|
|
@@ -6,6 +6,9 @@ import com.fasterxml.jackson.core.JsonProcessingException;
|
|
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
|
import org.bfkj.apos.Log;
|
|
|
import org.bfkj.domain.*;
|
|
|
+import org.bfkj.domain.log.Applog;
|
|
|
+import org.bfkj.domain.log.LogEntity;
|
|
|
+import org.bfkj.domain.log.Userlog;
|
|
|
import org.bfkj.dtos.R;
|
|
|
import org.bfkj.dtos.ServiceDto;
|
|
|
import org.bfkj.services.cache.CodeCacheService;
|
|
|
@@ -21,14 +24,8 @@ import java.util.*;
|
|
|
public class SecurityService {
|
|
|
|
|
|
|
|
|
- private DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
|
|
|
-
|
|
|
private final static Map<String, List<String>> alias = new HashMap<>();
|
|
|
|
|
|
- private ObjectMapper objectMapper = new ObjectMapper() {{
|
|
|
- setSerializationInclusion(JsonInclude.Include.NON_NULL);
|
|
|
- }};
|
|
|
-
|
|
|
static {
|
|
|
alias.put("appid", List.of("appid", "app_id", "appId", "APPID"));
|
|
|
alias.put("appsecret", List.of("appSecret", "app_secret", "APP_SECRET", "appsecret", "APPSECRET"));
|
|
|
@@ -46,6 +43,10 @@ public class SecurityService {
|
|
|
private final PermissionsService permissionsService;
|
|
|
private final UserinfoService userinfoService;
|
|
|
private final CodeCacheService codeCacheService;
|
|
|
+ private DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
|
|
|
+ private ObjectMapper objectMapper = new ObjectMapper() {{
|
|
|
+ setSerializationInclusion(JsonInclude.Include.NON_NULL);
|
|
|
+ }};
|
|
|
|
|
|
public SecurityService(ApplicationService applicationService, ApplicationconnectlogService applicationconnectlogService, UserloginlogService userloginlogService, PermissionsService permissionsService, UserinfoService userinfoService, CodeCacheService codeCacheService) {
|
|
|
this.applicationService = applicationService;
|
|
|
@@ -59,12 +60,12 @@ public class SecurityService {
|
|
|
//安全类服务
|
|
|
//连接认证--获取连接令牌
|
|
|
@Log(Log.LogType.APP)
|
|
|
- public ServiceDto<Map<String, Object>,Object> getToken(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> getToken(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
Optional<String> appid = getValue("appid", requestData);
|
|
|
Optional<String> appSecret = getValue("appsecret", requestData);
|
|
|
Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
- ServiceDto<Map<String, Object>,Object> serviceDto = new ServiceDto<>();
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> serviceDto = new ServiceDto<>();
|
|
|
Application application = null;
|
|
|
if (appid.isPresent() && appSecret.isPresent()) {
|
|
|
// 无条件删除过期的数据
|
|
|
@@ -108,54 +109,75 @@ public class SecurityService {
|
|
|
serviceDto.setSuccess(false);
|
|
|
serviceDto.setReturnData(R.fail("-1", "appid 或者 appSecret 错误"));
|
|
|
}
|
|
|
-// logtime, appid, apiname, requestip, sessionid, inputdata, outputdata;
|
|
|
- List<Object> logData = new ArrayList<>();
|
|
|
- logData.add(LocalDateTime.now());
|
|
|
- logData.add(appid.get());
|
|
|
- logData.add((Objects.nonNull(application) ? application.getAppname() : null));
|
|
|
- logData.add(requestIp.get());
|
|
|
- logData.add(sessionId.get());
|
|
|
- logData.add(objectMapper.writeValueAsString(requestData));
|
|
|
- logData.add(objectMapper.writeValueAsString(serviceDto.getReturnData()));
|
|
|
+ Applog logData = new Applog();
|
|
|
+ logData.setAppid(appid.orElse(null));
|
|
|
+ logData.setApiname((Objects.nonNull(application) ? application.getAppname() : null));
|
|
|
+ logData.setRequestip(requestIp.get());
|
|
|
+ logData.setSessionid(sessionId.get());
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(serviceDto.getReturnData()));
|
|
|
serviceDto.setLogData(logData);
|
|
|
return serviceDto;
|
|
|
}
|
|
|
|
|
|
//校验连接令牌
|
|
|
- public ServiceDto<Map<String, Object>,Object> verifyToken(Map<String, Object> requestData) {
|
|
|
+ @Log(Log.LogType.APP)
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> verifyToken(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
Optional<String> token = getValue("token", requestData);
|
|
|
|
|
|
Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
|
|
|
- ServiceDto<Map<String, Object>,Object> serviceDto = new ServiceDto<>();
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> serviceDto = new ServiceDto<>();
|
|
|
+ String appid = null;
|
|
|
if (token.isEmpty()) {
|
|
|
serviceDto.setSuccess(false);
|
|
|
serviceDto.setReturnData(R.fail("-1", "token错误"));
|
|
|
} else {
|
|
|
Appconnectlog applicationLog = applicationconnectlogService.findByTokenAndRequestIp(token.get(), requestIp.get());
|
|
|
- if (LocalDateTime.now().isAfter(applicationLog.getExpiretime())) {
|
|
|
- serviceDto.setSuccess(false);
|
|
|
- serviceDto.setReturnData(R.fail("-1", "token已过期"));
|
|
|
- } else {
|
|
|
- serviceDto.setSuccess(true);
|
|
|
|
|
|
+ if (Objects.nonNull(applicationLog)) {
|
|
|
+ appid = applicationLog.getAppid();
|
|
|
+ if (LocalDateTime.now().isAfter(applicationLog.getExpiretime())) {
|
|
|
+ serviceDto.setSuccess(false);
|
|
|
+ serviceDto.setReturnData(R.fail("-1", "token已过期"));
|
|
|
+ } else {
|
|
|
+ serviceDto.setSuccess(true);
|
|
|
+
|
|
|
+ Map<String, Object> data = new HashMap<>();
|
|
|
+ data.put("validstatus", true);
|
|
|
+ data.put("appid", applicationLog.getAppid());
|
|
|
+ serviceDto.setReturnData(R.success("0", "token校验通过", data));
|
|
|
+ }
|
|
|
+ } else {
|
|
|
Map<String, Object> data = new HashMap<>();
|
|
|
- data.put("validstatus", true);
|
|
|
- data.put("appid", applicationLog.getAppid());
|
|
|
- serviceDto.setReturnData(R.success("0", "token校验通过", data));
|
|
|
+ data.put("validstatus", false);
|
|
|
+ serviceDto.setReturnData(R.success("-1", "token校验通过", data));
|
|
|
}
|
|
|
}
|
|
|
+ Applog logData = new Applog();
|
|
|
+ logData.setAppid(appid);
|
|
|
+ Application application = applicationService.findByAppId(appid);
|
|
|
+
|
|
|
+ logData.setApiname((Objects.nonNull(application) ? application.getAppname() : null));
|
|
|
+
|
|
|
+ logData.setRequestip(requestIp.get());
|
|
|
+ Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
+ logData.setSessionid(sessionId.get());
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(serviceDto.getReturnData()));
|
|
|
+ serviceDto.setLogData(logData);
|
|
|
return serviceDto;
|
|
|
}
|
|
|
|
|
|
//刷新连接令牌
|
|
|
- public ServiceDto<Map<String, Object>,Object> refreshToken(Map<String, Object> requestData) {
|
|
|
- ServiceDto<Map<String, Object>,Object> verified = verifyToken(requestData);
|
|
|
+ @Log(Log.LogType.APP)
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> refreshToken(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> verified = verifyToken(requestData);
|
|
|
|
|
|
if (!verified.isSuccess()) {
|
|
|
return verified;
|
|
|
}
|
|
|
- ServiceDto<Map<String, Object>,Object> resultData = new ServiceDto<>();
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> resultData = new ServiceDto<>();
|
|
|
Optional<String> requestIp = getValue("requestIp", requestData);
|
|
|
Optional<String> token = getValue("token", requestData);
|
|
|
String appid = (String) verified.getReturnData().getReturnData().get("appid");
|
|
|
@@ -173,111 +195,156 @@ public class SecurityService {
|
|
|
resultData.setSuccess(false);
|
|
|
}
|
|
|
|
|
|
+ Applog logData = new Applog();
|
|
|
+ logData.setAppid(appid);
|
|
|
|
|
|
+ logData.setApiname((Objects.nonNull(application) ? application.getAppname() : null));
|
|
|
+
|
|
|
+ logData.setRequestip(requestIp.get());
|
|
|
+ Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
+ logData.setSessionid(sessionId.get());
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(resultData.getReturnData()));
|
|
|
+ resultData.setLogData(logData);
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
//获取登录验证码
|
|
|
- public ServiceDto<Map<String, Object>,Object> verifyCode(Map<String, Object> requestData) {
|
|
|
- ServiceDto<Map<String, Object>,Object> resultData = new ServiceDto<>();
|
|
|
- ServiceDto<Map<String, Object>,Object> verified = verifyToken(requestData);
|
|
|
- if (!verified.isSuccess()) {
|
|
|
- return verified;
|
|
|
- }
|
|
|
- String appid = (String) verified.getReturnData().getReturnData().get("appid");
|
|
|
+ @Log(Log.LogType.APP)
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> verifyCode(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
+
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> resultData = verifyToken(requestData);
|
|
|
+ Optional<String> appidOpt = Optional.empty();
|
|
|
+ Optional<String> appnameOpt = Optional.empty();
|
|
|
Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
- Application application = applicationService.findByAppId(appid);
|
|
|
- String securitycoderule = application.getSecuritycoderule();
|
|
|
- Long securitycodeeffective = application.getSecuritycodeeffective();
|
|
|
- Integer securitycoderulelength = application.getSecuritycoderulelength();
|
|
|
- Map<String, Object> codeMap = RandomGraphic.generateVerifyCode(securitycoderulelength, securitycoderule);
|
|
|
-
|
|
|
- String code = codeMap.get("verifyCode").toString();
|
|
|
- String verifyCodeImage = codeMap.get("verifyCodeImage").toString();
|
|
|
- codeCacheService.addCode(code, sessionId.get(), appid, securitycodeeffective, requestIp.get());
|
|
|
+ if (resultData.isSuccess()) {
|
|
|
+ String appid = (String) resultData.getReturnData().getReturnData().get("appid");
|
|
|
+ appidOpt.of(appid);
|
|
|
+ Application application = applicationService.findByAppId(appid);
|
|
|
+ if (Objects.nonNull(application)) {
|
|
|
+ appnameOpt.of(application.getAppname());
|
|
|
+ String securitycoderule = application.getSecuritycoderule();
|
|
|
+ Long securitycodeeffective = application.getSecuritycodeeffective();
|
|
|
+ Integer securitycoderulelength = application.getSecuritycoderulelength();
|
|
|
+ Map<String, Object> codeMap = RandomGraphic.generateVerifyCode(securitycoderulelength, securitycoderule);
|
|
|
+
|
|
|
+ String code = codeMap.get("verifyCode").toString();
|
|
|
+ String verifyCodeImage = codeMap.get("verifyCodeImage").toString();
|
|
|
+ codeCacheService.addCode(code, sessionId.get(), appid, securitycodeeffective, requestIp.get());
|
|
|
+
|
|
|
// 编译后的验证码
|
|
|
- Map<String, Object> data = new HashMap<>();
|
|
|
- data.put("verifyCodeImage", verifyCodeImage);
|
|
|
- resultData.setReturnData(R.success("0", data));
|
|
|
- resultData.setSuccess(true);
|
|
|
+ Map<String, Object> data = new HashMap<>();
|
|
|
+ data.put("verifyCodeImage", verifyCodeImage);
|
|
|
+ resultData.setReturnData(R.success("0", data));
|
|
|
+ resultData.setSuccess(true);
|
|
|
+
|
|
|
+ }
|
|
|
+ }
|
|
|
+ Applog logData = new Applog();
|
|
|
+ logData.setAppid(appidOpt.orElse(null));
|
|
|
+
|
|
|
+ logData.setApiname(appnameOpt.orElse(null));
|
|
|
+
|
|
|
+ logData.setRequestip(requestIp.get());
|
|
|
+ logData.setSessionid(sessionId.get());
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(resultData.getReturnData()));
|
|
|
+ resultData.setLogData(logData);
|
|
|
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
|
|
|
//用户登录
|
|
|
- public ServiceDto<Map<String, Object>,Object> login(Map<String, Object> requestData) {
|
|
|
+ @Log(Log.LogType.USER)
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> login(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
// 首先,通过verifyToken方法验证app的令牌(token)是否有效(返回是否有效、appid)。
|
|
|
- ServiceDto<Map<String, Object>,Object> resultData = new ServiceDto<>();
|
|
|
- ServiceDto<Map<String, Object>,Object> verified = verifyToken(requestData);
|
|
|
- if (!verified.isSuccess()) {
|
|
|
- return verified;
|
|
|
- }
|
|
|
-
|
|
|
- String appid = verified.getReturnData().getReturnData().get("appid").toString();
|
|
|
Optional<String> requestip = getValue("requestip", requestData);
|
|
|
Optional<String> sessionid = getValue("sessionid", requestData);
|
|
|
Optional<String> username = getValue("username", requestData);
|
|
|
Optional<String> password = getValue("password", requestData);
|
|
|
Optional<String> verifycode = getValue("verifycode", requestData);
|
|
|
- Application application = applicationService.findByAppId(appid);
|
|
|
- String securitycoderule = application.getSecuritycoderule();
|
|
|
- if (Objects.nonNull(securitycoderule) && !codeCacheService.check(verifycode.get(), sessionid.get(), appid, requestip.get())) {
|
|
|
- resultData.setSuccess(false);
|
|
|
- resultData.setReturnData(R.fail("-1", "验证码错误"));
|
|
|
- return resultData;
|
|
|
- }
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> resultData = verifyToken(requestData);
|
|
|
+ Optional<Long> userid = Optional.empty();
|
|
|
+ if (resultData.isSuccess()) {
|
|
|
|
|
|
- Userinfo userinfo = userinfoService.findByUsernameAndPassword(username.get(), password.get());
|
|
|
- if (Objects.isNull(userinfo)) {
|
|
|
- resultData.setSuccess(false);
|
|
|
- resultData.setReturnData(R.fail("-1", "用户名或密码错误"));
|
|
|
- return resultData;
|
|
|
- }
|
|
|
+ String appid = resultData.getReturnData().getReturnData().get("appid").toString();
|
|
|
|
|
|
- Userloginlog userloginlog = userloginlogService.findByUserIdAndSessionId(userinfo.getUserid(), sessionid.get());
|
|
|
+ Application application = applicationService.findByAppId(appid);
|
|
|
+ String securitycoderule = application.getSecuritycoderule();
|
|
|
+// if (Objects.nonNull(securitycoderule) && !codeCacheService.check(verifycode.get(), sessionid.get(), appid, requestip.get())) {
|
|
|
+// resultData.setSuccess(false);
|
|
|
+// resultData.setReturnData(R.fail("-1", "验证码错误"));
|
|
|
+// return resultData;
|
|
|
+// }
|
|
|
|
|
|
- Map<String, Object> data = new HashMap<>();
|
|
|
- if (Objects.nonNull(userloginlog)) {
|
|
|
|
|
|
- data.put("userstatus", "2");
|
|
|
- resultData.setSuccess(true);
|
|
|
- resultData.setReturnData(R.fail("0", "data"));
|
|
|
- return resultData;
|
|
|
- }
|
|
|
- Integer multilogin = application.getMultilogin();
|
|
|
- Appconnectlog appconnectlog = new Appconnectlog();
|
|
|
- if (1 == multilogin) {
|
|
|
- applicationconnectlogService.save(appconnectlog);
|
|
|
+ Userinfo userinfo = userinfoService.findByUsernameAndPassword(username.get(), password.get());
|
|
|
+ userid.ofNullable(userinfo.getUserid());
|
|
|
+ if (Objects.isNull(userinfo)) {
|
|
|
+ resultData.setSuccess(false);
|
|
|
+ resultData.setReturnData(R.fail("-1", "用户名或密码错误"));
|
|
|
+ } else {
|
|
|
|
|
|
- data.put("userstatus", "0");
|
|
|
- resultData.setSuccess(true);
|
|
|
- resultData.setReturnData(R.fail("0", "data"));
|
|
|
- return resultData;
|
|
|
- }
|
|
|
+ Userloginlog userloginlog = userloginlogService.findByUserIdAndSessionId(userinfo.getUserid(), sessionid.get());
|
|
|
+
|
|
|
+ Map<String, Object> data = new HashMap<>();
|
|
|
+ if (Objects.nonNull(userloginlog)) {
|
|
|
+
|
|
|
+ data.put("userstatus", "2");
|
|
|
+ resultData.setSuccess(true);
|
|
|
+
|
|
|
+ resultData.setReturnData(R.success("0", data));
|
|
|
+ } else {
|
|
|
+ Integer multilogin = application.getMultilogin();
|
|
|
+ Optional<String> token = getValue("token", requestData);
|
|
|
+ if (1 == multilogin) {
|
|
|
+ userloginlogService.insertUserLoginLog(requestip.get(), sessionid.get(), userinfo.getUserid(), null, token.get(), appid);
|
|
|
+
|
|
|
+ data.put("userstatus", "0");
|
|
|
+ resultData.setSuccess(true);
|
|
|
+ resultData.setReturnData(R.success("0", data));
|
|
|
+ } else {
|
|
|
|
|
|
|
|
|
- List<Userloginlog> userloginlogs = userloginlogService.findByUserId(userinfo.getUserid());
|
|
|
+ List<Userloginlog> userloginlogs = userloginlogService.findByUserId(userinfo.getUserid());
|
|
|
// 没有登录
|
|
|
- if (userloginlogs.isEmpty()) {
|
|
|
- data.put("userstatus", "0");
|
|
|
- resultData.setSuccess(true);
|
|
|
- resultData.setReturnData(R.fail("0", "data"));
|
|
|
- } else {
|
|
|
- data.put("userstatus", "1");
|
|
|
- resultData.setSuccess(true);
|
|
|
- resultData.setReturnData(R.fail("0", "data"));
|
|
|
+ if (userloginlogs.isEmpty()) {
|
|
|
+ data.put("userstatus", "0");
|
|
|
+ resultData.setSuccess(true);
|
|
|
+ resultData.setReturnData(R.fail("0", "data"));
|
|
|
+ } else {
|
|
|
+ data.put("userstatus", "1");
|
|
|
+ resultData.setSuccess(true);
|
|
|
+ resultData.setReturnData(R.fail("0", "data"));
|
|
|
+ }
|
|
|
+ Appconnectlog appconnectlog = new Appconnectlog();
|
|
|
+ appconnectlog.setApptoken(appconnectlog.getApptoken());
|
|
|
+ appconnectlog.setAppid(appid);
|
|
|
+ appconnectlog.setLasttime(LocalDateTime.now());
|
|
|
+ appconnectlog.setRequesttime(LocalDateTime.now());
|
|
|
+ appconnectlog.setRequestip(requestip.get());
|
|
|
+ appconnectlog.setExpiretime(LocalDateTime.now().plusSeconds(application.getApptokeneffective()));
|
|
|
+ applicationconnectlogService.save(appconnectlog);
|
|
|
+
|
|
|
+ codeCacheService.remove(verifycode.get(), sessionid.get(), appid, requestip.get());
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
- appconnectlog.setApptoken(appconnectlog.getApptoken());
|
|
|
- appconnectlog.setAppid(appid);
|
|
|
- appconnectlog.setLasttime(LocalDateTime.now());
|
|
|
- appconnectlog.setRequesttime(LocalDateTime.now());
|
|
|
- appconnectlog.setRequestip(requestip.get());
|
|
|
- appconnectlog.setExpiretime(LocalDateTime.now().plusSeconds(application.getApptokeneffective()));
|
|
|
- applicationconnectlogService.save(appconnectlog);
|
|
|
-
|
|
|
- codeCacheService.remove(verifycode.get(), sessionid.get(), appid, requestip.get());
|
|
|
+
|
|
|
+ Userlog logData = new Userlog();
|
|
|
+ logData.setUserid(userid.orElse(null));
|
|
|
+
|
|
|
+ logData.setUsername(username.orElse(null));
|
|
|
+
|
|
|
+ logData.setRequestip(requestip.get());
|
|
|
+ Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
+ logData.setSessionid(sessionId.orElse(null));
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(resultData.getReturnData()));
|
|
|
+ resultData.setLogData(logData);
|
|
|
return resultData;
|
|
|
|
|
|
|
|
|
@@ -313,43 +380,59 @@ public class SecurityService {
|
|
|
|
|
|
|
|
|
//强制登录
|
|
|
- public ServiceDto<Map<String, Object>,Object> forceLogin(Map<String, Object> requestData) {
|
|
|
-
|
|
|
- ServiceDto<Map<String, Object>,Object> verified = verifyToken(requestData);
|
|
|
- if (!verified.isSuccess()) {
|
|
|
- return verified;
|
|
|
- }
|
|
|
+ @Log(Log.LogType.USER)
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> forceLogin(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
Optional<String> requestip = getValue("requestip", requestData);
|
|
|
Optional<String> sessionid = getValue("sessionid", requestData);
|
|
|
- Optional<String> apptoken = getValue("token", requestData);
|
|
|
- String appid = verified.getReturnData().getReturnData().get("appid").toString();
|
|
|
- Application application = applicationService.findByAppId(appid);
|
|
|
- ServiceDto<Map<String, Object>,Object> result = new ServiceDto<>();
|
|
|
- result.setSuccess(false);
|
|
|
- if (Objects.isNull(application)) {
|
|
|
- result.setReturnData(R.fail("-1", "没有找到应用配置"));
|
|
|
- return result;
|
|
|
- }
|
|
|
- Userloginlog userloginlog = userloginlogService.findByAppTokenAndSessionIdAndRequestIp(apptoken.get(), sessionid.get(), requestip.get());
|
|
|
- if (Objects.isNull(userloginlog)) {
|
|
|
- result.setReturnData(R.fail("-1", "登录失败"));
|
|
|
- return result;
|
|
|
- }
|
|
|
- Long securitycodeeffective = application.getSecuritycodeeffective();
|
|
|
- LocalDateTime expiresTime = LocalDateTime.now().plusSeconds(securitycodeeffective);
|
|
|
- String userToken = CommonUtil.toMD5("%s:%s".formatted(LocalDateTime.now(), sessionid.get()));
|
|
|
- userloginlogService.updateUserToken(userloginlog.getLoginid(), userToken);
|
|
|
- result.setSuccess(true);
|
|
|
- HashMap<String, Object> data = new HashMap<>();
|
|
|
- data.put("expirestime", expiresTime);
|
|
|
- data.put("usertoken", userToken);
|
|
|
- result.setReturnData(R.success("0", data));
|
|
|
- Integer multilogin = application.getMultilogin();
|
|
|
- if (multilogin == 1) {
|
|
|
- userloginlogService.removeByLogIdAndUserIdAndAppId(userloginlog.getLoginid(), userloginlog.getUserid(), userloginlog.getAppid());
|
|
|
- } else {
|
|
|
- userloginlogService.removeExpires();
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> result = verifyToken(requestData);
|
|
|
+ Optional<Long> userid = Optional.empty();
|
|
|
+ Optional<String> username = Optional.empty();
|
|
|
+ if (result.isSuccess()) {
|
|
|
+ Optional<String> apptoken = getValue("token", requestData);
|
|
|
+ String appid = result.getReturnData().getReturnData().get("appid").toString();
|
|
|
+ Application application = applicationService.findByAppId(appid);
|
|
|
+ result.setSuccess(false);
|
|
|
+ if (Objects.isNull(application)) {
|
|
|
+ result.setReturnData(R.fail("-1", "没有找到应用配置"));
|
|
|
+ } else {
|
|
|
+ Userloginlog userloginlog = userloginlogService.findByAppTokenAndSessionIdAndRequestIp(apptoken.get(), sessionid.get(), requestip.get());
|
|
|
+ if (Objects.isNull(userloginlog)) {
|
|
|
+ result.setReturnData(R.fail("-1", "登录失败"));
|
|
|
+ } else {
|
|
|
+ userid.of(userloginlog.getUserid());
|
|
|
+ Userinfo userinfo = userinfoService.findByUserId(userid.get());
|
|
|
+ username.of(userinfo.getUsername());
|
|
|
+ Long securitycodeeffective = application.getSecuritycodeeffective();
|
|
|
+ LocalDateTime expiresTime = LocalDateTime.now().plusSeconds(securitycodeeffective);
|
|
|
+ String userToken = CommonUtil.toMD5("%s:%s".formatted(LocalDateTime.now(), sessionid.get()));
|
|
|
+ userloginlogService.updateUserToken(userloginlog.getLoginid(), userToken);
|
|
|
+ result.setSuccess(true);
|
|
|
+ HashMap<String, Object> data = new HashMap<>();
|
|
|
+ data.put("expirestime", expiresTime);
|
|
|
+ data.put("usertoken", userToken);
|
|
|
+ result.setReturnData(R.success("0", data));
|
|
|
+ Integer multilogin = application.getMultilogin();
|
|
|
+ if (multilogin == 1) {
|
|
|
+ userloginlogService.removeByLogIdAndUserIdAndAppId(userloginlog.getLoginid(), userloginlog.getUserid(), userloginlog.getAppid());
|
|
|
+ } else {
|
|
|
+ userloginlogService.removeExpires();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
+
|
|
|
+
|
|
|
+ Userlog logData = new Userlog();
|
|
|
+ logData.setUserid(userid.orElse(null));
|
|
|
+
|
|
|
+ logData.setUsername(username.orElse(null));
|
|
|
+
|
|
|
+
|
|
|
+ logData.setRequestip(requestip.get());
|
|
|
+ logData.setSessionid(sessionid.orElse(null));
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(result.getReturnData()));
|
|
|
+ result.setLogData(logData);
|
|
|
return result;
|
|
|
// 获取请求数据中的apptoken、sessionid和requestip。
|
|
|
// 首先,通过verifyToken方法验证app的令牌(token)是否有效(返回是否有效、appid)。
|
|
|
@@ -372,14 +455,14 @@ public class SecurityService {
|
|
|
|
|
|
}
|
|
|
|
|
|
- private ServiceDto<Map<String, Object>,Object> checkUserToken(Map<String, Object> requestData) {
|
|
|
+ private ServiceDto<Map<String, Object>, LogEntity> checkUserToken(Map<String, Object> requestData) {
|
|
|
Optional<String> userToken = getValue("usertoken", requestData);
|
|
|
Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Userloginlog userloginlog = userloginlogService.findByUserToken(userToken.get(), sessionId.get());
|
|
|
|
|
|
String appid = userloginlog.getAppid();
|
|
|
Application application = applicationService.findByAppId(appid);
|
|
|
- ServiceDto<Map<String, Object>,Object> result = new ServiceDto<>();
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> result = new ServiceDto<>();
|
|
|
if (userloginlog.getLastheartbeat().plusSeconds(application.getApptokeneffective()).isBefore(LocalDateTime.now())) {
|
|
|
result.setSuccess(false);
|
|
|
result.setReturnData(R.fail("-1", "用户token已过期"));
|
|
|
@@ -392,88 +475,123 @@ public class SecurityService {
|
|
|
}
|
|
|
|
|
|
//用户登出
|
|
|
- public ServiceDto<Map<String, Object>,Object> logOut(Map<String, Object> requestData) {
|
|
|
- ServiceDto<Map<String, Object>,Object> resultData = checkUserToken(requestData);
|
|
|
- if (!resultData.isSuccess()) {
|
|
|
- return resultData;
|
|
|
- } else {
|
|
|
-
|
|
|
+ @Log(Log.LogType.USER)
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> logOut(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> resultData = checkUserToken(requestData);
|
|
|
+ Optional<Long> userid = Optional.empty();
|
|
|
+ Optional<String> username = Optional.empty();
|
|
|
+ Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
+ Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
+ if (resultData.isSuccess()) {
|
|
|
Optional<String> userToken = getValue("usertoken", requestData);
|
|
|
- Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Userloginlog userloginlog = userloginlogService.findByUserToken(userToken.get(), sessionId.get());
|
|
|
+ userid.of(userloginlog.getUserid());
|
|
|
+ Userinfo userinfo = userinfoService.findByUserId(userloginlog.getUserid());
|
|
|
+ username.of(userinfo.getUsername());
|
|
|
userloginlogService.removeUserLoginLogByUserId(userloginlog.getUserid());
|
|
|
permissionsService.removePermissions(userloginlog.getUserid());
|
|
|
resultData.setReturnData(R.success("0", "成功", null));
|
|
|
- return resultData;
|
|
|
}
|
|
|
+
|
|
|
+ Userlog logData = new Userlog();
|
|
|
+ logData.setUserid(userid.orElse(null));
|
|
|
+ logData.setUsername(username.orElse(null));
|
|
|
+ logData.setRequestip(requestIp.get());
|
|
|
+ logData.setSessionid(sessionId.get());
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(resultData.getReturnData()));
|
|
|
+ resultData.setLogData(logData);
|
|
|
+ return resultData;
|
|
|
}
|
|
|
|
|
|
|
|
|
//获取用户权限
|
|
|
- public ServiceDto<List<Permissions>,Object> permission(Map<String, Object> requestData) {
|
|
|
+ @Log(Log.LogType.USER)
|
|
|
+ public ServiceDto<List<Permissions>, LogEntity> permission(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
|
|
|
- ServiceDto<Map<String, Object>,Object> checked = checkUserToken(requestData);
|
|
|
- ServiceDto<List<Permissions>,Object> resultData = new ServiceDto<>();
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> checked = checkUserToken(requestData);
|
|
|
+ ServiceDto<List<Permissions>, LogEntity> resultData = new ServiceDto<>();
|
|
|
+ Optional<Long> userid = Optional.empty();
|
|
|
+ Optional<String> username = Optional.empty();
|
|
|
+ Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
+ Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
if (!checked.isSuccess()) {
|
|
|
resultData.setSuccess(false);
|
|
|
resultData.setReturnData(R.fail("-1", checked.getReturnData().getMessage()));
|
|
|
- return resultData;
|
|
|
} else {
|
|
|
Optional<String> userToken = getValue("usertoken", requestData);
|
|
|
- Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Userloginlog userloginlog = userloginlogService.findByUserToken(userToken.get(), sessionId.get());
|
|
|
-
|
|
|
+ userid.of(userloginlog.getUserid());
|
|
|
+ Userinfo userinfo = userinfoService.findByUserId(userloginlog.getUserid());
|
|
|
+ username.of(userinfo.getUsername());
|
|
|
List<Permissions> ps = permissionsService.getPermissions(userloginlog.getUserid().toString());
|
|
|
resultData.setReturnData(R.success("0", ps));
|
|
|
|
|
|
}
|
|
|
+
|
|
|
+ Userlog logData = new Userlog();
|
|
|
+ logData.setUserid(userid.orElse(null));
|
|
|
+ logData.setUsername(username.orElse(null));
|
|
|
+ logData.setRequestip(requestIp.orElse(null));
|
|
|
+ logData.setSessionid(sessionId.orElse(null));
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(resultData.getReturnData()));
|
|
|
+ resultData.setLogData(logData);
|
|
|
return resultData;
|
|
|
}
|
|
|
|
|
|
//应用API及数据权限
|
|
|
- public ServiceDto<Map<String,Object>,Object> changePassword(Map<String, Object> requestData) {
|
|
|
-
|
|
|
- ServiceDto<Map<String, Object>,Object> checked = checkUserToken(requestData);
|
|
|
- ServiceDto<Map<String,Object>,Object> resultData = new ServiceDto<>();
|
|
|
- if (!checked.isSuccess()) {
|
|
|
- resultData.setSuccess(false);
|
|
|
- resultData.setReturnData(R.fail("-1", checked.getReturnData().getMessage()));
|
|
|
- return resultData;
|
|
|
- } else {
|
|
|
+ public ServiceDto<Map<String, Object>, LogEntity> changePassword(Map<String, Object> requestData) throws JsonProcessingException {
|
|
|
+ Optional<Long> userid = Optional.empty();
|
|
|
+ Optional<String> username = Optional.empty();
|
|
|
+ Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
+ Optional<String> requestIp = getValue("requestip", requestData);
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> resultData = checkUserToken(requestData);
|
|
|
+ if (resultData.isSuccess()) {
|
|
|
Optional<String> oldPassword = getValue("oldpassword", requestData);
|
|
|
Optional<String> password = getValue("password", requestData);
|
|
|
|
|
|
Optional<String> userToken = getValue("usertoken", requestData);
|
|
|
- Optional<String> sessionId = getValue("sessionid", requestData);
|
|
|
Userloginlog userloginlog = userloginlogService.findByUserToken(userToken.get(), sessionId.get());
|
|
|
Long userId = userloginlog.getUserid();
|
|
|
+ userid.of(userId);
|
|
|
+
|
|
|
Userinfo userinfo = userinfoService.findByUserId(userId);
|
|
|
if (Objects.nonNull(userinfo)) {
|
|
|
+ username.of(userinfo.getUsername());
|
|
|
String userpassword = userinfo.getUserpassword();
|
|
|
if (!userpassword.equals(oldPassword.get())) {
|
|
|
resultData.setSuccess(false);
|
|
|
resultData.setReturnData(R.fail("-1", "密码错误"));
|
|
|
- return resultData;
|
|
|
} else {
|
|
|
userinfoService.updateUserPassword(userId, password.get());
|
|
|
}
|
|
|
resultData.setSuccess(true);
|
|
|
resultData.setReturnData(R.success("-1", "成功", null));
|
|
|
- return resultData;
|
|
|
} else {
|
|
|
|
|
|
resultData.setSuccess(false);
|
|
|
resultData.setReturnData(R.fail("-1", "用户没有找到"));
|
|
|
- return resultData;
|
|
|
}
|
|
|
|
|
|
}
|
|
|
+
|
|
|
+
|
|
|
+ Userlog logData = new Userlog();
|
|
|
+ logData.setUserid(userid.orElse(null));
|
|
|
+ logData.setUsername(username.orElse(null));
|
|
|
+ logData.setRequestip(requestIp.get());
|
|
|
+ logData.setSessionid(sessionId.get());
|
|
|
+ logData.setInputdata(objectMapper.writeValueAsString(requestData));
|
|
|
+ logData.setOutputdata(objectMapper.writeValueAsString(resultData.getReturnData()));
|
|
|
+ resultData.setLogData(logData);
|
|
|
+ return resultData;
|
|
|
}
|
|
|
|
|
|
//用户心跳
|
|
|
- public ServiceDto<List<Permissions>,Object> userHeartbeat(Map<String, Object> requestData) {
|
|
|
- ServiceDto<Map<String, Object>,Object> checked = checkUserToken(requestData);
|
|
|
- ServiceDto<List<Permissions>,Object> resultData = new ServiceDto<>();
|
|
|
+ public ServiceDto<List<Permissions>, LogEntity> userHeartbeat(Map<String, Object> requestData) {
|
|
|
+ ServiceDto<Map<String, Object>, LogEntity> checked = checkUserToken(requestData);
|
|
|
+ ServiceDto<List<Permissions>, LogEntity> resultData = new ServiceDto<>();
|
|
|
if (!checked.isSuccess()) {
|
|
|
resultData.setSuccess(false);
|
|
|
resultData.setReturnData(R.fail("-1", checked.getReturnData().getMessage()));
|
