diff --git a/src/main/java/xyz/playedu/api/PlayEduFContext.java b/src/main/java/xyz/playedu/api/PlayEduFContext.java index 2f60958..418fff3 100644 --- a/src/main/java/xyz/playedu/api/PlayEduFContext.java +++ b/src/main/java/xyz/playedu/api/PlayEduFContext.java @@ -1,5 +1,7 @@ package xyz.playedu.api; +import xyz.playedu.api.domain.User; + import java.util.LinkedHashMap; /** @@ -39,4 +41,12 @@ public class PlayEduFContext { public static Integer getUserId() { return (Integer) get(KEY_USER_ID); } + + public static void setUser(User user) { + put(KEY_USER, user); + } + + public static User getUser() { + return (User) get(KEY_USER); + } } diff --git a/src/main/java/xyz/playedu/api/bus/BackendBus.java b/src/main/java/xyz/playedu/api/bus/BackendBus.java index 118c66f..3e28bf9 100644 --- a/src/main/java/xyz/playedu/api/bus/BackendBus.java +++ b/src/main/java/xyz/playedu/api/bus/BackendBus.java @@ -10,6 +10,7 @@ import xyz.playedu.api.service.AdminRoleService; import xyz.playedu.api.service.AdminUserService; import xyz.playedu.api.util.PrivacyUtil; +import java.util.Arrays; import java.util.HashMap; import java.util.List; @@ -26,12 +27,7 @@ public class BackendBus { private AdminUserService adminUserService; public static boolean inUnAuthWhitelist(String uri) { - for (int i = 0; i < BackendConstant.UN_AUTH_URI_WHITELIST.length; i++) { - if (uri.equals(BackendConstant.UN_AUTH_URI_WHITELIST[i])) { - return true; - } - } - return false; + return Arrays.stream(BackendConstant.UN_AUTH_URI_WHITELIST).toList().contains(uri); } public HashMap adminUserPermissions(Integer userId) { diff --git a/src/main/java/xyz/playedu/api/config/WebMvcConfig.java b/src/main/java/xyz/playedu/api/config/WebMvcConfig.java index 7b7ac8d..1acd64f 100644 --- a/src/main/java/xyz/playedu/api/config/WebMvcConfig.java +++ b/src/main/java/xyz/playedu/api/config/WebMvcConfig.java @@ -2,11 +2,13 @@ package xyz.playedu.api.config; import jakarta.annotation.Resource; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.CorsRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import xyz.playedu.api.middleware.AdminMiddleware; +import xyz.playedu.api.middleware.FrontMiddleware; @Configuration @Slf4j @@ -15,9 +17,13 @@ public class WebMvcConfig implements WebMvcConfigurer { @Resource private AdminMiddleware adminMiddleware; + @Autowired + private FrontMiddleware frontMiddleware; + @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(adminMiddleware).addPathPatterns("/backend/**"); + registry.addInterceptor(frontMiddleware).addPathPatterns("/api/v1/**"); } @Override diff --git a/src/main/java/xyz/playedu/api/constant/FrontendConstant.java b/src/main/java/xyz/playedu/api/constant/FrontendConstant.java new file mode 100644 index 0000000..80c296c --- /dev/null +++ b/src/main/java/xyz/playedu/api/constant/FrontendConstant.java @@ -0,0 +1,14 @@ +package xyz.playedu.api.constant; + +/** + * @Author 杭州白书科技有限公司 + * @create 2023/3/13 14:07 + */ +public class FrontendConstant { + + public final static String[] UN_AUTH_URI_WHITELIST = { + "/api/v1/system/config", + "/api/v1/system/image-captcha", + }; + +} diff --git a/src/main/java/xyz/playedu/api/controller/frontend/SystemController.java b/src/main/java/xyz/playedu/api/controller/frontend/SystemController.java new file mode 100644 index 0000000..5b6f306 --- /dev/null +++ b/src/main/java/xyz/playedu/api/controller/frontend/SystemController.java @@ -0,0 +1,47 @@ +package xyz.playedu.api.controller.frontend; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; +import xyz.playedu.api.service.AppConfigService; +import xyz.playedu.api.service.ImageCaptchaService; +import xyz.playedu.api.types.ImageCaptchaResult; +import xyz.playedu.api.types.JsonResponse; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +/** + * @Author 杭州白书科技有限公司 + * @create 2023/3/13 11:26 + */ +@RestController +@RequestMapping("/api/v1/system") +public class SystemController { + + @Autowired + private AppConfigService appConfigService; + + @Autowired + private ImageCaptchaService imageCaptchaService; + + @GetMapping("/config") + public JsonResponse config() { + Map data = appConfigService.keyValues(); + return JsonResponse.data(data); + } + + @GetMapping("/image-captcha") + public JsonResponse imageCaptcha() throws IOException { + ImageCaptchaResult imageCaptchaResult = imageCaptchaService.generate(); + + HashMap data = new HashMap<>(); + data.put("key", imageCaptchaResult.getKey()); + data.put("image", imageCaptchaResult.getImage()); + + return JsonResponse.data(data); + } + +} diff --git a/src/main/java/xyz/playedu/api/controller/frontend/UserController.java b/src/main/java/xyz/playedu/api/controller/frontend/UserController.java index ae3dcc5..068078e 100644 --- a/src/main/java/xyz/playedu/api/controller/frontend/UserController.java +++ b/src/main/java/xyz/playedu/api/controller/frontend/UserController.java @@ -1,8 +1,12 @@ package xyz.playedu.api.controller.frontend; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; +import xyz.playedu.api.PlayEduFContext; +import xyz.playedu.api.exception.ServiceException; import xyz.playedu.api.request.frontend.ChangePasswordRequest; +import xyz.playedu.api.service.UserService; import xyz.playedu.api.types.JsonResponse; /** @@ -13,13 +17,17 @@ import xyz.playedu.api.types.JsonResponse; @RequestMapping("/api/v1/user") public class UserController { + @Autowired + private UserService userService; + @GetMapping("/detail") public JsonResponse detail() { return JsonResponse.data(null); } @PutMapping("/password") - public JsonResponse changePassword(@RequestBody @Validated ChangePasswordRequest req) { + public JsonResponse changePassword(@RequestBody @Validated ChangePasswordRequest req) throws ServiceException { + userService.passwordChange(PlayEduFContext.getUser(), req.getOldPassword(), req.getNewPassword()); return JsonResponse.success(); } diff --git a/src/main/java/xyz/playedu/api/middleware/FrontMiddleware.java b/src/main/java/xyz/playedu/api/middleware/FrontMiddleware.java index 5535ab8..22e7d8c 100644 --- a/src/main/java/xyz/playedu/api/middleware/FrontMiddleware.java +++ b/src/main/java/xyz/playedu/api/middleware/FrontMiddleware.java @@ -3,13 +3,22 @@ package xyz.playedu.api.middleware; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import lombok.extern.slf4j.Slf4j; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import xyz.playedu.api.PlayEduFContext; +import xyz.playedu.api.constant.FrontendConstant; +import xyz.playedu.api.constant.SystemConstant; +import xyz.playedu.api.domain.User; +import xyz.playedu.api.service.JWTService; +import xyz.playedu.api.service.UserService; +import xyz.playedu.api.types.JWTPayload; import xyz.playedu.api.types.JsonResponse; import xyz.playedu.api.util.HelperUtil; +import xyz.playedu.api.util.RequestUtil; import java.io.IOException; +import java.util.Arrays; /** * @Author 杭州白书科技有限公司 @@ -19,12 +28,45 @@ import java.io.IOException; @Slf4j public class FrontMiddleware implements HandlerInterceptor { + @Autowired + private JWTService jwtService; + + @Autowired + private UserService userService; + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if ("OPTIONS".equals(request.getMethod())) { return HandlerInterceptor.super.preHandle(request, response, handler); } - return false; + + if (Arrays.stream(FrontendConstant.UN_AUTH_URI_WHITELIST).toList().contains(request.getRequestURI())) { + return HandlerInterceptor.super.preHandle(request, response, handler); + } + + String token = RequestUtil.token(); + if (token.length() == 0) { + return responseTransform(response, 401, "请登录"); + } + + try { + JWTPayload payload = jwtService.parse(token, SystemConstant.JWT_PRV_ADMIN_USER); + + User user = userService.find(payload.getSub()); + if (user == null) { + return responseTransform(response, 404, "管理员不存在"); + } + if (user.getIsLock() == 1) { + return responseTransform(response, 403, "当前学员已锁定"); + } + + PlayEduFContext.setUserId(user.getId()); + PlayEduFContext.setUser(user); + + return HandlerInterceptor.super.preHandle(request, response, handler); + } catch (Exception e) { + return responseTransform(response, 401, "请重新登录"); + } } private boolean responseTransform(HttpServletResponse response, int code, String msg) throws IOException { diff --git a/src/main/java/xyz/playedu/api/service/UserService.java b/src/main/java/xyz/playedu/api/service/UserService.java index cf92a63..479dc64 100644 --- a/src/main/java/xyz/playedu/api/service/UserService.java +++ b/src/main/java/xyz/playedu/api/service/UserService.java @@ -3,6 +3,7 @@ package xyz.playedu.api.service; import xyz.playedu.api.domain.User; import com.baomidou.mybatisplus.extension.service.IService; import xyz.playedu.api.exception.NotFoundException; +import xyz.playedu.api.exception.ServiceException; import xyz.playedu.api.types.paginate.PaginationResult; import xyz.playedu.api.types.paginate.UserPaginateFilter; @@ -33,4 +34,6 @@ public interface UserService extends IService { User updateWithDepIds(User user, String email, String nickname, String name, String avatar, String password, String idCard, Integer[] depIds); List getDepIdsByUserId(Integer userId); + + void passwordChange(User user, String oldPassword, String newPassword) throws ServiceException; } diff --git a/src/main/java/xyz/playedu/api/service/impl/UserServiceImpl.java b/src/main/java/xyz/playedu/api/service/impl/UserServiceImpl.java index fb99c7f..761d52f 100644 --- a/src/main/java/xyz/playedu/api/service/impl/UserServiceImpl.java +++ b/src/main/java/xyz/playedu/api/service/impl/UserServiceImpl.java @@ -10,6 +10,7 @@ import xyz.playedu.api.constant.SystemConstant; import xyz.playedu.api.domain.User; import xyz.playedu.api.domain.UserDepartment; import xyz.playedu.api.exception.NotFoundException; +import xyz.playedu.api.exception.ServiceException; import xyz.playedu.api.service.internal.UserDepartmentService; import xyz.playedu.api.service.UserService; import xyz.playedu.api.mapper.UserMapper; @@ -203,6 +204,17 @@ public class UserServiceImpl extends ServiceImpl implements Us public User find(String email) { return getOne(query().getWrapper().eq("email", email)); } + + @Override + public void passwordChange(User user, String oldPassword, String newPassword) throws ServiceException { + if (!HelperUtil.MD5(oldPassword + user.getSalt()).equals(user.getPassword())) { + throw new ServiceException("原密码不正确"); + } + updateById(new User() {{ + setId(user.getId()); + setPassword(HelperUtil.MD5(newPassword + user.getSalt())); + }}); + } } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index ea6d00f..7be9b3f 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -48,7 +48,7 @@ minio: secret-key: "password" end-point: "http://127.0.0.1:9000" bucket: "playedu" - domain: "http://127.0.0.1:9000/" + domain: "https://dev-local3.meedu.vip/" mybatis: mapper-locations: classpath:mapper/*.xml