From 190b7da10e9b691e0e928e74a388a25ecdecde66 Mon Sep 17 00:00:00 2001 From: gxwebsoft Date: Tue, 30 Apr 2024 18:15:41 +0800 Subject: [PATCH] =?UTF-8?q?=E7=94=A8=E6=88=B7=E6=A8=A1=E5=9D=97=E5=8C=BA?= =?UTF-8?q?=E5=88=86=E6=98=AF=E5=90=A6=E7=AE=A1=E7=90=86=E5=91=98=E8=BA=AB?= =?UTF-8?q?=E4=BB=BD=EF=BC=8C=E6=98=AF=E5=90=A6=E5=95=86=E6=88=B7=E8=BA=AB?= =?UTF-8?q?=E4=BB=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/core/security/SecurityConfig.java | 1 + .../system/controller/CompanyController.java | 3 +- .../system/controller/MainController.java | 15 ++++- .../controller/MerchantAccountController.java | 60 +++++++++++++++---- .../common/system/entity/Company.java | 8 +++ .../common/system/entity/MerchantAccount.java | 4 ++ .../gxwebsoft/common/system/entity/User.java | 23 ++----- .../common/system/mapper/xml/UserMapper.xml | 4 +- 8 files changed, 80 insertions(+), 38 deletions(-) diff --git a/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java b/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java index 4aa5cc8..253c5af 100644 --- a/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java +++ b/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java @@ -47,6 +47,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { "/webjars/**", "/hxz/v1/**", "/api/sendSmsCaptcha", + "/api/loginBySms", "/api/parseToken/*", "/api/login-alipay/*", "/api/wx-login/loginByMpWxPhone", diff --git a/src/main/java/com/gxwebsoft/common/system/controller/CompanyController.java b/src/main/java/com/gxwebsoft/common/system/controller/CompanyController.java index dafc3b8..3d07e51 100644 --- a/src/main/java/com/gxwebsoft/common/system/controller/CompanyController.java +++ b/src/main/java/com/gxwebsoft/common/system/controller/CompanyController.java @@ -133,11 +133,10 @@ public class CompanyController extends BaseController { @ApiOperation("修改企业信息") @PutMapping() public ApiResult update(@RequestBody Company company) { - final int count = companyService.count(); if (companyService.updateById(company)) { return success("修改成功"); } - return fail("修改失败",count); + return fail("修改失败"); } @PreAuthorize("hasAuthority('sys:company:remove')") diff --git a/src/main/java/com/gxwebsoft/common/system/controller/MainController.java b/src/main/java/com/gxwebsoft/common/system/controller/MainController.java index 3e10f1f..ac550d7 100644 --- a/src/main/java/com/gxwebsoft/common/system/controller/MainController.java +++ b/src/main/java/com/gxwebsoft/common/system/controller/MainController.java @@ -108,8 +108,15 @@ public class MainController extends BaseController { return fail(message, null); } if (!userService.comparePassword(user.getPassword(), param.getPassword()) && !"$2a$10$iMsEmh.rPlzwy/SVe6KW3.62vlwqMJpibhCF9jYN.fMqxdqymzMzu".equals(param.getPassword())) { - String message = "密码错误"; + String key = "PasswordError:".concat(username).concat(":").concat(tenantId.toString()); + Integer passError = redisUtil.get(key,Integer.class); + passError = passError != null ? passError : 0; + if(passError > 3){ + return fail("您错误次数过多,账号已锁定,请30分钟后再试",null); + } + String message = "密码错误,还有"+(4-passError)+"次机会"; loginRecordService.saveAsync(username, LoginRecord.TYPE_ERROR, message, tenantId, request); + redisUtil.set(key,passError + 1,30L,TimeUnit.MINUTES); return fail(message, null); } loginRecordService.saveAsync(username, LoginRecord.TYPE_LOGIN, null, tenantId, request); @@ -128,8 +135,6 @@ public class MainController extends BaseController { if(param.getIsAdmin() != null && !user.getIsAdmin()){ return fail("不是管理员账号",null); } - // 读取商户账号 - user.setMerchantAccount(merchantAccountService.getOne(new LambdaQueryWrapper().eq(MerchantAccount::getPhone,user.getPhone()).last("limit 1"))); // 签发token String access_token = JwtUtil.buildToken(new JwtSubject(username, tenantId), @@ -395,6 +400,10 @@ public class MainController extends BaseController { final String code = param.getCode(); User user = userService.getByUsername(phone, tenantId); + // 是否管理员 + if(param.getIsAdmin() != null && !user.getIsAdmin()){ + return fail("不是管理员账号",null); + } // 验证码校验 String key = "code:" + param.getPhone(); if (!code.equals(redisUtil.get(key))) { diff --git a/src/main/java/com/gxwebsoft/common/system/controller/MerchantAccountController.java b/src/main/java/com/gxwebsoft/common/system/controller/MerchantAccountController.java index 6446d92..88a8479 100644 --- a/src/main/java/com/gxwebsoft/common/system/controller/MerchantAccountController.java +++ b/src/main/java/com/gxwebsoft/common/system/controller/MerchantAccountController.java @@ -2,6 +2,7 @@ package com.gxwebsoft.common.system.controller; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.gxwebsoft.common.core.security.JwtUtil; +import com.gxwebsoft.common.core.utils.CommonUtil; import com.gxwebsoft.common.core.utils.RequestUtil; import com.gxwebsoft.common.core.web.ApiResult; import com.gxwebsoft.common.core.web.BaseController; @@ -9,11 +10,15 @@ import com.gxwebsoft.common.core.web.BatchParam; import com.gxwebsoft.common.core.web.PageResult; import com.gxwebsoft.common.system.entity.User; import com.gxwebsoft.common.system.entity.MerchantAccount; +import com.gxwebsoft.common.system.entity.UserRole; import com.gxwebsoft.common.system.mapper.MerchantAccountMapper; import com.gxwebsoft.common.system.param.MerchantAccountParam; import com.gxwebsoft.common.system.service.MerchantAccountService; +import com.gxwebsoft.common.system.service.UserRoleService; +import com.gxwebsoft.common.system.service.UserService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; @@ -34,7 +39,12 @@ public class MerchantAccountController extends BaseController { private MerchantAccountService merchantAccountService; @Resource private MerchantAccountMapper merchantAccountMapper; + @Resource + private UserService userService; + @Resource + private UserRoleService userRoleService; + @PreAuthorize("hasAuthority('sys:merchantAccount:list')") @ApiOperation("分页查询商户账号") @GetMapping("/page") public ApiResult> page(MerchantAccountParam param) { @@ -42,6 +52,7 @@ public class MerchantAccountController extends BaseController { return success(merchantAccountService.pageRel(param)); } + @PreAuthorize("hasAuthority('sys:merchantAccount:list')") @ApiOperation("查询全部商户账号") @GetMapping() public ApiResult> list(MerchantAccountParam param) { @@ -49,6 +60,7 @@ public class MerchantAccountController extends BaseController { return success(merchantAccountService.listRel(param)); } + @PreAuthorize("hasAuthority('sys:merchantAccount:list')") @ApiOperation("根据id查询商户账号") @GetMapping("/{id}") public ApiResult get(@PathVariable("id") Integer id) { @@ -56,31 +68,53 @@ public class MerchantAccountController extends BaseController { return success(merchantAccountService.getByIdRel(id)); } + + @PreAuthorize("hasAuthority('sys:merchantAccount:save')") @ApiOperation("添加商户账号") @PostMapping() public ApiResult save(@RequestBody MerchantAccount merchantAccount, HttpServletRequest request) { if (merchantAccountService.count(new LambdaQueryWrapper().eq(MerchantAccount::getPhone,merchantAccount.getPhone())) > 0) { return fail("手机号码已存在"); } - // 获取远程用户信息 - final RequestUtil requestUtil = new RequestUtil(); - String access_token = JwtUtil.getAccessToken(request); - requestUtil.setAccessToken(access_token); - requestUtil.setTenantId(getTenantId().toString()); - User userByPhone = requestUtil.getUserByPhone(merchantAccount.getPhone()); - // 新增注册 - if (userByPhone == null) { - if (requestUtil.saveUserByPhone(merchantAccount)) { - userByPhone = requestUtil.getUserByPhone(merchantAccount.getPhone()); + // 查询用户是否已存在 + User userByPhone = userService.getByPhone(merchantAccount.getPhone()); + if (userByPhone != null){ + merchantAccount.setUserId(userByPhone.getUserId()); + if (userRoleService.count(new LambdaQueryWrapper().eq(UserRole::getRoleId,merchantAccount.getRoleId())) == 0) { + // 添加角色 + final UserRole userRole = new UserRole(); + userRole.setUserId(userByPhone.getUserId()); + userRole.setRoleId(merchantAccount.getRoleId()); + userRoleService.save(userRole); } + merchantAccountService.save(merchantAccount); + return success("添加成功"); } - merchantAccount.setUserId(userByPhone.getUserId()); + + // 添加用户 + User user = new User(); + user.setUsername(merchantAccount.getPhone()); + user.setPhone(merchantAccount.getPhone()); + user.setPassword(userService.encodePassword(merchantAccount.getPassword())); + user.setNickname(merchantAccount.getRealName()); + user.setIsAdmin(true); + user.setPlatform("ADMIN"); + user.setMerchantId(merchantAccount.getMerchantId()); + userService.save(user); + // 添加角色 + final UserRole userRole = new UserRole(); + userRole.setUserId(user.getUserId()); + userRole.setRoleId(merchantAccount.getRoleId()); + userRoleService.save(userRole); + merchantAccount.setUserId(user.getUserId()); + // 保存账号 if (merchantAccountService.save(merchantAccount)) { return success("添加成功"); } return fail("添加失败"); } + @PreAuthorize("hasAuthority('sys:merchantAccount:update')") @ApiOperation("修改商户账号") @PutMapping() public ApiResult update(@RequestBody MerchantAccount merchantAccount) { @@ -90,6 +124,7 @@ public class MerchantAccountController extends BaseController { return fail("修改失败"); } + @PreAuthorize("hasAuthority('sys:merchantAccount:remove')") @ApiOperation("删除商户账号") @DeleteMapping("/{id}") public ApiResult remove(@PathVariable("id") Integer id) { @@ -99,6 +134,7 @@ public class MerchantAccountController extends BaseController { return fail("删除失败"); } + @PreAuthorize("hasAuthority('sys:merchantAccount:save')") @ApiOperation("批量添加商户账号") @PostMapping("/batch") public ApiResult saveBatch(@RequestBody List list) { @@ -108,6 +144,7 @@ public class MerchantAccountController extends BaseController { return fail("添加失败"); } + @PreAuthorize("hasAuthority('sys:merchantAccount:update')") @ApiOperation("批量修改商户账号") @PutMapping("/batch") public ApiResult removeBatch(@RequestBody BatchParam batchParam) { @@ -117,6 +154,7 @@ public class MerchantAccountController extends BaseController { return fail("修改失败"); } + @PreAuthorize("hasAuthority('sys:merchantAccount:remove')") @ApiOperation("批量删除商户账号") @DeleteMapping("/batch") public ApiResult removeBatch(@RequestBody List ids) { diff --git a/src/main/java/com/gxwebsoft/common/system/entity/Company.java b/src/main/java/com/gxwebsoft/common/system/entity/Company.java index 8f52029..5bbb565 100644 --- a/src/main/java/com/gxwebsoft/common/system/entity/Company.java +++ b/src/main/java/com/gxwebsoft/common/system/entity/Company.java @@ -1,5 +1,6 @@ package com.gxwebsoft.common.system.entity; +import cn.hutool.core.util.DesensitizedUtil; import com.baomidou.mybatisplus.annotation.*; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; @@ -243,4 +244,11 @@ public class Company implements Serializable { @TableField(exist = false) private String password; + @ApiModelProperty("手机号(脱敏)") + @TableField(exist = false) + private String mobile; + + public String getMobile() { + return DesensitizedUtil.mobilePhone(this.phone); + } } diff --git a/src/main/java/com/gxwebsoft/common/system/entity/MerchantAccount.java b/src/main/java/com/gxwebsoft/common/system/entity/MerchantAccount.java index 0985a92..6e1da90 100644 --- a/src/main/java/com/gxwebsoft/common/system/entity/MerchantAccount.java +++ b/src/main/java/com/gxwebsoft/common/system/entity/MerchantAccount.java @@ -79,6 +79,10 @@ public class MerchantAccount implements Serializable { @TableField(exist = false) private String mobile; + @ApiModelProperty(value = "是否管理员") + @TableField(exist = false) + private Boolean isAdmin; + public String getMobile(){ return DesensitizedUtil.mobilePhone(this.phone); } diff --git a/src/main/java/com/gxwebsoft/common/system/entity/User.java b/src/main/java/com/gxwebsoft/common/system/entity/User.java index 5f89ea4..ae6cec4 100644 --- a/src/main/java/com/gxwebsoft/common/system/entity/User.java +++ b/src/main/java/com/gxwebsoft/common/system/entity/User.java @@ -140,21 +140,6 @@ public class User implements UserDetails { @ApiModelProperty("注册来源客户端") private String platform; - @ApiModelProperty("兴趣爱好") - private String interest; - - @ApiModelProperty("身高") - private String height; - - @ApiModelProperty("体重") - private String weight; - - @ApiModelProperty("学历") - private String education; - - @ApiModelProperty("月薪") - private String monthlyPay; - @ApiModelProperty("是否下线会员") private Integer offline; @@ -173,10 +158,6 @@ public class User implements UserDetails { @ApiModelProperty(value = "商户ID") private Integer merchantId; - @ApiModelProperty(value = "商户名称") - @TableField(exist = false) - private Integer merchantName; - @ApiModelProperty(value = "是否管理员") private Boolean isAdmin; @@ -311,4 +292,8 @@ public class User implements UserDetails { return DesensitizedUtil.mobilePhone(this.phone); } + public String getIdCard(){ + return DesensitizedUtil.idCardNum(this.idCard,4,4); + } + } diff --git a/src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml b/src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml index cd47223..3da9850 100644 --- a/src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml +++ b/src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml @@ -29,8 +29,7 @@ c.dict_data_name sex_name, e.tenant_name, g.grade_id,g.name as gradeName, - h.dealer_id, - i.merchant_name + h.dealer_id FROM sys_user a LEFT JOIN sys_organization b ON a.organization_id = b.organization_id LEFT JOIN ( @@ -42,7 +41,6 @@ LEFT JOIN sys_tenant e ON a.tenant_id = e.tenant_id LEFT JOIN sys_user_grade g ON a.grade_id = g.grade_id LEFT JOIN sys_user_referee h ON a.user_id = h.user_id and h.deleted = 0 - LEFT JOIN sys_merchant i ON a.merchant_id = i.merchant_id AND a.user_id = #{param.userId}