Merge branch 'dev-new-houpn' into dev

hiver-core/src/main/java/cc/hiver/core/common/constant/WorkerConstant.java

@@ -14,11 +14,11 @@ public interface WorkerConstant {
     /**
      * 抢单工不可接单状态(押金不足)
      */
-    Integer USER_STATUS_LOCK = 2;
+    Integer WORKER_STATUS_LOCK = 2;
 
     /**
      * 抢单工禁用状态(管理员直接禁用)
      */
-    Integer USER_STATUS_DISABLE = 3;
+    Integer WORKER_STATUS_DISABLE = 3;
 
 }

hiver-core/src/main/java/cc/hiver/core/common/utils/SecurityUtil.java

@@ -98,9 +98,25 @@ public class SecurityUtil {
         return user;
     }
 
+    public Worker findWorkerByUsername(String username) {
+        String key = "workername::" + username;
+        // 读取缓存
+        String res = redisTemplate.get(key);
+        if (StrUtil.isNotBlank(res)) {
+            return new Gson().fromJson(res, Worker.class);
+        }
+        Worker worker = workerDao.findByUsername(username);
+        // 缓存
+        redisTemplate.set(key, new Gson().toJson(worker), 15L, TimeUnit.DAYS);
+        return worker;
+    }
+
     public User findUserByMobile(String mobile) {
         return userToDTO(userDao.findByMobile(mobile));
     }
+    public Worker findWorkerByMobile(String mobile) {
+        return workerDao.findByMobile(mobile);
+    }
 
     public User findUserByEmail(String email) {
         return userToDTO(userDao.findByEmail(email));
@@ -145,6 +161,25 @@ public class SecurityUtil {
         return user;
     }
 
+    public Worker checkWorkerPassword(String username, String password) {
+        Worker worker;
+        // 校验用户名
+        if (NameUtil.mobile(username)) {
+            worker = findWorkerByMobile(username);
+        } else {
+            worker = findWorkerByUsername(username);
+        }
+        if (worker == null) {
+            return null;
+        }
+        // 校验密码
+        Boolean isValid = new BCryptPasswordEncoder().matches(password, worker.getPassword());
+        if (!isValid) {
+            return null;
+        }
+        return worker;
+    }
+
     public String getToken(String username, Boolean saveLogin) {
         if (StrUtil.isBlank(username)) {
             throw new HiverException("username不能为空");
@@ -221,6 +256,20 @@ public class SecurityUtil {
         return findUserByUsername(authentication.getName());
     }
 
+    /**
+     * 获取当前登录用户 包含所有信息
+     *
+     * @return
+     */
+    public Worker getCurrWorker() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null || !authentication.isAuthenticated() || authentication.getName() == null
+                || authentication instanceof AnonymousAuthenticationToken) {
+            throw new HiverException("未检测到登录用户");
+        }
+        return findWorkerByUsername(authentication.getName());
+    }
+
     /**
      * 获取当前登录用户部分基本信息 id、username、nickname、mobile、email、departmentId、type、permissions（角色和菜单名）
      *
@@ -464,7 +513,7 @@ public class SecurityUtil {
         if (worker == null) {
             throw new HiverException("worker不能为空");
         }
-        if (WorkerConstant.USER_STATUS_DISABLE.equals(worker.getWorkerStatus())) {
+        if (WorkerConstant.WORKER_STATUS_DISABLE.equals(worker.getWorkerStatus())) {
             throw new HiverException("账户被禁用，请联系管理员");
         }
 

hiver-core/src/main/java/cc/hiver/core/dao/WorkerDao.java

@@ -8,4 +8,6 @@ public interface WorkerDao extends HiverBaseDao<Worker, String> {
     Worker findByMobile(String mobile);
 
     Worker findByWorkerId(String workerId);
+
+    Worker findByUsername(String username);
 }

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/common/constant/WorkerConstant.java

@@ -1,24 +0,0 @@
-package cc.hiver.mall.common.constant;
-
-/**
- * 用户常量
- *
- * @author Yazhi Li
- */
-public interface WorkerConstant {
-
-    /**
-     * 抢单工正常抢单状态
-     */
-    Integer WORKER_STATUS_NORMAL = 1;
-    /**
-     * 抢单工不可接单状态(押金不足)
-     */
-    Integer USER_STATUS_LOCK = 2;
-
-    /**
-     * 抢单工禁用状态(管理员直接禁用)
-     */
-    Integer USER_STATUS_DISABLE = 3;
-
-}

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java

@@ -41,9 +41,9 @@ public class LogiticsCompanyController {
     @Autowired
     private LogiticsCompanyService companyService;
 
-    @RequestMapping(value = "/getAll", method = RequestMethod.GET)
+    @RequestMapping(value = "/getAll", method = RequestMethod.POST)
     @ApiOperation(value = "获取全部数据")
-    public Result<List<LogiticsCompany>> getAll(LogiticsCompany company) {
+    public Result<List<LogiticsCompany>> getAll(@RequestBody LogiticsCompany company) {
         List<LogiticsCompany> list = companyService.findByCondition(company);
         return new ResultUtil<List<LogiticsCompany>>().setData(list);
     }

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java

@@ -5,22 +5,25 @@ import cc.hiver.core.common.annotation.SystemLog;
 import cc.hiver.core.common.constant.CommonConstant;
 import cc.hiver.core.common.constant.MessageConstant;
 import cc.hiver.core.common.constant.SettingConstant;
+import cc.hiver.core.common.constant.WorkerConstant;
 import cc.hiver.core.common.enums.LogType;
 import cc.hiver.core.common.exception.HiverException;
 import cc.hiver.core.common.redis.RedisTemplateHelper;
 import cc.hiver.core.common.sms.SmsUtil;
 import cc.hiver.core.common.utils.*;
 import cc.hiver.core.common.vo.Result;
+import cc.hiver.core.config.properties.HiverTokenProperties;
 import cc.hiver.core.entity.Worker;
 import cc.hiver.core.service.WorkerService;
 import cc.hiver.core.vo.WorkerDetailVO;
-import cc.hiver.mall.common.constant.WorkerConstant;
 import cn.hutool.core.util.StrUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 
@@ -37,6 +40,7 @@ import java.util.concurrent.TimeUnit;
 @RestController
 @Api(tags = "订单工登录接口")
 @RequestMapping("/hiver/auth/worker")
+@CacheConfig(cacheNames = "worker")
 @Transactional
 public class WorkerAuthController {
 
@@ -55,6 +59,18 @@ public class WorkerAuthController {
     @Autowired
     private SmsUtil smsUtil;
 
+    @Autowired
+    private HiverTokenProperties tokenProperties;
+
+    public static final String LOGIN_FAIL_FLAG = "WORKER_LOGIN_FAIL_FLAG:";
+
+    public static final String LOGIN_TIME_LIMIT = "WORKER_LOGIN_TIME_LIMIT:";
+
+    public static final Integer LOGIN_FAIL_TIP_TIME = 3;
+
+
+    public static final String WORKER = "worker::";
+
     @RequestMapping(value = "/app/login/{workerId}", method = RequestMethod.POST)
     @ApiOperation(value = "app抢单登录接口")
     public Result login(@ApiParam("唯一id标识") @PathVariable String workerId, HttpSession httpSession) {
@@ -120,7 +136,82 @@ public class WorkerAuthController {
     }
 
 
-    @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.POST)
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    @SystemLog(description = "账号登录", type = LogType.LOGIN)
+    @ApiOperation(value = "账号登录")
+    public Result login(@RequestParam String username,
+                        @RequestParam String password) {
+        boolean saveLogin = true;
+        String loginFailKey = LOGIN_FAIL_FLAG + username;
+        String loginTimeKey = LOGIN_TIME_LIMIT + username;
+
+        String valueFailFlag = redisTemplate.get(loginFailKey);
+        Long timeRest = redisTemplate.getExpire(loginFailKey, TimeUnit.MINUTES);
+        if (StrUtil.isNotBlank(valueFailFlag)) {
+            // 超过限制次数
+            return ResultUtil.error("登录错误次数超过限制，请" + timeRest + "分钟后再试");
+        }
+        Worker worker = securityUtil.checkWorkerPassword(username, password);
+        if (worker == null) {
+            // 记录密码错误次数
+            String valueTime = redisTemplate.get(loginTimeKey);
+            if (StrUtil.isBlank(valueTime)) {
+                valueTime = "0";
+            }
+            // 获取已登录错误次数
+            Integer loginFailTime = Integer.parseInt(valueTime) + 1;
+            redisTemplate.set(loginTimeKey, loginFailTime.toString(), tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES);
+            if (loginFailTime >= tokenProperties.getLoginTimeLimit()) {
+                redisTemplate.set(loginFailKey, "FAIL", tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES);
+            }
+            int restLoginTime = tokenProperties.getLoginTimeLimit() - loginFailTime;
+            if (restLoginTime > 0 && restLoginTime <= LOGIN_FAIL_TIP_TIME) {
+                return ResultUtil.error("账号或密码错误，还有" + restLoginTime + "次尝试机会");
+            } else if (restLoginTime <= 0) {
+                return ResultUtil.error("登录错误次数超过限制，请" + tokenProperties.getLoginAfterTime() + "分钟后再试");
+            }
+            return ResultUtil.error("账号或密码错误");
+        }
+        String accessToken = securityUtil.getAppYSToken(worker, saveLogin);
+        return ResultUtil.data(accessToken);
+    }
+
+    /**
+     * 线上demo不允许测试账号改密码
+     *
+     * @param password
+     * @param newPass
+     * @return
+     */
+    @RequestMapping(value = "/modifyPass", method = RequestMethod.POST)
+    @ApiOperation(value = "修改密码")
+    public Result modifyPass(@ApiParam("旧密码") @RequestParam String password,
+                             @ApiParam("新密码") @RequestParam String newPass) {
+        Worker worker = securityUtil.getCurrWorker();
+        if (!new BCryptPasswordEncoder().matches(password, worker.getPassword())) {
+            return ResultUtil.error("旧密码不正确");
+        }
+        String newEncryptPass = new BCryptPasswordEncoder().encode(newPass);
+        worker.setPassword(newEncryptPass);
+        workerService.update(worker);
+        // 手动更新缓存
+        redisTemplate.delete(WORKER + worker.getUsername());
+        return ResultUtil.success("修改密码成功");
+    }
+
+    @RequestMapping(value = "/resetPass", method = RequestMethod.POST)
+    @ApiOperation(value = "重置密码")
+    public Result resetPass(@RequestParam String[] ids) {
+        for (String id : ids) {
+            Worker u = workerService.get(id);
+            u.setPassword(new BCryptPasswordEncoder().encode("123456"));
+            workerService.update(u);
+            redisTemplate.delete(WORKER + u.getUsername());
+        }
+        return ResultUtil.success("操作成功");
+    }
+
+    @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.GET)
     @ApiOperation(value = "app端查询订单工详情页")
     public Result disable(@ApiParam("用户唯一id标识") @PathVariable String workerId) {
         Worker worker = workerService.get(workerId);

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java

@@ -1,10 +1,10 @@
 package cc.hiver.mall.controller;
 
 
+import cc.hiver.core.common.constant.WorkerConstant;
 import cc.hiver.core.common.utils.*;
 import cc.hiver.core.entity.Worker;
 import cc.hiver.core.service.WorkerService;
-import cc.hiver.mall.common.constant.WorkerConstant;
 import cc.hiver.core.common.vo.PageVo;
 import cc.hiver.core.common.vo.Result;
 import cc.hiver.core.common.vo.SearchVo;
@@ -53,7 +53,7 @@ public class WorkerController {
     }
 
 
-    @RequestMapping(value = "/getWXByCondition", method = RequestMethod.GET)
+    @RequestMapping(value = "/getWXByCondition", method = RequestMethod.POST)
     @ApiOperation(value = "多条件获取订单列表-小程序")
     public Result<List<Worker>> getByCondition(@RequestBody WorkerQueryVO worker) {
         List<Worker> workerList = workerService.findByCondition(worker);
@@ -122,7 +122,7 @@ public class WorkerController {
     @ApiOperation(value = "后台人工禁用抢单工")
     public Result disable(@ApiParam("用户唯一id标识") @PathVariable String workerId) {
         Worker worker = workerService.get(workerId);
-        worker.setWorkerStatus(WorkerConstant.USER_STATUS_DISABLE);
+        worker.setWorkerStatus(WorkerConstant.WORKER_STATUS_DISABLE);
         workerService.update(worker);
         // 手动更新缓存
         //redisTemplate.delete(WORKER + worker.getWorkerId());