package com.dy.sso.busi; import com.dy.common.aop.SsoVo; import com.dy.common.multiDataSource.DataSourceContext; import com.dy.common.util.MD5; import com.dy.common.webUtil.BaseResponse; import com.dy.common.webUtil.BaseResponseUtils; import com.dy.common.webUtil.ResultCodeMsg; import com.dy.pipIrrGlobal.pojoBa.BaUser; import com.dy.pipIrrGlobal.util.Org; import com.mysql.cj.util.StringUtils; import io.swagger.v3.oas.annotations.Hidden; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.media.Content; import io.swagger.v3.oas.annotations.media.Schema; import io.swagger.v3.oas.annotations.responses.ApiResponse; import io.swagger.v3.oas.annotations.responses.ApiResponses; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.servlet.http.HttpServletRequest; import jakarta.validation.Valid; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; import java.util.*; /** * 注解Tag 在API中显示: Tag 注解, 给整个接口起了个名字与描述" * 注解ApiResponses 和 注解ApiResponse 用来配置响应; * 注解Operation 用来设置接口名称和描述; * 注解Parameter 用来设置请求参数的描述、是否必填和示例。 */ @Slf4j @Tag(name = "用户登录", description = "单点登录系统(sso)") @RestController @RequestMapping(path="sso") @SuppressWarnings("unchecked")//java版本越高,对泛型约束越严,所以配置SuppressWarnings("unchecked") public class SsoCtrl { //在属性上注解@Autowired时,会警告 Field injection is not recommended(不再推荐使用字段注入) private SsoSv sv ; //private KaptchaConfig kaptchaConfig; //@Autowired //private CacheManager cacheManager ; @Autowired public void setSv(SsoSv sv ){ this.sv = sv ; } //@Autowired //public void setKaptchaConfig(KaptchaConfig kaptchaConfig) { // this.kaptchaConfig = kaptchaConfig; //} /** * 客户端请求得到所有组织机构 * @return 所有组织机构数据 */ @Operation(summary = "所有组织机构", description = "返回所有所有组织机构数据") @ApiResponses(value = { @ApiResponse( responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE, description = "返回所有组织机构数据(BaseResponse.content:[ { \"tag\":\"ym\", \"name\":\"元谋\" }, { \"tag\":\"片角\", \"name\":\"片角镇\" }])", content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE, schema = @Schema(implementation = Org.class))} ) }) @GetMapping(path = "allOrg") public BaseResponse> allOrg(){ //List list = Arrays.asList(Org.Ym, Org.Pj) ; return BaseResponseUtils.buildSuccess(Org.OrgList); } /** * 客户端请求用户登录,客户端提交Json数据 * @param vo 用户登录值对象 * @param bindingResult 输入验证 * @return 登录用户值对象 */ @Operation(summary = "单点登录", description = "提交登录用户值对象(json格式),进行单点登录") /* //下面这个不起作用,通过@RequestBody=直接显示LoginVo的API @io.swagger.v3.oas.annotations.parameters.RequestBody( //required = true, description = "form值对象", content = {@Content(mediaType = "application/json", schema = @Schema(implementation = LoginVo.class))} ) */ @ApiResponses(value = { @ApiResponse( responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE, description = "返回登录用户值对象(数据基类的content)", content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE, schema = @Schema(implementation = UserVo.class))} ) }) @PostMapping(path = "loginJson", consumes = MediaType.APPLICATION_JSON_VALUE) public BaseResponse loginJson(HttpServletRequest request, @RequestBody @Parameter(description = "登录json数据", required = true) @Valid LoginVo vo, @Parameter(hidden = true) BindingResult bindingResult) { if(bindingResult != null && bindingResult.hasErrors()){ return BaseResponseUtils.buildErrorMsg(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage()); } if(!vo.phone.equals("admin")){ if(vo.phone.length() != 11){ return BaseResponseUtils.buildErrorMsg("手机号(长度不是11位)不正确"); } } if(vo.orgTag == null || vo.orgTag.trim().length() == 0){ return BaseResponseUtils.buildErrorMsg("未选择组织单位"); } //把组织单位标签作为数据源名称 DataSourceContext.set(vo.orgTag); if(vo.token != null && vo.token.trim().length() > 0) { // 从session中获取验证码 //HttpSession session = (HttpSession) request.getSession(); //String localCode = session.getAttribute(token).toString(); // 从数据库获取验证码 Map map = sv.getCodeByToken(vo.token); Long expiration = Long.parseLong(map.get("expiration").toString()); Long currentTimestamp = System.currentTimeMillis(); if(currentTimestamp > expiration) { return BaseResponseUtils.buildErrorMsg("验证码已超时"); } String localCode = map.get("code").toString(); if(!vo.code.equals(localCode)) { return BaseResponseUtils.buildErrorMsg("验证码错误"); } } if(!sv.existPhone(vo.phone)){ return BaseResponseUtils.buildErrorMsg("账号不存在"); } String uuid4Token = null; BaUser userPo = null ; try { uuid4Token = UUID.randomUUID().toString(); if(!StringUtils.isNullOrEmpty(vo.password)){ /* 如果前端进行了base64加密 po.password = new String(Base64.getDecoder().decode(po.password)) ; */ vo.password = MD5.encrypt(vo.password) ; } userPo = this.sv.loginWithMapperXml(uuid4Token, vo.phone, vo.password); } catch (Exception e) { log.error("用户登录异常", e); return BaseResponseUtils.buildException(e.getMessage()) ; } if(userPo != null){ UserVo uVo = UserVoMapper.INSTANCT.po2vo(userPo); uVo.token = uuid4Token ; return BaseResponseUtils.buildSuccess(uVo); }else{ return BaseResponseUtils.buildErrorMsg("登录失败"); } } /** * 客户端请求用户登录,客户端提交form表单 * @param vo 登录用户form表单对象 * @return 登录用户值对象 */ @Operation(summary = "单点登录", description = "提交登录用户数据(form表单),进行单点登录") @ApiResponses(value = { @ApiResponse( responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE, description = "返回登录用户值对象(数据基类的content)", content = {@Content(mediaType = MediaType.APPLICATION_JSON_VALUE, schema = @Schema(implementation = UserVo.class))} ) }) @PostMapping(path = "loginForm", consumes = MediaType.MULTIPART_FORM_DATA_VALUE) public BaseResponse loginForm(@Parameter(description = "form表单数据", required = true) @Valid LoginVo vo, @Parameter(hidden = true) BindingResult bindingResult){ if(bindingResult != null && bindingResult.hasErrors()){ return BaseResponseUtils.buildErrorMsg(Objects.requireNonNull(bindingResult.getFieldError()).getDefaultMessage()); } if(vo.orgTag == null || vo.orgTag.trim().length() == 0){ return BaseResponseUtils.buildErrorMsg("未选择组织单位"); } //把组织单位标签作为数据源名称 DataSourceContext.set(vo.orgTag); String uuid ; BaUser userPo ; try { //Boolean flag = cacheManager.getCacheNames().isEmpty() ; uuid = UUID.randomUUID().toString(); if(!StringUtils.isNullOrEmpty(vo.password)){ /* 如果前端进行了base64加密 po.password = new String(Base64.getDecoder().decode(po.password)) ; */ vo.password = MD5.encrypt(vo.password) ; } userPo = this.sv.loginWithMapperXml(uuid, vo.phone, vo.password); } catch (Exception e) { log.error("用户登录异常", e); return BaseResponseUtils.buildException(e.getMessage()) ; } if(userPo != null){ UserVo uVo = UserVoMapper.INSTANCT.po2vo(userPo); uVo.token = uuid ; return BaseResponseUtils.buildSuccess(uVo); }else{ return BaseResponseUtils.buildErrorMsg("登录失败"); } } /** * 通过UUID退出登录,因为参数是uuid,所以此调用必须是后端相关代码调用,因为前端得不到cookie中的uuid * @param hr HttpServletRequest * @return 正常退出登录返回true,否则返回false */ @Operation(summary = "单点登出", description = "提交token(在header中),进行单点登出") @ApiResponses(value = { @ApiResponse( responseCode = ResultCodeMsg.RsCode.SUCCESS_CODE, description = "返回处理结果(成功true,失败false)(数据基类的content)", content = {@Content(mediaType = MediaType.TEXT_PLAIN_VALUE, schema = @Schema(implementation = Boolean.class))} ) }) @GetMapping(path = "logout") public BaseResponse logout(@Parameter(hidden = true) HttpServletRequest hr){ String token = hr.getHeader("token") ; if(token != null){ this.sv.logout(token) ; return BaseResponseUtils.buildSuccess(true); }else{ return BaseResponseUtils.buildErrorMsg("未从header中得到token"); } } /** * 此方法供子模块系统调用,所以不公开在API接口中 * 方法功能:得到登录用户id,否则返回null * @param token 登录用户token * @return 登录用户ID */ @Hidden @GetMapping(path = "loginUserId") public Long loginUserId(String token){ BaUser userPo = this.sv.getByUuid(token) ; return userPo == null ? null : userPo.id ; } /** * 此方法供子模块系统调用,所以不公开在API接口中 * 方法功能:验证是否已经登录 * @param token 登录用户token * @return SsoVo */ @Hidden @GetMapping(path = "ssoCheck") public SsoVo ssoCheck(String token){ BaUser userPo = this.sv.getByUuid(token) ; SsoVo vo = new SsoVo(); if(userPo != null){ vo.dataSourceName = userPo.orgTag ; vo.logined = true ; vo.hasPower = true ;//默认有权限。2023-12-21 经商议,由前端鉴权 }else{ vo.logined = false ; vo.hasPower = true ;//默认有权限。2023-12-21 经商议,由前端鉴权 } return vo ; } /** * 此方法供子模块系统调用,所以不公开在API接口中 * 方法功能:验证是否已经登录,如果登录了,再验证权限 * @param token 登录用户token * @param privilege 验证一个权限 * @param allPrivilege 验证所有权限 * @param anyPrivilege 验证任何一个权限 * @return SsoVo */ @Hidden @GetMapping(path = "ssoPowerCheck") public SsoVo ssoPowerCheck(String token, String privilege, String[] allPrivilege, String[] anyPrivilege){ BaUser userPo = this.sv.getByUuid(token) ; SsoVo vo = new SsoVo(); if(userPo != null){ vo.dataSourceName = userPo.orgTag ; vo.logined = true ; vo.hasPower = false ;//默认是无权限 if(userPo.supperAdmin != null && userPo.supperAdmin == 1){ vo.hasPower = true ; }else{ if(privilege.equals("-1")){ //无需权限验证 vo.hasPower = true ; }else{ if(userPo.privileges != null && userPo.privileges.size() > 0){ vo.hasPower = this.hasOnePrivilege(privilege, userPo) ; if(!vo.hasPower){ vo.hasPower = this.hasAllPrivilege(allPrivilege, userPo) ; if(!vo.hasPower){ vo.hasPower = this.hasAnyPrivilege(anyPrivilege, userPo) ; } } } } } }else{ vo.logined = false ; vo.hasPower = false ; } return vo ; } /** * 获得当前登录用户 * @param token 登录用户token * @return SsoVo */ @Hidden @GetMapping(path = "ssoCurUser") public CurUserVo ssoCurUser(String token){ BaUser userPo = this.sv.getByUuid(token) ; CurUserVo vo = new CurUserVo(); if(userPo != null){ vo.id = userPo.id ; vo.name = userPo.userName; } return vo ; } ///////////////////////////////////////////////////////////////// // // 以下私有方法 // ///////////////////////////////////////////////////////////////// /** * 判断登录用户是否拥有指定的一个权限 * @param privilege 指定的一个权限 * @param userPo 当前登录用户 * @return 是否有权限 */ private boolean hasOnePrivilege(String privilege, BaUser userPo){ boolean hasPrivilege = false ; if (privilege != null && !privilege.trim().equals("")) { int intPri = Integer.parseInt(privilege); for (Integer pri : userPo.privileges) { if (pri == intPri) { hasPrivilege = true; break; } } } return hasPrivilege ; } /** * 判断登录用户是否拥有指定的多个权限 * @param allPrivilege 指定的多个权限 * @param userPo 当前登录用户 * @return 是否有权限 */ private boolean hasAllPrivilege(String[] allPrivilege, BaUser userPo){ boolean hasPrivilege = false ; if(allPrivilege != null && allPrivilege.length > 0){ int intPri ; int count = 0 ; for(String strPri : allPrivilege){ intPri = Integer.parseInt(strPri) ; for(Integer pri : userPo.privileges){ if(pri == intPri){ count++ ; break ; } } } if(count == allPrivilege.length){ hasPrivilege = true ; } } return hasPrivilege ; } /** * 判断登录用户是否拥有指定的某个权限 * @param anyPrivilege 指定的多个权限 * @param userPo 当前登录用户 * @return 是否有权限 */ private boolean hasAnyPrivilege(String[] anyPrivilege, BaUser userPo){ boolean hasPrivilege = false ; int intPri ; if(anyPrivilege != null && anyPrivilege.length > 0){ for(String strPri : anyPrivilege){ intPri = Integer.parseInt(strPri) ; for(Integer pri : userPo.privileges){ if(pri == intPri){ hasPrivilege = true ; break ; } } if(hasPrivilege){ break ; } } } return hasPrivilege ; } }