Authored by fangyeqing

FIX:fix some bugs

@@ -76,12 +76,12 @@ public class SignAspect { @@ -76,12 +76,12 @@ public class SignAspect {
76 String str=""; 76 String str="";
77 for(String para:list){ 77 for(String para:list){
78 if(!para.equals("sign")&&!para.equals("t")&&!para.equals("type")) 78 if(!para.equals("sign")&&!para.equals("t")&&!para.equals("type"))
79 - str += map.get(para)[0]; 79 + str += map.get(para)[0];
80 } 80 }
81 81
82 String key = getKeyByType(type); 82 String key = getKeyByType(type);
83 long t1= UtilTools.getNow10Second(); 83 long t1= UtilTools.getNow10Second();
84 - String sign1= SecurityTool.encode("MD5",str+t1+key); 84 + String sign1= SecurityTool.encode("MD5",str+t+key);
85 /** 85 /**
86 * 比较sign和过期时间 86 * 比较sign和过期时间
87 */ 87 */
@@ -8,7 +8,7 @@ public enum ResultStatus { @@ -8,7 +8,7 @@ public enum ResultStatus {
8 8
9 USER_REGISTER(1000,"用户注册成功"), 9 USER_REGISTER(1000,"用户注册成功"),
10 USER_LOGOUT(1001,"退出登录成功"), 10 USER_LOGOUT(1001,"退出登录成功"),
11 - USER_MODPASS_LOGOUT(1002,"修改密码成功,退出登录"), 11 + USER_MODPASS_LOGOUT(1002,"修改密码成功,请重新登录"),
12 USERNAME_OR_PASSWORD_ERROR(-1001, "用户名或密码错误"), 12 USERNAME_OR_PASSWORD_ERROR(-1001, "用户名或密码错误"),
13 USER_NOT_FOUND(-1002, "用户不存在"), 13 USER_NOT_FOUND(-1002, "用户不存在"),
14 USER_NOT_LOGIN(-1004, "用户未登录"), 14 USER_NOT_LOGIN(-1004, "用户未登录"),
1 package com.xkl.controller; 1 package com.xkl.controller;
2 2
3 import com.wordnik.swagger.annotations.ApiOperation; 3 import com.wordnik.swagger.annotations.ApiOperation;
  4 +import com.xkl.authorization.annotation.Sign;
4 import com.xkl.authorization.manager.ITokenManager; 5 import com.xkl.authorization.manager.ITokenManager;
5 import com.xkl.authorization.model.TokenModel; 6 import com.xkl.authorization.model.TokenModel;
6 import com.xkl.config.ResultStatus; 7 import com.xkl.config.ResultStatus;
@@ -35,10 +36,10 @@ public class OpenIdController { @@ -35,10 +36,10 @@ public class OpenIdController {
35 private XklMemberOpenidRespository xklMemberOpenidRespository; 36 private XklMemberOpenidRespository xklMemberOpenidRespository;
36 37
37 @AntiXSS 38 @AntiXSS
38 - //@Sign 39 + @Sign
39 @RequestMapping(method = RequestMethod.POST) 40 @RequestMapping(method = RequestMethod.POST)
40 @ApiOperation(value = "OpenId绑定接口") 41 @ApiOperation(value = "OpenId绑定接口")
41 - public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdtype, 42 + public ResponseEntity<ResultModel> openIdBind(HttpServletRequest request,@RequestParam String username, @RequestParam String password, @RequestParam String openId, @RequestParam int openIdType,
42 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 43 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
43 Assert.notNull(username, "username can not be empty"); 44 Assert.notNull(username, "username can not be empty");
44 Assert.notNull(password, "password can not be empty"); 45 Assert.notNull(password, "password can not be empty");
@@ -46,12 +47,12 @@ public class OpenIdController { @@ -46,12 +47,12 @@ public class OpenIdController {
46 User user = loginService.check(username, password); 47 User user = loginService.check(username, password);
47 48
48 if (user == null) {//用户,密码错误 49 if (user == null) {//用户,密码错误
49 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); 50 + return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
50 } else { 51 } else {
51 - XklMemberOpenidEntity xklMemberOpenid=xklMemberOpenidRespository.findByAccountIdAndType(user.getId(),openIdtype); 52 + XklMemberOpenidEntity xklMemberOpenid=xklMemberOpenidRespository.findByAccountIdAndType(user.getId(),openIdType);
52 if(xklMemberOpenid == null ){ 53 if(xklMemberOpenid == null ){
53 xklMemberOpenid = new XklMemberOpenidEntity(); 54 xklMemberOpenid = new XklMemberOpenidEntity();
54 - xklMemberOpenid.setType(openIdtype); 55 + xklMemberOpenid.setType(openIdType);
55 xklMemberOpenid.setAccountId(user.getId()); 56 xklMemberOpenid.setAccountId(user.getId());
56 xklMemberOpenid.setMemberId(user.getMemberId()); 57 xklMemberOpenid.setMemberId(user.getMemberId());
57 xklMemberOpenid.setOpenid(openId); 58 xklMemberOpenid.setOpenid(openId);
@@ -65,10 +66,10 @@ public class OpenIdController { @@ -65,10 +66,10 @@ public class OpenIdController {
65 66
66 67
67 @AntiXSS 68 @AntiXSS
68 - //@Sign 69 + @Sign
69 @RequestMapping(method = RequestMethod.DELETE) 70 @RequestMapping(method = RequestMethod.DELETE)
70 @ApiOperation(value = "OpenId解除绑定接口") 71 @ApiOperation(value = "OpenId解除绑定接口")
71 - public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdtype, 72 + public ResponseEntity<ResultModel> openIdUnBind(HttpServletRequest request,@RequestParam String username,@RequestParam String password,@RequestParam String openId, @RequestParam int openIdType,
72 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 73 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
73 Assert.notNull(username, "username can not be empty"); 74 Assert.notNull(username, "username can not be empty");
74 Assert.notNull(password, "password can not be empty"); 75 Assert.notNull(password, "password can not be empty");
@@ -76,28 +77,28 @@ public class OpenIdController { @@ -76,28 +77,28 @@ public class OpenIdController {
76 User user = loginService.check(username, password); 77 User user = loginService.check(username, password);
77 78
78 if (user == null) {//用户,密码错误 79 if (user == null) {//用户,密码错误
79 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); 80 + return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
80 } else { 81 } else {
81 - XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByAccountIdAndTypeAndOpenid(user.getId(), openIdtype,openId); 82 + XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByAccountIdAndTypeAndOpenid(user.getId(), openIdType,openId);
82 if(xklMemberOpenid!=null) { 83 if(xklMemberOpenid!=null) {
83 xklMemberOpenidRespository.delete(xklMemberOpenid); 84 xklMemberOpenidRespository.delete(xklMemberOpenid);
84 }else{ 85 }else{
85 - return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.NOT_FOUND); 86 + return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.OK);
86 } 87 }
87 } 88 }
88 return new ResponseEntity<>(ResultModel.ok(ResultStatus.OPENID_UNBIND_SUCESS), HttpStatus.OK); 89 return new ResponseEntity<>(ResultModel.ok(ResultStatus.OPENID_UNBIND_SUCESS), HttpStatus.OK);
89 } 90 }
90 91
91 @AntiXSS 92 @AntiXSS
92 - //@Sign 93 + @Sign
93 @RequestMapping(value="/login",method = RequestMethod.POST) 94 @RequestMapping(value="/login",method = RequestMethod.POST)
94 @ApiOperation(value = "OpenId登录接口") 95 @ApiOperation(value = "OpenId登录接口")
95 - public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdtype, 96 + public ResponseEntity<ResultModel> openIdLogin(HttpServletRequest request,@RequestParam String openId, @RequestParam int openIdType,
96 @RequestParam String sign,@RequestParam long t,@RequestParam int type) { 97 @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
97 - XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdtype); 98 + XklMemberOpenidEntity xklMemberOpenid = xklMemberOpenidRespository.findByOpenidAndType(openId, openIdType);
98 99
99 if(xklMemberOpenid == null){ 100 if(xklMemberOpenid == null){
100 - return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.NOT_FOUND); 101 + return new ResponseEntity<>(ResultModel.error(ResultStatus.OPENID_ERROR), HttpStatus.OK);
101 } 102 }
102 long accountId = xklMemberOpenid.getId(); 103 long accountId = xklMemberOpenid.getId();
103 TokenModel model = tokenManager.createToken(String.valueOf(accountId)); 104 TokenModel model = tokenManager.createToken(String.valueOf(accountId));
@@ -5,6 +5,7 @@ import com.wordnik.swagger.annotations.ApiImplicitParams; @@ -5,6 +5,7 @@ import com.wordnik.swagger.annotations.ApiImplicitParams;
5 import com.wordnik.swagger.annotations.ApiOperation; 5 import com.wordnik.swagger.annotations.ApiOperation;
6 import com.xkl.authorization.annotation.Authorization; 6 import com.xkl.authorization.annotation.Authorization;
7 import com.xkl.authorization.annotation.CurrentUser; 7 import com.xkl.authorization.annotation.CurrentUser;
  8 +import com.xkl.authorization.annotation.Sign;
8 import com.xkl.config.Constants; 9 import com.xkl.config.Constants;
9 import com.xkl.domain.*; 10 import com.xkl.domain.*;
10 import com.xkl.model.ReportDetailModel; 11 import com.xkl.model.ReportDetailModel;
@@ -46,7 +47,7 @@ public class ReportController { @@ -46,7 +47,7 @@ public class ReportController {
46 47
47 @RequestMapping(value="/list",method = RequestMethod.GET) 48 @RequestMapping(value="/list",method = RequestMethod.GET)
48 @Authorization 49 @Authorization
49 - //@Sign 50 + @Sign
50 @ApiOperation(value = "体检报告列表查询接口") 51 @ApiOperation(value = "体检报告列表查询接口")
51 @ApiImplicitParams({ 52 @ApiImplicitParams({
52 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 53 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -60,7 +61,7 @@ public class ReportController { @@ -60,7 +61,7 @@ public class ReportController {
60 61
61 @RequestMapping(value="/detail",method = RequestMethod.GET) 62 @RequestMapping(value="/detail",method = RequestMethod.GET)
62 @Authorization 63 @Authorization
63 - //@Sign 64 + @Sign
64 @ApiOperation(value = "体检报告详情查询接口") 65 @ApiOperation(value = "体检报告详情查询接口")
65 @ApiImplicitParams({ 66 @ApiImplicitParams({
66 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 67 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -100,7 +101,7 @@ public class ReportController { @@ -100,7 +101,7 @@ public class ReportController {
100 101
101 @RequestMapping(value="/score",method = RequestMethod.GET) 102 @RequestMapping(value="/score",method = RequestMethod.GET)
102 @Authorization 103 @Authorization
103 - //@Sign 104 + @Sign
104 @ApiOperation(value = "健康评分接口(测试service用,后续可以注释掉)") 105 @ApiOperation(value = "健康评分接口(测试service用,后续可以注释掉)")
105 @ApiImplicitParams({ 106 @ApiImplicitParams({
106 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 107 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -114,7 +115,7 @@ public class ReportController { @@ -114,7 +115,7 @@ public class ReportController {
114 115
115 @RequestMapping(value="/itemInfo",method = RequestMethod.GET) 116 @RequestMapping(value="/itemInfo",method = RequestMethod.GET)
116 @Authorization 117 @Authorization
117 - //@Sign 118 + @Sign
118 @ApiOperation(value = "指标解释查询接口") 119 @ApiOperation(value = "指标解释查询接口")
119 @ApiImplicitParams({ 120 @ApiImplicitParams({
120 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 121 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -138,7 +139,7 @@ public class ReportController { @@ -138,7 +139,7 @@ public class ReportController {
138 139
139 @RequestMapping(value="/itemGraph",method = RequestMethod.GET) 140 @RequestMapping(value="/itemGraph",method = RequestMethod.GET)
140 @Authorization 141 @Authorization
141 - //@Sign 142 + @Sign
142 @ApiOperation(value = "指标曲线查询接口") 143 @ApiOperation(value = "指标曲线查询接口")
143 @ApiImplicitParams({ 144 @ApiImplicitParams({
144 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 145 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
@@ -2,6 +2,7 @@ package com.xkl.controller; @@ -2,6 +2,7 @@ package com.xkl.controller;
2 2
3 import com.xkl.authorization.annotation.Authorization; 3 import com.xkl.authorization.annotation.Authorization;
4 import com.xkl.authorization.annotation.CurrentUser; 4 import com.xkl.authorization.annotation.CurrentUser;
  5 +import com.xkl.authorization.annotation.Sign;
5 import com.xkl.authorization.manager.ITokenManager; 6 import com.xkl.authorization.manager.ITokenManager;
6 import com.xkl.authorization.model.TokenModel; 7 import com.xkl.authorization.model.TokenModel;
7 import com.xkl.config.ResultStatus; 8 import com.xkl.config.ResultStatus;
@@ -35,7 +36,7 @@ public class TokenController { @@ -35,7 +36,7 @@ public class TokenController {
35 @Autowired 36 @Autowired
36 private ITokenManager tokenManager; 37 private ITokenManager tokenManager;
37 38
38 - //@Sign 39 + @Sign
39 @RequestMapping(method = RequestMethod.POST) 40 @RequestMapping(method = RequestMethod.POST)
40 @ApiOperation(value = "用户登录接口") 41 @ApiOperation(value = "用户登录接口")
41 public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password, 42 public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
@@ -46,7 +47,7 @@ public class TokenController { @@ -46,7 +47,7 @@ public class TokenController {
46 User user = loginService.check(username, password); 47 User user = loginService.check(username, password);
47 48
48 if (user == null) {//用户,密码错误 49 if (user == null) {//用户,密码错误
49 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND); 50 + return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
50 } 51 }
51 //生成一个token,保存用户登录状态 52 //生成一个token,保存用户登录状态
52 TokenModel model = tokenManager.createToken(String.valueOf(user.getId())); 53 TokenModel model = tokenManager.createToken(String.valueOf(user.getId()));
@@ -55,13 +56,14 @@ public class TokenController { @@ -55,13 +56,14 @@ public class TokenController {
55 56
56 57
57 @Authorization 58 @Authorization
58 - //@Sign 59 + @Sign
59 @RequestMapping(method = RequestMethod.DELETE) 60 @RequestMapping(method = RequestMethod.DELETE)
60 @ApiOperation(value = "退出登录") 61 @ApiOperation(value = "退出登录")
61 @ApiImplicitParams({ 62 @ApiImplicitParams({
62 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 63 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
63 }) 64 })
64 - public ResponseEntity<ResultModel> logout(@CurrentUser User user) { 65 + public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user,
  66 + @RequestParam String sign,@RequestParam long t,@RequestParam int type) {
65 tokenManager.deleteToken(String.valueOf(user.getId())); 67 tokenManager.deleteToken(String.valueOf(user.getId()));
66 return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_LOGOUT), HttpStatus.OK); 68 return new ResponseEntity<>(ResultModel.ok(ResultStatus.USER_LOGOUT), HttpStatus.OK);
67 } 69 }
@@ -42,7 +42,7 @@ public class UserInfoController { @@ -42,7 +42,7 @@ public class UserInfoController {
42 42
43 43
44 @AntiXSS 44 @AntiXSS
45 - //@Sign 45 + @Sign
46 @RequestMapping(method = RequestMethod.POST) 46 @RequestMapping(method = RequestMethod.POST)
47 @ApiOperation(value = "用户注册接口") 47 @ApiOperation(value = "用户注册接口")
48 public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password, 48 public ResponseEntity<ResultModel> register(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
@@ -52,7 +52,7 @@ public class UserInfoController { @@ -52,7 +52,7 @@ public class UserInfoController {
52 52
53 User user = userRepository.findByLoginAccount(username); 53 User user = userRepository.findByLoginAccount(username);
54 if (user != null ) { //用户已注册 54 if (user != null ) { //用户已注册
55 - return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.NOT_FOUND); 55 + return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.OK);
56 }else{ 56 }else{
57 String salt= SecurityTool.genSalt(); 57 String salt= SecurityTool.genSalt();
58 String pass=SecurityTool.getPassword(username,password,salt); 58 String pass=SecurityTool.getPassword(username,password,salt);
@@ -76,7 +76,7 @@ public class UserInfoController { @@ -76,7 +76,7 @@ public class UserInfoController {
76 76
77 @Authorization 77 @Authorization
78 @AntiXSS 78 @AntiXSS
79 - //@Sign 79 + @Sign
80 @RequestMapping(method = RequestMethod.PUT) 80 @RequestMapping(method = RequestMethod.PUT)
81 @ApiOperation(value = "用户密码修改接口") 81 @ApiOperation(value = "用户密码修改接口")
82 @ApiImplicitParams({ 82 @ApiImplicitParams({
@@ -94,9 +94,10 @@ public class UserInfoController { @@ -94,9 +94,10 @@ public class UserInfoController {
94 return new ResponseEntity<>(new ResultModel(ResultStatus.USER_MODPASS_LOGOUT), HttpStatus.OK); 94 return new ResponseEntity<>(new ResultModel(ResultStatus.USER_MODPASS_LOGOUT), HttpStatus.OK);
95 } 95 }
96 96
97 - @RequestMapping(method = RequestMethod.GET) 97 +
98 @Authorization 98 @Authorization
99 - //@Sign 99 + @Sign
  100 + @RequestMapping(method = RequestMethod.GET)
100 @ApiOperation(value = "个人信息查询接口") 101 @ApiOperation(value = "个人信息查询接口")
101 @ApiImplicitParams({ 102 @ApiImplicitParams({
102 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"), 103 @ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
This diff could not be displayed because it is too large.