From ac6921a2782cad5cde34f25d2fd9b8b7d2674f1b Mon Sep 17 00:00:00 2001 From: lixiaodong <188029906@qq.com> Date: Thu, 13 Jul 2023 20:15:41 +0800 Subject: [PATCH] sa-token --- .../sa/admin/config/SaTokenConfig.java | 35 +++++++------------ .../service/EmployeePermissionService.java | 27 +++++++++++++- .../login/controller/LoginController.java | 18 ++-------- .../system/login/service/LoginService.java | 13 +++++-- .../system/menu/service/MenuService.java | 8 +++-- .../system/role/service/RoleMenuService.java | 6 ++-- .../interceptor/AbstractInterceptor.java | 1 - .../lab1024/sa/common/config/MvcConfig.java | 21 ++++++++--- .../lab1024/sa/common/config/UrlConfig.java | 13 ++++--- .../module/support/token/TokenService.java | 13 +++---- .../src/main/resources/dev/sa-common.yaml | 12 +++++-- 11 files changed, 102 insertions(+), 65 deletions(-) diff --git a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SaTokenConfig.java b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SaTokenConfig.java index fa5b8a6a..598a6530 100644 --- a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SaTokenConfig.java +++ b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SaTokenConfig.java @@ -4,13 +4,8 @@ import cn.dev33.satoken.interceptor.SaInterceptor; import cn.dev33.satoken.router.SaRouter; import cn.dev33.satoken.stp.StpUtil; import net.lab1024.sa.common.config.UrlConfig; -import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.DependsOn; -import org.springframework.context.annotation.Lazy; -import org.springframework.web.servlet.config.annotation.InterceptorRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; -import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; /** * sa-token 配置 @@ -19,25 +14,21 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl * @date 2023/7/13 16:57 */ @Configuration -public class SaTokenConfig implements WebMvcConfigurer { +public class SaTokenConfig { /** - * 注册 Sa-Token 拦截器,定义详细认证规则 - * - * @param registry + * 定义 Sa-Token 拦截器,定义详细认证规则 */ - @Override - public void addInterceptors(InterceptorRegistry registry) { - SaInterceptor interceptor = new SaInterceptor(handler -> { - - // 每个路由 都做为一个权限点 - UrlConfig.URL_LIST.forEach(url -> SaRouter.match(url, r -> StpUtil.checkPermission(url))); - - }); + @Bean + public SaInterceptor saInterceptor() { // 关闭注解鉴权 只做路由拦截校验 - interceptor.isAnnotation(false); - registry.addInterceptor(interceptor).addPathPatterns("/**"); + return new SaInterceptor(handler -> { + /** + * 每个路由 都做为一个权限点 + * TODO listen from定义的api + * from menu数据表已选择的api + */ + UrlConfig.AUTH_URL_LIST.forEach(url -> SaRouter.match(url, r -> StpUtil.checkPermission(url))); + }).isAnnotation(false); } - - } diff --git a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/service/EmployeePermissionService.java b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/service/EmployeePermissionService.java index 6457edd0..d8ef44f3 100644 --- a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/service/EmployeePermissionService.java +++ b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/service/EmployeePermissionService.java @@ -1,12 +1,18 @@ package net.lab1024.sa.admin.module.system.employee.service; +import cn.dev33.satoken.stp.StpInterface; +import net.lab1024.sa.admin.module.system.employee.dao.EmployeeDao; +import net.lab1024.sa.admin.module.system.employee.domain.entity.EmployeeEntity; +import net.lab1024.sa.admin.module.system.menu.constant.MenuTypeEnum; import net.lab1024.sa.admin.module.system.menu.domain.vo.MenuVO; import net.lab1024.sa.admin.module.system.role.service.RoleEmployeeService; import net.lab1024.sa.admin.module.system.role.service.RoleMenuService; +import net.lab1024.sa.common.module.support.token.TokenService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.List; +import java.util.stream.Collectors; /** * 员工权限校验 @@ -18,7 +24,7 @@ import java.util.List; * @Copyright 1024创新实验室 ( https://1024lab.net ) */ @Service -public class EmployeePermissionService { +public class EmployeePermissionService implements StpInterface { @Autowired private RoleEmployeeService roleEmployeeService; @@ -26,6 +32,9 @@ public class EmployeePermissionService { @Autowired private RoleMenuService roleMenuService; + @Autowired + private EmployeeDao employeeDao; + /** * 查询用户拥有的前端菜单项 用于登陆返回 前端动态路由配置 * @@ -37,4 +46,20 @@ public class EmployeePermissionService { return roleMenuService.getMenuList(roleIdList, administratorFlag); } + @Override + public List getPermissionList(Object loginId, String loginType) { + Long employeeId = TokenService.getUserId((String) loginId); + + // TODO listen 待做权限缓存 + EmployeeEntity employeeEntity = employeeDao.selectById(employeeId); + List menuList = this.getEmployeeMenuAndPointsList(employeeId, employeeEntity.getAdministratorFlag()); + return menuList.stream() + .filter(e -> MenuTypeEnum.POINTS.equalsValue(e.getMenuType())) + .map(MenuVO::getApiPerms).distinct().collect(Collectors.toList()); + } + + @Override + public List getRoleList(Object loginId, String loginType) { + return null; + } } diff --git a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java index b616ba6d..5a7fd6e1 100644 --- a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java +++ b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java @@ -1,6 +1,5 @@ package net.lab1024.sa.admin.module.system.login.controller; -import cn.dev33.satoken.annotation.SaIgnore; import cn.hutool.extra.servlet.ServletUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; @@ -13,7 +12,6 @@ import net.lab1024.sa.common.common.constant.RequestHeaderConst; import net.lab1024.sa.common.common.domain.ResponseDTO; import net.lab1024.sa.common.common.util.SmartRequestUtil; import net.lab1024.sa.common.module.support.captcha.domain.CaptchaVO; -import org.checkerframework.checker.units.qual.N; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -58,20 +56,8 @@ public class LoginController { @ApiOperation("获取登录结果信息 @author 卓大") @GetMapping("/login/getLoginInfo") public ResponseDTO getLoginInfo() { - /* Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication == null) { - return ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID); - } - - Object principal = authentication.getPrincipal(); - if (!(principal instanceof LoginEmployeeDetail)) { - return ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID); - } - - LoginEmployeeDetail loginEmployeeDetail = (LoginEmployeeDetail) authentication.getPrincipal(); - loginEmployeeDetail.setLoginPassword(null); - return ResponseDTO.ok(loginEmployeeDetail);*/ - return ResponseDTO.ok(); + LoginEmployeeDetail loginEmployeeDetail = loginService.getLoginUserDetailCache(SmartRequestUtil.getUserId()); + return ResponseDTO.ok(loginEmployeeDetail); } @ApiOperation("退出登录 @author 卓大") diff --git a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java index 6dc36ff3..4460d349 100644 --- a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java +++ b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java @@ -93,7 +93,7 @@ public class LoginService { // 校验 图形验证码 ResponseDTO checkCaptcha = captchaService.checkCaptcha(loginForm); if (!checkCaptcha.getOk()) { - // TODO listen 待放开 return ResponseDTO.error(checkCaptcha); + // TODO listen 待放开 return ResponseDTO.error(checkCaptcha); } /** @@ -160,7 +160,7 @@ public class LoginService { List menuAndPointsList = employeePermissionService.getEmployeeMenuAndPointsList(employeeEntity.getEmployeeId(), employeeEntity.getAdministratorFlag()); //前端菜单 loginEmployeeDetail.setMenuList(menuAndPointsList); - //后端权限 + // TODO listen 原先为什么返回权限 // loginEmployeeDetail.setAuthorities(employeePermissionService.buildAuthorities(menuAndPointsList)); //上次登录信息 @@ -195,6 +195,15 @@ public class LoginService { loginLogService.log(loginEntity); } + /** + * 查询用户信息缓存 + * + * @param requestUserId + */ + public LoginEmployeeDetail getLoginUserDetailCache(Long requestUserId) { + return loginUserDetailCache.get(requestUserId); + } + /** * 移除用户信息缓存 diff --git a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/service/MenuService.java b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/service/MenuService.java index d480eaab..4b3fa693 100644 --- a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/service/MenuService.java +++ b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/service/MenuService.java @@ -20,7 +20,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.util.CollectionUtils; -import java.util.Collections; import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -39,6 +38,10 @@ public class MenuService { @Autowired private MenuDao menuDao; + + @Autowired + private List authUrl; + /** * 添加菜单 * @@ -281,8 +284,7 @@ public class MenuService { * @return */ public ResponseDTO> getAuthUrl() { - // TODO listen - return ResponseDTO.ok(Collections.emptyList()); + return ResponseDTO.ok(authUrl); } } diff --git a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleMenuService.java b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleMenuService.java index e93d106a..a63858d2 100644 --- a/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleMenuService.java +++ b/smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleMenuService.java @@ -77,9 +77,9 @@ public class RoleMenuService { * @param roleIdList * @return */ - public List getMenuList(List roleIdList, Boolean administratorFlag) { - //管理员返回所有菜单 - if(administratorFlag){ + public List getMenuList(List roleIdList, Boolean adminFlag) { + // 超管返回所有菜单 + if(adminFlag){ List menuEntityList = roleMenuDao.selectMenuListByRoleIdList(Lists.newArrayList(), false); return SmartBeanUtil.copyList(menuEntityList, MenuVO.class); } diff --git a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/interceptor/AbstractInterceptor.java b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/interceptor/AbstractInterceptor.java index 45f2ba39..3d0bb442 100644 --- a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/interceptor/AbstractInterceptor.java +++ b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/interceptor/AbstractInterceptor.java @@ -19,7 +19,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.List; -import java.util.Objects; /** * 抽象拦截器 diff --git a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/MvcConfig.java b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/MvcConfig.java index 0b5f2ce3..c2bfb480 100644 --- a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/MvcConfig.java +++ b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/MvcConfig.java @@ -1,5 +1,6 @@ package net.lab1024.sa.common.config; +import cn.dev33.satoken.interceptor.SaInterceptor; import net.lab1024.sa.common.common.interceptor.AbstractInterceptor; import org.apache.commons.collections4.CollectionUtils; import org.springframework.beans.factory.annotation.Autowired; @@ -26,14 +27,24 @@ public class MvcConfig implements WebMvcConfigurer { @Autowired(required = false) private List interceptorList; + @Autowired(required = false) + private List saInterceptorList; + @Override public void addInterceptors(InterceptorRegistry registry) { - if (CollectionUtils.isEmpty(interceptorList)) { - return; + // 先注册 登录拦截器 + if (CollectionUtils.isNotEmpty(interceptorList)) { + interceptorList.forEach(e -> { + registry.addInterceptor(e).addPathPatterns(e.pathPatterns()).excludePathPatterns(e.getIgnoreUrlList()); + }); + } + + // 后注册 sa-token 权限拦截器 不需要可以删除 + if (CollectionUtils.isNotEmpty(saInterceptorList)) { + saInterceptorList.forEach(i -> { + registry.addInterceptor(i).addPathPatterns("/**"); + }); } - interceptorList.forEach(e -> { - registry.addInterceptor(e).addPathPatterns(e.pathPatterns()).excludePathPatterns(e.getIgnoreUrlList()); - }); } @Override diff --git a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/UrlConfig.java b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/UrlConfig.java index 7c8037c8..8de7ed91 100644 --- a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/UrlConfig.java +++ b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/UrlConfig.java @@ -34,7 +34,7 @@ public class UrlConfig { @Autowired private RequestMappingHandlerMapping requestMappingHandlerMapping; - public static List URL_LIST = Lists.newArrayList(); + public static List AUTH_URL_LIST = Lists.newArrayList(); /** * 获取每个方法的请求路径 @@ -74,8 +74,15 @@ public class UrlConfig { if (null != ignore) { continue; } - List requestUrlList = this.buildRequestUrl(method, entry.getValue()); + NoNeedLogin noNeedLogin = method.getAnnotation(NoNeedLogin.class); + if (null != noNeedLogin) { + continue; + } + Set urlSet = entry.getValue(); + List requestUrlList = this.buildRequestUrl(method, urlSet); authUrlList.addAll(requestUrlList); + + AUTH_URL_LIST.addAll(urlSet); } log.info("需要权限校验的URL:{}", authUrlList.stream().map(RequestUrlVO::getUrl).collect(Collectors.toList())); return authUrlList; @@ -98,8 +105,6 @@ public class UrlConfig { requestUrlVO.setUrl(url); requestUrlVO.setComment(methodComment); requestUrlList.add(requestUrlVO); - - URL_LIST.add(url); } return requestUrlList; } diff --git a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/token/TokenService.java b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/token/TokenService.java index 65e5c30c..4847e0de 100644 --- a/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/token/TokenService.java +++ b/smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/token/TokenService.java @@ -9,13 +9,10 @@ import org.springframework.stereotype.Component; import java.util.List; /** - * 与用户token的相关的服务 + * 用户token 相关服务 * - * @Author 1024创新实验室-主任: 卓大 - * @Date 2021-11-29 19:48:35 - * @Wechat zhuoda1024 - * @Email lab1024@163.com - * @Copyright 1024创新实验室 ( https://1024lab.net ) + * @author listen + * @date 2023-07-12 22:48:35 */ @Component public class TokenService { @@ -63,6 +60,10 @@ public class TokenService { return Long.valueOf(loginId.substring(loginId.indexOf(StringConst.HORIZONTAL) + 1)); } + public static Integer getUserType(String loginId) { + return Integer.valueOf(loginId.substring(0, loginId.indexOf(StringConst.HORIZONTAL))); + } + /** * 退出登录 注销 */ diff --git a/smart-admin-api/sa-common/src/main/resources/dev/sa-common.yaml b/smart-admin-api/sa-common/src/main/resources/dev/sa-common.yaml index 047a15cd..a0d4d566 100644 --- a/smart-admin-api/sa-common/src/main/resources/dev/sa-common.yaml +++ b/smart-admin-api/sa-common/src/main/resources/dev/sa-common.yaml @@ -131,12 +131,20 @@ sa-token: # token 有效期(单位:秒) 默认30天,-1 代表永久有效 timeout: 2592000 # token 最低活跃频率(单位:秒),如果 token 超过此时间没有访问系统就会被冻结,默认-1 代表不限制,永不冻结 - active-timeout: 28800 + active-timeout: -1 # 是否允许同一账号多地同时登录 (为 true 时允许一起登录, 为 false 时新登录挤掉旧登录) is-concurrent: false # 在多人登录同一账号时,是否共用一个 token (为 true 时所有登录共用一个 token, 为 false 时每次登录新建一个 token)(jwt模式下恒false) is-share: false # token 风格(默认可取值:uuid、simple-uuid、random-32、random-64、random-128、tik)(jwt模式下无用) token-style: simple-uuid + # 是否打开自动续签 (如果此值为true,框架会在每次直接或间接调用 getLoginId() 时进行一次过期检查与续签操作) + auto-renew: true # 是否输出操作日志 - is-log: true \ No newline at end of file + is-log: true + # 日志等级(trace、debug、info、warn、error、fatal) + log-level: debug + # 启动时的字符画打印 + is-print: false + # 是否从cookie读取token + is-read-cookie: false \ No newline at end of file