zy-wcs-master.git

			@@ -1,16 +1,19 @@
			package com.zy.common.web;

			import com.alibaba.fastjson.JSON;
			import com.baomidou.mybatisplus.mapper.EntityWrapper;
			import com.baomidou.mybatisplus.mapper.Wrapper;
			import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
			import com.core.annotations.ManagerAuth;
			import com.core.common.Cools;
			import com.core.common.R;
			import com.core.exception.CoolException;
			import com.zy.common.CodeRes;
			import com.zy.common.auth.MfaLoginTicketManager;
			import com.zy.common.i18n.I18nMessageService;
			import com.zy.common.entity.Parameter;
			import com.zy.common.model.PowerDto;
			import com.zy.common.model.enums.HtmlNavIconType;
			import com.zy.common.utils.MfaTotpUtil;
			import com.zy.common.utils.QrCode;
			import com.zy.common.utils.RandomValidateCodeUtil;
			import com.zy.system.entity.*;
			import com.zy.system.service.*;
			@@ -23,7 +26,11 @@
			import org.springframework.web.bind.annotation.RequestParam;
			import org.springframework.web.bind.annotation.RestController;

			import javax.servlet.http.HttpServletResponse;
			import jakarta.servlet.http.HttpServletResponse;
			import javax.imageio.ImageIO;
			import java.awt.image.BufferedImage;
			import java.io.ByteArrayOutputStream;
			import java.util.Base64;
			import java.util.*;

			/**
			@@ -50,13 +57,20 @@
			private RolePermissionService rolePermissionService;
			@Autowired
			private LicenseTimer licenseTimer;
			@Autowired
			private I18nMessageService i18nMessageService;
			@Autowired
			private MfaLoginTicketManager mfaLoginTicketManager;

			@RequestMapping("/login.action")
			@ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "登录")
			public R loginAction(String mobile, String password){
			//验证许可证是否有效
			if (!licenseTimer.getSystemSupport()){
			return R.parse(CodeRes.SYSTEM_20001);
			return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
			}
			if (Cools.isEmpty(mobile, password)) {
			return new R(10003, i18nMessageService.getMessage("response.user.passwordMismatch"));
			}
			if (mobile.equals("super") && password.equals(Cools.md5(superPwd))) {
			Map<String, Object> res = new HashMap<>();
			@@ -64,29 +78,51 @@
			res.put("token", Cools.enToken(System.currentTimeMillis() + mobile, superPwd));
			return R.ok(res);
			}
			EntityWrapper<User> userWrapper = new EntityWrapper<>();
			userWrapper.eq("mobile", mobile);
			User user = userService.selectOne(userWrapper);
			User user = userService.getByMobileWithMfa(mobile);
			if (Cools.isEmpty(user)){
			return R.parse(CodeRes.USER_10001);
			return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
			}
			if (user.getStatus()!=1){
			return R.parse(CodeRes.USER_10002);
			return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
			}
			if (!user.getPassword().equals(password)){
			return R.parse(CodeRes.USER_10003);
			return new R(10003, i18nMessageService.getMessage("response.user.passwordMismatch"));
			}
			String token = Cools.enToken(System.currentTimeMillis() + mobile, user.getPassword());
			userLoginService.delete(new EntityWrapper<UserLogin>().eq("user_id", user.getId()).eq("system", "WCS"));
			UserLogin userLogin = new UserLogin();
			userLogin.setUserId(user.getId());
			userLogin.setToken(token);
			userLogin.setSystem("WCS");
			userLoginService.insert(userLogin);
			Map<String, Object> res = new HashMap<>();
			res.put("username", user.getUsername());
			res.put("token", token);
			return R.ok(res);
			if (requiresMfa(user)) {
			Map<String, Object> res = new HashMap<>();
			res.put("username", user.getUsername());
			res.put("mfaRequired", true);
			res.put("mfaTicket", mfaLoginTicketManager.create(user.getId()));
			return R.ok(res);
			}
			return R.ok(buildLoginSuccess(user));
			}

			@RequestMapping("/login/mfa.action")
			@ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "MFA登录")
			public R loginMfaAction(String ticket, String code) {
			Long userId = mfaLoginTicketManager.getUserId(ticket);
			if (userId == null) {
			return new R(10004, i18nMessageService.getMessage("response.user.mfaTicketExpired"));
			}
			User user = userService.getByIdWithMfa(userId);
			if (Cools.isEmpty(user)) {
			mfaLoginTicketManager.remove(ticket);
			return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
			}
			if (user.getStatus() != 1) {
			mfaLoginTicketManager.remove(ticket);
			return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
			}
			if (!requiresMfa(user)) {
			mfaLoginTicketManager.remove(ticket);
			return new R(10005, i18nMessageService.getMessage("response.user.mfaNotEnabled"));
			}
			if (!MfaTotpUtil.verifyCode(user.getMfaSecret(), code, 1)) {
			return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
			}
			mfaLoginTicketManager.remove(ticket);
			return R.ok(buildLoginSuccess(user));
			}

			@RequestMapping("/code/switch.action")
			@@ -119,30 +155,108 @@
			@RequestMapping("/user/detail/auth")
			@ManagerAuth
			public R userDetail(){
			return R.ok(userService.selectById(getUserId()));
			User user = userService.getByIdWithMfa(getUserId());
			if (Cools.isEmpty(user)) {
			return R.ok();
			}
			return R.ok(buildSafeUserDetail(user));
			}

			@RequestMapping("/user/mfa/setup/auth")
			@ManagerAuth
			public R userMfaSetup() {
			User user = userService.getByIdWithMfa(getUserId());
			if (Cools.isEmpty(user)) {
			return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
			}
			if (!Integer.valueOf(1).equals(user.getMfaAllow())) {
			return new R(10007, i18nMessageService.getMessage("response.user.mfaNotAllowed"));
			}
			String secret = MfaTotpUtil.generateSecret();
			String account = !Cools.isEmpty(user.getMobile())
			? user.getMobile()
			: (!Cools.isEmpty(user.getUsername()) ? user.getUsername() : String.valueOf(user.getId()));
			String otpAuth = MfaTotpUtil.buildOtpAuthUri("WCS", account, secret);
			Map<String, Object> data = new HashMap<>();
			data.put("secret", secret);
			data.put("otpAuth", otpAuth);
			data.put("qrCode", renderQrCodeDataUri(otpAuth));
			return R.ok(data);
			}

			@RequestMapping("/user/mfa/enable/auth")
			@ManagerAuth
			@Transactional
			public R userMfaEnable(String currentPassword, String secret, String code) {
			User user = userService.getByIdWithMfa(getUserId());
			if (Cools.isEmpty(user)) {
			return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
			}
			if (!Integer.valueOf(1).equals(user.getMfaAllow())) {
			return new R(10007, i18nMessageService.getMessage("response.user.mfaNotAllowed"));
			}
			if (!Cools.eq(user.getPassword(), currentPassword)) {
			return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
			}
			String normalizedSecret = normalizeSecret(secret);
			if (Cools.isEmpty(normalizedSecret) \|\| !MfaTotpUtil.verifyCode(normalizedSecret, code, 1)) {
			return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
			}
			userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
			.eq("id", user.getId())
			.set("mfa_allow", 1)
			.set("mfa_enabled", 1)
			.set("mfa_secret", normalizedSecret)
			.set("mfa_bound_time", new Date()));
			return R.ok();
			}

			@RequestMapping("/user/mfa/disable/auth")
			@ManagerAuth
			@Transactional
			public R userMfaDisable(String currentPassword, String code) {
			User user = userService.getByIdWithMfa(getUserId());
			if (Cools.isEmpty(user)) {
			return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
			}
			if (!requiresMfa(user)) {
			return new R(10005, i18nMessageService.getMessage("response.user.mfaNotEnabled"));
			}
			if (!Cools.eq(user.getPassword(), currentPassword)) {
			return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
			}
			if (!MfaTotpUtil.verifyCode(user.getMfaSecret(), code, 1)) {
			return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
			}
			userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
			.eq("id", user.getId())
			.set("mfa_enabled", 0)
			.set("mfa_secret", null)
			.set("mfa_bound_time", null));
			return R.ok();
			}

			@RequestMapping("/menu/auth")
			@ManagerAuth(memo = "首页菜单")
			public R menu(){
			// 获取所有一级菜单
			List<Resource> oneLevel = resourceService.selectList(new EntityWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy("sort"));
			List<Resource> oneLevel = resourceService.list(new QueryWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy(true, true, "sort"));
			User user = null;
			Wrapper<Resource> resourceWrapper;
			QueryWrapper<Resource> resourceWrapper;
			if (getUserId() == 9527) {
			resourceWrapper = new EntityWrapper<Resource>().eq("level", 2).eq("status", 1).orderBy("sort");
			resourceWrapper = new QueryWrapper<Resource>().eq("level", 2).eq("status", 1).orderBy(true, true, "sort");
			} else {
			// 获取当前用户的所有二级菜单
			user = userService.selectById(getUserId());
			List<RoleResource> roleResources = roleResourceService.selectList(new EntityWrapper<RoleResource>().eq("role_id", user.getRoleId()));
			user = userService.getById(getUserId());
			List<RoleResource> roleResources = roleResourceService.list(new QueryWrapper<RoleResource>().eq("role_id", user.getRoleId()));
			List<Long> resourceIds = new ArrayList<>();
			roleResources.forEach(roleResource -> resourceIds.add(roleResource.getResourceId()));
			if (resourceIds.isEmpty()){
			return R.ok();
			}
			resourceWrapper = new EntityWrapper<Resource>().in("id", resourceIds).eq("level", 2).eq("status", 1).orderBy("sort");
			resourceWrapper = new QueryWrapper<Resource>().in("id", resourceIds).eq("level", 2).eq("status", 1).orderBy(true, true, "sort");
			}
			List<Resource> twoLevel = resourceService.selectList(resourceWrapper);
			List<Resource> twoLevel = resourceService.list(resourceWrapper);
			List<Map<String, Object>> result = new ArrayList<>();
			for (Resource menu : oneLevel) {
			Map<String, Object> map = new HashMap<>();
			@@ -154,17 +268,20 @@

			// 是否拥有查看权限
			if (getUserId() != 9527) {
			Resource view = resourceService.selectOne(new EntityWrapper<Resource>().eq("resource_id", resource.getId()).like("code", "view"));
			Resource view = firstResource(new QueryWrapper<Resource>()
			.eq("resource_id", resource.getId())
			.like("code", "view"));
			if (!Cools.isEmpty(view)){
			RoleResource param = new RoleResource();
			param.setResourceId(view.getId());
			param.setRoleId(user.getRoleId());
			if (null == roleResourceService.selectOne(new EntityWrapper<>(param))){
			if (!existsRoleResource(new QueryWrapper<>(param))){
			continue;
			}
			}
			}

			resource.setName(localizeResourceName(resource));
			subMenu.add(resource);
			iterator.remove();
			}
			@@ -175,7 +292,7 @@
			map.put("menuId", menu.getId());
			map.put("menuCode", menu.getCode());
			map.put("menuIcon", HtmlNavIconType.get(menu.getCode()));
			map.put("menu", menu.getName());
			map.put("menu", localizeResourceName(menu));
			map.put("subMenu", subMenu);
			result.add(map);
			}
			@@ -185,31 +302,31 @@
			@RequestMapping("/power/list/auth")
			@ManagerAuth
			public R powerList(){
			List<Resource> oneLevels = resourceService.selectList(new EntityWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy("sort"));
			List<Resource> oneLevels = resourceService.list(new QueryWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy(true, true, "sort"));
			List<Map> result = new ArrayList<>();
			// 一级
			for (Resource oneLevel : oneLevels){
			List<Map> twoLevelsList = new ArrayList<>();
			Map<String, Object> oneLevelMap = new HashMap<>();
			oneLevelMap.put("title", oneLevel.getName());
			oneLevelMap.put("title", localizeResourceName(oneLevel));
			oneLevelMap.put("id", oneLevel.getId());
			oneLevelMap.put("spread", true);
			oneLevelMap.put("children", twoLevelsList);
			List<Resource> twoLevels = resourceService.selectList(new EntityWrapper<Resource>().eq("resource_id", oneLevel.getId()).eq("level", 2).eq("status", 1).orderBy("sort"));
			List<Resource> twoLevels = resourceService.list(new QueryWrapper<Resource>().eq("resource_id", oneLevel.getId()).eq("level", 2).eq("status", 1).orderBy(true, true, "sort"));
			// 二级
			for (Resource twoLevel : twoLevels){
			Map<String, Object> twoLevelMap = new HashMap<>();
			twoLevelMap.put("title", twoLevel.getName());
			twoLevelMap.put("title", localizeResourceName(twoLevel));
			twoLevelMap.put("id", twoLevel.getId());
			twoLevelMap.put("spread", false);

			List<Map> threeLevelsList = new ArrayList<>();
			twoLevelMap.put("children", threeLevelsList);
			// 三级
			List<Resource> threeLevels = resourceService.selectList(new EntityWrapper<Resource>().eq("resource_id", twoLevel.getId()).eq("level", 3).eq("status", 1).orderBy("sort"));
			List<Resource> threeLevels = resourceService.list(new QueryWrapper<Resource>().eq("resource_id", twoLevel.getId()).eq("level", 3).eq("status", 1).orderBy(true, true, "sort"));
			for (Resource threeLevel : threeLevels){
			Map<String, Object> threeLevelMap = new HashMap<>();
			threeLevelMap.put("title", threeLevel.getName());
			threeLevelMap.put("title", localizeResourceName(threeLevel));
			threeLevelMap.put("id", threeLevel.getId());
			threeLevelMap.put("checked", false);
			threeLevelsList.add(threeLevelMap);
			@@ -222,15 +339,15 @@

			// 功能模块
			Map<String, Object> functions = new HashMap<>();
			functions.put("title", "指定功能");
			functions.put("title", i18nMessageService.getMessage("permission.function"));
			functions.put("id", "function");
			functions.put("spread", true);
			List<Map> funcs = new ArrayList<>();
			functions.put("children", funcs);
			List<Permission> permissions = permissionService.selectList(new EntityWrapper<Permission>().eq("status", 1));
			List<Permission> permissions = permissionService.list(new QueryWrapper<Permission>().eq("status", 1));
			for (Permission permission : permissions) {
			Map<String, Object> func = new HashMap<>();
			func.put("title", permission.getName());
			func.put("title", i18nMessageService.resolvePermissionText(permission.getName(), permission.getAction(), permission.getId()));
			func.put("id", permission.getAction());
			func.put("spread", true);
			funcs.add(func);
			@@ -240,14 +357,78 @@
			return R.ok(result);
			}

			private Map<String, Object> buildLoginSuccess(User user) {
			String token = Cools.enToken(System.currentTimeMillis() + user.getMobile(), user.getPassword());
			userLoginService.remove(new QueryWrapper<UserLogin>().eq("user_id", user.getId()).eq("system_type", "WCS"));
			UserLogin userLogin = new UserLogin();
			userLogin.setUserId(user.getId());
			userLogin.setToken(token);
			userLogin.setSystemType("WCS");
			userLoginService.save(userLogin);
			Map<String, Object> result = new HashMap<>();
			result.put("username", user.getUsername());
			result.put("token", token);
			result.put("mfaRequired", false);
			return result;
			}

			private boolean requiresMfa(User user) {
			return user != null
			&& Integer.valueOf(1).equals(user.getMfaAllow())
			&& Integer.valueOf(1).equals(user.getMfaEnabled())
			&& !Cools.isEmpty(user.getMfaSecret());
			}

			private Map<String, Object> buildSafeUserDetail(User user) {
			Map<String, Object> result = new HashMap<>();
			result.put("id", user.getId());
			result.put("roleName", user.getRoleName());
			result.put("username", user.getUsername());
			result.put("mobile", user.getMobile());
			result.put("createTime$", user.getCreateTime$());
			result.put("mfaAllow", user.getMfaAllow());
			result.put("mfaAllow$", user.getMfaAllow$());
			result.put("mfaEnabled", user.getMfaEnabled());
			result.put("mfaEnabled$", user.getMfaEnabled$());
			result.put("mfaBoundTime$", user.getMfaBoundTime$());
			result.put("mfaMaskedSecret", MfaTotpUtil.maskSecret(user.getMfaSecret()));
			return result;
			}

			private String renderQrCodeDataUri(String content) {
			try {
			BufferedImage image = QrCode.createImg(content, 220);
			ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
			ImageIO.write(image, "jpg", outputStream);
			return "data:image/jpeg;base64," + Base64.getEncoder().encodeToString(outputStream.toByteArray());
			} catch (Exception e) {
			return "";
			}
			}

			private String normalizeSecret(String secret) {
			if (Cools.isEmpty(secret)) {
			return "";
			}
			return String.valueOf(secret)
			.trim()
			.replace(" ", "")
			.replace("-", "")
			.toUpperCase(Locale.ROOT);
			}

			private String localizeResourceName(Resource resource) {
			return i18nMessageService.resolveResourceText(resource.getName(), resource.getCode(), resource.getId());
			}

			@RequestMapping(value = "/power/{roleId}/auth")
			@ManagerAuth
			public R get(@PathVariable("roleId") Long roleId) {
			List<Object> result = new ArrayList<>();
			// 菜单
			List<RoleResource> roleResources = roleResourceService.selectList(new EntityWrapper<RoleResource>().eq("role_id", roleId));
			List<RoleResource> roleResources = roleResourceService.list(new QueryWrapper<RoleResource>().eq("role_id", roleId));
			for (RoleResource roleResource : roleResources){
			Resource resource = resourceService.selectById(roleResource.getResourceId());
			Resource resource = resourceService.getById(roleResource.getResourceId());
			if (!Cools.isEmpty(resource)){
			if (resource.getLevel() == 3){
			result.add(resource.getId());
			@@ -255,9 +436,9 @@
			}
			}
			// 功能
			List<RolePermission> rolePermissions = rolePermissionService.selectList(new EntityWrapper<RolePermission>().eq("role_id", roleId));
			List<RolePermission> rolePermissions = rolePermissionService.list(new QueryWrapper<RolePermission>().eq("role_id", roleId));
			for (RolePermission rolePermission : rolePermissions){
			Permission permission = permissionService.selectById(rolePermission.getPermissionId());
			Permission permission = permissionService.getById(rolePermission.getPermissionId());
			if (!Cools.isEmpty(permission)){
			result.add(permission.getAction());
			}
			@@ -269,18 +450,18 @@
			@ManagerAuth(memo = "授权")
			@Transactional
			public R power(Long roleId, String powers){
			Role role = roleService.selectById(roleId);
			Role role = roleService.getById(roleId);
			Long leaderId = role.getLeader();
			roleResourceService.delete(new EntityWrapper<RoleResource>().eq("role_id", roleId));
			rolePermissionService.delete(new EntityWrapper<RolePermission>().eq("role_id", roleId));
			roleResourceService.remove(new QueryWrapper<RoleResource>().eq("role_id", roleId));
			rolePermissionService.remove(new QueryWrapper<RolePermission>().eq("role_id", roleId));
			if (!Cools.isEmpty(powers)){
			List<PowerDto> dtos = JSON.parseArray(powers, PowerDto.class);
			for (PowerDto dto : dtos) {
			Resource resource = resourceService.selectOne(new EntityWrapper<Resource>().eq("id", dto.getTwo()).eq("level", 2));
			Resource resource = resourceService.getOne(new QueryWrapper<Resource>().eq("id", dto.getTwo()).eq("level", 2));
			if (!Cools.isEmpty(resource)) {
			// 校验上级权限
			if (leaderId != null) {
			RoleResource roleResource = roleResourceService.selectOne(new EntityWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource.getId()));
			RoleResource roleResource = roleResourceService.getOne(new QueryWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource.getId()));
			if (null == roleResource) {
			throw new CoolException(resource.getName().concat("无法授权给").concat(role.getName()));
			}
			@@ -288,22 +469,22 @@
			RoleResource roleResource = new RoleResource();
			roleResource.setRoleId(roleId);
			roleResource.setResourceId(resource.getId());
			roleResourceService.insert(roleResource);
			roleResourceService.save(roleResource);
			} else {
			Permission permission = permissionService.selectOne(new EntityWrapper<Permission>().eq("action", dto.getTwo()));
			Permission permission = permissionService.getOne(new QueryWrapper<Permission>().eq("action", dto.getTwo()));
			if (!Cools.isEmpty(permission)){
			RolePermission rolePermission = new RolePermission();
			rolePermission.setRoleId(roleId);
			rolePermission.setPermissionId(permission.getId());
			rolePermissionService.insert(rolePermission);
			rolePermissionService.save(rolePermission);
			}
			}
			for (String three : dto.getThree()){
			Resource resource1 = resourceService.selectOne(new EntityWrapper<Resource>().eq("id", three).eq("level", 3));
			Resource resource1 = resourceService.getOne(new QueryWrapper<Resource>().eq("id", three).eq("level", 3));
			if (!Cools.isEmpty(resource1)) {
			// 校验上级权限
			if (leaderId != null) {
			RoleResource roleResource = roleResourceService.selectOne(new EntityWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource1.getId()));
			RoleResource roleResource = roleResourceService.getOne(new QueryWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource1.getId()));
			if (null == roleResource) {
			throw new CoolException(resource.getName().concat("的").concat(resource1.getName().concat("无法授权给").concat(role.getName())));
			}
			@@ -311,7 +492,7 @@
			RoleResource roleResource = new RoleResource();
			roleResource.setRoleId(roleId);
			roleResource.setResourceId(resource1.getId());
			roleResourceService.insert(roleResource);
			roleResourceService.save(roleResource);
			}
			}
			}
			@@ -324,7 +505,7 @@
			public R buttonResource(@PathVariable("resourceId") Long resourceId) {
			List<Resource> resources;
			if (getUserId() == 9527) {
			resources = resourceService.selectList(new EntityWrapper<Resource>().eq("level", 3).eq("resource_id", resourceId));
			resources = resourceService.list(new QueryWrapper<Resource>().eq("level", 3).eq("resource_id", resourceId));
			} else {
			resources = roleResourceService.getMenuButtomResource(resourceId, getUserId());
			}
			@@ -334,5 +515,16 @@
			return R.ok(resources);
			}

			private Resource firstResource(QueryWrapper<Resource> wrapper) {
			wrapper.last("limit 1");
			List<Resource> list = resourceService.list(wrapper);
			return list.isEmpty() ? null : list.get(0);
			}

			private boolean existsRoleResource(QueryWrapper<RoleResource> wrapper) {
			wrapper.last("limit 1");
			return !roleResourceService.list(wrapper).isEmpty();
			}


			}