From 945db2f157f4b49963ad49c481498d25bba6db7b Mon Sep 17 00:00:00 2001 From: wangbing Date: Thu, 26 Dec 2019 15:18:43 +0800 Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Former-commit-id: 0a1be0b1cc7cc247d15203d2b33b60e39652e21f --- .../dbtool/javafx/tool/ApiClassReader.java | 8 ++- .../resources/modules/Java_api/ApiClient.java | 2 +- .../java/action/GlobalController.java | 58 ++++++++++++------- .../java/action/ajax/system/UserAjax.java | 2 + .../java/action/api/system/UserApi.java | 2 +- .../module/system/rsp/UserLoginResponse.java | 12 ++-- 6 files changed, 52 insertions(+), 32 deletions(-) diff --git a/src/main/java/xyz/wbsite/dbtool/javafx/tool/ApiClassReader.java b/src/main/java/xyz/wbsite/dbtool/javafx/tool/ApiClassReader.java index 6d440176..d14bbcc6 100644 --- a/src/main/java/xyz/wbsite/dbtool/javafx/tool/ApiClassReader.java +++ b/src/main/java/xyz/wbsite/dbtool/javafx/tool/ApiClassReader.java @@ -2,7 +2,11 @@ package xyz.wbsite.dbtool.javafx.tool; import xyz.wbsite.dbtool.javafx.po.ApiMethod; -import java.io.*; +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStreamReader; import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; @@ -23,7 +27,7 @@ public class ApiClassReader { BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(javaClass), "utf-8")); String line = null; - Pattern compile = Pattern.compile("\\s+public (.*Response)\\s+(.*)\\((.*Request) request\\) \\{"); + Pattern compile = Pattern.compile("\\s+public (.*Response)\\s+(.*)\\((.*Request) request.*\\) \\{"); while ((line = bufferedReader.readLine()) != null) { Matcher matcher = compile.matcher(line); diff --git a/src/main/resources/modules/Java_api/ApiClient.java b/src/main/resources/modules/Java_api/ApiClient.java index 39061731..58d70bdd 100644 --- a/src/main/resources/modules/Java_api/ApiClient.java +++ b/src/main/resources/modules/Java_api/ApiClient.java @@ -185,7 +185,7 @@ public class ApiClient { return MD5Util.encode(appSecret + json + currentTime); } - public void setTokenId(String token) { + public void setToken(String token) { this.token = token; } diff --git a/src/main/resources/modules/SpringBoot/java/action/GlobalController.java b/src/main/resources/modules/SpringBoot/java/action/GlobalController.java index bd988f06..829972e0 100644 --- a/src/main/resources/modules/SpringBoot/java/action/GlobalController.java +++ b/src/main/resources/modules/SpringBoot/java/action/GlobalController.java @@ -1,12 +1,5 @@ package ${basePackage}.action; -import ${basePackage}.config.ActionConfig; -import ${basePackage}.frame.auth.LocalData; -import ${basePackage}.frame.base.*; -import ${basePackage}.frame.utils.AESUtil; -import ${basePackage}.frame.utils.LogUtil; -import ${basePackage}.frame.utils.MD5Util; -import ${basePackage}.frame.utils.MapperUtil; import com.fasterxml.jackson.core.TreeNode; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; @@ -15,13 +8,31 @@ import org.springframework.boot.web.servlet.error.ErrorController; import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.servlet.DispatcherServlet; import org.springframework.web.servlet.LocaleResolver; import org.springframework.web.servlet.View; import org.springframework.web.servlet.mvc.method.annotation.SseEmitter; import org.springframework.web.servlet.view.freemarker.FreeMarkerViewResolver; +import ${basePackage}.config.ActionConfig; +import ${basePackage}.frame.auth.LocalData; +import ${basePackage}.frame.base.BaseRequest; +import ${basePackage}.frame.base.BaseResponse; +import ${basePackage}.frame.base.ErrorType; +import ${basePackage}.frame.base.Screen; +import ${basePackage}.frame.base.Token; +import ${basePackage}.frame.utils.AESUtil; +import ${basePackage}.frame.utils.LogUtil; +import ${basePackage}.frame.utils.MD5Util; +import ${basePackage}.frame.utils.MapperUtil; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -225,8 +236,8 @@ public class GlobalController implements ErrorController { @PathVariable String module, @PathVariable String target, @PathVariable String method, - HttpServletRequest request, - HttpServletResponse response, + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse, @RequestBody(required = false) String data, @RequestParam(name = "file", required = false) MultipartFile file) { try { @@ -256,9 +267,9 @@ public class GlobalController implements ErrorController { for (int i = 0; i < parameters.length; i++) { Parameter parameter = parameters[i]; if (parameter.getType() == HttpServletRequest.class) { - arg[i] = request; + arg[i] = httpServletRequest; } else if (parameter.getType() == HttpServletResponse.class) { - arg[i] = response; + arg[i] = httpServletResponse; } else if (parameter.getType() == TreeNode.class) { arg[i] = MapperUtil.toTree(data); } else if (parameter.getType() == String.class) { @@ -298,8 +309,10 @@ public class GlobalController implements ErrorController { @RequestParam(required = false) String appKey, @RequestParam(required = false) String sign, @RequestParam(required = false) Long timestamp, - @RequestParam(required = false) Long token, - @RequestParam(required = false) String encryptData) { + @RequestParam(required = false) String token, + @RequestParam(required = false) String encryptData, + HttpServletRequest httpServletRequest, + HttpServletResponse httpServletResponse) { BaseResponse response = new BaseResponse(); if (appKey == null) { response.addError(ErrorType.BUSINESS_ERROR, "应用码参数[appKey]不存在!"); @@ -336,13 +349,10 @@ public class GlobalController implements ErrorController { return AESUtil.encrypt2Base64(MapperUtil.toJson(response).getBytes(), appSecret); } - // 权限验证 todo 模拟权限验证 - { - Token tokenPO = new Token(); - tokenPO.setId(token != null ? token : 0L); - tokenPO.setUserId(0L); - tokenPO.setUserName("admin"); - LocalData.setToken(tokenPO); + // 权限验证 + if (!LocalData.getToken().hasResource(httpServletRequest.getServletPath())) { + response.addError(ErrorType.BUSINESS_ERROR, "[" + httpServletRequest.getServletPath() + "]未授权的资源!"); + return AESUtil.encrypt2Base64(MapperUtil.toJson(response).getBytes(), appSecret); } // 开始处理业务 @@ -369,7 +379,11 @@ public class GlobalController implements ErrorController { for (int i = 0; i < parameters.length; i++) { Parameter parameter = parameters[i]; - if (BaseRequest.class.isAssignableFrom(parameter.getType())) { + if (parameter.getType() == HttpServletRequest.class) { + arg[i] = httpServletRequest; + } else if (parameter.getType() == HttpServletResponse.class) { + arg[i] = httpServletResponse; + } else if (BaseRequest.class.isAssignableFrom(parameter.getType())) { arg[i] = MapperUtil.toJava(data, parameter.getType()); } else if (parameter.getType() == TreeNode.class) { arg[i] = MapperUtil.toTree(data); diff --git a/src/main/resources/modules/SpringBoot/java/action/ajax/system/UserAjax.java b/src/main/resources/modules/SpringBoot/java/action/ajax/system/UserAjax.java index 4a6422cf..271a0b7e 100644 --- a/src/main/resources/modules/SpringBoot/java/action/ajax/system/UserAjax.java +++ b/src/main/resources/modules/SpringBoot/java/action/ajax/system/UserAjax.java @@ -115,6 +115,7 @@ public class UserAjax{ Cookie cookie = CookieUtil.newCookie("token", tokensCreateRequest.getToken()); cookie.setPath("/"); httpServletResponse.addCookie(cookie); + response.setToken(tokensCreateRequest.getToken()); } } else {//管理员登录 UserFindRequest userFindRequest = new UserFindRequest(); @@ -167,6 +168,7 @@ public class UserAjax{ Cookie cookie = CookieUtil.newCookie("token", tokensCreateRequest.getToken()); cookie.setPath("/"); httpServletResponse.addCookie(cookie); + response.setToken(tokensCreateRequest.getToken()); } return response; diff --git a/src/main/resources/modules/SpringBoot/java/action/api/system/UserApi.java b/src/main/resources/modules/SpringBoot/java/action/api/system/UserApi.java index c5242286..4542df22 100644 --- a/src/main/resources/modules/SpringBoot/java/action/api/system/UserApi.java +++ b/src/main/resources/modules/SpringBoot/java/action/api/system/UserApi.java @@ -111,7 +111,7 @@ public class UserApi{ response.addErrors(tokensCreateResponse.getErrors()); return response; } - + response.setToken(tokensCreateRequest.getToken()); return response; } } diff --git a/src/main/resources/modules/SpringBoot/java/module/system/rsp/UserLoginResponse.java b/src/main/resources/modules/SpringBoot/java/module/system/rsp/UserLoginResponse.java index 92754191..94ecf4d1 100644 --- a/src/main/resources/modules/SpringBoot/java/module/system/rsp/UserLoginResponse.java +++ b/src/main/resources/modules/SpringBoot/java/module/system/rsp/UserLoginResponse.java @@ -12,15 +12,15 @@ import ${basePackage}.frame.base.BaseResponse; public class UserLoginResponse extends BaseResponse { /** - * ID + * token */ - private Long id; + private String token; - public Long getId() { - return id; + public String getToken() { + return token; } - public void setId(Long id) { - this.id = id; + public void setToken(String token) { + this.token = token; } }