From bd6b518aae61608ddc2d82b43ccc283dc95b9c54 Mon Sep 17 00:00:00 2001
From: Junjie <fallin.jie@qq.com>
Date: 星期三, 11 三月 2026 13:59:33 +0800
Subject: [PATCH] #
---
src/main/java/com/zy/common/web/AuthController.java | 615 ++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 558 insertions(+), 57 deletions(-)
diff --git a/src/main/java/com/zy/common/web/AuthController.java b/src/main/java/com/zy/common/web/AuthController.java
index a86b971..0d3d427 100644
--- a/src/main/java/com/zy/common/web/AuthController.java
+++ b/src/main/java/com/zy/common/web/AuthController.java
@@ -1,16 +1,21 @@
package com.zy.common.web;
import com.alibaba.fastjson.JSON;
-import com.baomidou.mybatisplus.mapper.EntityWrapper;
-import com.baomidou.mybatisplus.mapper.Wrapper;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.core.annotations.ManagerAuth;
import com.core.common.Cools;
import com.core.common.R;
import com.core.exception.CoolException;
import com.zy.common.CodeRes;
+import com.zy.common.auth.MfaLoginTicketManager;
+import com.zy.common.auth.PasskeyChallengeManager;
+import com.zy.common.i18n.I18nMessageService;
import com.zy.common.entity.Parameter;
import com.zy.common.model.PowerDto;
import com.zy.common.model.enums.HtmlNavIconType;
+import com.zy.common.utils.MfaTotpUtil;
+import com.zy.common.utils.PasskeyWebAuthnUtil;
+import com.zy.common.utils.QrCode;
import com.zy.common.utils.RandomValidateCodeUtil;
import com.zy.system.entity.*;
import com.zy.system.service.*;
@@ -23,7 +28,11 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.HttpServletResponse;
+import jakarta.servlet.http.HttpServletResponse;
+import javax.imageio.ImageIO;
+import java.awt.image.BufferedImage;
+import java.io.ByteArrayOutputStream;
+import java.util.Base64;
import java.util.*;
/**
@@ -50,13 +59,22 @@
private RolePermissionService rolePermissionService;
@Autowired
private LicenseTimer licenseTimer;
+ @Autowired
+ private I18nMessageService i18nMessageService;
+ @Autowired
+ private MfaLoginTicketManager mfaLoginTicketManager;
+ @Autowired
+ private PasskeyChallengeManager passkeyChallengeManager;
@RequestMapping("/login.action")
@ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "鐧诲綍")
public R loginAction(String mobile, String password){
//楠岃瘉璁稿彲璇佹槸鍚︽湁鏁�
if (!licenseTimer.getSystemSupport()){
- return R.parse(CodeRes.SYSTEM_20001);
+ return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
+ }
+ if (Cools.isEmpty(mobile, password)) {
+ return new R(10003, i18nMessageService.getMessage("response.user.passwordMismatch"));
}
if (mobile.equals("super") && password.equals(Cools.md5(superPwd))) {
Map<String, Object> res = new HashMap<>();
@@ -64,29 +82,133 @@
res.put("token", Cools.enToken(System.currentTimeMillis() + mobile, superPwd));
return R.ok(res);
}
- EntityWrapper<User> userWrapper = new EntityWrapper<>();
- userWrapper.eq("mobile", mobile);
- User user = userService.selectOne(userWrapper);
+ User user = userService.getByMobileWithSecurity(mobile);
if (Cools.isEmpty(user)){
- return R.parse(CodeRes.USER_10001);
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
}
if (user.getStatus()!=1){
- return R.parse(CodeRes.USER_10002);
+ return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
}
if (!user.getPassword().equals(password)){
- return R.parse(CodeRes.USER_10003);
+ return new R(10003, i18nMessageService.getMessage("response.user.passwordMismatch"));
}
- String token = Cools.enToken(System.currentTimeMillis() + mobile, user.getPassword());
- userLoginService.delete(new EntityWrapper<UserLogin>().eq("user_id", user.getId()).eq("system_type", "WCS"));
- UserLogin userLogin = new UserLogin();
- userLogin.setUserId(user.getId());
- userLogin.setToken(token);
- userLogin.setSystemType("WCS");
- userLoginService.insert(userLogin);
- Map<String, Object> res = new HashMap<>();
- res.put("username", user.getUsername());
- res.put("token", token);
- return R.ok(res);
+ if (requiresMfa(user)) {
+ Map<String, Object> res = new HashMap<>();
+ res.put("username", user.getUsername());
+ res.put("mfaRequired", true);
+ res.put("mfaTicket", mfaLoginTicketManager.create(user.getId()));
+ return R.ok(res);
+ }
+ return R.ok(buildLoginSuccess(user));
+ }
+
+ @RequestMapping("/login/mfa.action")
+ @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "MFA鐧诲綍")
+ public R loginMfaAction(String ticket, String code) {
+ Long userId = mfaLoginTicketManager.getUserId(ticket);
+ if (userId == null) {
+ return new R(10004, i18nMessageService.getMessage("response.user.mfaTicketExpired"));
+ }
+ User user = userService.getByIdWithSecurity(userId);
+ if (Cools.isEmpty(user)) {
+ mfaLoginTicketManager.remove(ticket);
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (user.getStatus() != 1) {
+ mfaLoginTicketManager.remove(ticket);
+ return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
+ }
+ if (!requiresMfa(user)) {
+ mfaLoginTicketManager.remove(ticket);
+ return new R(10005, i18nMessageService.getMessage("response.user.mfaNotEnabled"));
+ }
+ if (!MfaTotpUtil.verifyCode(user.getMfaSecret(), code, 1)) {
+ return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
+ }
+ mfaLoginTicketManager.remove(ticket);
+ return R.ok(buildLoginSuccess(user));
+ }
+
+ @RequestMapping("/login/passkey/options.action")
+ @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "閫氳瀵嗛挜鐧诲綍鍙傛暟")
+ public R loginPasskeyOptions(String mobile) {
+ if (!licenseTimer.getSystemSupport()) {
+ return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
+ }
+ String origin = PasskeyWebAuthnUtil.buildOrigin(request);
+ String rpId = PasskeyWebAuthnUtil.buildRpId(request);
+ if (!PasskeyWebAuthnUtil.isSecureOriginAllowed(origin, rpId)) {
+ return new R(10009, i18nMessageService.getMessage("response.user.passkeySecureContextRequired"));
+ }
+ User user = null;
+ if (!Cools.isEmpty(mobile)) {
+ user = userService.getByMobileWithSecurity(mobile);
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (user.getStatus() != 1) {
+ return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
+ }
+ if (!hasPasskeyBound(user)) {
+ return new R(10010, i18nMessageService.getMessage("response.user.passkeyNotBound"));
+ }
+ }
+ PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.createAuthentication(user == null ? null : user.getId(), origin, rpId);
+ return R.ok(buildPasskeyAuthenticationOptions(state, user));
+ }
+
+ @RequestMapping("/login/passkey/verify.action")
+ @ManagerAuth(value = ManagerAuth.Auth.NONE, memo = "閫氳瀵嗛挜鐧诲綍")
+ public R loginPasskeyVerify(String ticket,
+ String credentialId,
+ String clientDataJSON,
+ String authenticatorData,
+ String signature) {
+ if (!licenseTimer.getSystemSupport()) {
+ return new R(20001, i18nMessageService.getMessage("response.system.licenseExpired"));
+ }
+ PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.get(ticket, PasskeyChallengeManager.Purpose.AUTHENTICATION);
+ if (state == null) {
+ return new R(10011, i18nMessageService.getMessage("response.user.passkeyTicketExpired"));
+ }
+ try {
+ com.alibaba.fastjson.JSONObject clientData = PasskeyWebAuthnUtil.parseClientData(clientDataJSON);
+ PasskeyWebAuthnUtil.validateClientData(clientData, "webauthn.get", state.getChallenge(), state.getOrigin());
+ PasskeyWebAuthnUtil.AuthenticatorData authData = PasskeyWebAuthnUtil.validateAuthenticatorData(authenticatorData, state.getRpId(), true);
+ User user = state.getUserId() == null
+ ? userService.getByPasskeyCredentialId(credentialId)
+ : userService.getByIdWithSecurity(state.getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (user.getStatus() != 1) {
+ return new R(10002, i18nMessageService.getMessage("response.user.disabled"));
+ }
+ if (!hasPasskeyBound(user) || !Cools.eq(user.getPasskeyCredentialId(), credentialId)) {
+ return new R(10010, i18nMessageService.getMessage("response.user.passkeyNotBound"));
+ }
+ PasskeyWebAuthnUtil.verifyAssertionSignature(
+ user.getPasskeyPublicKey(),
+ user.getPasskeyAlgorithm(),
+ authenticatorData,
+ clientDataJSON,
+ signature
+ );
+ long nextSignCount = authData.getSignCount();
+ Long currentSignCount = user.getPasskeySignCount();
+ if (currentSignCount != null && currentSignCount > 0 && nextSignCount > 0 && nextSignCount <= currentSignCount) {
+ return new R(10012, i18nMessageService.getMessage("response.user.passkeyCounterMismatch"));
+ }
+ userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
+ .eq("id", user.getId())
+ .set("passkey_sign_count", nextSignCount)
+ .set("passkey_last_used_time", new Date()));
+ return R.ok(buildLoginSuccess(user));
+ } catch (Exception ex) {
+ return new R(10013, i18nMessageService.getMessage("response.user.passkeyVerifyFailed"));
+ } finally {
+ passkeyChallengeManager.remove(ticket);
+ }
}
@RequestMapping("/code/switch.action")
@@ -119,30 +241,210 @@
@RequestMapping("/user/detail/auth")
@ManagerAuth
public R userDetail(){
- return R.ok(userService.selectById(getUserId()));
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return R.ok();
+ }
+ return R.ok(buildSafeUserDetail(user));
+ }
+
+ @RequestMapping("/user/mfa/setup/auth")
+ @ManagerAuth
+ public R userMfaSetup() {
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (!Integer.valueOf(1).equals(user.getMfaAllow())) {
+ return new R(10007, i18nMessageService.getMessage("response.user.mfaNotAllowed"));
+ }
+ String secret = MfaTotpUtil.generateSecret();
+ String account = !Cools.isEmpty(user.getMobile())
+ ? user.getMobile()
+ : (!Cools.isEmpty(user.getUsername()) ? user.getUsername() : String.valueOf(user.getId()));
+ String otpAuth = MfaTotpUtil.buildOtpAuthUri("WCS", account, secret);
+ Map<String, Object> data = new HashMap<>();
+ data.put("secret", secret);
+ data.put("otpAuth", otpAuth);
+ data.put("qrCode", renderQrCodeDataUri(otpAuth));
+ return R.ok(data);
+ }
+
+ @RequestMapping("/user/mfa/enable/auth")
+ @ManagerAuth
+ @Transactional
+ public R userMfaEnable(String currentPassword, String secret, String code) {
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (!Integer.valueOf(1).equals(user.getMfaAllow())) {
+ return new R(10007, i18nMessageService.getMessage("response.user.mfaNotAllowed"));
+ }
+ if (!Cools.eq(user.getPassword(), currentPassword)) {
+ return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
+ }
+ String normalizedSecret = normalizeSecret(secret);
+ if (Cools.isEmpty(normalizedSecret) || !MfaTotpUtil.verifyCode(normalizedSecret, code, 1)) {
+ return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
+ }
+ userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
+ .eq("id", user.getId())
+ .set("mfa_allow", 1)
+ .set("mfa_enabled", 1)
+ .set("mfa_secret", normalizedSecret)
+ .set("mfa_bound_time", new Date()));
+ return R.ok();
+ }
+
+ @RequestMapping("/user/mfa/disable/auth")
+ @ManagerAuth
+ @Transactional
+ public R userMfaDisable(String currentPassword, String code) {
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (!requiresMfa(user)) {
+ return new R(10005, i18nMessageService.getMessage("response.user.mfaNotEnabled"));
+ }
+ if (!Cools.eq(user.getPassword(), currentPassword)) {
+ return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
+ }
+ if (!MfaTotpUtil.verifyCode(user.getMfaSecret(), code, 1)) {
+ return new R(10006, i18nMessageService.getMessage("response.user.mfaCodeMismatch"));
+ }
+ userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
+ .eq("id", user.getId())
+ .set("mfa_enabled", 0)
+ .set("mfa_secret", null)
+ .set("mfa_bound_time", null));
+ return R.ok();
+ }
+
+ @RequestMapping("/user/passkey/register/options/auth")
+ @ManagerAuth
+ public R userPasskeyRegisterOptions() {
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (hasPasskeyBound(user)) {
+ return new R(10014, i18nMessageService.getMessage("response.user.passkeyAlreadyBound"));
+ }
+ String origin = PasskeyWebAuthnUtil.buildOrigin(request);
+ String rpId = PasskeyWebAuthnUtil.buildRpId(request);
+ if (!PasskeyWebAuthnUtil.isSecureOriginAllowed(origin, rpId)) {
+ return new R(10009, i18nMessageService.getMessage("response.user.passkeySecureContextRequired"));
+ }
+ PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.createRegistration(user.getId(), origin, rpId);
+ return R.ok(buildPasskeyRegistrationOptions(state, user));
+ }
+
+ @RequestMapping("/user/passkey/register/finish/auth")
+ @ManagerAuth
+ @Transactional
+ public R userPasskeyRegisterFinish(String ticket,
+ String currentPassword,
+ String name,
+ String credentialId,
+ String clientDataJSON,
+ String authenticatorData,
+ String publicKey,
+ Integer publicKeyAlgorithm,
+ String transports) {
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (!Cools.eq(user.getPassword(), currentPassword)) {
+ return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
+ }
+ if (hasPasskeyBound(user)) {
+ return new R(10014, i18nMessageService.getMessage("response.user.passkeyAlreadyBound"));
+ }
+ PasskeyChallengeManager.ChallengeState state = passkeyChallengeManager.get(ticket, PasskeyChallengeManager.Purpose.REGISTRATION);
+ if (state == null || !Objects.equals(state.getUserId(), user.getId())) {
+ return new R(10011, i18nMessageService.getMessage("response.user.passkeyTicketExpired"));
+ }
+ try {
+ com.alibaba.fastjson.JSONObject clientData = PasskeyWebAuthnUtil.parseClientData(clientDataJSON);
+ PasskeyWebAuthnUtil.validateClientData(clientData, "webauthn.create", state.getChallenge(), state.getOrigin());
+ PasskeyWebAuthnUtil.AuthenticatorData authData = PasskeyWebAuthnUtil.validateAuthenticatorData(authenticatorData, state.getRpId(), true);
+ PasskeyWebAuthnUtil.ensurePublicKeyMaterial(publicKey, publicKeyAlgorithm);
+ if (Cools.isEmpty(credentialId)) {
+ return new R(10013, i18nMessageService.getMessage("response.user.passkeyRegisterFailed"));
+ }
+ User exist = userService.getByPasskeyCredentialId(credentialId);
+ if (!Cools.isEmpty(exist) && !Objects.equals(exist.getId(), user.getId())) {
+ return new R(10015, i18nMessageService.getMessage("response.user.passkeyCredentialExists"));
+ }
+ userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
+ .eq("id", user.getId())
+ .set("passkey_name", normalizePasskeyName(name))
+ .set("passkey_credential_id", credentialId)
+ .set("passkey_public_key", publicKey)
+ .set("passkey_algorithm", publicKeyAlgorithm)
+ .set("passkey_sign_count", authData.getSignCount())
+ .set("passkey_transports", normalizePasskeyTransports(transports))
+ .set("passkey_bound_time", new Date())
+ .set("passkey_last_used_time", null));
+ return R.ok();
+ } catch (Exception ex) {
+ return new R(10016, i18nMessageService.getMessage("response.user.passkeyRegisterFailed"));
+ } finally {
+ passkeyChallengeManager.remove(ticket);
+ }
+ }
+
+ @RequestMapping("/user/passkey/remove/auth")
+ @ManagerAuth
+ @Transactional
+ public R userPasskeyRemove(String currentPassword) {
+ User user = userService.getByIdWithSecurity(getUserId());
+ if (Cools.isEmpty(user)) {
+ return new R(10001, i18nMessageService.getMessage("response.user.notFound"));
+ }
+ if (!hasPasskeyBound(user)) {
+ return new R(10010, i18nMessageService.getMessage("response.user.passkeyNotBound"));
+ }
+ if (!Cools.eq(user.getPassword(), currentPassword)) {
+ return new R(10008, i18nMessageService.getMessage("response.user.oldPasswordMismatch"));
+ }
+ userService.update(new com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper<User>()
+ .eq("id", user.getId())
+ .set("passkey_name", null)
+ .set("passkey_credential_id", null)
+ .set("passkey_public_key", null)
+ .set("passkey_algorithm", null)
+ .set("passkey_sign_count", 0)
+ .set("passkey_transports", null)
+ .set("passkey_bound_time", null)
+ .set("passkey_last_used_time", null));
+ return R.ok();
}
@RequestMapping("/menu/auth")
@ManagerAuth(memo = "棣栭〉鑿滃崟")
public R menu(){
// 鑾峰彇鎵�鏈変竴绾ц彍鍗�
- List<Resource> oneLevel = resourceService.selectList(new EntityWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy("sort"));
+ List<Resource> oneLevel = resourceService.list(new QueryWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy(true, true, "sort"));
User user = null;
- Wrapper<Resource> resourceWrapper;
+ QueryWrapper<Resource> resourceWrapper;
if (getUserId() == 9527) {
- resourceWrapper = new EntityWrapper<Resource>().eq("level", 2).eq("status", 1).orderBy("sort");
+ resourceWrapper = new QueryWrapper<Resource>().eq("level", 2).eq("status", 1).orderBy(true, true, "sort");
} else {
// 鑾峰彇褰撳墠鐢ㄦ埛鐨勬墍鏈変簩绾ц彍鍗�
- user = userService.selectById(getUserId());
- List<RoleResource> roleResources = roleResourceService.selectList(new EntityWrapper<RoleResource>().eq("role_id", user.getRoleId()));
+ user = userService.getById(getUserId());
+ List<RoleResource> roleResources = roleResourceService.list(new QueryWrapper<RoleResource>().eq("role_id", user.getRoleId()));
List<Long> resourceIds = new ArrayList<>();
roleResources.forEach(roleResource -> resourceIds.add(roleResource.getResourceId()));
if (resourceIds.isEmpty()){
return R.ok();
}
- resourceWrapper = new EntityWrapper<Resource>().in("id", resourceIds).eq("level", 2).eq("status", 1).orderBy("sort");
+ resourceWrapper = new QueryWrapper<Resource>().in("id", resourceIds).eq("level", 2).eq("status", 1).orderBy(true, true, "sort");
}
- List<Resource> twoLevel = resourceService.selectList(resourceWrapper);
+ List<Resource> twoLevel = resourceService.list(resourceWrapper);
List<Map<String, Object>> result = new ArrayList<>();
for (Resource menu : oneLevel) {
Map<String, Object> map = new HashMap<>();
@@ -154,17 +456,20 @@
// 鏄惁鎷ユ湁鏌ョ湅鏉冮檺
if (getUserId() != 9527) {
- Resource view = resourceService.selectOne(new EntityWrapper<Resource>().eq("resource_id", resource.getId()).like("code", "view"));
+ Resource view = firstResource(new QueryWrapper<Resource>()
+ .eq("resource_id", resource.getId())
+ .like("code", "view"));
if (!Cools.isEmpty(view)){
RoleResource param = new RoleResource();
param.setResourceId(view.getId());
param.setRoleId(user.getRoleId());
- if (null == roleResourceService.selectOne(new EntityWrapper<>(param))){
+ if (!existsRoleResource(new QueryWrapper<>(param))){
continue;
}
}
}
+ resource.setName(localizeResourceName(resource));
subMenu.add(resource);
iterator.remove();
}
@@ -175,7 +480,7 @@
map.put("menuId", menu.getId());
map.put("menuCode", menu.getCode());
map.put("menuIcon", HtmlNavIconType.get(menu.getCode()));
- map.put("menu", menu.getName());
+ map.put("menu", localizeResourceName(menu));
map.put("subMenu", subMenu);
result.add(map);
}
@@ -185,31 +490,31 @@
@RequestMapping("/power/list/auth")
@ManagerAuth
public R powerList(){
- List<Resource> oneLevels = resourceService.selectList(new EntityWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy("sort"));
+ List<Resource> oneLevels = resourceService.list(new QueryWrapper<Resource>().eq("level", 1).eq("status", 1).orderBy(true, true, "sort"));
List<Map> result = new ArrayList<>();
// 涓�绾�
for (Resource oneLevel : oneLevels){
List<Map> twoLevelsList = new ArrayList<>();
Map<String, Object> oneLevelMap = new HashMap<>();
- oneLevelMap.put("title", oneLevel.getName());
+ oneLevelMap.put("title", localizeResourceName(oneLevel));
oneLevelMap.put("id", oneLevel.getId());
oneLevelMap.put("spread", true);
oneLevelMap.put("children", twoLevelsList);
- List<Resource> twoLevels = resourceService.selectList(new EntityWrapper<Resource>().eq("resource_id", oneLevel.getId()).eq("level", 2).eq("status", 1).orderBy("sort"));
+ List<Resource> twoLevels = resourceService.list(new QueryWrapper<Resource>().eq("resource_id", oneLevel.getId()).eq("level", 2).eq("status", 1).orderBy(true, true, "sort"));
// 浜岀骇
for (Resource twoLevel : twoLevels){
Map<String, Object> twoLevelMap = new HashMap<>();
- twoLevelMap.put("title", twoLevel.getName());
+ twoLevelMap.put("title", localizeResourceName(twoLevel));
twoLevelMap.put("id", twoLevel.getId());
twoLevelMap.put("spread", false);
List<Map> threeLevelsList = new ArrayList<>();
twoLevelMap.put("children", threeLevelsList);
// 涓夌骇
- List<Resource> threeLevels = resourceService.selectList(new EntityWrapper<Resource>().eq("resource_id", twoLevel.getId()).eq("level", 3).eq("status", 1).orderBy("sort"));
+ List<Resource> threeLevels = resourceService.list(new QueryWrapper<Resource>().eq("resource_id", twoLevel.getId()).eq("level", 3).eq("status", 1).orderBy(true, true, "sort"));
for (Resource threeLevel : threeLevels){
Map<String, Object> threeLevelMap = new HashMap<>();
- threeLevelMap.put("title", threeLevel.getName());
+ threeLevelMap.put("title", localizeResourceName(threeLevel));
threeLevelMap.put("id", threeLevel.getId());
threeLevelMap.put("checked", false);
threeLevelsList.add(threeLevelMap);
@@ -222,15 +527,15 @@
// 鍔熻兘妯″潡
Map<String, Object> functions = new HashMap<>();
- functions.put("title", "鎸囧畾鍔熻兘");
+ functions.put("title", i18nMessageService.getMessage("permission.function"));
functions.put("id", "function");
functions.put("spread", true);
List<Map> funcs = new ArrayList<>();
functions.put("children", funcs);
- List<Permission> permissions = permissionService.selectList(new EntityWrapper<Permission>().eq("status", 1));
+ List<Permission> permissions = permissionService.list(new QueryWrapper<Permission>().eq("status", 1));
for (Permission permission : permissions) {
Map<String, Object> func = new HashMap<>();
- func.put("title", permission.getName());
+ func.put("title", i18nMessageService.resolvePermissionText(permission.getName(), permission.getAction(), permission.getId()));
func.put("id", permission.getAction());
func.put("spread", true);
funcs.add(func);
@@ -240,14 +545,199 @@
return R.ok(result);
}
+ private Map<String, Object> buildLoginSuccess(User user) {
+ String token = Cools.enToken(System.currentTimeMillis() + user.getMobile(), user.getPassword());
+ userLoginService.remove(new QueryWrapper<UserLogin>().eq("user_id", user.getId()).eq("system_type", "WCS"));
+ UserLogin userLogin = new UserLogin();
+ userLogin.setUserId(user.getId());
+ userLogin.setToken(token);
+ userLogin.setSystemType("WCS");
+ userLoginService.save(userLogin);
+ Map<String, Object> result = new HashMap<>();
+ result.put("username", user.getUsername());
+ result.put("token", token);
+ result.put("mfaRequired", false);
+ return result;
+ }
+
+ private boolean requiresMfa(User user) {
+ return user != null
+ && Integer.valueOf(1).equals(user.getMfaAllow())
+ && Integer.valueOf(1).equals(user.getMfaEnabled())
+ && !Cools.isEmpty(user.getMfaSecret());
+ }
+
+ private boolean hasPasskeyBound(User user) {
+ return user != null
+ && !Cools.isEmpty(user.getPasskeyCredentialId())
+ && !Cools.isEmpty(user.getPasskeyPublicKey());
+ }
+
+ private Map<String, Object> buildSafeUserDetail(User user) {
+ Map<String, Object> result = new HashMap<>();
+ result.put("id", user.getId());
+ result.put("roleName", user.getRoleName());
+ result.put("username", user.getUsername());
+ result.put("mobile", user.getMobile());
+ result.put("createTime$", user.getCreateTime$());
+ result.put("mfaAllow", user.getMfaAllow());
+ result.put("mfaAllow$", user.getMfaAllow$());
+ result.put("mfaEnabled", user.getMfaEnabled());
+ result.put("mfaEnabled$", user.getMfaEnabled$());
+ result.put("mfaBoundTime$", user.getMfaBoundTime$());
+ result.put("mfaMaskedSecret", MfaTotpUtil.maskSecret(user.getMfaSecret()));
+ result.put("passkeyBound", hasPasskeyBound(user));
+ result.put("passkeyName", user.getPasskeyName());
+ result.put("passkeyBoundTime$", user.getPasskeyBoundTime$());
+ result.put("passkeyLastUsedTime$", user.getPasskeyLastUsedTime$());
+ result.put("passkeyTransports", user.getPasskeyTransports());
+ return result;
+ }
+
+ private Map<String, Object> buildPasskeyRegistrationOptions(PasskeyChallengeManager.ChallengeState state, User user) {
+ Map<String, Object> data = new HashMap<>();
+ data.put("ticket", state.getTicket());
+ data.put("challenge", state.getChallenge());
+ data.put("rpId", state.getRpId());
+ data.put("rpName", "WCS");
+ data.put("userId", Base64.getUrlEncoder().withoutPadding().encodeToString(PasskeyWebAuthnUtil.buildUserHandle(user.getId())));
+ data.put("userName", resolvePasskeyUserName(user));
+ data.put("userDisplayName", resolvePasskeyDisplayName(user));
+ data.put("timeout", 60000);
+ data.put("attestation", "none");
+ data.put("pubKeyCredParams", buildPasskeyAlgorithms());
+ Map<String, Object> authenticatorSelection = new HashMap<>();
+ authenticatorSelection.put("residentKey", "preferred");
+ authenticatorSelection.put("userVerification", "required");
+ data.put("authenticatorSelection", authenticatorSelection);
+ data.put("excludeCredentials", Collections.emptyList());
+ return data;
+ }
+
+ private Map<String, Object> buildPasskeyAuthenticationOptions(PasskeyChallengeManager.ChallengeState state, User user) {
+ Map<String, Object> data = new HashMap<>();
+ data.put("ticket", state.getTicket());
+ data.put("challenge", state.getChallenge());
+ data.put("rpId", state.getRpId());
+ data.put("timeout", 60000);
+ data.put("userVerification", "required");
+ if (user == null) {
+ data.put("allowCredentials", Collections.emptyList());
+ } else {
+ data.put("allowCredentials", Collections.singletonList(buildPasskeyDescriptor(user.getPasskeyCredentialId(), user.getPasskeyTransports())));
+ }
+ return data;
+ }
+
+ private List<Map<String, Object>> buildPasskeyAlgorithms() {
+ List<Map<String, Object>> result = new ArrayList<>();
+ result.add(buildPasskeyAlgorithm(-7));
+ result.add(buildPasskeyAlgorithm(-257));
+ result.add(buildPasskeyAlgorithm(-8));
+ return result;
+ }
+
+ private Map<String, Object> buildPasskeyAlgorithm(int alg) {
+ Map<String, Object> item = new HashMap<>();
+ item.put("type", "public-key");
+ item.put("alg", alg);
+ return item;
+ }
+
+ private Map<String, Object> buildPasskeyDescriptor(String credentialId, String transports) {
+ Map<String, Object> item = new HashMap<>();
+ item.put("type", "public-key");
+ item.put("id", credentialId);
+ item.put("transports", parsePasskeyTransports(transports));
+ return item;
+ }
+
+ private String renderQrCodeDataUri(String content) {
+ try {
+ BufferedImage image = QrCode.createImg(content, 220);
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+ ImageIO.write(image, "jpg", outputStream);
+ return "data:image/jpeg;base64," + Base64.getEncoder().encodeToString(outputStream.toByteArray());
+ } catch (Exception e) {
+ return "";
+ }
+ }
+
+ private String normalizeSecret(String secret) {
+ if (Cools.isEmpty(secret)) {
+ return "";
+ }
+ return String.valueOf(secret)
+ .trim()
+ .replace(" ", "")
+ .replace("-", "")
+ .toUpperCase(Locale.ROOT);
+ }
+
+ private String resolvePasskeyUserName(User user) {
+ if (!Cools.isEmpty(user.getMobile())) {
+ return user.getMobile();
+ }
+ if (!Cools.isEmpty(user.getUsername())) {
+ return user.getUsername();
+ }
+ return String.valueOf(user.getId());
+ }
+
+ private String resolvePasskeyDisplayName(User user) {
+ if (!Cools.isEmpty(user.getUsername())) {
+ return user.getUsername();
+ }
+ return resolvePasskeyUserName(user);
+ }
+
+ private String normalizePasskeyName(String name) {
+ String value = Cools.isEmpty(name) ? "" : String.valueOf(name).trim();
+ if (value.length() > 100) {
+ value = value.substring(0, 100);
+ }
+ if (!Cools.isEmpty(value)) {
+ return value;
+ }
+ return "閫氳瀵嗛挜-" + new java.text.SimpleDateFormat("yyyyMMddHHmmss").format(new Date());
+ }
+
+ private String normalizePasskeyTransports(String transports) {
+ List<String> values = parsePasskeyTransports(transports);
+ return values.isEmpty() ? null : JSON.toJSONString(values);
+ }
+
+ private List<String> parsePasskeyTransports(String transports) {
+ if (Cools.isEmpty(transports)) {
+ return Collections.emptyList();
+ }
+ try {
+ List<String> values = JSON.parseArray(transports, String.class);
+ return values == null ? Collections.emptyList() : values;
+ } catch (Exception ignored) {
+ }
+ List<String> result = new ArrayList<>();
+ for (String value : String.valueOf(transports).split(",")) {
+ String item = value == null ? "" : value.trim();
+ if (!item.isEmpty()) {
+ result.add(item);
+ }
+ }
+ return result;
+ }
+
+ private String localizeResourceName(Resource resource) {
+ return i18nMessageService.resolveResourceText(resource.getName(), resource.getCode(), resource.getId());
+ }
+
@RequestMapping(value = "/power/{roleId}/auth")
@ManagerAuth
public R get(@PathVariable("roleId") Long roleId) {
List<Object> result = new ArrayList<>();
// 鑿滃崟
- List<RoleResource> roleResources = roleResourceService.selectList(new EntityWrapper<RoleResource>().eq("role_id", roleId));
+ List<RoleResource> roleResources = roleResourceService.list(new QueryWrapper<RoleResource>().eq("role_id", roleId));
for (RoleResource roleResource : roleResources){
- Resource resource = resourceService.selectById(roleResource.getResourceId());
+ Resource resource = resourceService.getById(roleResource.getResourceId());
if (!Cools.isEmpty(resource)){
if (resource.getLevel() == 3){
result.add(resource.getId());
@@ -255,9 +745,9 @@
}
}
// 鍔熻兘
- List<RolePermission> rolePermissions = rolePermissionService.selectList(new EntityWrapper<RolePermission>().eq("role_id", roleId));
+ List<RolePermission> rolePermissions = rolePermissionService.list(new QueryWrapper<RolePermission>().eq("role_id", roleId));
for (RolePermission rolePermission : rolePermissions){
- Permission permission = permissionService.selectById(rolePermission.getPermissionId());
+ Permission permission = permissionService.getById(rolePermission.getPermissionId());
if (!Cools.isEmpty(permission)){
result.add(permission.getAction());
}
@@ -269,18 +759,18 @@
@ManagerAuth(memo = "鎺堟潈")
@Transactional
public R power(Long roleId, String powers){
- Role role = roleService.selectById(roleId);
+ Role role = roleService.getById(roleId);
Long leaderId = role.getLeader();
- roleResourceService.delete(new EntityWrapper<RoleResource>().eq("role_id", roleId));
- rolePermissionService.delete(new EntityWrapper<RolePermission>().eq("role_id", roleId));
+ roleResourceService.remove(new QueryWrapper<RoleResource>().eq("role_id", roleId));
+ rolePermissionService.remove(new QueryWrapper<RolePermission>().eq("role_id", roleId));
if (!Cools.isEmpty(powers)){
List<PowerDto> dtos = JSON.parseArray(powers, PowerDto.class);
for (PowerDto dto : dtos) {
- Resource resource = resourceService.selectOne(new EntityWrapper<Resource>().eq("id", dto.getTwo()).eq("level", 2));
+ Resource resource = resourceService.getOne(new QueryWrapper<Resource>().eq("id", dto.getTwo()).eq("level", 2));
if (!Cools.isEmpty(resource)) {
// 鏍¢獙涓婄骇鏉冮檺
if (leaderId != null) {
- RoleResource roleResource = roleResourceService.selectOne(new EntityWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource.getId()));
+ RoleResource roleResource = roleResourceService.getOne(new QueryWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource.getId()));
if (null == roleResource) {
throw new CoolException(resource.getName().concat("鏃犳硶鎺堟潈缁�").concat(role.getName()));
}
@@ -288,22 +778,22 @@
RoleResource roleResource = new RoleResource();
roleResource.setRoleId(roleId);
roleResource.setResourceId(resource.getId());
- roleResourceService.insert(roleResource);
+ roleResourceService.save(roleResource);
} else {
- Permission permission = permissionService.selectOne(new EntityWrapper<Permission>().eq("action", dto.getTwo()));
+ Permission permission = permissionService.getOne(new QueryWrapper<Permission>().eq("action", dto.getTwo()));
if (!Cools.isEmpty(permission)){
RolePermission rolePermission = new RolePermission();
rolePermission.setRoleId(roleId);
rolePermission.setPermissionId(permission.getId());
- rolePermissionService.insert(rolePermission);
+ rolePermissionService.save(rolePermission);
}
}
for (String three : dto.getThree()){
- Resource resource1 = resourceService.selectOne(new EntityWrapper<Resource>().eq("id", three).eq("level", 3));
+ Resource resource1 = resourceService.getOne(new QueryWrapper<Resource>().eq("id", three).eq("level", 3));
if (!Cools.isEmpty(resource1)) {
// 鏍¢獙涓婄骇鏉冮檺
if (leaderId != null) {
- RoleResource roleResource = roleResourceService.selectOne(new EntityWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource1.getId()));
+ RoleResource roleResource = roleResourceService.getOne(new QueryWrapper<RoleResource>().eq("role_id", leaderId).eq("resource_id", resource1.getId()));
if (null == roleResource) {
throw new CoolException(resource.getName().concat("鐨�").concat(resource1.getName().concat("鏃犳硶鎺堟潈缁�").concat(role.getName())));
}
@@ -311,7 +801,7 @@
RoleResource roleResource = new RoleResource();
roleResource.setRoleId(roleId);
roleResource.setResourceId(resource1.getId());
- roleResourceService.insert(roleResource);
+ roleResourceService.save(roleResource);
}
}
}
@@ -324,7 +814,7 @@
public R buttonResource(@PathVariable("resourceId") Long resourceId) {
List<Resource> resources;
if (getUserId() == 9527) {
- resources = resourceService.selectList(new EntityWrapper<Resource>().eq("level", 3).eq("resource_id", resourceId));
+ resources = resourceService.list(new QueryWrapper<Resource>().eq("level", 3).eq("resource_id", resourceId));
} else {
resources = roleResourceService.getMenuButtomResource(resourceId, getUserId());
}
@@ -334,5 +824,16 @@
return R.ok(resources);
}
+ private Resource firstResource(QueryWrapper<Resource> wrapper) {
+ wrapper.last("limit 1");
+ List<Resource> list = resourceService.list(wrapper);
+ return list.isEmpty() ? null : list.get(0);
+ }
+
+ private boolean existsRoleResource(QueryWrapper<RoleResource> wrapper) {
+ wrapper.last("limit 1");
+ return !roleResourceService.list(wrapper).isEmpty();
+ }
+
}
--
Gitblit v1.9.1