publish 0.7.4

CHANGELOG.md

@@ -0,0 +1,12 @@
+## 0.7.3
+
+### 增加
+
+> 1，TsTokenConfig增加新的属性**ignorePaths**，用于通过路径忽略token；  
+> 2，PasswordUtils增加密码复杂度校验方法；  
+> 3，PasswordUtils.verifyPassword增加登录次数限制：10分钟内不能错误6次；
+> 
+
+### 调整
+
+> 1，TsTokenConfig中的**ignores**属性调整为**testMap**；  

README.md

@@ -0,0 +1,4 @@
+## 杭州铁晟科技有限公司基础项目
+
+更新日志可点击查看[changelog](./CHANGELOG.md ':include')
+

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.tiesheng.springboot-parent</groupId>
     <artifactId>springboot-parent</artifactId>
-    <version>0.7.1</version>
+    <version>0.7.4</version>
     <packaging>pom</packaging>
     <name>springboot-parent</name>
     <description>杭州铁晟科技有限公司基础依赖</description>
@@ -57,55 +57,55 @@
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-database</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-login</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-web</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-util</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-platform</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-message</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-encrypt</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-annotation</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>
                 <groupId>com.tiesheng.springboot-parent</groupId>
                 <artifactId>springboot-poi</artifactId>
-                <version>0.7.1</version>
+                <version>0.7.4</version>
             </dependency>
 
             <dependency>

springboot-ademo/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-ademo</artifactId>

springboot-ademo/src/main/java/com/tiesheng/demo/config/DemoWebConfigurer.java

@@ -20,7 +20,10 @@ public class DemoWebConfigurer implements TieshengWebConfigurer {
 
     @Override
     public RequestUserInfo getCurrentUserName(TokenBean tokenBean) {
-        return null;
+        RequestUserInfo info = new RequestUserInfo();
+        info.setId("1");
+        info.setName("test");
+        return info;
     }
 
     @Override

springboot-ademo/src/main/java/com/tiesheng/demo/controller/TestController.java

@@ -48,15 +48,13 @@ public class TestController {
     }
 
     @RequestMapping("/redirect")
-    @TokenIgnore
     public void redirect(HttpServletResponse response) {
-        tsTokenConfig.validToken("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NzYwMDY4NzUsImlkIjoiMSIsImVudmlyb25tZW50VHlwZSI6Im1vYmlsZSIsInNlcnZpY2UiOiJjb250ZXN0LXJlc2VydmUiLCJleHRyYSI6IiJ9.nsfxEFpCNHC7eNCS5DJXdu1VDdnHrTjSfgrozND70Lc", true);
+//        tsTokenConfig.validToken("eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NzYwMDY4NzUsImlkIjoiMSIsImVudmlyb25tZW50VHlwZSI6Im1vYmlsZSIsInNlcnZpY2UiOiJjb250ZXN0LXJlc2VydmUiLCJleHRyYSI6IiJ9.nsfxEFpCNHC7eNCS5DJXdu1VDdnHrTjSfgrozND70Lc", true);
 //        globalConfig.redirect("mobile", "/test", response);
     }
 
 
     @RequestMapping("/send")
-    @TokenIgnore
     public ApiResp<MessageReqResp> sendMessage() {
         MessageReqResp reqResp = aliyunSmsConfig.sendSms("13567116463", "SMS_154950909",
                 JSONUtil.createObj().putOpt("code", "123456"));

springboot-ademo/src/main/resources/application-test.yml

@@ -16,7 +16,7 @@ platform:
 
 tiesheng:
   token:
-    ignores:
+    test-map:
       "1111":
         id: "1111"
   global:

springboot-annotation/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-annotation</artifactId>

springboot-database/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-database</artifactId>

springboot-encrypt/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-encrypt</artifactId>

springboot-login/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-login</artifactId>

springboot-login/src/main/java/com/tiesheng/login/config/token/TsTokenAspect.java

@@ -1,6 +1,8 @@
 package com.tiesheng.login.config.token;
 
+import cn.hutool.core.util.StrUtil;
 import com.tiesheng.annotation.token.TokenIgnore;
+import com.tiesheng.util.ServletKit;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
@@ -46,13 +48,18 @@ public class TsTokenAspect {
     @Before("methodArgs()")
     public void before(JoinPoint joinPoint) {
 
+        // 过滤不要需要验证的接口（path）
+        String requestURI = ServletKit.getRequest().getRequestURI();
+        if (StrUtil.startWithAnyIgnoreCase(requestURI, tsTokenConfig.getIgnorePaths())) {
+            return;
+        }
+
+        // 过滤不要需要验证的接口（注解）
         Object aThis = joinPoint.getTarget();
         TokenIgnore annotation = aThis.getClass().getAnnotation(TokenIgnore.class);
         if (annotation != null) {
             return;
         }
-
-        // 过滤不要需要验证的接口
         MethodSignature signature = (MethodSignature) joinPoint.getSignature();
         Method method = signature.getMethod();
         TokenIgnore apiTokenIgnore = method.getAnnotation(TokenIgnore.class);

springboot-login/src/main/java/com/tiesheng/login/config/token/TsTokenConfig.java

@@ -1,7 +1,6 @@
 package com.tiesheng.login.config.token;
 
 
-import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.map.MapUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.servlet.ServletUtil;
@@ -24,9 +23,10 @@ import java.util.Map;
 @ConfigurationProperties("tiesheng.token")
 public class TsTokenConfig {
 
-    private Map<String, TokenBean> ignores = MapUtil.newHashMap();
+    private Map<String, TokenBean> testMap = MapUtil.newHashMap();
     private String encryptKey = "%kIp9frQCu";
     private Integer expireHours = 48;
+    private String[] ignorePaths;
 
 
     /**
@@ -57,11 +57,11 @@ public class TsTokenConfig {
      * @param token
      * @return
      */
-    public TokenBean isIgnored(String token) {
-        if (ignores == null) {
+    public TokenBean isTestToken(String token) {
+        if (testMap == null) {
             return null;
         }
-        return ignores.get(token);
+        return testMap.get(token);
     }
 
 
@@ -83,7 +83,7 @@ public class TsTokenConfig {
      * @return
      */
     public TokenBean validToken(String token, boolean thrExp) {
-        TokenBean tokenBean = isIgnored(token);
+        TokenBean tokenBean = isTestToken(token);
         if (tokenBean != null) {
             return tokenBean;
         }
@@ -101,7 +101,8 @@ public class TsTokenConfig {
         }
 
         if (tokenBean == null && thrExp) {
-            throw new ApiException(StrUtil.isEmpty(token) ? "请先登录" : "登录过期，请重新登陆");
+            throw new ApiException(StrUtil.isEmpty(token) ? 110 : 112,
+                    StrUtil.isEmpty(token) ? "请先登录" : "登录过期，请重新登陆");
         }
 
         if (tokenBean == null) {
@@ -116,12 +117,12 @@ public class TsTokenConfig {
     // setter\getter
     ///////////////////////////////////////////////////////////////////////////
 
-    public Map<String, TokenBean> getIgnores() {
-        return ignores;
+    public Map<String, TokenBean> getTestMap() {
+        return testMap;
     }
 
-    public void setIgnores(Map<String, TokenBean> ignores) {
-        this.ignores = ignores;
+    public void setTestMap(Map<String, TokenBean> testMap) {
+        this.testMap = testMap;
     }
 
     public String getEncryptKey() {
@@ -139,4 +140,12 @@ public class TsTokenConfig {
     public void setExpireHours(Integer expireHours) {
         this.expireHours = expireHours;
     }
+
+    public String[] getIgnorePaths() {
+        return ignorePaths;
+    }
+
+    public void setIgnorePaths(String[] ignorePaths) {
+        this.ignorePaths = ignorePaths;
+    }
 }

springboot-login/src/main/java/com/tiesheng/login/controller/LoginController.java

@@ -35,6 +35,7 @@ import java.util.Map;
  */
 @RestController
 @RequestMapping("/login")
+@TokenIgnore
 public class LoginController {
 
 
@@ -56,7 +57,6 @@ public class LoginController {
      * @return
      */
     @GetMapping("/unique/redirect")
-    @TokenIgnore
     public void uniqueIndex(UniqueIndexDTO dto, HttpServletResponse response) {
         TokenBean tokenBean = tieshengLoginConfigurer.doLogin(new DoLoginInfo("unique_index_web",
                 dto.getNo(), "web", dto.getTo(), dto.getInfo()));
@@ -71,7 +71,6 @@ public class LoginController {
      * @return
      */
     @PostMapping("/unique/index")
-    @TokenIgnore
     public ApiResp<String> uniqueIndex(@RequestBody UniqueIndexDTO dto) {
         TokenBean tokenBean = tieshengLoginConfigurer.doLogin(new DoLoginInfo("unique_index_web",
                 dto.getNo(), "web", dto.getTo(), dto.getInfo()));
@@ -94,7 +93,6 @@ public class LoginController {
      * @param response
      */
     @GetMapping("/ding/index/{service}")
-    @TokenIgnore
     public void dingIndex(@PathVariable String service, String extra, HttpServletResponse response) {
         if (StrUtil.isEmpty(extra)) {
             extra = "";
@@ -118,7 +116,6 @@ public class LoginController {
      * @param service
      */
     @RequestMapping("/ding/oauth2/{service}")
-    @TokenIgnore
     public void dingOauth2(@PathVariable String service, CodeExtraDTO dto, HttpServletResponse response) {
         String ddUserId = platformDingConfig.getUserIdByCode(service, dto.getCode());
         DingUserInfo dingUserInfo = platformDingConfig.topapiV2UserGet(service, ddUserId);
@@ -136,7 +133,6 @@ public class LoginController {
      * @return
      */
     @GetMapping("/ding/jssdk/{service}")
-    @TokenIgnore
     public ApiResp<DingJsapiSignature> dingJssdk(@PathVariable String service, String url) {
         DingJsapiSignature jsapiSignature = platformDingConfig.createJsapiSignature(service, url);
         return ApiResp.respOK(jsapiSignature);
@@ -154,7 +150,6 @@ public class LoginController {
      * @return
      */
     @RequestMapping("/wxmp/index/{service}")
-    @TokenIgnore
     public void wxmpIndex(@PathVariable String service, String extra, HttpServletResponse response) throws IOException {
         if (StrUtil.isEmpty(extra)) {
             extra = "";
@@ -169,7 +164,6 @@ public class LoginController {
      * 微信授权回调
      */
     @RequestMapping("/wxmp/oauth2/{service}")
-    @TokenIgnore
     public void wxmpOauth2(@PathVariable String service, CodeExtraDTO dto, HttpServletResponse response) {
         WxUserInfo wxUserInfo = platformWxmpConfig.getOAuth2AccessToken(service, dto.getCode());
         TokenBean tokenBean = tieshengLoginConfigurer.doLogin(new DoLoginInfo(wxUserInfo.getAppId(),
@@ -185,7 +179,6 @@ public class LoginController {
      * @return
      */
     @GetMapping("/wxmp/jssdk/{service}")
-    @TokenIgnore
     public ApiResp<WxJsapiSignature> wxmpJssdk(@PathVariable String service, String url) {
         WxJsapiSignature jsapiSignature = platformWxmpConfig.createJsapiSignature(service, url);
         return ApiResp.respOK(jsapiSignature);
@@ -201,7 +194,6 @@ public class LoginController {
      * @return
      */
     @RequestMapping("/wxmini/index/{service}")
-    @TokenIgnore
     public ApiResp<WxminiLoginVo> wxminiIndex(@PathVariable String service, String code) {
         String openid = platformWxminiConfig.jscode2session(service, code);
         WxConfigBean configBean = platformWxminiConfig.getConfigBean(service);

springboot-message/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-message</artifactId>

springboot-platform/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-platform</artifactId>

springboot-poi/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-poi</artifactId>

springboot-util/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-util</artifactId>

springboot-util/src/main/java/com/tiesheng/util/PasswordUtils.java

@@ -1,5 +1,6 @@
 package com.tiesheng.util;
 
+import cn.hutool.core.util.NumberUtil;
 import cn.hutool.core.util.RandomUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.crypto.SecureUtil;
@@ -21,6 +22,17 @@ public class PasswordUtils {
         return prefix + SecureUtil.sha1(password);
     }
 
+    /**
+     * 密码复杂度校验
+     *
+     * @param userPassword
+     * @return
+     */
+    public static boolean verifyComplexity(String userPassword) {
+        String password = "^(?![A-Za-z0-9]+$)(?![a-z0-9\\W]+$)(?![A-Za-z\\W]+$)(?![A-Z0-9\\W]+$)[a-zA-Z0-9\\W]{8,}$";
+        return userPassword.matches(password);
+    }
+
 
     /**
      * 验证密码
@@ -30,12 +42,18 @@ public class PasswordUtils {
      * @return
      */
     public static void verifyPassword(String userInput, String encrypted) {
+        String clientIp = ServletKit.getClientIP();
         String userEncrypted = buildPassword(userInput);
 
         userEncrypted = StrUtil.subSuf(userEncrypted, PREFIX_SIZE);
         encrypted = StrUtil.subSuf(encrypted, PREFIX_SIZE);
 
         if (!StrUtil.equals(userEncrypted, encrypted)) {
+            int num = NumberUtil.parseInt(TimedCacheHelper.getTimedCache().get(clientIp, false));
+            if (num > 5) {
+                throw new ApiException("登录失败已达6次，请10分钟后再试");
+            }
+            TimedCacheHelper.getTimedCache().put(clientIp, String.valueOf(num + 1), 10 * 60 * 1000);
             throw new ApiException("账号或密码错误");
         }
     }

springboot-util/src/main/java/com/tiesheng/util/ServletKit.java

@@ -20,5 +20,14 @@ public class ServletKit extends ServletUtil {
         return attributes.getRequest();
     }
 
+    /**
+     * 获取客户端IP
+     *
+     * @return
+     */
+    public static String getClientIP() {
+        return getClientIP(getRequest());
+    }
+
 
 }

springboot-web/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>com.tiesheng.springboot-parent</groupId>
         <artifactId>springboot-parent</artifactId>
-        <version>0.7.1</version>
+        <version>0.7.4</version>
     </parent>
 
     <artifactId>springboot-web</artifactId>

springboot-web/src/main/java/com/tiesheng/core/config/operation/OperationAspect.java

@@ -5,6 +5,7 @@ import cn.hutool.core.map.MapUtil;
 import cn.hutool.core.util.StrUtil;
 import com.tiesheng.annotation.operation.OperationLog;
 import com.tiesheng.core.service.CoreLogService;
+import com.tiesheng.util.ServletKit;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
@@ -13,6 +14,7 @@ import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.HashMap;
 import java.util.Map;
@@ -35,7 +37,7 @@ public class OperationAspect {
     CoreLogService coreLogService;
 
 
-    @Pointcut("@annotation(com.tiesheng.annotation.operation.OperationLog)")
+    @Pointcut("execution(* com..controller..*.*(..))")
     public void methodArgs() {
 
     }
@@ -48,11 +50,24 @@ public class OperationAspect {
      */
     @Around("methodArgs()")
     public Object around(ProceedingJoinPoint joinPoint) throws Throwable {
+
+        // GET请求不处理
+        HttpServletRequest request = ServletKit.getRequest();
+        if (StrUtil.equalsIgnoreCase(request.getMethod(), "GET")) {
+            return joinPoint.proceed(joinPoint.getArgs());
+        }
+
+        String title = "", subject = "";
+        String insertKey = "";
+
         MethodSignature signature = (MethodSignature) joinPoint.getSignature();
         Method method = signature.getMethod();
         OperationLog operationLog = method.getAnnotation(OperationLog.class);
-        String subject = operationLog.subject();
-        String insertKey = operationLog.insertKey();
+        if (operationLog != null) {
+            title = operationLog.title();
+            subject = operationLog.subject();
+            insertKey = operationLog.insertKey();
+        }
 
         Object reqObj = null;
         Map<String, Object> allParams = new HashMap<>(16);
@@ -65,7 +80,6 @@ public class OperationAspect {
         allParams.putAll(BeanUtil.beanToMap(response));
 
         if (!StrUtil.isEmpty(subject)) {
-
             // 添加、编辑关键字处理
             if (!StrUtil.isEmpty(insertKey)) {
                 String insertVal = MapUtil.getStr(allParams, insertKey);
@@ -74,9 +88,12 @@ public class OperationAspect {
 
             // 占位符处理
             subject = StrUtil.format(subject, allParams);
+        } else {
+            title = method.getName();
+            subject = ServletKit.getRequest().getRequestURI();
         }
 
-        coreLogService.addOperationLog(operationLog.title(), subject, reqObj);
+        coreLogService.addOperationLog(title, subject, reqObj);
 
         return response;
     }

springboot-web/src/main/java/com/tiesheng/core/service/CoreLogService.java

@@ -1,6 +1,7 @@
 package com.tiesheng.core.service;
 
 import cn.hutool.core.bean.BeanUtil;
+import cn.hutool.core.util.StrUtil;
 import cn.hutool.extra.servlet.ServletUtil;
 import cn.hutool.json.JSONUtil;
 import com.tiesheng.core.mapper.CoreLogLoginMapper;
@@ -54,8 +55,13 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
      * 添加操作日志
      */
     public void addOperationLog(String title, String subject, Object params) {
+        TokenBean tokenBean = TsTokenConfig.getWithoutThr();
+        if (tokenBean == null || StrUtil.isEmpty(tokenBean.getId())) {
+            return;
+        }
+
+        RequestUserInfo requestUserInfo = tieshengWebConfigurer.getCurrentUserName(tokenBean);
         CoreLogOperation operation = new CoreLogOperation();
-        RequestUserInfo requestUserInfo = tieshengWebConfigurer.getCurrentUserName(TsTokenConfig.get());
         operation.setUserId(requestUserInfo.getId());
         operation.setUserName(requestUserInfo.getName());
         operation.setTitle(title);
@@ -82,7 +88,7 @@ public class CoreLogService extends TsServiceBase<CoreLogOperationMapper, CoreLo
         String ip = ServletUtil.getClientIP(request);
 
         CoreLogLogin login = new CoreLogLogin();
-        login.setUserId(platformUnique.getUserId());
+        login.setUserId(tokenBean.getId());
         login.setPlatform(platformUnique.getPlatform());
 
         RequestUserInfo requestUserInfo = tieshengWebConfigurer.getCurrentUserName(tokenBean);