From a2d7d188e7415d8e94be84acffcae1b49ca38ce5 Mon Sep 17 00:00:00 2001 From: typ Date: Sat, 2 Apr 2022 12:40:47 +0800 Subject: [PATCH] 轻学堂免密授权 --- src/main/java/com/subsidy/common/configure/QuartzConfig.java | 1 + src/main/java/com/subsidy/controller/MemberController.java | 1 - src/main/java/com/subsidy/dto/member/QingxuetangLoginDTO.java | 19 ++++++++++++++++++- src/main/java/com/subsidy/service/MemberService.java | 8 +------- src/main/java/com/subsidy/service/impl/MemberServiceImpl.java | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------- src/main/java/com/subsidy/util/QuartzUtil.java | 14 ++------------ src/main/java/com/subsidy/util/SecretUtils.java | 18 +++++++++++++----- src/main/java/com/subsidy/vo/member/QXTSign.java | 10 ++++++++++ src/main/resources/application.properties | 4 ++-- src/main/resources/code.properties | 3 +++ 10 files changed, 108 insertions(+), 60 deletions(-) create mode 100644 src/main/java/com/subsidy/vo/member/QXTSign.java diff --git a/src/main/java/com/subsidy/common/configure/QuartzConfig.java b/src/main/java/com/subsidy/common/configure/QuartzConfig.java index cdb7008..b9c9a33 100644 --- a/src/main/java/com/subsidy/common/configure/QuartzConfig.java +++ b/src/main/java/com/subsidy/common/configure/QuartzConfig.java @@ -6,6 +6,7 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.ClassPathResource; import org.springframework.scheduling.quartz.SchedulerFactoryBean; + import javax.sql.DataSource; /** diff --git a/src/main/java/com/subsidy/controller/MemberController.java b/src/main/java/com/subsidy/controller/MemberController.java index dbcf814..3bc21f0 100644 --- a/src/main/java/com/subsidy/controller/MemberController.java +++ b/src/main/java/com/subsidy/controller/MemberController.java @@ -78,7 +78,6 @@ public class MemberController { return ResponseData.generateCreatedResponse(0,memberService.qingxuetangLogin(qingxuetangLoginDTO)); } - @PostMapping("updatePassword") @ApiOperation("修改密码 {id password}") @LoginRequired diff --git a/src/main/java/com/subsidy/dto/member/QingxuetangLoginDTO.java b/src/main/java/com/subsidy/dto/member/QingxuetangLoginDTO.java index a4cad32..a0ece89 100644 --- a/src/main/java/com/subsidy/dto/member/QingxuetangLoginDTO.java +++ b/src/main/java/com/subsidy/dto/member/QingxuetangLoginDTO.java @@ -5,6 +5,23 @@ import lombok.Data; @Data public class QingxuetangLoginDTO { - private String telephone; +// private String telephone; + + private String appId; + + private String authCorpId; + + private String authCorpName; + + private String openId; + + private String mobile; + + private String nickname; + + private Long timestamp; + + private String sign; + } diff --git a/src/main/java/com/subsidy/service/MemberService.java b/src/main/java/com/subsidy/service/MemberService.java index 8888a19..b378510 100644 --- a/src/main/java/com/subsidy/service/MemberService.java +++ b/src/main/java/com/subsidy/service/MemberService.java @@ -8,13 +8,7 @@ import com.subsidy.model.ExerciseDoneResultDO; import com.subsidy.model.FileDictDO; import com.subsidy.model.MemberDO; import com.subsidy.vo.administer.UserRoleVO; -import com.subsidy.vo.member.ContentFilesVO; -import com.subsidy.vo.member.ContentVodNewVO; -import com.subsidy.vo.member.GetAllVO; -import com.subsidy.vo.member.GetStudyInfoVO; -import com.subsidy.vo.member.MemberStudyPageVO; -import com.subsidy.vo.member.MemberVO; -import com.subsidy.vo.member.MyCoursesVO; +import com.subsidy.vo.member.*; import com.subsidy.vo.paper.QueryPapersVO; import java.util.List; diff --git a/src/main/java/com/subsidy/service/impl/MemberServiceImpl.java b/src/main/java/com/subsidy/service/impl/MemberServiceImpl.java index a704fcc..da449c4 100644 --- a/src/main/java/com/subsidy/service/impl/MemberServiceImpl.java +++ b/src/main/java/com/subsidy/service/impl/MemberServiceImpl.java @@ -4,7 +4,6 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; -import com.subsidy.common.RedisPrefixConstant; import com.subsidy.common.exception.HttpException; import com.subsidy.dto.administer.VerifyCodeDTO; import com.subsidy.dto.member.*; @@ -49,18 +48,11 @@ import com.subsidy.util.ConstantUtils; //import com.subsidy.util.RedisUtil; import com.subsidy.util.JwtUtil; import com.subsidy.util.RedisUtil; +import com.subsidy.util.SecretUtils; import com.subsidy.vo.administer.UserRoleVO; -import com.subsidy.vo.member.ContentFilesVO; -import com.subsidy.vo.member.ContentVodNewVO; -import com.subsidy.vo.member.ContentVodVO; -import com.subsidy.vo.member.GetAllVO; -import com.subsidy.vo.member.GetStudyInfoVO; -import com.subsidy.vo.member.MemberStudyPageVO; -import com.subsidy.vo.member.MemberVO; -import com.subsidy.vo.member.MemberVodVO; -import com.subsidy.vo.member.MyCoursesVO; -import com.subsidy.vo.member.StudyPageVO; +import com.subsidy.vo.member.*; import com.subsidy.vo.paper.QueryPapersVO; +import org.apache.commons.lang3.StringUtils; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.AsyncResult; @@ -481,16 +473,61 @@ public class MemberServiceImpl extends ServiceImpl imple UserRoleVO userRoleVO = new UserRoleVO(); - //鉴权逻辑 - - //先从redis里拿 还得从数据库先查公司。。还是直接查人快 + /** + * 轻学堂秘钥 + * appId:b8fc3013c8ce409c90 + * appSecret:90876d91b3b7426c9184437a09358787 + */ MemberDO memberDO = this.baseMapper.selectOne(new QueryWrapper() .lambda() - .eq(MemberDO::getTelephone, qingxuetangLoginDTO.getTelephone())); + .eq(MemberDO::getTelephone, qingxuetangLoginDTO.getMobile())); + if (memberDO == null) { throw new HttpException(10010); } + /** + * 时间戳有没有过期 + */ + if (qingxuetangLoginDTO.getTimestamp()-System.currentTimeMillis()>=5*60*1000 || System.currentTimeMillis()-qingxuetangLoginDTO.getTimestamp()>=5*60*1000){ + OprMemDictDO oprMemDictDO = new OprMemDictDO(); + oprMemDictDO.setUserId(memberDO.getId()); + oprMemDictDO.setOprType("登录"); + oprMemDictDO.setResult(0); + oprMemDictMapper.insert(oprMemDictDO); + throw new HttpException(14002); + } + + //鉴权逻辑 对不对 + String preAuthen = ""; + + if (!StringUtils.isEmpty(qingxuetangLoginDTO.getNickname())){ + preAuthen = "appId=b8fc3013c8ce409c90&authCorpId="+qingxuetangLoginDTO.getAuthCorpId() + +"&authCorpName="+ qingxuetangLoginDTO.getAuthCorpName() + +"&mobile="+qingxuetangLoginDTO.getMobile() + +"&nickname="+qingxuetangLoginDTO.getNickname() + +"&openId="+qingxuetangLoginDTO.getOpenId() + +"×tamp="+qingxuetangLoginDTO.getTimestamp() + +"&appSecret=90876d91b3b7426c9184437a09358787" ; + }else { + preAuthen = "appId=b8fc3013c8ce409c90&authCorpId="+qingxuetangLoginDTO.getAuthCorpId() + +"&authCorpName="+ qingxuetangLoginDTO.getAuthCorpName() + +"&mobile="+qingxuetangLoginDTO.getMobile() + +"&openId="+qingxuetangLoginDTO.getOpenId() + +"×tamp="+qingxuetangLoginDTO.getTimestamp() + +"&appSecret=90876d91b3b7426c9184437a09358787" ; + } + + String result = SecretUtils.getMD5String(preAuthen); + if (!qingxuetangLoginDTO.getSign().equals(result)){ + OprMemDictDO oprMemDictDO = new OprMemDictDO(); + oprMemDictDO.setUserId(memberDO.getId()); + oprMemDictDO.setOprType("登录"); + oprMemDictDO.setResult(0); + oprMemDictMapper.insert(oprMemDictDO); + throw new HttpException(14001); + } + CompanyDictDO companyDictDO = companyDictMapper.selectById(memberDO.getCompanyId()); if ("冻结".equals(memberDO.getStatus())) { @@ -498,22 +535,18 @@ public class MemberServiceImpl extends ServiceImpl imple oprMemDictDO.setUserId(memberDO.getId()); oprMemDictDO.setOprType("登录"); oprMemDictDO.setResult(0); - //oprMemDictDO.setUserName(memberDO.getUserName()); - //oprMemDictDO.setCreateDate(System.currentTimeMillis() + ""); - //oprMemDictDO.setLoginDateFormat(DateFormatUtil.format(new Date(), "yyyyMMdd")); - //oprMemDictDO.setCompanyId(companyDictDO.getId()); - //oprMemDictDO.setCompanyName(companyDictDO.getCompanyName()); - //mongoTemplate.insert(oprMemDictDO); oprMemDictMapper.insert(oprMemDictDO); - //redisUtil.set(RedisPrefixConstant.SUBSIDY_MEMBER_LOGIN_PREFIX + memberDO.getId() + ":" + memberDO.getUserName() + ":" + companyDictDO.getCompanyName() + ":" + LocalDateTime.now(), oprMemDictDO); throw new HttpException(10013); } //是否登陆过 1:是 0:否 if (0 == memberDO.getFirstLogin()) { - memberDO.setFirstLogin(1); - this.baseMapper.updateById(memberDO); - //redisUtil.set(RedisPrefixConstant.SUBSIDY_COMPANY_MEMBER_PREFIX + memberDO.getCompanyId() + ":" + memberDO.getAccountName(), memberDO); + OprMemDictDO oprMemDictDO = new OprMemDictDO(); + oprMemDictDO.setUserId(memberDO.getId()); + oprMemDictDO.setOprType("登录"); + oprMemDictDO.setResult(0); + oprMemDictMapper.insert(oprMemDictDO); + throw new HttpException(10015); } BeanUtils.copyProperties(memberDO, userRoleVO); @@ -521,14 +554,8 @@ public class MemberServiceImpl extends ServiceImpl imple OprMemDictDO oprMemDictDO = new OprMemDictDO(); oprMemDictDO.setUserId(memberDO.getId()); oprMemDictDO.setOprType("登录"); - //oprMemDictDO.setUserName(memberDO.getUserName()); oprMemDictDO.setResult(1); - //oprMemDictDO.setCreateDate(System.currentTimeMillis() + ""); - //oprMemDictDO.setLoginDateFormat(DateFormatUtil.format(new Date(), "yyyyMMdd")); - //oprMemDictDO.setCompanyId(companyDictDO.getId()); - //oprMemDictDO.setCompanyName(companyDictDO.getCompanyName()); oprMemDictMapper.insert(oprMemDictDO); - //mongoTemplate.insert(oprMemDictDO); userRoleVO.setCompanyId(companyDictDO.getId()); userRoleVO.setCompanyName(companyDictDO.getCompanyName()); userRoleVO.setLogo(companyDictDO.getLogo()); @@ -536,7 +563,6 @@ public class MemberServiceImpl extends ServiceImpl imple .lambda() .eq(RotationImgDictDO::getCompanyId, companyDictDO.getId())); userRoleVO.setRotationImgDictDOS(rotationImgDictDOS); - String token = JwtUtil.generateToken(memberDO.getId(), ConstantUtils.MOBILE_TERMINATE); redisUtil.set(ConstantUtils.MOBILE_TERMINATE + "_" + memberDO.getId(), token); userRoleVO.setToken(token); diff --git a/src/main/java/com/subsidy/util/QuartzUtil.java b/src/main/java/com/subsidy/util/QuartzUtil.java index 2ec3f5e..d4ec58c 100644 --- a/src/main/java/com/subsidy/util/QuartzUtil.java +++ b/src/main/java/com/subsidy/util/QuartzUtil.java @@ -1,20 +1,10 @@ package com.subsidy.util; import com.subsidy.common.exception.HttpException; -import org.quartz.CronScheduleBuilder; -import org.quartz.CronTrigger; -import org.quartz.DateBuilder; -import org.quartz.JobBuilder; -import org.quartz.JobDataMap; -import org.quartz.JobDetail; -import org.quartz.JobKey; -import org.quartz.Scheduler; -import org.quartz.SimpleTrigger; -import org.quartz.Trigger; -import org.quartz.TriggerBuilder; -import org.quartz.TriggerKey; +import org.quartz.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; + import java.util.Date; import java.util.List; import java.util.Map; diff --git a/src/main/java/com/subsidy/util/SecretUtils.java b/src/main/java/com/subsidy/util/SecretUtils.java index b8b12c2..0796f3c 100644 --- a/src/main/java/com/subsidy/util/SecretUtils.java +++ b/src/main/java/com/subsidy/util/SecretUtils.java @@ -1,5 +1,7 @@ package com.subsidy.util; +import org.apache.commons.codec.digest.DigestUtils; + import java.math.BigInteger; import java.nio.charset.StandardCharsets; import java.security.MessageDigest; @@ -17,13 +19,15 @@ public class SecretUtils { public static String getMD5String(String str) { try { // 生成一个MD5加密计算摘要 - MessageDigest md = MessageDigest.getInstance("MD5"); + return DigestUtils.md5Hex(str.toString()).toUpperCase(); + // MessageDigest md = MessageDigest.getInstance("MD5"); // 计算md5函数 - md.update(str.getBytes()); +// md.update(str.getBytes("utf-8")); // digest()最后确定返回md5 hash值,返回值为8位字符串。因为md5 hash值是16位的hex值,实际上就是8位的字符 // BigInteger函数则将8位的字符串转换成16位hex值,用字符串来表示;得到字符串形式的hash值 //一个byte是八位二进制,也就是2位十六进制字符(2的8次方等于16的2次方) - return new BigInteger(1, md.digest()).toString(16); +// byte[] digest = md.digest(str.getBytes("utf-8")); +// return new BigInteger(1, digest).toString(16); } catch (Exception e) { e.printStackTrace(); return null; @@ -108,9 +112,13 @@ public class SecretUtils { } } + + + public static void main(String[] args) { String uuid = UUID.randomUUID().toString(); - System.out.println(uuid); - System.out.println(hash(uuid+"ixihs")); + System.out.println(uuid.replace("-","")); +// System.out.println(hash(uuid+"ixihs")); + System.out.println(System.currentTimeMillis()); } } \ No newline at end of file diff --git a/src/main/java/com/subsidy/vo/member/QXTSign.java b/src/main/java/com/subsidy/vo/member/QXTSign.java new file mode 100644 index 0000000..80328ae --- /dev/null +++ b/src/main/java/com/subsidy/vo/member/QXTSign.java @@ -0,0 +1,10 @@ +package com.subsidy.vo.member; + +import lombok.Data; + +@Data +public class QXTSign { + + private String sign; + +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index a62a220..37ce64a 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -1,7 +1,7 @@ # 环境配置 -spring.profiles.active=dev +spring.profiles.active=prod # 端口号 -spring.server.port=23457 +spring.server.port=23459 #嵌入tomcat配置 #和CPU数 spring.server.acceptorThreadCount=600 diff --git a/src/main/resources/code.properties b/src/main/resources/code.properties index 7a58a2c..e4e8c04 100644 --- a/src/main/resources/code.properties +++ b/src/main/resources/code.properties @@ -54,5 +54,8 @@ meishu.code-message[12001]=该职级已存在 meishu.code-message[13001]=已达到当日最大时长 +meishu.code-message[14001]=认证失败,签名不通过 +meishu.code-message[14002]=认证失败,签名已过期 + -- libgit2 0.25.0