物联网及互联网安全整改

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

@@ -1996,7 +1996,7 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        logger.info("after doctorCode :"+doctorCode);
        JSONObject map = null;
        try{
            map= oauthWlyyConfigService.checkWlyyUserDoctor(doctorCode);
            map= oauthWlyyConfigService.checkWlyyUserDoctor(doctorCode,wechatId);
        }catch (Exception e){
            logger.error(e);
            return ObjEnvelop.getError("授权失败");
@@ -2047,6 +2047,191 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
    }
    /**
     * iot i健康登陆
     *
     * @param parameters  不定入参：
     *                    client_id 应用标识
     *                    captcha 验证码
     *                    password 密码
     *                    username 用户名/手机/身份证号
     *                    key 图形验证码键值
     *                    text 用户输入的图形验证码
     *                    login_type 用户类型 1或默认为user，2：医生登录，3：患者登录，4:第三方同步账号登录,5.易联众居民健康卡授权登录
     * @param httpSession
     * @return
     * @throws Exception
     */
    @RequestMapping(value = "/oauth/iotIjklogin", method = RequestMethod.POST)
    public ResponseEntity<Oauth2Envelop<WlyyUserSimple>> iotIjklogin(@RequestParam Map<String, String> parameters, HttpSession httpSession) throws Exception {
        logger.info("login:登录进入1");
        String username = parameters.get("username");
        if (StringUtils.isEmpty(username)) {
            throw new InvalidRequestException("username");
        }
        String client_id = parameters.get("client_id");
        if (StringUtils.isEmpty(client_id)) {
            throw new InvalidRequestException("client_id");
        }
        if (StringUtils.isEmpty(parameters.get("captcha"))) {
            parameters.put("grant_type", "ihealthDcotor");
            //解密密码
            if (parameters.get("password") != null) {
                KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
                String password = com.yihu.jw.security.utils.RSAUtils.decryptBase64(parameters.get("password"), keyPair);
                logger.info("password："+password);
                String response = ykyyService.DoctorLogin(parameters.get("username"),password);
                if (!StringUtils.isEmpty(response)){
                    JSONObject object = JSONObject.parseObject(response);
                    logger.info("眼科通登陆返回参数："+object);
                    if (!object.getString("code").equalsIgnoreCase("10000")){
                        WlyyUserSimple userSimple = new WlyyUserSimple();
                        return getFailedResponse(object.getString("msg"),-1,userSimple);
                    }else {
                        JSONObject jsonObject = object.getJSONObject("value");
                        if (jsonObject!=null) {
                            String idCard = jsonObject.getString("idCard");
                            String verifyCode = jsonObject.getString("verifyCode");
                            String yktDoctorId= jsonObject.getString("id");
                            BaseDoctorDO doctorDOs = doctorDao.findByIdcard(idCard);
                            if (doctorDOs!=null){
                                doctorDOs.setVerifyCode(verifyCode);
                                doctorDOs.setYktDoctorId(yktDoctorId);
                                /*doctorDOs.setYktCode();*/
                                doctorDao.save(doctorDOs);
                            }else {
                                WlyyUserSimple userSimple = new WlyyUserSimple();
                                return getFailedResponse("您的账号未认证，请联系互联网医院工作人员，联系电话0592-2108763。",-1,userSimple);
                            }
                            if (idCard==null||idCard==""){
                                logger.info("身份证为空");
                            }else {
                                ykyyService.updateYkyyDoctor(idCard,verifyCode,yktDoctorId);
                            }
                        }
                    }
                }
                parameters.remove("password");
            } else if (parameters.get("mobile") != null) {
                KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
                String mobile = com.yihu.jw.security.utils.RSAUtils.decryptBase64(parameters.get("mobile"), keyPair);
                logger.info("mobile："+mobile);
                String password = null;
                String res = ykyyService.getDoctorPhone(mobile);
                if (res!=null&&res!=""){
                    JSONObject object = JSONObject.parseObject(res);
                    if (object.getString("code").equalsIgnoreCase("200")){
                        password = object.getString("data");
                    }else {
                        WlyyUserSimple userSimple = new WlyyUserSimple();
                        return getFailedResponse(object.getString("msg"),-1,userSimple);
                    }
                }
                String response = ykyyService.DoctorLogin(parameters.get("username"),password);
                if (!StringUtils.isEmpty(response)){
                    JSONObject object = JSONObject.parseObject(response);
                    logger.info("眼科通登陆返回参数："+object);
                    if (!object.getString("code").equalsIgnoreCase("10000")){
                        WlyyUserSimple userSimple = new WlyyUserSimple();
                        return getFailedResponse(object.getString("message"),-1,userSimple);
                    }else {
                        JSONObject jsonObject = object.getJSONObject("value");
                        if (jsonObject!=null) {
                            String idCard = jsonObject.getString("idCard");
                            String verifyCode = jsonObject.getString("verifyCode");
                            String yktDoctorId= jsonObject.getString("id");
                            BaseDoctorDO doctorDOs = doctorDao.findByIdcard(idCard);
                            if (doctorDOs!=null){
                                doctorDOs.setVerifyCode(verifyCode);
                                doctorDOs.setYktDoctorId(yktDoctorId);
                                /*doctorDOs.setYktCode();*/
                                doctorDao.save(doctorDOs);
                            }else {
                                WlyyUserSimple userSimple = new WlyyUserSimple();
                                return getFailedResponse("您的账号未认证，请联系互联网医院工作人员，联系电话0592-2108763。",-1,userSimple);
                            }
                            if (idCard==null||idCard==""){
                                logger.info("身份证为空");
                            }else {
                                ykyyService.updateYkyyDoctor(idCard,verifyCode,yktDoctorId);
                            }
                        }
                    }
                }
                parameters.remove("password");
            }else {
                //第三方同步账号模式登录
                parameters.put("grant_type", "ihealthDcotor");
            }
        } else {
            parameters.put("grant_type", "captcha");
        }
        logger.info("login:登录进入3");
        ClientDetails authenticatedClient = clientDetailsService.loadClientByClientId(client_id);
        if (null == authenticatedClient) {
            throw new InvalidRequestException("client_id");
        }
        logger.info("login:登录进入4"+authenticatedClient.getClientId());
        TokenRequest tokenRequest = oAuth2RequestFactory.createTokenRequest(parameters, authenticatedClient);
        oAuth2RequestValidator.validateScope(tokenRequest, authenticatedClient);
        OAuth2AccessToken token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
        if (token == null) {
            throw new UnsupportedGrantTypeException("Unsupported grant type: " + tokenRequest.getGrantType());
        }
        /*如果是移动端登陆则移除之前的token，
        在网关处通过HTTP状态码告知前端是过期（402）还是账号在别处登陆（403），
        实现同一账号只能在一处登陆*/
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        if (request.getHeader("login-device") != null && (request.getHeader("login-device").equalsIgnoreCase("mobile")||request.getHeader("login-device").equalsIgnoreCase("pc"))) {
            tokenStore.removeAccessToken(token.getValue());
            tokenStore.removeRefreshToken(token.getRefreshToken().getValue());
            token = getTokenGranter().grant(tokenRequest.getGrantType(), tokenRequest);
        }
        if (token == null) {
            throw new UnsupportedGrantTypeException("Unsupported grant type: " + tokenRequest.getGrantType());
        }
        WlyyUserSimple wlyyUserSimple = userDetailsService.authSuccess(parameters.get("username"));
        wlyyUserSimple.setAccessToken(token.getValue());
        wlyyUserSimple.setTokenType(token.getTokenType());
        wlyyUserSimple.setExpiresIn(token.getExpiresIn());
        wlyyUserSimple.setRefreshToken(token.getRefreshToken().getValue());
        wlyyUserSimple.setUser(parameters.get("username"));
        wlyyUserSimple.setState(parameters.get("state"));
        String loginType = parameters.get("login_type");
        String openid = parameters.get("openid");
        String wechatId = parameters.get("wechatId");
        logger.info("login:登录进入7");
        //更新患者openId
        BaseLoginLogDO baseLoginLogDO = new BaseLoginLogDO();
        logger.info("gengxin开始");
        if (!StringUtils.isEmpty(openid) && !"undefined".equalsIgnoreCase(openid) && ("3".equals(loginType)||"4".equalsIgnoreCase(loginType))) {
            baseLoginLogDO.setOpenid(openid);
            logger.info("gengxin进入"+openid);
            userDetailsService.updateOpenId(openid, wlyyUserSimple.getId());
            if (!StringUtils.isEmpty(wechatId)&& !"undefined".equalsIgnoreCase(wechatId)){
                logger.info("gengxin进入"+wechatId);
                userDetailsService.updateOpenIdAndWechatId(openid,wlyyUserSimple.getId(),wechatId);
            }
        }
        if (parameters.get("password") != null) {
            //使用密码登录成功后, 更新失败次数为 0
            userDetailsService.addFailureCount(username, 0);
        }
        userDetailsService.setRolePhth(loginType, token, wlyyUserSimple.getId(), redisTemplate);
        baseLoginLogDO.setUserId(wlyyUserSimple.getId());
        baseLoginLogDO.setCreateTime(new Date());
        String userAgent = JSONObject.toJSONString(wlyyUserSimple);
        baseLoginLogDO.setUserAgent(userAgent);
        baseLoginLogDO.setLoginType(loginType);
        baseLoginLogService.save(baseLoginLogDO);
        return getResponse(wlyyUserSimple);
    }
    @RequestMapping(value = "/oauth/imgCaptcha", method = RequestMethod.GET)
    @ApiOperation("生成验证码")
    public ObjEnvelop createCaptcha()throws Exception{
@@ -3624,4 +3809,5 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        return getResponse(wlyyUserSimple);
    }
}

server/svr-authentication/src/main/java/com/yihu/jw/security/service/OauthWlyyConfigService.java

@@ -239,7 +239,7 @@ public class OauthWlyyConfigService {
    }
    public JSONObject checkWlyyUserDoctor(String doctor)throws Exception{
    public JSONObject checkWlyyUserDoctor(String doctor,String wechatId)throws Exception{
        OauthWlyyConfigDO oauthWlyyConfigDO = oauthWlyyConfigDao.findOne("wlyyConfig");
        //token获取accesstoken
@@ -310,49 +310,52 @@ public class OauthWlyyConfigService {
                        userDO.setCreateTime(new Date());
                        userDO.setUpdateTime(new Date());
                        userDO = userDao.save(userDO);
                        //18补货员19社区药柜管理员20药柜区域管理员21药柜超级管理员
                        String expandLevel = doctorJson.getString("expandLevel");
                        RoleDO roleDO = roleDao.findOne(expandLevel);
                        userDO.setRoleId(roleDO.getId());
                        userDO = userDao.save(userDO);
                        List<WlyyUserAreaDO> userAreaDOList = userAreaDao.findAllByUserId(userDO.getId());
                        if (userAreaDOList==null||userAreaDOList.size()==0){
                            WlyyUserAreaDO userAreaDO = new  WlyyUserAreaDO();
                            userAreaDO.setUserId(userDO.getId());
                            userAreaDO.setCity(doctorJson.getString("city"));
                            userAreaDO.setCityName(doctorJson.getString("cityName"));
                            userAreaDO.setTown(doctorJson.getString("town"));
                            userAreaDO.setTownName(doctorJson.getString("townName"));
                            userAreaDO.setHospital(doctorJson.getString("hospital"));
                            userAreaDO.setHospitalName(doctorJson.getString("hospitalName"));
                            userAreaDO.setUpdateTime(new Date());
                            userAreaDO.setCreateTime(new Date());
                            userAreaDO.setDel(1);
                            userAreaDao.save(userAreaDO);
                        }
                        if (roleDO.getCode().equalsIgnoreCase("replenisher")){
                            String sql = "select d.id as id,d.equ_name as name from t_mediicine_device d where d.belong_community ='"+doctorJson.getString("hospital")+"' ";
                            List<Map<String,Object>> mapList = jdbcTemplate.queryForList(sql);
                            for (Map<String,Object> map:mapList){
                                WlyyUserEquipmentDO equipmentDO = new WlyyUserEquipmentDO();
                                String id = map.get("id").toString();
                                String name = map.get("name")==null?"":map.get("name").toString();
                                equipmentDO.setEquipmentId(id);
                                equipmentDO.setEquipmentName(name);
                                equipmentDO.setUserId(userDO.getId());
                                equipmentDO.setDel(1);
                                equipmentDO.setCityName(doctorJson.getString("cityName"));
                                equipmentDO.setCity(doctorJson.getString("city"));
                                equipmentDO.setTown(doctorJson.getString("town"));
                                equipmentDO.setTownName(doctorJson.getString("townName"));
                                equipmentDO.setHospital(doctorJson.getString("hospital"));
                                equipmentDO.setHospitalName(doctorJson.getString("hospitalName"));
                                equipmentDO.setCreateTime(new Date());
                                equipmentDO.setUpdateTime(new Date());
                                userEquipmentDao.save(equipmentDO);
                        if (!wechatId.equalsIgnoreCase("xm_iot_wx")){
                            //18补货员19社区药柜管理员20药柜区域管理员21药柜超级管理员
                            String expandLevel = doctorJson.getString("expandLevel");
                            RoleDO roleDO = roleDao.findOne(expandLevel);
                            userDO.setRoleId(roleDO.getId());
                            userDO = userDao.save(userDO);
                            List<WlyyUserAreaDO> userAreaDOList = userAreaDao.findAllByUserId(userDO.getId());
                            if (userAreaDOList==null||userAreaDOList.size()==0){
                                WlyyUserAreaDO userAreaDO = new  WlyyUserAreaDO();
                                userAreaDO.setUserId(userDO.getId());
                                userAreaDO.setCity(doctorJson.getString("city"));
                                userAreaDO.setCityName(doctorJson.getString("cityName"));
                                userAreaDO.setTown(doctorJson.getString("town"));
                                userAreaDO.setTownName(doctorJson.getString("townName"));
                                userAreaDO.setHospital(doctorJson.getString("hospital"));
                                userAreaDO.setHospitalName(doctorJson.getString("hospitalName"));
                                userAreaDO.setUpdateTime(new Date());
                                userAreaDO.setCreateTime(new Date());
                                userAreaDO.setDel(1);
                                userAreaDao.save(userAreaDO);
                            }
                            if (roleDO.getCode().equalsIgnoreCase("replenisher")){
                                String sql = "select d.id as id,d.equ_name as name from t_mediicine_device d where d.belong_community ='"+doctorJson.getString("hospital")+"' ";
                                List<Map<String,Object>> mapList = jdbcTemplate.queryForList(sql);
                                for (Map<String,Object> map:mapList){
                                    WlyyUserEquipmentDO equipmentDO = new WlyyUserEquipmentDO();
                                    String id = map.get("id").toString();
                                    String name = map.get("name")==null?"":map.get("name").toString();
                                    equipmentDO.setEquipmentId(id);
                                    equipmentDO.setEquipmentName(name);
                                    equipmentDO.setUserId(userDO.getId());
                                    equipmentDO.setDel(1);
                                    equipmentDO.setCityName(doctorJson.getString("cityName"));
                                    equipmentDO.setCity(doctorJson.getString("city"));
                                    equipmentDO.setTown(doctorJson.getString("town"));
                                    equipmentDO.setTownName(doctorJson.getString("townName"));
                                    equipmentDO.setHospital(doctorJson.getString("hospital"));
                                    equipmentDO.setHospitalName(doctorJson.getString("hospitalName"));
                                    equipmentDO.setCreateTime(new Date());
                                    equipmentDO.setUpdateTime(new Date());
                                    userEquipmentDao.save(equipmentDO);
                                }
                            }
                        }
                        return data;
                    }
                }else{

server/svr-authentication/src/main/java/com/yihu/jw/security/service/wlyyService.java

@@ -0,0 +1,58 @@
package com.yihu.jw.security.service;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.alipay.api.internal.util.codec.Base64;
import com.yihu.jw.entity.base.doctor.BaseDoctorDO;
import com.yihu.jw.entity.base.doctor.BaseDoctorHospitalDO;
import com.yihu.jw.entity.base.doctor.BaseDoctorRoleDO;
import com.yihu.jw.entity.base.patient.BasePatientDO;
import com.yihu.jw.entity.ca.OauthCaConfigDO;
import com.yihu.jw.entity.hospital.mapping.DoctorMappingDO;
import com.yihu.jw.security.dao.OauthCaConfigDao;
import com.yihu.jw.security.dao.doctor.BaseDoctorDao;
import com.yihu.jw.security.dao.doctor.BaseDoctorHospitalDao;
import com.yihu.jw.security.dao.doctor.BaseDoctorRoleDao;
import com.yihu.jw.security.dao.doctor.DoctorMappingDao;
import com.yihu.jw.security.dao.patient.BasePatientDao;
import com.yihu.jw.util.date.DateUtil;
import com.yihu.jw.util.http.HttpClientUtil;
import com.yihu.jw.util.idcard.IdCardUtil;
import com.yihu.utils.network.HttpResponse;
import com.yihu.utils.network.HttpUtils;
import com.yihu.utils.security.MD5;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.collections.map.HashedMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.io.UnsupportedEncodingException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static com.yihu.jw.util.common.PwdUtil.randomString;
/**
 * 眼科医院
 * Created by yeshijie on 2020/4/24.
 *
 * @author yeshijie.
 */
@Service
public class wlyyService {
    private Logger logger = LoggerFactory.getLogger(wlyyService.class);
    @Autowired
    private HttpClientUtil httpClientUtil;
}

server/svr-authentication/src/main/resources/application.yml

@@ -353,7 +353,7 @@ testPattern:
  sign: 0
  remote_inner_url: 172.16.100.240:10023/open/fileUpload/upload_stream
wechat:
  id: xm_ykyy_wx  # base库中,wx_wechat 的id字段
  id: xm_iot_wx  # base库中,wx_wechat 的id字段
im:
  im_list_get: http://172.26.0.105:3000/
kick:

svr/svr-base/src/main/resources/application.yml

@@ -101,7 +101,7 @@ spring:
    #    url: jdbc:mysql://172.17.110.160/base?useUnicode:true&characterEncoding=utf-8&autoReconnect=true
    #    username: ssgg
    #    password: ssgg
    url: jdbc:mysql://172.19.103.77/base?useUnicode:true&characterEncoding=utf-8&autoReconnect=true
    url: jdbc:mysql://172.19.103.77/base?useUnicode:true&characterEncoding=utf-8&autoReconnect=true&serverTimezone=GMT%2B8
    username: root
    password: 123456
  elasticsearch:

svr/svr-internet-hospital-job/src/main/resources/bootstrap.yml

@@ -1,12 +1,16 @@
spring:
  application:
    name: svr-internet-hospital-job-wangzinan
    name: svr-internet-hospital-job
  cloud:
    config:
      failFast: true
      username: jw
      password: jkzl
      password: Zjxl2023*
swagger:
  basic:
    enable: true
    username: jw
    password: Zjxl*#2023
---
spring:
  profiles: jwdev

svr/svr-internet-hospital/src/main/resources/bootstrap.yml

@@ -1,6 +1,6 @@
spring:
  application:
    name:  svr-internet-hospital-wangzhinan
    name:  svr-internet-hospital
  cloud:
    config:
      failFast: true