From 1397496bc349070da6e4072f9760500a1fab8b06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=BC=A0=E9=9F=AC?= <2360164671@qq.com> Date: Tue, 28 Jun 2022 23:40:30 +0800 Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E6=88=90=E4=BA=86=E6=B2=A1=E6=9C=89Re?= =?UTF-8?q?dis=E6=83=85=E5=86=B5=E4=B8=8B=E7=9A=84=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E5=92=8CToken=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../projectmanagement/config/WebConfig.java | 3 +- .../controller/StaffController.java | 28 +++++++++++++++ .../projectmanagement/entity/Response.java | 27 -------------- .../projectmanagement/entity/Staff.java | 1 + .../exception/LoginException.java | 9 +++++ .../exception/TokenException.java | 9 +++++ .../interceptor/TokenInterceptor.java | 36 +++++++++++-------- .../service/IStaffService.java | 4 +++ .../service/impl/StaffServiceImpl.java | 31 ++++++++++++++++ .../projectmanagement/utils/TokenUtils.java | 27 ++++++++------ .../utils/response/ResponseMap.java | 5 +-- 11 files changed, 125 insertions(+), 55 deletions(-) create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java delete mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/LoginException.java create mode 100644 src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/TokenException.java diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java index 5fddf4f..619b68b 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/config/WebConfig.java @@ -2,6 +2,7 @@ package cn.edu.hfut.rmdjzz.projectmanagement.config; import cn.edu.hfut.rmdjzz.projectmanagement.interceptor.CorsInterceptor; import cn.edu.hfut.rmdjzz.projectmanagement.interceptor.TokenInterceptor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @@ -14,7 +15,7 @@ import javax.annotation.Resource; */ @Configuration public class WebConfig implements WebMvcConfigurer { - @Resource + @Autowired private CorsInterceptor corsInterceptor; @Override diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java new file mode 100644 index 0000000..2806674 --- /dev/null +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/controller/StaffController.java @@ -0,0 +1,28 @@ +package cn.edu.hfut.rmdjzz.projectmanagement.controller; + +import cn.edu.hfut.rmdjzz.projectmanagement.entity.Staff; +import cn.edu.hfut.rmdjzz.projectmanagement.exception.LoginException; +import cn.edu.hfut.rmdjzz.projectmanagement.service.impl.StaffServiceImpl; +import cn.edu.hfut.rmdjzz.projectmanagement.utils.response.ResponseMap; +import com.fasterxml.jackson.core.JsonProcessingException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +/** + * @author 张韬 + * created at 2022/6/28 21:59 + */ +@RestController +@RequestMapping("/api") +public class StaffController { + @Autowired + private StaffServiceImpl staffServiceImpl; + + @PostMapping("/login") + public ResponseMap login(@RequestBody Staff staff) throws LoginException, JsonProcessingException { + return staffServiceImpl.login(staff.getStaffUsername(), staff.getStaffPassword()); + } +} diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java deleted file mode 100644 index fb7669c..0000000 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Response.java +++ /dev/null @@ -1,27 +0,0 @@ -package cn.edu.hfut.rmdjzz.projectmanagement.entity; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.Data; - -import java.io.Serializable; -import java.util.HashMap; -import java.util.Map; - -/** - * @author 张韬 - * created at 2022/6/28 18:32 - */ -@Data -public class Response implements Serializable { - private int code; - private String msg; - Map data = new HashMap<>(); - public void put(String key,Object value){ - data.put(key,value); - } - public String JsonString() throws JsonProcessingException { - ObjectMapper objectMapper = new ObjectMapper(); - return objectMapper.writeValueAsString(this); - } -} diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Staff.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Staff.java index c38e33d..2f6bc4f 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Staff.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/entity/Staff.java @@ -16,4 +16,5 @@ public class Staff { private String staffPassword; private String staffFullname; private String staffGender; + private String staffSalt; } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/LoginException.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/LoginException.java new file mode 100644 index 0000000..ee32061 --- /dev/null +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/LoginException.java @@ -0,0 +1,9 @@ +package cn.edu.hfut.rmdjzz.projectmanagement.exception; + +/** + * @author 张韬 + * created at 2022/6/28 21:24 + */ +public class LoginException extends Exception{ + public LoginException(String message){super(message);} +} diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/TokenException.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/TokenException.java new file mode 100644 index 0000000..c725f24 --- /dev/null +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/exception/TokenException.java @@ -0,0 +1,9 @@ +package cn.edu.hfut.rmdjzz.projectmanagement.exception; + +/** + * @author 张韬 + * created at 2022/6/28 23:34 + */ +public class TokenException extends Exception{ + public TokenException(String message){super(message);} +} diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java index d261f58..b0d7d25 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/TokenInterceptor.java @@ -1,14 +1,20 @@ package cn.edu.hfut.rmdjzz.projectmanagement.interceptor; -import cn.edu.hfut.rmdjzz.projectmanagement.entity.Response; + +import cn.edu.hfut.rmdjzz.projectmanagement.exception.TokenException; import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils; +import cn.edu.hfut.rmdjzz.projectmanagement.utils.response.ResponseMap; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Component; import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; +import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** * @author 张韬 @@ -16,31 +22,31 @@ import javax.servlet.http.HttpServletResponse; */ @Component public class TokenInterceptor implements HandlerInterceptor { + @Resource + private ObjectMapper objectMapper; @Override - public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws Exception { + public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object object) throws TokenException, IOException { System.out.println(httpServletRequest.getRequestURL()+" "+httpServletRequest.getMethod()); if (!(object instanceof HandlerMethod)) { return false; } - String token = httpServletRequest.getHeader("token"); + String token = httpServletRequest.getHeader("Token"); if (null == token || "".equals(token.trim())) { - Response res=new Response(); - res.setMsg("缺少Token"); - res.setCode(HttpStatus.UNAUTHORIZED.value()); - httpServletResponse.getWriter().print(res.JsonString()); + ResponseMap res= ResponseMap.of(HttpStatus.UNAUTHORIZED.value(),"缺少Token"); + httpServletResponse.getWriter().print(objectMapper.writeValueAsString(res)); return false; } - if(token.charAt(0)=='"'||token.charAt(0)=='\'') - token=token.substring(1,token.length()-1); - System.out.println(token); if(!TokenUtils.checkToken(token)){ - Response res=new Response(); - res.setMsg("无效的Token"); - res.setCode(HttpStatus.UNAUTHORIZED.value()); - httpServletResponse.getWriter().print(res.JsonString()); + ResponseMap res= ResponseMap.of(HttpStatus.UNAUTHORIZED.value(),"无效的Token"); + httpServletResponse.getWriter().print(objectMapper.writeValueAsString(res)); return false; } - httpServletRequest.setAttribute("token", TokenUtils.autoRequire(token)); + if(TokenUtils.checkTimeOut(token)){ + ResponseMap res= ResponseMap.of(HttpStatus.UNAUTHORIZED.value(),"Token已过期"); + httpServletResponse.getWriter().print(objectMapper.writeValueAsString(res)); + return false; + } + httpServletResponse.setHeader("Token",TokenUtils.autoRequire(token)); return true; } } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java index e18de38..eb30ce4 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/IStaffService.java @@ -1,11 +1,15 @@ package cn.edu.hfut.rmdjzz.projectmanagement.service; import cn.edu.hfut.rmdjzz.projectmanagement.entity.Staff; +import cn.edu.hfut.rmdjzz.projectmanagement.exception.LoginException; +import cn.edu.hfut.rmdjzz.projectmanagement.utils.response.ResponseMap; import com.baomidou.mybatisplus.extension.service.IService; +import com.fasterxml.jackson.core.JsonProcessingException; /** * @author 佘语殊 * @since 2022/6/28 17:28 */ public interface IStaffService extends IService { + ResponseMap login(String username, String password) throws LoginException, JsonProcessingException; } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java index 1053933..67e607c 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java @@ -1,10 +1,20 @@ package cn.edu.hfut.rmdjzz.projectmanagement.service.impl; import cn.edu.hfut.rmdjzz.projectmanagement.entity.Staff; +import cn.edu.hfut.rmdjzz.projectmanagement.exception.LoginException; import cn.edu.hfut.rmdjzz.projectmanagement.mapper.StaffMapper; import cn.edu.hfut.rmdjzz.projectmanagement.service.IStaffService; +import cn.edu.hfut.rmdjzz.projectmanagement.utils.TokenUtils; +import cn.edu.hfut.rmdjzz.projectmanagement.utils.response.ResponseMap; +import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import org.springframework.util.DigestUtils; + +import javax.annotation.Resource; /** * @author 佘语殊 @@ -12,4 +22,25 @@ import org.springframework.stereotype.Service; */ @Service public class StaffServiceImpl extends ServiceImpl implements IStaffService { + + @Override + public ResponseMap login(String username, String password) throws LoginException, JsonProcessingException { + if(username==null||username.trim().length()==0) + throw new LoginException("用户名为空"); + else if(!username.equals(username.replaceAll("[^a-zA-Z0-9]", ""))) + throw new LoginException("用户名格式错误"); + else if(password==null||password.trim().length()!=32) + throw new LoginException("密码格式错误"); + Staff staff = getOne(Wrappers.lambdaQuery().eq(Staff::getStaffUsername,username)); + if(staff==null) + throw new LoginException("用户不存在"); + password= DigestUtils.md5DigestAsHex((password+staff.getStaffSalt()).getBytes()); + if(!staff.getStaffPassword().equals(password)) + throw new LoginException("密码错误"); + ResponseMap res=ResponseMap.ofSuccess("ok").put("username",username); + res.put("Token",TokenUtils.getToken(staff.getStaffUsername(),staff.getStaffId())); + res.put("staffFullname",staff.getStaffFullname()); + res.put("staffId",staff.getStaffId()); + return res; + } } diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java index 74cff18..95e01d2 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/TokenUtils.java @@ -1,5 +1,6 @@ package cn.edu.hfut.rmdjzz.projectmanagement.utils; +import cn.edu.hfut.rmdjzz.projectmanagement.exception.TokenException; import com.auth0.jwt.JWT; import com.auth0.jwt.JWTVerifier; import com.auth0.jwt.algorithms.Algorithm; @@ -12,40 +13,46 @@ import java.util.Date; * @author 张韬 * created at 2022/6/28 18:20 */ +//TODO: 演示的时候把expireTime改短点儿 public final class TokenUtils { public final static String pvKey="SignedByRMDJZZ"; - public static String getToken(String username){ + public static String getToken(String username,Integer staffId){ return JWT.create() .withClaim("username", username) + .withClaim("staffId", staffId) .withIssuedAt(new Date()) .withExpiresAt(new Date(System.currentTimeMillis() + 5*60*60*1000)) .sign(Algorithm.HMAC256(pvKey)); } - public static boolean checkToken(String token) { + public static boolean checkToken(String token) throws TokenException { JWTVerifier verifier = JWT.require(Algorithm.HMAC256(pvKey)).build(); try { verifier.verify(token); return true; } catch (JWTVerificationException e) { - e.printStackTrace(); - return false; + throw new TokenException("非法的Token"); } } - public static boolean checkTimeOut(String token){ + public static boolean checkTimeOut(String token) throws TokenException { if(!checkToken(token)) return true; return JWT.decode(token).getClaim("exp").asLong()<(System.currentTimeMillis()/1000); } - public static String getUsername(String token){ + public static String getUsername(String token) throws TokenException { if(!checkToken(token)) - return ""; + return null; return JWT.decode(token).getClaim("username").asString(); } - public static String refreshToken(String token) { - return getToken(getUsername(token)); + public static Integer getStaffId(String token) throws TokenException { + if(!checkToken(token)) + return null; + return JWT.decode(token).getClaim("staffId").asInt(); } - public static String autoRequire(String token) { + public static String refreshToken(String token) throws TokenException { + return getToken(getUsername(token),getStaffId(token)); + } + public static String autoRequire(String token) throws TokenException { boolean check = checkToken(token); if (check) { DecodedJWT jwt = JWT.decode(token); diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/response/ResponseMap.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/response/ResponseMap.java index 155c375..7eef933 100644 --- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/response/ResponseMap.java +++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/response/ResponseMap.java @@ -2,12 +2,14 @@ package cn.edu.hfut.rmdjzz.projectmanagement.utils.response; import cn.edu.hfut.rmdjzz.projectmanagement.utils.BeanUtils; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import com.fasterxml.jackson.databind.ObjectMapper; import lombok.AccessLevel; import lombok.AllArgsConstructor; import lombok.Data; import org.springframework.core.serializer.support.SerializationFailedException; import org.springframework.http.HttpStatus; +import javax.annotation.Resource; import java.util.Collection; import java.util.HashMap; import java.util.Map; @@ -18,13 +20,12 @@ import java.util.Map; * @author 佘语殊 * @since 2022/6/28 21:29 */ -@AllArgsConstructor(access = AccessLevel.PRIVATE) +@AllArgsConstructor(access = AccessLevel.PUBLIC) @Data public class ResponseMap { private Integer code; private String msg; private Map data; - /** * 静态构造方法 *