|
|
@@ -66,24 +66,6 @@ public class SecurityService {
|
|
|
result.put("message", "appid 或者 appSecret 错误");
|
|
|
}
|
|
|
return result;
|
|
|
-
|
|
|
- //从本地内存变量中查询appID以及appSecret是否已经连接
|
|
|
- //如果没有连接则
|
|
|
- // 使用DB读方法,查询底座数据库的应用表,判断appID以及appSecret是否存在以及是否已连接
|
|
|
- // select token,expiresTime,vcodeRule from 应用表 where appID and appSecret
|
|
|
- // 如果不存在则
|
|
|
- // 返回错误
|
|
|
- // 如果未连接或者已经过期则--
|
|
|
- // 生成令牌--暂时不使用签名方式,未来再考虑
|
|
|
- // 记录到应用表token,过期时间
|
|
|
- // 更新本地内存变量
|
|
|
- //获取当前应用的请求IP列表:{appID+"-"+appSecret:{"token":token,"expiresTime":expiresTime,"requestIP":[],"vcodeRule":vcodeRule}}
|
|
|
- //如果当前请求IPrequestIP不在列表中则添加请求IP地址列表
|
|
|
- //获取应用的API权限、API对应的数据权限
|
|
|
- //缓存本地内存变量:{token:{serviceID:{"authColumn":authColumn,"authFilter":authFilter}}}
|
|
|
- //返回本地内存变量的令牌和过期时间
|
|
|
- //注意存在两个版本的返回结构,此处需要做兼容
|
|
|
- //特别注意:此处本地内存变量使用哪种结构会速度更快,尤其是VerifyToken的查找速度
|
|
|
}
|
|
|
|
|
|
private Map<String, Object> getAppToken(String appid, String appSecret, String requestIp, String sessionId) throws JsonProcessingException {
|
|
|
@@ -112,7 +94,9 @@ public class SecurityService {
|
|
|
data.put("appname", application.getAppname());
|
|
|
data.put("appenname", application.getAppengname());
|
|
|
data.put("logo", application.getApplogo());
|
|
|
+ data.put("smalllogo", application.getSmalllogo());
|
|
|
data.put("background", application.getBackgroundimage());
|
|
|
+ data.put("securitycoderule", application.getSecuritycoderule());
|
|
|
result.put("returnData", data);
|
|
|
result.put("code", "0");
|
|
|
result.put("message", null);
|
|
|
@@ -123,81 +107,10 @@ public class SecurityService {
|
|
|
return result;
|
|
|
}
|
|
|
|
|
|
- private Map<String, Object> getUserToken(@Nullable String appToken, @Nullable String userName, @Nullable String password, @Nullable String code, @Nullable String requestIp, String sessionId, Boolean checkCode) {
|
|
|
- Map<String, Object> result = new HashMap<>();
|
|
|
-
|
|
|
- //调用VerifyToken进行连接token的验证
|
|
|
- //验证失败则
|
|
|
- // 返回错误
|
|
|
- //如果验证码生成规则不为空则--为空代表不需要验证码
|
|
|
- // 校验验证码VerifyVerificationCode(sessionID,verifyCode)
|
|
|
- // 如果校验失败则
|
|
|
- // 返回错误
|
|
|
- //查询数据库用户表,使用账号及密码,判断用户是否存在,返回userID和容许的同时登录个数(0代表不限制,默认为1)
|
|
|
- //如果用户不存在则
|
|
|
- // 返回用户名或密码错误
|
|
|
- //查询数据库用户登录日志,使用userID,返回已经登录的sessionID--注意登出时间为空
|
|
|
- //如果对应的sessionID已经登录则
|
|
|
- // 返回已经登录
|
|
|
- //如果容许的同时登录个数大于0且已经登录个数(返回的sessionID数量)大于等于容许的同时登录个数则
|
|
|
- // 返回用户登录数超出
|
|
|
- //生成用户令牌
|
|
|
- //新增用户登录日志:userID、sessionID、登录时间、requestIP、用户令牌
|
|
|
- //缓存本地用户登录日志:{用户令牌:userID+sessionID}
|
|
|
- //删除远程数据库中所有已经过期的验证码记录以及当前sessionID的验证码
|
|
|
- //返回登录成功:userID、用户令牌
|
|
|
- Appconnectlog applicationconnectlog = applicationconnectlogService.findByTokenAndRequestIp(appToken, requestIp);
|
|
|
- if (Objects.isNull(applicationconnectlog)) {
|
|
|
- result.put("code", "-1");
|
|
|
- result.put("message", "apptoken 错误");
|
|
|
- return result;
|
|
|
- }
|
|
|
- Application application = applicationService.findByAppId(applicationconnectlog.getAppid());
|
|
|
-
|
|
|
- if (checkCode && Objects.nonNull(application.getSecuritycoderule()) && !codeCacheService.check(code, sessionId)) {
|
|
|
- result.put("code", "-1");
|
|
|
- result.put("message", "验证码错误");
|
|
|
- } else {
|
|
|
- Integer multilogin = application.getMultilogin();
|
|
|
- Userinfo user = userinfoService.findByUsername(userName);
|
|
|
- List<Userloginlog> userloginlogs = userloginlogService.findByUserId(user.getUserid());
|
|
|
- if (!userloginlogs.isEmpty()) {
|
|
|
- result.put("code", "0");
|
|
|
- if (multilogin == 1) {
|
|
|
- userloginlogService.expiresByUserid(user.getUserid());
|
|
|
- }
|
|
|
- userloginlogService.insertUserLoginLog(requestIp, sessionId, user.getUserid(), null, appToken, application.getAppid());
|
|
|
- result.put("returnData", new HashMap<>() {{
|
|
|
- put("userstatus", 1);
|
|
|
- }});
|
|
|
- return result;
|
|
|
- } else {
|
|
|
- result.put("code", "0");
|
|
|
- result.put("returnData", new HashMap<>() {{
|
|
|
- put("userstatus", 0);
|
|
|
- }});
|
|
|
- }
|
|
|
- userloginlogService.insertUserLoginLog(requestIp, sessionId, user.getUserid(), null, appToken, application.getAppid());
|
|
|
-
|
|
|
- }
|
|
|
- return result;
|
|
|
- }
|
|
|
|
|
|
|
|
|
//校验连接令牌
|
|
|
public Map<String, Object> verifyToken(Map<String, Object> requestData) {
|
|
|
- //循环本地内存变量{appID+"-"+appSecret:{"token":token,"expiresTime":expiresTime,"requestIP":[],"vcodeRule":vcodeRule}}
|
|
|
- // 如果存在则
|
|
|
- // 判断token过期时间
|
|
|
- // 如果已过期则
|
|
|
- // 返回错误
|
|
|
- // 返回正确--附带验证码规则
|
|
|
- //循环结束未找到则查询远程数据库
|
|
|
- //使用DB读方法,查询底座数据库的应用表,判断appID以及requestIP是否存在以及是否已连接
|
|
|
- //如果未连接或已过期则
|
|
|
- // 返回错误
|
|
|
- //更新本地内存变量{appID+"-"+appSecret:{"token":token,"expiresTime":expiresTime,"requestIP":[],"vcodeRule":vcodeRule}}
|
|
|
- //返回正确--附带验证码规则
|
|
|
Optional<String> token = getValue("token", requestData);
|
|
|
|
|
|
Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
@@ -224,15 +137,7 @@ public class SecurityService {
|
|
|
}
|
|
|
|
|
|
//刷新连接令牌
|
|
|
- public Map<String, Object> refreshToken(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
- //调用VerifyToken进行验证
|
|
|
- //验证失败则
|
|
|
- // 返回错误
|
|
|
- //生成令牌--暂时不使用签名方式,未来再考虑
|
|
|
- //记录到应用表token,过期时间
|
|
|
- //更新本地内存变量{appID+"-"+appSecret:{"token":token,"expiresTime":expiresTime,"requestIP":[],"vcodeRule":vcodeRule}}
|
|
|
- //返回本地内存变量的令牌和过期时间
|
|
|
- //注意存在两个版本的返回结构,此处需要做兼容
|
|
|
+ public Map<String, Object> refreshToken(Map<String, Object> requestData) {
|
|
|
Map<String, Object> resultData = new HashMap<>();
|
|
|
Map<String, Object> map = verifyToken(requestData);
|
|
|
Optional<String> version = getValue("version", requestData);
|
|
|
@@ -243,11 +148,12 @@ public class SecurityService {
|
|
|
|
|
|
Appconnectlog applicationconnectlog = applicationconnectlogService.findByTokenAndRequestIp(token.get(), requestIp.get());
|
|
|
Application application = applicationService.findByAppId(applicationconnectlog.getAppid());
|
|
|
- LocalDateTime expiresTime = LocalDateTime.now().plusMinutes(application.getApptokeneffective());
|
|
|
+ LocalDateTime expiresTime = LocalDateTime.now().plusSeconds(application.getApptokeneffective());
|
|
|
applicationconnectlogService.updateApplicationLogTokenExpiresTime(applicationconnectlog.getAppid(), token.get(), expiresTime);
|
|
|
resultData.put("code", "0");
|
|
|
Map<String, Object> data = new HashMap<>();
|
|
|
data.put("expirestime", expiresTime.format(dateTimeFormatter));
|
|
|
+ data.put("token", token.get());
|
|
|
if ("1".equals(version.orElse("1"))) {
|
|
|
resultData.put("returnData", data);
|
|
|
} else {
|
|
|
@@ -288,24 +194,12 @@ public class SecurityService {
|
|
|
resultData.put("code", "-1");
|
|
|
resultData.put("message", "token已经过期");
|
|
|
}
|
|
|
- //调用VerifyToken进行连接token的验证
|
|
|
- //验证失败则
|
|
|
- // 返回错误
|
|
|
- //如果验证码生成规则为空代表不需要验证码直接返回--VerifyToken验证时已经获取了验证码生成规则
|
|
|
- //生成验证码createVerificationCode(vcodeRule)
|
|
|
- //生成新的过期时间
|
|
|
- //删除远程数据库中所有已经过期的验证码记录
|
|
|
- //记录到远程数据库中验证码记录表:sessionID、VerificationCode、expiresTime--用于支持负载均衡
|
|
|
- //记录到本地内存变量{sessionID:{"VerificationCode":验证码,"expiresTime":expiresTime}}
|
|
|
- //返回验证码和过期时间
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
|
|
|
//用户登录
|
|
|
public Map<String, Object> login(Map<String, Object> requestData) {
|
|
|
-
|
|
|
-
|
|
|
Map<String, Object> testToken = verifyToken(requestData);
|
|
|
Map<String, Object> resultData = new HashMap<>();
|
|
|
if (testToken.get("code").equals("0")) {
|
|
|
@@ -324,6 +218,45 @@ public class SecurityService {
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
+ private Map<String, Object> getUserToken(@Nullable String appToken, @Nullable String userName, @Nullable String password, @Nullable String code, @Nullable String requestIp, String sessionId, Boolean checkCode) {
|
|
|
+ Map<String, Object> result = new HashMap<>();
|
|
|
+ Appconnectlog applicationconnectlog = applicationconnectlogService.findByTokenAndRequestIp(appToken, requestIp);
|
|
|
+ if (Objects.isNull(applicationconnectlog)) {
|
|
|
+ result.put("code", "-1");
|
|
|
+ result.put("message", "apptoken 错误");
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+ Application application = applicationService.findByAppId(applicationconnectlog.getAppid());
|
|
|
+
|
|
|
+ if (checkCode && Objects.nonNull(application.getSecuritycoderule()) && !codeCacheService.check(code, sessionId)) {
|
|
|
+ result.put("code", "-1");
|
|
|
+ result.put("message", "验证码错误");
|
|
|
+ } else {
|
|
|
+ Integer multilogin = application.getMultilogin();
|
|
|
+ Userinfo user = userinfoService.findByUsername(userName);
|
|
|
+ List<Userloginlog> userloginlogs = userloginlogService.findByUserId(user.getUserid());
|
|
|
+ if (!userloginlogs.isEmpty()) {
|
|
|
+ result.put("code", "0");
|
|
|
+ if (multilogin == 1) {
|
|
|
+ userloginlogService.expiresByUserid(user.getUserid());
|
|
|
+ }
|
|
|
+ userloginlogService.insertUserLoginLog(requestIp, sessionId, user.getUserid(), null, appToken, application.getAppid());
|
|
|
+ result.put("returnData", new HashMap<>() {{
|
|
|
+ put("userstatus", 1);
|
|
|
+ }});
|
|
|
+ return result;
|
|
|
+ } else {
|
|
|
+ result.put("code", "0");
|
|
|
+ result.put("returnData", new HashMap<>() {{
|
|
|
+ put("userstatus", 0);
|
|
|
+ }});
|
|
|
+ }
|
|
|
+ userloginlogService.insertUserLoginLog(requestIp, sessionId, user.getUserid(), null, appToken, application.getAppid());
|
|
|
+
|
|
|
+ }
|
|
|
+ return result;
|
|
|
+ }
|
|
|
+
|
|
|
//强制登录
|
|
|
public Map<String, Object> forceLogin(Map<String, Object> requestData) {
|
|
|
|
|
|
@@ -363,27 +296,6 @@ public class SecurityService {
|
|
|
}
|
|
|
}
|
|
|
return result;
|
|
|
-
|
|
|
-
|
|
|
-// 进行一个try捕获未思考到的异常
|
|
|
-// 如果临时交换令牌为空则返回错误
|
|
|
-// 校验令牌testToken
|
|
|
-// 不通过则返回错误
|
|
|
-// 通过则获取应用编号app_id
|
|
|
-// 校验临时交换令牌
|
|
|
-// 如果不通过则返回错误
|
|
|
-// 通过会返回用户编号
|
|
|
-// 从缓存类中获取应用信息getAppInfo(appid)
|
|
|
-// 默认禁止多机登录
|
|
|
-// 如果应用信息中容许多机登录则容许多机登录
|
|
|
-// 如果用户信息中容许多机登录不为空则
|
|
|
-// 是否容许多级登录依据用户信息中配置
|
|
|
-// 如果禁止多机登录则
|
|
|
-// 生成用户令牌
|
|
|
-// 更新用户登录日志(另一个用户因令牌发生变化导致被强制下线)
|
|
|
-// 返回用户令牌及用户信息
|
|
|
-// 否则
|
|
|
-// 返回错误(只有禁止多机登录时存在强制登录)
|
|
|
}
|
|
|
|
|
|
private Map<String, Object> checkUserToken(Map<String, Object> requestData) {
|
|
|
@@ -424,18 +336,11 @@ public class SecurityService {
|
|
|
resultData.put("message", "成功");
|
|
|
return resultData;
|
|
|
}
|
|
|
- //调用VerifyUserToken进行用户令牌的验证
|
|
|
- //验证失败则
|
|
|
- //返回错误
|
|
|
- //更新用户登录日志userID、sessionID、登出时间
|
|
|
- //删除缓存本地用户登录日志:{用户令牌:userID+sessionID}
|
|
|
- //删除本地变量缓存的用户API权限列表、API对应的数据权限列表:{userID:{serviceID:{"authColumn":authColumn,"authFilter":authFilter}}}
|
|
|
- //返回登出成功
|
|
|
}
|
|
|
|
|
|
|
|
|
//获取用户权限
|
|
|
- public Map<String, Object> permission(Map<String, Object> requestData) {
|
|
|
+ public Map<String, Object> permission(Map<String, Object> requestData, Integer version) {
|
|
|
|
|
|
Map<String, Object> resultData = checkUserToken(requestData);
|
|
|
if (!"0".equals(resultData.get("code"))) {
|
|
|
@@ -444,17 +349,18 @@ public class SecurityService {
|
|
|
Optional<String> userToken = getValue("usertoken", requestData);
|
|
|
Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Userloginlog userloginlog = userloginlogService.findByUserToken(userToken.get(), sessionId.get());
|
|
|
- List<Permissions> ps = permissionsService.getPermissions(userloginlog.getUserid().toString());
|
|
|
- resultData = new HashMap<>();
|
|
|
- resultData.put("code", "0");
|
|
|
- resultData.put("returnData", ps);
|
|
|
+ if ("0".equals(version)) {
|
|
|
+ List<Permissions> ps = permissionsService.getPermissions(userloginlog.getUserid().toString());
|
|
|
+ resultData = new HashMap<>();
|
|
|
+ resultData.put("code", "0");
|
|
|
+ resultData.put("returnData", ps);
|
|
|
+ } else {
|
|
|
+ List<Map<String, Object>> ps = permissionsService.getPermissionsOld(userloginlog.getUserid().toString());
|
|
|
+ resultData = new HashMap<>();
|
|
|
+ resultData.put("code", "0");
|
|
|
+ resultData.put("returnData", ps);
|
|
|
+ }
|
|
|
}
|
|
|
- //调用VerifyUserToken进行用户令牌的验证
|
|
|
- //验证失败则
|
|
|
- // 返回错误
|
|
|
- //从数据库获取前端菜单权限列表、API权限列表、API对应的数据权限列表
|
|
|
- //缓存用户API权限列表、API对应的数据权限列表:{userID:{"authColumn":authColumn,"authFilter":authFilter}}
|
|
|
- //返回前端菜单权限列表
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
@@ -473,34 +379,22 @@ public class SecurityService {
|
|
|
Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Userloginlog userloginlog = userloginlogService.findByUserToken(userToken.get(), sessionId.get());
|
|
|
Integer userId = userloginlog.getUserid();
|
|
|
- Userinfo userinfo = userinfoService.findByUserId(userId);
|
|
|
- if (Objects.nonNull(userinfo)) {
|
|
|
- String userpassword = userinfo.getUserpassword();
|
|
|
- if (!userpassword.equals(oldPassword.get())) {
|
|
|
- resultData.put("message", "密码错误");
|
|
|
- resultData.put("code", "-1");
|
|
|
- return resultData;
|
|
|
- } else {
|
|
|
- userinfoService.updateUserPassword(userId, password.get());
|
|
|
- }
|
|
|
- resultData = new HashMap<>();
|
|
|
- resultData.put("code", "0");
|
|
|
- resultData.put("message", "修改成功");
|
|
|
+ Userinfo userinfo = userinfoService.findByUserId(userId);
|
|
|
+ if (Objects.nonNull(userinfo)) {
|
|
|
+ String userpassword = userinfo.getUserpassword();
|
|
|
+ if (!userpassword.equals(oldPassword.get())) {
|
|
|
+ resultData.put("message", "密码错误");
|
|
|
+ resultData.put("code", "-1");
|
|
|
+ return resultData;
|
|
|
+ } else {
|
|
|
+ userinfoService.updateUserPassword(userId, password.get());
|
|
|
}
|
|
|
+ resultData = new HashMap<>();
|
|
|
+ resultData.put("code", "0");
|
|
|
+ resultData.put("message", "修改成功");
|
|
|
+ }
|
|
|
|
|
|
}
|
|
|
- //调用VerifyToken进行连接token的验证
|
|
|
- //验证失败则
|
|
|
- // 返回错误
|
|
|
- //判断是不是第三方应用
|
|
|
- //如果不是第三方应用则
|
|
|
- // 返回错误
|
|
|
- //查找本地变量缓存的应用API权限列表、API对应的数据权限列表:{token:{serviceID:{"authColumn":authColumn,"authFilter":authFilter}}}
|
|
|
- //如果不存在则
|
|
|
- // 查找数据库应用的API权限列表、API对应的数据权限列表
|
|
|
- // 如果不存在则
|
|
|
- // 返回无权
|
|
|
- //返回对应的行列权限authColumn、authFilter----可以为空
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
@@ -537,14 +431,8 @@ public class SecurityService {
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- //调用VerifyUserToken进行用户令牌的验证
|
|
|
- //验证失败则
|
|
|
- // 返回错误
|
|
|
- //更新用户登录日志的最后活跃时间
|
|
|
- //返回更新结果
|
|
|
return resultData;
|
|
|
}
|
|
|
- //注意系统定时任务需要检测用户心跳,如果超时未上报心跳则需要调用loginOut将对应的用户登出
|
|
|
|
|
|
|
|
|
private Optional<String> getValue(String key, Map<String, Object> data) {
|
