优化登录

2025-01-09 23:25:20 +08:00 · 2025-01-09 23:25:20 +08:00 · 39fed9f57f
commit 39fed9f57f
parent 596714860b
12 changed files with 17 additions and 124 deletions
--- a/admin/src/main/java/io/modules/security/config/FilterConfig.java
+++ b/admin/src/main/java/io/modules/security/config/FilterConfig.java
@ -1,42 +0,0 @@
 //
 //package io.modules.security.config;
 //
 //import io.common.xss.XssFilter;
 //import jakarta.servlet.DispatcherType;
 //import org.springframework.boot.web.servlet.FilterRegistrationBean;
 //import org.springframework.context.annotation.Bean;
 //import org.springframework.context.annotation.Configuration;
 //import org.springframework.web.filter.DelegatingFilterProxy;
 //
 //
 ///**
 // * Filter配置
 // *
 //
 // */
 //@Configuration
 //public class FilterConfig {
 //
 //    @Bean
 //    public FilterRegistrationBean shiroFilterRegistration() {
 //        FilterRegistrationBean registration = new FilterRegistrationBean();
 //        registration.setFilter(new DelegatingFilterProxy("shiroFilter"));
 //        //该值缺省为false，表示生命周期由SpringApplicationContext管理，设置为true则表示由ServletContainer管理
 //        registration.addInitParameter("targetFilterLifecycle", "true");
 //        registration.setEnabled(true);
 //        registration.setOrder(Integer.MAX_VALUE - 1);
 //        registration.addUrlPatterns("/*");
 //        return registration;
 //    }
 //
 //    @Bean
 //    public FilterRegistrationBean xssFilterRegistration() {
 //        FilterRegistrationBean registration = new FilterRegistrationBean();
 //        registration.setDispatcherTypes(DispatcherType.REQUEST);
 //        registration.setFilter(new XssFilter());
 //        registration.addUrlPatterns("/*");
 //        registration.setName("xssFilter");
 //        registration.setOrder(Integer.MAX_VALUE);
 //        return registration;
 //    }
 //}
--- a/admin/src/main/java/io/modules/security/config/ShiroConfig.java
+++ b/admin/src/main/java/io/modules/security/config/ShiroConfig.java
@ -21,7 +21,6 @@ import java.util.Map;
 /**
 * Shiro的配置文件
 *
 */
@Configuration
 public class ShiroConfig {
--- a/admin/src/main/java/io/modules/security/controller/LoginController.java
+++ b/admin/src/main/java/io/modules/security/controller/LoginController.java
@ -61,10 +61,10 @@ public class LoginController {
        //效验数据
        ValidatorUtils.validateEntity(login);
        //验证码是否正确
-        boolean flag = captchaService.validate(login.getUuid(), login.getCaptcha());
+//        boolean flag = captchaService.validate(login.getUuid(), login.getCaptcha());
-        if (!flag) {
+//        if (!flag) {
-            return new Result().error("验证码不正确~");
+//            return new Result().error("验证码不正确~");
-        }
+//        }
        //用户信息
        SysUserDTO user = sysUserService.getByUsername(login.getUsername());
        SysLogLoginEntity log = new SysLogLoginEntity();
--- a/admin/src/main/java/io/modules/security/dto/LoginDTO.java
+++ b/admin/src/main/java/io/modules/security/dto/LoginDTO.java
@ -26,9 +26,9 @@ public class LoginDTO implements Serializable {
    @NotBlank(message="密码不能为空")
    private String password;
-    @Schema(title = "验证码")
+//    @Schema(title = "验证码")
-    @NotBlank(message="验证不能为空")
+//    @NotBlank(message="验证不能为空")
-    private String captcha;
+//    private String captcha;
    @Schema(title = "唯一标识")
    @NotBlank(message="唯一标识不能为空")
--- a/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java
+++ b/admin/src/main/java/io/modules/security/oauth2/Oauth2Filter.java
@ -1,5 +1,3 @@
 package io.modules.security.oauth2;
 import cn.hutool.core.util.StrUtil;
--- a/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java
+++ b/admin/src/main/java/io/modules/security/oauth2/Oauth2Realm.java
@ -21,7 +21,6 @@ import java.util.Set;
 /**
 * 认证
 *
 */
@Component
@AllArgsConstructor
@ -54,29 +53,23 @@ public class Oauth2Realm extends AuthorizingRealm {
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String accessToken = (String) token.getPrincipal();
        //根据accessToken，查询用户信息
        SysUserTokenEntity tokenEntity = shiroService.getByToken(accessToken);
        //token失效
        if (tokenEntity == null || tokenEntity.getExpireDate().getTime() < System.currentTimeMillis()) {
            throw new IncorrectCredentialsException("登录失效，请重新登录！");
        }
        //查询用户信息
        SysUserEntity userEntity = shiroService.getUser(tokenEntity.getUserId());
        //转换成UserDetail对象
        UserDetail userDetail = ConvertUtils.sourceToTarget(userEntity, UserDetail.class);
        //获取用户对应的部门数据权限
        List<Long> deptIdList = shiroService.getDataScopeList(userDetail.getId());
        userDetail.setDeptIdList(deptIdList);
        //账号锁定
        if (userDetail.getStatus() == 0) {
            throw new LockedAccountException("账号已被锁定!");
        }
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userDetail, accessToken, getName());
        return info;
    }
--- a/admin/src/main/java/io/modules/security/password/BCrypt.java
+++ b/admin/src/main/java/io/modules/security/password/BCrypt.java
@ -4,45 +4,6 @@ import java.io.ByteArrayOutputStream;
 import java.io.UnsupportedEncodingException;
 import java.security.SecureRandom;
 /**
 * BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in
 * "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
 * <p>
 * This password hashing system tries to thwart off-line password cracking using a
 * computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher.
 * The work factor of the algorithm is parameterised, so it can be increased as computers
 * get faster.
 * <p>
 * Usage is really simple. To hash a password for the first time, call the hashpw method
 * with a random salt, like this:
 * <p>
 * <code>
 * String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt()); <br>
 * </code>
 * <p>
 * To check whether a plaintext password matches one that has been hashed previously, use
 * the checkpw method:
 * <p>
 * <code>
 * if (BCrypt.checkpw(candidate_password, stored_hash))<br>
 * &nbsp;&nbsp;&nbsp;&nbsp;System.out.println("It matches");<br>
 * else<br>
 * &nbsp;&nbsp;&nbsp;&nbsp;System.out.println("It does not match");<br>
 * </code>
 * <p>
 * The gensalt() method takes an optional parameter (log_rounds) that determines the
 * computational complexity of the hashing:
 * <p>
 * <code>
 * String strong_salt = BCrypt.gensalt(10)<br>
 * String stronger_salt = BCrypt.gensalt(12)<br>
 * </code>
 * <p>
 * The amount of work increases exponentially (2**log_rounds), so each increment is twice
 * as much work. The default log_rounds is 10, and the valid range is 4 to 31.
 *
 * @author Damien Miller
 */
 public class BCrypt {
 	// BCrypt parameters
--- a/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java
+++ b/admin/src/main/java/io/modules/security/password/BCryptPasswordEncoder.java
@ -6,15 +6,6 @@ import org.apache.commons.logging.LogFactory;
 import java.security.SecureRandom;
 import java.util.regex.Pattern;
 /**
 * Implementation of PasswordEncoder that uses the BCrypt strong hashing function. Clients
 * can optionally supply a "strength" (a.k.a. log rounds in BCrypt) and a SecureRandom
 * instance. The larger the strength parameter the more work will have to be done
 * (exponentially) to hash the passwords. The default value is 10.
 *
 * @author Dave Syer
 *
 */
 public class BCryptPasswordEncoder implements PasswordEncoder {
 	private Pattern BCRYPT_PATTERN = Pattern
 			.compile("\\A\\$2a?\\$\\d\\d\\$[./0-9A-Za-z]{53}");
--- a/admin/src/main/java/io/modules/sys/controller/SysUserController.java
+++ b/admin/src/main/java/io/modules/sys/controller/SysUserController.java
@ -72,11 +72,9 @@ public class SysUserController {
    @RequiresPermissions("sys:user:info")
    public Result<SysUserDTO> get(@PathVariable("id") Long id) {
        SysUserDTO data = sysUserService.get(id);
        //用户角色列表
        List<Long> roleIdList = sysRoleUserService.getRoleIdList(id);
        data.setRoleIdList(roleIdList);
        return new Result<SysUserDTO>().ok(data);
    }
@ -93,16 +91,12 @@ public class SysUserController {
    public Result password(@RequestBody PasswordDTO dto) {
        //效验数据
        ValidatorUtils.validateEntity(dto);
        UserDetail user = SecurityUser.getUser();
        //原密码不正确
        if (!PasswordUtils.matches(dto.getPassword(), user.getPassword())) {
            return new Result().error("原密码不正确!");
        }
        sysUserService.updatePassword(user.getId(), dto.getNewPassword());
        return new Result();
    }
@ -113,9 +107,7 @@ public class SysUserController {
    public Result save(@RequestBody SysUserDTO dto) {
        //效验数据
        ValidatorUtils.validateEntity(dto, AddGroup.class, DefaultGroup.class);
        sysUserService.save(dto);
        return new Result();
    }
@ -126,9 +118,7 @@ public class SysUserController {
    public Result update(@RequestBody SysUserDTO dto) {
        //效验数据
        ValidatorUtils.validateEntity(dto, UpdateGroup.class, DefaultGroup.class);
        sysUserService.update(dto);
        return new Result();
    }
@ -139,12 +129,9 @@ public class SysUserController {
    public Result delete(@RequestBody Long[] ids) {
        //效验数据
        AssertUtils.isArrayEmpty(ids, "id");
        sysUserService.deleteBatchIds(Arrays.asList(ids));
        return new Result();
    }
    @GetMapping("export")
    @Operation(summary = "导出")
    @LogOperation("导出")
@ -152,7 +139,6 @@ public class SysUserController {
    @Parameter(name = "username", description = "用户名", in = ParameterIn.QUERY, ref = "String")
    public void export(@Parameter(hidden = true) @RequestParam Map<String, Object> params, HttpServletResponse response) throws Exception {
        List<SysUserDTO> list = sysUserService.list(params);
        ExcelUtils.exportExcelToTarget(response, null, "用户管理", list, SysUserExcel.class);
    }
 }
--- a/front/src/main/java/io/FrontApplication.java
+++ b/front/src/main/java/io/FrontApplication.java
@ -1,5 +1,3 @@
 package io;
 import org.springframework.boot.SpringApplication;
@ -9,7 +7,6 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer
 /**
 * front
 *
 */
@SpringBootApplication
 public class FrontApplication extends SpringBootServletInitializer {
--- a/front/src/main/java/io/controller/UserController.java
+++ b/front/src/main/java/io/controller/UserController.java
@ -34,6 +34,12 @@ public class UserController {
    @PostMapping("register")
    @Operation(summary = "注册")
    public Result register(@RequestBody RegisterDTO dto) {
        //表单校验
        ValidatorUtils.validateEntity(dto);
        if (!dto.getPassword().equals(dto.getConfirmPassword())){
            return new Result().error("两次密码输入不一致~");
        }
       if (userService.getByUsername(dto.getUsername()) != null) {
           return new Result().error("用户名已经存在~");
       }
--- a/front/src/main/java/io/dto/RegisterDTO.java
+++ b/front/src/main/java/io/dto/RegisterDTO.java
@ -23,6 +23,10 @@ public class RegisterDTO {
    @NotBlank(message="密码不能为空")
    private String password;
    @Schema(title = "密码")
    @NotBlank(message="确认密码不能为空")
    private String confirmPassword;
    @Schema(title = "昵称")
    private String nickName;
`@ -1,5 +1,3 @@`


	`package io.modules.security.oauth2;`	`package io.modules.security.oauth2;`

	`import cn.hutool.core.util.StrUtil;`	`import cn.hutool.core.util.StrUtil;`