fangyeqing / xkl-interface · Commits

Go to a project

Authored by zhaoyue
Commit c72eee5508d672bfbed467d7fa6fe194fe33e35e 2 parents 71473bfc 03b06cf4

Upsoft pass testing, fix little bug

Inline Side-by-side
Showing 12 changed files with 80 additions and 52 deletions
git add --all src/*
git add push.sh
git add pom.xml
git commit -m "FIX some conflicts"
git commit -m "Upsoft pass testing, fix little bug"
git push origin zhaoyue-dev2
git status
\ No newline at end of file
... ...
... ... @@ -2,6 +2,7 @@ package com.xkl.authorization.resolvers;
import com.xkl.authorization.annotation.CurrentAdmin;
import com.xkl.config.Constants;
import com.xkl.controller.uploadsoft.UpSoftAccountController;
import com.xkl.domain.Admin;
import com.xkl.repository.AdminRepository;
import org.springframework.beans.factory.annotation.Autowired;
... ... @@ -16,6 +17,7 @@ import org.springframework.web.multipart.support.MissingServletRequestPartExcept
/**
* 增加方法注入,将含有CurrentAdmin注解的方法参数注入当前登录用户
*
* @see CurrentAdmin
*/
@Component
... ... @@ -37,10 +39,11 @@ public class CurrentAdminMethodArgumentResolver implements HandlerMethodArgument
@Override
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
//取出鉴权时存入的登录用户Id
Long currentAdminId = (Long) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST);
String currentAdminId = ((String) webRequest.getAttribute(Constants.CURRENT_USER_ID, RequestAttributes.SCOPE_REQUEST)).replace(UpSoftAccountController.UPSOFT_TOKEN_PREFIX, "");
if (currentAdminId != null) {
//从数据库中查询并返回
return adminRepository.findOne(currentAdminId);
Admin admin = adminRepository.findByIdAndStatus(Long.parseLong(currentAdminId), Constants.STATUS_OK);
return admin;
}
throw new MissingServletRequestPartException(Constants.CURRENT_USER_ID);
}
... ...
... ... @@ -66,4 +66,9 @@ public interface Constants {
public static final int LOWER = 1;
public static final int HIGHER = 2;
public static final int STATUS_BAD = 0;
public static final boolean STATUS_BAD2 = false;
public static final int STATUS_OK = 1;
public static final boolean STATUS_OK2= true;
}
... ...
package com.xkl.config;
package com.xkl;
import com.mangofactory.swagger.configuration.SpringSwaggerConfig;
import com.mangofactory.swagger.models.dto.ApiInfo;
... ... @@ -10,6 +10,8 @@ import org.springframework.context.annotation.Configuration;
import java.sql.Timestamp;
//import springfox.documentation.service.ApiInfo;
/**
* swagger-ui的配置
*/
... ...
package com.xkl.controller;
import com.wordnik.swagger.annotations.ApiImplicitParam;
import com.wordnik.swagger.annotations.ApiImplicitParams;
import com.wordnik.swagger.annotations.ApiOperation;
import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.annotation.Sign;
... ... @@ -8,11 +11,6 @@ import com.xkl.authorization.model.TokenModel;
import com.xkl.config.ResultStatus;
import com.xkl.domain.User;
import com.xkl.model.ResultModel;
import com.xkl.repository.UserRepository;
import com.wordnik.swagger.annotations.ApiImplicitParam;
import com.wordnik.swagger.annotations.ApiImplicitParams;
import com.wordnik.swagger.annotations.ApiOperation;
import com.xkl.security.SecurityTool;
import com.xkl.service.ILoginService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
... ... @@ -39,16 +37,15 @@ public class TokenController {
@Sign
@RequestMapping(method = RequestMethod.POST)
@ApiOperation(value = "用户登录接口")
public ResponseEntity<ResultModel> login(HttpServletRequest request,@RequestParam String username, @RequestParam String password,
@RequestParam String sign,@RequestParam long t,@RequestParam int type) {
if(!(boolean)request.getAttribute("signAspect"))
public ResponseEntity<ResultModel> login(HttpServletRequest request, @RequestParam String username, @RequestParam String password,
@RequestParam String sign, @RequestParam long t, @RequestParam int type) {
if (!(boolean) request.getAttribute("signAspect"))
return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
Assert.notNull(username, "username can not be empty");
Assert.notNull(password, "password can not be empty");
User user = loginService.check(username, password);
if (user == null) {//用户,密码错误
return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.OK);
}
... ... @@ -65,9 +62,9 @@ public class TokenController {
@ApiImplicitParams({
@ApiImplicitParam(name = "authorization", value = "请输入登录返回信息:userId_tokens", required = true, dataType = "string", paramType = "header"),
})
public ResponseEntity<ResultModel> logout(HttpServletRequest request,@CurrentUser User user,
@RequestParam String sign,@RequestParam long t,@RequestParam int type) {
if(!(boolean)request.getAttribute("signAspect"))
public ResponseEntity<ResultModel> logout(HttpServletRequest request, @CurrentUser User user,
@RequestParam String sign, @RequestParam long t, @RequestParam int type) {
if (!(boolean) request.getAttribute("signAspect"))
return new ResponseEntity<>(ResultModel.error(ResultStatus.SIGN_ERROR), HttpStatus.OK);
tokenManager.deleteToken(String.valueOf(user.getId()));
... ...
... ... @@ -4,6 +4,7 @@ import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.annotation.Sign;
import com.xkl.authorization.manager.ITokenManager;
import com.xkl.config.Constants;
import com.xkl.config.ResultStatus;
import com.xkl.domain.User;
import com.xkl.domain.XklMemberEntity;
... ... @@ -53,7 +54,7 @@ public class UserInfoController {
Assert.notNull(username, "username can not be empty");
Assert.notNull(password, "password can not be empty");
User user = userRepository.findByLoginAccount(username);
User user = userRepository.findByLoginAccountAndStatus(username, Constants.STATUS_OK2);
if (user != null ) { //用户已注册
return new ResponseEntity<>(ResultModel.error(ResultStatus.USER_IS_EXIT), HttpStatus.OK);
}else{
... ...
package com.xkl.controller.uploadsoft;
import com.wordnik.swagger.annotations.*;
import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiImplicitParam;
import com.wordnik.swagger.annotations.ApiImplicitParams;
import com.wordnik.swagger.annotations.ApiOperation;
import com.xkl.authorization.annotation.Authorization;
import com.xkl.authorization.annotation.CurrentAdmin;
import com.xkl.authorization.annotation.CurrentUser;
import com.xkl.authorization.manager.ITokenManager;
import com.xkl.authorization.model.TokenModel;
import com.xkl.config.Constants;
import com.xkl.config.ResultStatus;
import com.xkl.domain.AMPMachine;
import com.xkl.domain.Admin;
import com.xkl.model.ResultModel;
import com.xkl.repository.AMPMachineRepository;
import com.xkl.repository.AdminRepository;
import org.hibernate.validator.constraints.SafeHtml;
import com.xkl.security.SecurityTool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
... ... @@ -39,29 +40,33 @@ public class UpSoftAccountController {
@Autowired
private ITokenManager tokenManager;
private static final String UPSOFT_TOKEN_PREFIX = "UPSOFT_TOKEN";
public static final String UPSOFT_TOKEN_PREFIX = "UPSOFTTOKEN";
@RequestMapping(method = RequestMethod.POST)
@ApiOperation(value = "报告上传软件登录", notes = "login")
public ResponseEntity<ResultModel> login(@RequestParam String account, @RequestParam String password
, @RequestParam String ampserial, @RequestParam String ampkey) {
public ResponseEntity<ResultModel> login(@RequestParam String account, @RequestParam String password) {
// , @RequestParam String ampserial, @RequestParam String ampkey
Assert.notNull(account, "account can not be empty");
Assert.notNull(password, "password can not be empty");
Assert.notNull(ampserial, "ampserial can not be empty");
Assert.notNull(ampkey, "ampkey can not be empty");
AMPMachine ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());
if (ampMachine == null ||// 未找到密钥所对应的机器
!ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合
ampMachine.getStatus() != 1) {//用户无效
return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND);
// Assert.notNull(ampserial, "ampserial can not be empty");
// Assert.notNull(ampkey, "ampkey can not be empty");
// AMPMachine ampMachine = ampMachineRepository.findBySecretKey(ampkey.trim());
// if (ampMachine == null ||// 未找到密钥所对应的机器
// !ampMachine.getAMPSerial().equals(ampserial) ||//amp序号不符合
// ampMachine.getStatus() != 1) {//用户无效
// return new ResponseEntity<>(ResultModel.error(ResultStatus.AMP_KEY_ERROR), HttpStatus.NOT_FOUND);
// }
Admin admin = adminRepository.findByAccountAndStatus(account, Constants.STATUS_OK);
//未注册
if (admin == null) {
//提示用户名或密码错误
return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
}
Admin admin = adminRepository.findByAccount(account);
if (admin == null || //未注册
!admin.getPwd().equals(password) ||//密码错误
String salt = admin.getSalt();
String pass_in_db = admin.getPwd();
String calcuPass = SecurityTool.getPassword(account, password, salt);
if (!calcuPass.equals(pass_in_db) ||//密码错误
admin.getStatus() != 1) {//用户无效
//提示用户名或密码错误
return new ResponseEntity<>(ResultModel.error(ResultStatus.USERNAME_OR_PASSWORD_ERROR), HttpStatus.NOT_FOUND);
... ... @@ -83,17 +88,20 @@ public class UpSoftAccountController {
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
@RequestMapping(value = "/upsoft/modpwd", method = RequestMethod.PUT)
@RequestMapping(method = RequestMethod.PUT)
@Authorization
@ApiOperation(value = "报告上传软件修改密码")
@ApiImplicitParams({
@ApiImplicitParam(name = "authorization", value = "请以如下格式输入登录返回信息:adminId_tokens", required = true, dataType = "string", paramType = "header"),
})
public ResponseEntity<ResultModel> modpwd(@CurrentAdmin Admin admin, @RequestParam String newpwd) {
admin = adminRepository.findById(admin.getId());
admin.setPwd(newpwd);
Assert.notNull(newpwd, "password can not be empty");
String salt = SecurityTool.genSalt();
String pass2Db = SecurityTool.getPassword(admin.getAccount(), newpwd, salt);
admin.setPwd(pass2Db);
admin.setSalt(salt);
adminRepository.save(admin);
tokenManager.deleteToken(UPSOFT_TOKEN_PREFIX + admin.getId());
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
}
... ...
... ... @@ -33,6 +33,10 @@ public class Admin {
@Column(name = "coid")
private int coid;
//salt
@Column(name = "salt")
private String salt;
//备注
@Column(name = "note")
private String note;
... ... @@ -82,6 +86,14 @@ public class Admin {
this.coid = coid;
}
public String getSalt() {
return salt;
}
public void setSalt(String salt) {
this.salt = salt;
}
public String getNote() {
return note;
}
... ...
... ... @@ -9,7 +9,8 @@ import org.springframework.data.repository.CrudRepository;
*/
public interface AdminRepository extends CrudRepository<Admin, Long> {
public Admin findByAccount(String account);
public Admin findById(long id);
// public Admin findByAccount(String account);
public Admin findByAccountAndStatus(String account,int status);
public Admin findByIdAndStatus(long id,int status);
}
... ...
... ... @@ -10,7 +10,7 @@ import org.springframework.data.repository.CrudRepository;
* @see AMPReport
*/
public interface ReportRepository extends CrudRepository<AMPReport, Long> {
public AMPReport findByMd5(String md5);
public AMPReport findByMd5AndStatus(String md5,int status);
public AMPReport findById(int id);
... ...
... ... @@ -8,6 +8,5 @@ import org.springframework.data.repository.CrudRepository;
* @see com.xkl.domain.User
*/
public interface UserRepository extends CrudRepository<User, Long> {
public User findByLoginAccount(String username);
public User findByLoginAccountAndStatus(String username,boolean status);
}
... ...
... ... @@ -53,14 +53,14 @@ public class ReportService implements IReportService {
public ResponseEntity<ResultModel> save(Admin admin, String json_report) {
// 验证存在性
String reportMd5 = SecurityTool.encode("MD5", json_report);
// 验证是否有对应的会员
// 验证是无对应的会员,rediskey
String reportWithNoUser = reportMd5 + "Member";
// 验证报告格式是否有问题
// 验证报告格式有问题,rediskey
String reportWrongFormat = reportMd5 + "Format";
/*
* 如果已经处理过的报告,不再进行处理。
*/
AMPReport report = reportRepository.findByMd5(reportMd5);
AMPReport report = reportRepository.findByMd5AndStatus(reportMd5, Constants.STATUS_OK);
if (report != null && report.getStatus() > 0) {
// 返回,报告已存在。
return new ResponseEntity<>(ResultModel.ok(new ReportIdModel(report.getId())), HttpStatus.OK);
... ... @@ -86,7 +86,7 @@ public class ReportService implements IReportService {
/*
* 检验会员存在性
*/
User user = userRepository.findByLoginAccount(reportData.getAmpReport().getAccount_str());
User user = userRepository.findByLoginAccountAndStatus(reportData.getAmpReport().getAccount_str(), Constants.STATUS_OK2);
if (user == null) {
redis.boundValueOps(reportWithNoUser).set("");
// 返回,报告对应会员不存在。
... ... @@ -112,9 +112,9 @@ public class ReportService implements IReportService {
public ResponseEntity<ResultModel> delete(Admin admin, long report_id) {
// 1. 得到report,验证报告存在性
AMPReport report = reportRepository.findById((int) report_id);
if (report == null) {
if (report == null || report.getStatus() == 0) {
// 报告不存在,返回
return new ResponseEntity<>(ResultModel.error(ResultStatus.REPORT_INVALID__ERROR), HttpStatus.NOT_FOUND);
return new ResponseEntity<>(ResultModel.ok(), HttpStatus.OK);
}
// 2. 验证admin
... ...