diff --git a/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java b/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java index 7f3dec5314..7559bad559 100644 --- a/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java +++ b/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java @@ -23,7 +23,10 @@ import java.io.Serializable; @Data public class PasswordDTO implements Serializable { private static final long serialVersionUID = 1L; - + /** + * 旧密码 + */ + private String oldPassword; @NotBlank(message="{sysuser.password.require}") private String password; diff --git a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java index 43b2719dc8..a3a36c9588 100644 --- a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java +++ b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java @@ -1,6 +1,7 @@ package com.epmet.controller; import com.epmet.auth.dto.result.BlockChainStaffAuthResultDTO; +import com.epmet.commons.tools.constant.NumConstant; import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; @@ -9,6 +10,7 @@ import com.epmet.dto.form.GovWebLoginFormDTO; import com.epmet.dto.result.UserTokenResultDTO; import com.epmet.service.GovWebService; import lombok.extern.slf4j.Slf4j; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.PostMapping; @@ -44,10 +46,14 @@ public class GovWebController { ValidatorUtils.validateEntity(formDTO); try { - if (formDTO.getPassword().length() > 50) { + if (StringUtils.isNotBlank(formDTO.getPassword())&&formDTO.getPassword().length() > NumConstant.FIFTY) { String newPassword = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey); formDTO.setPassword(newPassword); } + if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > NumConstant.FIFTY) { + String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey); + formDTO.setPhone(phone); + } } catch (Exception e) { log.error("method exception", e); diff --git a/epmet-auth/src/main/java/com/epmet/controller/LoginController.java b/epmet-auth/src/main/java/com/epmet/controller/LoginController.java index 36c4d2a8d0..08e40eb99d 100644 --- a/epmet-auth/src/main/java/com/epmet/controller/LoginController.java +++ b/epmet-auth/src/main/java/com/epmet/controller/LoginController.java @@ -1,8 +1,10 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; +import com.epmet.commons.tools.constant.NumConstant; import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.security.dto.TokenDto; +import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; import com.epmet.commons.tools.validator.ValidatorUtils; @@ -15,6 +17,7 @@ import com.epmet.service.LoginService; import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.*; import javax.imageio.ImageIO; @@ -36,6 +39,8 @@ import java.util.Arrays; @RestController @RequestMapping("login") public class LoginController { + @Value("${epmet.login.privateKey}") + private String privateKey; @Autowired private CaptchaService captchaService; @@ -90,11 +95,23 @@ public class LoginController { * @Date 2020/3/14 19:46 **/ @PostMapping("/operweb/loginbypassword") - public Result loginByPassword(@RequestBody LoginByPassWordFormDTO formDTO) { + public Result loginByPassword(@RequestBody LoginByPassWordFormDTO formDTO) throws Exception { //效验数据 ValidatorUtils.validateEntity(formDTO); - Result result = loginService.loginByPassword(formDTO); - return result; + //解密密码 + if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > NumConstant.FIFTY) { + String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey); + formDTO.setPhone(phone); + } + if (StringUtils.isNotBlank(formDTO.getMobile())&&formDTO.getMobile().length() > NumConstant.FIFTY) { + String phone = RSASignature.decryptByPrivateKey(formDTO.getMobile(), privateKey); + formDTO.setMobile(phone); + } + if (StringUtils.isNotBlank(formDTO.getPassword())&&formDTO.getPassword().length() > NumConstant.FIFTY) { + String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey); + formDTO.setPassword(confirmNewPassWord); + } + return loginService.loginByPassword(formDTO); } /** diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java new file mode 100644 index 0000000000..62faa45150 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java @@ -0,0 +1,24 @@ +package com.epmet.commons.tools.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HasOperPermissionFormDTO { + + /** + * uri + */ + @NotBlank(message = "uri不能为空") + private String uri; + + /** + * http方法 + */ + @NotBlank(message = "请求http方法不能为空") + private String method; + + @NotBlank(message = "操作者ID不能为空") + private String operId; +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java new file mode 100644 index 0000000000..632f013746 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java @@ -0,0 +1,13 @@ +package com.epmet.commons.tools.dto.result; + +import lombok.Data; + +@Data +public class OperResouce { + + private String userId; + private String resourceUrl; + private String ResourceMethod; + + +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java new file mode 100644 index 0000000000..15f76dcb62 --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java @@ -0,0 +1,46 @@ +package com.epmet.commons.tools.feign; + +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; +import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory; +import com.epmet.commons.tools.utils.Result; +import org.springframework.cloud.openfeign.FeignClient; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; + +import java.util.List; + +/** + * @Description 运营端权限模块 + * @Author yinzuomei + * @Date 2020/5/21 15:17 本服务对外开放的API,其他服务通过引用此client调用该服务 + */ +@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class) +//@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class, url = "http://localhost:8093") +public interface CommonOperAccessOpenFeignClient { + /** + * @param + * @return com.epmet.commons.tools.utils.Result + * @Author yinzuomei + * @Description 清空运营人员权限信息、菜单信息 + * @Date 2020/5/21 17:08 + **/ + @GetMapping("/oper/access/menu/clearoperuseraccess") + Result clearOperUserAccess(); + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("/oper/access/menu/hasPermission") + Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("/oper/access/menu/getExamineResourceUrls") + Result> getExamineResourceUrls(); +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java new file mode 100644 index 0000000000..ba047f1ada --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java @@ -0,0 +1,35 @@ +package com.epmet.commons.tools.feign.fallback; + +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.utils.ModuleUtils; +import com.epmet.commons.tools.utils.Result; + +import java.util.List; + +/** + * @Description 运营端权限模块 + * @Author yinzuomei + * @Date 2020/5/21 15:47 + */ +//@Component +public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccessOpenFeignClient { + @Override + public Result clearOperUserAccess() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess"); + + } + + @Override + public Result hasOperPermission(HasOperPermissionFormDTO form) { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); + } + + @Override + public Result> getExamineResourceUrls() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls"); + } +} + diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java new file mode 100644 index 0000000000..d62f24900c --- /dev/null +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java @@ -0,0 +1,19 @@ +package com.epmet.commons.tools.feign.fallback; + +import com.epmet.commons.tools.exception.ExceptionUtils; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import feign.hystrix.FallbackFactory; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +@Component +@Slf4j +public class CommonOperAccessOpenFeignClientFallbackFactory implements FallbackFactory { + private CommonOperAccessOpenFeignClientFallback fallback = new CommonOperAccessOpenFeignClientFallback(); + + @Override + public CommonOperAccessOpenFeignClient create(Throwable cause) { + log.error(String.format("FeignClient调用发生异常,异常信息:%s", ExceptionUtils.getThrowableErrorStackTrace(cause))); + return fallback; + } +} diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java index ac55205beb..c09f13f2f4 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java @@ -889,4 +889,25 @@ public class RedisKeys { public static String getDingMiniInfoKey(String suiteKey) { return rootPrefix.concat("ding:miniInfo:" + suiteKey); } + + /** + * 运营人员-资源权限 + * @param operId + * @return + */ + public static String operResourcesBaseDir() { + return rootPrefix.concat("oper:access:resources:"); + } + + public static String operResourcesByUserId(String operId) { + return operResourcesBaseDir().concat(operId); + } + + /** + * 获取需要检查的资源url + * @return + */ + public static String getOperExamineResourceUrls() { + return rootPrefix.concat("oper:access:examineresources"); + } } diff --git a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java index d7a685b2f2..fdae188e6b 100644 --- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java +++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java @@ -37,6 +37,43 @@ public class PasswordUtils { return passwordEncoder.matches(str, password); } + /** + * desc:校验密码规则是否 + * 校验密码规则:密码必须8-20个字符,而且同时包含大小写字母和数字 + * @param password + * @return + */ + public static boolean checkPassWordRule(String password) { + boolean flag=false; + if(password.length()<8||password.length()>20){ + return flag; + } + boolean numFlag=false; + boolean bigLetter=false; + boolean smallLetter=false; + char[] passwordArray = password.toCharArray(); + for(int i=0;i < passwordArray.length;i++) { + char currentStr=passwordArray[i]; + // 判断ch是否是数字字符,如'1','2‘,是返回true。否则返回false + if(Character.isDigit(currentStr)){ + numFlag=true; + continue; + } + // 判断ch是否是字母字符,如'a','b‘,是返回true。否则返回false + if(Character.isUpperCase(currentStr)){ + bigLetter=true; + continue; + } + if(Character.isLowerCase(currentStr)){ + smallLetter=true; + } + } + if(numFlag&&bigLetter&&smallLetter){ + flag=true; + } + return flag; + } + public static void main(String[] args) { String str = "wangqing"; diff --git a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java index cf7493a300..399f574dd9 100644 --- a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java +++ b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java @@ -8,9 +8,15 @@ package com.epmet; +import com.alibaba.fastjson.JSON; import com.epmet.commons.tools.aspect.ServletExceptionHandler; import com.epmet.commons.tools.config.RedissonConfig; import com.epmet.commons.tools.config.ThreadDispatcherConfig; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; +import com.epmet.filter.CpProperty; +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.cloud.client.discovery.EnableDiscoveryClient; @@ -18,6 +24,9 @@ import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.FilterType; +import javax.annotation.PostConstruct; +import java.util.List; + /** * 网关服务 * @@ -31,7 +40,24 @@ import org.springframework.context.annotation.FilterType; @ComponentScan(basePackages = {"com.epmet.*"}, excludeFilters = @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = {RedissonConfig.class, ThreadDispatcherConfig.class, ServletExceptionHandler.class})) public class GatewayApplication { + @Autowired + private CpProperty cpProperty; + + @Autowired + private RedisUtils redisUtils; + public static void main(String[] args) { SpringApplication.run(GatewayApplication.class, args); } + + /** + * 初始化运营端校验资源列表 + */ +// @PostConstruct +// public void initOperExamineResources() { +// if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) { +// List operExamineResourceUrls = cpProperty.getOperExamineResourceUrls(); +// redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls)); +// } +// } } diff --git a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java index 305bf2b3a4..c857f97159 100644 --- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java +++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java @@ -1,11 +1,22 @@ package com.epmet.auth; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.constant.Constant; +import com.epmet.commons.tools.constant.ServiceConstant; +import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO; +import com.epmet.commons.tools.dto.result.OperResouce; import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.RenException; +import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient; +import com.epmet.commons.tools.feign.ResultDataResolver; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.BaseTokenDto; import com.epmet.commons.tools.utils.CpUserDetailRedis; +import com.epmet.commons.tools.utils.Result; import com.epmet.filter.CpProperty; import com.epmet.jwt.JwtTokenUtils; import io.jsonwebtoken.Claims; @@ -15,18 +26,20 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import org.springframework.web.server.ServerWebExchange; import java.util.Date; +import java.util.List; /** * 内部认证处理器 */ @Component -public class InternalAuthProcessor extends AuthProcessor { +public class InternalAuthProcessor extends AuthProcessor implements ResultDataResolver { private Logger logger = LoggerFactory.getLogger(getClass()); @@ -41,6 +54,12 @@ public class InternalAuthProcessor extends AuthProcessor { @Autowired private CpProperty cpProperty; + @Autowired + private CommonOperAccessOpenFeignClient operAccessOpenFeignClient; + + @Autowired + private RedisUtils redisUtils; + @Override public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); @@ -104,10 +123,59 @@ public class InternalAuthProcessor extends AuthProcessor { builder.header(AppClientConstant.CUSTOMER_ID, customerId); } + // 针对运营端的url拦截和校验 + if (AppClientConstant.APP_OPER.equals(app)) { + HttpMethod method = request.getMethod(); + Boolean hasAccess = checkRequestOperResource(userId, requestUri, method.toString()); + if (!hasAccess) { + throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权"); + } + } + ServerHttpRequest shr = builder.build(); return exchange.mutate().request(shr).build(); } + /** + * 校验运营端用户是否有权访问该资源 + * @param uri + * @param method + * @return + */ + private Boolean checkRequestOperResource(String userId, String uri, String method) { + String resourceJsonString = redisUtils.getString(RedisKeys.getOperExamineResourceUrls()); + List resources = JSON.parseObject(resourceJsonString, new TypeReference>() {}); + + if (resources == null) { + // redis中没有缓存,需要api获取 + resources = getResultDataOrThrowsException(operAccessOpenFeignClient.getExamineResourceUrls(), ServiceConstant.OPER_ACCESS_SERVER, + EpmetErrorCode.SERVER_ERROR.getCode(), "调用operaccess获取要校验的资源失败", "调用operaccess获取要校验的资源失败"); + + // 缓存 + redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(resources)); + } + + for (OperResouce resource : resources) { + if (antPathMatcher.match(resource.getResourceUrl(), uri) + && resource.getResourceMethod().equals(method)) { + + //需要校验权限的url + HasOperPermissionFormDTO form = new HasOperPermissionFormDTO(); + form.setUri(uri); + form.setMethod(method); + form.setOperId(userId); + Result result = operAccessOpenFeignClient.hasOperPermission(form); + if (result == null || !result.success()) { + return false; + } + return true; + } + } + + // 如果当前请求url不需要校验权限,那么返回true + return true; + } + /** * 是否需要认证 * @param requestUri diff --git a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java index 2ea01e1c32..71dce075fe 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java @@ -42,4 +42,15 @@ public class CpProperty { */ private List swaggerUrls; + /** + * 运营端,需要校验的url资源列表 + */ + private List operExamineResourceUrls; + + @Data + public static class OperExamineResource { + private String resourceUrl; + private String resourceMethod; + } + } diff --git a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java index 7cca3c4b36..ea02f75376 100644 --- a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java +++ b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java @@ -5,6 +5,7 @@ import com.epmet.auth.ExternalAuthProcessor; import com.epmet.auth.InternalAuthProcessor; import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.EpmetErrorCode; +import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.utils.IpUtils; @@ -64,6 +65,10 @@ public class EpmetGatewayFilter implements GatewayFilter { } return doFilter(exchange, chain); + } catch (EpmetException re) { + // 人为抛出,则携带错误码和错误信息响应给前端 + log.error("EpmetGatewayFilter认证出错RenException,错误信息:{}", ExceptionUtils.getErrorStackTrace(re)); + return response(exchange, new Result<>().error(re.getCode(), re.getMessage())); } catch (RenException re) { // 人为抛出,则携带错误码和错误信息响应给前端 log.error("EpmetGatewayFilter认证出错RenException,错误信息:{}", ExceptionUtils.getErrorStackTrace(re)); diff --git a/epmet-gateway/src/main/resources/bootstrap-urls.yml b/epmet-gateway/src/main/resources/bootstrap-urls.yml new file mode 100644 index 0000000000..dded0b1b86 --- /dev/null +++ b/epmet-gateway/src/main/resources/bootstrap-urls.yml @@ -0,0 +1,5 @@ +epmet: + oper-examine-resource-urls: + # 角色编辑 + - resourceUrl: /oper/access/operrole + resourceMethod: PUT \ No newline at end of file diff --git a/epmet-gateway/src/main/resources/bootstrap.yml b/epmet-gateway/src/main/resources/bootstrap.yml index bfc3d86130..483f545f43 100644 --- a/epmet-gateway/src/main/resources/bootstrap.yml +++ b/epmet-gateway/src/main/resources/bootstrap.yml @@ -12,6 +12,7 @@ spring: name: epmet-gateway-server #环境 dev|test|prod profiles: + include: urls active: @spring.profiles.active@ messages: encoding: UTF-8 diff --git a/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java b/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java index cbd2797bfb..1906e0a192 100644 --- a/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java +++ b/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java @@ -13,6 +13,10 @@ import java.io.Serializable; @Data public class UploadImgResultDTO implements Serializable { private String url; + /** + * 原始文件名 + */ + private String fileName; /** * 域名 */ diff --git a/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java b/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java index d55751762c..140d57ead6 100644 --- a/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java +++ b/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java @@ -279,6 +279,7 @@ public class OssServiceImpl extends BaseServiceImpl implement UploadImgResultDTO dto = new UploadImgResultDTO(); dto.setUrl(url); dto.setDomain(ossDomain); + dto.setFileName(file.getOriginalFilename()); return new Result().ok(dto); } diff --git a/epmet-module/epmet-third/epmet-third-server/src/main/test/java/com/epmet/ThirdPlatformTest.java b/epmet-module/epmet-third/epmet-third-server/src/main/test/java/com/epmet/ThirdPlatformTest.java index 02c064c0de..bdf6b6edff 100644 --- a/epmet-module/epmet-third/epmet-third-server/src/main/test/java/com/epmet/ThirdPlatformTest.java +++ b/epmet-module/epmet-third/epmet-third-server/src/main/test/java/com/epmet/ThirdPlatformTest.java @@ -24,7 +24,7 @@ public class ThirdPlatformTest { @Test public void sendText(){ - DingTalkResult appAccessTokenToken = dingTalkClientToken.getAppAccessTokenToken(); + DingTalkResult appAccessTokenToken = dingTalkClientToken.getAppAccessTokenToken("123123123","234234234"); System.out.println("=======:"+JSON.toJSONString(appAccessTokenToken)); } } diff --git a/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java b/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java index 7fe2d7bf6c..755a12a89a 100644 --- a/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java +++ b/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java @@ -22,6 +22,10 @@ public class StaffResetPassWordFormDTO implements Serializable { public interface AddUserShowGroup extends CustomerClientShowGroup { } + /** + * 旧密码 + */ + private String oldPassword; @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class}) private String newPassword; @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class}) diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java index cc9a8c9e94..3191db2685 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java @@ -2,12 +2,15 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; import com.epmet.commons.tools.security.dto.TokenDto; +import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.ValidatorUtils; import com.epmet.dto.form.StaffResetPassWordFormDTO; import com.epmet.dto.result.MineResultDTO; import com.epmet.service.MineService; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -21,6 +24,8 @@ import org.springframework.web.bind.annotation.RestController; @RestController @RequestMapping("mine") public class MineController { + @Value("${epmet.login.privateKey}") + private String privateKey; @Autowired private MineService mineService; @@ -45,9 +50,27 @@ public class MineController { * @Date 2020/7/1 9:59 **/ @PostMapping("resetpassword") - public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) { + public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) throws Exception { formDTO.setStaffId(tokenDto.getUserId()); ValidatorUtils.validateEntity(formDTO, StaffResetPassWordFormDTO.AddUserShowGroup.class, StaffResetPassWordFormDTO.AddUserInternalGroup.class); + //解密密码 + if (formDTO.getConfirmNewPassword().length() > 50) { + String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getConfirmNewPassword(), privateKey); + String newPassword = RSASignature.decryptByPrivateKey(formDTO.getNewPassword(), privateKey); + formDTO.setConfirmNewPassword(confirmNewPassWord); + formDTO.setNewPassword(newPassword); + if (StringUtils.isNotBlank(formDTO.getOldPassword())){ + String oldPassWord = RSASignature.decryptByPrivateKey(formDTO.getOldPassword(), privateKey); + formDTO.setOldPassword(oldPassWord); + } + } return mineService.resetPassword(formDTO); } + + public static void main(String[] args) throws Exception { + String p= "R16c3yJqCMyRFTxElBeBexTVlW1GArItaVqEEyF3o3jXVwq0G08ck8wEdBAEyQI1y4uCsw3UBgx1mqiMbIfvdg=="; + String privateKey= "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N"; + String newPassword = RSASignature.decryptByPrivateKey(p, privateKey); + System.out.println(newPassword); + } } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java index 77c8502971..44fb7f61a4 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java +++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java @@ -5,6 +5,7 @@ import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.security.dto.TokenDto; +import com.epmet.commons.tools.security.password.PasswordUtils; import com.epmet.commons.tools.utils.Result; import com.epmet.dto.form.StaffInfoFromDTO; import com.epmet.dto.form.StaffResetPassWordFormDTO; @@ -50,7 +51,7 @@ public class MineServiceImpl implements MineService { throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode()); } //2、校验密码规则:密码必须8-20个字符,而且同时包含大小写字母和数字 - boolean flag=this.checkPassWord(formDTO.getNewPassword()); + boolean flag= PasswordUtils.checkPassWordRule(formDTO.getNewPassword()); if(!flag){ throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode()); } @@ -59,50 +60,15 @@ public class MineServiceImpl implements MineService { staffResetPwFormDTO.setNewPassword(formDTO.getNewPassword()); staffResetPwFormDTO.setConfirmNewPassword(formDTO.getConfirmNewPassword()); staffResetPwFormDTO.setStaffId(formDTO.getStaffId()); + staffResetPwFormDTO.setOldPassword(formDTO.getOldPassword()); Result updatePassWordResult=epmetUserOpenFeignClient.resetStaffPassword(staffResetPwFormDTO); if(updatePassWordResult.success()){ logger.info(String.format("调用%s服务,修改密码成功", ServiceConstant.EPMET_USER_SERVER)); }else{ logger.warn(String.format("调用%s服务,修改密码失败,返参:%s", ServiceConstant.EPMET_USER_SERVER, JSON.toJSONString(updatePassWordResult))); - return new Result().error(EpmetErrorCode.PASSWORD_UPDATE_FAILED.getCode()); + return new Result().error(EpmetErrorCode.PASSWORD_UPDATE_FAILED.getCode(),updatePassWordResult.getMsg()); } return new Result(); } - - private boolean checkPassWord(String password) { - boolean flag=false; - if(password.length()<8||password.length()>20){ - logger.warn(String.format("密码长度应为8-20位,当前输入密码%s,长度为%s",password,password.length())); - return flag; - } - boolean numFlag=false; - boolean bigLetter=false; - boolean smallLetter=false; - char[] passwordArray = password.toCharArray(); - for(int i=0;i < passwordArray.length;i++) { - char currentStr=passwordArray[i]; - logger.info(String.format("当前字符%s",currentStr)); - // 判断ch是否是数字字符,如'1','2‘,是返回true。否则返回false - if(Character.isDigit(currentStr)){ - numFlag=true; - continue; - } - // 判断ch是否是字母字符,如'a','b‘,是返回true。否则返回false - if(Character.isUpperCase(currentStr)){ - bigLetter=true; - continue; - } - if(Character.isLowerCase(currentStr)){ - smallLetter=true; - continue; - } - } - if(numFlag&&bigLetter&&smallLetter){ - flag=true; - }else{ - logger.warn(String.format("当前密码%s,是否包含数字%s,是否包含大写字母%s,是否包含小写字母%s",password,numFlag,bigLetter,smallLetter)); - } - return flag; - } } diff --git a/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml b/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml index 88eabe8772..0537c64f52 100644 --- a/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml +++ b/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml @@ -119,3 +119,8 @@ thread: keepAliveSeconds: @thread.threadPool.keep-alive-seconds@ threadNamePrefix: @thread.threadPool.thread-name-prefix@ rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@ +epmet: + login: + publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ== + privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N + diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java new file mode 100644 index 0000000000..0284894e54 --- /dev/null +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java @@ -0,0 +1,24 @@ +package com.epmet.dto.form; + +import lombok.Data; + +import javax.validation.constraints.NotBlank; + +@Data +public class HasOperPermissionFormDTO { + + /** + * uri + */ + @NotBlank(message = "uri不能为空") + private String uri; + + /** + * http方法 + */ + @NotBlank(message = "请求http方法不能为空") + private String method; + + @NotBlank(message = "操作者ID不能为空") + private String operId; +} diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java new file mode 100644 index 0000000000..5867da40ef --- /dev/null +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java @@ -0,0 +1,13 @@ +package com.epmet.dto.result; + +import lombok.Data; + +@Data +public class OperResouce { + + private String userId; + private String resourceUrl; + private String ResourceMethod; + + +} diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java index 9e5a1b0771..6bae396ae4 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java @@ -2,9 +2,12 @@ package com.epmet.feign; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.feign.fallback.OperAccessOpenFeignClientFallbackFactory; import org.springframework.cloud.openfeign.FeignClient; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; /** * @Description 运营端权限模块 @@ -23,4 +26,18 @@ public interface OperAccessOpenFeignClient { **/ @GetMapping("/oper/access/menu/clearoperuseraccess") Result clearOperUserAccess(); + + /** + * 是否有该接口的权限 + * @return + */ + @PostMapping("/oper/access/menu/hasPermission") + Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form); + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("/oper/access/menu/getExamineResourceUrls") + Result getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java index 46c4b182eb..0f20298bfa 100644 --- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java +++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java @@ -3,6 +3,7 @@ package com.epmet.feign.fallback; import com.epmet.commons.tools.constant.ServiceConstant; import com.epmet.commons.tools.utils.ModuleUtils; import com.epmet.commons.tools.utils.Result; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.feign.OperAccessOpenFeignClient; /** @@ -17,5 +18,15 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess"); } + + @Override + public Result hasOperPermission(HasOperPermissionFormDTO form) { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission"); + } + + @Override + public Result getExamineResourceUrls() { + return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls"); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java index 63fc7d61df..c04455b92e 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java @@ -1,9 +1,11 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; +import com.epmet.commons.tools.constant.AppClientConstant; import com.epmet.commons.tools.exception.ErrorCode; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; +import com.epmet.commons.tools.utils.EpmetRequestHolder; import com.epmet.commons.tools.utils.ExcelUtils; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; @@ -12,7 +14,9 @@ import com.epmet.commons.tools.validator.group.AddGroup; import com.epmet.commons.tools.validator.group.DefaultGroup; import com.epmet.commons.tools.validator.group.UpdateGroup; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.form.HasOperPermissionFormDTO; import com.epmet.dto.result.MenuResourceDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.excel.OperMenuExcel; import com.epmet.service.OperMenuService; import com.epmet.service.OperResourceService; @@ -53,7 +57,7 @@ public class OperMenuController { //菜单资源列表 List resourceList = operResourceService.getMenuResourceList(id); - + data.setResourceList(resourceList); return new Result().ok(data); } @@ -161,4 +165,37 @@ public class OperMenuController { operMenuService.clearOperUserAccess(tokenDto.getApp(), tokenDto.getClient(), tokenDto.getUserId()); return new Result(); } + + /** + * 改运营人员是否有该接口的权限 + * @return + */ + @PostMapping("hasPermission") + public Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form) { + ValidatorUtils.validateEntity(form); + String uri = form.getUri(); + String method = form.getMethod(); + + // if (!AppClientConstant.APP_OPER.equals(loginUserApp)) { + //// 只校验运营端,其他都返回true + // return new Result(); + // } + + Boolean isMathe = operMenuService.hasOperPermission(uri, method, form.getOperId()); + if (isMathe){ + return new Result(); + } else { + return new Result().error(); + } + } + + /** + * 需要验证的菜单资源 + * @return + */ + @PostMapping("getExamineResourceUrls") + public Result getExamineResourceUrls() { + List resources = operMenuService.getExamineResourceUrls(); + return new Result().ok(resources); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java index 2858a76f24..4e38620c38 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java @@ -9,6 +9,7 @@ package com.epmet.dao; import com.epmet.commons.mybatis.dao.BaseDao; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import org.apache.ibatis.annotations.Mapper; import org.apache.ibatis.annotations.Param; @@ -49,4 +50,8 @@ public interface OperMenuDao extends BaseDao { * @param pid 父菜单ID */ List getListPid(String pid); + + List getOperResourcesByUserId(String operId); + + List getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java index f1b568f33a..4173845149 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java @@ -17,10 +17,13 @@ package com.epmet.redis; +import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.TypeReference; import com.epmet.commons.tools.redis.RedisKeys; import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.utils.HttpContextUtils; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.result.OperResouce; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -71,4 +74,25 @@ public class OperMenuRedis { return (Set)redisUtils.get(key); } + public List getOperResourcesByUserId(String operId) { + String key = RedisKeys.operResourcesByUserId(operId); + String json = redisUtils.getString(key); + return JSON.parseObject(json, new TypeReference>(){}); + } + + public void setOperResourcesByUserId(String operId, List resouces) { + String key = RedisKeys.operResourcesByUserId(operId); + String jsonString = JSON.toJSONString(resouces); + redisUtils.setString(key, jsonString); + } + + /** + * 运营端用户资源删除 + * @param operId + * @param resouces + */ + public void deleteOperResourcesByUserId(String operId) { + String key = RedisKeys.operResourcesByUserId(operId); + redisUtils.delete(key); + } } \ No newline at end of file diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java index 54e3a58067..a56dffb0ac 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java @@ -21,6 +21,7 @@ import com.epmet.commons.mybatis.service.BaseService; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.dto.OperMenuDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import java.util.List; @@ -141,4 +142,8 @@ public interface OperMenuService extends BaseService { List getListPid(String pid); void clearOperUserAccess(String app, String client, String userId); + + Boolean hasOperPermission(String uri, String method, String loginUserId); + + List getExamineResourceUrls(); } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java index d83970486c..47667c980f 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java @@ -24,8 +24,11 @@ import com.epmet.commons.tools.constant.Constant; import com.epmet.commons.tools.constant.FieldConstant; import com.epmet.commons.tools.enums.SuperAdminEnum; import com.epmet.commons.tools.exception.ErrorCode; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.HttpContextUtils; @@ -34,6 +37,7 @@ import com.epmet.commons.tools.utils.TreeUtils; import com.epmet.dao.OperMenuDao; import com.epmet.dto.OperMenuDTO; import com.epmet.dto.OperUserDTO; +import com.epmet.dto.result.OperResouce; import com.epmet.entity.OperMenuEntity; import com.epmet.enums.MenuTypeEnum; import com.epmet.feign.EpmetUserFeignClient; @@ -48,6 +52,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import org.springframework.util.AntPathMatcher; import java.util.*; @@ -70,6 +75,10 @@ public class OperMenuServiceImpl extends BaseServiceImpl page(Map params) { @@ -112,6 +121,13 @@ public class OperMenuServiceImpl extends BaseServiceImpl operUserDTOResult = epmetUserFeignClient.info(operId); + if(!operUserDTOResult.success()||null==operUserDTOResult.getData()){ + logger.error("查询运营人员信息失败:operId:{}", operId); + return false; + } + + //系统管理员,拥有最高权限 + if(operUserDTOResult.getData().getSuperAdmin() == SuperAdminEnum.YES.value()){ + return true; + } + + // 不是系统管理员再具体查询 + List resouces = operMenuRedis.getOperResourcesByUserId(operId); + if (resouces == null) { + resouces = baseDao.getOperResourcesByUserId(operId); + operMenuRedis.setOperResourcesByUserId(operId, resouces); + } + + return pathMatcher(uri, method, resouces); + } + + private boolean pathMatcher(String requestUri, String method, List resources){ + for (OperResouce resource : resources) { + String resourceUrl = resource.getResourceUrl(); + String resourceMethod = resource.getResourceMethod(); + +// 路径匹配 && http方法 匹配 + if(antPathMatcher.match(resourceUrl, requestUri) && resourceMethod.equals(method)){ + return true; + } + } + return false; + } + + @Override + public List getExamineResourceUrls() { + return baseDao.getExamineResourceUrls(); + } } diff --git a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java index 7af5d774c6..e9d80b6399 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java +++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java @@ -21,7 +21,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.epmet.commons.mybatis.service.impl.BaseServiceImpl; import com.epmet.commons.tools.constant.FieldConstant; +import com.epmet.commons.tools.exception.ExceptionUtils; import com.epmet.commons.tools.page.PageData; +import com.epmet.commons.tools.redis.RedisKeys; +import com.epmet.commons.tools.redis.RedisUtils; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.dao.OperRoleDao; import com.epmet.dto.OperRoleDTO; @@ -30,6 +33,7 @@ import com.epmet.redis.OperRoleRedis; import com.epmet.service.OperRoleMenuService; import com.epmet.service.OperRoleService; import com.epmet.service.OperRoleUserService; +import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -46,6 +50,7 @@ import java.util.Map; * @since v1.0.0 2020-03-18 */ @Service +@Slf4j public class OperRoleServiceImpl extends BaseServiceImpl implements OperRoleService { @Autowired @@ -55,6 +60,9 @@ public class OperRoleServiceImpl extends BaseServiceImpl page(Map params) { IPage page = baseDao.selectPage( @@ -93,6 +101,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl select t3.*, (select lang.field_value from oper_language lang where lang.table_name='oper_menu' and lang.field_name='name' and lang.table_id=t3.id and lang.language=#{language}) as name from oper_role_user t1 - left join oper_role_menu t2 on t1.role_id = t2.role_id - left join oper_menu t3 on t2.menu_id = t3.id - where t1.user_id = #{userId} and t3.del_flag = 0 + left join oper_role_menu t2 on (t1.role_id = t2.role_id AND t2.del_flag = 0) + left join oper_menu t3 on (t2.menu_id = t3.id) + where t1.user_id = #{userId} AND t1.del_flag = 0 and t3.del_flag = 0 and t2.DEL_FLAG = 0 and t3.type = #{type} @@ -39,4 +39,22 @@ select * from oper_menu where del_flag = 0 and pid = #{value} + + + + diff --git a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml index b9075fceda..17f9602254 100644 --- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml +++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml @@ -4,7 +4,7 @@ diff --git a/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java b/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java index 9d21502254..f3ecdc99c0 100644 --- a/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java +++ b/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java @@ -22,7 +22,10 @@ public class StaffResetPwFormDTO implements Serializable { public interface AddUserShowGroup extends CustomerClientShowGroup { } - + /** + * 旧密码 + */ + private String oldPassword; @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class}) private String newPassword; @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class}) diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java index 293b925353..6c9d46dbb5 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java @@ -26,6 +26,7 @@ import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.security.user.LoginUserUtil; import com.epmet.commons.tools.utils.ExcelUtils; +import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; import com.epmet.commons.tools.validator.ValidatorUtils; @@ -39,7 +40,9 @@ import com.epmet.excel.CustomerStaffExcel; import com.epmet.feign.EpmetMessageOpenFeignClient; import com.epmet.send.SendMqMsgUtil; import com.epmet.service.CustomerStaffService; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletResponse; @@ -57,7 +60,8 @@ import java.util.Map; @RestController @RequestMapping("customerstaff") public class CustomerStaffController { - + @Value("${epmet.login.privateKey}") + private String privateKey; @Autowired private CustomerStaffService customerStaffService; @Autowired @@ -500,7 +504,12 @@ public class CustomerStaffController { * @Date 10:03 2020-08-25 **/ @PostMapping(value = "customerlist") - public Result> customerList(@RequestBody CustomerListFormDTO formDTO){ + public Result> customerList(@RequestBody CustomerListFormDTO formDTO) throws Exception { + //解密密码 + if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > 50) { + String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey); + formDTO.setPhone(phone); + } return customerStaffService.selectCustomerList(formDTO); } diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java index 02d15a0b46..a1c2ceb6e8 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java @@ -19,12 +19,14 @@ package com.epmet.controller; import com.epmet.commons.tools.annotation.LoginUser; import com.epmet.commons.tools.constant.AppClientConstant; +import com.epmet.commons.tools.constant.NumConstant; import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetException; import com.epmet.commons.tools.page.PageData; import com.epmet.commons.tools.security.dto.TokenDto; import com.epmet.commons.tools.utils.ConvertUtils; import com.epmet.commons.tools.utils.ExcelUtils; +import com.epmet.commons.tools.utils.RSASignature; import com.epmet.commons.tools.utils.Result; import com.epmet.commons.tools.validator.AssertUtils; import com.epmet.commons.tools.validator.ValidatorUtils; @@ -38,6 +40,7 @@ import com.epmet.excel.OperUserExcel; import com.epmet.service.OperUserService; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletResponse; @@ -54,6 +57,8 @@ import java.util.Map; @RestController @RequestMapping("operuser") public class OperUserController { + @Value("${epmet.login.privateKey}") + private String privateKey; @Autowired private OperUserService operUserService; @@ -72,17 +77,43 @@ public class OperUserController { } @PostMapping - public Result save(@RequestBody OperUserDTO dto) { + public Result save(@RequestBody OperUserDTO dto) throws Exception { //效验数据 ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class); + //解密密码 + if (StringUtils.isNotBlank(dto.getPassword()) && dto.getPassword().length() > NumConstant.FIFTY) { + String password = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey); + dto.setPassword(password); + } + if (StringUtils.isNotBlank(dto.getEmail()) && dto.getEmail().length() > NumConstant.FIFTY) { + String email = RSASignature.decryptByPrivateKey(dto.getEmail(), privateKey); + dto.setEmail(email); + } + if (StringUtils.isNotBlank(dto.getPhone()) && dto.getPhone().length() > NumConstant.FIFTY) { + String phone = RSASignature.decryptByPrivateKey(dto.getPhone(), privateKey); + dto.setPhone(phone); + } operUserService.save(dto); return new Result(); } @PutMapping - public Result update(@RequestBody OperUserDTO dto) { + public Result update(@RequestBody OperUserDTO dto) throws Exception { //效验数据 ValidatorUtils.validateEntity(dto, UpdateGroup.class, DefaultGroup.class); + //解密密码 + if (StringUtils.isNotBlank(dto.getPassword()) && dto.getPassword().length() > NumConstant.FIFTY) { + String password = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey); + dto.setPassword(password); + } + if (StringUtils.isNotBlank(dto.getEmail()) && dto.getEmail().length() > NumConstant.FIFTY) { + String email = RSASignature.decryptByPrivateKey(dto.getEmail(), privateKey); + dto.setEmail(email); + } + if (StringUtils.isNotBlank(dto.getPhone()) && dto.getPhone().length() > NumConstant.FIFTY) { + String phone = RSASignature.decryptByPrivateKey(dto.getPhone(), privateKey); + dto.setPhone(phone); + } operUserService.update(dto); return new Result(); } @@ -94,10 +125,22 @@ public class OperUserController { * @return */ @PostMapping(value = "updatePwd") - public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) { + public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) throws Exception { if (StringUtils.isBlank(dto.getNewPassword()) && AppClientConstant.APP_OPER.equals(tokenDto.getClient())){ throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"参数错误","参数错误"); } + //解密密码 + if (dto.getPassword().length() > 50) { + String confirmNewPassWord = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey); + String newPassword = RSASignature.decryptByPrivateKey(dto.getNewPassword(), privateKey); + dto.setPassword(confirmNewPassWord); + dto.setNewPassword(newPassword); + if (StringUtils.isNotBlank(dto.getOldPassword())){ + String oldPassWord = RSASignature.decryptByPrivateKey(dto.getOldPassword(), privateKey); + dto.setOldPassword(oldPassWord); + } + } + //校验长度和 密码是否一致。 operUserService.updatePwd(tokenDto.getUserId(),dto); return new Result(); } diff --git a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java index a4b00240f9..2a4585eb8a 100644 --- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java +++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java @@ -739,7 +739,16 @@ public class CustomerStaffServiceImpl extends BaseServiceImpl implements OperUserService { @Autowired @@ -61,6 +69,8 @@ public class OperUserServiceImpl extends BaseServiceImpl page(Map params) { @@ -129,6 +139,13 @@ public class OperUserServiceImpl extends BaseServiceImpl lambdaQueryWrapper = new LambdaQueryWrapper<>(); lambdaQueryWrapper.eq(OperUserEntity::getUserId,userId); - baseDao.update(param, lambdaQueryWrapper); + + + baseDao.update(param, lambdaQueryWrapper); } } diff --git a/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml b/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml index a9ec2fcadb..11018f0592 100644 --- a/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml +++ b/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml @@ -185,3 +185,8 @@ thread: keepAliveSeconds: @thread.threadPool.keep-alive-seconds@ threadNamePrefix: @thread.threadPool.thread-name-prefix@ rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@ +epmet: + login: + publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ== + privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N +