ClientApps/CN_Gather
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

微调

Browse Source
This commit is contained in:
caozehui
2025-03-24 10:50:22 +08:00
parent 4d61cfc490
commit 0e1fb0e254
9 changed files with 40 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
user/src/main/java/com/njcn/gather/user/pojo/constant/UserValidMessage.java
View File

@@ -43,4 +43,10 @@ public interface UserValidMessage {
String PARAM_FORMAT_ERROR = "参数值非法";
String LOGIN_FAILED = "登录失败,用户名或密码错误";
String TOKEN_VALID_ERROR = "非法的token";
String TOKEN_EXPIRED = "token已过期请重新登录";
String ACCESS_TOKEN_EXPIRED = "access-token已过期";
}

142
user/src/main/java/com/njcn/gather/user/user/controller/AuthController.java Normal file
View File

@@ -0,0 +1,142 @@
package com.njcn.gather.user.user.controller;
import cn.hutool.core.date.DateUnit;
import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.spring.SpringUtil;
import com.alibaba.fastjson.JSON;
import com.njcn.common.bean.CustomCacheUtil;
import com.njcn.common.pojo.annotation.OperateInfo;
import com.njcn.common.pojo.constant.OperateType;
import com.njcn.common.pojo.constant.SecurityConstants;
import com.njcn.common.pojo.enums.common.LogEnum;
import com.njcn.common.pojo.enums.response.CommonResponseEnum;
import com.njcn.common.pojo.response.HttpResult;
import com.njcn.common.utils.JwtUtil;
import com.njcn.common.utils.LogUtil;
import com.njcn.gather.user.pojo.constant.UserValidMessage;
import com.njcn.gather.user.user.pojo.param.SysUserParam;
import com.njcn.gather.user.user.pojo.po.SysUser;
import com.njcn.gather.user.user.pojo.po.Token;
import com.njcn.gather.user.user.service.ISysUserService;
import com.njcn.web.controller.BaseController;
import com.njcn.web.utils.HttpResultUtil;
import com.njcn.web.utils.RequestUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.Map;
@Slf4j
@RestController
@Api(tags = "登录/注销")
@RequestMapping("/admin")
@RequiredArgsConstructor
public class AuthController extends BaseController {
private final ISysUserService sysUserService;
// @RequestMapping("/login")
// public HttpResult<Token> login() {
// Token token = new Token();
// token.setAccessToken("bqddxxwqmfncffacvbpkuxvwvqrhln");
// HttpResult<Token> result = new HttpResult<>();
// result.setMessage("成功");
// result.setCode("A0000");
// result.setData(token);
// return result;
// }
//
// @RequestMapping("/logout")
// public HttpResult<String> logout() {
// HttpResult<String> result = new HttpResult<>();
// result.setMessage("成功");
// result.setCode("A0000");
// result.setData("退出成功");
// return result;
// }
@OperateInfo(info = LogEnum.SYSTEM_COMMON, operateType = OperateType.AUTHENTICATE)
@PostMapping("/login")
@ApiOperation("登录")
public HttpResult<Object> login(@RequestBody SysUserParam.LoginParam param) {
String methodDescribe = getMethodDescribe("login");
LogUtil.njcnDebug(log, "{},登录参数为:{}", methodDescribe, param);
SysUser user = sysUserService.getUserByLoginNameAndPassword(param.getUsername(), param.getPassword());
if (user == null) {
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.FAIL, null, UserValidMessage.LOGIN_FAILED);
} else {
String accessToken = JwtUtil.getAccessToken(user.getId());
String refreshToken = JwtUtil.getRefreshToken(accessToken);
Token token = new Token();
token.setAccessToken(accessToken);
token.setRefreshToken(refreshToken);
Map<String, Object> map = new HashMap<>();
map.put("name", user.getName());
token.setUserInfo(map);
CustomCacheUtil customCacheUtil = SpringUtil.getBean(CustomCacheUtil.CACHE_NAME);
customCacheUtil.putWithExpireTime(accessToken, JSON.toJSONString(user), DateUnit.DAY.getMillis() * 2);
//sysLogAuditService.saveAuthLog(user.getName(), 1);
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, token, methodDescribe);
}
}
@OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.LOGOUT)
@ApiOperation("注销登录")
@PostMapping("/logout")
public HttpResult<Object> logout() {
String methodDescribe = getMethodDescribe("logout");
LogUtil.njcnDebug(log, "{},注销登录", methodDescribe);
String accessToken = RequestUtil.getAccessToken();
if (StrUtil.isNotBlank(accessToken)) {
CustomCacheUtil customCacheUtil = SpringUtil.getBean(CustomCacheUtil.CACHE_NAME);
customCacheUtil.remove(accessToken);
Map<String, Object> map = JwtUtil.parseToken(accessToken);
SysUser user = sysUserService.getById((String) map.get(SecurityConstants.USER_ID));
//sysLogAuditService.saveAuthLog(user.getName(), 2);
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, null, methodDescribe);
}
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.FAIL, null, methodDescribe);
}
@OperateInfo(info = LogEnum.SYSTEM_COMMON)
@ApiOperation("刷新token")
@GetMapping("/refreshToken")
public HttpResult<Object> refreshToken() {
String methodDescribe = getMethodDescribe("refreshToken");
LogUtil.njcnDebug(log, "{}刷新token", methodDescribe);
String accessToken = RequestUtil.getAccessToken();
Token token = new Token();
if (StrUtil.isNotBlank(accessToken)) {
Map<String, Object> map = JwtUtil.parseToken(accessToken);
String userId = (String) map.get(SecurityConstants.USER_ID);
SysUser user = sysUserService.getById(userId);
String accessTokenNew = JwtUtil.getAccessToken(userId);
String refreshTokenNew = JwtUtil.getRefreshToken(accessTokenNew);
token.setAccessToken(accessTokenNew);
token.setRefreshToken(refreshTokenNew);
CustomCacheUtil customCacheUtil = SpringUtil.getBean(CustomCacheUtil.CACHE_NAME);
customCacheUtil.remove(accessToken);
customCacheUtil.putWithExpireTime(accessTokenNew, JSON.toJSONString(user), DateUnit.DAY.getMillis() * 2);
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, token, methodDescribe);
} else {
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.FAIL, null, methodDescribe);
}
}
}

80
user/src/main/java/com/njcn/gather/user/user/filter/AuthGlobalFilter.java Normal file
View File

@@ -0,0 +1,80 @@
package com.njcn.gather.user.user.filter;
import cn.hutool.core.util.StrUtil;
import com.njcn.common.pojo.constant.SecurityConstants;
import com.njcn.common.utils.JwtUtil;
import com.njcn.gather.user.pojo.constant.UserValidMessage;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.Ordered;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
/**
* @author caozehui
* @data 2024/11/18
*/
@Slf4j
@Component
public class AuthGlobalFilter implements Filter, Ordered {
private final static List<String> IGNORE_URI = Arrays.asList("/admin/login", "/report/generateReport");
@Override
public int getOrder() {
return 0;
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
//设置允许跨域的配置
// 这里填写允许进行跨域的主机ip正式上线时可以动态配置具体允许的域名和IP
//rep.setHeader("Access-Control-Allow-Origin", "*");
// 允许的访问方法
//rep.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE, PATCH");
// Access-Control-Max-Age 用于 CORS 相关配置的缓存
//rep.setHeader("Access-Control-Max-Age", "3600");
//rep.setHeader("Access-Control-Allow-Headers", "token,Origin, X-Requested-With, Content-Type, Accept");
res.setCharacterEncoding("UTF-8");
res.setContentType("application/json; charset=utf-8");
String requestURI = req.getRequestURI();
if (IGNORE_URI.contains(requestURI)) {
filterChain.doFilter(req, res);
} else {
String accessTokenStr = req.getHeader(SecurityConstants.AUTHORIZATION_KEY);
String isRefreshToken = req.getHeader(SecurityConstants.IS_REFRESH_TOKEN);
if (StrUtil.isBlank(accessTokenStr) || !accessTokenStr.startsWith(SecurityConstants.AUTHORIZATION_PREFIX)) {
res.getWriter().write("{\"code\": 4001, \"message\":\"" + UserValidMessage.TOKEN_VALID_ERROR + "\"}"); //前端重定向到登录页面
return;
}
String accessToken = accessTokenStr.substring(SecurityConstants.AUTHORIZATION_PREFIX.length());
try {
if (StrUtil.isBlank(accessToken) || !JwtUtil.verifyToken(accessToken)) {
res.getWriter().write("{\"code\": 4001, \"message\":\"" + UserValidMessage.TOKEN_VALID_ERROR + "\"}"); //前端重定向到登录页面
} else if (JwtUtil.isExpired(accessToken)) {
if ("true".equals(isRefreshToken)) {
res.getWriter().write("{\"code\": 4001, \"message\":\"" + UserValidMessage.TOKEN_EXPIRED + "\"}"); //前端重定向到登录页面
} else {
res.getWriter().write("{\"code\": 401, \"message\":\"" + UserValidMessage.ACCESS_TOKEN_EXPIRED + "\"}"); //前端发起refreshToken请求
}
} else {
filterChain.doFilter(req, res);
}
} catch (Exception e) {
res.getWriter().write("{\"code\": 4001, \"message\":\"" + UserValidMessage.TOKEN_VALID_ERROR + "\"}");
}
}
}
}

16
user/src/main/java/com/njcn/gather/user/user/pojo/po/Token.java Normal file
View File

@@ -0,0 +1,16 @@
package com.njcn.gather.user.user.pojo.po;
import lombok.Data;
import java.util.Map;
@Data
public class Token {
private String accessToken;
private String refreshToken;
private Map<String, Object> userInfo;
}