Merge remote-tracking branch 'origin/master'

chuanyi_server/src/main/java/com/judong/chuanyiserver/config/InterceptorConfig.java

@@ -17,6 +17,7 @@ public class InterceptorConfig implements WebMvcConfigurer {
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(new Interceptors())
                 .addPathPatterns("/**")
+                .excludePathPatterns("/user/getCodeImage")
                 .excludePathPatterns("/user/getPublicKey")
                 .excludePathPatterns("/user/frontUserLogin")
                 .excludePathPatterns("/user/backUserLogin")

chuanyi_server/src/main/java/com/judong/chuanyiserver/config/Interceptors.java

@@ -3,8 +3,8 @@ package com.judong.chuanyiserver.config;
 import com.judong.chuanyiserver.enums.ResultEnum;
 import com.judong.chuanyiserver.exception.CustomException;
 import com.judong.chuanyiserver.util.Blank;
-import com.judong.chuanyiserver.util.TokenUtil;
 import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -27,4 +27,15 @@ public class Interceptors implements HandlerInterceptor {
 //        return verify;
         return true;
     }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
+    }
+
 }

chuanyi_server/src/main/java/com/judong/chuanyiserver/controller/UserController.java

@@ -1,7 +1,6 @@
 package com.judong.chuanyiserver.controller;
 
 import com.judong.chuanyiserver.annotation.PermissionControl;
-import com.judong.chuanyiserver.annotation.PermissionControl;
 import com.judong.chuanyiserver.entity.Permission;
 import com.judong.chuanyiserver.entity.Role;
 import com.judong.chuanyiserver.entity.User;
@@ -20,12 +19,26 @@ public class UserController {
     @Autowired
     private UserService userService;
 
+    /**
+     * 获取图形验证码
+     *
+     * @return
+     */
+    @GetMapping("/getCodeImage")
+    public Result getCodeImage() {
+        return userService.getCodeImage();
+    }
+
+    /**
+     * 获取公钥
+     *
+     * @return
+     */
     @GetMapping("/getPublicKey")
     public Result getPublicKey() {
         return Result.ok(RSAUtil.PUBLIC_KEY);
     }
 
-
     /**
      * 前端用户登录
      *
@@ -34,10 +47,10 @@ public class UserController {
      */
     @PostMapping("/frontUserLogin")
     public Result frontUserLogin(@RequestBody User user) {
-        if (Blank.isEmpty(user, user.getUserName(), user.getPassword())) {
+        if (Blank.isEmpty(user, user.getUserName(), user.getPassword(), user.getUid(), user.getVerifyCode())) {
             return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), ResultEnum.REQUEST_WRONGPARAMS.getRespMsg());
         }
-        return userService.frontUserLogin(user.getUserName(), user.getPassword());
+        return userService.frontUserLogin(user);
     }
 
     /**
@@ -48,10 +61,10 @@ public class UserController {
      */
     @PostMapping("/backUserLogin")
     public Result backUserLogin(@RequestBody User user) {
-        if (Blank.isEmpty(user, user.getUserName(), user.getPassword())) {
+        if (Blank.isEmpty(user, user.getUserName(), user.getPassword(), user.getUid(), user.getVerifyCode())) {
             return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), ResultEnum.REQUEST_WRONGPARAMS.getRespMsg());
         }
-        return userService.backUserLogin(user.getUserName(), user.getPassword());
+        return userService.backUserLogin(user);
     }
 
     /**

chuanyi_server/src/main/java/com/judong/chuanyiserver/entity/User.java

@@ -24,6 +24,14 @@ public class User implements Serializable {
      */
     private String password;
     /**
+     * sessionId传值
+     */
+    private String uid;
+    /**
+     * 验证码
+     */
+    private String verifyCode;
+    /**
      * 用户状态
      */
     private Integer state;

chuanyi_server/src/main/java/com/judong/chuanyiserver/service/UserService.java

@@ -12,20 +12,18 @@ public interface UserService {
     /**
      * 前端用户登录
      *
-     * @param userName
-     * @param password
+     * @param user
      * @return
      */
-    Result frontUserLogin(String userName, String password);
+    Result frontUserLogin(User user);
 
     /**
      * 后台管理系统登录
      *
-     * @param userName
-     * @param password
+     * @param user
      * @return
      */
-    Result backUserLogin(String userName, String password);
+    Result backUserLogin(User user);
 
     /**
      * 添加用户
@@ -74,4 +72,6 @@ public interface UserService {
     Result deletePermissionById(Integer id);
 
     Result assignPermission(int roleId, List<Permission> permissionList);
+
+    Result getCodeImage();
 }

chuanyi_server/src/main/java/com/judong/chuanyiserver/service/impl/UserServiceImpl.java

@@ -1,5 +1,8 @@
 package com.judong.chuanyiserver.service.impl;
 
+import cn.hutool.captcha.CaptchaUtil;
+import cn.hutool.captcha.ShearCaptcha;
+import cn.hutool.core.convert.Convert;
 import com.alibaba.fastjson.JSONObject;
 import com.judong.chuanyiserver.dao.UserDao;
 import com.judong.chuanyiserver.entity.Permission;
@@ -9,14 +12,26 @@ import com.judong.chuanyiserver.enums.ResultEnum;
 import com.judong.chuanyiserver.exception.CustomException;
 import com.judong.chuanyiserver.service.UserService;
 import com.judong.chuanyiserver.util.*;
+import lombok.extern.slf4j.Slf4j;
+import org.slf4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.StringUtils;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
+import java.util.concurrent.TimeUnit;
 
+@Slf4j
 @Service
 @Transactional
 public class UserServiceImpl implements UserService {
@@ -30,35 +45,71 @@ public class UserServiceImpl implements UserService {
     @Autowired
     private UserUtil userUtil;
 
+    @Override
+    public Result getCodeImage() {
+        JSONObject jsonObject = new JSONObject();
+        // 定义图形验证码的长、宽、验证码字符数、干扰线宽度
+        ShearCaptcha captcha = CaptchaUtil.createShearCaptcha(126, 40, 4, 4);
+        // 图形验证码写出，可以写出到文件，也可以写出到流
+        String captchaCode = captcha.getCode();
+        HttpServletRequest request = userUtil.getRequest();
+        String sessionId = request.getRequestedSessionId();
+        if (Blank.isEmpty(sessionId)) {
+            sessionId = request.getSession().getId();
+        }
+        // 设置验证码有效时间
+        redisUtil.set(sessionId + "-captcha", captchaCode, ConstantStr.ONE_MINUTE);
+        jsonObject.put("uid", sessionId);
+        jsonObject.put("verifyCode", captcha.getImageBase64());
+        return Result.ok(jsonObject);
+    }
+
     /**
      * 前端用户登录
      *
-     * @param userName
-     * @param password
+     * @param user
      * @return
      */
     @Override
-    public Result frontUserLogin(String userName, String password) {
+    public Result frontUserLogin(User user) {
         try {
-            password = RSAUtil.decrypt(password, "UTF-8");
+            user.setPassword(RSAUtil.decrypt(user.getPassword(), "UTF-8"));
         } catch (Exception e) {
-            throw new CustomException(ResultEnum.SERVER_ERROR.getRespCode(), ResultEnum.SERVER_ERROR.getRespMsg());
+            throw new CustomException(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), ResultEnum.REQUEST_WRONGPARAMS.getRespMsg());
         }
-        User user = userDao.getUserByNamePass(userName, EncryptUtils.StrToMD5(password));
-        if (Blank.isEmpty(user)) {
+        User isExistUser = userDao.getUserByNamePass(user.getUserName(), EncryptUtils.StrToMD5(user.getPassword()));
+        if (Blank.isEmpty(isExistUser)) {
             return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), "用户名或密码错误");
         }
+        // 校验验证码
+        String storeCode = Convert.toStr(redisUtil.get(user.getUid() + "-captcha"));
+        if (Blank.isEmpty(storeCode)) {
+            return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), "验证码失效，请重新获取验证码");
+        }
+        if (!user.getVerifyCode().equals(storeCode)) {
+            return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), "输入的验证码不正确");
+        }
+        // 验证码通过则删除验证码
+        redisUtil.del(user.getUid() + "-captcha");
         JSONObject json = new JSONObject();
-        List<Integer> roleIdList = userDao.getRoleIdListByUserId(user.getUserId());
+        isExistUser.setPassword("");
+        json.put("user", isExistUser);
+        List<Integer> roleIdList = userDao.getRoleIdListByUserId(isExistUser.getUserId());
+        if (Blank.isEmpty(roleIdList)) {
+            return Result.no(ResultEnum.NO_OPERATION_AUTHORITY.getRespCode(), "没有角色信息");
+        }
         json.put("roleIdList", roleIdList);
         List<Permission> permissionList = userDao.getPermissionByRoleList(roleIdList);
+        if (Blank.isEmpty(permissionList)) {
+            return Result.no(ResultEnum.NO_OPERATION_AUTHORITY.getRespCode(), "没有权限信息");
+        }
         json.put("permissionList", permissionList);
         //生成token
-        String token = TokenUtil.token(userName, ConstantStr.HALF_HOUR);
+        String token = TokenUtil.token(isExistUser.getUserName(), ConstantStr.HALF_HOUR);
         json.put("token", token);
-        redisUtil.set(token, user.getUserId(), ConstantStr.HALF_HOUR);
+        redisUtil.set(token, isExistUser.getUserId(), ConstantStr.HALF_HOUR);
         //更新用户登录状态
-        if (userDao.updateLoginState(user.getUserId()) <= 0) {
+        if (userDao.updateLoginState(isExistUser.getUserId()) <= 0) {
             return Result.no(ResultEnum.SERVER_ERROR.getRespCode(), "更新登录状态失败");
         }
         return Result.ok(json);
@@ -67,35 +118,49 @@ public class UserServiceImpl implements UserService {
     /**
      * 后台管理系统登录
      *
-     * @param userName
-     * @param password
+     * @param user
      * @return
      */
     @Override
-    public Result backUserLogin(String userName, String password) {
+    public Result backUserLogin(User user) {
         try {
-            password = RSAUtil.decrypt(password, "UTF-8");
+            user.setPassword(RSAUtil.decrypt(user.getPassword(), "UTF-8"));
         } catch (Exception e) {
             throw new CustomException(ResultEnum.SERVER_ERROR.getRespCode(), ResultEnum.SERVER_ERROR.getRespMsg());
         }
-        User user = userDao.getUserByNamePass(userName, EncryptUtils.StrToMD5(password));
-        if (Blank.isEmpty(user)) {
+        User isExistUser = userDao.getUserByNamePass(user.getUserName(), EncryptUtils.StrToMD5(user.getPassword()));
+        if (Blank.isEmpty(isExistUser)) {
             return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), "用户名或密码错误");
         }
-        List<Integer> roleIdList = userDao.getRoleIdListByUserId(user.getUserId());
+        // 校验验证码
+        String storeCode = Convert.toStr(redisUtil.get(user.getUid() + "-captcha"));
+        if (Blank.isEmpty(storeCode)) {
+            return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), "验证码失效，请重新获取验证码");
+        }
+        if (!user.getVerifyCode().equals(storeCode)) {
+            return Result.no(ResultEnum.REQUEST_WRONGPARAMS.getRespCode(), "输入的验证码不正确");
+        }
+        // 验证码通过则删除验证码
+        redisUtil.del(user.getUid() + "-captcha");
+        List<Integer> roleIdList = userDao.getRoleIdListByUserId(isExistUser.getUserId());
         if (Blank.isEmpty(roleIdList)) {
             return Result.no(ResultEnum.NO_OPERATION_AUTHORITY.getRespCode(), ResultEnum.NO_OPERATION_AUTHORITY.getRespMsg());
         }
         for (Integer roleId : roleIdList) {
             if (roleId == ConstantStr.ROLE_ADMIN) {
                 JSONObject json = new JSONObject();
+                isExistUser.setPassword("");
+                json.put("user", isExistUser);
                 json.put("roleIdList", roleIdList);
                 List<Permission> permissionList = userDao.getPermissionByRoleList(roleIdList);
+                if (Blank.isEmpty(permissionList)) {
+                    return Result.no(ResultEnum.NO_OPERATION_AUTHORITY.getRespCode(), "没有权限信息");
+                }
                 json.put("permissionList", permissionList);
                 //生成token
-                String token = TokenUtil.token(userName, ConstantStr.HALF_HOUR);
+                String token = TokenUtil.token(isExistUser.getUserName(), ConstantStr.HALF_HOUR);
                 json.put("token", token);
-                redisUtil.set(token, user.getUserId(), ConstantStr.HALF_HOUR);
+                redisUtil.set(token, isExistUser.getUserId(), ConstantStr.HALF_HOUR);
                 return Result.ok(json);
             }
         }

chuanyi_server/src/main/java/com/judong/chuanyiserver/util/Result.java

@@ -2,36 +2,14 @@ package com.judong.chuanyiserver.util;
 
 
 import com.judong.chuanyiserver.enums.ResultEnum;
+import lombok.Data;
 
+@Data
 public class Result {
     private Integer code;//响应码
     private String msg;//响应消息
     private Object data;//返回的数据
 
-    public Integer getCode() {
-        return code;
-    }
-
-    public void setCode(Integer code) {
-        code = code;
-    }
-
-    public String getMsg() {
-        return msg;
-    }
-
-    public void setMsg(String msg) {
-        msg = msg;
-    }
-
-    public Object getData() {
-        return data;
-    }
-
-    public void setData(Object data) {
-        data = data;
-    }
-
     public static Result ok(Object data) {
         Result result = new Result();
         result.setCode(ResultEnum.SUCCESS.getRespCode());
@@ -40,10 +18,10 @@ public class Result {
         return result;
     }
 
-    public static Result no(Integer Code, String Msg) {
+    public static Result no(Integer code, String msg) {
         Result result = new Result();
-        result.setCode(Code);
-        result.setMsg(Msg);
+        result.setCode(code);
+        result.setMsg(msg);
         return result;
     }
 }

chuanyi_server/src/main/java/com/judong/chuanyiserver/util/UserUtil.java

@@ -22,6 +22,14 @@ public class UserUtil {
     private UserDao userDao;
 
     /**
+     * 获取请求
+     */
+    public HttpServletRequest getRequest() {
+        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        return attributes.getRequest();
+    }
+
+    /**
      * 获取请求中的token
      *
      * @return