fix: 增加接口判断

basic-interface/src/main/java/ink/wgink/interfaces/sms/ISmsBaseService.java

@@ -19,4 +19,6 @@ public interface ISmsBaseService {
      * @return
      */
     String getVerifyCode(String phone);
+
+    void checkVerifyCode(String phone, String code);
 }

basic-util/src/main/java/ink/wgink/util/FolderUtil.java

@@ -23,4 +23,28 @@ public class FolderUtil {
         }
         folder.mkdirs();
     }
+
+    /**
+     * 删除文件
+     *
+     * @param path
+     */
+    public static void delete(String path) {
+        File file = new File(path);
+        if (!file.exists()) {
+            return;
+        }
+        if (file.isFile()) {
+            file.delete();
+            return;
+        }
+        File[] subFiles = file.listFiles();
+        if (subFiles != null) {
+            for (File subFile : subFiles) {
+                delete(subFile.getAbsolutePath());
+            }
+        }
+        file.delete();
+    }
+
 }

basic-util/src/main/java/ink/wgink/util/string/WStringUtil.java

@@ -120,7 +120,7 @@ public class WStringUtil {
      * @date 2018年2月28日 下午4:28:45
      */
     public static String lowerUpper2UnderLine(String str) {
-        return lowerUpper2Separator(str, "-");
+        return lowerUpper2Separator(str, "_");
     }
 
     /**

common/pom.xml

@@ -77,6 +77,11 @@
             <artifactId>spring-security-web</artifactId>
         </dependency>
         <!-- spring end -->
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.2.1</version>
+        </dependency>
 
     </dependencies>
 

common/src/main/java/ink/wgink/common/advice/ResponseAdvice.java

@@ -104,7 +104,7 @@ public class ResponseAdvice {
         }
         String contentType = request.getContentType();
         String requestURI = request.getRequestURI();
-        if ((requestURI.contains("/app/")) || (contentType != null && contentType.contains(MediaType.APPLICATION_JSON_VALUE))) {
+        if ((requestURI.contains("/api/") || requestURI.contains("/app/")) || (contentType != null && contentType.contains(MediaType.APPLICATION_JSON_VALUE))) {
             response.setCharacterEncoding(ISystemConstant.CHARSET_UTF8);
             response.setContentType(MediaType.APPLICATION_JSON_VALUE);
             response.setStatus(HttpStatus.BAD_REQUEST.value());

common/src/main/java/ink/wgink/common/manager/env/EnvManager.java

@@ -74,6 +74,14 @@ public class EnvManager {
         return value;
     }
 
+    public String getValue(String key, String defaultValue) {
+        String value = getValue(key);
+        if (StringUtils.isBlank(value)) {
+            return defaultValue;
+        }
+        return value;
+    }
+
     public static String value(String key) {
         String value = getInstance().getValue(key);
         if (StringUtils.isBlank(value)) {
@@ -82,6 +90,10 @@ public class EnvManager {
         return value;
     }
 
+    public static String value(String key, String defaultValue) {
+        return getInstance().getValue(key, defaultValue);
+    }
+
     public void setEnvDao(IEnvDao envDao) {
         this.envDao = envDao;
     }

login-app/src/main/java/ink/wgink/login/app/controller/app/api/appsign/AppSignAppController.java

@@ -9,6 +9,7 @@ import ink.wgink.interfaces.sms.ISmsBaseService;
 import ink.wgink.login.app.pojo.vos.appsign.AppLoginDefaultVO;
 import ink.wgink.login.app.pojo.vos.appsign.AppLoginPhoneVO;
 import ink.wgink.login.app.service.appsign.IAppSignService;
+import ink.wgink.login.base.exceptions.UserAuthenticationException;
 import ink.wgink.pojo.result.ErrorResult;
 import ink.wgink.pojo.result.SuccessResultData;
 import ink.wgink.util.RegexUtil;
@@ -62,13 +63,7 @@ public class AppSignAppController extends DefaultBaseController {
         if (!RegexUtil.isPhone(appLoginPhoneVO.getUsername())) {
             throw new ParamsException("用户名非手机格式");
         }
-        String verifyCode = smsBaseService.getVerifyCode(appLoginPhoneVO.getUsername());
+        smsBaseService.checkVerifyCode(appLoginPhoneVO.getUsername(), appLoginPhoneVO.getVerificationCode());
-        if (StringUtils.isBlank(verifyCode)) {
-            throw new ParamsException("未发送验证码");
-        }
-        if (!StringUtils.equalsIgnoreCase(verifyCode, appLoginPhoneVO.getVerificationCode())) {
-            throw new ParamsException("验证码错误");
-        }
         return new SuccessResultData<>(appSignService.phoneSign(appLoginPhoneVO));
     }
 

login-base/src/main/java/ink/wgink/login/base/service/user/UserLoginService.java

@@ -219,6 +219,7 @@ public class UserLoginService {
     private void updateLoginInfo(String userId, String address, String currentTime) throws UpdateException {
         Map<String, Object> params = new HashMap<>(10);
         params.put("userId", userId);
+        params.put("userState", 0);
         params.put("lastLoginAddress", address);
         params.put("lastLoginTime", currentTime);
         params.put("gmtModified", currentTime);

login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java

@@ -5,6 +5,8 @@ import ink.wgink.exceptions.SearchException;
 import ink.wgink.login.oauth2.client.auth.UserTokenManager;
 import ink.wgink.login.oauth2.client.auth.manager.UserToken;
 import ink.wgink.pojo.bos.UserInfoBO;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
@@ -26,9 +28,9 @@ import java.io.IOException;
 
 @Order(value = Ordered.HIGHEST_PRECEDENCE)
 @Component
-@WebFilter(filterName = "ContentCachingFilter", urlPatterns = "/*")
+@WebFilter(filterName = "UserTokenFilter", urlPatterns = "/*")
 public class UserTokenFilter extends OncePerRequestFilter {
-
+    private static final Logger LOG = LoggerFactory.getLogger(UserTokenFilter.class);
     private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
 
     @Override
@@ -52,7 +54,9 @@ public class UserTokenFilter extends OncePerRequestFilter {
         UserTokenManager userTokenManager = UserTokenManager.getInstance();
         UserToken userToken = userTokenManager.get(userId);
         if (userToken == null) {
-            throw new SearchException("用户未登录，userId异常");
+            LOG.error("用户未登录，userId异常");
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            return;
         }
         UserInfoBO userInfo = userToken.getUserInfo();
         userTokenManager.refresh(userInfo, userToken.getGrantedAuthorities());

module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java

@@ -0,0 +1,81 @@
+package ink.wgink.module.oauth2.filter;
+
+import ink.wgink.exceptions.SearchException;
+import ink.wgink.pojo.bos.RoleGrantedAuthorityBO;
+import ink.wgink.pojo.bos.UserInfoBO;
+import org.jsoup.internal.StringUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+@Order(value = Ordered.HIGHEST_PRECEDENCE)
+@Component
+@WebFilter(filterName = "AccessTokenFilter", urlPatterns = "/*")
+public class AccessTokenFilter extends OncePerRequestFilter {
+
+    private static final Logger LOG = LoggerFactory.getLogger(AccessTokenFilter.class);
+    @Autowired(required = false)
+    private IAccessTokenCheckFilter accessTokenCheckFilter;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        if (accessTokenCheckFilter == null) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        String authorization = request.getHeader("Auth");
+        if (StringUtil.isBlank(authorization)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        if (!authorization.startsWith("Bearer ")) {
+            LOG.error("用户未登录，authorization异常");
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        }
+        String accessToken = authorization.replace("Bearer ", "");
+        UserInfoBO userInfo = accessTokenCheckFilter.getUserInfo(accessToken);
+        Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
+        userInfo.getRoles().forEach(role -> {
+            RoleGrantedAuthorityBO roleGrantedAuthorityBO = new RoleGrantedAuthorityBO(role.getRoleId(), role.getRoleName(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList());
+            grantedAuthorities.add(roleGrantedAuthorityBO);
+        });
+        UsernamePasswordAuthenticationToken userAuthenticationTokenResult = new UsernamePasswordAuthenticationToken(userInfo, null, grantedAuthorities);
+        SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
+        SecurityContext context = securityContextHolderStrategy.createEmptyContext();
+        context.setAuthentication(userAuthenticationTokenResult);
+        securityContextHolderStrategy.setContext(context);
+        request.getSession().setAttribute("SPRING_SECURITY_CONTEXT", context);
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * AccessToken校验过滤器
+     */
+    public interface IAccessTokenCheckFilter {
+
+        UserInfoBO getUserInfo(String accessToken);
+
+    }
+
+}

module-sms/src/main/java/ink/wgink/module/sms/service/sms/impl/SmsServiceImpl.java

@@ -274,6 +274,11 @@ public class SmsServiceImpl extends DefaultBaseService implements ISmsService {
         return VerifyCodeManager.getInstance().getVerifyCode(phone);
     }
 
+    @Override
+    public void checkVerifyCode(String phone, String code) {
+        VerifyCodeManager.getInstance().checkVerifyCode(phone, code);
+    }
+
     /**
      * 设置用户
      *

redis-cache/src/main/java/ink/wgink/redis/cache/manager/files/RedisFilesShowCodeService.java

@@ -13,6 +13,7 @@ import org.springframework.stereotype.Component;
 
 import java.util.HashSet;
 import java.util.Set;
+import java.util.concurrent.TimeUnit;
 
 /**
  * @ClassName: RedisFilesShowCodeServiceImpl
@@ -36,12 +37,15 @@ public class RedisFilesShowCodeService implements IFilesShowCodeService {
 
     @Override
     public void clearTimeoutShowCode() {
-        Set<String> keySet = redisTemplate.keys(FILE_SHOW_CODE_KEY);
+        Set<String> keySet = redisTemplate.keys(FILE_SHOW_CODE_KEY + "**");
         long currentTimeMillis = System.currentTimeMillis();
         Set<String> clearKeys = new HashSet<>(16);
         long clearTimeoutShowCodeCount = 0;
         for (String key : keySet) {
-            FilesShowCode showCode = getShowCode(key);
+            FilesShowCode showCode = (FilesShowCode) redisTemplate.opsForValue().get(key);
+            if (showCode == null) {
+                continue;
+            }
             if (currentTimeMillis - showCode.getLatestUpdateTime() > SHOW_CODE_TIMEOUT_MILLIS) {
                 clearKeys.add(FILE_SHOW_CODE_KEY + showCode.getFileId());
             }
@@ -66,8 +70,7 @@ public class RedisFilesShowCodeService implements IFilesShowCodeService {
     public synchronized FilesShowCode getShowCode(String fileId) {
         FilesShowCode showCode = (FilesShowCode) redisTemplate.opsForValue().get(FILE_SHOW_CODE_KEY + fileId);
         if (showCode != null) {
-            showCode.setLatestUpdateTime(System.currentTimeMillis());
+            redisTemplate.opsForValue().set(FILE_SHOW_CODE_KEY + fileId, showCode, 1, TimeUnit.MINUTES);
-            redisTemplate.opsForValue().set(FILE_SHOW_CODE_KEY + fileId, showCode);
         }
         return showCode;
     }

service-user/src/main/java/ink/wgink/service/user/controller/app/api/UserAppController.java

@@ -185,13 +185,7 @@ public class UserAppController extends DefaultBaseController {
         if (updatePhonePasswordVO.getNewPassword().length() < 6) {
             throw new ParamsException("新密码长度必须大于6位");
         }
-        String verifyCode = smsBaseService.getVerifyCode(updatePhonePasswordVO.getPhone());
+        smsBaseService.checkVerifyCode(updatePhonePasswordVO.getPhone(), updatePhonePasswordVO.getVerificationCode());
-        if (StringUtils.isBlank(verifyCode)) {
-            throw new ParamsException("验证码为空");
-        }
-        if (!StringUtils.equalsIgnoreCase(verifyCode, updatePhonePasswordVO.getVerificationCode())) {
-            throw new ParamsException("验证码错误");
-        }
         userService.updatePasswordByUsername(updatePhonePasswordVO.getPhone(), updatePhonePasswordVO.getNewPassword());
         return new SuccessResult();
     }

service-user/src/main/resources/mybatis/mapper/user-mapper.xml

@@ -230,6 +230,9 @@
         UPDATE
             sys_user
         SET
+        <if test="userState != null">
+            user_state = #{userState},
+        </if>
         <if test="userLongitude != null and userLongitude != ''">
             user_longitude = #{userLongitude},
         </if>