修改密码

.idea/libraries/Maven__com_auth0_java_jwt_3_11_0.xml

@@ -0,0 +1,13 @@
+<component name="libraryTable">
+  <library name="Maven: com.auth0:java-jwt:3.11.0">
+    <CLASSES>
+      <root url="jar://$PROJECT_DIR$/../../../repository/com/auth0/java-jwt/3.11.0/java-jwt-3.11.0.jar!/" />
+    </CLASSES>
+    <JAVADOC>
+      <root url="jar://$PROJECT_DIR$/../../../repository/com/auth0/java-jwt/3.11.0/java-jwt-3.11.0-javadoc.jar!/" />
+    </JAVADOC>
+    <SOURCES>
+      <root url="jar://$PROJECT_DIR$/../../../repository/com/auth0/java-jwt/3.11.0/java-jwt-3.11.0-sources.jar!/" />
+    </SOURCES>
+  </library>
+</component>

modules/bjflapi/src/main/java/com/jeesite/modules/bjflapi/AbstractController.java

@@ -0,0 +1,34 @@
+/**
+ * Copyright (c) 2016-2019 人人开源 All rights reserved.
+ * <p>
+ * https://www.renren.io
+ * <p>
+ * 版权所有，侵权必究！
+ */
+
+package com.jeesite.modules.bjflapi;
+
+import com.jeesite.common.constant.Constants;
+import com.jeesite.modules.sys.utils.RedisUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Controller公共组件
+ *
+ * @author Mark sunlightcs@gmail.com
+ */
+public abstract class AbstractController {
+
+    @Autowired
+    HttpServletRequest request;
+    @Resource
+    private RedisUtil redisUtil;
+
+    protected String getUserIdByRequest() {
+        String token = (String) request.getAttribute("token");
+        return (String) redisUtil.get(Constants.PREFIX_USER_TOKEN + token);
+    }
+}

modules/bjflapi/src/main/java/com/jeesite/modules/bjflapi/report/WebsiteUserControllerApi.java

@@ -4,13 +4,15 @@ import com.jeesite.common.codec.DesUtils;
 import com.jeesite.common.config.Global;
 import com.jeesite.common.constant.Constants;
 import com.jeesite.common.lang.StringUtils;
-import com.jeesite.common.service.ServiceException;
+import com.jeesite.modules.bjflapi.AbstractController;
 import com.jeesite.modules.report.entity.WebsiteUser;
 import com.jeesite.modules.report.service.WebsiteUserService;
 import com.jeesite.modules.report.util.JwtUtil;
 import com.jeesite.modules.report.util.PasswordUtil;
-import com.jeesite.modules.report.util.RedisUtil;
+import com.jeesite.modules.sys.utils.RedisUtil;
 import com.jeesite.modules.report.util.oConvertUtils;
+import com.jeesite.modules.sys.annotation.WebsiteAuth;
+import com.jeesite.modules.sys.utils.R;
 import io.swagger.annotations.Api;
 import org.springframework.beans.BeanUtils;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -25,7 +27,7 @@ import java.util.Map;
 @RestController
 @RequestMapping(value = "${adminPath}/api/report/websiteUser")
 @Api(value = "WebsiteUserControllerApi",tags = "网站用户接口")
-public class WebsiteUserControllerApi {
+public class WebsiteUserControllerApi extends AbstractController {
     @Resource
     private RedisUtil redisUtil;
     @Resource
@@ -40,10 +42,10 @@ public class WebsiteUserControllerApi {
         // 登录用户名解密（解决登录用户名明文传输安全问题）
         String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
         if (StringUtils.isEmpty(loginCode)) {
-            throw new ServiceException("登录账号为空");
+            return R.error("登录账号为空");
         }
         if (StringUtils.isEmpty(password)) {
-            throw new ServiceException("登录密码为空");
+            return R.error("登录密码为空");
         }
         loginCode = DesUtils.decode(loginCode, secretKey);
         password = DesUtils.decode(password, secretKey);
@@ -51,12 +53,12 @@ public class WebsiteUserControllerApi {
         //查询用户
         WebsiteUser oldUser = websiteUserService.findLoginCode(loginCode);
         if (oldUser == null) {
-            throw new ServiceException("用户不存在，请先注册");
+            return R.error("用户不存在，请先注册");
         }
         //验证密码
         String passwordEncode = PasswordUtil.encrypt(loginCode, password, oldUser.getSalt());
         if (!passwordEncode.equals(oldUser.getPassword())) {
-            throw new ServiceException("登录密码不正确");
+            return R.error("登录密码不正确");
         }
         //TODO 单点登录，清理登录用户的登录token
         List<Object> tokenList = redisUtil.lGet(Constants.PREFIX_USER_TOKEN_LIST + loginCode, 0, -1);
@@ -66,7 +68,7 @@ public class WebsiteUserControllerApi {
         // 生成token
         String token = JwtUtil.sign(loginCode, password);
         // 设置token缓存有效时间
-        redisUtil.set(Constants.PREFIX_USER_TOKEN + token, token);
+        redisUtil.set(Constants.PREFIX_USER_TOKEN + token, oldUser.getId());
         redisUtil.expire(Constants.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
         //TODO 单点登录，缓存登录用户的Token
         redisUtil.lSet(Constants.PREFIX_USER_TOKEN_LIST + loginCode, token);
@@ -83,16 +85,16 @@ public class WebsiteUserControllerApi {
         // 登录用户名解密（解决登录用户名明文传输安全问题）
         String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
         if (StringUtils.isEmpty(loginCode)) {
-            throw new ServiceException("登录账号为空");
+            return R.error("登录账号为空");
         }
         if (StringUtils.isEmpty(password)) {
-            throw new ServiceException("登录密码为空");
+            return R.error("登录密码为空");
         }
         loginCode = DesUtils.decode(loginCode, secretKey);
         password = DesUtils.decode(password, secretKey);
         WebsiteUser oldUser = websiteUserService.findLoginCode(loginCode);
         if (oldUser != null) {
-            throw new ServiceException("用户已存在");
+            return R.error("用户已存在");
         }
         WebsiteUser newUser = new WebsiteUser();
         BeanUtils.copyProperties(websiteUser, newUser);
@@ -106,4 +108,38 @@ public class WebsiteUserControllerApi {
         return login(websiteUser);
     }
 
+    /**
+     * 修改密码
+     */
+    @WebsiteAuth
+    @PostMapping(value = "updatePwd")
+    public String infoSavePwd(String newPassword,
+                              String confirmNewPassword) {
+        String userId = getUserIdByRequest();
+        WebsiteUser websiteUser = websiteUserService.get(userId);
+        // 登录密码解密（解决密码明文传输安全问题）
+        String secretKey = Global.getProperty("shiro.loginSubmit.secretKey");
+//        if (StringUtils.isNotBlank(secretKey)){
+//            oldPassword = DesUtils.decode(oldPassword, secretKey);
+//            newPassword = DesUtils.decode(newPassword, secretKey);
+//            confirmNewPassword = DesUtils.decode(confirmNewPassword, secretKey);
+//        }
+//        // 验证旧密码
+//        if(!PwdUtils.validatePassword(oldPassword, currentUser.getPassword())){
+//            return renderResult(Global.FALSE, text("sys.user.oldPasswordError"));
+//        }
+//        // 验证新密码和确认密码
+//        if(!StringUtils.equals(newPassword, confirmNewPassword)){
+//            return renderResult(Global.FALSE, text("sys.user.confirmPasswrodError"));
+//        }
+//        // 更新密码
+//        try{
+//            userService.updatePassword(currentUser.getUserCode(), confirmNewPassword);
+//            return renderResult(Global.TRUE, text("sys.user.passwordModifySuccess"));
+//        }catch(ServiceException se){
+//            return renderResult(Global.FALSE, se.getMessage());
+//        }
+        return null;
+    }
+
 }

modules/core/src/main/java/com/jeesite/modules/config/web/interceptor/WebsiteLoginConfig.java

@@ -0,0 +1,44 @@
+/**
+ * Copyright (c) 2013-Now http://jeesite.com All rights reserved.
+ * No deletion without permission, or be held responsible to law.
+ */
+package com.jeesite.modules.config.web.interceptor;
+
+import com.jeesite.common.config.Global;
+import com.jeesite.common.lang.StringUtils;
+import com.jeesite.modules.sys.interceptor.WebsiteLoginInterceptor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * 后台管理日志记录拦截器
+ * @author ThinkGem
+ * @version 2018年1月10日
+ */
+@Configuration(proxyBeanMethods = false)
+@ConditionalOnProperty(name="web.interceptor.websiteLogin.enabled", havingValue="true", matchIfMissing=true)
+@EnableWebMvc
+public class WebsiteLoginConfig implements WebMvcConfigurer {
+
+	@Override
+	public void addInterceptors(InterceptorRegistry registry) {
+		InterceptorRegistration registration = registry.addInterceptor(new WebsiteLoginInterceptor());
+		String apps = Global.getProperty("web.interceptor.websiteLogin.addPathPatterns");
+		String epps = Global.getProperty("web.interceptor.websiteLogin.excludePathPatterns");
+		for (String uri : StringUtils.split(apps, ",")){
+			if (StringUtils.isNotBlank(uri)){
+				registration.addPathPatterns(StringUtils.trim(uri));
+			}
+		}
+		for (String uri : StringUtils.split(epps, ",")){
+			if (StringUtils.isNotBlank(uri)){
+				registration.excludePathPatterns(StringUtils.trim(uri));
+			}
+		}
+	}
+
+}

modules/core/src/main/java/com/jeesite/modules/sys/annotation/WebsiteAuth.java

@@ -0,0 +1,14 @@
+package com.jeesite.modules.sys.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * api接口，网站用户需要Token验证
+ * @author ww
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface WebsiteAuth {
+
+}

modules/core/src/main/java/com/jeesite/modules/sys/interceptor/WebsiteLoginInterceptor.java

@@ -0,0 +1,51 @@
+package com.jeesite.modules.sys.interceptor;
+
+import com.alibaba.fastjson.JSON;
+import com.jeesite.common.service.BaseService;
+import com.jeesite.modules.sys.annotation.WebsiteAuth;
+import com.jeesite.modules.sys.utils.R;
+import org.apache.shiro.util.StringUtils;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 登录拦截器  -- 拦截后台接口
+ */
+public class WebsiteLoginInterceptor extends BaseService implements HandlerInterceptor {
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        WebsiteAuth annotation;
+        if (handler instanceof HandlerMethod) {
+            annotation = ((HandlerMethod) handler).getMethodAnnotation(WebsiteAuth.class);
+        } else {
+            return true;
+        }
+
+        //如果有@IgnoreAuth注解，则不验证token
+        if (annotation == null) {
+            return true;
+        }
+
+        String token = request.getHeader("website-token");//header方式
+        if (!StringUtils.hasText(token)) {
+            response.setCharacterEncoding("UTF-8"); //设置编码格式
+            response.setContentType("application/json");
+            R responseBean = R.error(-400, "访问需要令牌");
+            response.getWriter().write(JSON.toJSONString(responseBean));
+            return false;
+        }
+
+        request.setAttribute("token", token);
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) {
+
+    }
+}

modules/core/src/main/java/com/jeesite/modules/sys/utils/R.java

@@ -0,0 +1,78 @@
+/**
+ * Copyright (c) 2016-2019 人人开源 All rights reserved.
+ *
+ * https://www.renren.io
+ *
+ * 版权所有，侵权必究！
+ */
+
+package com.jeesite.modules.sys.utils;
+
+import org.apache.http.HttpStatus;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 返回数据
+ *
+ * @author Mark sunlightcs@gmail.com
+ */
+public class R extends HashMap<String, Object> {
+	private static final long serialVersionUID = 1L;
+
+	public R() {
+		put("code", 200);
+		put("msg", "success");
+	}
+
+	public static R error() {
+		return error(HttpStatus.SC_INTERNAL_SERVER_ERROR, "未知异常，请联系管理员");
+	}
+
+	public static R error(String msg) {
+		return error(HttpStatus.SC_INTERNAL_SERVER_ERROR, msg);
+	}
+
+	public static R error(int code, String msg) {
+		R r = new R();
+		r.put("code", code);
+		r.put("msg", msg);
+		return r;
+	}
+	public static R error(StatusMsgEnum statu) {
+		R r = new R();
+		r.put("code", statu.getStatus());
+		r.put("msg", statu.getMsg());
+		return r;
+	}
+
+	public static R ok(String msg) {
+		R r = new R();
+		r.put("msg", msg);
+		return r;
+	}
+
+	public static R ok(StatusMsgEnum statu) {
+		R r = new R();
+		r.put("code",statu.getStatus());
+		r.put("msg", statu.getMsg());
+		return r;
+	}
+
+
+	public static R ok(Map<String, Object> map) {
+		R r = new R();
+		r.putAll(map);
+		return r;
+	}
+
+	public static R ok() {
+		return new R();
+	}
+
+	public R put(String key, Object value) {
+		super.put(key, value);
+		return this;
+	}
+}

modules/report/src/main/java/com/jeesite/modules/report/util/RedisUtil.java

@@ -1,4 +1,4 @@
-package com.jeesite.modules.report.util;
+package com.jeesite.modules.sys.utils;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.RedisTemplate;

modules/core/src/main/java/com/jeesite/modules/sys/utils/StatusMsgEnum.java

@@ -0,0 +1,94 @@
+package com.jeesite.modules.sys.utils;
+
+public enum StatusMsgEnum {
+    SUCCESS(200, "操作成功！"),
+    FAIL(500, "操作失败！"),
+    adminUploadDocuments(500, "请上传凭证信息！"),
+    PARAM_NULL(101, "参数为空！"),
+    ADD_SUCCESS(200, "添加成功！"),
+    ADD_REPEAT(201, "重复添加(违反唯一约束)"),
+    QUERY_SUCCESS(200, "查询成功！"),
+    QUERY_FALSE(101, "查询失败！"),
+    DELETE_SUCCESS(200, "删除成功！"),
+    UPDATE_SUCCESS(200, "更新成功！"),
+    LOGIN_SUCCESS(200, "登录成功！"),
+    LOGIN_FALSE(101, "登录失败！"),
+    RESET_PASSWORD_SUCCESS(200, "更新密码成功！"),
+    ADD_ROLE_SUCCESS(200, "添加用户成功！"),
+    DELETE_ROLE_SUCCESS(200, "删除用户成功！"),
+    DISABLED_SUCCESS(200, "禁用成功！"),
+    ACTIVE_SUCCESS(200, "启用成功！"),
+    LOGIN_NAME_PSW_ERROR(201, "用户或密码错误"),
+    TOKEN_ERR(202, "token请求异常"),
+    USER_IS_EXISTS(203, "用户名已经存在"),
+    USER_IS_EXISTS1(2031, "手机号已注册"),
+    OSS_GROUP_EXISTS(210, "文件上传组名已经存在"),
+    OSS_GROUP_NAME_NEED(210, "文件上传分组名不能为空"),
+    UPLOAD_PARAM_NEED(213, "文件参数不能为空"),
+    CAN_REGISTER(204, "此用户名可以注册"),
+    NOCAN_REGISTER(204, "用户注册失败"),
+    NEED_LOGIN_NAME_PSW(201, "用户或密码不能为空"),
+    SMSCODESEND_SUCESS(205, "验证码发送成功"),
+    SMSCODE_SENDED_FAIL(207, "验证码再次请求时间未到"),
+    SMSCODESEND_TIMEOUT(208, "验证码已过期"),
+    SMSCODES_NOMATCH(209, "验证码不匹配"),
+    INVICTCODE_ERR(210, "邀请码不存在"),
+    NO_SUCH_SMS_TEMPLATE(210, "没有该短信模板"),
+    SMSCODESEND_FAIL(207, "验证码发送失败，请稍后再试"),
+    USER_DEL(204, "用户已被删除，请联系管理员"),
+    USER_DISABLE(205, "用户已被禁用，请联系管理员"),
+
+    ORDER_PAY_NOSUPPORT(300, "暂不支持此支付方式"),
+    ORDER_PAY_SUCESS(310, "支付成功"),
+    ORDER_PAY_FAIL(320, "支付失败"),
+    ORDER_PAY_WAITING(310, "支付等待"),
+    ORDER_NOEXIST(300, "订单信息不存在"),
+
+    MEMBER_INSUFFICIENT_PRIVILEGES(403, "你还不是服务体系成员，不能学习此视频"),
+
+    /**
+     * 10、待付款  20、待发货 30、待收货
+     * 40、退货 50、完成 60、取消 70、付款失败
+     * 80、过期 90、申请退款 100、待寄售
+     * 110、部分寄售 120、寄售成功 130、已操作退款 140、申请提货
+     */
+    WHOLESALE_10(10, "待付款"),
+    WHOLESALE_20(20, "待发货"),
+    WHOLESALE_30(30, "待收货"),
+    WHOLESALE_40(40, "退货"),
+    WHOLESALE_50(50, "完成"),
+    WHOLESALE_60(60, "取消"),
+    WHOLESALE_70(70, "付款失败"),
+    WHOLESALE_80(80, "过期"),
+    WHOLESALE_90(90, "申请退款"),
+    WHOLESALE_100(100, "待寄售"),
+    WHOLESALE_110(110, "部分寄售"),
+    WHOLESALE_120(120, "寄售成功"),
+    WHOLESALE_130(130, "已操作退款"),
+    WHOLESALE_140(140, "申请提货"),
+
+    /**
+     * 如果收到消息，并处理成功，返回如下json字符串
+     * { "code": 1 }
+     *
+     * 除此之外，都会判定为失败，当失败时，会根据生命周期，重新通知或停止通知
+     */
+    SUPPLY_CHAIN_MESSAGE_CALLBACK_SUCCESS(1, "数字化供应链消息回调成功");
+
+    private Integer status;
+
+    private String msg;
+
+    StatusMsgEnum(Integer status, String msg) {
+        this.status = status;
+        this.msg = msg;
+    }
+
+    public Integer getStatus() {
+        return status;
+    }
+
+    public String getMsg() {
+        return msg;
+    }
+}

web/src/main/resources/config/application.yml

@@ -767,6 +767,11 @@ web:
         ${frontPath}/**
       excludePathPatterns: ~
 
+    websiteLogin:
+      enabled: true
+      addPathPatterns: >
+        ${adminPath}/api/report/websiteUser/**
+      excludePathPatterns: ~
 #  # 静态文件后缀，过滤静态文件，以提高访问性能。
 #  staticFile: .css,.js,.map,.png,.jpg,.gif,.jpeg,.bmp,.ico,.swf,.psd,.htc,.crx,.xpi,.exe,.ipa,.apk,.otf,.eot,.svg,.ttf,.woff,.woff2
 #