From 49895aabd2ce2f401c4bc0e6fb78ce9219c61dc8 Mon Sep 17 00:00:00 2001 From: Mlxa0324 Date: Mon, 6 Mar 2023 16:03:42 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B5=84=E9=87=91=E8=B4=A6=E6=88=B7=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/ibeetl/jlw/entity/LoginTodo.java | 4 + .../ibeetl/jlw/service/LoginTodoService.java | 31 ++++++++ .../service/ResourcesApplicationService.java | 9 ++- .../StudentAccountAssetAllocationService.java | 76 ++++++++++++++++++- ...udentAccountAssetAllocationController.java | 9 +-- 5 files changed, 118 insertions(+), 11 deletions(-) diff --git a/web/src/main/java/com/ibeetl/jlw/entity/LoginTodo.java b/web/src/main/java/com/ibeetl/jlw/entity/LoginTodo.java index 5846d457..f485acec 100644 --- a/web/src/main/java/com/ibeetl/jlw/entity/LoginTodo.java +++ b/web/src/main/java/com/ibeetl/jlw/entity/LoginTodo.java @@ -68,6 +68,10 @@ public class LoginTodo implements Serializable { * 学校(院校ID) */ private String schoolid; + /** + * 应用ID + */ + private String applicationId; /** * 院系 */ diff --git a/web/src/main/java/com/ibeetl/jlw/service/LoginTodoService.java b/web/src/main/java/com/ibeetl/jlw/service/LoginTodoService.java index 3f4f6dce..72c5867f 100644 --- a/web/src/main/java/com/ibeetl/jlw/service/LoginTodoService.java +++ b/web/src/main/java/com/ibeetl/jlw/service/LoginTodoService.java @@ -2,6 +2,9 @@ package com.ibeetl.jlw.service; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.ObjectUtil; +import cn.hutool.jwt.JWTPayload; +import cn.hutool.jwt.JWTUtil; +import cn.hutool.jwt.signers.JWTSigner; import com.ibeetl.admin.core.entity.CoreUser; import com.ibeetl.jlw.dao.StudentDao; import com.ibeetl.jlw.dao.TeacherDao; @@ -129,4 +132,32 @@ public class LoginTodoService { } return null; } + + /** + * 通过token获取登录的信息 + * @param applicationToken + * @return + */ + public LoginTodo getPayloadByString(String applicationToken) { + try { + JWTPayload payload = JWTUtil.parseToken(applicationToken).getPayload(); + return payload.getClaimsJson().toBean(LoginTodo.class); + }catch (Exception e) { + return null; + } + } + + /** + * 通过token获取登录的信息 + * @param applicationToken + * @return + */ + public String getSignByString(String applicationToken) { + try { + JWTSigner signer = JWTUtil.parseToken(applicationToken).getSigner(); + return signer.getAlgorithm(); + }catch (Exception e) { + return null; + } + } } diff --git a/web/src/main/java/com/ibeetl/jlw/service/ResourcesApplicationService.java b/web/src/main/java/com/ibeetl/jlw/service/ResourcesApplicationService.java index ff635294..d3ccd23c 100644 --- a/web/src/main/java/com/ibeetl/jlw/service/ResourcesApplicationService.java +++ b/web/src/main/java/com/ibeetl/jlw/service/ResourcesApplicationService.java @@ -360,7 +360,7 @@ public class ResourcesApplicationService extends CoreBaseService * 通过应用设置的Key来生成Jwt串,用于等于第三方应用 * - * @param linkSecretKey 链接的加密串 + * @param resourcesApplicationId 应用ID + * @param linkSecretKey 链接的加密串 * @return {@link String} * @Author: lx * @Date: 2022/12/11 16:59 */ - public String getKeyByCurrentUser(String linkSecretKey) { + public String getKeyByCurrentUser(Long resourcesApplicationId, String linkSecretKey) { if (ObjectUtil.isNotEmpty(linkSecretKey)) { LoginTodo loginTodo = loginTodoService.buildByCurrentLoginUser(); + // 应用ID传递进去,方便获取后面回传获取密钥 + loginTodo.setApplicationId(resourcesApplicationId.toString()); String sign = JWT.create().withPayload(loginTodo.toMap()).sign(Algorithm.HMAC256(linkSecretKey)); // LoginTodo str = decodeApplicationUrl(linkSecretKey, sign); // System.out.println(str); diff --git a/web/src/main/java/com/ibeetl/jlw/service/StudentAccountAssetAllocationService.java b/web/src/main/java/com/ibeetl/jlw/service/StudentAccountAssetAllocationService.java index 294b5436..43250b91 100644 --- a/web/src/main/java/com/ibeetl/jlw/service/StudentAccountAssetAllocationService.java +++ b/web/src/main/java/com/ibeetl/jlw/service/StudentAccountAssetAllocationService.java @@ -1,5 +1,8 @@ package com.ibeetl.jlw.service; +import cn.hutool.core.lang.Assert; +import cn.hutool.core.util.StrUtil; +import cn.hutool.jwt.JWTUtil; import cn.jlw.util.ToolUtils; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; @@ -8,6 +11,8 @@ import com.ibeetl.admin.core.util.PlatformException; import com.ibeetl.admin.core.web.JsonResult; import com.ibeetl.admin.core.web.JsonReturnCode; import com.ibeetl.jlw.dao.StudentAccountAssetAllocationDao; +import com.ibeetl.jlw.entity.LoginTodo; +import com.ibeetl.jlw.entity.ResourcesApplication; import com.ibeetl.jlw.entity.StudentAccountAssetAllocation; import com.ibeetl.jlw.web.query.StudentAccountAssetAllocationQuery; import org.apache.commons.lang3.StringUtils; @@ -18,6 +23,8 @@ import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import org.springframework.validation.annotation.Validated; +import javax.validation.constraints.NotBlank; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.List; @@ -32,6 +39,8 @@ import java.util.List; public class StudentAccountAssetAllocationService extends CoreBaseService{ @Autowired private StudentAccountAssetAllocationDao studentAccountAssetAllocationDao; + @Autowired private LoginTodoService loginTodoService; + @Autowired private ResourcesApplicationService resourcesApplicationService; public PageQueryqueryByCondition(PageQuery query){ PageQuery ret = studentAccountAssetAllocationDao.queryByCondition(query); @@ -150,11 +159,72 @@ public class StudentAccountAssetAllocationService extends CoreBaseService accountAssetAllocationList = getByApplicationToken(applicationToken, param); + + Assert.isTrue(accountAssetAllocationList.size() == 1, "无法对多个账户进行修改操作!"); + + // 主键拿过来 + param.setId(accountAssetAllocationList.get(0).getId()); + + updateTemplate(param.pojo()); } - public Object getByApplicationToken(StudentAccountAssetAllocationQuery param) { - return null; + /** + * 通过token获取资金账户 + * + * @param applicationToken token + * @param param 一些条件 + * @return + */ + public List getByApplicationToken(@NotBlank(message = "applicationToken 传递的token不能为空!") String applicationToken, StudentAccountAssetAllocationQuery param) { + + LoginTodo loginTodo = validateAndGetLoginTodo(applicationToken); + + // 学生ID + final String studentId = loginTodo.getStudentid(); + + Assert.notEmpty(studentId, "该接口只允许学生访问!"); + + // 应用ID + final String applicationId = loginTodo.getApplicationId(); + // 院校ID + final String universitiesCollegesId = loginTodo.getSchoolid(); + + Assert.isTrue(StrUtil.isAllNotEmpty(studentId, applicationId, universitiesCollegesId), "学生ID、应用ID、院校ID,都不能为空!"); + + // 从token中获取必要条件 + param.setStudentId(Long.valueOf(studentId)); + param.setApplicationId(Long.valueOf(applicationId)); + param.setUniversitiesCollegesId(Long.valueOf(universitiesCollegesId)); + + List accountAssetAllocation = getValuesByQueryNotWithPermission(param); + + Assert.notNull(accountAssetAllocation, "账户不存在!"); + + return accountAssetAllocation; + } + + /** + * 验证并返回登录信息 + * + * @param applicationToken 回传的token + * @return + */ + private LoginTodo validateAndGetLoginTodo(String applicationToken) { + LoginTodo payload = loginTodoService.getPayloadByString(applicationToken); + + Assert.notNull(payload, "回传的token,不是有效的加密串!"); + + ResourcesApplication resourcesApplication = resourcesApplicationService.queryById(payload.getApplicationId()); + + Assert.notNull(resourcesApplication, "未查询到应用的相关信息!"); + boolean verify = JWTUtil.verify(applicationToken, resourcesApplication.getLinkSecretKey().getBytes(StandardCharsets.UTF_8)); + + Assert.isTrue(verify, "token被修改过,更新失败!"); + + return payload; } } diff --git a/web/src/main/java/com/ibeetl/jlw/web/StudentAccountAssetAllocationController.java b/web/src/main/java/com/ibeetl/jlw/web/StudentAccountAssetAllocationController.java index df8140f3..26020e27 100644 --- a/web/src/main/java/com/ibeetl/jlw/web/StudentAccountAssetAllocationController.java +++ b/web/src/main/java/com/ibeetl/jlw/web/StudentAccountAssetAllocationController.java @@ -20,7 +20,6 @@ import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; import org.springframework.web.servlet.ModelAndView; -import javax.validation.constraints.NotBlank; import java.util.List; import static com.ibeetl.admin.core.util.user.CacheUserUtil.getUser; @@ -87,9 +86,9 @@ public class StudentAccountAssetAllocationController{ */ @PostMapping(API + "/updateByApplicationToken.do") @ResponseBody - public JsonResult updateByApplicationToken(@NotBlank(message = "applicationToken 传递的token不能为空!") @RequestParam("applicationToken") String applicationToken, + public JsonResult updateByApplicationToken(@RequestParam("applicationToken") String applicationToken, @RequestBody StudentAccountAssetAllocationQuery param) { - studentAccountAssetAllocationService.updateByApplicationToken(param); + studentAccountAssetAllocationService.updateByApplicationToken(applicationToken, param); return JsonResult.success(); } @@ -103,9 +102,9 @@ public class StudentAccountAssetAllocationController{ */ @PostMapping(API + "/getByApplicationToken.do") @ResponseBody - public JsonResult getByApplicationToken(@NotBlank(message = "applicationToken 传递的token不能为空!") @RequestParam("applicationToken") String applicationToken, + public JsonResult> getByApplicationToken(@RequestParam("applicationToken") String applicationToken, @RequestBody StudentAccountAssetAllocationQuery param) { - return JsonResult.success(studentAccountAssetAllocationService.getByApplicationToken(param)); + return JsonResult.success(studentAccountAssetAllocationService.getByApplicationToken(applicationToken, param)); }