package com.usky.controller.login; import com.usky.constant.Constant; import com.usky.entity.ResponseBean; import com.usky.entity.sys.log.SysLogDTO; import com.usky.entity.sys.vo.SysUserVO; import com.usky.exception.CustomException; import com.usky.exception.CustomUnauthorizedException; import com.usky.service.log.LogService; import com.usky.service.sys.user.LoginService; import com.usky.utils.*; import com.usky.utils.jwt.AesCipherUtil; import com.usky.utils.jwt.JwtUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import org.apache.shiro.authz.annotation.Logical; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.PropertySource; import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.sql.Timestamp; /** * @author laowo * @version v1.0 * @date 2021/8/19 17:09 * @description TODO **/ @RestController @RequestMapping("sys") @Api(tags = "登录-退出") @PropertySource("classpath:config.properties") public class LoginController { @Autowired private LoginService loginService; @Autowired private RedisUtil redisUtil; @Autowired private LogService logService; /** * RefreshToken过期时间 */ @Value("${refreshTokenExpireTime}") private String refreshTokenExpireTime; @ApiOperation(value = "登录") @PostMapping("login") @ApiImplicitParams({ @ApiImplicitParam(name = "loginName", value = "登录名", required = true, paramType = "query"), @ApiImplicitParam(name = "passWord", value = "密码", required = true, paramType = "query") }) public Result login(@RequestParam("loginName") String loginName, @RequestParam("passWord") String passWord, HttpServletResponse httpServletResponse) { SysUserVO user = loginService.findUserByUsername(loginName); if (user.getStatus().equals("1")) { return Result.error("账户已停用,请联系管理员!"); } String key = AesCipherUtil.deCrypto(user.getPassword()); if (key.equals(loginName + passWord)) { // 清除可能存在的Shiro权限信息缓存 if (redisUtil.hasKey(Constant.PREFIX_SHIRO_CACHE + loginName)) { redisUtil.del(Constant.PREFIX_SHIRO_CACHE + loginName); } // 设置RefreshToken,时间戳为当前时间戳,直接设置即可(不用先删后设,会覆盖已有的RefreshToken) String currentTimeMillis = String.valueOf(System.currentTimeMillis()); redisUtil.set(Constant.PREFIX_SHIRO_REFRESH_TOKEN + loginName, currentTimeMillis, Integer.parseInt(refreshTokenExpireTime)); // 从Header中Authorization返回AccessToken,时间戳为当前时间戳 String token = JwtUtil.sign(loginName, currentTimeMillis); httpServletResponse.setHeader("Authorization", token); httpServletResponse.setHeader("Access-Control-Expose-Headers", "Authorization"); SysLogDTO log = new SysLogDTO(); log.setLogType(1); //获取request HttpServletRequest request = SpringContextUtils.getHttpServletRequest(); //请求的参数 log.setRequestType(request.getMethod()); //设置IP地址 log.setIp(IPUtils.getIpAddr(request)); //获取登录用户信息 TODO 添加用户数据后启用 log.setUsername(loginName); log.setCreateTime(new Timestamp(System.currentTimeMillis())); logService.addLog(log); return Result.OK("登录成功"); } else { throw new CustomUnauthorizedException("帐号或密码错误(Account or Password Error.)"); } } @PostMapping("loginOut") @ApiOperation(value = "用户退出") public Result loginOut() { ShiroUtils.logout(); return Result.OK("退出成功"); } }