Skip to content

S
sv-springboot
Commit dbabcc51 by 宋振民
Options

feat:系统安全功能开发

parent 29a3dcd8
Showing with 866 additions and 52 deletions
hs-admin/src/main/java/com/hs/admin/common/base/PageResult.java
......@@ -5,7 +5,7 @@ import java.util.List;
/**
* 分页返回结果
*/
public class PageResult {
public class PageResult<T> {
/**
* 当前页码
*/
......
hs-admin/src/main/java/com/hs/admin/controller/AuditLogController.java 0 → 100644
package com.hs.admin.controller;
import com.hs.admin.common.Result;
import com.hs.admin.common.annotations.CurrentUser;
import com.hs.admin.common.annotations.Token;
import com.hs.admin.common.base.PageResult;
import com.hs.admin.model.SysRole;
import com.hs.admin.model.SysUser;
import com.hs.admin.model.reqmodel.AddUserReq;
import com.hs.admin.model.reqmodel.AuditLogReq;
import com.hs.admin.model.reqmodel.UpdateUserReq;
import com.hs.admin.model.reqmodel.UserReq;
import com.hs.admin.model.respmodel.SysMenuList;
import com.hs.admin.model.respmodel.SysUserList;
import com.hs.admin.service.AuditLogService;
import com.hs.admin.service.SysMenuService;
import com.hs.admin.service.SysUserRoleRsService;
import com.hs.admin.service.UserService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.annotations.ApiIgnore;
import javax.annotation.Resource;
import javax.validation.Valid;
import java.util.List;
@Api(tags = "审计日志API", produces = "produces", consumes = "consumes", protocols = "protocols")
@RequestMapping("/audit")
@RestController
public class AuditLogController {
@Resource
private AuditLogService logService;
@PostMapping("list")
@Token
@ApiOperation("查询用户分页列表")
public Object getAllByPage(@RequestBody AuditLogReq req) throws Exception {
PageResult result = logService.getAllAuditLog(req);
return Result.success(result);
}
}
hs-admin/src/main/java/com/hs/admin/mapper/AuditLogMapper.java 0 → 100644
package com.hs.admin.mapper;
import com.hs.admin.model.AuditLog;
import org.mapstruct.Mapper;
import java.util.List;
@Mapper
public interface AuditLogMapper {
int insert(AuditLog auditLog);
List<AuditLog> getAllAuditLogs();
}
\ No newline at end of file
hs-admin/src/main/java/com/hs/admin/model/AuditLog.java 0 → 100644
package com.hs.admin.model;
import lombok.Getter;
import lombok.Setter;
import org.springframework.stereotype.Component;
import java.util.Date;
@Getter
@Component
public class AuditLog {
private Long id;
@Setter
private Date createDate;
@Setter
private boolean state;
@Setter
private Long userId;
@Setter
private String userName;
@Setter
private String ip;
@Setter
private int moduleCode;
@Setter
private String operateType;
@Setter
private String describe;
}
hs-admin/src/main/java/com/hs/admin/model/reqmodel/AuditLogReq.java 0 → 100644
package com.hs.admin.model.reqmodel;
import com.hs.admin.common.base.PageRequest;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import java.util.List;
@Data
public class AuditLogReq {
@ApiModelProperty(value = "分页参数", required = true)
@NotBlank(message = "分页参数必传")
private PageRequest page;
@ApiModelProperty(value = "用户名", required = true)
@NotBlank(message = "用户名")
private String userName;
}
hs-admin/src/main/java/com/hs/admin/service/AuditLogService.java 0 → 100644
package com.hs.admin.service;
import com.hs.admin.common.base.PageResult;
import com.hs.admin.model.AuditLog;
import com.hs.admin.model.reqmodel.AuditLogReq;
import java.util.List;
public interface AuditLogService {
int add(AuditLog auditLog);
PageResult getAllAuditLog(AuditLogReq req);
}
hs-admin/src/main/java/com/hs/admin/service/impl/AuditLogServiceImpl.java 0 → 100644
package com.hs.admin.service.impl;
import com.github.pagehelper.PageHelper;
import com.github.pagehelper.PageInfo;
import com.hs.admin.common.base.PageRequest;
import com.hs.admin.common.base.PageResult;
import com.hs.admin.common.utils.AESUtil;
import com.hs.admin.common.utils.PageUtil;
import com.hs.admin.mapper.AuditLogMapper;
import com.hs.admin.model.AuditLog;
import com.hs.admin.model.reqmodel.AuditLogReq;
import com.hs.admin.model.respmodel.SysUserList;
import com.hs.admin.service.AuditLogService;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
@Service
public class AuditLogServiceImpl implements AuditLogService {
@Resource
AuditLogMapper auditLogMapper;
@Override
public int add(AuditLog auditLog) {
int count = auditLogMapper.insert(auditLog);
return count;
}
@Override
public PageResult<AuditLog> getAllAuditLog(AuditLogReq req) {
PageRequest page = req.getPage();
PageHelper.startPage(page.getPageNum(), page.getPageSize());
List<AuditLog> allAuditLogs = auditLogMapper.getAllAuditLogs();
PageResult pageResult = PageUtil.getPageResult(page, new PageInfo<AuditLog>(allAuditLogs));
return pageResult;
}
}
hs-admin/src/main/java/com/hs/admin/service/impl/LoginServiceImpl.java
package com.hs.admin.service.impl;
import com.hs.admin.common.utils.AESUtil;
import com.hs.admin.common.utils.TokenUtil;
import com.hs.admin.mapper.DicOrgMapper;
import com.hs.admin.mapper.SysUserMapper;
......@@ -31,8 +32,8 @@ public class LoginServiceImpl implements LoginService {
LoginInfo loginInfo = new LoginInfo();
SysUser user = userServiceImpl.findByLoginName(logName);
if(user != null && user.getPassword().equals(password)){
String token = TokenUtil.getToken(password,user);
if(user != null && user.getPassword().equals(AESUtil.encrypt(password))){
String token = TokenUtil.getToken(AESUtil.encrypt(password),user);
//修改ip以及最后登录时间
user.setLastIp(ip);
user.setLastTime(new Date());
......
hs-admin/src/main/java/com/hs/admin/service/impl/UserServiceImpl.java
......@@ -49,7 +49,7 @@ public class UserServiceImpl implements UserService {
SysUser sysUser = new SysUser();
sysUser.setUserCode(user.getUserCode());
sysUser.setUserName(user.getUserName());
sysUser.setPassword(user.getPassword());
sysUser.setPassword(AESUtil.encrypt(user.getPassword()));
sysUser.setIdcard(user.getIdcard());
sysUser.setMobile(user.getMobile());
sysUser.setSex(user.getSex());
......@@ -106,7 +106,7 @@ public class UserServiceImpl implements UserService {
//修改用户
sysUser.setUserCode(user.getUserCode());
sysUser.setUserName(user.getUserName());
sysUser.setPassword(user.getPassword());
sysUser.setPassword(AESUtil.encrypt(user.getPassword()));
sysUser.setIdcard(user.getIdcard());
sysUser.setMobile(user.getMobile());
sysUser.setSex(user.getSex());
......@@ -141,13 +141,13 @@ public class UserServiceImpl implements UserService {
PageRequest page = user.getPage();
PageHelper.startPage(page.getPageNum(), page.getPageSize());
List<SysUserList> sysMenus = sysUserMapper.selectUserList();
List<SysUserList> sysUserLists = new ArrayList<>();
/*List<SysUserList> sysUserLists = new ArrayList<>();
sysMenus.forEach(sysUserList -> {
String password = sysUserList.getPassword();
String encrypt = AESUtil.encrypt(password);
sysUserList.setPassword(encrypt);
sysUserLists.add(sysUserList);
});
});*/
PageResult pageResult = PageUtil.getPageResult(page, new PageInfo<SysUserList>(sysMenus));
return pageResult;
}
......@@ -155,7 +155,9 @@ public class UserServiceImpl implements UserService {
@Override
public SysUserList info(Integer userId) {
SysUserList sysUser = sysUserMapper.selectUserById(userId);
sysUser.setPassword(AESUtil.encrypt(sysUser.getPassword()));
/*sysUser.setPassword(AESUtil.encrypt(sysUser.getPassword()));*/
return sysUser;
}
}
hs-admin/src/main/resources/mapper/AuditLogMapper.xml 0 → 100644
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.hs.admin.mapper.AuditLogMapper">
<resultMap id="BaseResultMap" type="com.hs.admin.model.AuditLog">
<id column="ID" jdbcType="DECIMAL" property="id"/>
<result column="CREATE_DATE" jdbcType="TIMESTAMP" property="createDate"/>
<result column="USER_ID" jdbcType="DECIMAL" property="userId"/>
<result column="USER_NAME" jdbcType="VARCHAR" property="userName"/>
<result column="STATE" jdbcType="BOOLEAN" property="state"/>
<result column="IP" jdbcType="VARCHAR" property="ip"/>
<result column="MODULE_CODE" jdbcType="INTEGER" property="moduleCode"/>
<result column="OPERATE_TYPE" jdbcType="VARCHAR" property="operateType"/>
<result column="DESCRIBE" jdbcType="VARCHAR" property="describe"/>
</resultMap>
<insert id="insert" parameterType="com.hs.admin.model.AuditLog">
<selectKey keyProperty="id" order="AFTER" resultType="java.lang.Long">
SELECT LAST_INSERT_ID()
</selectKey>
insert into audit_log (CREATE_DATE, `STATE`,
USER_ID, IP, MODULE_CODE, OPERATE_TYPE, `DESCRIBE`
)
values (#{createDate,jdbcType=TIMESTAMP}, #{state,jdbcType=DECIMAL}, #{userId,jdbcType=DECIMAL},
#{ip,jdbcType=VARCHAR}, #{moduleCode,jdbcType=VARCHAR}, #{operateType,jdbcType=DECIMAL}, #{describe,jdbcType=VARCHAR}
)
</insert>
<select id="getAllAuditLogs" resultMap="BaseResultMap">
SELECT
al.*,
su.user_name
FROM
audit_log al
LEFT JOIN sys_user su ON su.id = al.user_id
WHERE
al.state = 1
ORDER BY
al.create_date DESC
</select>
</mapper>
\ No newline at end of file
hs-admin/src/test/java/com/hs/admin/AuditLogServiceTest.java 0 → 100644
package com.hs.admin;
import com.hs.admin.model.AuditLog;
import com.hs.admin.model.reqmodel.UpdateUserReq;
import com.hs.admin.model.respmodel.SysUserList;
import com.hs.admin.service.AuditLogService;
import com.hs.admin.service.LoginService;
import com.hs.admin.service.UserService;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.junit4.SpringRunner;
import java.util.ArrayList;
import java.util.List;
@RunWith(SpringRunner.class)
@SpringBootTest(classes = HsAdminApplicationTests.class)
public class AuditLogServiceTest {
@Autowired
private AuditLogService auditLogService;
@Test
public void testInfo() {
/*List<AuditLog> list = auditLogService.getAllAuditLog();
System.out.println(list);
UserReq.GetUserReq userReq = new UserReq.GetUserReq();
PageRequest page = new PageRequest();
page.setPageNum(1);
page.setPageSize(10);
userReq.setUserName("hospital");
userReq.setPage(page);
PageResult all = userService.getAllByPage(userReq);
System.out.println(all);*/
}
}
hs-api/src/main/java/com/hs/api/common/Result.java
......@@ -78,6 +78,7 @@ public class Result<T> {
public static enum ErrorCode {
SUCCESS(1,"成功","success"),
INVALID_TOKEN(401,"无效的TOKEN","invalid token"),
KICK_OUT_TOKEN(402,"账号被踢出","token kicked out"),
ERROR(400,"错误","error"),
USERERROR(2,"账号或密码错误","wrong account or password");
private int code;
......
hs-api/src/main/java/com/hs/api/common/annotations/Audit.java 0 → 100644
package com.hs.api.common.annotations;
import com.hs.api.common.enums.AuditLogType;
import org.springframework.core.annotation.AliasFor;
import java.lang.annotation.*;
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Audit {
/* *//**
* 模块代码
*//*
int moduleCode() default -1;
*//**
* 操作类型
*//*
String operateType() default "";
*//**
* 描述
*//*
String describe() default "";*/
/**
* 日志类型
*/
AuditLogType type();
}
hs-api/src/main/java/com/hs/api/common/aspect/AuditAspect.java 0 → 100644
package com.hs.api.common.aspect;
import com.hs.api.common.Result;
import com.hs.api.common.annotations.Audit;
import com.hs.api.common.enums.AuditLogType;
import com.hs.api.model.AuditLog;
import com.hs.api.model.SysUser;
import com.hs.api.model.respmodel.LoginInfo;
import com.hs.api.service.AuditLogService;
import com.hs.api.service.UserService;
import com.hs.common.utils.HttpUtil;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.*;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.Date;
@Aspect
@Component
public class AuditAspect {
@Resource
AuditLogService auditLogService;
@Resource
private UserService userServiceImpl;
@Resource
AuditLog auditLog;
@Pointcut("@annotation(com.hs.api.common.annotations.Audit)")
public void audit() {
}
@Before("audit()")
public void beforeExec(JoinPoint joinPoint) {
}
@After("audit()")
public void afterExec(JoinPoint joinPoint) {
}
@Around("audit()")
public Object aroundExec(ProceedingJoinPoint pjp) throws Throwable {
Object result = pjp.proceed();
return result;
}
/**
* 带参返回
*/
@AfterReturning(pointcut = "audit()", returning = "rc")
public void afterReturning(JoinPoint joinPoint, Result rc) {
if(rc.getCode() == Result.ErrorCode.SUCCESS.getCode()) {
LoginInfo loginInfo = (LoginInfo) rc.getData();
SysUser user = loginInfo.getUser();
if (user==null) return;
HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
String ip = HttpUtil.getIP(request);
MethodSignature ms = (MethodSignature) joinPoint.getSignature();
Method method = ms.getMethod();
Audit audit = method.getAnnotation(Audit.class);
AuditLogType auditType = audit.type();
int moduleCode = auditType.getModuleCode();
String operateType = auditType.getOperateType();
String describe = auditType.getDescribe();
auditLog.setCreateDate(new Date());
auditLog.setState(true);
auditLog.setUserId(user.getId());
auditLog.setIp(ip);
auditLog.setModuleCode(moduleCode);
auditLog.setOperateType(operateType);
auditLog.setDescribe(describe);
auditLogService.add(auditLog);
}
}
}
hs-api/src/main/java/com/hs/api/common/enums/AuditLogType.java 0 → 100644
package com.hs.api.common.enums;
public enum AuditLogType {
LOGIN(1, "login","用户登录"),
LOGOUT(2, "logout","用户注销");
private int moduleCode;
private String operateType;
private String describe;
AuditLogType(int moduleCode, String operateType, String describe) {
this.moduleCode = moduleCode;
this.operateType = operateType;
this.describe = describe;
}
public int getModuleCode() {
return moduleCode;
}
public void setModuleCode(int moduleCode) {
this.moduleCode = moduleCode;
}
public String getOperateType() {
return operateType;
}
public void setOperateType(String operateType) {
this.operateType = operateType;
}
public String getDescribe() {
return describe;
}
public void setDescribe(String describe) {
this.describe = describe;
}
}
hs-api/src/main/java/com/hs/api/common/enums/SysConfigKeyType.java
......@@ -9,7 +9,9 @@ import java.util.Map;
public enum SysConfigKeyType {
MAC_ADDRESS_RANGE("MAC_ADDRESS_RANGE","MAC地址范围过滤"),
MAC_BINDING("MAC_BINDING","MAC地址绑定"),
PWD_TIME_LIMIT("PWD_TIME_LIMIT","密码有效期");
PWD_TIME_LIMIT("PWD_TIME_LIMIT","密码有效期"),
SIMULTAN_ONLINE_NUM("SIMULTAN_ONLINE_NUM","密码有效期"),
LOGIN_ERROR_TIMES("LOGIN_ERROR_TIMES","登录失败次数限制");
private String code;
private String desc;
......
hs-api/src/main/java/com/hs/api/common/intercepters/LoginInterceptor.java
......@@ -2,8 +2,14 @@ package com.hs.api.common.intercepters;
import com.hs.api.common.Constants;
import com.hs.api.common.Result;
import com.hs.api.common.enums.SysConfigKeyType;
import com.hs.api.common.utils.TokenUtil;
import com.hs.api.model.SysUser;
import com.hs.api.service.SysConfigService;
import com.hs.common.utils.RedisUtil;
import com.hs.common.utils.StringUtil;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
......@@ -11,39 +17,55 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.List;
public class LoginInterceptor implements HandlerInterceptor {
Logger logger = org.slf4j.LoggerFactory.getLogger(LoginInterceptor.class);
@Autowired
private SysConfigService sysConfigService;
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response,Object handler) throws Exception {
System.out.println("LoginInterceptor----------->preHandle");
String token = request.getHeader(Constants.TOKEN_KEY);
if(!TokenUtil.checkToken(token)){
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter writer = null;
try{
String remoteHost = request.getRemoteHost();
String uri = request.getRequestURI();
logger.info(remoteHost + " 访问 " + uri + ", token无效, token:[" + token + "]");
writer = response.getWriter();
writer.print(Result.error(Result.ErrorCode.INVALID_TOKEN));
}catch(IOException e){
logger.error(e.getMessage());
}finally{
if(writer != null){
writer.close();
}
return doResponse(request, response, token, Result.ErrorCode.INVALID_TOKEN);
}else if(sysConfigService.getStateByKey(SysConfigKeyType.SIMULTAN_ONLINE_NUM.getCode())){
//如果已登录的tokenList不包含该token 则报错
String path = request.getServletContext().getContextPath();
SysUser user = (SysUser) RedisUtil.get(token);
List<String> tokenList = (List<String>)RedisUtil.get(user.getId() + path);
if(tokenList!=null && !tokenList.contains(token)){
return doResponse(request, response, token, Result.ErrorCode.KICK_OUT_TOKEN);
}
return false;
}
return HandlerInterceptor.super.preHandle(request,response,handler);
}
private boolean doResponse(HttpServletRequest request, HttpServletResponse response, String token, Result.ErrorCode errorCode) {
response.setCharacterEncoding("UTF-8");
response.setContentType("application/json; charset=utf-8");
PrintWriter writer = null;
try{
String remoteHost = request.getRemoteHost();
String uri = request.getRequestURI();
logger.info(remoteHost + " 访问 " + uri + ", token无效, token:[" + token + "]");
writer = response.getWriter();
writer.print(Result.error(errorCode));
}catch(IOException e){
logger.error(e.getMessage());
}finally{
if(writer != null){
writer.close();
}
}
return false;
}
@Override
public void postHandle(HttpServletRequest request,HttpServletResponse response,Object handler,ModelAndView modelAndView) throws Exception {
System.out.println("LoginInterceptor----------->postHandle");
......
hs-api/src/main/java/com/hs/api/common/utils/AESUtil.java 0 → 100644
package com.hs.api.common.utils;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
public class AESUtil {
public static final String AES_KEY = "edFabJn3ZA==7JVk";//密钥自定义16位
/**
* AES加密+Base64转码
*
* @param data 明文(16进制)
* @return
*/
public static String encrypt(String data) {
byte[] keyb = null;
try {
keyb = AES_KEY.getBytes("utf-8");
} catch (UnsupportedEncodingException e1) {
e1.printStackTrace();
} // 明文
SecretKeySpec sKeySpec = new SecretKeySpec(keyb, "AES");
Cipher cipher = null;
try {
cipher = Cipher.getInstance("AES");
} catch (Exception e) {
e.printStackTrace();
}
try {
cipher.init(Cipher.ENCRYPT_MODE, sKeySpec);
} catch (InvalidKeyException e) {
e.printStackTrace();
}
byte[] bjiamihou = null;
String miwen = "";
try {
bjiamihou = cipher.doFinal(data.getBytes("utf-8"));
// byte加密后
miwen = Base64.encodeBase64String(bjiamihou);// 密文用base64加密
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
}
return miwen;
}
/**
* Base64解码 + AES解码
*
* @param data 密文 (16进制)
* @return
*/
public static String decrypt(String data){
byte[] keyb = null;
try {
keyb = AES_KEY.getBytes("utf-8");
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
byte[] miwen = Base64.decodeBase64(data);
SecretKeySpec sKeySpec = new SecretKeySpec(keyb, "AES");
Cipher cipher = null;
try {
cipher = Cipher.getInstance("AES");
} catch (Exception e) {
e.printStackTrace();
}
try {
cipher.init(Cipher.DECRYPT_MODE, sKeySpec);
} catch (InvalidKeyException e) {
e.printStackTrace();
}
byte[] bjiemihou = null;
String mingwen = "";
try {
bjiemihou = cipher.doFinal(miwen);
// byte加密后
mingwen = new String(bjiemihou,"utf-8");
} catch (Exception e) {
e.printStackTrace();
}
return mingwen;
}
public static void main(String[] args) throws Exception {
// 测试加密工具类
String data = "{\"appCode\":\"portal\",\"createtime\":1592981430336,\"msgContent\":\"这里是通知的正文\",\"msgSignature\":\"中心(Janson)\",\"msgStatus\":0,\"msgTitle\":\"测试通知任务\",\"msgType\":1,\"objectCreateTime\":1592981430322,\"objectId\":\"123123123Id\",\"permission\":0,\"receiveUsers\":\"450503\",\"sendObject\":1,\"status\":0,\"userType\":1}";//明文
String miwen = encrypt(" ");// 加密
System.out.println(miwen);
System.out.println(decrypt(miwen));// 解密
}
}
\ No newline at end of file
hs-api/src/main/java/com/hs/api/common/utils/SessionUtil.java 0 → 100644
package com.hs.api.common.utils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
public class SessionUtil {
public static HttpSession getSession() {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
HttpSession session = request.getSession();
return session;
}
}
hs-api/src/main/java/com/hs/api/controller/LoginController.java
package com.hs.api.controller;
import com.hs.api.common.Result;
import com.hs.api.common.annotations.Audit;
import com.hs.api.common.enums.AuditLogType;
import com.hs.api.model.reqmodel.CodeAndPwd;
import com.hs.api.model.reqmodel.UpdatePass;
import com.hs.api.model.respmodel.LoginInfo;
import com.hs.api.service.LoginService;
import com.hs.api.service.UserService;
import com.hs.common.utils.HttpUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
import springfox.documentation.annotations.ApiIgnore;
import javax.servlet.http.HttpServletRequest;
......@@ -25,7 +25,11 @@ public class LoginController {
@Autowired
private LoginService loginServiceImpl;
@Autowired
private UserService userService;
@PostMapping("login")
@Audit(type = AuditLogType.LOGIN)
@ApiOperation(value = "Result«LoginService.LoginInfo»登录")
public Result login(@RequestBody CodeAndPwd codeAndPwd, HttpServletRequest request) {
String ip = HttpUtil.getIP(request);
......@@ -37,6 +41,14 @@ public class LoginController {
return Result.success(loginInfo);
}
@PostMapping("logout")
@Audit(type = AuditLogType.LOGOUT)
@ApiOperation(value = "Result«LoginService.LoginInfo»登出")
public Result login(HttpServletRequest request) {
LoginInfo loginfo = loginServiceImpl.logout();
return Result.success(loginfo);
}
@PostMapping("pass")
@ApiOperation(value = "修改密码")
public Result updatePass(@RequestBody UpdatePass request) {
......@@ -56,4 +68,11 @@ public class LoginController {
String token = loginServiceImpl.refreshToken(oldToken);
return Result.success(token);
}
@GetMapping("init")
@ApiOperation("批量初始化密码")
public Object init() throws Exception {
int count = userService.init();
return Result.success(count);
}
}
hs-api/src/main/java/com/hs/api/controller/SysConfigController.java
......@@ -26,7 +26,7 @@ public class SysConfigController {
@Token
@ApiOperation("根据key查询系统配置")
public Result<Boolean> sysConfigReq(@RequestBody SysConfigReq sysConfigReq) {
boolean state = sysConfigService.getSysConfigStateByKey(sysConfigReq.getKey());
boolean state = sysConfigService.getStateByKey(sysConfigReq.getKey());
return Result.success(state);
}
}
hs-api/src/main/java/com/hs/api/controller/UserController.java
......@@ -2,8 +2,10 @@ package com.hs.api.controller;
import com.hs.api.common.Constants;
import com.hs.api.common.Result;
import com.hs.api.common.annotations.Audit;
import com.hs.api.common.annotations.CurrentUser;
import com.hs.api.common.annotations.Token;
import com.hs.api.common.enums.AuditLogType;
import com.hs.api.model.SerDepartment;
import com.hs.api.model.SysRole;
import com.hs.api.model.SysUser;
......@@ -12,10 +14,7 @@ import com.hs.api.model.reqmodel.MenuReq;
import com.hs.api.model.reqmodel.ModuleReq;
import com.hs.api.model.respmodel.LoginInfo;
import com.hs.api.model.respmodel.SysMenuList;
import com.hs.api.service.LoginService;
import com.hs.api.service.SysMenuService;
import com.hs.api.service.SysUserOrgRsService;
import com.hs.api.service.SysUserRoleRsService;
import com.hs.api.service.*;
import com.hs.common.utils.RedisUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
......@@ -40,6 +39,9 @@ public class UserController {
@Autowired
private LoginService loginServiceImpl;
@Autowired
private UserService userService;
/**
* 根据token获取用户信息
* @return
......@@ -127,4 +129,16 @@ public class UserController {
List<SerDepartment> sysMenuList = sysUserOrgRsService.getUserOrg(userId, disease.getDisease(), disease.getDate());
return Result.success(sysMenuList);
}
/**
* 初始化用户密码
*
* @return
*/
@PostMapping("init")
@ApiOperation("批量初始化密码")
public Object init() throws Exception {
int count = userService.init();
return Result.success(count);
}
}
hs-api/src/main/java/com/hs/api/mapper/AuditLogMapper.java 0 → 100644
package com.hs.api.mapper;
import com.hs.api.model.AuditLog;
import java.util.List;
public interface AuditLogMapper {
int insert(AuditLog auditLog);
List<AuditLog> getAllAuditLogs();
}
\ No newline at end of file
hs-api/src/main/java/com/hs/api/model/AuditLog.java 0 → 100644
package com.hs.api.model;
import lombok.Getter;
import lombok.Setter;
import org.springframework.stereotype.Component;
import java.util.Date;
@Getter
@Component
public class AuditLog {
private Long id;
@Setter
private Date createDate;
@Setter
private boolean state;
@Setter
private Long userId;
@Setter
private String ip;
@Setter
private int moduleCode;
@Setter
private String operateType;
@Setter
private String describe;
}
hs-api/src/main/java/com/hs/api/model/SysUser.java
......@@ -39,6 +39,8 @@ public class SysUser {
private boolean lockFlag;
private boolean pwdInit;
public Long getId() {
return id;
}
......@@ -186,4 +188,12 @@ public class SysUser {
public void addErrorCount() {
this.errorCount = this.errorCount == null ? 1 : this.errorCount + 1;
}
public boolean getPwdInit() {
return pwdInit;
}
public void setPwdInit(boolean pwdInit) {
this.pwdInit = pwdInit;
}
}
\ No newline at end of file
hs-api/src/main/java/com/hs/api/service/AuditLogService.java 0 → 100644
package com.hs.api.service;
import com.hs.api.common.annotations.Audit;
import com.hs.api.model.AuditLog;
import java.util.List;
public interface AuditLogService{
int add(AuditLog auditLog);
List<AuditLog> getAllAuditLog();
}
hs-api/src/main/java/com/hs/api/service/Impl/AuditLogServiceImpl.java 0 → 100644
package com.hs.api.service.Impl;
import com.hs.api.common.enums.DimType;
import com.hs.api.mapper.AuditLogMapper;
import com.hs.api.mapper.DicDimMapper;
import com.hs.api.mapper.SerDimValueMapper;
import com.hs.api.model.AuditLog;
import com.hs.api.model.DicDim;
import com.hs.api.model.SerDimValue;
import com.hs.api.model.respmodel.DimValue;
import com.hs.api.service.AuditLogService;
import com.hs.api.service.DicDimService;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
@Service
public class AuditLogServiceImpl implements AuditLogService {
@Resource
AuditLogMapper auditLogMapper;
@Override
public int add(AuditLog auditLog) {
int count = auditLogMapper.insert(auditLog);
return count;
}
@Override
public List<AuditLog> getAllAuditLog() {
List<AuditLog> auditLogs = auditLogMapper.getAllAuditLogs();
return auditLogs;
}
}
hs-api/src/main/java/com/hs/api/service/Impl/LoginServiceImpl.java
package com.hs.api.service.Impl;
import com.hs.api.common.Constants;
import com.hs.api.common.enums.SysConfigKeyType;
import com.hs.api.common.exceptions.DBConfigurationError;
import com.hs.api.common.utils.AESUtil;
import com.hs.api.common.utils.DateUtils;
import com.hs.api.common.utils.SessionUtil;
import com.hs.api.common.utils.TokenUtil;
import com.hs.api.mapper.DicOrgMapper;
import com.hs.api.mapper.SysRoleMapper;
......@@ -14,10 +17,16 @@ import com.hs.api.service.LoginService;
import com.hs.api.service.SysConfigService;
import com.hs.api.service.UserService;
import com.hs.common.utils.RedisUtil;
import com.hs.common.utils.StringUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
......@@ -40,6 +49,8 @@ public class LoginServiceImpl implements LoginService {
@Resource
private SysVersionMapper sysVersionMapper;
public final static long FOREVER_DURATION = -1;
@Override
public LoginInfo login(String logName, String password, String macAddrss, String ip) {
......@@ -50,12 +61,12 @@ public class LoginServiceImpl implements LoginService {
if(user.isLockFlag())
throw new DBConfigurationError("该账号已被锁定请联系管理员解锁!");
//判断是否很久没有更改密码
if(sysConfigService.getSysConfigStateByKey(SysConfigKeyType.PWD_TIME_LIMIT.getCode())
if(sysConfigService.getStateByKey(SysConfigKeyType.PWD_TIME_LIMIT.getCode())
&& DateUtils.getDaysBetween(user.getLastUpdatePwdTime(), new Date()) > 90)
throw new DBConfigurationError("您已经超过90天没有更换密码,请修改密码后再登录!");
if (user != null && user.getPassword().equals(password) && (user.getMacAddress() == null || user.getMacAddress().equals(macAddrss))) {
String token = TokenUtil.getToken(password, user);
if (user != null && user.getPassword().equals(AESUtil.encrypt(password)) && (user.getMacAddress() == null || user.getMacAddress().equals(macAddrss))) {
String token = TokenUtil.getToken(AESUtil.encrypt(password), user);
setUserTokenList(token, user);
//修改ip以及最后登录时间、MAC地址
user.setLastIp(ip);
user.setLastTime(new Date());
......@@ -76,6 +87,11 @@ public class LoginServiceImpl implements LoginService {
loginInfo.setDept(deptList != null && deptList.size() > 0 ? deptList.get(0) : null);
}
loginInfo.setOrg(orgList);
HttpSession session = SessionUtil.getSession();
session.setAttribute("userId", user.getId());
session.setAttribute("token", token);
//查询病案信息
SysVersion version = sysVersionMapper.selectLastDate();
loginInfo.setVersion(version);
......@@ -87,9 +103,32 @@ public class LoginServiceImpl implements LoginService {
return loginInfo;
}
//多重并发控制
private void setUserTokenList(String token, SysUser user) {
String value = sysConfigService.getValueByKey(SysConfigKeyType.SIMULTAN_ONLINE_NUM.getCode());
boolean sysConfigStateByKey = sysConfigService.getStateByKey(SysConfigKeyType.SIMULTAN_ONLINE_NUM.getCode());
if(!sysConfigStateByKey) return;
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String path = request.getServletContext().getContextPath();
List<String> tokenList = RedisUtil.get(user.getId() + path) == null?
new ArrayList<>():(List<String>)RedisUtil.get(user.getId() + path);
if(!tokenList.contains(token) && tokenList.size()<Integer.parseInt(value)) {
tokenList.add(token);
RedisUtil.set(user.getId() + path, tokenList, FOREVER_DURATION);
}else if(!tokenList.contains(token)) {
tokenList.remove(0);
tokenList.add(token);
RedisUtil.set(user.getId() + path, tokenList, FOREVER_DURATION);
}
}
private void checkErrorCount(SysUser user) {
String userCode = user.getUserCode();
if(RedisUtil.hasKey(userCode) && Integer.parseInt(RedisUtil.get(userCode).toString())>=5) {
int configTimes = Integer.parseInt(sysConfigService.getValueByKey(SysConfigKeyType.LOGIN_ERROR_TIMES.getCode())) - 1;
if(!sysConfigService.getStateByKey(SysConfigKeyType.LOGIN_ERROR_TIMES.getCode()))
return;
if(RedisUtil.hasKey(userCode)
&& Integer.parseInt(RedisUtil.get(userCode).toString()) >= configTimes) {
user.setLockFlag(true);
sysUserMapper.updateByPrimaryKey(user);
return;
......@@ -101,11 +140,33 @@ public class LoginServiceImpl implements LoginService {
}
}
@Override
public LoginInfo logout() {
LoginInfo loginInfo = new LoginInfo();
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String path = request.getServletContext().getContextPath();
String token = request.getHeader(Constants.TOKEN_KEY);
SysUser user = (SysUser) RedisUtil.get(token);
loginInfo.setUser(user);
if(!token.equals("") && token!=null) {
RedisUtil.del(token);
};
if(user!=null && RedisUtil.get(user.getId() + path)!=null) {
List<String> tokenList = (List<String>)RedisUtil.get(user.getId() + path);
if(tokenList.contains(token))
tokenList.remove(token);
}
return loginInfo;
}
public boolean updatePass(String logName, String oldPassword, String newPassword) {
int result = 0;
SysUser user = userServiceImpl.findByLoginName(logName);
if (user != null && user.getPassword().equals(oldPassword)) {
user.setPassword(newPassword);
if (user != null && user.getPassword().equals(AESUtil.encrypt(oldPassword))) {
user.setPassword(AESUtil.encrypt(newPassword));
user.setLastUpdatePwdTime(new Date());
result = sysUserMapper.updateByPrimaryKey(user);
} else {
......
hs-api/src/main/java/com/hs/api/service/Impl/SysConfigServiceImpl.java
......@@ -14,7 +14,7 @@ public class SysConfigServiceImpl implements SysConfigService {
private SysConfigMapper sysConfigMapper;
@Override
public boolean getSysConfigStateByKey(String key) {
public boolean getStateByKey(String key) {
List<SysConfig> sysConfigList = sysConfigMapper.selectByKey(key);
if(sysConfigList.size()==0) return false;
SysConfig sysConfig = sysConfigList.get(0);
......@@ -22,7 +22,7 @@ public class SysConfigServiceImpl implements SysConfigService {
}
@Override
public String getSysConfigValueSByKey(String key) {
public String getValueByKey(String key) {
List<SysConfig> sysConfigList = sysConfigMapper.selectByKey(key);
if(sysConfigList.size()==0) return null;
SysConfig sysConfig = sysConfigList.get(0);
......
hs-api/src/main/java/com/hs/api/service/Impl/UserServiceImpl.java
package com.hs.api.service.Impl;
import com.hs.api.common.utils.AESUtil;
import com.hs.api.mapper.DicUserMapper;
import com.hs.api.mapper.SysUserMapper;
import com.hs.api.model.SysUser;
......@@ -7,6 +8,7 @@ import com.hs.api.service.UserService;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
@Service
public class UserServiceImpl implements UserService {
......@@ -30,4 +32,18 @@ public class UserServiceImpl implements UserService {
public SysUser findById(Long id) {
return sysUserMapper.selectByPrimaryKey(id);
}
@Override
public int init() {
List<SysUser> sysUsers = sysUserMapper.selectAll();
sysUsers.stream().forEach(user -> {
String password = user.getPassword();
user.setPassword(AESUtil.encrypt(password));
if(!user.getPwdInit()) {
user.setPwdInit(true);
sysUserMapper.updateByPrimaryKey(user);
}
});
return sysUsers.size();
}
}
hs-api/src/main/java/com/hs/api/service/LoginService.java
......@@ -6,6 +6,8 @@ import com.hs.api.model.respmodel.LoginInfo;
public interface LoginService {
LoginInfo login(String logName, String password, String macAddrss, String ip);
LoginInfo logout();
boolean updatePass(String logName, String oldPassword, String newPassword);
String refreshToken(String oldToken);
......
hs-api/src/main/java/com/hs/api/service/SysConfigService.java
......@@ -5,7 +5,7 @@ import com.hs.api.model.DicIndInfo;
import java.util.List;
public interface SysConfigService {
boolean getSysConfigStateByKey(String key);
boolean getStateByKey(String key);
String getSysConfigValueSByKey(String key);
String getValueByKey(String key);
}
hs-api/src/main/java/com/hs/api/service/UserService.java
......@@ -9,5 +9,5 @@ public interface UserService {
SysUser findById(Long id);
int init();
}
hs-api/src/main/resources/mapper/AuditLogMapper.xml 0 → 100644
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.hs.api.mapper.AuditLogMapper">
<resultMap id="BaseResultMap" type="com.hs.api.model.AuditLog">
<id column="ID" jdbcType="DECIMAL" property="id"/>
<result column="CREATE_DATE" jdbcType="TIMESTAMP" property="createDate"/>
<result column="USER_ID" jdbcType="DECIMAL" property="userId"/>
<result column="STATE" jdbcType="BOOLEAN" property="state"/>
<result column="IP" jdbcType="VARCHAR" property="ip"/>
<result column="MODULE_CODE" jdbcType="INTEGER" property="moduleCode"/>
<result column="OPERATE_TYPE" jdbcType="VARCHAR" property="operateType"/>
<result column="DESCRIBE" jdbcType="VARCHAR" property="describe"/>
</resultMap>
<insert id="insert" parameterType="com.hs.api.model.AuditLog">
<selectKey keyProperty="id" order="AFTER" resultType="java.lang.Long">
SELECT LAST_INSERT_ID()
</selectKey>
insert into audit_log (CREATE_DATE, `STATE`,
USER_ID, IP, MODULE_CODE, OPERATE_TYPE, `DESCRIBE`
)
values (#{createDate,jdbcType=TIMESTAMP}, #{state,jdbcType=DECIMAL}, #{userId,jdbcType=DECIMAL},
#{ip,jdbcType=VARCHAR}, #{moduleCode,jdbcType=VARCHAR}, #{operateType,jdbcType=DECIMAL}, #{describe,jdbcType=VARCHAR}
)
</insert>
<select id="selectAll" resultMap="BaseResultMap">
select *
from audit_log
</select>
</mapper>
\ No newline at end of file
hs-api/src/main/resources/mapper/BlockValuesMapper.xml
......@@ -58,8 +58,8 @@
LEFT JOIN report_hos_ind_info rhii ON rhi.IND_CODE = rhii.PARENT_IND_CODE
WHERE
rhi.state = 1
AND rhi.PARENT_IND_CODE = ''
OR rhi.PARENT_IND_CODE IS NULL
AND (rhi.PARENT_IND_CODE = ''
OR rhi.PARENT_IND_CODE IS NULL)
ORDER BY
rhi.xh,
rhii.xh
......
hs-api/src/main/resources/mapper/SysUserMapper.xml
......@@ -20,6 +20,7 @@
<result column="MAC_ADDRESS" jdbcType="VARCHAR" property="macAddress"/>
<result column="LAST_UPDATE_PWD_TIME" jdbcType="TIMESTAMP" property="lastUpdatePwdTime"/>
<result column="LOCK_FLAG" jdbcType="BOOLEAN" property="lockFlag"/>
<result column="PWD_INIT" jdbcType="BOOLEAN" property="pwdInit"/>
</resultMap>
<delete id="deleteByPrimaryKey" parameterType="java.lang.Long">
delete
......@@ -59,7 +60,8 @@
LAST_IP = #{lastIp,jdbcType=VARCHAR},
MAC_ADDRESS = #{macAddress,jdbcType=VARCHAR},
LAST_UPDATE_PWD_TIME = #{lastUpdatePwdTime,jdbcType=VARCHAR},
LOCK_FLAG = #{lockFlag,jdbcType=VARCHAR}
LOCK_FLAG = #{lockFlag,jdbcType=BOOLEAN},
PWD_INIT = #{pwdInit,jdbcType=BOOLEAN}
where ID = #{id,jdbcType=DECIMAL}
</update>
<select id="selectByPrimaryKey" parameterType="java.lang.Long" resultMap="BaseResultMap">
......@@ -98,7 +100,8 @@
ERROR_TIME,
LAST_TIME,
LAST_IP,
MAC_ADDRESS
MAC_ADDRESS,
PWD_INIT
from SYS_USER
</select>
<select id="selectByCode" resultMap="BaseResultMap">
......
hs-api/src/test/java/com/hs/api/service/BlockValuesServiceTest.java
......@@ -40,7 +40,7 @@ public class BlockValuesServiceTest {
@Test
public void testBlockState() {
boolean state = sysConfigService.getSysConfigStateByKey("CASE_LIST");
boolean state = sysConfigService.getStateByKey("CASE_LIST");
System.out.println(state);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment