登录和鉴权

themis-backend/src/main/java/com/qmth/themis/backend/api/SysController.java

@@ -13,12 +13,10 @@ import com.qmth.themis.common.enums.ExceptionResultEnum;
 import com.qmth.themis.common.exception.BusinessException;
 import com.qmth.themis.common.util.Result;
 import com.qmth.themis.common.util.ResultUtil;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import io.swagger.annotations.ApiResponse;
-import io.swagger.annotations.ApiResponses;
+import io.swagger.annotations.*;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.annotation.Resource;
@@ -65,4 +63,18 @@ public class SysController {
         map.put(SystemConstant.RECORDS, tbPrivilegeList);
         return ResultUtil.ok(map);
     }
+
+    @ApiOperation(value = "获取环境接口")
+    @RequestMapping(value = "/env", method = RequestMethod.GET)
+    @ApiResponses({@ApiResponse(code = 200, message = "环境信息", response = Result.class)})
+    public Result env(@ApiParam(value = "机构id", required = true) @RequestParam Long orgId) {
+        if (Objects.isNull(orgId) || Objects.equals(orgId, "")) {
+            throw new BusinessException(ExceptionResultEnum.SCHOOL_ID_IS_NULL);
+        }
+//        SchoolDto schoolDto = (SchoolDto) redisTemplate.opsForValue().get(SystemConstant.SCHOOL_CACHE + orgId);
+//        Map map = new HashMap();
+//        map.put(SystemConstant.ENV_FILEHOST, schoolDto.getFileHost());
+//        return ResultUtil.ok(map);
+        return ResultUtil.ok(SystemConstant.SUCCESS);
+    }
 }

themis-backend/src/main/java/com/qmth/themis/backend/api/TBUserController.java

@@ -1,15 +1,16 @@
 package com.qmth.themis.backend.api;
 
+import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.qmth.themis.backend.util.ServletUtil;
 import com.qmth.themis.business.constant.SystemConstant;
 import com.qmth.themis.business.dto.AuthDto;
 import com.qmth.themis.business.entity.TBSession;
 import com.qmth.themis.business.entity.TBUser;
+import com.qmth.themis.business.enums.RoleEnum;
 import com.qmth.themis.business.service.EhcacheService;
 import com.qmth.themis.business.service.TBSessionService;
 import com.qmth.themis.business.service.TBUserService;
-import com.qmth.themis.business.util.EhcacheUtil;
 import com.qmth.themis.business.util.JwtUtil;
 import com.qmth.themis.business.util.RedisUtil;
 import com.qmth.themis.business.util.SessionUtil;
@@ -63,7 +64,6 @@ public class TBUserController {
     @RequestMapping(value = "/login/account", method = RequestMethod.POST)
     @ApiResponses({@ApiResponse(code = 200, message = "用户信息", response = TBUser.class)})
     public Result login(@ApiParam(value = "用户信息", required = true) @RequestBody TBUser tbUser, HttpServletRequest request) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException {
-        log.info("login is come in");
         if (Objects.isNull(tbUser.getLoginName()) || Objects.equals(tbUser.getLoginName(), "")) {
             throw new BusinessException(ExceptionResultEnum.LOGIN_NAME_IS_NULL);
         }
@@ -92,11 +92,10 @@ public class TBUserController {
         }
         Platform platform = Platform.valueOf(ServletUtil.getRequestPlatform(request));
         String deviceId = ServletUtil.getRequestDeviceId(request);
-        //生成token
-        String token = JwtUtil.sign(user.getId(), platform, deviceId);
         //添加用户鉴权缓存
         AuthDto authDto = ehcacheService.addAccountCache(user);
-        EhcacheUtil.get(SystemConstant.AUTH_CACHE, user.getId());
+        //生成token
+        String token = JwtUtil.sign(user.getId(), platform, deviceId, authDto.getRoleEnum());
         //添加用户缓存
         RedisUtil.setUser(user.getId(), platform, user);
         //添加用户会话缓存
@@ -115,4 +114,23 @@ public class TBUserController {
     public Result list() {
         return ResultUtil.ok(SystemConstant.SUCCESS);
     }
+
+    @ApiOperation(value = "登出接口")
+    @RequestMapping(value = "/logout", method = RequestMethod.GET)
+    @ApiResponses({@ApiResponse(code = 200, message = "{\"success\":true}", response = Result.class)})
+    public Result logout(HttpServletRequest request) throws NoSuchAlgorithmException {
+        String token = ServletUtil.getRequestToken(request);
+        if (Objects.isNull(token) || Objects.equals(token, "")) {
+            throw new BusinessException(ExceptionResultEnum.TOKEN_INVALID);
+        }
+        Platform platform = Platform.valueOf(ServletUtil.getRequestPlatform(request));
+        if (Objects.isNull(platform) || Objects.equals(platform, "")) {
+            throw new BusinessException(ExceptionResultEnum.PLATFORM_INVALID);
+        }
+        String userId = JwtUtil.getClaim(token, SystemConstant.JWT_USERID);
+        String role = JwtUtil.getClaim(token, SystemConstant.ROLE);
+        String sessionId = SessionUtil.digest(Long.parseLong(userId), RoleEnum.valueOf(role), platform.getSource());
+        RedisUtil.deleteUserSession(sessionId);
+        return ResultUtil.ok(JSONObject.parseObject(SystemConstant.SUCCESS));
+    }
 }

themis-backend/src/main/java/com/qmth/themis/backend/interceptor/AuthInterceptor.java

@@ -5,6 +5,8 @@ import com.qmth.themis.backend.util.ServletUtil;
 import com.qmth.themis.business.constant.SystemConstant;
 import com.qmth.themis.business.dto.AuthDto;
 import com.qmth.themis.business.entity.TBSession;
+import com.qmth.themis.business.entity.TBUser;
+import com.qmth.themis.business.enums.RoleEnum;
 import com.qmth.themis.business.service.EhcacheService;
 import com.qmth.themis.business.util.EhcacheUtil;
 import com.qmth.themis.business.util.JwtUtil;
@@ -56,15 +58,19 @@ public class AuthInterceptor implements HandlerInterceptor {
         String token = ServletUtil.getRequestToken(request);
         Platform platform = Platform.valueOf(ServletUtil.getRequestPlatform(request));
         String deviceId = ServletUtil.getRequestDeviceId(request);
-        if (Objects.isNull(token)) {
+        if (Objects.isNull(token) || Objects.equals(token, "")) {
             throw new BusinessException(ExceptionResultEnum.TOKEN_INVALID);
         }
-        if (Objects.isNull(deviceId)) {
+        if (Objects.isNull(platform) || Objects.equals(platform, "")) {
+            throw new BusinessException(ExceptionResultEnum.PLATFORM_INVALID);
+        }
+        if (Objects.isNull(deviceId) || Objects.equals(deviceId, "")) {
             throw new BusinessException(ExceptionResultEnum.DEVICE_ID_INVALID);
         }
         String userId = JwtUtil.getClaim(token, SystemConstant.JWT_USERID);
+        String role = JwtUtil.getClaim(token, SystemConstant.ROLE);
         //首先验证token是否匹配
-        if (!JwtUtil.verify(token, Long.parseLong(userId), platform, deviceId)) {
+        if (!JwtUtil.verify(token, Long.parseLong(userId), platform, deviceId, RoleEnum.valueOf(role))) {
             throw new BusinessException(ExceptionResultEnum.TOKEN_NO);
         }
         //系统公用接口不拦截
@@ -75,6 +81,10 @@ public class AuthInterceptor implements HandlerInterceptor {
         if (sysCount > 0) {
             return true;
         }
+        TBUser tbUser = (TBUser) RedisUtil.getUser(Long.parseLong(userId));
+        if (Objects.isNull(tbUser)) {
+            throw new BusinessException(ExceptionResultEnum.LOGIN_NO);
+        }
         AuthDto authDto = (AuthDto) EhcacheUtil.get(SystemConstant.AUTH_CACHE, Long.parseLong(userId));
         if (Objects.isNull(authDto)) {
             authDto = ehcacheService.addAccountCache(userId);

themis-backend/src/main/resources/application.properties

@@ -130,4 +130,4 @@ prefix.url.admin=api/admin
 
 #\u65E0\u9700\u9274\u6743\u7684url
 no.auth.urls=/webjars/**,/druid/**,/swagger-ui.html,/doc.html,/swagger-resources,/v2/api-docs,/webjars/springfox-swagger-ui/**,/api/admin/user/login/account
-common.system.urls=/api/admin/sys/getMenu,/api/admin/user/logout
+common.system.urls=/api/admin/sys/getMenu,/api/admin/user/logout,/api/admin/sys/env

themis-business/src/main/java/com/qmth/themis/business/constant/SystemConstant.java

@@ -19,8 +19,8 @@ public class SystemConstant {
      */
     public static final String TOKEN = "token";
     public static final String PLATFORM = "platform";
-    public static final String SOURCE = "source";
     public static final String DEVICE_ID = "deviceId";
+    public static final String ROLE = "role";
 
     /**
      * 阿里云oss

themis-business/src/main/java/com/qmth/themis/business/domain/PrefixUrlDomain.java

@@ -13,6 +13,8 @@ public class PrefixUrlDomain {
 
     String exam;
 
+    String mq;
+
     public String getAdmin() {
         return admin;
     }
@@ -28,4 +30,12 @@ public class PrefixUrlDomain {
     public void setExam(String exam) {
         this.exam = exam;
     }
+
+    public String getMq() {
+        return mq;
+    }
+
+    public void setMq(String mq) {
+        this.mq = mq;
+    }
 }

themis-business/src/main/java/com/qmth/themis/business/service/EhcacheService.java

@@ -18,4 +18,11 @@ public interface EhcacheService {
      * @return
      */
     AuthDto addAccountCache(Object o);
+
+    /**
+     * 删除用户缓存
+     *
+     * @param userId
+     */
+    void removeAccountCache(Long userId);
 }

themis-business/src/main/java/com/qmth/themis/business/service/impl/EhcacheServiceImpl.java

@@ -98,4 +98,14 @@ public class EhcacheServiceImpl implements EhcacheService {
         }
         return authDto;
     }
+
+    /**
+     * 删除用户缓存
+     *
+     * @param userId
+     */
+    @Override
+    public void removeAccountCache(Long userId) {
+        EhcacheUtil.remove(SystemConstant.AUTH_CACHE, userId);
+    }
 }

themis-business/src/main/java/com/qmth/themis/business/util/JwtUtil.java

@@ -6,6 +6,7 @@ import com.auth0.jwt.algorithms.Algorithm;
 import com.auth0.jwt.exceptions.JWTDecodeException;
 import com.auth0.jwt.interfaces.DecodedJWT;
 import com.qmth.themis.business.constant.SystemConstant;
+import com.qmth.themis.business.enums.RoleEnum;
 import com.qmth.themis.common.enums.ExceptionResultEnum;
 import com.qmth.themis.common.enums.Platform;
 import com.qmth.themis.common.exception.BusinessException;
@@ -55,17 +56,19 @@ public class JwtUtil {
      * @param userId
      * @param platform
      * @param deviceId
+     * @param roleEnum
      * @return
      */
-    public static boolean verify(String token, Long userId, Platform platform, String deviceId) {
+    public static boolean verify(String token, Long userId, Platform platform, String deviceId, RoleEnum roleEnum) {
         try {
             //根据密码生成JWT效验器
-            String secret = getClaim(token, SystemConstant.JWT_USERID) + SystemConstant.JWT_SECRET;
+            String secret = userId + SystemConstant.JWT_SECRET;
             Algorithm algorithm = Algorithm.HMAC256(secret);
             JWTVerifier verifier = JWT.require(algorithm)
                     .withClaim(SystemConstant.JWT_USERID, String.valueOf(userId))
                     .withClaim(SystemConstant.PLATFORM, platform.name())
                     .withClaim(SystemConstant.DEVICE_ID, deviceId)
+                    .withClaim(SystemConstant.ROLE, roleEnum.name())
                     .build();
             //效验TOKEN
             verifier.verify(token);
@@ -123,9 +126,10 @@ public class JwtUtil {
      * @param userId
      * @param platform
      * @param deviceId
+     * @param roleEnum
      * @return
      */
-    public static String sign(Long userId, Platform platform, String deviceId) {
+    public static String sign(Long userId, Platform platform, String deviceId, RoleEnum roleEnum) {
         try {
             String secret = userId + SystemConstant.JWT_SECRET;
             Long start = System.currentTimeMillis();
@@ -136,6 +140,7 @@ public class JwtUtil {
                     .withClaim(SystemConstant.JWT_USERID, String.valueOf(userId))
                     .withClaim(SystemConstant.PLATFORM, platform.name())
                     .withClaim(SystemConstant.DEVICE_ID, deviceId)
+                    .withClaim(SystemConstant.ROLE, roleEnum.name())
                     .withClaim(SystemConstant.JWT_CURRENT_TIME, String.valueOf(start))
                     .withExpiresAt(date)
                     .sign(algorithm);

themis-business/src/main/java/com/qmth/themis/business/util/RedisUtil.java

@@ -40,6 +40,26 @@ public class RedisUtil {
         return redisTemplate.opsForValue().get(SystemConstant.SESSION + sessionId);
     }
 
+    /**
+     * 删除用户缓存
+     *
+     * @param userId
+     */
+    public static void deleteUser(Long userId) {
+        RedisTemplate redisTemplate = SpringContextHolder.getBean(RedisTemplate.class);
+        redisTemplate.delete(SystemConstant.USER + userId);
+    }
+
+    /**
+     * 删除用户会话缓存
+     *
+     * @param sessionId
+     */
+    public static void deleteUserSession(String sessionId) {
+        RedisTemplate redisTemplate = SpringContextHolder.getBean(RedisTemplate.class);
+        redisTemplate.delete(SystemConstant.SESSION + sessionId);
+    }
+
     /**
      * 设置用户信息
      *

themis-common/src/main/java/com/qmth/themis/common/enums/ExceptionResultEnum.java

@@ -84,6 +84,8 @@ public enum ExceptionResultEnum {
 
     DEVICE_ID_INVALID("107", "deviceId无效"),
 
+    PLATFORM_INVALID("107", "平台无效"),
+
     USER_ENABLE("109", "用户已停用"),
 
     NOT_FOUND("404", "请求地址错误"),

themis-common/src/main/java/com/qmth/themis/common/enums/Source.java

@@ -2,7 +2,7 @@ package com.qmth.themis.common.enums;
 
 public enum Source {
 
-    Phone, Client, Pad, PC, Web, Server;
+    Phone, Pad, PC, Web, Server;
 
     public static Source findByName(String name) {
         if (name == null) {