package com.usky.controller.login; import com.usky.constant.Constant; import com.usky.entity.sys.vo.SysUserVO; import com.usky.exception.CustomUnauthorizedException; import com.usky.service.sys.user.LoginService; import com.usky.service.sys.user.UserService; import com.usky.utils.AuthorizationUtils; import com.usky.utils.RedisUtil; import com.usky.utils.Result; import com.usky.utils.jwt.AesCipherUtil; import com.usky.utils.jwt.JwtUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.PropertySource; import org.springframework.http.HttpStatus; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletResponse; /** * @author laowo * @version v1.0 * @date 2021/8/19 17:09 * @description TODO **/ @RestController @RequestMapping("sys") @Api(tags = "登录") @PropertySource("classpath:config.properties") public class LoginController { @Autowired private LoginService loginService; @Autowired private RedisUtil redisUtil; /** * RefreshToken过期时间 */ @Value("${refreshTokenExpireTime}") private String refreshTokenExpireTime; @PostMapping("login") @ApiImplicitParams({ @ApiImplicitParam(name = "loginName", value = "登录名", required = true, paramType = "query"), @ApiImplicitParam(name = "passWord", value = "密码", required = true, paramType = "query") }) public Result login(@RequestParam("loginName") String loginName, @RequestParam("passWord") String passWord, HttpServletResponse httpServletResponse) { SysUserVO user = loginService.findUserByUsername(loginName); if (user.getStatus().equals("1")) { return Result.error("账户已停用,请联系管理员!"); } String key = AesCipherUtil.deCrypto(user.getPassword()); if (key.equals(loginName + passWord)) { // 清除可能存在的Shiro权限信息缓存 if (redisUtil.hasKey(Constant.PREFIX_SHIRO_CACHE + loginName)) { redisUtil.hasKey(Constant.PREFIX_SHIRO_CACHE + loginName); } // 设置RefreshToken,时间戳为当前时间戳,直接设置即可(不用先删后设,会覆盖已有的RefreshToken) String currentTimeMillis = String.valueOf(System.currentTimeMillis()); redisUtil.set(Constant.PREFIX_SHIRO_REFRESH_TOKEN + loginName, currentTimeMillis, Integer.parseInt(refreshTokenExpireTime)); // 从Header中Authorization返回AccessToken,时间戳为当前时间戳 String token = JwtUtil.sign(loginName, currentTimeMillis); httpServletResponse.setHeader("Authorization", token); httpServletResponse.setHeader("Access-Control-Expose-Headers", "Authorization"); return Result.OK("登录成功"); } else { throw new CustomUnauthorizedException("帐号或密码错误(Account or Password Error.)"); } } @PostMapping("loginOut") @ApiOperation(value = "用户退出") public Result loginOut() { AuthorizationUtils.clearAllCachedAuthorizationInfo(); return Result.error("操作成功"); } }