轻学堂免密授权

src/main/java/com/subsidy/common/configure/QuartzConfig.java

@@ -6,6 +6,7 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.scheduling.quartz.SchedulerFactoryBean;
+
 import javax.sql.DataSource;
 
 /**

src/main/java/com/subsidy/controller/MemberController.java

@@ -78,7 +78,6 @@ public class MemberController {
         return ResponseData.generateCreatedResponse(0,memberService.qingxuetangLogin(qingxuetangLoginDTO));
     }
 
-
     @PostMapping("updatePassword")
     @ApiOperation("修改密码  {id  password}")
     @LoginRequired

src/main/java/com/subsidy/dto/member/QingxuetangLoginDTO.java

@@ -5,6 +5,23 @@ import lombok.Data;
 @Data
 public class QingxuetangLoginDTO {
 
-    private String telephone;
+//    private String telephone;
+
+    private String appId;
+
+    private String authCorpId;
+
+    private String authCorpName;
+
+    private String openId;
+
+    private String mobile;
+
+    private String nickname;
+
+    private Long timestamp;
+
+    private String sign;
+
 
 }

src/main/java/com/subsidy/service/MemberService.java

@@ -8,13 +8,7 @@ import com.subsidy.model.ExerciseDoneResultDO;
 import com.subsidy.model.FileDictDO;
 import com.subsidy.model.MemberDO;
 import com.subsidy.vo.administer.UserRoleVO;
-import com.subsidy.vo.member.ContentFilesVO;
-import com.subsidy.vo.member.ContentVodNewVO;
-import com.subsidy.vo.member.GetAllVO;
-import com.subsidy.vo.member.GetStudyInfoVO;
-import com.subsidy.vo.member.MemberStudyPageVO;
-import com.subsidy.vo.member.MemberVO;
-import com.subsidy.vo.member.MyCoursesVO;
+import com.subsidy.vo.member.*;
 import com.subsidy.vo.paper.QueryPapersVO;
 
 import java.util.List;

src/main/java/com/subsidy/service/impl/MemberServiceImpl.java

@@ -4,7 +4,6 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.subsidy.common.RedisPrefixConstant;
 import com.subsidy.common.exception.HttpException;
 import com.subsidy.dto.administer.VerifyCodeDTO;
 import com.subsidy.dto.member.*;
@@ -49,18 +48,11 @@ import com.subsidy.util.ConstantUtils;
 //import com.subsidy.util.RedisUtil;
 import com.subsidy.util.JwtUtil;
 import com.subsidy.util.RedisUtil;
+import com.subsidy.util.SecretUtils;
 import com.subsidy.vo.administer.UserRoleVO;
-import com.subsidy.vo.member.ContentFilesVO;
-import com.subsidy.vo.member.ContentVodNewVO;
-import com.subsidy.vo.member.ContentVodVO;
-import com.subsidy.vo.member.GetAllVO;
-import com.subsidy.vo.member.GetStudyInfoVO;
-import com.subsidy.vo.member.MemberStudyPageVO;
-import com.subsidy.vo.member.MemberVO;
-import com.subsidy.vo.member.MemberVodVO;
-import com.subsidy.vo.member.MyCoursesVO;
-import com.subsidy.vo.member.StudyPageVO;
+import com.subsidy.vo.member.*;
 import com.subsidy.vo.paper.QueryPapersVO;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.scheduling.annotation.AsyncResult;
@@ -481,16 +473,61 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, MemberDO> imple
 
         UserRoleVO userRoleVO = new UserRoleVO();
 
-        //鉴权逻辑
-
-        //先从redis里拿   还得从数据库先查公司。。还是直接查人快
+        /**
+         * 轻学堂秘钥
+         * appId:b8fc3013c8ce409c90
+         * appSecret:90876d91b3b7426c9184437a09358787
+         */
         MemberDO memberDO = this.baseMapper.selectOne(new QueryWrapper<MemberDO>()
                 .lambda()
-                .eq(MemberDO::getTelephone, qingxuetangLoginDTO.getTelephone()));
+                .eq(MemberDO::getTelephone, qingxuetangLoginDTO.getMobile()));
+
         if (memberDO == null) {
             throw new HttpException(10010);
         }
 
+        /**
+         * 时间戳有没有过期
+         */
+        if (qingxuetangLoginDTO.getTimestamp()-System.currentTimeMillis()>=5*60*1000 || System.currentTimeMillis()-qingxuetangLoginDTO.getTimestamp()>=5*60*1000){
+            OprMemDictDO oprMemDictDO = new OprMemDictDO();
+            oprMemDictDO.setUserId(memberDO.getId());
+            oprMemDictDO.setOprType("登录");
+            oprMemDictDO.setResult(0);
+            oprMemDictMapper.insert(oprMemDictDO);
+            throw new HttpException(14002);
+        }
+
+        //鉴权逻辑 对不对
+        String preAuthen = "";
+
+        if (!StringUtils.isEmpty(qingxuetangLoginDTO.getNickname())){
+            preAuthen = "appId=b8fc3013c8ce409c90&authCorpId="+qingxuetangLoginDTO.getAuthCorpId()
+                    +"&authCorpName="+ qingxuetangLoginDTO.getAuthCorpName()
+                    +"&mobile="+qingxuetangLoginDTO.getMobile()
+                    +"&nickname="+qingxuetangLoginDTO.getNickname()
+                    +"&openId="+qingxuetangLoginDTO.getOpenId()
+                    +"&timestamp="+qingxuetangLoginDTO.getTimestamp()
+                    +"&appSecret=90876d91b3b7426c9184437a09358787" ;
+        }else {
+            preAuthen = "appId=b8fc3013c8ce409c90&authCorpId="+qingxuetangLoginDTO.getAuthCorpId()
+                    +"&authCorpName="+ qingxuetangLoginDTO.getAuthCorpName()
+                    +"&mobile="+qingxuetangLoginDTO.getMobile()
+                    +"&openId="+qingxuetangLoginDTO.getOpenId()
+                    +"&timestamp="+qingxuetangLoginDTO.getTimestamp()
+                    +"&appSecret=90876d91b3b7426c9184437a09358787" ;
+        }
+
+        String result = SecretUtils.getMD5String(preAuthen);
+        if (!qingxuetangLoginDTO.getSign().equals(result)){
+            OprMemDictDO oprMemDictDO = new OprMemDictDO();
+            oprMemDictDO.setUserId(memberDO.getId());
+            oprMemDictDO.setOprType("登录");
+            oprMemDictDO.setResult(0);
+            oprMemDictMapper.insert(oprMemDictDO);
+            throw new HttpException(14001);
+        }
+
         CompanyDictDO companyDictDO = companyDictMapper.selectById(memberDO.getCompanyId());
 
         if ("冻结".equals(memberDO.getStatus())) {
@@ -498,22 +535,18 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, MemberDO> imple
             oprMemDictDO.setUserId(memberDO.getId());
             oprMemDictDO.setOprType("登录");
             oprMemDictDO.setResult(0);
-            //oprMemDictDO.setUserName(memberDO.getUserName());
-            //oprMemDictDO.setCreateDate(System.currentTimeMillis() + "");
-            //oprMemDictDO.setLoginDateFormat(DateFormatUtil.format(new Date(), "yyyyMMdd"));
-            //oprMemDictDO.setCompanyId(companyDictDO.getId());
-            //oprMemDictDO.setCompanyName(companyDictDO.getCompanyName());
-            //mongoTemplate.insert(oprMemDictDO);
             oprMemDictMapper.insert(oprMemDictDO);
-            //redisUtil.set(RedisPrefixConstant.SUBSIDY_MEMBER_LOGIN_PREFIX + memberDO.getId() + ":" + memberDO.getUserName() + ":" + companyDictDO.getCompanyName() + ":" + LocalDateTime.now(), oprMemDictDO);
             throw new HttpException(10013);
         }
 
         //是否登陆过   1：是 0：否
         if (0 == memberDO.getFirstLogin()) {
-            memberDO.setFirstLogin(1);
-            this.baseMapper.updateById(memberDO);
-            //redisUtil.set(RedisPrefixConstant.SUBSIDY_COMPANY_MEMBER_PREFIX + memberDO.getCompanyId() + ":" + memberDO.getAccountName(), memberDO);
+            OprMemDictDO oprMemDictDO = new OprMemDictDO();
+            oprMemDictDO.setUserId(memberDO.getId());
+            oprMemDictDO.setOprType("登录");
+            oprMemDictDO.setResult(0);
+            oprMemDictMapper.insert(oprMemDictDO);
+            throw new HttpException(10015);
         }
         BeanUtils.copyProperties(memberDO, userRoleVO);
 
@@ -521,14 +554,8 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, MemberDO> imple
         OprMemDictDO oprMemDictDO = new OprMemDictDO();
         oprMemDictDO.setUserId(memberDO.getId());
         oprMemDictDO.setOprType("登录");
-        //oprMemDictDO.setUserName(memberDO.getUserName());
         oprMemDictDO.setResult(1);
-        //oprMemDictDO.setCreateDate(System.currentTimeMillis() + "");
-        //oprMemDictDO.setLoginDateFormat(DateFormatUtil.format(new Date(), "yyyyMMdd"));
-        //oprMemDictDO.setCompanyId(companyDictDO.getId());
-        //oprMemDictDO.setCompanyName(companyDictDO.getCompanyName());
         oprMemDictMapper.insert(oprMemDictDO);
-        //mongoTemplate.insert(oprMemDictDO);
         userRoleVO.setCompanyId(companyDictDO.getId());
         userRoleVO.setCompanyName(companyDictDO.getCompanyName());
         userRoleVO.setLogo(companyDictDO.getLogo());
@@ -536,7 +563,6 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, MemberDO> imple
                 .lambda()
                 .eq(RotationImgDictDO::getCompanyId, companyDictDO.getId()));
         userRoleVO.setRotationImgDictDOS(rotationImgDictDOS);
-
         String token = JwtUtil.generateToken(memberDO.getId(), ConstantUtils.MOBILE_TERMINATE);
         redisUtil.set(ConstantUtils.MOBILE_TERMINATE + "_" + memberDO.getId(), token);
         userRoleVO.setToken(token);

src/main/java/com/subsidy/util/QuartzUtil.java

 package com.subsidy.util;
 
 import com.subsidy.common.exception.HttpException;
-import org.quartz.CronScheduleBuilder;
-import org.quartz.CronTrigger;
-import org.quartz.DateBuilder;
-import org.quartz.JobBuilder;
-import org.quartz.JobDataMap;
-import org.quartz.JobDetail;
-import org.quartz.JobKey;
-import org.quartz.Scheduler;
-import org.quartz.SimpleTrigger;
-import org.quartz.Trigger;
-import org.quartz.TriggerBuilder;
-import org.quartz.TriggerKey;
+import org.quartz.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+
 import java.util.Date;
 import java.util.List;
 import java.util.Map;

src/main/java/com/subsidy/util/SecretUtils.java

 package com.subsidy.util;
 
+import org.apache.commons.codec.digest.DigestUtils;
+
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
@@ -17,13 +19,15 @@ public class SecretUtils {
     public static String getMD5String(String str) {
         try {
             // 生成一个MD5加密计算摘要
-            MessageDigest md = MessageDigest.getInstance("MD5");
+            return DigestUtils.md5Hex(str.toString()).toUpperCase();
+            //            MessageDigest md = MessageDigest.getInstance("MD5");
             // 计算md5函数
-            md.update(str.getBytes());
+//            md.update(str.getBytes("utf-8"));
             // digest()最后确定返回md5 hash值，返回值为8位字符串。因为md5 hash值是16位的hex值，实际上就是8位的字符
             // BigInteger函数则将8位的字符串转换成16位hex值，用字符串来表示；得到字符串形式的hash值
             //一个byte是八位二进制，也就是2位十六进制字符（2的8次方等于16的2次方）
-            return new BigInteger(1, md.digest()).toString(16);
+//            byte[] digest = md.digest(str.getBytes("utf-8"));
+//            return new BigInteger(1, digest).toString(16);
         } catch (Exception e) {
             e.printStackTrace();
             return null;
@@ -108,9 +112,13 @@ public class SecretUtils {
         }
     }
 
+
+
+
     public static void main(String[] args) {
         String uuid = UUID.randomUUID().toString();
-        System.out.println(uuid);
-        System.out.println(hash(uuid+"ixihs"));
+        System.out.println(uuid.replace("-",""));
+//        System.out.println(hash(uuid+"ixihs"));
+        System.out.println(System.currentTimeMillis());
     }
 }
\ No newline at end of file

src/main/java/com/subsidy/vo/member/QXTSign.java

+package com.subsidy.vo.member;
+
+import lombok.Data;
+
+@Data
+public class QXTSign {
+
+    private String sign;
+
+}

src/main/resources/application.properties

 # 环境配置
-spring.profiles.active=dev
+spring.profiles.active=prod
 # 端口号
-spring.server.port=23457
+spring.server.port=23459
 #嵌入tomcat配置
 #和CPU数
 spring.server.acceptorThreadCount=600

src/main/resources/code.properties

@@ -54,5 +54,8 @@ meishu.code-message[12001]=该职级已存在
 
 meishu.code-message[13001]=已达到当日最大时长
 
+meishu.code-message[14001]=认证失败，签名不通过
+meishu.code-message[14002]=认证失败，签名已过期
+