From 163721bdc95d840e1bbc76fcbae259fc04dd4880 Mon Sep 17 00:00:00 2001 From: zhangzhiqiang Date: Tue, 14 Mar 2023 15:32:10 +0800 Subject: [PATCH] =?UTF-8?q?=E5=88=9D=E5=A7=8B=E5=8C=96=E9=A1=B9=E7=9B=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../secutiry/impl}/OnlineUserService.java | 122 ++++++++++++++---- 1 file changed, 99 insertions(+), 23 deletions(-) rename mes/hd/nladmin-system/src/main/java/org/nl/{modules/security/service => system/service/secutiry/impl}/OnlineUserService.java (51%) diff --git a/mes/hd/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java b/mes/hd/nladmin-system/src/main/java/org/nl/system/service/secutiry/impl/OnlineUserService.java similarity index 51% rename from mes/hd/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java rename to mes/hd/nladmin-system/src/main/java/org/nl/system/service/secutiry/impl/OnlineUserService.java index 18d12fc0..20035aec 100644 --- a/mes/hd/nladmin-system/src/main/java/org/nl/modules/security/service/OnlineUserService.java +++ b/mes/hd/nladmin-system/src/main/java/org/nl/system/service/secutiry/impl/OnlineUserService.java @@ -13,14 +13,29 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.nl.modules.security.service; +package org.nl.system.service.secutiry.impl; +import cn.dev33.satoken.secure.SaSecureUtil; +import cn.dev33.satoken.stp.SaLoginModel; +import cn.dev33.satoken.stp.StpUtil; import cn.hutool.core.util.StrUtil; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.JSONObject; +import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; +import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; -import org.nl.modules.security.config.bean.SecurityProperties; -import org.nl.modules.security.service.dto.JwtUserDto; -import org.nl.modules.security.service.dto.OnlineUserDto; -import org.nl.utils.*; +import org.nl.modules.common.config.RsaProperties; +import org.nl.modules.common.exception.BadRequestException; +import org.nl.modules.common.utils.*; +import org.nl.system.service.role.ISysRoleService; +import org.nl.system.service.secutiry.dto.AuthUserDto; +import org.nl.system.service.user.ISysUserService; +import org.nl.system.service.user.dao.SysUser; +import org.nl.system.service.user.dto.CurrentUser; +import org.nl.system.service.user.dto.OnlineUserDto; +import org.nl.system.service.user.dto.UserDto; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.data.domain.Pageable; import org.springframework.scheduling.annotation.Async; import org.springframework.stereotype.Service; @@ -38,32 +53,38 @@ import java.util.*; @Slf4j public class OnlineUserService { - private final SecurityProperties properties; + @Autowired + private ISysUserService sysUserService; + @Autowired + private ISysRoleService roleService; private final RedisUtils redisUtils; + @Value("${sa-token.cookie.domain}") + private String domain; - public OnlineUserService(SecurityProperties properties, RedisUtils redisUtils) { - this.properties = properties; + public OnlineUserService(RedisUtils redisUtils) { this.redisUtils = redisUtils; } /** * 保存在线用户信息 - * @param jwtUserDto / + * @param userDto / * @param token / * @param request / */ - public void save(JwtUserDto jwtUserDto, String token, HttpServletRequest request){ - String dept = jwtUserDto.getUser().getDept().getName(); + public void save(UserDto userDto, String token, HttpServletRequest request){ +// String dept = userDto.getDept().getName(); + String dept = ""; String ip = StringUtils.getIp(request); String browser = StringUtils.getBrowser(request); - String address = StringUtils.getCityInfo(ip); + // String address = StringUtils.getCityInfo(ip); + String address = "局域网"; OnlineUserDto onlineUserDto = null; try { - onlineUserDto = new OnlineUserDto(jwtUserDto.getUsername(), jwtUserDto.getUser().getNickName(), dept, browser , ip, address, EncryptUtils.desEncrypt(token), new Date()); +// onlineUserDto = new OnlineUserDto(userDto.getUsername(), userDto.getNickName(), dept, browser , ip, address, EncryptUtils.desEncrypt(token), new Date()); } catch (Exception e) { log.error(e.getMessage(),e); } - redisUtils.set(properties.getOnlineKey() + token, onlineUserDto, properties.getTokenValidityInSeconds()/1000); + redisUtils.set(token, onlineUserDto, StpUtil.getTokenTimeout()); } /** @@ -86,18 +107,21 @@ public class OnlineUserService { * @return / */ public List getAll(String filter){ - List keys = redisUtils.scan(properties.getOnlineKey() + "*"); + List keys = redisUtils.scan("*"); Collections.reverse(keys); List onlineUserDtos = new ArrayList<>(); for (String key : keys) { - OnlineUserDto onlineUserDto = (OnlineUserDto) redisUtils.get(key); - if(StrUtil.isNotEmpty(filter)){ - if(onlineUserDto.toString().contains(filter)){ + if (key.length() == 1511) { + OnlineUserDto onlineUserDto = (OnlineUserDto) redisUtils.get(key); + if(StrUtil.isNotEmpty(filter)){ + if(onlineUserDto.toString().contains(filter)){ + onlineUserDtos.add(onlineUserDto); + } + } else { onlineUserDtos.add(onlineUserDto); } - } else { - onlineUserDtos.add(onlineUserDto); } + } onlineUserDtos.sort((o1, o2) -> o2.getLoginTime().compareTo(o1.getLoginTime())); return onlineUserDtos; @@ -108,7 +132,6 @@ public class OnlineUserService { * @param key / */ public void kickOut(String key){ - key = properties.getOnlineKey() + key; redisUtils.del(key); } @@ -117,8 +140,7 @@ public class OnlineUserService { * @param token / */ public void logout(String token) { - String key = properties.getOnlineKey() + token; - redisUtils.del(key); + redisUtils.del(token); } /** @@ -190,4 +212,58 @@ public class OnlineUserService { } } } + @SneakyThrows + public Map login(Map paramMap){ + // 密码解密 - 前端的加密规则: encrypt + AuthUserDto authUser = JSON.toJavaObject((JSON) JSON.toJSON(paramMap), AuthUserDto.class); + String password = RsaUtils.decryptByPrivateKey(RsaProperties.privateKey, authUser.getPassword()); + // 查询验证码 + String code = (String) redisUtils.get(authUser.getUuid()); + // 清除验证码 + redisUtils.del(authUser.getUuid()); +// if (StrUtil.isEmpty(code)) { +// throw new BadRequestException("验证码不存在或已过期"); +// } +// if (StrUtil.isEmpty(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) { +// throw new BadRequestException("验证码错误"); +// } + // 校验数据库 + // 根据用户名查询,在比对密码 + SysUser userInfo = sysUserService.getOne(new QueryWrapper().eq("username",authUser.getUsername())); + if (userInfo == null||!userInfo.getPassword().equals(SaSecureUtil.md5BySalt(password, "salt"))) { // 这里需要密码加密 + throw new BadRequestException("账号或密码错误"); + } + + // 获取权限列表 - 登录查找权限 + List permissionList = roleService.getPermissionList((JSONObject) JSON.toJSON(userInfo)); + + + if (!userInfo.getIsUsed()) { + throw new BadRequestException("账号未激活"); + } + + // 登录输入,登出删除 + CurrentUser user = new CurrentUser(); + user.setId(userInfo.getUserId()); + user.setUsername(userInfo.getUsername()); + user.setPresonName((userInfo.getPersonName())); + user.setUser(userInfo); + user.setPermissions(permissionList); + + // SaLoginModel 配置登录相关参数 + StpUtil.login(userInfo.getUserId(), new SaLoginModel() + .setDevice("PC") // 此次登录的客户端设备类型, 用于[同端互斥登录]时指定此次登录的设备类型 + .setExtra("loginInfo", user) // Token挂载的扩展参数 (此方法只有在集成jwt插件时才会生效) + ); + + Map authInfo = new HashMap(2) {{ + put("token", StpUtil.getTokenValue()); + put("roles", permissionList); + put("domain", domain); + put("user", user); + }}; + // 保存在线信息 +// onlineUserService.save(userDto, StpUtil.getTokenValue(), request); + return authInfo; + } }