Merge branch 'master' of http://121.42.41.42:7070/r/empet_cloud_yantai

3 years ago · adb34c8611
41 changed files with 766 additions and 59 deletions
--- a/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
+++ b/epmet-admin/epmet-admin-client/src/main/java/com/epmet/dto/PasswordDTO.java
@ -23,7 +23,10 @@ import java.io.Serializable;
@Data
 public class PasswordDTO implements Serializable {
    private static final long serialVersionUID = 1L;
-
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
    @NotBlank(message="{sysuser.password.require}")
    private String password;

--- a/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java
+++ b/epmet-auth/src/main/java/com/epmet/controller/GovWebController.java
@ -1,6 +1,7 @@
 package com.epmet.controller;

 import com.epmet.auth.dto.result.BlockChainStaffAuthResultDTO;
+import com.epmet.commons.tools.constant.NumConstant;
 import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -9,6 +10,7 @@ import com.epmet.dto.form.GovWebLoginFormDTO;
 import com.epmet.dto.result.UserTokenResultDTO;
 import com.epmet.service.GovWebService;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
@ -44,10 +46,14 @@ public class GovWebController {
        ValidatorUtils.validateEntity(formDTO);

        try {
-            if (formDTO.getPassword().length() > 50) {
+            if (StringUtils.isNotBlank(formDTO.getPassword())&&formDTO.getPassword().length() > NumConstant.FIFTY) {
                String newPassword = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey);
                formDTO.setPassword(newPassword);
            }
+            if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > NumConstant.FIFTY) {
+                String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey);
+                formDTO.setPhone(phone);
+            }

        } catch (Exception e) {
            log.error("method exception", e);
--- a/epmet-auth/src/main/java/com/epmet/controller/LoginController.java
+++ b/epmet-auth/src/main/java/com/epmet/controller/LoginController.java
@ -1,8 +1,10 @@
 package com.epmet.controller;

 import com.epmet.commons.tools.annotation.LoginUser;
+import com.epmet.commons.tools.constant.NumConstant;
 import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -15,6 +17,7 @@ import com.epmet.service.LoginService;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;

 import javax.imageio.ImageIO;
@ -36,6 +39,8 @@ import java.util.Arrays;
@RestController
@RequestMapping("login")
 public class LoginController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;
 	@Autowired
 	private CaptchaService captchaService;

@ -90,11 +95,23 @@ public class LoginController {
 	 * @Date 2020/3/14 19:46
 	 **/
 	@PostMapping("/operweb/loginbypassword")
-	public Result<UserTokenResultDTO> loginByPassword(@RequestBody LoginByPassWordFormDTO formDTO) {
+	public Result<UserTokenResultDTO> loginByPassword(@RequestBody LoginByPassWordFormDTO formDTO) throws Exception {
 		//效验数据
 		ValidatorUtils.validateEntity(formDTO);
-		Result<UserTokenResultDTO> result = loginService.loginByPassword(formDTO);
-		return result;
+		//解密密码
+		if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > NumConstant.FIFTY) {
+			String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey);
+			formDTO.setPhone(phone);
+		}
+		if (StringUtils.isNotBlank(formDTO.getMobile())&&formDTO.getMobile().length() > NumConstant.FIFTY) {
+			String phone = RSASignature.decryptByPrivateKey(formDTO.getMobile(), privateKey);
+			formDTO.setMobile(phone);
+		}
+		if (StringUtils.isNotBlank(formDTO.getPassword())&&formDTO.getPassword().length() > NumConstant.FIFTY) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getPassword(), privateKey);
+			formDTO.setPassword(confirmNewPassWord);
+		}
+		return loginService.loginByPassword(formDTO);
 	}

 	/**
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/form/HasOperPermissionFormDTO.java
@ -0,0 +1,24 @@
+package com.epmet.commons.tools.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class HasOperPermissionFormDTO {
+
+    /**
+     * uri
+     */
+    @NotBlank(message = "uri不能为空")
+    private String uri;
+
+    /**
+     * http方法
+     */
+    @NotBlank(message = "请求http方法不能为空")
+    private String method;
+
+    @NotBlank(message = "操作者ID不能为空")
+    private String operId;
+}
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/dto/result/OperResouce.java
@ -0,0 +1,13 @@
+package com.epmet.commons.tools.dto.result;
+
+import lombok.Data;
+
+@Data
+public class OperResouce {
+
+    private String userId;
+    private String resourceUrl;
+    private String ResourceMethod;
+
+
+}
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/CommonOperAccessOpenFeignClient.java
@ -0,0 +1,46 @@
+package com.epmet.commons.tools.feign;
+
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.dto.result.OperResouce;
+import com.epmet.commons.tools.feign.fallback.CommonOperAccessOpenFeignClientFallbackFactory;
+import com.epmet.commons.tools.utils.Result;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+
+/**
+ * @Description 运营端权限模块
+ * @Author yinzuomei
+ * @Date 2020/5/21 15:17 本服务对外开放的API,其他服务通过引用此client调用该服务
+ */
+@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class)
+//@FeignClient(name = ServiceConstant.OPER_ACCESS_SERVER, fallbackFactory = CommonOperAccessOpenFeignClientFallbackFactory.class, url = "http://localhost:8093")
+public interface CommonOperAccessOpenFeignClient {
+    /**
+     * @param
+     * @return com.epmet.commons.tools.utils.Result
+     * @Author yinzuomei
+     * @Description 清空运营人员权限信息、菜单信息
+     * @Date 2020/5/21 17:08
+     **/
+    @GetMapping("/oper/access/menu/clearoperuseraccess")
+    Result clearOperUserAccess();
+
+    /**
+     * 是否有该接口的权限
+     * @return
+     */
+    @PostMapping("/oper/access/menu/hasPermission")
+    Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form);
+
+    /**
+     * 需要验证的菜单资源
+     * @return
+     */
+    @PostMapping("/oper/access/menu/getExamineResourceUrls")
+    Result<List<OperResouce>> getExamineResourceUrls();
+}
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallback.java
@ -0,0 +1,35 @@
+package com.epmet.commons.tools.feign.fallback;
+
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.dto.result.OperResouce;
+import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import com.epmet.commons.tools.utils.ModuleUtils;
+import com.epmet.commons.tools.utils.Result;
+
+import java.util.List;
+
+/**
+ * @Description 运营端权限模块
+ * @Author yinzuomei
+ * @Date 2020/5/21 15:47
+ */
+//@Component
+public class CommonOperAccessOpenFeignClientFallback implements CommonOperAccessOpenFeignClient {
+    @Override
+    public Result clearOperUserAccess() {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess");
+
+    }
+
+    @Override
+    public Result hasOperPermission(HasOperPermissionFormDTO form) {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission");
+    }
+
+    @Override
+    public Result<List<OperResouce>> getExamineResourceUrls() {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls");
+    }
+}
+
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/feign/fallback/CommonOperAccessOpenFeignClientFallbackFactory.java
@ -0,0 +1,19 @@
+package com.epmet.commons.tools.feign.fallback;
+
+import com.epmet.commons.tools.exception.ExceptionUtils;
+import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import feign.hystrix.FallbackFactory;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+
+@Component
+@Slf4j
+public class CommonOperAccessOpenFeignClientFallbackFactory implements FallbackFactory<CommonOperAccessOpenFeignClient> {
+    private CommonOperAccessOpenFeignClientFallback fallback = new CommonOperAccessOpenFeignClientFallback();
+
+    @Override
+    public CommonOperAccessOpenFeignClient create(Throwable cause) {
+        log.error(String.format("FeignClient调用发生异常,异常信息:%s", ExceptionUtils.getThrowableErrorStackTrace(cause)));
+        return fallback;
+    }
+}
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/redis/RedisKeys.java
@ -889,4 +889,25 @@ public class RedisKeys {
 	public static String getDingMiniInfoKey(String suiteKey) {
 		return rootPrefix.concat("ding:miniInfo:" + suiteKey);
 	}
+
+	/**
+	 * 运营人员-资源权限
+	 * @param operId
+	 * @return
+	 */
+	public static String operResourcesBaseDir() {
+		return rootPrefix.concat("oper:access:resources:");
+	}
+
+    public static String operResourcesByUserId(String operId) {
+		return operResourcesBaseDir().concat(operId);
+    }
+
+	/**
+	 * 获取需要检查的资源url
+	 * @return
+	 */
+	public static String getOperExamineResourceUrls() {
+		return rootPrefix.concat("oper:access:examineresources");
+    }
 }
--- a/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
+++ b/epmet-commons/epmet-commons-tools/src/main/java/com/epmet/commons/tools/security/password/PasswordUtils.java
@ -37,6 +37,43 @@ public class PasswordUtils {
        return passwordEncoder.matches(str, password);
    }

+    /**
+     * desc:校验密码规则是否
+     * 校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
+     * @param password
+     * @return
+     */
+    public static boolean checkPassWordRule(String password) {
+        boolean flag=false;
+        if(password.length()<8||password.length()>20){
+            return flag;
+        }
+        boolean numFlag=false;
+        boolean bigLetter=false;
+        boolean smallLetter=false;
+        char[] passwordArray = password.toCharArray();
+        for(int i=0;i < passwordArray.length;i++) {
+            char currentStr=passwordArray[i];
+            // 判断ch是否是数字字符，如'1'，'2‘，是返回true。否则返回false
+            if(Character.isDigit(currentStr)){
+                numFlag=true;
+                continue;
+            }
+            // 判断ch是否是字母字符，如'a'，'b‘，是返回true。否则返回false
+            if(Character.isUpperCase(currentStr)){
+                bigLetter=true;
+                continue;
+            }
+            if(Character.isLowerCase(currentStr)){
+                smallLetter=true;
+            }
+        }
+        if(numFlag&&bigLetter&&smallLetter){
+            flag=true;
+        }
+        return flag;
+    }
+

    public static void main(String[] args) {
        String str = "wangqing";
--- a/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java
+++ b/epmet-gateway/src/main/java/com/epmet/GatewayApplication.java
@ -8,9 +8,15 @@

 package com.epmet;

+import com.alibaba.fastjson.JSON;
 import com.epmet.commons.tools.aspect.ServletExceptionHandler;
 import com.epmet.commons.tools.config.RedissonConfig;
 import com.epmet.commons.tools.config.ThreadDispatcherConfig;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
+import com.epmet.filter.CpProperty;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.client.discovery.EnableDiscoveryClient;
@ -18,6 +24,9 @@ import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.FilterType;

+import javax.annotation.PostConstruct;
+import java.util.List;
+
 /**
 * 网关服务
 *
@ -31,7 +40,24 @@ import org.springframework.context.annotation.FilterType;
@ComponentScan(basePackages = {"com.epmet.*"}, excludeFilters = @ComponentScan.Filter(type = FilterType.ASSIGNABLE_TYPE, classes = {RedissonConfig.class, ThreadDispatcherConfig.class, ServletExceptionHandler.class}))
 public class GatewayApplication {

+	@Autowired
+	private CpProperty cpProperty;
+
+	@Autowired
+	private RedisUtils redisUtils;
+
 	public static void main(String[] args) {
 		SpringApplication.run(GatewayApplication.class, args);
 	}
+
+	/**
+	 * 初始化运营端校验资源列表
+	 */
+//	@PostConstruct
+//	public void initOperExamineResources() {
+//		if (!redisUtils.hasKey(RedisKeys.getOperExamineResourceUrls())) {
+//			List<CpProperty.OperExamineResource> operExamineResourceUrls = cpProperty.getOperExamineResourceUrls();
+//			redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(operExamineResourceUrls));
+//		}
+//	}
 }
--- a/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
+++ b/epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
@ -1,11 +1,22 @@
 package com.epmet.auth;

+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.TypeReference;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.Constant;
+import com.epmet.commons.tools.constant.ServiceConstant;
+import com.epmet.commons.tools.dto.form.HasOperPermissionFormDTO;
+import com.epmet.commons.tools.dto.result.OperResouce;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.EpmetException;
 import com.epmet.commons.tools.exception.RenException;
+import com.epmet.commons.tools.feign.CommonOperAccessOpenFeignClient;
+import com.epmet.commons.tools.feign.ResultDataResolver;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.dto.BaseTokenDto;
 import com.epmet.commons.tools.utils.CpUserDetailRedis;
+import com.epmet.commons.tools.utils.Result;
 import com.epmet.filter.CpProperty;
 import com.epmet.jwt.JwtTokenUtils;
 import io.jsonwebtoken.Claims;
@ -15,18 +26,20 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.web.server.ServerWebExchange;

 import java.util.Date;
+import java.util.List;

 /**
 * 内部认证处理器
 */
@Component
-public class InternalAuthProcessor extends AuthProcessor {
+public class InternalAuthProcessor extends AuthProcessor implements ResultDataResolver {

    private Logger logger = LoggerFactory.getLogger(getClass());

@ -41,6 +54,12 @@ public class InternalAuthProcessor extends AuthProcessor {
    @Autowired
    private CpProperty cpProperty;

+    @Autowired
+    private CommonOperAccessOpenFeignClient operAccessOpenFeignClient;
+
+    @Autowired
+    private RedisUtils redisUtils;
+
    @Override
    public ServerWebExchange auth(ServerWebExchange exchange, GatewayFilterChain chain) {
        ServerHttpRequest request = exchange.getRequest();
@ -104,10 +123,59 @@ public class InternalAuthProcessor extends AuthProcessor {
            builder.header(AppClientConstant.CUSTOMER_ID, customerId);
        }

+        // 针对运营端的url拦截和校验
+        if (AppClientConstant.APP_OPER.equals(app)) {
+            HttpMethod method = request.getMethod();
+            Boolean hasAccess = checkRequestOperResource(userId, requestUri, method.toString());
+            if (!hasAccess) {
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(), "资源未授权", "资源未授权");
+            }
+        }
+
        ServerHttpRequest shr = builder.build();
        return exchange.mutate().request(shr).build();
    }

+    /**
+     * 校验运营端用户是否有权访问该资源
+     * @param uri
+     * @param method
+     * @return
+     */
+    private Boolean checkRequestOperResource(String userId, String uri, String method) {
+        String resourceJsonString = redisUtils.getString(RedisKeys.getOperExamineResourceUrls());
+        List<OperResouce> resources = JSON.parseObject(resourceJsonString, new TypeReference<List<OperResouce>>() {});
+
+        if (resources == null) {
+            // redis中没有缓存，需要api获取
+            resources = getResultDataOrThrowsException(operAccessOpenFeignClient.getExamineResourceUrls(), ServiceConstant.OPER_ACCESS_SERVER,
+                    EpmetErrorCode.SERVER_ERROR.getCode(), "调用operaccess获取要校验的资源失败", "调用operaccess获取要校验的资源失败");
+
+            // 缓存
+            redisUtils.setString(RedisKeys.getOperExamineResourceUrls(), JSON.toJSONString(resources));
+        }
+
+        for (OperResouce resource : resources) {
+            if (antPathMatcher.match(resource.getResourceUrl(), uri)
+                    && resource.getResourceMethod().equals(method)) {
+
+                //需要校验权限的url
+                HasOperPermissionFormDTO form = new HasOperPermissionFormDTO();
+                form.setUri(uri);
+                form.setMethod(method);
+                form.setOperId(userId);
+                Result result = operAccessOpenFeignClient.hasOperPermission(form);
+                if (result == null || !result.success()) {
+                    return false;
+                }
+                return true;
+            }
+        }
+
+        // 如果当前请求url不需要校验权限，那么返回true
+        return true;
+    }
+
    /**
     * 是否需要认证
     * @param requestUri
--- a/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
+++ b/epmet-gateway/src/main/java/com/epmet/filter/CpProperty.java
@ -42,4 +42,15 @@ public class CpProperty {
     */
    private List<String> swaggerUrls;

+    /**
+     * 运营端，需要校验的url资源列表
+     */
+    private List<OperExamineResource> operExamineResourceUrls;
+
+    @Data
+    public static class OperExamineResource {
+        private String resourceUrl;
+        private String resourceMethod;
+    }
+
 }
--- a/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java
+++ b/epmet-gateway/src/main/java/com/epmet/filter/EpmetGatewayFilter.java
@ -5,6 +5,7 @@ import com.epmet.auth.ExternalAuthProcessor;
 import com.epmet.auth.InternalAuthProcessor;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.EpmetException;
 import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.utils.IpUtils;
@ -64,6 +65,10 @@ public class EpmetGatewayFilter implements GatewayFilter {
            }

            return doFilter(exchange, chain);
+        } catch (EpmetException re) {
+            // 人为抛出，则携带错误码和错误信息响应给前端
+            log.error("EpmetGatewayFilter认证出错RenException，错误信息:{}", ExceptionUtils.getErrorStackTrace(re));
+            return response(exchange, new Result<>().error(re.getCode(), re.getMessage()));
        } catch (RenException re) {
            // 人为抛出，则携带错误码和错误信息响应给前端
            log.error("EpmetGatewayFilter认证出错RenException，错误信息:{}", ExceptionUtils.getErrorStackTrace(re));
--- a/epmet-gateway/src/main/resources/bootstrap-urls.yml
+++ b/epmet-gateway/src/main/resources/bootstrap-urls.yml
@ -0,0 +1,5 @@
+epmet:
+  oper-examine-resource-urls:
+    #      角色编辑
+    - resourceUrl: /oper/access/operrole
+      resourceMethod: PUT
--- a/epmet-gateway/src/main/resources/bootstrap.yml
+++ b/epmet-gateway/src/main/resources/bootstrap.yml
@ -12,6 +12,7 @@ spring:
    name: epmet-gateway-server
  #环境 dev|test|prod
  profiles:
+    include: urls
    active:  @spring.profiles.active@
  messages:
    encoding: UTF-8
--- a/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java
+++ b/epmet-module/epmet-oss/epmet-oss-client/src/main/java/com/epmet/dto/result/UploadImgResultDTO.java
@ -13,6 +13,10 @@ import java.io.Serializable;
@Data
 public class UploadImgResultDTO implements Serializable {
 	private String url;
+	/**
+	 * 原始文件名
+	 */
+	private String fileName;
 	/**
 	 * 域名
 	 */
--- a/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java
+++ b/epmet-module/epmet-oss/epmet-oss-server/src/main/java/com/epmet/service/impl/OssServiceImpl.java
@ -279,6 +279,7 @@ public class OssServiceImpl extends BaseServiceImpl<OssDao, OssEntity> implement
 		UploadImgResultDTO dto = new UploadImgResultDTO();
 		dto.setUrl(url);
 		dto.setDomain(ossDomain);
+		dto.setFileName(file.getOriginalFilename());
 		return new Result<UploadImgResultDTO>().ok(dto);
 	}

--- a/epmet-module/epmet-third/epmet-third-server/src/main/test/java/com/epmet/ThirdPlatformTest.java
+++ b/epmet-module/epmet-third/epmet-third-server/src/main/test/java/com/epmet/ThirdPlatformTest.java
@ -24,7 +24,7 @@ public class ThirdPlatformTest {

    @Test
    public void sendText(){
-        DingTalkResult<String> appAccessTokenToken = dingTalkClientToken.getAppAccessTokenToken();
+        DingTalkResult<String> appAccessTokenToken = dingTalkClientToken.getAppAccessTokenToken("123123123","234234234");
        System.out.println("=======:"+JSON.toJSONString(appAccessTokenToken));
    }
 }
--- a/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java
+++ b/epmet-module/gov-mine/gov-mine-client/src/main/java/com/epmet/dto/form/StaffResetPassWordFormDTO.java
@ -22,6 +22,10 @@ public class StaffResetPassWordFormDTO implements Serializable {
    public interface AddUserShowGroup extends CustomerClientShowGroup {
    }

+    /**
+     * 旧密码
+     */
+    private String oldPassword;
    @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class})
    private String newPassword;
    @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class})
--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/controller/MineController.java
@ -2,12 +2,15 @@ package com.epmet.controller;

 import com.epmet.commons.tools.annotation.LoginUser;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.ValidatorUtils;
 import com.epmet.dto.form.StaffResetPassWordFormDTO;
 import com.epmet.dto.result.MineResultDTO;
 import com.epmet.service.MineService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -21,6 +24,8 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("mine")
 public class MineController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;
 	@Autowired
 	private MineService mineService;

@ -45,9 +50,27 @@ public class MineController {
 	 * @Date 2020/7/1 9:59
 	 **/
 	@PostMapping("resetpassword")
-	public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) {
+	public Result resetPassword(@LoginUser TokenDto tokenDto, @RequestBody StaffResetPassWordFormDTO formDTO) throws Exception {
 		formDTO.setStaffId(tokenDto.getUserId());
 		ValidatorUtils.validateEntity(formDTO, StaffResetPassWordFormDTO.AddUserShowGroup.class, StaffResetPassWordFormDTO.AddUserInternalGroup.class);
+		//解密密码
+		if (formDTO.getConfirmNewPassword().length() > 50) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(formDTO.getConfirmNewPassword(), privateKey);
+			String newPassword = RSASignature.decryptByPrivateKey(formDTO.getNewPassword(), privateKey);
+			formDTO.setConfirmNewPassword(confirmNewPassWord);
+			formDTO.setNewPassword(newPassword);
+			if (StringUtils.isNotBlank(formDTO.getOldPassword())){
+				String oldPassWord = RSASignature.decryptByPrivateKey(formDTO.getOldPassword(), privateKey);
+				formDTO.setOldPassword(oldPassWord);
+			}
+		}
 		return mineService.resetPassword(formDTO);
 	}
+
+	public static void main(String[] args) throws Exception {
+		String p= "R16c3yJqCMyRFTxElBeBexTVlW1GArItaVqEEyF3o3jXVwq0G08ck8wEdBAEyQI1y4uCsw3UBgx1mqiMbIfvdg==";
+		String privateKey= "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N";
+		String newPassword = RSASignature.decryptByPrivateKey(p, privateKey);
+		System.out.println(newPassword);
+	}
 }
--- a/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/java/com/epmet/service/impl/MineServiceImpl.java
@ -5,6 +5,7 @@ import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.dto.form.StaffInfoFromDTO;
 import com.epmet.dto.form.StaffResetPassWordFormDTO;
@ -50,7 +51,7 @@ public class MineServiceImpl implements MineService {
 			throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
 		}
 		//2、校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
-		boolean flag=this.checkPassWord(formDTO.getNewPassword());
+		boolean flag= PasswordUtils.checkPassWordRule(formDTO.getNewPassword());
 		if(!flag){
 			throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
 		}
@ -59,50 +60,15 @@ public class MineServiceImpl implements MineService {
 		staffResetPwFormDTO.setNewPassword(formDTO.getNewPassword());
 		staffResetPwFormDTO.setConfirmNewPassword(formDTO.getConfirmNewPassword());
 		staffResetPwFormDTO.setStaffId(formDTO.getStaffId());
+		staffResetPwFormDTO.setOldPassword(formDTO.getOldPassword());
 		Result updatePassWordResult=epmetUserOpenFeignClient.resetStaffPassword(staffResetPwFormDTO);
 		if(updatePassWordResult.success()){
 			logger.info(String.format("调用%s服务,修改密码成功", ServiceConstant.EPMET_USER_SERVER));
 		}else{
 			logger.warn(String.format("调用%s服务,修改密码失败,返参:%s", ServiceConstant.EPMET_USER_SERVER,
 					JSON.toJSONString(updatePassWordResult)));
-			return new Result().error(EpmetErrorCode.PASSWORD_UPDATE_FAILED.getCode());
+			return new Result().error(EpmetErrorCode.PASSWORD_UPDATE_FAILED.getCode(),updatePassWordResult.getMsg());
 		}
 		return new Result();
 	}
-
-	private boolean checkPassWord(String password) {
-		boolean flag=false;
-		if(password.length()<8||password.length()>20){
-			logger.warn(String.format("密码长度应为8-20位，当前输入密码%s,长度为%s",password,password.length()));
-			return flag;
-		}
-		boolean numFlag=false;
-		boolean bigLetter=false;
-		boolean smallLetter=false;
-		char[] passwordArray = password.toCharArray();
-		for(int i=0;i < passwordArray.length;i++) {
-			char currentStr=passwordArray[i];
-			logger.info(String.format("当前字符%s",currentStr));
-			// 判断ch是否是数字字符，如'1'，'2‘，是返回true。否则返回false
-			if(Character.isDigit(currentStr)){
-				numFlag=true;
-				continue;
-			}
-			// 判断ch是否是字母字符，如'a'，'b‘，是返回true。否则返回false
-			if(Character.isUpperCase(currentStr)){
-				bigLetter=true;
-				continue;
-			}
-			if(Character.isLowerCase(currentStr)){
-				smallLetter=true;
-				continue;
-			}
-		}
-		if(numFlag&&bigLetter&&smallLetter){
-			flag=true;
-		}else{
-			logger.warn(String.format("当前密码%s,是否包含数字%s,是否包含大写字母%s,是否包含小写字母%s",password,numFlag,bigLetter,smallLetter));
-		}
-		return flag;
-	}
 }
--- a/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml
+++ b/epmet-module/gov-mine/gov-mine-server/src/main/resources/bootstrap.yml
@ -119,3 +119,8 @@ thread:
    keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
    threadNamePrefix: @thread.threadPool.thread-name-prefix@
    rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
+epmet:
+  login:
+    publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
+    privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N
+
--- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java
+++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/form/HasOperPermissionFormDTO.java
@ -0,0 +1,24 @@
+package com.epmet.dto.form;
+
+import lombok.Data;
+
+import javax.validation.constraints.NotBlank;
+
+@Data
+public class HasOperPermissionFormDTO {
+
+    /**
+     * uri
+     */
+    @NotBlank(message = "uri不能为空")
+    private String uri;
+
+    /**
+     * http方法
+     */
+    @NotBlank(message = "请求http方法不能为空")
+    private String method;
+
+    @NotBlank(message = "操作者ID不能为空")
+    private String operId;
+}
--- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java
+++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/dto/result/OperResouce.java
@ -0,0 +1,13 @@
+package com.epmet.dto.result;
+
+import lombok.Data;
+
+@Data
+public class OperResouce {
+
+    private String userId;
+    private String resourceUrl;
+    private String ResourceMethod;
+
+
+}
--- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java
+++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/OperAccessOpenFeignClient.java
@ -2,9 +2,12 @@ package com.epmet.feign;

 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.feign.fallback.OperAccessOpenFeignClientFallbackFactory;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;

 /**
 * @Description 运营端权限模块
@ -23,4 +26,18 @@ public interface OperAccessOpenFeignClient {
     **/
    @GetMapping("/oper/access/menu/clearoperuseraccess")
    Result clearOperUserAccess();
+
+    /**
+     * 是否有该接口的权限
+     * @return
+     */
+    @PostMapping("/oper/access/menu/hasPermission")
+    Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form);
+
+    /**
+     * 需要验证的菜单资源
+     * @return
+     */
+    @PostMapping("/oper/access/menu/getExamineResourceUrls")
+    Result getExamineResourceUrls();
 }
--- a/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java
+++ b/epmet-module/oper-access/oper-access-client/src/main/java/com/epmet/feign/fallback/OperAccessOpenFeignClientFallback.java
@ -3,6 +3,7 @@ package com.epmet.feign.fallback;
 import com.epmet.commons.tools.constant.ServiceConstant;
 import com.epmet.commons.tools.utils.ModuleUtils;
 import com.epmet.commons.tools.utils.Result;
+import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.feign.OperAccessOpenFeignClient;

 /**
@ -17,5 +18,15 @@ public class OperAccessOpenFeignClientFallback implements OperAccessOpenFeignCli
        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "clearOperUserAccess");

    }
+
+    @Override
+    public Result hasOperPermission(HasOperPermissionFormDTO form) {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "hasOperPermission");
+    }
+
+    @Override
+    public Result getExamineResourceUrls() {
+        return ModuleUtils.feignConError(ServiceConstant.OPER_ACCESS_SERVER, "getExamineResourceUrls");
+    }
 }

--- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java
+++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/controller/OperMenuController.java
@ -1,9 +1,11 @@
 package com.epmet.controller;

 import com.epmet.commons.tools.annotation.LoginUser;
+import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.exception.ErrorCode;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
+import com.epmet.commons.tools.utils.EpmetRequestHolder;
 import com.epmet.commons.tools.utils.ExcelUtils;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
@ -12,7 +14,9 @@ import com.epmet.commons.tools.validator.group.AddGroup;
 import com.epmet.commons.tools.validator.group.DefaultGroup;
 import com.epmet.commons.tools.validator.group.UpdateGroup;
 import com.epmet.dto.OperMenuDTO;
+import com.epmet.dto.form.HasOperPermissionFormDTO;
 import com.epmet.dto.result.MenuResourceDTO;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.excel.OperMenuExcel;
 import com.epmet.service.OperMenuService;
 import com.epmet.service.OperResourceService;
@ -53,7 +57,7 @@ public class OperMenuController {

 		//菜单资源列表
 		List<MenuResourceDTO> resourceList = operResourceService.getMenuResourceList(id);
-
+		data.setResourceList(resourceList);
 		return new Result<OperMenuDTO>().ok(data);
 	}

@ -161,4 +165,37 @@ public class OperMenuController {
 		operMenuService.clearOperUserAccess(tokenDto.getApp(), tokenDto.getClient(), tokenDto.getUserId());
 		return new Result();
 	}
+
+	/**
+	 * 改运营人员是否有该接口的权限
+	 * @return
+	 */
+	@PostMapping("hasPermission")
+	public Result hasOperPermission(@RequestBody HasOperPermissionFormDTO form) {
+		ValidatorUtils.validateEntity(form);
+		String uri = form.getUri();
+		String method = form.getMethod();
+
+		//		if (!AppClientConstant.APP_OPER.equals(loginUserApp)) {
+		////			只校验运营端，其他都返回true
+		//			return new Result();
+		//		}
+
+		Boolean isMathe = operMenuService.hasOperPermission(uri, method, form.getOperId());
+		if (isMathe){
+			return new Result();
+		} else {
+			return new Result().error();
+		}
+	}
+
+	/**
+	 * 需要验证的菜单资源
+	 * @return
+	 */
+	@PostMapping("getExamineResourceUrls")
+	public Result getExamineResourceUrls() {
+		List<OperResouce> resources = operMenuService.getExamineResourceUrls();
+		return new Result().ok(resources);
+	}
 }
--- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java
+++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/dao/OperMenuDao.java
@ -9,6 +9,7 @@
 package com.epmet.dao;

 import com.epmet.commons.mybatis.dao.BaseDao;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.entity.OperMenuEntity;
 import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
@ -49,4 +50,8 @@ public interface OperMenuDao extends BaseDao<OperMenuEntity> {
     * @param pid  父菜单ID
     */
    List<OperMenuEntity> getListPid(String pid);
+
+    List<OperResouce> getOperResourcesByUserId(String operId);
+
+    List<OperResouce> getExamineResourceUrls();
 }
--- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java
+++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/redis/OperMenuRedis.java
@ -17,10 +17,13 @@

 package com.epmet.redis;

+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.TypeReference;
 import com.epmet.commons.tools.redis.RedisKeys;
 import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.utils.HttpContextUtils;
 import com.epmet.dto.OperMenuDTO;
+import com.epmet.dto.result.OperResouce;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;

@ -71,4 +74,25 @@ public class OperMenuRedis {
        return (Set<String>)redisUtils.get(key);
    }

+    public List<OperResouce> getOperResourcesByUserId(String operId) {
+        String key = RedisKeys.operResourcesByUserId(operId);
+        String json = redisUtils.getString(key);
+        return JSON.parseObject(json, new TypeReference<List<OperResouce>>(){});
+    }
+
+    public void setOperResourcesByUserId(String operId, List<OperResouce> resouces) {
+        String key = RedisKeys.operResourcesByUserId(operId);
+        String jsonString = JSON.toJSONString(resouces);
+        redisUtils.setString(key, jsonString);
+    }
+
+    /**
+     * 运营端用户资源删除
+     * @param operId
+     * @param resouces
+     */
+    public void deleteOperResourcesByUserId(String operId) {
+        String key = RedisKeys.operResourcesByUserId(operId);
+        redisUtils.delete(key);
+    }
 }
--- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java
+++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/OperMenuService.java
@ -21,6 +21,7 @@ import com.epmet.commons.mybatis.service.BaseService;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.dto.OperMenuDTO;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.entity.OperMenuEntity;

 import java.util.List;
@ -141,4 +142,8 @@ public interface OperMenuService extends BaseService<OperMenuEntity> {
    List<OperMenuDTO> getListPid(String pid);

    void clearOperUserAccess(String app, String client, String userId);
+
+    Boolean hasOperPermission(String uri, String method, String loginUserId);
+
+    List<OperResouce> getExamineResourceUrls();
 }
--- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java
+++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperMenuServiceImpl.java
@ -24,8 +24,11 @@ import com.epmet.commons.tools.constant.Constant;
 import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.commons.tools.enums.SuperAdminEnum;
 import com.epmet.commons.tools.exception.ErrorCode;
+import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.HttpContextUtils;
@ -34,6 +37,7 @@ import com.epmet.commons.tools.utils.TreeUtils;
 import com.epmet.dao.OperMenuDao;
 import com.epmet.dto.OperMenuDTO;
 import com.epmet.dto.OperUserDTO;
+import com.epmet.dto.result.OperResouce;
 import com.epmet.entity.OperMenuEntity;
 import com.epmet.enums.MenuTypeEnum;
 import com.epmet.feign.EpmetUserFeignClient;
@ -48,6 +52,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
+import org.springframework.util.AntPathMatcher;

 import java.util.*;

@ -70,6 +75,10 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
    private OperResourceService operResourceService;
    @Autowired
    private OperLanguageService operLanguageService;
+    @Autowired
+    private RedisUtils redisUtils;
+
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Override
    public PageData<OperMenuDTO> page(Map<String, Object> params) {
@ -112,6 +121,13 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
        insert(entity);
        saveLanguage(entity.getId(), "name", entity.getName());

+        try {
+            redisUtils.delete(RedisKeys.getOperExamineResourceUrls());
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("保存菜单配置异常:{}", msg);
+        }
+
        //保存菜单资源
        operResourceService.saveMenuResource(entity.getId(), entity.getName(), dto.getResourceList());

@ -133,6 +149,21 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
        updateById(entity);
        saveLanguage(entity.getId(), "name", entity.getName());

+        try {
+            redisUtils.delete(RedisKeys.getOperExamineResourceUrls());
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("修改菜单配置异常:{}", msg);
+        }
+
+        try {
+            redisUtils.deleteByPattern(RedisKeys.operResourcesBaseDir().concat("*"));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("修改菜单配置异常:{}", msg);
+        }
+
+
        //更新菜单资源
        operResourceService.saveMenuResource(entity.getId(), entity.getName(), dto.getResourceList());

@ -150,6 +181,13 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
    @Override
    @Transactional(rollbackFor = Exception.class)
    public void delete(String id, TokenDto tokenDto) {
+        try {
+            redisUtils.delete(RedisKeys.getOperExamineResourceUrls());
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            logger.error("删除菜单配置异常:{}", msg);
+        }
+
        //逻辑删除
        baseDao.deleteBatchIds(Collections.singletonList(id));
        //删除角色菜单关系
@ -242,6 +280,9 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
    public void clearOperUserAccess(String app, String client, String userId) {
        //清空当前用户，菜单导航、权限标识
        operMenuRedis.delete(userId, app, client);
+
+//        根据用户id删除用户资源列表，后期可以跟deleteAccess合并起来，先为烟台的安全检测做。
+        operMenuRedis.deleteOperResourcesByUserId(userId);
        logger.info(String.format("运营端用户退出系统%s,清空菜单、权限成功",userId));
    }

@ -249,4 +290,44 @@ public class OperMenuServiceImpl extends BaseServiceImpl<OperMenuDao, OperMenuEn
        operLanguageService.saveOrUpdate("oper_menu", tableId, fieldName, fieldValue, HttpContextUtils.getLanguage());
    }

+    @Override
+    public Boolean hasOperPermission(String uri, String method, String operId) {
+        Result<OperUserDTO> operUserDTOResult = epmetUserFeignClient.info(operId);
+        if(!operUserDTOResult.success()||null==operUserDTOResult.getData()){
+            logger.error("查询运营人员信息失败：operId:{}", operId);
+            return false;
+        }
+
+        //系统管理员，拥有最高权限
+        if(operUserDTOResult.getData().getSuperAdmin() == SuperAdminEnum.YES.value()){
+            return true;
+        }
+
+        // 不是系统管理员再具体查询
+        List<OperResouce> resouces = operMenuRedis.getOperResourcesByUserId(operId);
+        if (resouces == null) {
+            resouces = baseDao.getOperResourcesByUserId(operId);
+            operMenuRedis.setOperResourcesByUserId(operId, resouces);
+        }
+
+        return pathMatcher(uri, method, resouces);
+    }
+
+    private boolean pathMatcher(String requestUri, String method, List<OperResouce> resources){
+        for (OperResouce resource : resources) {
+            String resourceUrl = resource.getResourceUrl();
+            String resourceMethod = resource.getResourceMethod();
+
+//            路径匹配 && http方法 匹配
+            if(antPathMatcher.match(resourceUrl, requestUri) && resourceMethod.equals(method)){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public List<OperResouce> getExamineResourceUrls() {
+        return baseDao.getExamineResourceUrls();
+    }
 }
--- a/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java
+++ b/epmet-module/oper-access/oper-access-server/src/main/java/com/epmet/service/impl/OperRoleServiceImpl.java
@ -21,7 +21,10 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
 import com.epmet.commons.tools.constant.FieldConstant;
+import com.epmet.commons.tools.exception.ExceptionUtils;
 import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.dao.OperRoleDao;
 import com.epmet.dto.OperRoleDTO;
@ -30,6 +33,7 @@ import com.epmet.redis.OperRoleRedis;
 import com.epmet.service.OperRoleMenuService;
 import com.epmet.service.OperRoleService;
 import com.epmet.service.OperRoleUserService;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@ -46,6 +50,7 @@ import java.util.Map;
 * @since v1.0.0 2020-03-18
 */
@Service
+@Slf4j
 public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEntity> implements OperRoleService {

    @Autowired
@ -55,6 +60,9 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
    @Autowired
    private OperRoleUserService operRoleUserService;

+    @Autowired
+    private RedisUtils redisUtils;
+
    @Override
    public PageData<OperRoleDTO> page(Map<String, Object> params) {
        IPage<OperRoleEntity> page = baseDao.selectPage(
@ -93,6 +101,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
        insert(entity);
        //保存角色菜单关系
        OperRoleMenuService.saveOrUpdate(entity.getId(), dto.getMenuIdList());
+
+        try {
+            redisUtils.deleteByPattern(RedisKeys.operResourcesBaseDir().concat("*"));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            log.error("新增运营角色信息配置异常:{}", msg);
+        }
    }

    @Override
@ -102,6 +117,13 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
        updateById(entity);
        //保存角色菜单关系
        OperRoleMenuService.saveOrUpdate(entity.getId(), dto.getMenuIdList());
+
+        try {
+            redisUtils.deleteByPattern(RedisKeys.operResourcesBaseDir().concat("*"));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            log.error("修改运营角色信息配置异常:{}", msg);
+        }
    }

    @Override
@ -113,6 +135,7 @@ public class OperRoleServiceImpl extends BaseServiceImpl<OperRoleDao, OperRoleEn
        OperRoleMenuService.deleteByRoleIds(ids);

        operRoleUserService.deleteByRoleIds(ids);
+
    }

 }
--- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml
+++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperMenuDao.xml
@ -26,9 +26,9 @@
    <select id="getUserMenuList" resultType="com.epmet.entity.OperMenuEntity">
        select t3.*, (select lang.field_value from oper_language lang where lang.table_name='oper_menu' and lang.field_name='name'
        and lang.table_id=t3.id and lang.language=#{language}) as name from oper_role_user t1
-        left join oper_role_menu t2 on t1.role_id = t2.role_id
-        left join oper_menu t3 on t2.menu_id = t3.id
-        where t1.user_id = #{userId} and t3.del_flag = 0
+        left join oper_role_menu t2 on (t1.role_id = t2.role_id AND t2.del_flag = 0)
+        left join oper_menu t3 on (t2.menu_id = t3.id)
+        where t1.user_id = #{userId} AND t1.del_flag = 0 and t3.del_flag = 0 and t2.DEL_FLAG = 0
        <if test="type != null">
            and t3.type = #{type}
        </if>
@ -39,4 +39,22 @@
        select * from oper_menu where del_flag = 0 and pid = #{value}
    </select>

+    <select id="getOperResourcesByUserId" resultType="com.epmet.dto.result.OperResouce">
+        select ru.user_id
+             , res.resource_url
+             , res.resource_method
+        from oper_role_user ru
+                     inner join oper_role_menu orm on (ru.role_id = orm.role_id and orm.DEL_FLAG = 0)
+                     inner join oper_resource res on (orm.menu_id = res.resource_code and res.DEL_FLAG=0)
+        where ru.user_id = #{operId}
+          and ru.DEL_FLAG = 0
+    </select>
+
+    <!--需要验证的资源列表(配置给了菜单，并且没有被删除的资源列表)-->
+    <select id="getExamineResourceUrls" resultType="com.epmet.dto.result.OperResouce">
+        select distinct res.resource_url, res.resource_method
+        from oper_menu menu
+                     inner join oper_resource res on (menu.id = res.resource_code and res.DEL_FLAG = 0)
+        where menu.DEL_FLAG = 0
+    </select>
 </mapper>
--- a/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml
+++ b/epmet-module/oper-access/oper-access-server/src/main/resources/mapper/OperRoleMenuDao.xml
@ -4,7 +4,7 @@
 <mapper namespace="com.epmet.dao.OperRoleMenuDao">

    <select id="getMenuIdList" resultType="java.lang.String">
-        select menu_id from oper_role_menu where role_id = #{value}
+        select menu_id from oper_role_menu where del_flag = 0 AND role_id = #{value}
    </select>

    <update id="deleteByRoleIds">
--- a/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java
+++ b/epmet-user/epmet-user-client/src/main/java/com/epmet/dto/form/StaffResetPwFormDTO.java
@ -22,7 +22,10 @@ public class StaffResetPwFormDTO implements Serializable {

    public interface AddUserShowGroup extends CustomerClientShowGroup {
    }
-
+    /**
+     * 旧密码
+     */
+    private String oldPassword;
    @NotBlank(message = "新密码不能为空", groups = {AddUserShowGroup.class})
    private String newPassword;
    @NotBlank(message = "确认新密码不能为空", groups = {AddUserShowGroup.class})
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/CustomerStaffController.java
@ -26,6 +26,7 @@ import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.security.user.LoginUserUtil;
 import com.epmet.commons.tools.utils.ExcelUtils;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -39,7 +40,9 @@ import com.epmet.excel.CustomerStaffExcel;
 import com.epmet.feign.EpmetMessageOpenFeignClient;
 import com.epmet.send.SendMqMsgUtil;
 import com.epmet.service.CustomerStaffService;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;

 import javax.servlet.http.HttpServletResponse;
@ -57,7 +60,8 @@ import java.util.Map;
@RestController
@RequestMapping("customerstaff")
 public class CustomerStaffController {
-
+    @Value("${epmet.login.privateKey}")
+    private String privateKey;
    @Autowired
    private CustomerStaffService customerStaffService;
    @Autowired
@ -500,7 +504,12 @@ public class CustomerStaffController {
     * @Date 10:03 2020-08-25
     **/
    @PostMapping(value = "customerlist")
-    public Result<List<CustomerListResultDTO>> customerList(@RequestBody CustomerListFormDTO formDTO){
+    public Result<List<CustomerListResultDTO>> customerList(@RequestBody CustomerListFormDTO formDTO) throws Exception {
+        //解密密码
+        if (StringUtils.isNotBlank(formDTO.getPhone())&&formDTO.getPhone().length() > 50) {
+            String phone = RSASignature.decryptByPrivateKey(formDTO.getPhone(), privateKey);
+            formDTO.setPhone(phone);
+        }
        return customerStaffService.selectCustomerList(formDTO);
    }

--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/controller/OperUserController.java
@ -19,12 +19,14 @@ package com.epmet.controller;

 import com.epmet.commons.tools.annotation.LoginUser;
 import com.epmet.commons.tools.constant.AppClientConstant;
+import com.epmet.commons.tools.constant.NumConstant;
 import com.epmet.commons.tools.exception.EpmetErrorCode;
 import com.epmet.commons.tools.exception.EpmetException;
 import com.epmet.commons.tools.page.PageData;
 import com.epmet.commons.tools.security.dto.TokenDto;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.ExcelUtils;
+import com.epmet.commons.tools.utils.RSASignature;
 import com.epmet.commons.tools.utils.Result;
 import com.epmet.commons.tools.validator.AssertUtils;
 import com.epmet.commons.tools.validator.ValidatorUtils;
@ -38,6 +40,7 @@ import com.epmet.excel.OperUserExcel;
 import com.epmet.service.OperUserService;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.*;

 import javax.servlet.http.HttpServletResponse;
@ -54,6 +57,8 @@ import java.util.Map;
@RestController
@RequestMapping("operuser")
 public class OperUserController {
+	@Value("${epmet.login.privateKey}")
+	private String privateKey;

 	@Autowired
 	private OperUserService operUserService;
@ -72,17 +77,43 @@ public class OperUserController {
 	}

 	@PostMapping
-	public Result save(@RequestBody OperUserDTO dto) {
+	public Result save(@RequestBody OperUserDTO dto) throws Exception {
 		//效验数据
 		ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class);
+		//解密密码
+		if (StringUtils.isNotBlank(dto.getPassword()) && dto.getPassword().length() > NumConstant.FIFTY) {
+			String password = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
+			dto.setPassword(password);
+		}
+		if (StringUtils.isNotBlank(dto.getEmail()) && dto.getEmail().length() > NumConstant.FIFTY) {
+			String email = RSASignature.decryptByPrivateKey(dto.getEmail(), privateKey);
+			dto.setEmail(email);
+		}
+		if (StringUtils.isNotBlank(dto.getPhone()) && dto.getPhone().length() > NumConstant.FIFTY) {
+			String phone = RSASignature.decryptByPrivateKey(dto.getPhone(), privateKey);
+			dto.setPhone(phone);
+		}
 		operUserService.save(dto);
 		return new Result();
 	}

 	@PutMapping
-	public Result update(@RequestBody OperUserDTO dto) {
+	public Result update(@RequestBody OperUserDTO dto) throws Exception {
 		//效验数据
 		ValidatorUtils.validateEntity(dto, UpdateGroup.class, DefaultGroup.class);
+		//解密密码
+		if (StringUtils.isNotBlank(dto.getPassword()) && dto.getPassword().length() > NumConstant.FIFTY) {
+			String password = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
+			dto.setPassword(password);
+		}
+		if (StringUtils.isNotBlank(dto.getEmail()) && dto.getEmail().length() > NumConstant.FIFTY) {
+			String email = RSASignature.decryptByPrivateKey(dto.getEmail(), privateKey);
+			dto.setEmail(email);
+		}
+		if (StringUtils.isNotBlank(dto.getPhone()) && dto.getPhone().length() > NumConstant.FIFTY) {
+			String phone = RSASignature.decryptByPrivateKey(dto.getPhone(), privateKey);
+			dto.setPhone(phone);
+		}
 		operUserService.update(dto);
 		return new Result();
 	}
@ -94,10 +125,22 @@ public class OperUserController {
 	 * @return
 	 */
 	@PostMapping(value = "updatePwd")
-	public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) {
+	public Result updatePwd(@LoginUser TokenDto tokenDto,@RequestBody PasswordDTO dto) throws Exception {
 		if (StringUtils.isBlank(dto.getNewPassword()) && AppClientConstant.APP_OPER.equals(tokenDto.getClient())){
 			throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),"参数错误","参数错误");
 		}
+		//解密密码
+		if (dto.getPassword().length() > 50) {
+			String confirmNewPassWord = RSASignature.decryptByPrivateKey(dto.getPassword(), privateKey);
+			String newPassword = RSASignature.decryptByPrivateKey(dto.getNewPassword(), privateKey);
+			dto.setPassword(confirmNewPassWord);
+			dto.setNewPassword(newPassword);
+			if (StringUtils.isNotBlank(dto.getOldPassword())){
+				String oldPassWord = RSASignature.decryptByPrivateKey(dto.getOldPassword(), privateKey);
+				dto.setOldPassword(oldPassWord);
+			}
+		}
+		//校验长度和 密码是否一致。
 		operUserService.updatePwd(tokenDto.getUserId(),dto);
 		return new Result();
 	}
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/CustomerStaffServiceImpl.java
@ -739,7 +739,16 @@ public class CustomerStaffServiceImpl extends BaseServiceImpl<CustomerStaffDao,
        if (null == customerStaffDTO) {
            return;
        }
-        //密码加密
+        String oldPasswordFormDB = customerStaffDTO.getPassword();
+        if (StringUtils.isNotBlank(staffResetPwFormDTO.getOldPassword())){
+            //密码加密
+            String oldPasswordFormParam = staffResetPwFormDTO.getOldPassword();
+            log.info("resetStaffPassword:oldP:{},DB:{}",oldPasswordFormParam,oldPasswordFormDB);
+            if (!PasswordUtils.matches(oldPasswordFormParam, oldPasswordFormDB)) {
+                throw new EpmetException(EpmetErrorCode.EPMET_COMMON_OPERATION_FAIL.getCode(),EpmetErrorCode.ERR10004.getMsg(),EpmetErrorCode.ERR10004.getMsg());
+            }
+        }
+
        String password = PasswordUtils.encode(staffResetPwFormDTO.getNewPassword());
        logger.info(String.format("密码%s加密后为%s", staffResetPwFormDTO.getNewPassword(), password));
        customerStaffDTO.setPassword(password);
--- a/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
+++ b/epmet-user/epmet-user-server/src/main/java/com/epmet/service/impl/OperUserServiceImpl.java
@ -24,7 +24,13 @@ import com.epmet.commons.mybatis.service.impl.BaseServiceImpl;
 import com.epmet.commons.tools.constant.AppClientConstant;
 import com.epmet.commons.tools.constant.FieldConstant;
 import com.epmet.commons.tools.enums.SuperAdminEnum;
+import com.epmet.commons.tools.exception.EpmetErrorCode;
+import com.epmet.commons.tools.exception.EpmetException;
+import com.epmet.commons.tools.exception.ExceptionUtils;
+import com.epmet.commons.tools.exception.RenException;
 import com.epmet.commons.tools.page.PageData;
+import com.epmet.commons.tools.redis.RedisKeys;
+import com.epmet.commons.tools.redis.RedisUtils;
 import com.epmet.commons.tools.security.password.PasswordUtils;
 import com.epmet.commons.tools.utils.ConvertUtils;
 import com.epmet.commons.tools.utils.Result;
@ -36,6 +42,7 @@ import com.epmet.entity.UserEntity;
 import com.epmet.feign.OperRoleUserFeignClient;
 import com.epmet.service.OperUserService;
 import com.epmet.service.UserService;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@ -53,6 +60,7 @@ import java.util.Map;
 * @since v1.0.0 2020-03-18
 */
@Service
+@Slf4j
 public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEntity> implements OperUserService {

    @Autowired
@ -61,6 +69,8 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
    private OperRoleUserFeignClient operRoleUserFeignClient;
    @Autowired
    private UserService userService;
+    @Autowired
+    private RedisUtils redisUtils;

    @Override
    public PageData<OperUserDTO> page(Map<String, Object> params) {
@ -129,6 +139,13 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn

        //更新角色用户关系
        operRoleUserFeignClient.saveOrUpdate(entity.getUserId(),dto.getRoleIdList());
+
+        try {
+            redisUtils.delete(RedisKeys.operResourcesByUserId(entity.getUserId()));
+        } catch (Exception e) {
+            String msg = ExceptionUtils.getErrorStackTrace(e);
+            log.error("删除运营人员信息配置异常:{}", msg);
+        }
    }

    @Override
@ -138,6 +155,7 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn
        baseDao.deleteBatchIds(Arrays.asList(ids));

        operRoleUserFeignClient.deleteByUserIds(ids);
+
    }

    @Override
@ -147,13 +165,35 @@ public class OperUserServiceImpl extends BaseServiceImpl<OperUserDao, OperUserEn

    @Override
    public void updatePwd(String userId, PasswordDTO dto) {
+        //1、两次填写的密码需要保持一致
+        if(!dto.getNewPassword().equals(dto.getPassword())){
+            throw new RenException(EpmetErrorCode.PASSWORD_NOT_FIT.getCode());
+        }
+        //2、校验密码规则：密码必须8-20个字符，而且同时包含大小写字母和数字
+        boolean flag=PasswordUtils.checkPassWordRule(dto.getNewPassword());
+        if(!flag){
+            throw new RenException(EpmetErrorCode.PASSWORD_OUT_OF_ORDER.getCode());
+        }
+        OperUserDTO operUserDTO = baseDao.selectOperUserInfoById(userId);
+        if (operUserDTO == null){
+            throw new EpmetException(EpmetErrorCode.INTERNAL_VALIDATE_ERROR.getCode());
+        }
+        //校验旧密码是否正确
+        if (StringUtils.isNotBlank(dto.getOldPassword())){
+            boolean matches = PasswordUtils.matches(dto.getOldPassword(), operUserDTO.getPassword());
+            if (!matches){
+                throw new EpmetException(EpmetErrorCode.ERR10004.getCode());
+            }
+        }
        OperUserEntity param = new OperUserEntity();
        param.setPassword(PasswordUtils.encode(dto.getNewPassword()));
        param.setUpdatedTime(new Date());
        param.setUpdatedBy(userId);
        LambdaQueryWrapper<OperUserEntity> lambdaQueryWrapper = new LambdaQueryWrapper<>();
        lambdaQueryWrapper.eq(OperUserEntity::getUserId,userId);
-         baseDao.update(param, lambdaQueryWrapper);
+
+
+        baseDao.update(param, lambdaQueryWrapper);
    }

 }
--- a/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
+++ b/epmet-user/epmet-user-server/src/main/resources/bootstrap.yml
@ -185,3 +185,8 @@ thread:
    keepAliveSeconds: @thread.threadPool.keep-alive-seconds@
    threadNamePrefix: @thread.threadPool.thread-name-prefix@
    rejectedExecutionHandler: @thread.threadPool.rejected-execution-handler@
+epmet:
+  login:
+    publicKey: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjgDaHWqWgquoatbC4zzQCgqE8C425VIOyzJVVgH1HUYCHpuNUnGCv3HBAl2RsziWQqQgd1xxl0C3a5J4J69o8CAwEAAQ==
+    privateKey: MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAqOANodapaCq6hq1sLjPNAKCoTwLjblUg7LMlVWAfUdRgIem41ScYK/ccECXZGzOJZCpCB3XHGXQLdrkngnr2jwIDAQABAkAyYaWvgrtHuHetdk+v+QRQC54q9FGluP/5nfilX+f4IUf8j92o/ZohTtmJn9qcDiAP4wxCLIsfy4IW3psST78BAiEA0A/E0WvtI7spWnjfw+wMDhdVMIbIJvDbj/cqMwRZInUCIQDPyO2sbXpwDjmAvyn0jpGJJxU5POWYdI37rTf9fScMcwIhAMkWNHbjBHKANVuHb10ACjakPmWEHnXkW5AspdBg53TxAiARPbzq99KXBbcjxbj3f/T3inSqYTEz60f0wDTLJd1dnQIhAIFe6Jd1TduIxGk1PDh/b/3q0jNGgVXkFnUBnKWDaL9N
+