| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321 |
- package me.zhengjie.modules.thirdparty.v1;
- import cn.hutool.http.HtmlUtil;
- import cn.hutool.http.HttpRequest;
- import cn.hutool.http.HttpUtil;
- import cn.hutool.http.Method;
- import com.alibaba.fastjson.JSONObject;
- import io.swagger.annotations.Api;
- import io.swagger.annotations.ApiOperation;
- import lombok.RequiredArgsConstructor;
- import lombok.extern.slf4j.Slf4j;
- import me.zhengjie.annotation.Log;
- import me.zhengjie.annotation.rest.AnonymousGetMapping;
- import me.zhengjie.annotation.rest.AnonymousPostMapping;
- import me.zhengjie.base.BaseResponse;
- import me.zhengjie.base.QueryPageParams;
- import me.zhengjie.exception.BadRequestException;
- import me.zhengjie.modules.dm.user.domain.DmUser;
- import me.zhengjie.modules.dm.user.service.DmUserService;
- import me.zhengjie.modules.dm.user.service.dto.DmUserDto;
- import me.zhengjie.modules.dm.user.service.dto.DmUserQueryCriteria;
- import me.zhengjie.modules.security.config.bean.LoginProperties;
- import me.zhengjie.modules.security.config.bean.SecurityProperties;
- import me.zhengjie.modules.security.security.TokenProvider;
- import me.zhengjie.modules.security.service.OnlineUserService;
- import me.zhengjie.modules.security.service.dto.JwtUserDto;
- import me.zhengjie.modules.system.domain.User;
- import me.zhengjie.modules.system.repository.UserRepository;
- import me.zhengjie.modules.system.service.*;
- import me.zhengjie.modules.system.service.dto.*;
- import me.zhengjie.utils.EncryptUtils;
- import me.zhengjie.utils.SecurityUtils;
- import me.zhengjie.utils.StringUtils;
- import org.hibernate.Criteria;
- import org.springframework.data.domain.PageRequest;
- import org.springframework.data.domain.Pageable;
- import org.springframework.http.HttpStatus;
- import org.springframework.http.ResponseEntity;
- import org.springframework.security.access.prepost.PreAuthorize;
- import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.context.SecurityContextHolder;
- import org.springframework.security.crypto.password.PasswordEncoder;
- import org.springframework.web.bind.annotation.GetMapping;
- import org.springframework.web.bind.annotation.RequestBody;
- import org.springframework.web.bind.annotation.RequestMapping;
- import org.springframework.web.bind.annotation.RestController;
- import javax.annotation.Resource;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import java.io.IOException;
- import java.text.SimpleDateFormat;
- import java.util.*;
- @Slf4j
- @RestController
- @RequiredArgsConstructor
- @Api(tags = "用户接口")
- @RequestMapping("/api/thirdparty/v1/user")
- public class UserApiController {
- private final DmUserService dmUserService;
- private final UserService userService;
- private final DeptService deptService;
- private final JobService jobService;
- private final RoleService roleService;
- private final TokenProvider tokenProvider;
- private final AuthenticationManagerBuilder authenticationManagerBuilder;
- private final OnlineUserService onlineUserService;
- private final SecurityProperties properties;
- @Resource
- private LoginProperties loginProperties;
- private final PasswordEncoder passwordEncoder;
- private final UserRepository userRepository;
- private final String erpapiUrl = "https://portal.caih.com";
- private final String key = "DMERPYT!@#$QWER2021+{:>";
- @Log("获取ERP用户数据")
- @ApiOperation("获取ERP用户数据")
- @AnonymousGetMapping(value = "/busi/comm/usky/queryUser")
- public ResponseEntity<Object> getusers(HttpServletRequest request, String formData) throws IOException {
- // SecurityUtils.CheckApiAuth(request);
- // List<DmUserDto> list = dmUserService.queryAll(criteria);
- String url = "/api-third-party/busi/comm/usky/queryUser";
- String res = HttpRequest.get(erpapiUrl+url)
- .header("X_AUTO_USER_INFO_HEAD", "{\"id\":\"anonymous\",\"tenantId\":\"caih\"}")
- .body("{\n" +
- " \"formData\":{\n" +
- " \"pageNum\":1,\n" +
- " \"pageSize\":100\n" +
- " },\n" +
- " \"product\":\"17\",\n" +
- " \"sign\":\"e34b2f59-0e9d-45ed-a32a-f4abd4381000\"\n" +
- "}").execute().body();
- JSONObject json = JSONObject.parseObject(res);
- return new ResponseEntity<>(json, HttpStatus.OK);
- }
- // @Log("单点登录")
- // @ApiOperation("单点登录")
- // @AnonymousGetMapping(value = "/sso")
- // public ResponseEntity<Object> sso(HttpServletRequest request) {
- // String token = request.getParameter("token");
- // String url = request.getParameter("url");
- //
- // if (StringUtils.isBlank(token) || StringUtils.isBlank(url)) {
- // throw new BadRequestException("参数错误");
- // }
- //
- // String res = HttpRequest.get(erpapiUrl + "/api-third-party/busi/comm/authLogin/api/verifyToken?token=" + token).execute().body();
- // JSONObject json = JSONObject.parseObject(res);
- //
- // if (json != null) {
- // JSONObject data = json.getJSONObject("data");
- //
- // if (data != null) {
- //
- // UserDto userDto = userService.findByName(data.getString("username"));
- //
- // if (userDto != null) {
- // UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(data.getString("username"), userDto.getPassword());
- // Authentication authentication = authenticationManagerBuilder.getObject().authenticate(authenticationToken);
- // SecurityContextHolder.getContext().setAuthentication(authentication);
- // // 生成令牌
- // String n_token = tokenProvider.createToken(authentication);
- // final JwtUserDto jwtUserDto = (JwtUserDto) authentication.getPrincipal();
- // // 保存在线信息
- // onlineUserService.save(jwtUserDto, n_token, request);
- // // 返回 token 与 用户信息
- // Map<String, Object> authInfo = new HashMap<String, Object>(2) {{
- // put("token", properties.getTokenStartWith() + n_token);
- // put("user", jwtUserDto);
- // }};
- // if (loginProperties.isSingleLogin()) {
- // //踢掉之前已经登录的token
- // onlineUserService.checkLoginOnUser(data.getString("username"), n_token);
- // }
- // return ResponseEntity.ok(authInfo);
- // }
- // }
- // }
- // throw new BadRequestException("认证失败");
- // }
- @Log("单点登录")
- @ApiOperation("单点登录")
- @AnonymousGetMapping(value = "/sso11")
- public BaseResponse<Object> sso11(String token) throws Exception {
- Map<String,Object> newToken = SecurityUtils.getToken(key);
- UserDto userDto = userService.findByName("chaoshengqin");
- //组装返回值
- JSONObject returnData = new JSONObject();
- returnData.put("nonce",newToken.get("nonce"));
- returnData.put("timestamp",newToken.get("timestamp"));
- returnData.put("token",newToken.get("token"));
- returnData.put("userId",userDto.getId());
- String cipher = EncryptUtils.desEncrypt(returnData.toJSONString());
- returnData.put("cipher", cipher);
- returnData.put("user", userDto);
- Map<String, Object> authInfo = new HashMap<String, Object>(1) {{
- put("data", returnData);
- }};
- return new BaseResponse<>(authInfo);
- }
- @Log("单点登录")
- @ApiOperation("单点登录")
- @AnonymousGetMapping(value = "/sso")
- public BaseResponse<Object> sso(String token) throws Exception {
- if (StringUtils.isBlank(token)) {
- throw new BadRequestException("参数错误");
- }
- String res = HttpRequest.get(erpapiUrl + "/api-third-party/busi/comm/authLogin/api/verifyToken?token=" + token).method(Method.POST).execute().body();
- System.out.println("res:"+res);
- JSONObject json = JSONObject.parseObject(res);
- if (json != null) {
- JSONObject data = json.getJSONObject("data");
- if (data != null) {
- UserDto userDto = userService.findByName(data.getString("username"));
- if (userDto != null) {
- Map<String,Object> newToken = SecurityUtils.getToken(key);
- //组装返回值
- JSONObject returnData = new JSONObject();
- returnData.put("nonce",newToken.get("nonce"));
- returnData.put("timestamp",newToken.get("timestamp"));
- returnData.put("token",newToken.get("token"));
- returnData.put("userId",userDto.getId());
- String cipher = EncryptUtils.desEncrypt(returnData.toJSONString());
- returnData.put("cipher", cipher);
- returnData.put("user", userDto);
- Map<String, Object> authInfo = new HashMap<String, Object>(1) {{
- put("data", returnData);
- }};
- System.out.println("returnData:"+returnData.toJSONString());
- return new BaseResponse<>(authInfo);
- }
- }
- }
- throw new BadRequestException("认证失败");
- }
- @Log("app登录")
- @ApiOperation("app登录")
- @AnonymousGetMapping(value = "/appLogin")
- public BaseResponse<Object> login(String name,String pass) throws Exception {
- String dataStr = passwordEncoder.encode(pass);
- User user = userRepository.findByUsername(name);
- if (user != null){
- boolean bo = passwordEncoder.matches(pass,dataStr);
- if (bo){
- Map<String,Object> newToken = SecurityUtils.getToken(key);
- //组装返回值
- JSONObject returnData = new JSONObject();
- returnData.put("nonce",newToken.get("nonce"));
- returnData.put("timestamp",newToken.get("timestamp"));
- returnData.put("token",newToken.get("token"));
- returnData.put("userId",user.getId());
- String cipher = EncryptUtils.desEncrypt(returnData.toJSONString());
- returnData.put("cipher", cipher);
- returnData.put("user", user);
- Map<String, Object> authInfo = new HashMap<String, Object>(1) {{
- put("data", returnData);
- }};
- System.out.println("returnData:"+returnData.toJSONString());
- return new BaseResponse<>(authInfo);
- }
- }
- throw new BadRequestException("登录失败!");
- }
- @Log("获取用户数据")
- @ApiOperation("获取用户数据")
- @AnonymousPostMapping(value = "/getzkusers")
- public BaseResponse<Object> getzkusers(@RequestBody QueryPageParams<DmUserQueryCriteria> params, Pageable pageable) {
- SecurityUtils.CheckApiAuth(params);
- Map<String, Object> list = dmUserService.queryAll(params.getQuery(), pageable);
- return new BaseResponse<>(list);
- }
- @Log("根据密文获取用户信息")
- @ApiOperation("根据密文获取用户信息")
- @AnonymousGetMapping(value = "/getZkUserByCipher")
- public BaseResponse<Object> getZkUserByCipher(String cipher) throws Exception {
- String dataStr = EncryptUtils.desDecrypt(cipher);
- JSONObject data = JSONObject.parseObject(dataStr);
- String token = data.getString("token");
- log.info("token:"+token);
- String timestamp = data.getString("timestamp");
- log.info("timestamp:"+timestamp);
- String nonce = data.getString("nonce");
- log.info("nonce:"+nonce);
- String userId = data.getString("userId");
- log.info("userId:"+userId);
- String[] arr = {"DMERPYT!@#$QWER2021+{:>", timestamp,nonce};
- Arrays.sort(arr);
- String str = "";
- for (int i = 0; i < arr.length; i++) {
- str += arr[i];
- }
- String newtoken = EncryptUtils.sha1(str);
- if (!token.equals(newtoken)) {
- throw new BadRequestException(HttpStatus.UNAUTHORIZED, "认证失败");
- }
- DmUserDto dmUser = dmUserService.findById(userId);
- return new BaseResponse<>(dmUser);
- }
- @Log("获取部门数据")
- @ApiOperation("获取部门数据")
- @AnonymousPostMapping(value = "/getzkdeps")
- public BaseResponse<Object> getzkdeps(@RequestBody QueryPageParams<DeptQueryNoAuthCriteria> params, Pageable pageable) {
- SecurityUtils.CheckApiAuth(params);
- Map<String, Object> list = deptService.queryAll(params.getQuery(), pageable);
- return new BaseResponse<>(list);
- }
- @Log("获取岗位数据")
- @ApiOperation("获取岗位数据")
- @AnonymousPostMapping(value = "/getzkjobs")
- public BaseResponse<Object> getzkjobs(@RequestBody QueryPageParams<JobQueryCriteria> params, Pageable pageable) {
- SecurityUtils.CheckApiAuth(params);
- Map<String, Object> list = jobService.queryAll(params.getQuery(), pageable);
- return new BaseResponse<>(list);
- }
- @Log("获取角色数据")
- @ApiOperation("获取角色数据")
- @AnonymousPostMapping(value = "/getzkroles")
- public BaseResponse<Object> getzkroles(@RequestBody QueryPageParams<RoleQueryCriteria> params, Pageable pageable) {
- SecurityUtils.CheckApiAuth(params);
- Map<String, Object> list = roleService.queryAll(params.getQuery(), pageable);
- return new BaseResponse<>(list);
- }
- @Log("修改人员数据")
- @ApiOperation("修改人员数据")
- @AnonymousPostMapping(value = "/updateZkUsers")
- public BaseResponse<Object> updateZkUsers(@RequestBody QueryPageParams<DmUser> params) {
- SecurityUtils.CheckApiAuth(params);
- System.out.println("params:"+params.getQuery().getId());
- dmUserService.update(params.getQuery());
- return new BaseResponse<>(null);
- }
- @Log("获取系统用户数据")
- @ApiOperation("获取系统用户数据")
- @AnonymousPostMapping(value = "/getZkSysUsers")
- public BaseResponse<Object> getZkSysUsers(@RequestBody QueryPageParams<UserQueryCriteria> params, Pageable pageable) {
- SecurityUtils.CheckApiAuth(params);
- return new BaseResponse<>(userService.queryAll(params.getQuery(), pageable));
- }
- }
|
