| | |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.stereotype.Component; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import java.time.LocalDateTime; |
|---|
| | | |
|---|
| | | @Component |
|---|
| | |
|---|
| | | private SysPasswordService passwordService; |
|---|
| | | @Autowired |
|---|
| | | private RedisUtils redisUtils; |
|---|
| | | @Autowired |
|---|
| | | private HttpServletRequest request; |
|---|
| | | |
|---|
| | | public SysUser login(String username, String password) { |
|---|
| | | SysUser sysUser=sysUserService.getUserByUsernamePhone(username); |
|---|
| | |
|---|
| | | public void validUser(SysUser sysUser){ |
|---|
| | | if(sysUser==null) { |
|---|
| | | throw new AuthenticationException("用户不存在"); |
|---|
| | | } |
|---|
| | | String uri=request.getRequestURI(); |
|---|
| | | if(uri.startsWith("/api/system")){ |
|---|
| | | if(UserIdentityEnum.EXPERT.getCode().equals(sysUser.getIdentity())){ |
|---|
| | | throw new AuthenticationException("专家用户无权登录后台"); |
|---|
| | | } |
|---|
| | | }else if(uri.startsWith("/api/app/")){ |
|---|
| | | if(!UserIdentityEnum.EXPERT.getCode().equals(sysUser.getIdentity())){ |
|---|
| | | throw new AuthenticationException("只有专家用户才能登录APP"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if(UserStatusEnum.DELETED.getCode().equals(sysUser.getDelFlag())){ |
|---|
| | | throw new AuthenticationException("用户已被删除"); |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | public SysUser validJwtToken(String jwtToken){ |
|---|
| | | |
|---|
| | | String username= JwtTokenUtil.getUsername(jwtToken); |
|---|
| | | if(StringUtils.isEmpty(username)){ |
|---|
| | | throw new AuthenticationException("token非法无效!"); |
|---|
| | | } |
|---|
| | | SysUser sysUser=sysUserService.getUserByUsernamePhone(username); |
|---|
| | | validUser(sysUser); |
|---|
| | | if(!JwtTokenUtil.verify(jwtToken,username,sysUser.getPassword())){ |
|---|
| | | throw new AuthenticationException("token非法无效!"); |
|---|
| | | } |
|---|
| | | if(!jwtTokenRefresh(jwtToken,username,sysUser.getPassword())){ |
|---|
| | | throw new AuthenticationException("Token失效,请重新登录!"); |
|---|
| | | throw new AuthenticationException("Token已失效,请重新登录!"); |
|---|
| | | } |
|---|
| | | // setRolePermission(sysUser); |
|---|
| | | return sysUser; |
|---|
| | |
|---|
| | | String cacheToken= (String) redisUtils.get(tokenKey); |
|---|
| | | if(StringUtils.isNotEmpty(cacheToken)){ |
|---|
| | | // 校验token有效性 |
|---|
| | | if(!JwtTokenUtil.verify(cacheToken,username,passWord)){ |
|---|
| | | if(!JwtTokenUtil.isNeedUpdate(cacheToken,username,passWord)){ |
|---|
| | | String newToken=JwtTokenUtil.sign(username,passWord); |
|---|
| | | // 设置超时时间 |
|---|
| | | redisUtils.set(tokenKey,newToken); |
|---|
