修复前端鉴权bug

nladmin-system/src/main/java/org/nl/modules/security/rest/AuthorizationController.java

@@ -19,6 +19,7 @@ import cn.dev33.satoken.secure.SaSecureUtil;
 import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.util.IdUtil;
 import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSONObject;
 import com.wf.captcha.base.Captcha;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -33,6 +34,7 @@ import org.nl.modules.security.config.bean.LoginCodeEnum;
 import org.nl.modules.security.config.bean.LoginProperties;
 import org.nl.modules.security.service.OnlineUserService;
 import org.nl.modules.security.service.dto.AuthUserDto;
+import org.nl.modules.system.service.RoleService;
 import org.nl.modules.system.service.UserService;
 import org.nl.modules.system.service.dto.UserDto;
 import org.nl.utils.RedisUtils;
@@ -50,6 +52,7 @@ import org.springframework.web.bind.annotation.RestController;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
 
@@ -68,6 +71,7 @@ public class AuthorizationController {
     private final RedisUtils redisUtils;
     private final OnlineUserService onlineUserService;
     private final UserService userService;
+    private final RoleService roleService;
 
     @Resource
     private LoginProperties loginProperties;
@@ -77,7 +81,6 @@ public class AuthorizationController {
     public ResponseEntity<Object> login(@Validated @RequestBody AuthUserDto authUser, HttpServletRequest request) throws Exception {
         // 密码解密 - 前端的加密规则: encrypt
         String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword());
-
         // 查询验证码
         String code = (String) redisUtils.get(authUser.getUuid());
         // 清除验证码
@@ -88,15 +91,14 @@ public class AuthorizationController {
         if (StrUtil.isEmpty(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
             throw new BadRequestException("验证码错误");
         }
-        // 保存在线信息
-//        onlineUserService.save(jwtUserDto, token, request);
         // 校验数据库
         // 根据用户名查询，在比对密码
         UserDto userDto = userService.findByName(authUser.getUsername()); // 拿不到已经抛出异常
         if (!userDto.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) { // 这里需要密码加密
             throw new BadRequestException("账号或密码错误");
         }
-        StpUtil.login(userDto.getId());
+        StpUtil.login(userDto.getId()); // 调用satoken登录
+
         // 保存用户信息到session - 登录输入，登出删除
         CurrentUser user = new CurrentUser();
         user.setId(userDto.getId());
@@ -107,10 +109,17 @@ public class AuthorizationController {
 
         // 返回一个User
         // 返回 token 与 用户信息
+        List<String> permissionList = roleService.getPermissionList(userDto.getId().toString());
+        JSONObject jsonObject = new JSONObject();
+        jsonObject.put("roles", permissionList);
+        jsonObject.put("user", userDto);
         Map<String, Object> authInfo = new HashMap<String, Object>(2) {{
             put("token", StpUtil.getTokenValue());
-            put("user", userDto);
+            put("user", jsonObject);
         }};
+
+        // 保存在线信息
+//        onlineUserService.save(jwtUserDto, token, request);
         return ResponseEntity.ok(authInfo);
     }
 
@@ -118,7 +127,12 @@ public class AuthorizationController {
     @ApiOperation("获取用户信息")
     @GetMapping(value = "/info")
     public ResponseEntity<Object> getUserInfo() {
-        return ResponseEntity.ok(SecurityUtils.getCurrentUser());
+        UserDto currentUser = (UserDto) SecurityUtils.getCurrentUser();
+        List<String> permissionList = roleService.getPermissionList(currentUser.getId().toString());
+        JSONObject jsonObject = new JSONObject();
+        jsonObject.put("roles", permissionList);
+        jsonObject.put("user", currentUser);
+        return ResponseEntity.ok(jsonObject);
     }
 
     @ApiOperation("获取验证码")

nladmin-system/src/main/java/org/nl/modules/security/satoken/SaTokenConfigure.java

@@ -2,8 +2,8 @@ package org.nl.modules.security.satoken;
 
 import cn.dev33.satoken.interceptor.SaInterceptor;
 import cn.dev33.satoken.stp.StpUtil;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 /**
@@ -11,10 +11,12 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
  * @description: sa-token的配置
  * @Date: 2022-09-20
  */
-@Configuration
+//@Configuration
 public class SaTokenConfigure implements WebMvcConfigurer {
 
-    String[] whitelist = new String[]{"/auth/login", "/auth/code"};
+    String[] whitelist = new String[]{"/auth/login", "/auth/code", "/swagger-ui.html", "/swagger-resources/**",
+            "/webjars/**", "/*/api-docs", "/avatar/**", "/file/**", "/druid/**", "/favicon.ico",
+            "/*.html", "/**/*.html", "/**/*.css", "/**/*.js","/webSocket/**"};
 
     // 注册 Sa-Token 拦截器，打开注解式鉴权功能
     @Override
@@ -24,4 +26,15 @@ public class SaTokenConfigure implements WebMvcConfigurer {
                 .addPathPatterns("/**")
                 .excludePathPatterns(whitelist); // 白名单
     }
+
+    /**
+     * 添加资源处理程序
+     * @param registry 注册表
+     */
+    @Override
+    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("/**").addResourceLocations("classpath:/resources/")
+                .addResourceLocations("classpath:/static/").addResourceLocations("classpath:/public/")
+                .resourceChain(false);
+    }
 }

nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java

@@ -18,14 +18,20 @@ package org.nl.modules.security.service;
 import cn.hutool.core.util.StrUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.nl.modules.security.service.dto.OnlineUserDto;
-import org.nl.utils.*;
+import org.nl.utils.EncryptUtils;
+import org.nl.utils.FileUtil;
+import org.nl.utils.PageUtil;
+import org.nl.utils.RedisUtils;
 import org.springframework.data.domain.Pageable;
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Service;
 
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
 
 /**
  * @author Zheng Jie
@@ -52,15 +58,15 @@ public class OnlineUserService {
      * @param token /
      * @param request /
      */
-//    public void save(JwtUserDto jwtUserDto, String token, HttpServletRequest request){
+//    public void save(UserDto userDto, String token, HttpServletRequest request){
-//        String dept = jwtUserDto.getUser().getDept().getName();
+//        String dept = userDto.getUser().getDept().getName();
 //        String ip = StringUtils.getIp(request);
 //        String browser = StringUtils.getBrowser(request);
 //        // String address = StringUtils.getCityInfo(ip);
 //        String address = "局域网";
 //        OnlineUserDto onlineUserDto = null;
 //        try {
-//            onlineUserDto = new OnlineUserDto(jwtUserDto.getUsername(), jwtUserDto.getUser().getNickName(), dept, browser , ip, address, EncryptUtils.desEncrypt(token), new Date());
+//            onlineUserDto = new OnlineUserDto(userDto.getUsername(), userDto.getUser().getNickName(), dept, browser , ip, address, EncryptUtils.desEncrypt(token), new Date());
 //        } catch (Exception e) {
 //            log.error(e.getMessage(),e);
 //        }

nladmin-ui/src/api/login.js

@@ -1,7 +1,7 @@
 import request from '@/utils/request'
 
 export function login(username, password, code, uuid) {
-  debugger
+  // debugger
   return request({
     url: 'auth/login',
     method: 'post',

nladmin-ui/src/utils/permission.js

@@ -5,11 +5,11 @@ import store from '@/store'
  * @returns {Boolean}
  * @example see @/views/permission/directive.vue
  */
-export default function checkPermission(value) {
+export default function checkPermission(value) { // 权限判断
   if (value && value instanceof Array && value.length > 0) {
     const roles = store.getters && store.getters.roles
     const permissionRoles = value
-
+    // debugger
     const hasPermission = roles.some(role => {
       return permissionRoles.includes(role)
     })

nladmin-ui/src/utils/request.js

@@ -17,7 +17,7 @@ const service = axios.create({
 // request拦截器
 service.interceptors.request.use(
   config => {
-    debugger
+    // debugger
     if (getToken()) {
       config.headers['Authorization'] = getToken() // 让每个请求携带自定义token 请根据实际情况自行修改
     }