ public class UserDto extends BaseDTO implements Serializable {
private Date pwdResetTime;
}
```
### 加密规则
```
SaSecureUtil.md5BySalt("123456", "salt")
```

6
nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java
View File

@@ -37,18 +37,12 @@ import java.util.*;
@Slf4j
public class OnlineUserService {
// private final SecurityProperties properties;
private final RedisUtils redisUtils;
public OnlineUserService(RedisUtils redisUtils) {
this.redisUtils = redisUtils;
}
// public OnlineUserService(SecurityProperties properties, RedisUtils redisUtils) {
// this.properties = properties;
// this.redisUtils = redisUtils;
// }
/**
* 保存在线用户信息
* @param userDto /

1
nladmin-system/src/main/java/org/nl/modules/system/rest/GridFieldController.java
View File

@@ -1,6 +1,5 @@
package org.nl.modules.system.rest;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;

45
nladmin-system/src/main/java/org/nl/modules/system/rest/UserController.java
View File

@@ -63,12 +63,10 @@ import java.util.stream.Collectors;
@RequiredArgsConstructor
public class UserController {
// private final PasswordEncoder passwordEncoder;
private final UserService userService;
private final DataService dataService;
private final DeptService deptService;
private final RoleService roleService;
// private final VerifyService verificationCodeService;
@ApiOperation("导出用户数据")
@GetMapping(value = "/download")
@@ -109,7 +107,6 @@ public class UserController {
public ResponseEntity<Object> create(@Validated @RequestBody User resources){
checkLevel(resources);
// 默认密码 123456
// resources.setPassword(passwordEncoder.encode("123456"));
resources.setPassword(SaSecureUtil.md5BySalt("123456", "salt"));
userService.create(resources);
return new ResponseEntity<>(HttpStatus.CREATED);
@@ -140,7 +137,7 @@ public class UserController {
@ApiOperation("删除用户")
@DeleteMapping
@SaCheckPermission("user:del")
public ResponseEntity<Object> delete(@RequestBody Set<Long> ids){
public ResponseEntity<Object> delete(@RequestBody Set<Long> ids) {
for (Long id : ids) {
Integer currentLevel = Collections.min(roleService.findByUsersId(StpUtil.getLoginIdAsLong()).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
Integer optLevel = Collections.min(roleService.findByUsersId(id).stream().map(RoleSmallDto::getLevel).collect(Collectors.toList()));
@@ -155,16 +152,17 @@ public class UserController {
@ApiOperation("修改密码")
@PostMapping(value = "/updatePass")
public ResponseEntity<Object> updatePass(@RequestBody UserPassVo passVo) throws Exception {
// 解密,得到字符密码
String oldPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,passVo.getOldPass());
String newPass = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,passVo.getNewPass());
UserDto user = userService.findByName(SecurityUtils.getCurrentUsername());
// if(!passwordEncoder.matches(oldPass, user.getPassword())){
// throw new BadRequestException("修改失败,旧密码错误");
// }
// if(passwordEncoder.matches(newPass, user.getPassword())){
// throw new BadRequestException("新密码不能与旧密码相同");
// }
// userService.updatePass(user.getUsername(),passwordEncoder.encode(newPass));
if (!SaSecureUtil.md5BySalt(user.getPassword(), "salt").equals(SaSecureUtil.md5BySalt(oldPass, "salt"))) {
throw new BadRequestException("修改失败,旧密码错误");
}
if (!SaSecureUtil.md5BySalt(user.getPassword(), "salt").equals(SaSecureUtil.md5BySalt(newPass, "salt"))) {
throw new BadRequestException("新密码不能与旧密码相同");
}
userService.updatePass(user.getUsername(),SaSecureUtil.md5BySalt(newPass, "salt"));
return new ResponseEntity<>(HttpStatus.OK);
}
@@ -174,19 +172,18 @@ public class UserController {
return new ResponseEntity<>(userService.updateAvatar(avatar), HttpStatus.OK);
}
// @Log("修改邮箱")
// @ApiOperation("修改邮箱")
// @PostMapping(value = "/updateEmail/{code}")
// public ResponseEntity<Object> updateEmail(@PathVariable String code,@RequestBody User user) throws Exception {
// String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,user.getPassword());
// UserDto userDto = userService.findByName(SecurityUtils.getCurrentUsername());
//// if(!passwordEncoder.matches(password, userDto.getPassword())){
//// throw new BadRequestException("密码错误");
//// }
// verificationCodeService.validated(CodeEnum.EMAIL_RESET_EMAIL_CODE.getKey() + user.getEmail(), code);
// userService.updateEmail(userDto.getUsername(),user.getEmail());
// return new ResponseEntity<>(HttpStatus.OK);
// }
@Log("修改邮箱")
@ApiOperation("修改邮箱")
@PostMapping(value = "/updateEmail/{code}")
public ResponseEntity<Object> updateEmail(@PathVariable String code,@RequestBody User user) throws Exception {
String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey,user.getPassword());
UserDto userDto = userService.findByName(SecurityUtils.getCurrentUsername());
if(!SaSecureUtil.md5BySalt(user.getPassword(), "salt").equals(SaSecureUtil.md5BySalt(password, "salt"))){
throw new BadRequestException("密码错误");
}
userService.updateEmail(userDto.getUsername(),user.getEmail());
return new ResponseEntity<>(HttpStatus.OK);
}
/**
* 如果当前用户的角色级别低于创建用户的角色级别,则抛出权限不足的错误

41
nladmin-system/src/main/java/org/nl/modules/system/service/VerifyService.java
View File

@@ -1,41 +0,0 @@
///*
// * Copyright 2019-2020 Zheng Jie
// *
// * Licensed under the Apache License, Version 2.0 (the "License");
// * you may not use this file except in compliance with the License.
// * You may obtain a copy of the License at
// *
// * http://www.apache.org/licenses/LICENSE-2.0
// *
// * Unless required by applicable law or agreed to in writing, software
// * distributed under the License is distributed on an "AS IS" BASIS,
// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// * See the License for the specific language governing permissions and
// * limitations under the License.
// */
//package org.nl.modules.system.service;
//
//import org.nl.domain.vo.EmailVo;
//
///**
// * @author Zheng Jie
// * @date 2018-12-26
// */
//public interface VerifyService {
//
// /**
// * 发送验证码
// * @param email /
// * @param key /
// * @return /
// */
// EmailVo sendEmail(String email, String key);
//
//
// /**
// * 验证
// * @param code /
// * @param key /
// */
// void validated(String key, String code);
//}