From 67f7615a182ccb98396c88ce77ece78d7fb915c5 Mon Sep 17 00:00:00 2001 From: ronger Date: Fri, 10 Dec 2021 09:40:56 +0800 Subject: [PATCH] =?UTF-8?q?:lock:=20=20=E5=AE=89=E5=85=A8=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../jwt/aop/RestAuthTokenInterceptor.java | 18 +++++++++++++++++- .../com/rymcu/forest/mapper/UserMapper.java | 11 ++++++++--- .../forest/service/impl/UserServiceImpl.java | 5 ++--- .../forest/web/api/exception/ErrorCode.java | 5 +++-- src/main/java/mapper/UserMapper.xml | 9 +++++---- 5 files changed, 35 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java b/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java index 37928cc..52132eb 100644 --- a/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java +++ b/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java @@ -4,6 +4,7 @@ package com.rymcu.forest.jwt.aop; import com.rymcu.forest.jwt.def.JwtConstants; import com.rymcu.forest.jwt.model.TokenModel; import com.rymcu.forest.jwt.service.TokenManager; +import com.rymcu.forest.mapper.UserMapper; import com.rymcu.forest.web.api.exception.BaseApiException; import com.rymcu.forest.web.api.exception.ErrorCode; import io.jsonwebtoken.Claims; @@ -14,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.servlet.HandlerInterceptor; import org.springframework.web.servlet.ModelAndView; +import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Objects; @@ -28,6 +30,8 @@ public class RestAuthTokenInterceptor implements HandlerInterceptor { @Autowired private TokenManager manager; + @Resource + private UserMapper userMapper; @Override public void afterCompletion(HttpServletRequest httpservletrequest, HttpServletResponse httpservletresponse, Object obj, Exception exception) throws Exception { @@ -36,7 +40,6 @@ public class RestAuthTokenInterceptor implements HandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object obj) throws Exception { - //从header中得到token String authHeader = request.getHeader(JwtConstants.AUTHORIZATION); if(StringUtils.isBlank(authHeader)){ @@ -63,6 +66,19 @@ public class RestAuthTokenInterceptor implements HandlerInterceptor { request.setAttribute(JwtConstants.CURRENT_TOKEN_CLAIMS, claims); //如果token验证成功,将token对应的用户id存在request中,便于之后注入 request.setAttribute(JwtConstants.CURRENT_USER_NAME, model.getUsername()); + // 判断是否为后台接口或财政划转接口 + String adminApi = "/admin"; + String transactionApi = "/transaction"; + String uri = request.getRequestURI(); + if (uri.contains(adminApi) || uri.contains(transactionApi)) { + // 判断管理员权限 + boolean hasPermission = userMapper.hasAdminPermission(model.getUsername()); + if (hasPermission) { + return true; + } else { + throw new BaseApiException(ErrorCode.ACCESS_DENIED); + } + } return true; } else { throw new BaseApiException(ErrorCode.TOKEN_); diff --git a/src/main/java/com/rymcu/forest/mapper/UserMapper.java b/src/main/java/com/rymcu/forest/mapper/UserMapper.java index 851ed2a..dc2d4c2 100644 --- a/src/main/java/com/rymcu/forest/mapper/UserMapper.java +++ b/src/main/java/com/rymcu/forest/mapper/UserMapper.java @@ -95,13 +95,11 @@ public interface UserMapper extends Mapper { * @param nickname * @param avatarType * @param avatarUrl - * @param email - * @param phone * @param signature * @param sex * @return */ - Integer updateUserInfo(@Param("idUser") Integer idUser, @Param("nickname") String nickname, @Param("avatarType") String avatarType, @Param("avatarUrl") String avatarUrl, @Param("email") String email, @Param("phone") String phone, @Param("signature") String signature, @Param("sex") String sex); + Integer updateUserInfo(@Param("idUser") Integer idUser, @Param("nickname") String nickname, @Param("avatarType") String avatarType, @Param("avatarUrl") String avatarUrl, @Param("signature") String signature, @Param("sex") String sex); /** * 验证昵称是否重复 @@ -153,4 +151,11 @@ public interface UserMapper extends Mapper { * @return */ Integer updateLastOnlineTimeByEmail(@Param("email") String email); + + /** + * 判断用户是否拥有管理员权限 + * @param email + * @return + */ + boolean hasAdminPermission(@Param("email") String email); } \ No newline at end of file diff --git a/src/main/java/com/rymcu/forest/service/impl/UserServiceImpl.java b/src/main/java/com/rymcu/forest/service/impl/UserServiceImpl.java index 0084bd4..eceeb58 100644 --- a/src/main/java/com/rymcu/forest/service/impl/UserServiceImpl.java +++ b/src/main/java/com/rymcu/forest/service/impl/UserServiceImpl.java @@ -199,8 +199,7 @@ public class UserServiceImpl extends AbstractService implements UserServic user.setAvatarUrl(avatarUrl); user.setAvatarType("0"); } - Integer result = userMapper.updateUserInfo(user.getIdUser(), user.getNickname(), user.getAvatarType(),user.getAvatarUrl(), - user.getEmail(),user.getPhone(),user.getSignature(), user.getSex()); + Integer result = userMapper.updateUserInfo(user.getIdUser(), user.getNickname(), user.getAvatarType(),user.getAvatarUrl(),user.getSignature(), user.getSex()); UserIndexUtil.addIndex(UserLucene.builder() .idUser(user.getIdUser()) .nickname(user.getNickname()) @@ -263,7 +262,7 @@ public class UserServiceImpl extends AbstractService implements UserServic String email = changeEmailDTO.getEmail(); String code = changeEmailDTO.getCode(); String vCode = redisService.get(email); - if(StringUtils.isNotBlank(vCode)){ + if(StringUtils.isNotBlank(vCode) && StringUtils.isNotBlank(code)){ if(vCode.equals(code)){ userMapper.updateEmail(idUser, email); map.put("message","更新成功!"); diff --git a/src/main/java/com/rymcu/forest/web/api/exception/ErrorCode.java b/src/main/java/com/rymcu/forest/web/api/exception/ErrorCode.java index 45964a1..bdf4ce8 100644 --- a/src/main/java/com/rymcu/forest/web/api/exception/ErrorCode.java +++ b/src/main/java/com/rymcu/forest/web/api/exception/ErrorCode.java @@ -2,10 +2,11 @@ package com.rymcu.forest.web.api.exception; public enum ErrorCode { - UNAUTHORIZED(401, "请求要求用户的身份认证"),//未认证(签名错误) + UNAUTHORIZED(401, "请求要求用户的身份认证"), INVALID_TOKEN(402, "TOKEN验证失败,无效的TOKEN!"), TOKEN_(402, "TOKEN验证失败,无效的TOKEN!"), - NOT_FOUND(404, "此接口不存在"),//接口不存在 + ACCESS_DENIED(403, "服务器拒绝请求!"), + NOT_FOUND(404, "此接口不存在"), INTERNAL_SERVER_ERROR(500, "服务内部异常"); private int code; diff --git a/src/main/java/mapper/UserMapper.xml b/src/main/java/mapper/UserMapper.xml index 52eba12..601adaf 100644 --- a/src/main/java/mapper/UserMapper.xml +++ b/src/main/java/mapper/UserMapper.xml @@ -63,10 +63,7 @@ update forest_user set status = #{status} where id = #{idUser} - update forest_user set nickname = #{nickname},email = #{email},signature = #{signature},avatar_type = #{avatarType},avatar_url = #{avatarUrl},sex = #{sex} - - ,phone = #{phone} - + update forest_user set nickname = #{nickname},signature = #{signature},avatar_type = #{avatarType},avatar_url = #{avatarUrl},sex = #{sex} where id = #{idUser} @@ -115,5 +112,9 @@ order by last_online_time desc + \ No newline at end of file