lixinru
/
SystemManagement


			
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
							package com.usky.controller.login;

import com.usky.constant.Constant;
import com.usky.entity.sys.vo.SysUserVO;
import com.usky.exception.CustomUnauthorizedException;
import com.usky.service.sys.user.LoginService;
import com.usky.service.sys.user.UserService;
import com.usky.utils.AuthorizationUtils;
import com.usky.utils.RedisUtil;
import com.usky.utils.Result;
import com.usky.utils.jwt.AesCipherUtil;
import com.usky.utils.jwt.JwtUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.PropertySource;
import org.springframework.http.HttpStatus;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletResponse;

/**
 * @author laowo
 * @version v1.0
 * @date 2021/8/19 17:09
 * @description TODO
 **/
@RestController
@RequestMapping("sys")
@Api(tags = "登录")
@PropertySource("classpath:config.properties")
public class LoginController {
    @Autowired
    private LoginService loginService;
    @Autowired
    private RedisUtil redisUtil;
    /**
     * RefreshToken过期时间
     */
    @Value("${refreshTokenExpireTime}")
    private String refreshTokenExpireTime;
    @PostMapping("login")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "loginName", value = "登录名", required = true, paramType = "query"),
            @ApiImplicitParam(name = "passWord", value = "密码", required = true, paramType = "query")
    })
    public Result<?> login(@RequestParam("loginName") String loginName,
                           @RequestParam("passWord") String passWord, HttpServletResponse httpServletResponse) {
        SysUserVO user = loginService.findUserByUsername(loginName);

        if (user.getStatus().equals("1")) {
            return Result.error("账户已停用，请联系管理员！");
        }
        String key = AesCipherUtil.deCrypto(user.getPassword());
        if (key.equals(loginName + passWord)) {
            // 清除可能存在的Shiro权限信息缓存
            if (redisUtil.hasKey(Constant.PREFIX_SHIRO_CACHE + loginName)) {
                redisUtil.hasKey(Constant.PREFIX_SHIRO_CACHE + loginName);
            }
            // 设置RefreshToken，时间戳为当前时间戳，直接设置即可(不用先删后设，会覆盖已有的RefreshToken)
            String currentTimeMillis = String.valueOf(System.currentTimeMillis());
            redisUtil.set(Constant.PREFIX_SHIRO_REFRESH_TOKEN + loginName, currentTimeMillis, Integer.parseInt(refreshTokenExpireTime));
            // 从Header中Authorization返回AccessToken，时间戳为当前时间戳
            String token = JwtUtil.sign(loginName, currentTimeMillis);
            httpServletResponse.setHeader("Authorization", token);
            httpServletResponse.setHeader("Access-Control-Expose-Headers", "Authorization");
            return Result.OK("登录成功");
        } else {
            throw new CustomUnauthorizedException("帐号或密码错误(Account or Password Error.)");
        }
    }


    @PostMapping("loginOut")
    @ApiOperation(value = "用户退出")
    public Result<?> loginOut() {
        AuthorizationUtils.clearAllCachedAuthorizationInfo();
        return Result.error("操作成功");
    }


}