package com.dy.sso.busi;
|
|
import com.dy.common.aop.SsoVo;
|
import com.dy.common.multiDataSource.DataSourceContext;
|
import com.dy.common.util.MD5;
|
import com.dy.common.webUtil.BaseResponse;
|
import com.dy.common.webUtil.BaseResponseUtils;
|
import com.dy.common.webUtil.ResultCodeMsg;
|
import com.dy.pipIrrGlobal.pojoBa.BaUser;
|
import com.dy.pipIrrGlobal.util.Org;
|
import com.mysql.cj.util.StringUtils;
|
import io.swagger.v3.oas.annotations.Hidden;
|
import io.swagger.v3.oas.annotations.Operation;
|
import io.swagger.v3.oas.annotations.Parameter;
|
import io.swagger.v3.oas.annotations.media.Content;
|
import io.swagger.v3.oas.annotations.media.Schema;
|
import io.swagger.v3.oas.annotations.responses.ApiResponse;
|
import io.swagger.v3.oas.annotations.responses.ApiResponses;
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
import jakarta.servlet.http.HttpServletRequest;
|
import jakarta.validation.Valid;
|
import lombok.extern.slf4j.Slf4j;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.http.MediaType;
|
import org.springframework.validation.BindingResult;
|
import org.springframework.web.bind.annotation.*;
|
|
import java.util.*;
|
|
/**
|
* 注解Tag 在API中显示: Tag 注解, 给整个接口起了个名字与描述"
|
* 注解ApiResponses 和 注解ApiResponse 用来配置响应;
|
* 注解Operation 用来设置接口名称和描述;
|
* 注解Parameter 用来设置请求参数的描述、是否必填和示例。
|
*/
|
@Slf4j
|
@Tag(name = "用户登录", description = "单点登录系统(sso)")
|
@RestController
|
@RequestMapping(path="sso")
|
@SuppressWarnings("unchecked")//java版本越高,对泛型约束越严,所以配置SuppressWarnings("unchecked")
|
public class SsoCtrl {
|
//万用token
|
private static final String UniversalUserToken = "0000-0000-1234-9876-5";
|
|
//在属性上注解@Autowired时,会警告 Field injection is not recommended(不再推荐使用字段注入)
|
private SsoSv sv ;
|
|
//private KaptchaConfig kaptchaConfig;
|
//@Autowired
|
//private CacheManager cacheManager ;
|
|
@Autowired
|
public void setSv(SsoSv sv ){
|
this.sv = sv ;
|
}
|
|
//@Autowired
|
//public void setKaptchaConfig(KaptchaConfig kaptchaConfig) {
|
// this.kaptchaConfig = kaptchaConfig;
|
//}
|
|
/**
|
* 客户端请求得到所有组织机构
|
* @return 所有组织机构数据
|
*/
|
@Operation(summary = "所有组织机构", description = "返回所有所有组织机构数据")
|
@ApiResponses(value = {
|
@ApiResponse(
|
responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE,
|
description = "返回所有组织机构数据(BaseResponse.content:[ { \"tag\":\"ym\", \"name\":\"元谋\" }, { \"tag\":\"片角\", \"name\":\"片角镇\" }])",
|
content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
|
schema = @Schema(implementation = Org.class))}
|
)
|
})
|
@GetMapping(path = "allOrg")
|
public BaseResponse<List<Org.OrgVo>> allOrg(){
|
//List<Org> list = Arrays.asList(Org.Ym, Org.Pj) ;
|
return BaseResponseUtils.buildSuccess(Org.OrgList);
|
}
|
|
/**
|
* 客户端请求用户登录,客户端提交Json数据
|
* @param vo 用户登录值对象
|
* @param bindingResult 输入验证
|
* @return 登录用户值对象
|
*/
|
@Operation(summary = "单点登录", description = "提交登录用户值对象(json格式),进行单点登录")
|
/*
|
//下面这个不起作用,通过@RequestBody=直接显示LoginVo的API
|
@io.swagger.v3.oas.annotations.parameters.RequestBody(
|
//required = true,
|
description = "form值对象",
|
content = {@Content(mediaType = "application/json",
|
schema = @Schema(implementation = LoginVo.class))}
|
)
|
*/
|
@ApiResponses(value = {
|
@ApiResponse(
|
responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE,
|
description = "返回登录用户值对象(数据基类的content)",
|
content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
|
schema = @Schema(implementation = UserVo.class))}
|
)
|
})
|
@PostMapping(path = "loginJson", consumes = MediaType.APPLICATION_JSON_VALUE)
|
public BaseResponse<UserVo> loginJson(HttpServletRequest request, @RequestBody @Parameter(description = "登录json数据", required = true) @Valid LoginVo vo, @Parameter(hidden = true) BindingResult bindingResult) {
|
if(bindingResult != null && bindingResult.hasErrors()){
|
return BaseResponseUtils.buildErrorMsg(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
|
}
|
if(!vo.phone.equals("admin")){
|
if(vo.phone.length() != 11){
|
return BaseResponseUtils.buildErrorMsg("手机号(长度不是11位)不正确");
|
}
|
}
|
if(vo.orgTag == null || vo.orgTag.trim().length() == 0){
|
return BaseResponseUtils.buildErrorMsg("未选择组织单位");
|
}
|
//把组织单位标签作为数据源名称
|
DataSourceContext.set(vo.orgTag);
|
|
if(vo.token != null && vo.token.trim().length() > 0) {
|
// 从session中获取验证码
|
//HttpSession session = (HttpSession) request.getSession();
|
//String localCode = session.getAttribute(token).toString();
|
// 从数据库获取验证码
|
Map map = sv.getCodeByToken(vo.token);
|
Long expiration = Long.parseLong(map.get("expiration").toString());
|
Long currentTimestamp = System.currentTimeMillis();
|
if(currentTimestamp > expiration) {
|
return BaseResponseUtils.buildErrorMsg("验证码已超时");
|
}
|
String localCode = map.get("code").toString();
|
if(!vo.code.equals(localCode)) {
|
return BaseResponseUtils.buildErrorMsg("验证码错误");
|
}
|
}
|
|
if(!sv.existPhone(vo.phone)){
|
return BaseResponseUtils.buildErrorMsg("账号不存在");
|
}
|
|
String uuid4Token = null;
|
BaUser userPo = null ;
|
try {
|
uuid4Token = UUID.randomUUID().toString();
|
if(!StringUtils.isNullOrEmpty(vo.password)){
|
/*
|
如果前端进行了base64加密
|
po.password = new String(Base64.getDecoder().decode(po.password)) ;
|
*/
|
vo.password = MD5.encrypt(vo.password) ;
|
}
|
userPo = this.sv.loginWithMapperXml(uuid4Token, vo.phone, vo.password);
|
} catch (Exception e) {
|
log.error("用户登录异常", e);
|
return BaseResponseUtils.buildException(e.getMessage()) ;
|
}
|
|
if(userPo != null){
|
UserVo uVo = UserVoMapper.INSTANCT.po2vo(userPo);
|
uVo.token = uuid4Token ;
|
return BaseResponseUtils.buildSuccess(uVo);
|
}else{
|
return BaseResponseUtils.buildErrorMsg("登录失败");
|
}
|
}
|
|
/**
|
* 客户端请求用户登录,客户端提交form表单
|
* @param vo 登录用户form表单对象
|
* @return 登录用户值对象
|
*/
|
@Operation(summary = "单点登录", description = "提交登录用户数据(form表单),进行单点登录")
|
@ApiResponses(value = {
|
@ApiResponse(
|
responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE,
|
description = "返回登录用户值对象(数据基类的content)",
|
content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE,
|
schema = @Schema(implementation = UserVo.class))}
|
)
|
})
|
@PostMapping(path = "loginForm", consumes = MediaType.MULTIPART_FORM_DATA_VALUE)
|
public BaseResponse<UserVo> loginForm(@Parameter(description = "form表单数据", required = true) @Valid LoginVo vo, @Parameter(hidden = true) BindingResult bindingResult){
|
if(bindingResult != null && bindingResult.hasErrors()){
|
return BaseResponseUtils.buildErrorMsg(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage());
|
}
|
if(vo.orgTag == null || vo.orgTag.trim().length() == 0){
|
return BaseResponseUtils.buildErrorMsg("未选择组织单位");
|
}
|
//把组织单位标签作为数据源名称
|
DataSourceContext.set(vo.orgTag);
|
|
String uuid ;
|
BaUser userPo ;
|
try {
|
//Boolean flag = cacheManager.getCacheNames().isEmpty() ;
|
uuid = UUID.randomUUID().toString();
|
if(!StringUtils.isNullOrEmpty(vo.password)){
|
/*
|
如果前端进行了base64加密
|
po.password = new String(Base64.getDecoder().decode(po.password)) ;
|
*/
|
vo.password = MD5.encrypt(vo.password) ;
|
}
|
userPo = this.sv.loginWithMapperXml(uuid, vo.phone, vo.password);
|
} catch (Exception e) {
|
log.error("用户登录异常", e);
|
return BaseResponseUtils.buildException(e.getMessage()) ;
|
}
|
|
if(userPo != null){
|
UserVo uVo = UserVoMapper.INSTANCT.po2vo(userPo);
|
uVo.token = uuid ;
|
return BaseResponseUtils.buildSuccess(uVo);
|
}else{
|
return BaseResponseUtils.buildErrorMsg("登录失败");
|
}
|
}
|
|
/**
|
* 通过UUID退出登录,因为参数是uuid,所以此调用必须是后端相关代码调用,因为前端得不到cookie中的uuid
|
* @param hr HttpServletRequest
|
* @return 正常退出登录返回true,否则返回false
|
*/
|
@Operation(summary = "单点登出", description = "提交token(在header中),进行单点登出")
|
@ApiResponses(value = {
|
@ApiResponse(
|
responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE,
|
description = "返回处理结果(成功true,失败false)(数据基类的content)",
|
content = {@Content(mediaType = MediaType.TEXT_PLAIN_VALUE,
|
schema = @Schema(implementation = Boolean.class))}
|
)
|
})
|
@GetMapping(path = "logout")
|
public BaseResponse<Boolean> logout(@Parameter(hidden = true) HttpServletRequest hr){
|
String token = hr.getHeader("token") ;
|
if(token != null){
|
this.sv.logout(token) ;
|
return BaseResponseUtils.buildSuccess(true);
|
}else{
|
return BaseResponseUtils.buildErrorMsg("未从header中得到token");
|
}
|
}
|
|
/**
|
* 此方法供子模块系统调用,所以不公开在API接口中
|
* 方法功能:得到登录用户id,否则返回null
|
* @param token 登录用户token
|
* @return 登录用户ID
|
*/
|
@Hidden
|
@GetMapping(path = "loginUserId")
|
public Long loginUserId(String token){
|
BaUser userPo = this.sv.getByUuid(token) ;
|
return userPo == null ? null : userPo.id ;
|
}
|
/**
|
* 此方法供子模块系统调用,所以不公开在API接口中
|
* 方法功能:验证是否已经登录
|
* @param token 登录用户token
|
* @return SsoVo
|
*/
|
@Hidden
|
@GetMapping(path = "ssoCheck")
|
public SsoVo ssoCheck(String token){
|
BaUser userPo = null ;
|
if(token.equals(UniversalUserToken)){
|
//调试阶段,用的万用token
|
userPo = new BaUser() ;
|
Org.OrgVo orgVo = Org.OrgList.get(0) ;
|
userPo.orgTag = orgVo.tag ;
|
}else{
|
userPo = this.sv.getByUuid(token) ;
|
}
|
SsoVo vo = new SsoVo();
|
if(userPo != null){
|
vo.dataSourceName = userPo.orgTag ;
|
vo.logined = true ;
|
vo.hasPower = true ;//默认有权限。2023-12-21 经商议,由前端鉴权
|
}else{
|
vo.logined = false ;
|
vo.hasPower = true ;//默认有权限。2023-12-21 经商议,由前端鉴权
|
}
|
return vo ;
|
}
|
/**
|
* 此方法供子模块系统调用,所以不公开在API接口中
|
* 方法功能:验证是否已经登录,如果登录了,再验证权限
|
* @param token 登录用户token
|
* @param privilege 验证一个权限
|
* @param allPrivilege 验证所有权限
|
* @param anyPrivilege 验证任何一个权限
|
* @return SsoVo
|
*/
|
@Hidden
|
@GetMapping(path = "ssoPowerCheck")
|
public SsoVo ssoPowerCheck(String token, String privilege, String[] allPrivilege, String[] anyPrivilege){
|
BaUser userPo = this.sv.getByUuid(token) ;
|
SsoVo vo = new SsoVo();
|
if(userPo != null){
|
vo.dataSourceName = userPo.orgTag ;
|
vo.logined = true ;
|
vo.hasPower = false ;//默认是无权限
|
if(userPo.supperAdmin != null && userPo.supperAdmin == 1){
|
vo.hasPower = true ;
|
}else{
|
if(privilege.equals("-1")){
|
//无需权限验证
|
vo.hasPower = true ;
|
}else{
|
if(userPo.privileges != null && userPo.privileges.size() > 0){
|
vo.hasPower = this.hasOnePrivilege(privilege, userPo) ;
|
if(!vo.hasPower){
|
vo.hasPower = this.hasAllPrivilege(allPrivilege, userPo) ;
|
if(!vo.hasPower){
|
vo.hasPower = this.hasAnyPrivilege(anyPrivilege, userPo) ;
|
}
|
}
|
}
|
}
|
}
|
}else{
|
vo.logined = false ;
|
vo.hasPower = false ;
|
}
|
return vo ;
|
}
|
|
/**
|
* 获得当前登录用户
|
* @param token 登录用户token
|
* @return SsoVo
|
*/
|
@Hidden
|
@GetMapping(path = "ssoCurUser")
|
public CurUserVo ssoCurUser(String token){
|
BaUser userPo = this.sv.getByUuid(token) ;
|
CurUserVo vo = new CurUserVo();
|
if(userPo != null){
|
vo.id = userPo.id ;
|
vo.name = userPo.userName;
|
}
|
return vo ;
|
}
|
/////////////////////////////////////////////////////////////////
|
//
|
// 以下私有方法
|
//
|
/////////////////////////////////////////////////////////////////
|
/**
|
* 判断登录用户是否拥有指定的一个权限
|
* @param privilege 指定的一个权限
|
* @param userPo 当前登录用户
|
* @return 是否有权限
|
*/
|
private boolean hasOnePrivilege(String privilege, BaUser userPo){
|
boolean hasPrivilege = false ;
|
if (privilege != null && !privilege.trim().equals("")) {
|
int intPri = Integer.parseInt(privilege);
|
for (Integer pri : userPo.privileges) {
|
if (pri == intPri) {
|
hasPrivilege = true;
|
break;
|
}
|
}
|
}
|
return hasPrivilege ;
|
}
|
|
/**
|
* 判断登录用户是否拥有指定的多个权限
|
* @param allPrivilege 指定的多个权限
|
* @param userPo 当前登录用户
|
* @return 是否有权限
|
*/
|
private boolean hasAllPrivilege(String[] allPrivilege, BaUser userPo){
|
boolean hasPrivilege = false ;
|
if(allPrivilege != null && allPrivilege.length > 0){
|
int intPri ;
|
int count = 0 ;
|
for(String strPri : allPrivilege){
|
intPri = Integer.parseInt(strPri) ;
|
for(Integer pri : userPo.privileges){
|
if(pri == intPri){
|
count++ ;
|
break ;
|
}
|
}
|
}
|
if(count == allPrivilege.length){
|
hasPrivilege = true ;
|
}
|
}
|
return hasPrivilege ;
|
}
|
|
|
/**
|
* 判断登录用户是否拥有指定的某个权限
|
* @param anyPrivilege 指定的多个权限
|
* @param userPo 当前登录用户
|
* @return 是否有权限
|
*/
|
private boolean hasAnyPrivilege(String[] anyPrivilege, BaUser userPo){
|
boolean hasPrivilege = false ;
|
int intPri ;
|
if(anyPrivilege != null && anyPrivilege.length > 0){
|
for(String strPri : anyPrivilege){
|
intPri = Integer.parseInt(strPri) ;
|
for(Integer pri : userPo.privileges){
|
if(pri == intPri){
|
hasPrivilege = true ;
|
break ;
|
}
|
}
|
if(hasPrivilege){
|
break ;
|
}
|
}
|
}
|
return hasPrivilege ;
|
}
|
|
|
}
|
