From 98deffce464edaa4c4bc4ae7eec8c9eb9448327b Mon Sep 17 00:00:00 2001 From: "DESKTOP-BE1EA0I\\14194" <1419499670@qq.com> Date: Wed, 21 Sep 2022 15:36:56 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=89=8D=E7=AB=AF=E9=89=B4?= =?UTF-8?q?=E6=9D=83bug?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../rest/AuthorizationController.java | 26 ++++++++++++++----- .../security/satoken/SaTokenConfigure.java | 19 +++++++++++--- .../security/service/OnlineUserService.java | 16 ++++++++---- nladmin-ui/src/api/login.js | 2 +- nladmin-ui/src/utils/permission.js | 4 +-- nladmin-ui/src/utils/request.js | 2 +- 6 files changed, 51 insertions(+), 18 deletions(-) diff --git a/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java b/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java index a1f79f022..bd68760c4 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java @@ -19,6 +19,7 @@ import cn.dev33.satoken.secure.SaSecureUtil; import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.util.IdUtil; import cn.hutool.core.util.StrUtil; +import com.alibaba.fastjson.JSONObject; import com.wf.captcha.base.Captcha; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -33,6 +34,7 @@ import org.nl.modules.security.config.bean.LoginCodeEnum; import org.nl.modules.security.config.bean.LoginProperties; import org.nl.modules.security.service.OnlineUserService; import org.nl.modules.security.service.dto.AuthUserDto; +import org.nl.modules.system.service.RoleService; import org.nl.modules.system.service.UserService; import org.nl.modules.system.service.dto.UserDto; import org.nl.utils.RedisUtils; @@ -50,6 +52,7 @@ import org.springframework.web.bind.annotation.RestController; import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.concurrent.TimeUnit; @@ -68,6 +71,7 @@ public class AuthorizationController { private final RedisUtils redisUtils; private final OnlineUserService onlineUserService; private final UserService userService; + private final RoleService roleService; @Resource private LoginProperties loginProperties; @@ -77,7 +81,6 @@ public class AuthorizationController { public ResponseEntity login(@Validated @RequestBody AuthUserDto authUser, HttpServletRequest request) throws Exception { // 密码解密 - 前端的加密规则: encrypt String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword()); - // 查询验证码 String code = (String) redisUtils.get(authUser.getUuid()); // 清除验证码 @@ -88,15 +91,14 @@ public class AuthorizationController { if (StrUtil.isEmpty(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) { throw new BadRequestException("验证码错误"); } - // 保存在线信息 -// onlineUserService.save(jwtUserDto, token, request); // 校验数据库 // 根据用户名查询,在比对密码 UserDto userDto = userService.findByName(authUser.getUsername()); // 拿不到已经抛出异常 if (!userDto.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) { // 这里需要密码加密 throw new BadRequestException("账号或密码错误"); } - StpUtil.login(userDto.getId()); + StpUtil.login(userDto.getId()); // 调用satoken登录 + // 保存用户信息到session - 登录输入,登出删除 CurrentUser user = new CurrentUser(); user.setId(userDto.getId()); @@ -107,10 +109,17 @@ public class AuthorizationController { // 返回一个User // 返回 token 与 用户信息 + List permissionList = roleService.getPermissionList(userDto.getId().toString()); + JSONObject jsonObject = new JSONObject(); + jsonObject.put("roles", permissionList); + jsonObject.put("user", userDto); Map authInfo = new HashMap(2) {{ put("token", StpUtil.getTokenValue()); - put("user", userDto); + put("user", jsonObject); }}; + + // 保存在线信息 +// onlineUserService.save(jwtUserDto, token, request); return ResponseEntity.ok(authInfo); } @@ -118,7 +127,12 @@ public class AuthorizationController { @ApiOperation("获取用户信息") @GetMapping(value = "/info") public ResponseEntity getUserInfo() { - return ResponseEntity.ok(SecurityUtils.getCurrentUser()); + UserDto currentUser = (UserDto) SecurityUtils.getCurrentUser(); + List permissionList = roleService.getPermissionList(currentUser.getId().toString()); + JSONObject jsonObject = new JSONObject(); + jsonObject.put("roles", permissionList); + jsonObject.put("user", currentUser); + return ResponseEntity.ok(jsonObject); } @ApiOperation("获取验证码") diff --git a/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java b/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java index 72775ae42..c8e5176cc 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java @@ -2,8 +2,8 @@ package org.nl.modules.security.satoken; import cn.dev33.satoken.interceptor.SaInterceptor; import cn.dev33.satoken.stp.StpUtil; -import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** @@ -11,10 +11,12 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; * @description: sa-token的配置 * @Date: 2022-09-20 */ -@Configuration +//@Configuration public class SaTokenConfigure implements WebMvcConfigurer { - String[] whitelist = new String[]{"/auth/login", "/auth/code"}; + String[] whitelist = new String[]{"/auth/login", "/auth/code", "/swagger-ui.html", "/swagger-resources/**", + "/webjars/**", "/*/api-docs", "/avatar/**", "/file/**", "/druid/**", "/favicon.ico", + "/*.html", "/**/*.html", "/**/*.css", "/**/*.js","/webSocket/**"}; // 注册 Sa-Token 拦截器,打开注解式鉴权功能 @Override @@ -24,4 +26,15 @@ public class SaTokenConfigure implements WebMvcConfigurer { .addPathPatterns("/**") .excludePathPatterns(whitelist); // 白名单 } + + /** + * 添加资源处理程序 + * @param registry 注册表 + */ + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + registry.addResourceHandler("/**").addResourceLocations("classpath:/resources/") + .addResourceLocations("classpath:/static/").addResourceLocations("classpath:/public/") + .resourceChain(false); + } } diff --git a/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java b/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java index b643f00ed..cb1047bb2 100644 --- a/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java +++ b/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java @@ -18,14 +18,20 @@ package org.nl.modules.security.service; import cn.hutool.core.util.StrUtil; import lombok.extern.slf4j.Slf4j; import org.nl.modules.security.service.dto.OnlineUserDto; -import org.nl.utils.*; +import org.nl.utils.EncryptUtils; +import org.nl.utils.FileUtil; +import org.nl.utils.PageUtil; +import org.nl.utils.RedisUtils; import org.springframework.data.domain.Pageable; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.*; +import java.util.ArrayList; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; /** * @author Zheng Jie @@ -52,15 +58,15 @@ public class OnlineUserService { * @param token / * @param request / */ -// public void save(JwtUserDto jwtUserDto, String token, HttpServletRequest request){ -// String dept = jwtUserDto.getUser().getDept().getName(); +// public void save(UserDto userDto, String token, HttpServletRequest request){ +// String dept = userDto.getUser().getDept().getName(); // String ip = StringUtils.getIp(request); // String browser = StringUtils.getBrowser(request); // // String address = StringUtils.getCityInfo(ip); // String address = "局域网"; // OnlineUserDto onlineUserDto = null; // try { -// onlineUserDto = new OnlineUserDto(jwtUserDto.getUsername(), jwtUserDto.getUser().getNickName(), dept, browser , ip, address, EncryptUtils.desEncrypt(token), new Date()); +// onlineUserDto = new OnlineUserDto(userDto.getUsername(), userDto.getUser().getNickName(), dept, browser , ip, address, EncryptUtils.desEncrypt(token), new Date()); // } catch (Exception e) { // log.error(e.getMessage(),e); // } diff --git a/nladmin-ui/src/api/login.js b/nladmin-ui/src/api/login.js index 157617beb..413c0a8b0 100644 --- a/nladmin-ui/src/api/login.js +++ b/nladmin-ui/src/api/login.js @@ -1,7 +1,7 @@ import request from '@/utils/request' export function login(username, password, code, uuid) { - debugger + // debugger return request({ url: 'auth/login', method: 'post', diff --git a/nladmin-ui/src/utils/permission.js b/nladmin-ui/src/utils/permission.js index 221d3842c..6ada6bb43 100644 --- a/nladmin-ui/src/utils/permission.js +++ b/nladmin-ui/src/utils/permission.js @@ -5,11 +5,11 @@ import store from '@/store' * @returns {Boolean} * @example see @/views/permission/directive.vue */ -export default function checkPermission(value) { +export default function checkPermission(value) { // 权限判断 if (value && value instanceof Array && value.length > 0) { const roles = store.getters && store.getters.roles const permissionRoles = value - + // debugger const hasPermission = roles.some(role => { return permissionRoles.includes(role) }) diff --git a/nladmin-ui/src/utils/request.js b/nladmin-ui/src/utils/request.js index 54a5c830f..1d33f6564 100644 --- a/nladmin-ui/src/utils/request.js +++ b/nladmin-ui/src/utils/request.js @@ -17,7 +17,7 @@ const service = axios.create({ // request拦截器 service.interceptors.request.use( config => { - debugger + // debugger if (getToken()) { config.headers['Authorization'] = getToken() // 让每个请求携带自定义token 请根据实际情况自行修改 }