ruoyi-applet/src/main/java/com/ruoyi/web/controller/api/WxLoginController.java
@@ -128,6 +128,8 @@ tenant.setAccount(appletUserDecodeData.getPhoneNumber()); tenant.setPassword(SecurityUtils.encryptPassword(appletUserDecodeData.getPhoneNumber().substring(5))); tenant.setOpenId(appletUserDecodeData.getOpenId()); // 手机号中间四位替换为* tenant.setResidentName(appletUserDecodeData.getPhoneNumber().replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2")); tTenantService.save(tenant); } LoginUserApplet loginUserApplet = new LoginUserApplet(); ruoyi-applet/src/main/java/com/ruoyi/web/controller/interceptor/MybatisInterceptor.java
@@ -56,7 +56,7 @@ //注入创建时间 if ("createTime".equals(field.getName())) { field.setAccessible(true); field.set(parameter, new Date()); // field.set(parameter, new Date()); field.setAccessible(false); } } catch (Exception e) { @@ -79,7 +79,7 @@ } if ("updateTime".equals(field.getName())) { field.setAccessible(true); field.set(parameter, new Date()); // field.set(parameter, new Date()); field.setAccessible(false); } } catch (Exception e) { ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java
@@ -118,6 +118,7 @@ "/applet/changepwd", "/captchaImage","/getCode","/loginCode", "/operations/getBySingleNum/**", "/user/getUserInfoByNumber/**", "/wxLogin/**", "/open/**" ).permitAll() // 静态资源,可匿名访问 ruoyi-framework/src/main/java/com/ruoyi/framework/security/filter/JwtAuthenticationTokenFilter.java
@@ -5,6 +5,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.ruoyi.common.core.domain.model.LoginUserApplet; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; @@ -32,13 +34,23 @@ throws ServletException, IOException { LoginUser loginUser = tokenService.getLoginUser(request); if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())) LoginUserApplet applet = tokenService.getLoginUserApplet(request); if (StringUtils.isNotNull(loginUser) && StringUtils.isNull(SecurityUtils.getAuthentication())|| StringUtils.isNotNull(applet)) { if (StringUtils.isNotNull(loginUser)){ tokenService.verifyToken(loginUser); UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities()); authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authenticationToken); } if (StringUtils.isNotNull(applet)){ tokenService.verifyTokenApplet(applet); UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(applet, null, applet.getAuthorities()); authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request)); SecurityContextHolder.getContext().setAuthentication(authenticationToken); } } chain.doFilter(request, response); } } ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
@@ -108,7 +108,7 @@ * * @return 用户信息 */ public LoginUser getLoginUserApplet(HttpServletRequest request) public LoginUserApplet getLoginUserApplet(HttpServletRequest request) { // 获取请求携带的令牌 String token = getToken(request); @@ -120,7 +120,7 @@ // 解析对应的权限以及用户信息 String uuid = (String) claims.get(Constants.LOGIN_USER_APPLET_KEY); String userKey = getTokenKey(uuid); LoginUser user = redisCache.getCacheObject(userKey); LoginUserApplet user = redisCache.getCacheObject(userKey); return user; } catch (Exception e) @@ -204,6 +204,21 @@ refreshToken(loginUser); } } /** * 小程序验证令牌有效期,相差不足20分钟,自动刷新缓存 * * @param loginUser * @return 令牌 */ public void verifyTokenApplet(LoginUserApplet loginUser) { long expireTime = loginUser.getExpireTime(); long currentTime = System.currentTimeMillis(); if (expireTime - currentTime <= MILLIS_MINUTE_TEN) { refreshTokenApplet(loginUser); } } /** * 刷新令牌有效期
