UserInfoController.java 4.7 KB
package com.xkl.controller;

import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.annotation.Sign;
import com.xkl.authorization.manager.ITokenManager;
import com.xkl.config.ResultStatus;
import com.xkl.domain.User;
import com.xkl.domain.XklMemberEntity;
import com.xkl.model.ResultModel;
import com.xkl.repository.UserRepository;
import com.xkl.repository.XklMemberRespository;
import com.xkl.security.AntiXSS;
import com.wordnik.swagger.annotations.ApiImplicitParam;
import com.wordnik.swagger.annotations.ApiImplicitParams;
import com.wordnik.swagger.annotations.ApiOperation;
import com.xkl.security.SecurityTool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.xml.transform.Result;

/**
 * Created by win7 on 2016/10/19.
 */
@RestController
@RequestMapping("/userInfo")
public class UserInfoController {
    @Autowired
    private UserRepository userRepository;
    @Autowired
    private ITokenManager tokenManager;
    @Autowired
    private XklMemberRespository xklMemberRespository;


    @AntiXSS
    @Sign
    @RequestMapping(method = RequestMethod.POST)
    @ApiOperation(value = "用户注册接口")
    public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
                                                @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
        Assert.notNull(username, "username can not be empty");
        Assert.notNull(password, "password can not be empty");

        User user = userRepository.findByLoginAccount(username);
        if (user != null ) {  //用户已注册
            return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.OK);
        }else{
            String salt= SecurityTool.genSalt();
            String pass=SecurityTool.getPassword(username,password,salt);
            user = new User();
            /**
             * TODO:
             * 1. sign检测注解@Sign先注释掉 ,便于测试
             * 2. 暂时把所有注册的用户的member表member_id都设置为1
             */

            user.setMemberId(1);
            user.setLoginAccount(username);
            user.setLoginPwd(pass);
            user.setSalt(salt);
            user.setStatus(true);
            userRepository.save(user);
        }
        return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_REGISTER), HttpStatus.OK);
    }


    @Authorization
    @AntiXSS
    @Sign
    @RequestMapping(method = RequestMethod.PUT)
    @ApiOperation(value = "用户密码修改接口")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
    })
    public ResponseEntity<ResultModel> modPassword(HttpServletRequest request,@CurrentUser User user,@RequestParam String password,
                                                   @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
        Assert.notNull(password, "password can not be empty");
        String salt= SecurityTool.genSalt();
        String pass=SecurityTool.getPassword(user.getLoginAccount(),password,salt);
        user.setLoginPwd(pass);
        user.setSalt(salt);
        userRepository.save(user);
        tokenManager.deleteToken(String.valueOf(user.getId()));//退出登录
        return new ResponseEntity<>(new ResultModel(ResultStatus.USER_MODPASS_LOGOUT), HttpStatus.OK);
    }


    @Authorization
    @Sign
    @RequestMapping(method = RequestMethod.GET)
    @ApiOperation(value = "个人信息查询接口")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
    })
    public ResponseEntity<ResultModel> getUserInfo(HttpServletRequest request,@CurrentUser User user,
                                                   @RequestParam String sign,@RequestParam long t,@RequestParam int type) {

        long member_id=user.getMemberId();
        XklMemberEntity xklMemberEntity=xklMemberRespository.findOne(member_id);
        return new ResponseEntity<>(ResultModel.ok(xklMemberEntity), HttpStatus.OK);
    }

}