添加密码加密逻辑

README.md

@@ -24,6 +24,9 @@
          api:
          face3d.4dage.com:8102/doc.html
          http://192.168.0.44:8102/doc.html
+         
+         ui
+         http://www.4dmodel.com/SuperTwoCustom/CTUmuseum/index.html
     
 
         

gis_common/src/main/java/com/gis/common/util/Base64Converter.java

@@ -0,0 +1,107 @@
+package com.gis.common.util;
+
+import org.junit.Test;
+
+import java.io.UnsupportedEncodingException;
+import java.util.Base64;
+
+/**
+ * Created by Hb_zzZ on 2020/4/17.
+ */
+public class Base64Converter {
+
+    final static Base64.Encoder encoder = Base64.getEncoder();
+    final static Base64.Decoder decoder = Base64.getDecoder();
+
+    /**
+     * 给字符串加密
+     * @param text
+     * @return
+     */
+    public static String encode(String text) {
+        byte[] textByte = new byte[0];
+        try {
+            textByte = text.getBytes("UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        String encodedText = encoder.encodeToString(textByte);
+        return encodedText;
+    }
+
+    /**
+     * 将加密后的字符串进行解密
+     * @param encodedText
+     * @return
+     */
+    public static String decode(String encodedText) {
+        String text = null;
+        try {
+            text = new String(decoder.decode(encodedText), "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+        return text;
+    }
+
+    /**
+     * 根据逻辑截取加密后的密码
+     * @param text
+     * @return
+     */
+    public static String subText(String text){
+        //去掉前8位字符串
+        text = text.substring(8);
+        //去掉后8位字符串
+        text = text.substring(0, text.length() - 8);
+        //最后两个字符串换到前面，并且去掉剩下的后8位字符串
+        String result = text.substring(text.length() - 2) + text.substring(0, text.length() - 10);
+        return result;
+    }
+
+    public static void main(String[] args) throws UnsupportedEncodingException {
+
+//        String username = "Miracle Luna";
+//        String password = "AUPhhlhkExMTExMTExMQ==tGC1irnLMTLF9V7HLh";
+        String password = "1UxELRpIExMTExcWG627AcMTQBIN2mog";
+
+        password = password.substring(8);
+        System.out.println(password);
+        password = password.substring(0, password.length() - 8);
+        System.out.println(password);
+        String key = password.substring(password.length() - 2) + password.substring(0, password.length() - 10);
+        System.out.println(key);
+
+
+        // 加密
+//        System.out.println("====  [加密后] 用户名/密码  =====");
+//        System.out.println(Base64Converter.encode(username));
+//        System.out.println(Base64Converter.encode(password));
+
+        // 解密
+        System.out.println("\n====  [解密后] 用户名/密码  =====");
+//        System.out.println(Base64Converter.decode(Base64Converter.encode(username)));
+        System.out.println(Base64Converter.decode(key));
+    }
+
+
+    @Test
+    public void test(){
+        String password = "1UxELRpIExMTExcWG627AcMTQBIN2mog";
+        System.out.println(decodePassword(password));
+    }
+
+
+    /**
+     *
+     *
+     * 将加密后的字符串进行解密
+     * @param ciphertext 密文
+     * @return 明文
+     */
+    public static String decodePassword(String ciphertext){
+        String key = subText(ciphertext);
+        return decode(key);
+
+    }
+}

gis_mapper/src/main/java/com/gis/mapper/provider/QuestionProvider.java

@@ -19,7 +19,7 @@ public class QuestionProvider {
         String searchKey = param.getSearchKey();
         if(!StringUtils.isAllBlank(searchKey)){
             sql.append(" and (( poet like '%").append(searchKey).append("%' )");
-//            sql.append(" or ( type like '%").append(searchKey).append("%' )");
+            sql.append(" or ( title like '%").append(searchKey).append("%' )");
             sql.append(" or ( related like '%").append(searchKey).append("%' ))");
         }
 

gis_web/src/main/java/com/gis/web/controller/IndexController.java

@@ -1,6 +1,7 @@
 package com.gis.web.controller;
 
 import com.gis.common.constant.TypeCode;
+import com.gis.common.util.Base64Converter;
 import com.gis.common.util.PasswordUtils;
 import com.gis.common.util.Result;
 import com.gis.domain.po.LogEntity;
@@ -23,6 +24,7 @@ import org.springframework.web.bind.annotation.RestController;
 import springfox.documentation.annotations.ApiIgnore;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.concurrent.TimeUnit;
@@ -48,14 +50,11 @@ public class IndexController extends BaseController {
     private SysUserService userService;
 
     @Autowired
-    private SysRoleService sysRoleService;
-
-    @Autowired
     private RedisTemplate<String, String> redisTemplate;
 
-    @ApiOperation("登录")
+    @ApiOperation(value = "登录", notes = "密码密文")
     @PostMapping(value = "admin/login")
-    public Result login(@Valid @RequestBody LoginRequest param) throws Exception {
+    public Result login(@Valid @RequestBody LoginRequest param)  {
 
         // 1.获取用户
         SysUserEntity userEntity = userService.findByUserName(param.getUserName());
@@ -63,8 +62,12 @@ public class IndexController extends BaseController {
             log.error("用户不存在");
             return Result.failure(5100,"用户不存在或密码错误");
         }
+
+        // 解密密码
+        String password = Base64Converter.decodePassword(param.getPassword());
+
         // 验证密码,解密出来是明文密码，在跟输入密码比较
-        boolean decryptName = PasswordUtils.decrypt(userEntity.getPassword(), param.getPassword(), PasswordUtils.getStaticSalt());
+        boolean decryptName = PasswordUtils.decrypt(userEntity.getPassword(), password, PasswordUtils.getStaticSalt());
         if (!decryptName) {
             log.error("密码错误");
             return Result.failure(5100,"用户不存在或密码错误");
@@ -110,7 +113,6 @@ public class IndexController extends BaseController {
 
     }
 
-    @ApiOperation("退出")
     @GetMapping("admin/logout")
     public Result logout() {
         String token = getToken();
@@ -130,5 +132,63 @@ public class IndexController extends BaseController {
 
 
 
+    @ApiOperation(value = "测试登录", notes = "密码用明文")
+    @PostMapping(value = "admin/testLogin")
+    public Result testLogin(@Valid @RequestBody LoginRequest param) {
+
+        // 1.获取用户
+        SysUserEntity userEntity = userService.findByUserName(param.getUserName());
+        if (userEntity == null){
+            log.error("用户不存在");
+            return Result.failure(5100,"用户不存在或密码错误");
+        }
+        // 验证密码,解密出来是明文密码，在跟输入密码比较
+        boolean decryptName = PasswordUtils.decrypt(userEntity.getPassword(), param.getPassword(), PasswordUtils.getStaticSalt());
+        if (!decryptName) {
+            log.error("密码错误");
+            return Result.failure(5100,"用户不存在或密码错误");
+        }
+
+        // 检查账号是否启用, 状态 0:启用  1：停用 2：注销
+        if (userEntity.getStatus() == 1) {
+            log.error("账号已停用: {}", userEntity.getUserName());
+            return Result.failure(5101, "账号已停用");
+        }
+
+        if (userEntity.getStatus() == 2) {
+            log.error("账号已注销: {}", userEntity.getUserName());
+            return Result.failure(5102, "账号已注销");
+        }
+
+
+
+        // 创建新token
+        HashMap<String, Object> tokenMap = new HashMap<>();
+        tokenMap.put("userName", userEntity.getUserName());
+        tokenMap.put("id", userEntity.getId());
+        tokenMap.put("roleId", userEntity.getRoleId());
+
+        // 创建新token
+        String token = JwtUtil.createJWT(TOKEN_EXPIRE, tokenMap);
+
+        HashMap<String, Object> result = new HashMap<>();
+        result.put("user", userEntity);
+        result.put("token", token);
+
+        // 保存操作日志
+        saveLog(new LogEntity(userEntity.getId(),"登录管理","用户登录"));
+
+        // 更新到 redis, 有效期24h, 旧token无效， 做单用户登录
+        redisTemplate.opsForValue().set(TypeCode.REDIS_LOGIN_TOKEN + token, token, Long.parseLong("23"), TimeUnit.HOURS);
+
+        return Result.success(result);
+
+    }
+
+
+    public static void main(String[] args) {
+        String str = "一二三四五六七八九十";
+        System.out.println(str.length());
+    }
 
 }

gis_web/src/main/java/com/gis/web/controller/SysUserController.java

@@ -1,6 +1,7 @@
 package com.gis.web.controller;
 
 
+import com.gis.common.util.Base64Converter;
 import com.gis.common.util.PasswordUtils;
 import com.gis.common.util.Result;
 import com.gis.domain.po.SysUserEntity;
@@ -22,6 +23,7 @@ import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
+import javax.validation.constraints.NotBlank;
 import java.util.Date;
 
 
@@ -58,6 +60,9 @@ public class SysUserController extends BaseController {
     @PostMapping("save")
     public Result save(@Valid @RequestBody UserDto param) {
 
+        @NotBlank(message = "用户名不能为空") String userName = param.getUserName();
+        log.info("length: {}", userName.length());
+
         SysUserEntity user = null;
         if (param.getId() == null) {
             user = userService.findByUserName(param.getUserName());
@@ -107,14 +112,18 @@ public class SysUserController extends BaseController {
 
         SysUserEntity user = userService.findByUserName(JwtUtil.getTokenStringValue(getToken(), "userName"));
 
+        // 解密密文密码
+        String oldPassword = Base64Converter.decodePassword(param.getOldPassword());
+        String newPassword = Base64Converter.decodePassword(param.getNewPassword());
+
         // 验证原密码
-        Boolean isBoolean = PasswordUtils.decrypt(user.getPassword(), param.getOldPassword(), PasswordUtils.getStaticSalt());
+        Boolean isBoolean = PasswordUtils.decrypt(user.getPassword(), oldPassword, PasswordUtils.getStaticSalt());
         if (!isBoolean) {
             log.error("原始密码错误");
             return Result.failure("原始密码错误");
         }
 
-        user.setPassword(PasswordUtils.encrypt(user.getUserName(), param.getNewPassword(), PasswordUtils.getStaticSalt()));
+        user.setPassword(PasswordUtils.encrypt(user.getUserName(), newPassword, PasswordUtils.getStaticSalt()));
         user.setUpdateTime(new Date());
         userService.update(user);
         return Result.success();