package com.zy.system.service.impl; import com.core.common.Cools; import com.core.exception.CoolException; import com.zy.common.utils.RedisUtil; import com.zy.core.enums.RedisKeyType; import com.zy.system.domain.param.HighPrivilegeGrantParam; import com.zy.system.entity.Role; import com.zy.system.entity.User; import com.zy.system.model.HighPrivilegeGrantStatus; import com.zy.system.service.HighPrivilegeGrantService; import com.zy.system.service.RoleService; import com.zy.system.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.HashMap; import java.util.Map; @Service("highPrivilegeGrantService") public class HighPrivilegeGrantServiceImpl implements HighPrivilegeGrantService { private static final String ADMIN_ROLE_CODE = "admin"; private static final int USER_ENABLED = 1; private static final long GRANT_TTL_SECONDS = 30L * 60L; @Autowired private UserService userService; @Autowired private RoleService roleService; @Autowired private RedisUtil redisUtil; @Override public HighPrivilegeGrantStatus grant(String token, HighPrivilegeGrantParam param) { if (Cools.isEmpty(token)) { throw new CoolException("当前登录已失效,请重新登录"); } if (param == null || Cools.isEmpty(param.getAccount(), param.getPassword())) { throw new CoolException("账号和密码不能为空"); } User user = userService.getByMobileWithSecurity(param.getAccount()); if (user == null) { throw new CoolException("账号或密码错误"); } if (!Integer.valueOf(USER_ENABLED).equals(user.getStatus())) { throw new CoolException("授权账号已禁用"); } Role role = roleService.getById(user.getRoleId()); if (role == null || !ADMIN_ROLE_CODE.equals(role.getCode())) { throw new CoolException("仅admin管理员账号可获取最高权限"); } if (!Cools.eq(user.getPassword(), param.getPassword())) { throw new CoolException("账号或密码错误"); } long now = System.currentTimeMillis(); Map payload = new HashMap<>(); payload.put("account", user.getMobile()); payload.put("userId", user.getId()); payload.put("grantTime", now); payload.put("expireAt", now + GRANT_TTL_SECONDS * 1000L); redisUtil.set(buildRedisKey(token), payload, GRANT_TTL_SECONDS); return getStatus(token); } @Override public HighPrivilegeGrantStatus getStatus(String token) { HighPrivilegeGrantStatus status = new HighPrivilegeGrantStatus(); if (Cools.isEmpty(token)) { status.setGranted(false); return status; } String redisKey = buildRedisKey(token); long remainingSeconds = redisUtil.getExpire(redisKey); if (remainingSeconds <= 0 || !redisUtil.hasKey(redisKey)) { status.setGranted(false); status.setRemainingSeconds(0L); status.setExpireAt(null); return status; } status.setGranted(true); status.setRemainingSeconds(remainingSeconds); Object payload = redisUtil.get(redisKey); if (payload instanceof Map) { Object expireAt = ((Map) payload).get("expireAt"); if (expireAt instanceof Number) { status.setExpireAt(((Number) expireAt).longValue()); } else if (expireAt != null) { try { status.setExpireAt(Long.parseLong(String.valueOf(expireAt))); } catch (NumberFormatException ignore) { status.setExpireAt(System.currentTimeMillis() + remainingSeconds * 1000L); } } } if (status.getExpireAt() == null) { status.setExpireAt(System.currentTimeMillis() + remainingSeconds * 1000L); } return status; } @Override public void assertGranted(String token, String actionName) { HighPrivilegeGrantStatus status = getStatus(token); if (!status.isGranted()) { throw new CoolException(actionName + "需要最高权限授权,请先在开发专用->系统配置完成授权"); } } private String buildRedisKey(String token) { return RedisKeyType.HIGH_PRIVILEGE_GRANT.key + token; } }