LoginController.java 22.8 KB

原文件审查历史永久链接

package com.skua.modules.system.controller;

import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import com.skua.core.util.encryption.MD5Util;
import com.skua.modules.system.vo.SsoLogin;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.skua.core.api.ISysBaseAPI;
import com.skua.core.api.vo.LoginUser;
import com.skua.core.api.vo.Result;
import com.skua.core.cache.RedisUtil;
import com.skua.core.constant.CommonConstant;
import com.skua.core.context.BaseContextHandler;
import com.skua.core.service.ISysLogService;
import com.skua.core.util.ConvertUtils;
import com.skua.core.util.DateUtils;
import com.skua.core.util.JwtUtil;
import com.skua.core.util.PasswordUtil;
import com.skua.core.util.chuanglan.HttpSenderMsg;
import com.skua.core.util.encryption.AesEncryptUtil;
import com.skua.core.util.encryption.EncryptedString;
import com.skua.modules.shiro.vo.DefContants;
import com.skua.modules.system.entity.SysBaseConfig;
import com.skua.modules.system.entity.SysDepart;
import com.skua.modules.system.entity.SysRole;
import com.skua.modules.system.entity.SysUser;
import com.skua.modules.system.model.SysLoginModel;
import com.skua.modules.system.service.ISysBaseConfigService;
import com.skua.modules.system.service.ISysDepartService;
import com.skua.modules.system.service.ISysRoleService;
import com.skua.modules.system.service.ISysUserService;
import com.skua.modules.system.service.impl.SysUserDepartServiceImpl;
import com.skua.modules.system.vo.SysAppUserInfo;
import com.skua.modules.system.vo.SysThirdUserInfo;

import cn.hutool.core.util.RandomUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
/**
 *
 */
@RestController
@RequestMapping("/sys")
@Api(tags = "用户登录")
@Slf4j
public class LoginController {
    @Autowired
    private ISysUserService sysUserService;
    @Autowired
    private ISysBaseAPI sysBaseAPI;
    @Autowired
    private ISysLogService logService;
    @Autowired
    private RedisUtil redisUtil;
    @Autowired
    private ISysDepartService sysDepartService;
    @Autowired
    private ISysRoleService sysRoleService;
    @Autowired
    SysUserDepartServiceImpl sysUserDepartService;
    @Autowired
    private ISysBaseConfigService sysBaseConfigService;

    @RequestMapping(value = "/login", method = RequestMethod.POST)
    //@ApiOperation("登录接口")
    public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel) throws Exception {
        Result<JSONObject> result = new Result<JSONObject>();
        String username = sysLoginModel.getUsername();
        String password = sysLoginModel.getPassword();
        //update-begin--Author:scott  Date:20190805 for：暂时注释掉密码加密逻辑，有点问题
        //前端密码加密，后端进行密码解密
        //password = AesEncryptUtil.desEncrypt(sysLoginModel.getPassword().replaceAll("%2B", "\\+")).trim();//密码解密
        //update-begin--Author:scott  Date:20190805 for：暂时注释掉密码加密逻辑，有点问题

        //1. 校验用户是否有效
        SysUser sysUser = sysUserService.getUserByName(username);
        result = sysUserService.checkUserIsEffective(sysUser);
        if (!result.isSuccess()) {
            return result;
        }

        //2. 校验用户名或密码是否正确
        String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
        String syspassword = sysUser.getPassword();
        if (!syspassword.equals(userpassword)) {
            result.error500("用户名或密码错误");
            return result;
        }

        //用户登录信息
        userInfo(sysUser, result);
        sysBaseAPI.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null);

        return result;
    }

    @RequestMapping(value = "/appLogin", method = RequestMethod.POST)
    //@ApiOperation("APP登录接口")
    public Result<SysAppUserInfo> appLogin(@RequestBody SysLoginModel sysLoginModel) throws Exception {
        Result<SysAppUserInfo> result = new Result<SysAppUserInfo>();
        String username = sysLoginModel.getUsername();
        String password = sysLoginModel.getPassword();

        //1. 校验用户是否有效
        SysUser sysUser = sysUserService.getUserByName(username);
        result = sysUserService.checkUserIsEffective(sysUser);

        if (!result.isSuccess()) {
            return result;
        }
        //2. 校验用户名或密码是否正确
        String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
        String syspassword = sysUser.getPassword();
        if (!syspassword.equals(userpassword)) {
            result.error500("用户名或密码错误");
            return result;
        }
        //生成token存储redis
        appUserInfo(sysUser, result);
        //判断集团或者单厂登录
        String userId = result.getResult().getId();
        List<SysDepart> userFactoryList = sysDepartService.getUserFactoryInfo(userId);
        if (userFactoryList!=null && userFactoryList.size()>0) {
            SysDepart sysDepart = userFactoryList.get(0);
            String departType = sysDepart.getDepartType();
            if (userFactoryList.size() > 1) {
            	departType = "1";
            }
            SysAppUserInfo userInfo = result.getResult();
            if (!departType.isEmpty()) {
                if ("-1".equals(departType)) {
                    userInfo.setOrgType("group");
                } else if ("1".equals(departType)||"2".equals(departType)) {
                    userInfo.setOrgType("factory");
                    userInfo.setDepartId(userFactoryList.get(0).getId());
                }
            }
        }
        sysBaseAPI.addLog("用户名: " + username + ",移动端登录成功！", CommonConstant.LOG_TYPE_1, null);
        return result;
    }

    @RequestMapping(value = "/thirdLogin", method = RequestMethod.POST)
    @ApiOperation("三方系统登录接口")
    public Result<SysThirdUserInfo> thirdLogin(@RequestBody SysLoginModel sysLoginModel) throws Exception {
        Result<SysThirdUserInfo> result = new Result<SysThirdUserInfo>();
        String username = sysLoginModel.getUsername();
        String password = sysLoginModel.getPassword();
        //1. 校验用户是否有效
        SysUser sysUser = sysUserService.getUserByName(username);
        result = sysUserService.checkUserIsEffective(sysUser);
        if (!result.isSuccess()) {
            return result;
        }
        //2. 校验用户名或密码是否正确
        String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
        String syspassword = sysUser.getPassword();
        if (!syspassword.equals(userpassword)) {
            result.error500("用户名或密码错误");
            return result;
        }
        //生成token存储redis
        thirdUserInfo(sysUser, result);
        sysBaseAPI.addLog("用户名: " + username + ",三方系统登录成功！", CommonConstant.LOG_TYPE_1, null);
        return result;
    }

    /**
     * 单点登录接口
     * @param ssoLogin
     * @return
     */
    @RequestMapping(value = "/sso/login", method = RequestMethod.POST)
    @ApiOperation("单点登录接口")
    public Result<JSONObject> ssoLogin(@RequestBody SsoLogin ssoLogin){
        Result<JSONObject> result = new Result<JSONObject>();
        String phone = ssoLogin.getPhone();//手机号
        String time = ssoLogin.getTime();//时间戳
        String sign = ssoLogin.getSign();//加密信息
        String key = "szhqydn";//约定标识
        SysUser sysUser = sysUserService.getUserByPhone(ssoLogin.getPhone());
        if(sysUser!=null){
            String origin = key + time + phone;//标识
            String md5 = MD5Util.MD5Encode(origin, null);
            if(sign.equals(md5)){
                //校验用户是否有效
                result = sysUserService.checkUserIsEffective(sysUser);
                if (!result.isSuccess()) {
                    return result;
                }
                //用户登录信息
                userInfo(sysUser, result);
                sysBaseAPI.addLog("手机号: " + phone + ",单点登录成功！", CommonConstant.LOG_TYPE_1, null);
            }
        }else{
            result.error500("手机号不存在本系统");
        }
        return result;
    }

    @RequestMapping(value = "/getSv30Token", method = RequestMethod.POST)
    @ApiOperation("SV30获取token")
    public Result<JSONObject> getSv30Token(){
        Result<JSONObject> result = new Result<>();
        JSONObject resData = new JSONObject();
        try {
            Object sv30OrgCode = BaseContextHandler.get("sv30OrgCodes");
            if(Objects.isNull(sv30OrgCode)){
                result.error500("未找到SV30系统机构");
                return result;
            }
            resData.put("token", AesEncryptUtil.encrypt(DateUtils.format(new Date(),"yyyyMMddHHmmss")+"#"+sv30OrgCode));
        } catch (Exception e) {
            e.printStackTrace();
            result.error500("系统异常");
        }
        result.setResult(resData);
        return result;
    }
    /**
     * 生成token存储redis，并将数据封装到移动端需要的用户信息对象中
     *
     * @param sysUser
     * @param result
     * @return
     */
    private Result<SysAppUserInfo> appUserInfo(SysUser sysUser, Result<SysAppUserInfo> result) {
        SysAppUserInfo sysAppUserInfo = new SysAppUserInfo();
        String syspassword = sysUser.getPassword();
        String username = sysUser.getUsername();
        // 生成token
        String token = JwtUtil.sign(username, syspassword);
        redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
        // 设置超时时间
        redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000);
        sysAppUserInfo.setId(sysUser.getId());
        sysAppUserInfo.setLogingName(username);
        sysAppUserInfo.setToken(token);
        if (!StringUtils.isEmpty(sysUser.getAvatar())) {
            sysAppUserInfo.setIcon(sysUser.getAvatar());
        }
        sysAppUserInfo.setRealName(sysUser.getRealname());
        sysAppUserInfo.setSex(sysUser.getSex());
        sysAppUserInfo.setBirthday(sysUser.getBirthday());
        sysAppUserInfo.setEmail(sysUser.getEmail());
        sysAppUserInfo.setPhone(sysUser.getPhone());
        //用户的厂区
        String departId = BaseContextHandler.getDeparts();
        sysAppUserInfo.setDepartId(departId);
        // 获取用户部门信息
        List<SysDepart> departs = sysDepartService.queryUserDeparts(sysUser.getId());
        if (departs.size() > 0) {
            sysAppUserInfo.setDepart(departs.get(0).getDepartName());
        } else {
            sysAppUserInfo.setDepart("");
        }
        result.setResult(sysAppUserInfo);
        result.success("登录成功");
        return result;
    }

    /**
     * 生成token存储redis，并将数据封装到三方系统需要的用户信息对象中
     *
     * @param sysUser
     * @param result
     * @return
     */
    private Result<SysThirdUserInfo> thirdUserInfo(SysUser sysUser, Result<SysThirdUserInfo> result) {
        SysThirdUserInfo sysThirdUserInfo = new SysThirdUserInfo();
        String syspassword = sysUser.getPassword();
        String username = sysUser.getUsername();
        // 生成token
        String token = JwtUtil.sign(username, syspassword);
        redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
        // 设置超时时间
        redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000);
        sysThirdUserInfo.setId(username);
        sysThirdUserInfo.setToken(token);
        sysThirdUserInfo.setRealName(sysUser.getRealname());
        result.setResult(sysThirdUserInfo);
        result.success("登录成功");
        return result;
    }

    /**
     * 用户信息
     *
     * @param sysUser
     * @param result
     * @return
     */
    private Result<JSONObject> userInfo(SysUser sysUser, Result<JSONObject> result) {
        String syspassword = sysUser.getPassword();
        String username = sysUser.getUsername();
        //判断该用户是否配置像素流地址，如果配置使用自己的，没有配置则默认通用的
        String tempPixelStreamPath = sysUser.getPixelStreamPath();
        if(StringUtils.isEmpty(tempPixelStreamPath)) {
        	//将默认通用地址set到用户对象里
        	QueryWrapper<SysBaseConfig> baseQW = new QueryWrapper<SysBaseConfig>();
        	SysBaseConfig sysBaseConfig = sysBaseConfigService.getOne(baseQW);
        	sysUser.setPixelStreamPath(sysBaseConfig.getPixelStreamPath());
        }
        // 生成token
        String token = JwtUtil.sign(username, syspassword);
        redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
        // 设置超时时间
        redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME / 1000);

        // 获取用户部门信息
        JSONObject obj = new JSONObject();
        List<SysDepart> departs = sysDepartService.queryUserDeparts(sysUser.getId());
        obj.put("departs", departs);
        // 获取用户角色信息
        List<SysRole> roles = sysRoleService.queryUserRoles(sysUser.getId());
        obj.put("roles", roles);
        if (departs == null || departs.size() == 0) {
            obj.put("multi_depart", 0);
        } else if (departs.size() == 1) {
            sysUserService.updateUserDepart(username, departs.get(0).getOrgCode());
            obj.put("multi_depart", 1);
        } else {
            obj.put("multi_depart", 2);
        }
        obj.put("token", token);
        obj.put("userInfo", sysUser);
        result.setResult(obj);
        result.success("登录成功");
        return result;
    }

    /**
     * 退出登录
     *
     * @param request
     * @param response
     * @return
     */
    @RequestMapping(value = "/logout")
    public Result<Object> logout(HttpServletRequest request, HttpServletResponse response) {
        //用户退出逻辑
        String token = request.getHeader(DefContants.X_ACCESS_TOKEN);
        if (ConvertUtils.isEmpty(token)) {
            return Result.error("退出登录失败！");
        }
        String username = JwtUtil.getUsername(token);
        SysUser sysUser = sysUserService.getUserByName(username);
        if (sysUser != null) {
            sysBaseAPI.addLog("用户名: " + sysUser.getRealname() + ",退出成功！", CommonConstant.LOG_TYPE_1, null);
            log.info(" 用户名:  " + sysUser.getRealname() + ",退出成功！ ");
            //清空用户Token缓存
            redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token);
            //清空用户权限缓存：权限Perms和角色集合
            redisUtil.del(CommonConstant.LOGIN_USER_CACHERULES_ROLE + username);
            redisUtil.del(CommonConstant.LOGIN_USER_CACHERULES_PERMISSION + username);
            return Result.ok("退出登录成功！");
        } else {
            return Result.error("无效的token");
        }
    }

    /**
     * 获取访问量
     *
     * @return
     */
    @GetMapping("loginfo")
    public Result<JSONObject> loginfo() {
        Result<JSONObject> result = new Result<JSONObject>();
        JSONObject obj = new JSONObject();
        //update-begin--Author:zhangweijian  Date:20190428 for：传入开始时间，结束时间参数
        // 获取一天的开始和结束时间
        Calendar calendar = new GregorianCalendar();
        calendar.set(Calendar.HOUR_OF_DAY, 0);
        calendar.set(Calendar.MINUTE, 0);
        calendar.set(Calendar.SECOND, 0);
        calendar.set(Calendar.MILLISECOND, 0);
        Date dayStart = calendar.getTime();
        calendar.add(Calendar.DATE, 1);
        Date dayEnd = calendar.getTime();
        // 获取系统访问记录
        Long totalVisitCount = logService.findTotalVisitCount();
        obj.put("totalVisitCount", totalVisitCount);
        Long todayVisitCount = logService.findTodayVisitCount(dayStart, dayEnd);
        obj.put("todayVisitCount", todayVisitCount);
        Long todayIp = logService.findTodayIp(dayStart, dayEnd);
        //update-end--Author:zhangweijian  Date:20190428 for：传入开始时间，结束时间参数
        obj.put("todayIp", todayIp);
        result.setResult(obj);
        result.success("登录成功");
        return result;
    }

    /**
     * 获取访问量
     *
     * @return
     */
    @GetMapping("visitInfo")
    public Result<List<Map<String, Object>>> visitInfo() {
        Result<List<Map<String, Object>>> result = new Result<List<Map<String, Object>>>();
        Calendar calendar = new GregorianCalendar();
        calendar.set(Calendar.HOUR_OF_DAY, 0);
        calendar.set(Calendar.MINUTE, 0);
        calendar.set(Calendar.SECOND, 0);
        calendar.set(Calendar.MILLISECOND, 0);
        calendar.add(Calendar.DAY_OF_MONTH, 1);
        Date dayEnd = calendar.getTime();
        calendar.add(Calendar.DAY_OF_MONTH, -7);
        Date dayStart = calendar.getTime();
        List<Map<String, Object>> list = logService.findVisitCount(dayStart, dayEnd);
        result.setResult(ConvertUtils.toLowerCasePageList(list));
        return result;
    }


    /**
     * 登陆成功选择用户当前部门
     *
     * @param user
     * @return
     */
    @RequestMapping(value = "/selectDepart", method = RequestMethod.PUT)
    public Result<JSONObject> selectDepart(@RequestBody SysUser user) {
        Result<JSONObject> result = new Result<JSONObject>();
        String username = user.getUsername();
        if (ConvertUtils.isEmpty(username)) {
            LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
            username = sysUser.getUsername();
        }
//		String orgCode= user.getOrgCode();
//		this.sysUserService.updateUserDepart(username, orgCode);
        SysUser sysUser = sysUserService.getUserByName(username);
        JSONObject obj = new JSONObject();
        obj.put("userInfo", sysUser);
        result.setResult(obj);
        return result;
    }

    /**
     * 短信登录接口
     *
     * @param jsonObject
     * @return
     */
    @PostMapping(value = "/sms")
    public Result<String> sms(@RequestBody JSONObject jsonObject) {
        Result<String> result = new Result<String>();
        String mobile = jsonObject.get("mobile").toString();
        String smsmode = jsonObject.get("smsmode").toString();
        log.info(mobile);
        Object object = redisUtil.get(mobile);
        if (object != null) {
            result.setMessage("验证码10分钟内，仍然有效！");
            result.setSuccess(false);
            return result;
        }

        //随机数
        String captcha = RandomUtil.randomNumbers(6);
        try {
            boolean b = false;
            //注册模板
            if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) {
                SysUser sysUser = sysUserService.getUserByPhone(mobile);
                if (sysUser != null) {
                    result.error500(" 手机号已经注册，请直接登录！");
                    sysBaseAPI.addLog("手机号已经注册，请直接登录！", CommonConstant.LOG_TYPE_1, null);
                    return result;
                }
                b = HttpSenderMsg.sendMsg("注册验证码为：" + captcha, mobile);
            } else {
                //登录模式，校验用户有效性
                SysUser sysUser = sysUserService.getUserByPhone(mobile);
                result = sysUserService.checkUserIsEffective(sysUser);
                if (!result.isSuccess()) {
                    return result;
                }

                /**
                 * smsmode 短信模板方式  0 .登录模板、1.注册模板、2.忘记密码模板
                 */
                if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) {
                    //登录模板
                    b = HttpSenderMsg.sendMsg("登录验证码为：" + captcha, mobile);
                } else if (CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) {
                    //忘记密码模板
                    b = HttpSenderMsg.sendMsg("验证码为：" + captcha, mobile);
                }
            }

            if (b == false) {
                result.setMessage("短信验证码发送失败,请稍后重试");
                result.setSuccess(false);
                return result;
            }
            //验证码10分钟内有效
            redisUtil.set(mobile, captcha, 600);
            result.setResult(captcha);
            result.setSuccess(true);

        } catch (Exception e) {
            e.printStackTrace();
            result.error500(" 短信接口未配置，请联系管理员！");
            return result;
        }
        return result;
    }


    /**
     * 手机号登录接口
     *
     * @param jsonObject
     * @return
     */
    @PostMapping("/phoneLogin")
    public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
        Result<JSONObject> result = new Result<JSONObject>();
        String phone = jsonObject.getString("mobile");

        //校验用户有效性
        SysUser sysUser = sysUserService.getUserByPhone(phone);
        result = sysUserService.checkUserIsEffective(sysUser);
        if (!result.isSuccess()) {
            return result;
        }

        String smscode = jsonObject.getString("captcha");
        Object code = redisUtil.get(phone);
        if (!smscode.equals(code)) {
            result.setMessage("手机验证码错误");
            return result;
        }
        //用户信息
        userInfo(sysUser, result);
        //添加日志
        sysBaseAPI.addLog("用户名: " + sysUser.getUsername() + ",登录成功！", CommonConstant.LOG_TYPE_1, null);

        return result;
    }

    /**
     * 获取加密字符串
     *
     * @return
     */
    @GetMapping(value = "/getEncryptedString")
    public Result<Map<String, String>> getEncryptedString() {
        Result<Map<String, String>> result = new Result<Map<String, String>>();
        Map<String, String> map = new HashMap<String, String>();
        map.put("key", EncryptedString.key);
        map.put("iv", EncryptedString.iv);
        result.setResult(map);
        return result;
    }

}