1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
|
package com.mesasoft.cn.web.controller;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.mesasoft.cn.SketchApplication;
import com.mesasoft.cn.modules.constant.ConfigConsts;
import com.mesasoft.cn.modules.constant.DefaultValues;
import com.mesasoft.cn.annotation.AuthInterceptor;
import com.mesasoft.cn.config.TokenConfig;
import com.mesasoft.cn.entity.Result;
import com.mesasoft.cn.entity.ResultEntity;
import com.mesasoft.cn.entity.User;
import com.mesasoft.cn.enums.InterceptorLevel;
import com.mesasoft.cn.service.IUserService;
import com.mesasoft.cn.util.ControllerUtils;
import com.zhazhapan.modules.constant.ValueConsts;
import com.zhazhapan.util.Checker;
import com.zhazhapan.util.Formatter;
import com.zhazhapan.util.encryption.JavaEncrypt;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
/**
* @author pantao
* @since 2018/1/22
*/
@RestController
@RequestMapping("/user")
@Api(value = "/user", description = "用户相关操作")
public class UserController {
private final IUserService userService;
private final HttpServletRequest request;
private final JSONObject jsonObject;
@Autowired
public UserController(IUserService userService, HttpServletRequest request, JSONObject jsonObject) {
this.userService = userService;
this.request = request;
this.jsonObject = jsonObject;
}
@ApiOperation(value = "更新用户权限(注:不是文件权限)")
@AuthInterceptor(InterceptorLevel.ADMIN)
@RequestMapping(value = "/{id}/{permission}", method = RequestMethod.PUT)
public String updatePermission(@PathVariable("id") int id, @PathVariable("permission") int permission) {
User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING);
if (user.getPermission() < ValueConsts.THREE_INT && permission > 1) {
jsonObject.put("message", "权限不够,设置失败");
} else if (userService.updatePermission(id, permission)) {
jsonObject.put("message", "更新成功");
} else {
jsonObject.put("message", "更新失败,请稍后重新尝试");
}
return jsonObject.toJSONString();
}
@ApiOperation("重置用户密码(管理员接口)")
@AuthInterceptor(InterceptorLevel.ADMIN)
@RequestMapping(value = "/reset/{id}/{password}", method = RequestMethod.PUT)
public String resetPassword(@PathVariable("id") int id, @PathVariable("password") String password) {
return ControllerUtils.getResponse(userService.resetPassword(id, password));
}
@ApiOperation(value = "更新用户的默认文件权限")
@ApiImplicitParam(name = "auth", value = "权限", example = "1,1,1,1", required = true)
@AuthInterceptor(InterceptorLevel.ADMIN)
@RequestMapping(value = "/{id}/auth", method = RequestMethod.PUT)
public String updateFileAuth(@PathVariable("id") int id, String auth) {
return ControllerUtils.getResponse(userService.updateFileAuth(id, auth));
}
@ApiOperation(value = "获取所有用户")
@ApiImplicitParams({@ApiImplicitParam(name = "user", value = "指定用户(默认所有用户)"), @ApiImplicitParam(name = "offset",
value = "偏移量", required = true)})
@AuthInterceptor(InterceptorLevel.ADMIN)
@RequestMapping(value = "/all", method = RequestMethod.GET)
public String getUser(String user, int offset) {
User u = (User) request.getSession().getAttribute(ValueConsts.USER_STRING);
return Formatter.listToJson(userService.listUser(u.getPermission(), user, offset));
}
@ApiOperation(value = "更新我的基本信息")
@ApiImplicitParams({@ApiImplicitParam(name = "avatar", value = "头像(可空)"), @ApiImplicitParam(name = "realName",
value = "真实姓名(可空)"), @ApiImplicitParam(name = "email", value = "邮箱(可空)"), @ApiImplicitParam(name =
"code", value = "验证码(可空)")})
@AuthInterceptor(InterceptorLevel.USER)
@RequestMapping(value = "/info", method = RequestMethod.PUT)
public String updateBasicInfo(String avatar, String realName, String email, String code) {
User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING);
jsonObject.put("message", "保存成功");
boolean emilVerify = SketchApplication.settings.getBooleanUseEval(ConfigConsts.EMAIL_VERIFY_OF_SETTINGS);
if (Checker.isNotEmpty(email) && !email.equals(user.getEmail())) {
if (!emilVerify || isCodeValidate(code)) {
if (userService.emailExists(email)) {
jsonObject.put("message", "邮箱更新失败,该邮箱已经存在");
} else {
user.setEmail(email);
}
} else {
jsonObject.put("message", "邮箱更新失败,验证码校验失败");
}
}
if (userService.updateBasicInfoById(user.getId(), avatar, realName, user.getEmail())) {
user.setAvatar(avatar);
user.setRealName(realName);
jsonObject.put("status", "success");
} else {
jsonObject.put("message", "服务器发生错误,请稍后重新尝试");
}
jsonObject.put("email", user.getEmail());
return jsonObject.toString();
}
@ApiOperation(value = "更新我的密码")
@ApiImplicitParams({@ApiImplicitParam(name = "oldPassword", value = "原密码", required = true), @ApiImplicitParam
(name = "newPassword", value = "新密码", required = true)})
@AuthInterceptor(InterceptorLevel.USER)
@RequestMapping(value = "/password", method = RequestMethod.PUT)
public String updatePassword(String oldPassword, String newPassword) {
User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING);
jsonObject.put("status", "error");
try {
if (user.getPassword().equals(JavaEncrypt.sha256(oldPassword))) {
if (userService.updatePasswordById(newPassword, user.getId())) {
jsonObject.put("status", "success");
TokenConfig.removeTokenByValue(user.getId());
} else {
jsonObject.put("message", "新密码格式不正确");
}
} else {
jsonObject.put("message", "原密码不正确");
}
} catch (NoSuchAlgorithmException | UnsupportedEncodingException e) {
jsonObject.put("message", "服务器内部错误,请稍后重新尝试");
}
return jsonObject.toString();
}
@ApiOperation(value = "获取我的基本信息")
@AuthInterceptor(InterceptorLevel.USER)
@RequestMapping(value = "/info", method = RequestMethod.GET)
public String getInfo() {
User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING);
JSONObject object = JSON.parseObject(user.toString());
object.remove(ValueConsts.ID_STRING);
object.remove(ValueConsts.PASSWORD_STRING);
return object.toString();
}
@ApiOperation(value = "登录(用户名密码和token必须有一个输入)")
@ApiImplicitParams({@ApiImplicitParam(name = "username", value = "用户名"), @ApiImplicitParam(name
= "password", value = "密码"), @ApiImplicitParam(name = "auto", value = "是否自动登录", dataType = "Boolean"),
@ApiImplicitParam(name = "token", value = "用于自动登录")})
@AuthInterceptor(InterceptorLevel.NONE)
@RequestMapping(value = "/login", method = RequestMethod.PUT)
public String login(String username, String password, boolean auto, String token) {
//使用密码登录
User user = userService.login(username, password, ValueConsts.NULL_STRING, ValueConsts.NULL_RESPONSE);
if (Checker.isNull(user) || user.getPermission() < 1) {
jsonObject.put("status", "failed");
} else {
request.getSession().setAttribute(ValueConsts.USER_STRING, user);
jsonObject.put("status", "success");
if (auto) {
jsonObject.put("token", TokenConfig.generateToken(token, user.getId()));
} else {
jsonObject.put("token", "");
TokenConfig.removeTokenByValue(user.getId());
}
}
return jsonObject.toString();
}
@ApiOperation(value = "用户注册(当不需要验证邮箱时,邮箱和验证码可空)")
@ApiImplicitParams({@ApiImplicitParam(name = "username", value = "用户名", required = true), @ApiImplicitParam(name
= "email", value = "邮箱"), @ApiImplicitParam(name = "password", value = "密码", required = true),
@ApiImplicitParam(name = "code", value = "验证码")})
@AuthInterceptor(InterceptorLevel.NONE)
@RequestMapping(value = "/register", method = RequestMethod.POST)
public String register(String username, String email, String password, String code) {
boolean emilVerify = SketchApplication.settings.getBooleanUseEval(ConfigConsts.EMAIL_VERIFY_OF_SETTINGS);
jsonObject.put("status", "error");
if (!emilVerify || isCodeValidate(code)) {
if (userService.usernameExists(username)) {
jsonObject.put("message", "用户名已经存在");
} else if (userService.emailExists(email)) {
jsonObject.put("message", "该邮箱已经被注册啦");
} else if (userService.register(username, email, password)) {
jsonObject.put("status", "success");
} else {
jsonObject.put("message", "数据格式不合法");
}
} else {
jsonObject.put("message", "验证码校验失败");
}
return jsonObject.toString();
}
@ApiOperation(value = "重置我的密码")
@ApiImplicitParams({@ApiImplicitParam(name = "email", value = "邮箱", required = true), @ApiImplicitParam(name =
"code", value = "验证码", required = true), @ApiImplicitParam(name = "password", value = "密码", required =
true)})
@AuthInterceptor(InterceptorLevel.NONE)
@RequestMapping(value = "/password/reset", method = RequestMethod.PUT)
public String resetPassword(String email, String code, String password) {
jsonObject.put("status", "error");
if (isCodeValidate(code)) {
if (userService.resetPasswordByEmail(email, password)) {
jsonObject.put("status", "success");
} else {
jsonObject.put("message", "格式不合法");
}
} else {
jsonObject.put("message", "验证码校验失败");
}
return jsonObject.toString();
}
@ApiOperation(value = "检测用户名是否已经注册")
@ApiImplicitParam(name = "username", value = "用户名", required = true)
@AuthInterceptor(InterceptorLevel.NONE)
@RequestMapping(value = "/username/exists", method = RequestMethod.GET)
public String usernameExists(String username) {
jsonObject.put("exists", userService.usernameExists(username));
return jsonObject.toString();
}
@ApiOperation(value = "检测邮箱是否已经注册")
@ApiImplicitParam(name = "email", value = "邮箱", required = true)
@AuthInterceptor(InterceptorLevel.NONE)
@RequestMapping(value = "/email/exists", method = RequestMethod.GET)
public String emailExists(String email) {
jsonObject.put("exists", userService.emailExists(email));
return jsonObject.toString();
}
private boolean isCodeValidate(String code) {
return Checker.checkNull(code).equals(String.valueOf(request.getSession().getAttribute(DefaultValues
.CODE_STRING)));
}
@ApiOperation(value = "登录(用户名密码和token必须有一个输入)")
@ApiImplicitParams({@ApiImplicitParam(name = "username", value = "用户名"), @ApiImplicitParam(name
= "password", value = "密码"), @ApiImplicitParam(name = "auto", value = "是否自动登录", dataType = "Boolean"),
@ApiImplicitParam(name = "token", value = "用于自动登录")})
@AuthInterceptor(InterceptorLevel.NONE)
@RequestMapping(value = "/login2", method = RequestMethod.PUT)
public ResultEntity login2(String username, String password, boolean auto, String token) {
JSONObject resultObject = null;
//使用密码登录
User user = userService.login(username, password, ValueConsts.NULL_STRING, ValueConsts.NULL_RESPONSE);
if (Checker.isNull(user) || user.getPermission() < 1) {
return Result.fail();
} else {
request.getSession().setAttribute(ValueConsts.USER_STRING, user);
if (auto) {
resultObject.put("token", TokenConfig.generateToken(token, user.getId()));
} else {
resultObject.put("token", "");
TokenConfig.removeTokenByValue(user.getId());
}
}
return Result.success(resultObject);
}
}
|
