WxxyDeveloper/JSL_OrganizeInternalOA
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: 更新代码以处理未登录异常,优化角色筛选方式,并准备安全相关内容。

Browse Source
This commit is contained in:
筱锋xiao_lfeng 2024-04-16 16:44:41 +08:00
parent f153eb221e
commit 7b1cead10e
Signed by: XiaoLFeng
GPG Key ID: F693AA12AABBFA87
24 changed files with 439 additions and 466 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/main/java/com/jsl/oa/annotations/CheckUserAbleToUse.java
View File

@ -1,60 +0,0 @@
package com.jsl.oa.annotations;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* <h1>检查用户是否可用</h1>
* <hr/>
* 用于检查用户是否可用
*
* @version v1.1.0
* @since v1.1.0
* @see com.jsl.oa.aspect.AnnotationsAspect
* @author xiao_lfeng
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface CheckUserAbleToUse {
/**
* <h2>是否启用</h2>
* <hr/>
* 用于指定是否启用<br/>
* 请注意禁用后任何用户权限校验不校验用户是否启用
*
* @return {@link Boolean}
*/
boolean isCheckEnable() default true;
/**
* <h2>是否删除</h2>
* <hr/>
* 用于指定是否删除<br/>
* 请注意禁用后任何用户权限校验不校验用户是否删除
*
* @return {@link Boolean}
*/
boolean isCheckDelete() default true;
/**
* <h2>是否锁定</h2>
* <hr/>
* 用于指定是否锁定<br/>
* 请注意禁用后任何用户权限校验不校验用户是否锁定
*
* @return {@link Boolean}
*/
boolean isCheckLock() default true;
/**
* <h2>是否过期</h2>
* <hr/>
* 用于指定是否过期<br/>
* 请注意禁用后任何用户权限校验不校验用户是否过期
*
* @return {@link Boolean}
*/
boolean isCheckExpire() default true;
}

12
src/main/java/com/jsl/oa/annotations/CheckUserHasPermission.java → src/main/java/com/jsl/oa/annotations/NeedRoleGroup.java
View File

@ -14,7 +14,7 @@ import java.lang.annotation.*;
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface CheckUserHasPermission {
public @interface NeedRoleGroup {
/**
* <h2>权限名称</h2>
* <hr/>
@ -23,14 +23,4 @@ public @interface CheckUserHasPermission {
* @return {@link String}
*/
String value() default "";
/**
* <h2>是否检查</h2>
* <hr/>
* 用于指定是否检查<br/>
* 请注意该方法只会禁止检查权限但是不会禁止检查用户是否允许继续执行
* @since v1.1.0
* @return {@link Boolean}
*/
boolean isCheck() default true;
}

19
src/main/java/com/jsl/oa/annotations/UserAbleToUse.java Normal file
View File

@ -0,0 +1,19 @@
package com.jsl.oa.annotations;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* <h1>检查用户是否可用</h1>
* <hr/>
* 用于检查用户是否可用
*
* @version v1.1.0
* @since v1.1.0
* @author xiao_lfeng
*/
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface UserAbleToUse { }

206
src/main/java/com/jsl/oa/aspect/AnnotationsAspect.java
View File

@ -1,206 +0,0 @@
package com.jsl.oa.aspect;
import com.jsl.oa.annotations.CheckUserAbleToUse;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.dao.PermissionDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.mapper.UserMapper;
import com.jsl.oa.model.dodata.RoleDO;
import com.jsl.oa.model.dodata.RoleUserDO;
import com.jsl.oa.model.dodata.UserDO;
import com.jsl.oa.utils.BaseResponse;
import com.jsl.oa.utils.ErrorCode;
import com.jsl.oa.utils.Processing;
import com.jsl.oa.utils.ResultUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.List;
import java.util.Objects;
/**
* <h1>注解切面</h1>
* <hr/>
* 用于注解的切面
*
* @author xiao_lfeng
* @version v1.1.0
* @since v1.1.0
*/
@Slf4j
@Aspect
@Component
@RequiredArgsConstructor
public class AnnotationsAspect {
private final UserMapper userMapper;
private final RoleDAO roleDAO;
private final PermissionDAO permissionDAO;
/**
* <h2>检查用户是否有权限</h2>
* <hr/>
* 检查用户是否有权限
*
* @param pjp ProceedingJoinPoint对象
* @return {@link Object}
* @throws Throwable 异常
*/
@Around("@annotation(com.jsl.oa.annotations.CheckUserHasPermission)")
public Object checkUserHasPermission(@NotNull ProceedingJoinPoint pjp) throws Throwable {
log.info("用户权限检查");
// 获取 HttpServletRequest 对象
HttpServletRequest request =
((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes()))
.getRequest();
// 获取注解方法
CheckUserHasPermission checkUserHasPermission = getCheckUserHasPermission(pjp);
// 获取注解值
String permissionName = null;
boolean permissionCheck = true;
if (checkUserHasPermission != null) {
permissionName = checkUserHasPermission.value();
permissionCheck = checkUserHasPermission.isCheck();
}
// 获取用户信息
Long userId = Processing.getAuthHeaderToUserId(request);
if (userId != null) {
// 检查用户是否允许继续执行
BaseResponse checkUserAbleToNext = checkUserAbleToNext(userId, userMapper);
if (checkUserAbleToNext != null) {
return checkUserAbleToNext;
} else {
if (permissionCheck) {
// 检查用户权限
List<String> getPermission = permissionDAO.getPermission(userId);
// 匹配权限
if (getPermission.contains(permissionName)) {
return pjp.proceed();
} else {
log.info("\t> 用户权限不足,检查是否是管理员");
// 检查用户是管理员
RoleUserDO roleUserDO = roleDAO
.getRoleUserByUid(Processing.getAuthHeaderToUserId(request));
if (roleUserDO == null) {
return ResultUtil.error(ErrorCode.NOT_ADMIN);
}
RoleDO roleDO = roleDAO.getRoleByRoleName("admin");
if (roleUserDO.getRid().equals(roleDO.getId())) {
return pjp.proceed();
} else {
return ResultUtil.error(ErrorCode.NOT_PERMISSION);
}
}
} else {
return pjp.proceed();
}
}
} else {
return ResultUtil.error(ErrorCode.TOKEN_NOT_EXIST);
}
}
@Around("@annotation(com.jsl.oa.annotations.CheckUserAbleToUse)")
public Object checkUserAbleToUse(ProceedingJoinPoint pjp) throws Throwable {
log.info("检查用户是否有权限继续");
// 获取 HttpServletRequest 对象
HttpServletRequest request =
((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes()))
.getRequest();
// 获取注解方法
CheckUserAbleToUse check = getCheckUserAbleToUse(pjp);
// 获取注解值
assert check != null;
// 获取用户信息
Long userId = Processing.getAuthHeaderToUserId(request);
UserDO userDO = userMapper.getUserById(userId);
// 用户不存在
if (userDO == null) {
return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
}
if (check.isCheckEnable()) {
// 用户是否被禁用
if (!userDO.getEnabled()) {
return ResultUtil.error(ErrorCode.USER_DISABLED);
}
}
if (check.isCheckLock()) {
// 用户是否被封禁
if (!userDO.getAccountNoLocked()) {
return ResultUtil.error(ErrorCode.USER_LOCKED);
}
}
if (check.isCheckDelete()) {
// 用户是否被删除
if (userDO.getIsDelete()) {
return ResultUtil.error(ErrorCode.USER_ALREADY_DELETE);
}
}
if (check.isCheckExpire()) {
// 用户是否过期
if (!userDO.getAccountNoExpired()) {
return ResultUtil.error(ErrorCode.USER_EXPIRED);
}
}
return pjp.proceed();
}
private @Nullable CheckUserHasPermission getCheckUserHasPermission(@NotNull ProceedingJoinPoint joinPoint) {
// 获取方法对象
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
Method method = methodSignature.getMethod();
// 获取方法上的注解
return (method != null) ? method.getAnnotation(CheckUserHasPermission.class) : null;
}
private @Nullable CheckUserAbleToUse getCheckUserAbleToUse(@NotNull ProceedingJoinPoint joinPoint) {
// 获取方法对象
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
Method method = methodSignature.getMethod();
// 获取方法上的注解
return (method != null) ? method.getAnnotation(CheckUserAbleToUse.class) : null;
}
private @Nullable BaseResponse checkUserAbleToNext(Long userId, @NotNull UserMapper userMapper) {
log.info("\t> 检查用户是否有权限继续");
// 获取用户信息
UserDO userDO = userMapper.getUserById(userId);
// 用户不存在
if (userDO == null) {
return ResultUtil.error(ErrorCode.USER_NOT_EXIST);
}
// 用户是否被禁用
if (!userDO.getEnabled()) {
return ResultUtil.error(ErrorCode.USER_DISABLED);
}
// 用户是否被封禁
if (!userDO.getAccountNoLocked()) {
return ResultUtil.error(ErrorCode.USER_LOCKED);
}
// 用户是否被删除
if (userDO.getIsDelete()) {
return ResultUtil.error(ErrorCode.USER_ALREADY_DELETE);
}
// 用户是否过期
if (!userDO.getAccountNoExpired()) {
return ResultUtil.error(ErrorCode.USER_EXPIRED);
}
return null;
}
}

131
src/main/java/com/jsl/oa/aspect/AuthControllerAspect.java
View File

@ -1,131 +0,0 @@
package com.jsl.oa.aspect;
import com.jsl.oa.common.constant.BusinessConstants;
import com.jsl.oa.utils.ErrorCode;
import com.jsl.oa.utils.ResultUtil;
import com.jsl.oa.utils.redis.TokenRedisUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.Objects;
/**
* <h1>用户控制器切面</h1>
* <hr/>
* 用于用户控制器的切面
*
* @author xiao_lfeng
* @version v1.1.0
* @since v1.0.0
*/
@Slf4j
@Aspect
@Component
@RequiredArgsConstructor
public class AuthControllerAspect {
private final TokenRedisUtil<String> tokenRedisUtil;
/**
* <h1>用户控制器切面</h1>
* <hr/>
* 用于用户控制器的切面
*
* @param pjp ProceedingJoinPoint对象
* @return {@link Object}
* @throws Throwable 异常
* @since v1.0.0
*/
@Around("execution(* com.jsl.oa.controllers.*.*(..)) && !execution(* com.jsl.oa.controllers.IndexController.*(..))")
public Object controllerAround(ProceedingJoinPoint pjp) throws Throwable {
// 获取HttpServletRequest对象
HttpServletRequest request =
((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes()))
.getRequest();
// 时间戳检查
if (checkTimestamp(request)) {
// TODO: 2023/12/21 0001 后期固定业务日志处理
return pjp.proceed();
} else {
return ResultUtil.error(ErrorCode.TIMESTAMP_ERROR);
}
}
/**
* <h1>Token检查切面</h1>
* <hr/>
* 用于检查Token是否有效
*
* @param pjp ProceedingJoinPoint对象
* @return {@link Object}
* @throws Throwable 异常
*/
@Around("execution(* com.jsl.oa.controllers.*.*(..)) "
+ "&& !execution(* com.jsl.oa.controllers.AuthController.authSendEmailCode(..))"
+ "&& !execution(* com.jsl.oa.controllers.AuthController.authLoginByEmail(..))"
+ "&& !execution(* com.jsl.oa.controllers.AuthController.authForgetPassword(..))"
+ "&& !execution(* com.jsl.oa.controllers.AuthController.authLogin(..))"
+ "&& !execution(* com.jsl.oa.controllers.AuthController.authRegister(..)) "
+ "&& !execution(* com.jsl.oa.controllers.IndexController.*(..)) "
+ "&& !execution(* com.jsl.oa.controllers.CustomController.*(..)) "
+ "&& !execution(* com.jsl.oa.controllers.InfoController.infoGetHeaderImage(..)) "
+ "&& !execution(* com.jsl.oa.controllers.InfoController.infoGetHeaderUser(..))"
+ "&& !execution(* com.jsl.oa.controllers.ProjectController.*(..))"
+ "&& !execution(* com.jsl.oa.controllers.TagController.*(..))")
public Object tokenControllerAround(ProceedingJoinPoint pjp) throws Throwable {
// 获取 HttpServletRequest 对象
HttpServletRequest request =
((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes()))
.getRequest();
// 检查 Token 是否有效
String token = request.getHeader("Authorization");
if (token != null && !token.isEmpty()) {
// 获取 Redis 检查 Token 是否存在
String finalToken = token.replace("Bearer ", "");
for (String it : tokenRedisUtil.getList(BusinessConstants.BUSINESS_LOGIN)) {
if (it.equals(finalToken)) {
return pjp.proceed();
}
}
}
return ResultUtil.error(ErrorCode.TOKEN_NOT_EXIST);
}
/**
* <h1>时间戳检查</h1>
* <hr/>
* 用于检查时间戳是否合法合法时间范围正负5秒
*
* @param request HttpServletRequest对象
* @return {@link Boolean}
* @since v1.0.0
*/
private @NotNull Boolean checkTimestamp(@NotNull HttpServletRequest request) {
// 获取请求头中的时间戳
String getTimestamp = request.getHeader("Timestamp");
log.info("\t> 获取到的时间戳为 {} | 当前时间戳 {}", getTimestamp, System.currentTimeMillis());
// 判断是否为空
if (getTimestamp == null || getTimestamp.isEmpty()) {
return false;
} else {
if (getTimestamp.length() == 10) {
getTimestamp += "000";
}
}
// 获取当前时间戳
long nowTimestamp = System.currentTimeMillis();
// 时间误差允许前后五秒钟
return nowTimestamp - Long.parseLong(getTimestamp) <= 10000
&& nowTimestamp - Long.parseLong(getTimestamp) >= -10000;
}
}

85
src/main/java/com/jsl/oa/aspect/BusinessAop.java Normal file
View File

@ -0,0 +1,85 @@
package com.jsl.oa.aspect;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.reflect.MethodSignature;
import org.jetbrains.annotations.NotNull;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.Arrays;
/**
* 业务切面
* <hr/>
* 对业务进行切入进行对内容操作的预处理
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
@Slf4j
@Aspect
@Component
@RequiredArgsConstructor
public class BusinessAop {
/**
* 在控制器的所有方法执行前执行
*
* @param joinPoint 切入点提供对方法执行的信息
*/
@Before("execution(* com.jsl.oa.controllers.*.*(..))")
public void beforeController(@NotNull JoinPoint joinPoint) {
// 从ServletRequest中获取用户信息
ServletRequestAttributes servletRequestAttributes =
(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (servletRequestAttributes != null) {
HttpServletRequest request = servletRequestAttributes.getRequest();
// 获取方法签名
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
String methodName = methodSignature.getName();
log.info("[CONTROL] 执行 {} 接口 | 地址: [{}]{}", methodName, request.getMethod(), request.getServletPath());
} else {
throw new RuntimeException("无法获取信息");
}
}
/**
* 在服务的所有方法执行前执行
*
* @param joinPoint 切入点提供对方法执行的信息
*/
@Before("execution(* com.jsl.oa.services.impl.*.*(..))")
public void beforeService(@NotNull JoinPoint joinPoint) {
// 获取方法签名
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
String methodName = methodSignature.getName();
log.info("[SERVICE] 执行 {} 业务", methodName);
}
/**
* 在DAO的所有方法执行前执行
*
* @param joinPoint 切入点提供对方法执行的信息
*/
@Before("execution(* com.jsl.oa.dao.*.*(..))")
public void beforeDao(@NotNull JoinPoint joinPoint) {
// 获取方法签名
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
String methodName = methodSignature.getName();
Object[] args = joinPoint.getArgs();
log.info("[DAO] 操作 {} 记录", methodName);
if (args.length != 0) {
log.debug("\t> 传入信息:{}", Arrays.toString(args));
}
}
}

75
src/main/java/com/jsl/oa/aspect/CheckUserAbleToUseAspect.java Normal file
View File

@ -0,0 +1,75 @@
package com.jsl.oa.aspect;
import com.jsl.oa.dao.UserDAO;
import com.jsl.oa.exception.library.NotLoginException;
import com.jsl.oa.exception.library.UserCanntUse;
import com.jsl.oa.model.dodata.UserDO;
import com.jsl.oa.utils.Processing;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
/**
* 检查用户权限切面
* <hr/>
* 检查用户能否正常使用在用户使用之前进行可用性检查
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
@Slf4j
@Aspect
@Component
@RequiredArgsConstructor
public class CheckUserAbleToUseAspect {
private final UserDAO userDAO;
@Around("@annotation(com.jsl.oa.annotations.NeedRoleGroup)")
public Object checkUse(ProceedingJoinPoint pjp) throws Throwable {
// 从ServletRequest中获取用户信息
ServletRequestAttributes servletRequestAttributes =
(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (servletRequestAttributes != null) {
// 获取用户
Long getUserId = Processing.getAuthHeaderToUserId(servletRequestAttributes.getRequest());
if (getUserId == null) {
throw new NotLoginException("用户信息不存在");
}
// 获取用户详细信息
UserDO getUser = userDAO.getUserById(getUserId);
if (getUser != null) {
// 用户是否被禁用
if (!getUser.getEnabled()) {
throw new UserCanntUse("用户未启用");
}
// 用户是否被封禁
if (!getUser.getAccountNoLocked()) {
throw new UserCanntUse("用户被封禁");
}
// 用户是否被删除
if (getUser.getIsDelete()) {
throw new UserCanntUse("用户被删除");
}
// 用户是否过期
if (!getUser.getAccountNoExpired()) {
throw new UserCanntUse("用户已过期");
}
return pjp.proceed();
} else {
throw new NotLoginException("用户信息不存在");
}
} else {
throw new RuntimeException("无法获取信息");
}
}
}

76
src/main/java/com/jsl/oa/aspect/CheckUserPermissionAspect.java Normal file
View File

@ -0,0 +1,76 @@
package com.jsl.oa.aspect;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.exception.library.NotLoginException;
import com.jsl.oa.exception.library.PermissionDeniedException;
import com.jsl.oa.model.dodata.RoleDO;
import com.jsl.oa.utils.Processing;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
/**
* 检查用户权限切面
* <hr/>
* 检查访问的用户是否包含正确的访问权限若用户有正确的访问权限则允许访问若没有指定的权限将会返回错误的权限信息
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
@Slf4j
@Aspect
@Component
@RequiredArgsConstructor
public class CheckUserPermissionAspect {
private final RoleDAO roleDAO;
/**
* 检查权限
* <hr/>
* 检查注解中填写的权限只有当接口符合注解中的权限信息才会实际进入业务否则将会被拦截
*
* @param pjp {@link ProceedingJoinPoint}
* @return {@link Object}
*/
@Around("@annotation(com.jsl.oa.annotations.NeedRoleGroup)")
public Object checkPermission(ProceedingJoinPoint pjp) throws Throwable {
// 从ServletRequest中获取用户信息
ServletRequestAttributes servletRequestAttributes =
(ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (servletRequestAttributes != null) {
// 获取用户
Long getUserId = Processing.getAuthHeaderToUserId(servletRequestAttributes.getRequest());
if (getUserId == null) {
throw new NotLoginException("用户信息不存在");
}
// 获取方法签名
MethodSignature signature = (MethodSignature) pjp.getSignature();
NeedRoleGroup checkAccountPermission = signature.getMethod().getAnnotation(NeedRoleGroup.class);
String getRoleAtAnnotation = checkAccountPermission.value();
// 获取用户所在权限组
RoleDO getUserRole = roleDAO.getRoleNameByUid(getUserId);
if (getUserRole != null) {
if (getUserRole.getRoleName().equals(getRoleAtAnnotation)) {
return pjp.proceed();
} else {
throw new PermissionDeniedException("用户组不匹配", getRoleAtAnnotation);
}
} else {
throw new PermissionDeniedException("用户组不匹配", getRoleAtAnnotation);
}
} else {
throw new RuntimeException("无法获取信息");
}
}
}

65
src/main/java/com/jsl/oa/config/filter/TimestampFilter.java Normal file
View File

@ -0,0 +1,65 @@
package com.jsl.oa.config.filter;
import com.google.gson.Gson;
import com.jsl.oa.utils.ErrorCode;
import com.jsl.oa.utils.ResultUtil;
import lombok.extern.slf4j.Slf4j;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 时间戳过滤器
* <hr/>
* 对前端发送的时间戳进行检查当检查通过后将会进入通过过滤器若检查不通过将会被当前拦截器拦截并返回 {@link ErrorCode} 内的 TIMESTAMP_ERROR
* 信息另外该过滤器仅对 OPTION 请求不进行时间戳检查其他请求都将会检查处理
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
@Slf4j
public class TimestampFilter implements Filter {
private final Gson gson = new Gson();
@Override
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain chain
) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
res.setContentType("application/json;charset=UTF-8");
// 获取当前时间戳
long nowTimestamp = System.currentTimeMillis();
if (!req.getMethod().equals("OPTIONS")) {
String getTimestamp = req.getHeader("Timestamp");
log.info("[FILTER] 获取到的时间戳为 {} | 当前时间戳 {}", getTimestamp, nowTimestamp);
if (getTimestamp == null || getTimestamp.isEmpty()) {
res.setStatus(200);
res.getWriter().write(gson.toJson(ResultUtil.error(ErrorCode.TIMESTAMP_ERROR)));
} else {
// 秒与毫秒转换
if (getTimestamp.length() == 10) {
getTimestamp += "000";
}
// 时间误差允许前后五秒钟
if (nowTimestamp - Long.parseLong(getTimestamp) <= 10000
&& nowTimestamp - Long.parseLong(getTimestamp) >= -10000) {
chain.doFilter(req, res);
} else {
res.setStatus(200);
res.getWriter().write(gson.toJson(ResultUtil.error(ErrorCode.TIMESTAMP_ERROR)));
}
}
} else {
log.info("[FILTER] 预执行请求[OPTION],不进行时间戳检查");
res.setStatus(200);
res.getWriter().write(gson.toJson(ResultUtil.success("Option成功")));
}
}
}

14
src/main/java/com/jsl/oa/config/shiro/ShiroConfiguration.java
View File

@ -2,6 +2,7 @@ package com.jsl.oa.config.shiro;
import com.jsl.oa.config.filter.CorsFilter;
import com.jsl.oa.config.filter.JwtFilter;
import com.jsl.oa.config.filter.TimestampFilter;
import lombok.RequiredArgsConstructor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
@ -46,8 +47,13 @@ public class ShiroConfiguration {
// 添加JWT过滤器
Map<String, Filter> filters = new LinkedHashMap<>();
filters.put("authc", new JwtFilter()); // 配置自定义的JWT过滤器
filters.put("anon", new CorsFilter()); // 配置自定义的CORS过滤器
// 配置自定义的JWT过滤器
filters.put("authc", new JwtFilter());
// 配置自定义的CORS过滤器
filters.put("anon", new CorsFilter());
// 配置自定义的时间戳检查
filters.put("time", new TimestampFilter());
shiroFilterFactoryBean.setFilters(filters);
return shiroFilterFactoryBean;
}
@ -86,7 +92,7 @@ public class ShiroConfiguration {
@NotNull
private static Map<String, String> setFilterChain() {
Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
filterChainDefinitionMap.put("/auth/**/**", "anon");
filterChainDefinitionMap.put("/auth/**/**", "anon, time");
filterChainDefinitionMap.put("/unauthorized", "anon");
filterChainDefinitionMap.put("/", "anon");
filterChainDefinitionMap.put("/info/header-image/get", "anon");
@ -98,7 +104,7 @@ public class ShiroConfiguration {
filterChainDefinitionMap.put("/project/work/add", "anon");
filterChainDefinitionMap.put("/tags/project/list", "anon");
filterChainDefinitionMap.put("/module/add", "anon");
filterChainDefinitionMap.put("/**/**", "authc");
filterChainDefinitionMap.put("/**/**", "authc, time");
return filterChainDefinitionMap;
}

16
src/main/java/com/jsl/oa/exception/library/NotLoginException.java Normal file
View File

@ -0,0 +1,16 @@
package com.jsl.oa.exception.library;
/**
* 自定义异常类
* <hr/>
* 用于表示用户未登录的情况
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
public class NotLoginException extends RuntimeException {
public NotLoginException(String message) {
super(message);
}
}

22
src/main/java/com/jsl/oa/exception/library/PermissionDeniedException.java Normal file
View File

@ -0,0 +1,22 @@
package com.jsl.oa.exception.library;
import lombok.Getter;
/**
* 自定义异常类
* <hr/>
* 用于权限拒绝的情况
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
@Getter
public class PermissionDeniedException extends RuntimeException {
private final String needGroup;
public PermissionDeniedException(String message, String needGroup) {
super(message);
this.needGroup = needGroup;
}
}

16
src/main/java/com/jsl/oa/exception/library/UserCanntUse.java Normal file
View File

@ -0,0 +1,16 @@
package com.jsl.oa.exception.library;
/**
* 自定义异常类
* <hr/>
* 用于反馈用户被禁止使用的情况
*
* @since v1.2.0
* @version v1.2.0
* @author xiao_lfeng
*/
public class UserCanntUse extends RuntimeException {
public UserCanntUse(String message) {
super(message);
}
}

8
src/main/java/com/jsl/oa/services/impl/AuthServiceImpl.java
View File

@ -1,10 +1,9 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserAbleToUse;
import com.jsl.oa.annotations.UserAbleToUse;
import com.jsl.oa.common.constant.BusinessConstants;
import com.jsl.oa.dao.PermissionDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.mapper.RoleMapper;
import com.jsl.oa.mapper.UserMapper;
import com.jsl.oa.model.dodata.RoleDO;
import com.jsl.oa.model.dodata.RoleUserDO;
@ -41,7 +40,6 @@ import java.util.regex.Pattern;
@RequiredArgsConstructor
public class AuthServiceImpl implements AuthService {
private final UserMapper userMapper;
private final RoleMapper roleMapper;
private final RoleDAO roleDAO;
private final PermissionDAO permissionDAO;
@ -178,7 +176,7 @@ public class AuthServiceImpl implements AuthService {
}
@Override
@CheckUserAbleToUse
@UserAbleToUse
public BaseResponse authChangePassword(
@NotNull UserChangePasswordVO userChangePasswordVO,
HttpServletRequest request
@ -212,7 +210,7 @@ public class AuthServiceImpl implements AuthService {
}
@Override
@CheckUserAbleToUse
@UserAbleToUse
public BaseResponse authLogout(HttpServletRequest request) {
log.info("\t> 执行 Service 层 AuthService.authLogout 方法");
// 获取用户

10
src/main/java/com/jsl/oa/services/impl/InfoServiceImpl.java
View File

@ -1,6 +1,6 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.dao.InfoDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
@ -41,7 +41,7 @@ public class InfoServiceImpl implements InfoService {
private final RoleDAO roleDAO;
@Override
@CheckUserHasPermission("info.image.add")
@NeedRoleGroup("info.image.add")
public BaseResponse addHeaderImage(HttpServletRequest request, @NotNull CarouselVO carouselVO) {
log.info("\t> 执行 Service 层 InfoService.addHeaderImage 方法");
// 获取用户
@ -75,7 +75,7 @@ public class InfoServiceImpl implements InfoService {
}
@Override
@CheckUserHasPermission("info.image.edit")
@NeedRoleGroup("info.image.edit")
public BaseResponse editHeaderImage(HttpServletRequest request, @NotNull CarouselVO carouselVO) {
log.info("\t> 执行 Service 层 InfoService.editHeaderImage 方法");
// 获取用户
@ -127,7 +127,7 @@ public class InfoServiceImpl implements InfoService {
}
@Override
@CheckUserHasPermission("info.image.del")
@NeedRoleGroup("info.image.del")
public BaseResponse delHeaderImage(HttpServletRequest request, Integer id) {
log.info("\t> 执行 Service 层 InfoService.delHeaderImage 方法");
// 用户权限校验
@ -150,7 +150,7 @@ public class InfoServiceImpl implements InfoService {
}
@Override
@CheckUserHasPermission("info.image.setting.edit")
@NeedRoleGroup("info.image.setting.edit")
public BaseResponse editSettingHeaderImage(HttpServletRequest request, Boolean showType) {
log.info("\t> 执行 Service 层 InfoService.editSettingHeaderImage 方法");
// 用户权限校验

8
src/main/java/com/jsl/oa/services/impl/MailServiceImpl.java
View File

@ -1,6 +1,6 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserAbleToUse;
import com.jsl.oa.annotations.UserAbleToUse;
import com.jsl.oa.services.MailService;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
@ -39,7 +39,7 @@ public class MailServiceImpl implements MailService {
@Override
@Async
@CheckUserAbleToUse
@UserAbleToUse
public void sendMail(String sendTo, String subject, String text) {
log.info("\t> 执行 Service 层 MailService.sendMail 方法");
//发送多媒体邮件
@ -63,14 +63,14 @@ public class MailServiceImpl implements MailService {
@Override
@Async
@CheckUserAbleToUse
@UserAbleToUse
public void sendMail(String sendTo, String model) {
log.info("\t> 执行 Service 层 MailService.sendMail 方法");
}
@Override
@Async
@CheckUserAbleToUse
@UserAbleToUse
public void sendMailAboutUserLogin(String email, Integer code) {
log.info("\t> 执行 Service 层 MailService.sendMailAboutUserLogin 方法");
// 发送邮件带HTML模块部分

43
src/main/java/com/jsl/oa/services/impl/MessageServiceImpl.java
View File

@ -1,5 +1,6 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserAbleToUse;
import com.jsl.oa.annotations.UserAbleToUse;
import com.jsl.oa.dao.UserDAO;
import com.jsl.oa.mapper.MessageMapper;
import com.jsl.oa.mapper.ProjectMapper;
@ -13,6 +14,7 @@ import com.jsl.oa.utils.*;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import java.time.LocalDateTime;
import java.util.ArrayList;
@ -37,7 +39,7 @@ public class MessageServiceImpl implements MessageService {
private final ProjectMapper projectMapper;
@Override
@CheckUserAbleToUse
@UserAbleToUse
public BaseResponse messageDelete(Long mid, HttpServletRequest request) {
//获取消息数据
MessageDO messageDO = messageMapper.getMessageById(mid);
@ -55,7 +57,7 @@ public class MessageServiceImpl implements MessageService {
@SuppressWarnings("checkstyle:Regexp")
@Override
@CheckUserAbleToUse
@UserAbleToUse
public BaseResponse messageGet(LocalDateTime beginTime,
LocalDateTime endTime,
Integer page,
@ -90,11 +92,11 @@ public class MessageServiceImpl implements MessageService {
/**
* 添加指派消息
*
* @param pId 项目id
* @param pId 项目id
* @param systemId 系统id
* @param moddleId 模块id
* @param uid 用户id
* @param request
* @param uid 用户id
* @param request 请求
*/
@Override
public void messageAdd(
@ -129,12 +131,12 @@ public class MessageServiceImpl implements MessageService {
/**
* 添加审批消息
*
* @param pId 项目id
* @param pId 项目id
* @param systemId 系统id
* @param moddleId 模块id
* @param uid 用户id
* @param isPass 是否通过 1:通过 0:未通过
* @param request
* @param uid 用户id
* @param isPass 是否通过 1:通过 0:未通过
* @param request 请求
*/
@Override
public void messageAdd(
@ -163,10 +165,11 @@ public class MessageServiceImpl implements MessageService {
/**
* 添加项目变动消息
* @param pId 项目id
* @param type 类型 1:上传文档 2:修改状态 3:修改负责人
*
* @param pId 项目id
* @param type 类型 1:上传文档 2:修改状态 3:修改负责人
* @param systemId 系统id
* @param request
* @param request 请求
*/
@Override
public void messageAdd(
@ -201,11 +204,11 @@ public class MessageServiceImpl implements MessageService {
/**
* 添加子系统变动消息
*
* @param pId 项目id
* @param pId 项目id
* @param systmeId 系统id
* @param moddleId 模块id
* @param type 类型 1:删除模块 2:修改简介 3:修改周期
* @param request
* @param type 类型 1:删除模块 2:修改简介 3:修改周期
* @param request 请求
*/
@Override
public void messageAdd(
@ -238,8 +241,8 @@ public class MessageServiceImpl implements MessageService {
messageAddVO.setText("项目经理" + senderName + "修改了" + projectName + "项目的"
+ systemName + "系统的简介说明");
} else if (type == 3) {
messageAddVO.setText("项目经理" + senderName + "修改了" + projectName + "项目的"
+ systemName + "系统的系统周期/工作量");
messageAddVO.setText("项目经理" + senderName + "修改了" + projectName + "项目的"
+ systemName + "系统的系统周期/工作量");
}
messageAddVO.setType("跳转系统页");
messageAddVO.setToId(systmeId);
@ -323,8 +326,8 @@ public class MessageServiceImpl implements MessageService {
String systemName = projectMapper.getWorkById(projectWorkDO.getProjectChildId().intValue()).getName();
String moddleName = projectWorkDO.getName();
messageAddVO.setText("您负责的" + projectName + "项目的" + systemName + "系统的" + moddleName + "模块"
+ "还有三天就要到期了,请及时处理");
messageAddVO.setType("跳转模块页");
+ "还有三天就要到期了,请及时处理");
messageAddVO.setType("跳转模块页");
messageAddVO.setToId(projectWorkDO.getId().intValue());
messageMapper.messageAdd(messageAddVO);
}

4
src/main/java/com/jsl/oa/services/impl/NewsServiceImpl.java
View File

@ -1,7 +1,7 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.dao.NewsDAO;
import com.jsl.oa.model.dodata.NewsDO;
import com.jsl.oa.model.vodata.NewsAddVO;
@ -35,7 +35,7 @@ public class NewsServiceImpl implements NewsService {
private final NewsDAO newsDAO;
@Override
@CheckUserHasPermission("news.add")
@NeedRoleGroup("news.add")
public BaseResponse newsAdd(NewsAddVO newsAddVO, @NotNull HttpServletRequest request) {
log.info("\t> 执行 Service 层 NewsService.newsAdd 方法");
// 拷贝新闻数据到实体类

12
src/main/java/com/jsl/oa/services/impl/PermissionServiceImpl.java
View File

@ -1,6 +1,6 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.dao.PermissionDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
@ -41,7 +41,7 @@ public class PermissionServiceImpl implements PermissionService {
private final UserDAO userDAO;
@Override
@CheckUserHasPermission("permission.add")
@NeedRoleGroup("permission.add")
public BaseResponse permissionAdd(HttpServletRequest request, Long rid, Long pid) {
log.info("\t> 执行 Service 层 PermissionService.permissionAdd 方法");
permissionMapper.permissionAdd(rid, pid);
@ -49,7 +49,7 @@ public class PermissionServiceImpl implements PermissionService {
}
@Override
@CheckUserHasPermission("permission.user")
@NeedRoleGroup("permission.user")
public BaseResponse permissionUser(HttpServletRequest request, Long uid) {
log.info("\t> 执行 Service 层 PermissionService.permissionUserPid 方法");
if (userDAO.isExistUser(uid)) {
@ -70,7 +70,7 @@ public class PermissionServiceImpl implements PermissionService {
@Override
@CheckUserHasPermission("permission.get")
@NeedRoleGroup("permission.get")
public BaseResponse permissionGet(HttpServletRequest request) {
log.info("\t> 执行 Service 层 PermissionService.permissionGet 方法");
//获取所有权限数据
@ -82,7 +82,7 @@ public class PermissionServiceImpl implements PermissionService {
}
@Override
@CheckUserHasPermission("permission.edit")
@NeedRoleGroup("permission.edit")
public BaseResponse permissionEdit(PermissionEditVO permissionEditVo, HttpServletRequest request) {
log.info("\t> 执行 Service 层 PermissionService.permissionEdit 方法");
//根据id获取对应permission数据
@ -100,7 +100,7 @@ public class PermissionServiceImpl implements PermissionService {
}
@Override
@CheckUserHasPermission("permission.delete")
@NeedRoleGroup("permission.delete")
public BaseResponse permissionDelete(HttpServletRequest request, Long pid) {
log.info("\t> 执行 Service 层 PermissionService.permissionDelete 方法");
//删除权限

8
src/main/java/com/jsl/oa/services/impl/ProjectServiceImpl.java
View File

@ -3,7 +3,7 @@ package com.jsl.oa.services.impl;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.dao.ProjectDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
@ -236,7 +236,7 @@ public class ProjectServiceImpl implements ProjectService {
}
@Override
@CheckUserHasPermission("info.project.add")
@NeedRoleGroup("info.project.add")
public BaseResponse addHeader(HttpServletRequest request, ProjectShowVO projectShowVO) {
log.info("\t> 执行 Service 层 InfoService.addHeader 方法");
// 获取用户
@ -263,7 +263,7 @@ public class ProjectServiceImpl implements ProjectService {
}
@Override
@CheckUserHasPermission("info.project.del")
@NeedRoleGroup("info.project.del")
public BaseResponse delHeader(Integer id, HttpServletRequest request) {
log.info("\t> 执行 Service 层 InfoService.delHeader 方法");
// 获取展示信息
@ -282,7 +282,7 @@ public class ProjectServiceImpl implements ProjectService {
}
@Override
@CheckUserHasPermission("info.project.edit")
@NeedRoleGroup("info.project.edit")
public BaseResponse editHeader(HttpServletRequest request, ProjectShowVO projectShowVO, Integer id) {
log.info("\t> 执行 Service 层 InfoService.editHeader 方法");
// 获取用户

4
src/main/java/com/jsl/oa/services/impl/RoleServiceImpl.java
View File

@ -1,6 +1,6 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
import com.jsl.oa.exception.ClassCopyException;
@ -42,7 +42,7 @@ public class RoleServiceImpl implements RoleService {
private final UserDAO userDAO;
@Override
@CheckUserHasPermission("role.add")
@NeedRoleGroup("role.add")
public BaseResponse roleAddUser(HttpServletRequest request, Long uid, Long rid) {
log.info("\t> 执行 Service 层 RoleService.addRoleUser 方法");
if (Processing.checkUserIsAdmin(request, roleDAO)) {

8
src/main/java/com/jsl/oa/services/impl/UserServiceImpl.java
View File

@ -1,7 +1,7 @@
package com.jsl.oa.services.impl;
import com.jsl.oa.annotations.CheckUserAbleToUse;
import com.jsl.oa.annotations.CheckUserHasPermission;
import com.jsl.oa.annotations.NeedRoleGroup;
import com.jsl.oa.annotations.UserAbleToUse;
import com.jsl.oa.dao.PermissionDAO;
import com.jsl.oa.dao.RoleDAO;
import com.jsl.oa.dao.UserDAO;
@ -97,7 +97,7 @@ public class UserServiceImpl implements UserService {
}
@Override
@CheckUserHasPermission("user.current.all")
@NeedRoleGroup("user.current.all")
public BaseResponse userCurrentAll(HttpServletRequest request, @NotNull UserAllCurrentVO userAllCurrentVO) {
log.info("\t> 执行 Service 层 UserService.userCurrentAll 方法");
// 检查数据
@ -133,7 +133,7 @@ public class UserServiceImpl implements UserService {
@SuppressWarnings("checkstyle:NestedIfDepth")
@Override
@CheckUserAbleToUse
@UserAbleToUse
public BaseResponse userCurrent(HttpServletRequest request,
String id,
String username,

2
src/main/java/com/jsl/oa/utils/BaseResponse.java
View File

@ -18,6 +18,6 @@ public class BaseResponse {
this.code = code;
this.message = message;
this.data = data;
log.info("==================================================");
log.info("============================================================");
}
}

1
src/main/java/com/jsl/oa/utils/ResultUtil.java
View File

@ -20,7 +20,6 @@ public class ResultUtil {
public static @NotNull BaseResponse success() {
log.info("成功: Success[200] 操作成功 - 不带数据");
log.info("==================================================");
return new BaseResponse("Success", 200, "操作成功", null);
}