From 10daa4db644da65ad2a581b539a8c15b2ca86b4d Mon Sep 17 00:00:00 2001 From: Houpn Date: Thu, 31 Aug 2023 22:06:03 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E9=80=BB=E8=BE=91?= =?UTF-8?q?=E6=9F=A5=E8=AF=A2=E6=9B=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/LogiticsCompanyController.java | 4 +- .../mall/controller/WorkerAuthController.java | 95 ++++++++++++++++++- .../mall/controller/WorkerController.java | 2 +- 3 files changed, 96 insertions(+), 5 deletions(-) diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java index 017a9b7a..6557ce61 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java @@ -41,9 +41,9 @@ public class LogiticsCompanyController { @Autowired private LogiticsCompanyService companyService; - @RequestMapping(value = "/getAll", method = RequestMethod.GET) + @RequestMapping(value = "/getAll", method = RequestMethod.POST) @ApiOperation(value = "获取全部数据") - public Result> getAll(LogiticsCompany company) { + public Result> getAll(@RequestBody LogiticsCompany company) { List list = companyService.findByCondition(company); return new ResultUtil>().setData(list); } diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java index 296cd5f5..c8604c6f 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java @@ -5,22 +5,25 @@ import cc.hiver.core.common.annotation.SystemLog; import cc.hiver.core.common.constant.CommonConstant; import cc.hiver.core.common.constant.MessageConstant; import cc.hiver.core.common.constant.SettingConstant; +import cc.hiver.core.common.constant.WorkerConstant; import cc.hiver.core.common.enums.LogType; import cc.hiver.core.common.exception.HiverException; import cc.hiver.core.common.redis.RedisTemplateHelper; import cc.hiver.core.common.sms.SmsUtil; import cc.hiver.core.common.utils.*; import cc.hiver.core.common.vo.Result; +import cc.hiver.core.config.properties.HiverTokenProperties; import cc.hiver.core.entity.Worker; import cc.hiver.core.service.WorkerService; import cc.hiver.core.vo.WorkerDetailVO; -import cc.hiver.mall.common.constant.WorkerConstant; import cn.hutool.core.util.StrUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; @@ -37,6 +40,7 @@ import java.util.concurrent.TimeUnit; @RestController @Api(tags = "订单工登录接口") @RequestMapping("/hiver/auth/worker") +@CacheConfig(cacheNames = "worker") @Transactional public class WorkerAuthController { @@ -55,6 +59,18 @@ public class WorkerAuthController { @Autowired private SmsUtil smsUtil; + @Autowired + private HiverTokenProperties tokenProperties; + + public static final String LOGIN_FAIL_FLAG = "WORKER_LOGIN_FAIL_FLAG:"; + + public static final String LOGIN_TIME_LIMIT = "WORKER_LOGIN_TIME_LIMIT:"; + + public static final Integer LOGIN_FAIL_TIP_TIME = 3; + + + public static final String WORKER = "worker::"; + @RequestMapping(value = "/app/login/{workerId}", method = RequestMethod.POST) @ApiOperation(value = "app抢单登录接口") public Result login(@ApiParam("唯一id标识") @PathVariable String workerId, HttpSession httpSession) { @@ -120,7 +136,82 @@ public class WorkerAuthController { } - @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.POST) + @RequestMapping(value = "/login", method = RequestMethod.POST) + @SystemLog(description = "账号登录", type = LogType.LOGIN) + @ApiOperation(value = "账号登录") + public Result login(@RequestParam String username, + @RequestParam String password) { + boolean saveLogin = true; + String loginFailKey = LOGIN_FAIL_FLAG + username; + String loginTimeKey = LOGIN_TIME_LIMIT + username; + + String valueFailFlag = redisTemplate.get(loginFailKey); + Long timeRest = redisTemplate.getExpire(loginFailKey, TimeUnit.MINUTES); + if (StrUtil.isNotBlank(valueFailFlag)) { + // 超过限制次数 + return ResultUtil.error("登录错误次数超过限制,请" + timeRest + "分钟后再试"); + } + Worker worker = securityUtil.checkWorkerPassword(username, password); + if (worker == null) { + // 记录密码错误次数 + String valueTime = redisTemplate.get(loginTimeKey); + if (StrUtil.isBlank(valueTime)) { + valueTime = "0"; + } + // 获取已登录错误次数 + Integer loginFailTime = Integer.parseInt(valueTime) + 1; + redisTemplate.set(loginTimeKey, loginFailTime.toString(), tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES); + if (loginFailTime >= tokenProperties.getLoginTimeLimit()) { + redisTemplate.set(loginFailKey, "FAIL", tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES); + } + int restLoginTime = tokenProperties.getLoginTimeLimit() - loginFailTime; + if (restLoginTime > 0 && restLoginTime <= LOGIN_FAIL_TIP_TIME) { + return ResultUtil.error("账号或密码错误,还有" + restLoginTime + "次尝试机会"); + } else if (restLoginTime <= 0) { + return ResultUtil.error("登录错误次数超过限制,请" + tokenProperties.getLoginAfterTime() + "分钟后再试"); + } + return ResultUtil.error("账号或密码错误"); + } + String accessToken = securityUtil.getAppYSToken(worker, saveLogin); + return ResultUtil.data(accessToken); + } + + /** + * 线上demo不允许测试账号改密码 + * + * @param password + * @param newPass + * @return + */ + @RequestMapping(value = "/modifyPass", method = RequestMethod.POST) + @ApiOperation(value = "修改密码") + public Result modifyPass(@ApiParam("旧密码") @RequestParam String password, + @ApiParam("新密码") @RequestParam String newPass) { + Worker worker = securityUtil.getCurrWorker(); + if (!new BCryptPasswordEncoder().matches(password, worker.getPassword())) { + return ResultUtil.error("旧密码不正确"); + } + String newEncryptPass = new BCryptPasswordEncoder().encode(newPass); + worker.setPassword(newEncryptPass); + workerService.update(worker); + // 手动更新缓存 + redisTemplate.delete(WORKER + worker.getUsername()); + return ResultUtil.success("修改密码成功"); + } + + @RequestMapping(value = "/resetPass", method = RequestMethod.POST) + @ApiOperation(value = "重置密码") + public Result resetPass(@RequestParam String[] ids) { + for (String id : ids) { + Worker u = workerService.get(id); + u.setPassword(new BCryptPasswordEncoder().encode("123456")); + workerService.update(u); + redisTemplate.delete(WORKER + u.getUsername()); + } + return ResultUtil.success("操作成功"); + } + + @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.GET) @ApiOperation(value = "app端查询订单工详情页") public Result disable(@ApiParam("用户唯一id标识") @PathVariable String workerId) { Worker worker = workerService.get(workerId); diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java index 19cdcf35..b6265d17 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java @@ -53,7 +53,7 @@ public class WorkerController { } - @RequestMapping(value = "/getWXByCondition", method = RequestMethod.GET) + @RequestMapping(value = "/getWXByCondition", method = RequestMethod.POST) @ApiOperation(value = "多条件获取订单列表-小程序") public Result> getByCondition(@RequestBody WorkerQueryVO worker) { List workerList = workerService.findByCondition(worker); From 944fa89421ee1ace38862c1ba33419229d4e8de3 Mon Sep 17 00:00:00 2001 From: Houpn Date: Tue, 29 Aug 2023 21:00:21 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E5=90=8D=E5=AF=86=E7=A0=81=E7=99=BB=E5=BD=95=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/common/constant/WorkerConstant.java | 4 +- .../hiver/core/common/utils/SecurityUtil.java | 51 ++++++++++++++++++- .../java/cc/hiver/core/dao/WorkerDao.java | 2 + .../mall/common/constant/WorkerConstant.java | 24 --------- .../mall/controller/WorkerController.java | 4 +- 5 files changed, 56 insertions(+), 29 deletions(-) delete mode 100644 hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/common/constant/WorkerConstant.java diff --git a/hiver-core/src/main/java/cc/hiver/core/common/constant/WorkerConstant.java b/hiver-core/src/main/java/cc/hiver/core/common/constant/WorkerConstant.java index 2caf5638..1e3c1e31 100644 --- a/hiver-core/src/main/java/cc/hiver/core/common/constant/WorkerConstant.java +++ b/hiver-core/src/main/java/cc/hiver/core/common/constant/WorkerConstant.java @@ -14,11 +14,11 @@ public interface WorkerConstant { /** * 抢单工不可接单状态(押金不足) */ - Integer USER_STATUS_LOCK = 2; + Integer WORKER_STATUS_LOCK = 2; /** * 抢单工禁用状态(管理员直接禁用) */ - Integer USER_STATUS_DISABLE = 3; + Integer WORKER_STATUS_DISABLE = 3; } diff --git a/hiver-core/src/main/java/cc/hiver/core/common/utils/SecurityUtil.java b/hiver-core/src/main/java/cc/hiver/core/common/utils/SecurityUtil.java index 8aabc279..3b7f66cd 100644 --- a/hiver-core/src/main/java/cc/hiver/core/common/utils/SecurityUtil.java +++ b/hiver-core/src/main/java/cc/hiver/core/common/utils/SecurityUtil.java @@ -98,9 +98,25 @@ public class SecurityUtil { return user; } + public Worker findWorkerByUsername(String username) { + String key = "workername::" + username; + // 读取缓存 + String res = redisTemplate.get(key); + if (StrUtil.isNotBlank(res)) { + return new Gson().fromJson(res, Worker.class); + } + Worker worker = workerDao.findByUsername(username); + // 缓存 + redisTemplate.set(key, new Gson().toJson(worker), 15L, TimeUnit.DAYS); + return worker; + } + public User findUserByMobile(String mobile) { return userToDTO(userDao.findByMobile(mobile)); } + public Worker findWorkerByMobile(String mobile) { + return workerDao.findByMobile(mobile); + } public User findUserByEmail(String email) { return userToDTO(userDao.findByEmail(email)); @@ -145,6 +161,25 @@ public class SecurityUtil { return user; } + public Worker checkWorkerPassword(String username, String password) { + Worker worker; + // 校验用户名 + if (NameUtil.mobile(username)) { + worker = findWorkerByMobile(username); + } else { + worker = findWorkerByUsername(username); + } + if (worker == null) { + return null; + } + // 校验密码 + Boolean isValid = new BCryptPasswordEncoder().matches(password, worker.getPassword()); + if (!isValid) { + return null; + } + return worker; + } + public String getToken(String username, Boolean saveLogin) { if (StrUtil.isBlank(username)) { throw new HiverException("username不能为空"); @@ -221,6 +256,20 @@ public class SecurityUtil { return findUserByUsername(authentication.getName()); } + /** + * 获取当前登录用户 包含所有信息 + * + * @return + */ + public Worker getCurrWorker() { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + if (authentication == null || !authentication.isAuthenticated() || authentication.getName() == null + || authentication instanceof AnonymousAuthenticationToken) { + throw new HiverException("未检测到登录用户"); + } + return findWorkerByUsername(authentication.getName()); + } + /** * 获取当前登录用户部分基本信息 id、username、nickname、mobile、email、departmentId、type、permissions(角色和菜单名) * @@ -464,7 +513,7 @@ public class SecurityUtil { if (worker == null) { throw new HiverException("worker不能为空"); } - if (WorkerConstant.USER_STATUS_DISABLE.equals(worker.getWorkerStatus())) { + if (WorkerConstant.WORKER_STATUS_DISABLE.equals(worker.getWorkerStatus())) { throw new HiverException("账户被禁用,请联系管理员"); } diff --git a/hiver-core/src/main/java/cc/hiver/core/dao/WorkerDao.java b/hiver-core/src/main/java/cc/hiver/core/dao/WorkerDao.java index 44a2de26..170dba42 100644 --- a/hiver-core/src/main/java/cc/hiver/core/dao/WorkerDao.java +++ b/hiver-core/src/main/java/cc/hiver/core/dao/WorkerDao.java @@ -8,4 +8,6 @@ public interface WorkerDao extends HiverBaseDao { Worker findByMobile(String mobile); Worker findByWorkerId(String workerId); + + Worker findByUsername(String username); } \ No newline at end of file diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/common/constant/WorkerConstant.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/common/constant/WorkerConstant.java deleted file mode 100644 index bb4a497c..00000000 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/common/constant/WorkerConstant.java +++ /dev/null @@ -1,24 +0,0 @@ -package cc.hiver.mall.common.constant; - -/** - * 用户常量 - * - * @author Yazhi Li - */ -public interface WorkerConstant { - - /** - * 抢单工正常抢单状态 - */ - Integer WORKER_STATUS_NORMAL = 1; - /** - * 抢单工不可接单状态(押金不足) - */ - Integer USER_STATUS_LOCK = 2; - - /** - * 抢单工禁用状态(管理员直接禁用) - */ - Integer USER_STATUS_DISABLE = 3; - -} diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java index b6265d17..9f0982ff 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java @@ -1,10 +1,10 @@ package cc.hiver.mall.controller; +import cc.hiver.core.common.constant.WorkerConstant; import cc.hiver.core.common.utils.*; import cc.hiver.core.entity.Worker; import cc.hiver.core.service.WorkerService; -import cc.hiver.mall.common.constant.WorkerConstant; import cc.hiver.core.common.vo.PageVo; import cc.hiver.core.common.vo.Result; import cc.hiver.core.common.vo.SearchVo; @@ -122,7 +122,7 @@ public class WorkerController { @ApiOperation(value = "后台人工禁用抢单工") public Result disable(@ApiParam("用户唯一id标识") @PathVariable String workerId) { Worker worker = workerService.get(workerId); - worker.setWorkerStatus(WorkerConstant.USER_STATUS_DISABLE); + worker.setWorkerStatus(WorkerConstant.WORKER_STATUS_DISABLE); workerService.update(worker); // 手动更新缓存 //redisTemplate.delete(WORKER + worker.getWorkerId());