修改管理后台账号和共享session等 屏蔽除出租车外的其他模块

Pu Zhibing

3 天以前 25cf266e99714ac5d428e66b40ce272325c91dd8

 ManagementQYTTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java

@@ -1,46 +1,52 @@
package com.stylefeng.guns.modular.system.controller.system;

import cn.hutool.http.HttpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.google.code.kaptcha.Constants;
import com.stylefeng.guns.core.base.controller.BaseController;
import com.stylefeng.guns.core.beetl.ShiroExtUtil;
import com.stylefeng.guns.core.common.exception.InvalidKaptchaException;
import com.stylefeng.guns.core.log.LogManager;
import com.stylefeng.guns.core.log.factory.LogTaskFactory;
import com.stylefeng.guns.core.node.MenuNode;
import com.stylefeng.guns.core.shiro.ShiroKit;
import com.stylefeng.guns.core.shiro.ShiroUser;
import com.stylefeng.guns.core.shiro.factory.IShiro;
import com.stylefeng.guns.core.util.ApiMenuFilter;
import com.stylefeng.guns.core.util.KaptchaUtil;
import com.stylefeng.guns.core.util.SinataUtil;
import com.stylefeng.guns.core.util.ToolUtil;
import com.stylefeng.guns.modular.cloudPayment.example.CusApplicationExample;
import com.stylefeng.guns.modular.cloudPayment.example.SettleAcctExample;
import com.stylefeng.guns.modular.system.model.TEnterpriseWithdrawal;
import com.stylefeng.guns.modular.system.dao.UserMapper;
import com.stylefeng.guns.modular.system.model.User;
import com.stylefeng.guns.modular.system.service.IMenuService;
import com.stylefeng.guns.modular.system.service.ITEnterpriseWithdrawalService;
import com.stylefeng.guns.modular.system.service.IUserService;
import com.stylefeng.guns.modular.system.util.HttpRequestUtil;
import com.stylefeng.guns.modular.system.util.PushURL;
import com.stylefeng.guns.modular.system.util.RedisUtil;
import com.stylefeng.guns.modular.system.util.ResultUtil;
import com.unionpay.upyzt.resp.CusApplicationSmsCodeResp;
import com.unionpay.upyzt.resp.MchApplicationStoreResp;
import com.unionpay.upyzt.resp.SettleAcctResp;
import com.stylefeng.guns.modular.system.warpper.LoginUser;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.context.request.RequestContextHolder;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;

import static com.stylefeng.guns.core.support.HttpKit.getIp;

@@ -50,222 +56,200 @@
 * @author fengshuonan
 * @Date 2017年1月10日 下午8:25:24
 */
@Slf4j
@Controller
public class LoginController extends BaseController {

    @Autowired
    private IMenuService menuService;

    @Autowired
    private IUserService userService;

    @Autowired
    private RedisUtil redisUtil;

    private Map<String, Long> loginTime = new HashMap<>();

    private Map<String, Integer> loginFailures = new HashMap<>();

    @Resource
    private ITEnterpriseWithdrawalService enterpriseWithdrawalService;

    /**
     * 跳转到主页
     */
    @RequestMapping(value = "/", method = RequestMethod.GET)
    public String index(Model model) {
        //获取菜单列表
        List<Integer> roleList = ShiroKit.getUser().getRoleList();
        if (roleList == null || roleList.size() == 0) {
            ShiroKit.getSubject().logout();
            model.addAttribute("tips", "该用户没有角色，无法登陆");
            return "/login.html";
        }
        List<MenuNode> menus = menuService.getMenusByRoleIds(roleList);
        List<MenuNode> titles = MenuNode.buildTitle(menus);
        titles = ApiMenuFilter.build(titles);


        Integer id = ShiroKit.getUser().getId();
        User user = userService.selectById(id);
        if (SinataUtil.isEmpty(user)){
            ShiroKit.getSubject().logout();
            model.addAttribute("tips", "请重新登录");
            return "/login.html";
        }
        //设置上级ID
        if (SinataUtil.isNotEmpty(user.getObjectId())){
            ShiroKit.getUser().setObjectId(user.getObjectId());
        }
        //设置角色
        ShiroKit.getUser().setRoleType(user.getRoleType());

        model.addAttribute("titles", titles);

        //获取用户头像
        String avatar = user.getAvatar();
        model.addAttribute("avatar", avatar);
        model.addAttribute("userName", user.getName());
        model.addAttribute("type", 0);


        return "/index.html";
    }

    /**
     * 跳转到登录页面
     */
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login() {
        if (ShiroKit.isAuthenticated() || ShiroKit.getUser() != null) {
            return REDIRECT + "/";
        } else {
            return "/login.html";
        }
    }

    /**
     * 点击登录执行的动作
     */
    @RequestMapping(value = "/login", method = RequestMethod.POST)
    public String loginVali(Model model, String sms_code) {

        String username = super.getPara("username").trim();
        String password = super.getPara("password").trim();
        String remember = super.getPara("remember");


        Integer f = loginFailures.get(username);
        f = f == null ? 0 : f;
        Long t = loginTime.get(username);
        t = null == t ? 0 : t;
        if(System.currentTimeMillis() - t > (30 * 60 * 1000)){
            loginFailures.put(username, f = 1);
            loginTime.put(username, System.currentTimeMillis());
        }else{
            f++;
            loginFailures.put(username, f);
        }
	
   @Autowired
   private IMenuService menuService;
	
   @Autowired
   private IUserService userService;
	
   @Autowired
   private RedisTemplate redisTemplate;
	
   @Autowired
   private IShiro shiro;
	
   @Autowired
   private UserMapper userMapper;
	
	
   private Map<String, Long> loginTime = new HashMap<>();
	
   private Map<String, Integer> loginFailures = new HashMap<>();
	
   @Resource
   private ITEnterpriseWithdrawalService enterpriseWithdrawalService;
	
	
   /**
    * 跳转到主页
    */
   @RequestMapping(value = "/", method = RequestMethod.GET)
   public String index(Model model, HttpServletRequest request) throws UnsupportedEncodingException {
      //session中解析用户数据
      //设置共享session
      HttpSession session = (HttpSession) redisTemplate.opsForValue().get(request.getSession().getId());
      if (null != session) {
         session = request.getSession();
         redisTemplate.opsForValue().set(request.getSession().getId(), session, 2, TimeUnit.DAYS);
      }
      String onconParam = edu.yale.its.tp.cas.client.Util.getOnconParam(session);
      onconParam = new String(Base64.decodeBase64(onconParam), "UTF-8");
      LoginUser loginUser = JSON.parseObject(onconParam, LoginUser.class);
      log.info("登录账号: " + JSON.toJSONString(loginUser));
		
      //获取菜单列表
      User user = userMapper.getByAccount(loginUser.getImUser());
      if (null == user) {
         logOut();
      }
      ShiroUser shiroUser = shiro.shiroUser(user);
      List<Integer> roleList = shiroUser.getRoleList();
      if (roleList == null || roleList.size() == 0) {
         roleList.add(0);
      }
		
      List<MenuNode> menus = menuService.getMenusByRoleIds(roleList);
      List<MenuNode> titles = MenuNode.buildTitle(menus);
      titles = ApiMenuFilter.build(titles);
      shiroUser.setMenuIds(titles.stream().map(MenuNode::getUrl).collect(Collectors.toList()));
		
		
      model.addAttribute("titles", titles);
      //获取用户头像
      String avatar = user.getAvatar();
      model.addAttribute("avatar", avatar);
      model.addAttribute("userName", user.getName());
      model.addAttribute("type", 0);
      String sessionId = RequestContextHolder.currentRequestAttributes().getSessionId();
      ShiroExtUtil.map.put(sessionId, shiroUser);
      return "/index.html";
   }
	
   /**
    * 退出登录
    */
   @RequestMapping(value = "/logout", method = RequestMethod.GET)
   public String logOut() {
      HttpUtil.get("https://testsso1.teamshub.com/logout?logouturl=https%3A%2F%2Fsso.teamshub.com%2Flogout%3F%0Alogoutat%3Dhttp%253A%252F%252F127.0.0.1%253A8010%252F");
      return REDIRECT + "/";
   }
	
   /**
    * 跳转到登录页面
    */
   @RequestMapping(value = "/login", method = RequestMethod.GET)
   public String login() {
      if (ShiroKit.isAuthenticated() || ShiroKit.getUser() != null) {
         return REDIRECT + "/";
      } else {
         return "/login.html";
      }
   }
	
   /**
    * 点击登录执行的动作
    */
   @RequestMapping(value = "/login", method = RequestMethod.POST)
   public String loginVali(Model model, String sms_code) {
		
      String username = super.getPara("username").trim();
      String password = super.getPara("password").trim();
      String remember = super.getPara("remember");
		
      Integer f = loginFailures.get(username);
      f = f == null ? 0 : f;
      Long t = loginTime.get(username);
      t = null == t ? 0 : t;
      if (System.currentTimeMillis() - t > (30 * 60 * 1000)) {
         loginFailures.put(username, f = 1);
         loginTime.put(username, System.currentTimeMillis());
      } else {
         f++;
         loginFailures.put(username, f);
      }

//        if(f >= 5 && (System.currentTimeMillis() - t) <= (30 * 60 * 1000)){
//            model.addAttribute("tips", "登录次数过多，请等30分钟再试！");
//            return "/login.html";
//        }

        //验证短信验证码
        if(ToolUtil.isEmpty(sms_code)){
            model.addAttribute("tips", "无效的验证码");
            return "/login.html";
        }
        User user = userService.getByAccount(username);
        if(!"aaaa".equals(sms_code)){
            String value = redisUtil.getValue(user.getPhone());
            if(ToolUtil.isEmpty(value) || !sms_code.equals(value)){
                model.addAttribute("tips", "无效的验证码");
                return "/login.html";
            }
        }


        //验证验证码是否正确
        if (KaptchaUtil.getKaptchaOnOff()) {
            String kaptcha = super.getPara("kaptcha").trim();
            String code = (String) super.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
            if (ToolUtil.isEmpty(kaptcha) || !kaptcha.equalsIgnoreCase(code)) {
                throw new InvalidKaptchaException();
            }
        }

        Subject currentUser = ShiroKit.getSubject();
        UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());

        if ("on".equals(remember)) {
            token.setRememberMe(true);
        } else {
            token.setRememberMe(false);
        }

        currentUser.login(token);

        ShiroUser shiroUser = ShiroKit.getUser();
        super.getSession().setAttribute("shiroUser", shiroUser);
        super.getSession().setAttribute("username", shiroUser.getAccount());

        LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp()));

        ShiroKit.getSession().setAttribute("sessionFlag", true);

        return REDIRECT + "/";
    }

    /**
     * 退出登录
     */
    @RequestMapping(value = "/logout", method = RequestMethod.GET)
    public String logOut() {
        LogManager.me().executeLog(LogTaskFactory.exitLog(ShiroKit.getUser().getId(), getIp()));
        ShiroKit.getSubject().logout();
        deleteAllCookie();
        return REDIRECT + "/login";
    }



    /**
     * 发送短信验证码
     * @param username
     * @return
     */
    @ResponseBody
    @RequestMapping(value = "/base/sendSMSCode", method = RequestMethod.POST)
    public ResultUtil sendSMSCode(String username){
        User user = userService.getByAccount(username);
        if(null == user){
            return ResultUtil.error("无效的账号");
        }
        if(ToolUtil.isEmpty(user.getPhone())){
            return ResultUtil.error("请联系管理员完善电话号码");
        }
        Map<String,String> map = new HashMap<>();
        map.put("phone", user.getPhone());
        map.put("type", String.valueOf(1));
        String result = HttpRequestUtil.postRequest(PushURL.send_sms_code, map);
        JSONObject jsonObject = JSON.parseObject(result);
        if(200 == jsonObject.getInteger("code")){
            return ResultUtil.success();
        }
        return ResultUtil.error(jsonObject.getString("msg"));
    }


    @ResponseBody
    @RequestMapping(value = "/base/sendSMSCodeOne", method = RequestMethod.POST)
    public ResultUtil sendSMSCodeOne(String username){
        if(ToolUtil.isEmpty(username)){
            return ResultUtil.error("请完善电话号码");
        }
        try {
            CusApplicationSmsCodeResp cusApplicationSmsCodeResp1 = CusApplicationExample.smsCode(username);
            System.out.println("!!!!!"+cusApplicationSmsCodeResp1.toString()+"!!!!!");
            System.out.println("!!!!!"+cusApplicationSmsCodeResp1+"!!!!!");
            return ResultUtil.success();
        }catch (Exception e){
            e.printStackTrace();
            return ResultUtil.error(e.getMessage());
        }

    }
    @ResponseBody
    @RequestMapping(value = "/base/verify", method = RequestMethod.POST)
    public ResultUtil verify(int id,Integer money){
        try {
            TEnterpriseWithdrawal tEnterpriseWithdrawal = enterpriseWithdrawalService.selectById(id);
            SettleAcctResp settleAcctResp = SettleAcctExample.validateBySettleAcctId(tEnterpriseWithdrawal.getSettleAcctId(), money * 100);
            return ResultUtil.success(settleAcctResp);
        }catch (Exception e){
            e.printStackTrace();
            return ResultUtil.error("发送失败");
        }

    }
		
      //验证短信验证码
      if (ToolUtil.isEmpty(sms_code)) {
         model.addAttribute("tips", "无效的验证码");
         return "/login.html";
      }
      User user = userService.getByAccount(username);
      if (!"aaaa".equals(sms_code)) {
         String value = redisTemplate.opsForValue().get(user.getPhone()).toString();
         if (ToolUtil.isEmpty(value) || !sms_code.equals(value)) {
            model.addAttribute("tips", "无效的验证码");
            return "/login.html";
         }
      }
		
		
      //验证验证码是否正确
      if (KaptchaUtil.getKaptchaOnOff()) {
         String kaptcha = super.getPara("kaptcha").trim();
         String code = (String) super.getSession().getAttribute(Constants.KAPTCHA_SESSION_KEY);
         if (ToolUtil.isEmpty(kaptcha) || !kaptcha.equalsIgnoreCase(code)) {
            throw new InvalidKaptchaException();
         }
      }
		
      Subject currentUser = ShiroKit.getSubject();
      UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());
		
      if ("on".equals(remember)) {
         token.setRememberMe(true);
      } else {
         token.setRememberMe(false);
      }
		
      currentUser.login(token);
		
      ShiroUser shiroUser = ShiroKit.getUser();
      super.getSession().setAttribute("shiroUser", shiroUser);
      super.getSession().setAttribute("username", shiroUser.getAccount());
		
      LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp()));
		
      ShiroKit.getSession().setAttribute("sessionFlag", true);
		
      return REDIRECT + "/";
   }
	
	
   /**
    * 发送短信验证码
    *
    * @param username
    * @return
    */
   @ResponseBody
   @RequestMapping(value = "/base/sendSMSCode", method = RequestMethod.POST)
   public ResultUtil sendSMSCode(String username) {
      User user = userService.getByAccount(username);
      if (null == user) {
         return ResultUtil.error("无效的账号");
      }
      if (ToolUtil.isEmpty(user.getPhone())) {
         return ResultUtil.error("请联系管理员完善电话号码");
      }
      Map<String, String> map = new HashMap<>();
      map.put("phone", user.getPhone());
      map.put("type", String.valueOf(1));
      String result = HttpRequestUtil.postRequest(PushURL.send_sms_code, map);
      JSONObject jsonObject = JSON.parseObject(result);
      if (200 == jsonObject.getInteger("code")) {
         return ResultUtil.success();
      }
      return ResultUtil.error(jsonObject.getString("msg"));
   }
	
	
}