Merge branch 'dev' of http://192.168.1.220:10080/Amoy2/wlyy2.0 into dev

common/common-entity/src/main/java/com/yihu/jw/entity/base/menu/BaseMenuUrlDO.java

@@ -0,0 +1,48 @@
package com.yihu.jw.entity.base.menu;
import com.yihu.jw.entity.UuidIdentityEntityWithCreateTime;
import com.yihu.jw.entity.UuidIdentityEntityWithTime;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
/**
 * 菜单控制的url表 用来做url权限控制
 * Created by yeshijie on 2022/7/20.
 */
@Entity
@Table(name = "base_menu_url")
public class BaseMenuUrlDO extends UuidIdentityEntityWithCreateTime {
    private String menuId;//对应base_menu表的id字段
    private String url;//url链接
    private String urlName;//url名称
    @Column(name = "menu_id")
    public String getMenuId() {
        return menuId;
    }
    public void setMenuId(String menuId) {
        this.menuId = menuId;
    }
    @Column(name = "url")
    public String getUrl() {
        return url;
    }
    public void setUrl(String url) {
        this.url = url;
    }
    @Column(name = "url_name")
    public String getUrlName() {
        return urlName;
    }
    public void setUrlName(String urlName) {
        this.urlName = urlName;
    }
}

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyIotLoginEndpoint.java

@@ -3,6 +3,7 @@ package com.yihu.jw.security.oauth2.provider.endpoint;
import com.alibaba.fastjson.JSONObject;
import com.yihu.jw.patient.util.ConstantUtils;
import com.yihu.jw.restmodel.ResultStatus;
import com.yihu.jw.security.exception.ImgCaptchaException;
import com.yihu.jw.security.model.Captcha;
import com.yihu.jw.security.model.Oauth2Envelop;
import com.yihu.jw.security.oauth2.core.redis.WlyyRedisVerifyCodeService;
@@ -13,6 +14,7 @@ import io.swagger.annotations.ApiOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -47,6 +49,8 @@ public class WlyyIotLoginEndpoint {
    private IotSMSService iotSMSService;
    @Autowired
    private UserService userService;
    @Autowired
    private StringRedisTemplate redisTemplate;
    @RequestMapping(value = "/oauth/sendIotCaptcha", method = RequestMethod.GET)
    @ApiOperation("发送短信验证码")
@@ -59,6 +63,15 @@ public class WlyyIotLoginEndpoint {
        if (StringUtils.isEmpty(mobile)) {
            throw new InvalidRequestException("username");
        }
        //图形验证码验证
        String key = parameters.get("key");
        String text = parameters.get("text");
        if(!verifyCaptcha(key,text)){
            throw new ImgCaptchaException("验证码错误！");
        }
        //验证请求间隔超时，防止频繁获取验证码
        if (!wlyyRedisVerifyCodeService.isIntervalTimeout(client_id, mobile)) {
            throw new IllegalAccessException("SMS request frequency is too fast");
@@ -82,6 +95,16 @@ public class WlyyIotLoginEndpoint {
        throw new IllegalStateException("验证码发送失败！result:"+ result);
    }
    public boolean verifyCaptcha(String key,String text){
        boolean pass = false;
        String captcha = redisTemplate.opsForValue().get(key);
        if (org.apache.commons.lang3.StringUtils.isNotBlank(captcha)&& captcha.equals(text.toLowerCase())){
            pass = true;
            redisTemplate.delete(key);
        }
        return pass;
    }
    @RequestMapping(value = "/oauth/captchaAndRegister", method = RequestMethod.POST)
    @ApiOperation("验证短信验证码并注册")
    public ResponseEntity<Oauth2Envelop> captchaCheck(@RequestParam Map<String, String> parameters) throws Exception {
@@ -98,6 +121,15 @@ public class WlyyIotLoginEndpoint {
        if (StringUtils.isEmpty(captcha)) {
            throw new InvalidRequestException("captcha");
        }
        //图形验证码验证
        String key = parameters.get("key");
        String text = parameters.get("text");
        if(!verifyCaptcha(key,text)){
            throw new ImgCaptchaException("验证码错误！");
        }
        Oauth2Envelop<Boolean> oauth2Envelop;
        //判断当前手机号是否注册过
        Boolean b = userService.isRegisterUserName(mobile);

svr/svr-iot/src/main/java/com/yihu/iot/config/MvcConfig.java

@@ -3,6 +3,7 @@ package com.yihu.iot.config;
import com.yihu.iot.interceptor.CrosXssFilter;
import com.yihu.iot.interceptor.GateWayInterceptor;
import com.yihu.iot.interceptor.PermissionInterceptor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -21,6 +22,8 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
    private Logger logger = LoggerFactory.getLogger(MvcConfig.class);
    @Autowired
    private GateWayInterceptor gateWayInterceptor;
    @Autowired
    private PermissionInterceptor permissionInterceptor;
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
@@ -31,6 +34,15 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
                "/svr-iot/open/gc/accesstoken",
                "/svr-iot/open/gc/createGcClientDetails");
        registry.addInterceptor(permissionInterceptor)
                .addPathPatterns("/svr-iot/**")
                .addPathPatterns("/equipmentManage/**")
                .excludePathPatterns(
                "/svr-iot/open/gc/**","/svr-iot/systemDict/findDictByCode"
                        ,"/svr-iot/systemDict/findByDictName","svr-iot/fileUpload/open/fileUpload"
        );
        super.addInterceptors(registry);
        logger.info("init gateWayInterceptor");
    }

svr/svr-iot/src/main/java/com/yihu/iot/controller/common/CommonController.java

@@ -0,0 +1,55 @@
package com.yihu.iot.controller.common;
import com.yihu.iot.dao.common.BaseMenuUrlDao;
import com.yihu.jw.entity.base.login.BaseLoginLogDO;
import com.yihu.jw.entity.base.menu.BaseMenuUrlDO;
import io.swagger.annotations.Api;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.util.*;
/**
 * Created by yeshijie on 2022/7/20.
 */
@RestController
@RequestMapping("open/test")
@Api(tags = "通用自测相关操作", description = "通用自测相关操作")
public class CommonController extends BaseController{
    @Autowired
    WebApplicationContext applicationContext;
    @Autowired
    private BaseMenuUrlDao baseMenuUrlDao;
    @GetMapping("getAllUrl")
    public List<String> getAllUrl(){
        RequestMappingHandlerMapping mapping = applicationContext.getBean(RequestMappingHandlerMapping.class);
        //获取url与类和方法的对应信息
        Map<RequestMappingInfo, HandlerMethod> map = mapping.getHandlerMethods();
        List<String> urlList = new ArrayList<>();
        for (RequestMappingInfo info : map.keySet()){
            //获取url的Set集合，一个方法可能对应多个url
            Set<String> patterns = info.getPatternsCondition().getPatterns();
            for (String url : patterns) {
                if(url.contains("/open/")||url.contains("/swagger-resources")
                        ||url.contains("/error")||url.contains("/svr-iot/analyze/")){
                    continue;
                }
                urlList.add(url);
                BaseMenuUrlDO urlDO = new BaseMenuUrlDO();
                urlDO.setCreateTime(new Date());
                urlDO.setUrl(url);
                baseMenuUrlDao.save(urlDO);
            }
        }
        return urlList;
    }
}

svr/svr-iot/src/main/java/com/yihu/iot/dao/common/BaseLoginLogDao.java

@@ -0,0 +1,21 @@
package com.yihu.iot.dao.common;
import com.yihu.jw.entity.base.login.BaseLoginLogDO;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.PagingAndSortingRepository;
import java.util.List;
public interface BaseLoginLogDao extends PagingAndSortingRepository<BaseLoginLogDO, String>, JpaSpecificationExecutor<BaseLoginLogDO> {
    @Query("from BaseLoginLogDO l where l.openid=?1 order by l.createTime desc")
    List<BaseLoginLogDO> findByOpenId(String openid);
    @Query("from BaseLoginLogDO l where l.userId=?1 order by l.createTime desc")
    List<BaseLoginLogDO> findByUserId(String openid);
    @Query(value = "SELECT a.* from base_login_log a WHERE a.token=?1 ORDER BY a.create_time desc LIMIT 1",nativeQuery = true)
    BaseLoginLogDO findByToken(String token);
}

svr/svr-iot/src/main/java/com/yihu/iot/dao/common/BaseMenuUrlDao.java

@@ -0,0 +1,12 @@
package com.yihu.iot.dao.common;
import com.yihu.jw.entity.base.menu.BaseMenuUrlDO;
import org.springframework.data.jpa.repository.JpaSpecificationExecutor;
import org.springframework.data.repository.PagingAndSortingRepository;
/**
 * Created by yeshijie on 2022/7/20.
 */
public interface BaseMenuUrlDao extends PagingAndSortingRepository<BaseMenuUrlDO, String>, JpaSpecificationExecutor<BaseMenuUrlDO> {
}

svr/svr-iot/src/main/java/com/yihu/iot/interceptor/PermissionInterceptor.java

@@ -0,0 +1,72 @@
package com.yihu.iot.interceptor;
import com.alibaba.fastjson.JSONObject;
import com.yihu.iot.service.common.PermissionService;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Date;
/**
 * 菜单权限校验
 *
 * @author George
 */
@Component
public class PermissionInterceptor implements HandlerInterceptor {
    private Logger logger = LoggerFactory.getLogger(PermissionInterceptor.class);
    public static String status = "1";
    @Autowired
    public PermissionService permissionService;
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        boolean flag = true;
        try {
            request.setCharacterEncoding("UTF-8");
            response.setHeader("Content-type", "text/html;charset=UTF-8");
            request.setAttribute("log-start", new Date().getTime());
            response.setCharacterEncoding("UTF-8");
            String uri = request.getRequestURI();
            logger.info("getRequestURI"+uri);
            //越权验证
            if(!permissionService.isPermission(uri)){
                JSONObject json = new JSONObject();
                json.put("status",403);
                json.put("message","该操作没有权限");
                response.getOutputStream().write(json.toString().getBytes("UTF-8"));
                return false;
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return flag;
    }
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
    }
    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
    }
}

svr/svr-iot/src/main/java/com/yihu/iot/service/common/PermissionService.java

@@ -0,0 +1,123 @@
package com.yihu.iot.service.common;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.yihu.iot.dao.common.BaseLoginLogDao;
import com.yihu.jw.entity.base.login.BaseLoginLogDO;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.jdbc.core.BeanPropertyRowMapper;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.stereotype.Service;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.List;
/**
 * Created by yeshijie on 2022/3/14.
 */
@Service
public class PermissionService {
    private static final Logger logger = LoggerFactory.getLogger(PermissionService.class);
    @Autowired
    private JdbcTemplate jdbcTemplate;
    @Autowired
    private BaseLoginLogDao baseLoginLogDao;
    @Value("${spring.profiles}")
    private String profiles;
    /**
     * 判断用户是否有权限
     */
    public boolean isPermission(String url){
        try {
            String uid = getUID();
            //            String uid = "402803f9658455110165845b84850000";
            logger.info("uid:" + uid);
            if(StringUtils.isBlank(uid)){
                return true;
            }
            //判断是否开启权限校验 未设置或者为0则不开启权限校验
            String sql = " select code from iot_system_dict where dict_name ='isPermission'  ";
            List<String> isPermissions = jdbcTemplate.queryForList(sql,String.class);
            if(isPermissions.size()==0||"0".equals(isPermissions.get(0))){
                return true;
            }
            if ("2c9a80ed72068fa20172164d756c000c".equals(uid)||"402803f9658455110165845b84850000".equals(uid)) {
                //管理员 admxin 和 测试管理员 18800000001
                return true;
            }
            String usrSql = "SELECT role_id from "+getDbName()+".base_user where id=?";
            List<String> roleIds = jdbcTemplate.queryForList(usrSql,new Object[]{uid},String.class);
            if(roleIds.size()==0){
                return false;
            }
            String roleId = roleIds.get(0);
            if("company".equals(roleId)||"platform".equals(roleId)){
                //新申请的厂商和平台商才做权限校验
                String db = getDbName();
                String sqlCount = "SELECT count(DISTINCT mu.url) from "+db+".base_menu m,"+db+".base_role_menu rm,"+db+".base_menu_url mu " +
                        "WHERE rm.role_id = '"+roleId+"'  and m.id = rm.menu_id and m.status=1 " +
                        "and m.id = mu.menu_id and mu.url='"+url+"'";
                Integer num = jdbcTemplate.queryForObject(sqlCount,Integer.class);
                if(num==0){
                    return false;
                }
            }
        }catch (Exception e){
            e.printStackTrace();
        }
        return true;
    }
    public String getUID(){
        BaseLoginLogDO loginLogDO = getLoginLog();
        if(loginLogDO != null){
            return loginLogDO.getUserId();
        }
        return null;
    }
    private BaseLoginLogDO getLoginLog(){
        String accessToken = this.extractToken(getRequest());
        String sql = "select * from "+getDbName()+".base_login_log a WHERE a.token=? ORDER BY a.create_time desc LIMIT 1";
        logger.info("sql+"+sql);
        List<BaseLoginLogDO> list = jdbcTemplate.query(sql,new Object[]{accessToken},new BeanPropertyRowMapper<>(BaseLoginLogDO.class));
        if(list!=null&&list.size()>0){
            return list.get(0);
        }
        return null;
    }
    public String getDbName(){
        String db = "base";
        if("iotprod".equals(profiles)){
            db = "`iot-base`";
        }
        return db;
    }
    private String extractToken(HttpServletRequest request) {
        String accessToken = request.getHeader("token");
        if (null == accessToken) {
            accessToken = request.getParameter("token");
        }
        return accessToken;
    }
    public HttpServletRequest getRequest(){
        return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    }
}

svr/svr-iot/src/main/resources/application.yml

@@ -22,7 +22,10 @@ spring:
      test-while-idle: true #指明连接是否被空闲连接回收器(如果有)进行检验，如果检测失败，则连接将被从池中去除
      min-evictable-idle-time-millis: 3600000 #连接池中连接，在时间段内一直空闲，被逐出连接池的时间(1000*60*60)，以毫秒为单位
      time-between-eviction-runs-millis: 300000 #在空闲连接回收器线程运行期间休眠的时间值,以毫秒为单位，一般比minEvictableIdleTimeMillis小
  http:
    multipart:
      max-file-size: 50MB
      max-request-size: 100MB
  data:
    elasticsearch: #ElasticsearchProperties
      cluster-name: jkzl #默认即为elasticsearch  集群名