优化登录

2025-01-09 23:25:20 +08:00 · 2025-01-09 23:25:20 +08:00 · 39fed9f57f
commit 39fed9f57f
parent 596714860b
12 changed files with 17 additions and 124 deletions
--- a/admin/src/main/java/io/modules/security/config/FilterConfig.java
+++ b/admin/src/main/java/io/modules/security/config/FilterConfig.java
@ -1,42 +0,0 @@
-//
-//package io.modules.security.config;
-//
-//import io.common.xss.XssFilter;
-//import jakarta.servlet.DispatcherType;
-//import org.springframework.boot.web.servlet.FilterRegistrationBean;
-//import org.springframework.context.annotation.Bean;
-//import org.springframework.context.annotation.Configuration;
-//import org.springframework.web.filter.DelegatingFilterProxy;
-//
-//
-///**
-// * Filter配置
-// *
-//
-// */
-//@Configuration
-//public class FilterConfig {
-//
-//    @Bean
-//    public FilterRegistrationBean shiroFilterRegistration() {
-//        FilterRegistrationBean registration = new FilterRegistrationBean();
-//        registration.setFilter(new DelegatingFilterProxy("shiroFilter"));
-//        //该值缺省为false，表示生命周期由SpringApplicationContext管理，设置为true则表示由ServletContainer管理
-//        registration.addInitParameter("targetFilterLifecycle", "true");
-//        registration.setEnabled(true);
-//        registration.setOrder(Integer.MAX_VALUE - 1);
-//        registration.addUrlPatterns("/*");
-//        return registration;
-//    }
-//
-//    @Bean
-//    public FilterRegistrationBean xssFilterRegistration() {
-//        FilterRegistrationBean registration = new FilterRegistrationBean();
-//        registration.setDispatcherTypes(DispatcherType.REQUEST);
-//        registration.setFilter(new XssFilter());
-//        registration.addUrlPatterns("/*");
-//        registration.setName("xssFilter");
-//        registration.setOrder(Integer.MAX_VALUE);
-//        return registration;
-//    }
-//}
--- a/admin/src/main/java/io/modules/security/config/ShiroConfig.java
+++ b/admin/src/main/java/io/modules/security/config/ShiroConfig.java
@ -21,7 +21,6 @@ import java.util.Map;
 /**
 * Shiro的配置文件
 *
- 
 */
@Configuration
 public class ShiroConfig {
--- a/admin/src/main/java/io/modules/security/controller/LoginController.java
+++ b/admin/src/main/java/io/modules/security/controller/LoginController.java
@ -61,10 +61,10 @@ public class LoginController {
        //效验数据
        ValidatorUtils.validateEntity(login);
        //验证码是否正确
-        boolean flag = captchaService.validate(login.getUuid(), login.getCaptcha());
-        if (!flag) {
-            return new Result().error("验证码不正确~");
-        }
+//        boolean flag = captchaService.validate(login.getUuid(), login.getCaptcha());
+//        if (!flag) {
+//            return new Result().error("验证码不正确~");
+//        }
        //用户信息
        SysUserDTO user = sysUserService.getByUsername(login.getUsername());
        SysLogLoginEntity log = new SysLogLoginEntity();
--- a/admin/src/main/java/io/modules/security/dto/LoginDTO.java
+++ b/admin/src/main/java/io/modules/security/dto/LoginDTO.java
@ -26,9 +26,9 @@ public class LoginDTO implements Serializable {
    @NotBlank(message="密码不能为空")
    private String password;

-    @Schema(title = "验证码")
-    @NotBlank(message="验证不能为空")
-    private String captcha;
+//    @Schema(title = "验证码")
+//    @NotBlank(message="验证不能为空")
+//    private String captcha;

    @Schema(title = "唯一标识")
    @NotBlank(message="唯一标识不能为空")
--- a/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java
+++ b/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java
@ -1,5 +1,3 @@
-
-
 package io.modules.security.oauth2;

 import cn.hutool.core.util.StrUtil;
--- a/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java
+++ b/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java
@ -21,7 +21,6 @@ import java.util.Set;
 /**
 * 认证
 *
-
 */
@Component
@AllArgsConstructor
@ -54,29 +53,23 @@ public class Oauth2Realm extends AuthorizingRealm {
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String accessToken = (String) token.getPrincipal();
-
        //根据accessToken，查询用户信息
        SysUserTokenEntity tokenEntity = shiroService.getByToken(accessToken);
        //token失效
        if (tokenEntity == null || tokenEntity.getExpireDate().getTime() < System.currentTimeMillis()) {
            throw new IncorrectCredentialsException("登录失效，请重新登录！");
        }
-
        //查询用户信息
        SysUserEntity userEntity = shiroService.getUser(tokenEntity.getUserId());
-
        //转换成UserDetail对象
        UserDetail userDetail = ConvertUtils.sourceToTarget(userEntity, UserDetail.class);
-
        //获取用户对应的部门数据权限
        List<Long> deptIdList = shiroService.getDataScopeList(userDetail.getId());
        userDetail.setDeptIdList(deptIdList);
-
        //账号锁定
        if (userDetail.getStatus() == 0) {
            throw new LockedAccountException("账号已被锁定!");
        }
-
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userDetail, accessToken, getName());
        return info;
    }
--- a/admin/src/main/java/io/modules/security/password/BCrypt.java
+++ b/admin/src/main/java/io/modules/security/password/BCrypt.java
@ -4,45 +4,6 @@ import java.io.ByteArrayOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.security.SecureRandom;

-/**
- * BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
- * "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
- * <p>
- * This password hashing system tries to thwart off-line password cracking using a
- * computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher.
- * The work factor of the algorithm is parameterised, so it can be increased as computers
- * get faster.
- * <p>
- * Usage is really simple. To hash a password for the first time, call the hashpw method
- * with a random salt, like this:
- * <p>
- * <code>
- * String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt()); <br>
- * </code>
- * <p>
- * To check whether a plaintext password matches one that has been hashed previously, use
- * the checkpw method:
- * <p>
- * <code>
- * if (BCrypt.checkpw(candidate_password, stored_hash))<br>
- * &nbsp;&nbsp;&nbsp;&nbsp;System.out.println("It matches");<br>
- * else<br>
- * &nbsp;&nbsp;&nbsp;&nbsp;System.out.println("It does not match");<br>
- * </code>
- * <p>
- * The gensalt() method takes an optional parameter (log_rounds) that determines the
- * computational complexity of the hashing:
- * <p>
- * <code>
- * String strong_salt = BCrypt.gensalt(10)<br>
- * String stronger_salt = BCrypt.gensalt(12)<br>
- * </code>
- * <p>
- * The amount of work increases exponentially (2**log_rounds), so each increment is twice
- * as much work. The default log_rounds is 10, and the valid range is 4 to 31.
- *
- * @author Damien Miller
- */
 public class BCrypt {
 	// BCrypt parameters

--- a/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java
+++ b/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java
@ -6,15 +6,6 @@ import org.apache.commons.logging.LogFactory;
 import java.security.SecureRandom;
 import java.util.regex.Pattern;

-/**
- * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
- * can optionally supply a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom
- * instance. The larger the strength parameter the more work will have to be done
- * (exponentially) to hash the passwords. The default value is 10.
- *
- * @author Dave Syer
- *
- */
 public class BCryptPasswordEncoder implements PasswordEncoder {
 	private Pattern BCRYPT_PATTERN = Pattern
 			.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
--- a/admin/src/main/java/io/modules/sys/controller/SysUserController.java
+++ b/admin/src/main/java/io/modules/sys/controller/SysUserController.java
@ -72,11 +72,9 @@ public class SysUserController {
    @RequiresPermissions("sys:user:info")
    public Result<SysUserDTO> get(@PathVariable("id") Long id) {
        SysUserDTO data = sysUserService.get(id);
-
        //用户角色列表
        List<Long> roleIdList = sysRoleUserService.getRoleIdList(id);
        data.setRoleIdList(roleIdList);
-
        return new Result<SysUserDTO>().ok(data);
    }

@ -93,16 +91,12 @@ public class SysUserController {
    public Result password(@RequestBody PasswordDTO dto) {
        //效验数据
        ValidatorUtils.validateEntity(dto);
-
        UserDetail user = SecurityUser.getUser();
-
        //原密码不正确
        if (!PasswordUtils.matches(dto.getPassword(), user.getPassword())) {
            return new Result().error("原密码不正确!");
        }
-
        sysUserService.updatePassword(user.getId(), dto.getNewPassword());
-
        return new Result();
    }

@ -113,9 +107,7 @@ public class SysUserController {
    public Result save(@RequestBody SysUserDTO dto) {
        //效验数据
        ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class);
-
        sysUserService.save(dto);
-
        return new Result();
    }

@ -126,9 +118,7 @@ public class SysUserController {
    public Result update(@RequestBody SysUserDTO dto) {
        //效验数据
        ValidatorUtils.validateEntity(dto, UpdateGroup.class, DefaultGroup.class);
-
        sysUserService.update(dto);
-
        return new Result();
    }

@ -139,12 +129,9 @@ public class SysUserController {
    public Result delete(@RequestBody Long[] ids) {
        //效验数据
        AssertUtils.isArrayEmpty(ids, "id");
-
        sysUserService.deleteBatchIds(Arrays.asList(ids));
-
        return new Result();
    }
-
    @GetMapping("export")
    @Operation(summary = "导出")
    @LogOperation("导出")
@ -152,7 +139,6 @@ public class SysUserController {
    @Parameter(name = "username", description = "用户名", in = ParameterIn.QUERY, ref = "String")
    public void export(@Parameter(hidden = true) @RequestParam Map<String, Object> params, HttpServletResponse response) throws Exception {
        List<SysUserDTO> list = sysUserService.list(params);
-
        ExcelUtils.exportExcelToTarget(response, null, "用户管理", list, SysUserExcel.class);
    }
 }
--- a/front/src/main/java/io/FrontApplication.java
+++ b/front/src/main/java/io/FrontApplication.java
@ -1,5 +1,3 @@
-
-
 package io;

 import org.springframework.boot.SpringApplication;
@ -9,7 +7,6 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer

 /**
 * front
- *
 */
@SpringBootApplication
 public class FrontApplication extends SpringBootServletInitializer {
--- a/front/src/main/java/io/controller/UserController.java
+++ b/front/src/main/java/io/controller/UserController.java
@ -34,6 +34,12 @@ public class UserController {
    @PostMapping("register")
    @Operation(summary = "注册")
    public Result register(@RequestBody RegisterDTO dto) {
+        //表单校验
+        ValidatorUtils.validateEntity(dto);
+        if (!dto.getPassword().equals(dto.getConfirmPassword())){
+            return new Result().error("两次密码输入不一致~");
+        }
+
       if (userService.getByUsername(dto.getUsername()) != null) {
           return new Result().error("用户名已经存在~");
       }
--- a/front/src/main/java/io/dto/RegisterDTO.java
+++ b/front/src/main/java/io/dto/RegisterDTO.java
@ -23,6 +23,10 @@ public class RegisterDTO {
    @NotBlank(message="密码不能为空")
    private String password;

+    @Schema(title = "密码")
+    @NotBlank(message="确认密码不能为空")
+    private String confirmPassword;
+
    @Schema(title = "昵称")
    private String nickName;