ChinaMobileRestApiController.java

package cn.wisenergy.chnmuseum.party.web.controller;

import cn.wisenergy.chnmuseum.party.auth.SHA256PasswordEncryptionService;
import cn.wisenergy.chnmuseum.party.auth.util.JwtTokenUtil;
import cn.wisenergy.chnmuseum.party.common.util.TimeUtils;
import cn.wisenergy.chnmuseum.party.common.vo.GenericPageParam;
import cn.wisenergy.chnmuseum.party.model.Employee;
import cn.wisenergy.chnmuseum.party.model.ExhibitionBoard;
import cn.wisenergy.chnmuseum.party.service.ExhibitionBoardService;
import cn.wisenergy.chnmuseum.party.service.impl.EmployeeServiceImpl;
import cn.wisenergy.chnmuseum.party.web.controller.base.BaseController;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.data.redis.core.ValueOperations;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.*;

import javax.annotation.Resource;
import java.time.LocalDateTime;
import java.util.Map;
import java.util.concurrent.TimeUnit;

@RestController("/cmRestApi")
public class ChinaMobileRestApiController extends BaseController {

    private static final Logger LOGGER = LoggerFactory.getLogger(ChinaMobileRestApiController.class);

    @Resource
    private StringRedisTemplate stringRedisTemplate;

    @Resource
    private EmployeeServiceImpl employeeService;

    @Resource
    private SysLogController sysLogController;

    @Resource
    private ExhibitionBoardService exhibitionBoardService;

    private static final String SHIRO_JWT_TOKEN = "shiro:jwt:token:";
    //用户登录次数计数  redisKey 前缀
    private static final String SHIRO_LOGIN_COUNT = "shiro_login_count_";
    //用户登录是否被锁定    一小时 redisKey 前缀
    private static final String SHIRO_IS_LOCK = "shiro_is_lock_";

    /**
     * 管理员ajax登录请求 后端用户登录
     *
     * @param username
     * @param password
     * @return
     */
    @RequestMapping(value = "/user/webLogin", method = RequestMethod.POST)
    public ResponseEntity<JSONObject> login(@RequestParam(value = "username") String username,
                                            @RequestParam(value = "password") String password,
                                            @RequestParam(value = "boxNo") String boxNo) {
        JSONObject resultMap = new JSONObject(true);
        Employee employee;
        if (StringUtils.isNoneBlank(username)) {
            //访问一次，计数一次
            ValueOperations<String, String> opsForValue = stringRedisTemplate.opsForValue();
            if ("LOCK".equals(opsForValue.get(SHIRO_IS_LOCK + username))) {
                resultMap.put("status", 400);
                resultMap.put("message", "由于密码输入错误次数大于5次，12小时内帐号已禁止登录！请您联系相关管理人员，联系电话：13924551212，邮箱：325346534@zh.com。");
                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
            }

            employee = employeeService.selectByUsername(username);
            if (employee == null) {
                resultMap.put("status", 500);
                resultMap.put("message", "用户名或密码不正确！");
                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
            }
            if (!employee.getStatus()) {
                throw new DisabledAccountException("此帐号已禁用，请联系管理员！");
            }
            if (!employee.getAllowLogin()) {
                throw new DisabledAccountException("您无权访问，请联系管理员！");
            }

            try {
                byte[] salt = employee.getPasswordSalt();
                if (!new String(SHA256PasswordEncryptionService.createPasswordHash(password, salt)).equals(new String(employee.getPasswordHash()))) {
                    opsForValue.increment(SHIRO_LOGIN_COUNT + username, 1);
                    //计数大于5时，设置用户被锁定一小时
                    String s = opsForValue.get(SHIRO_LOGIN_COUNT + username);
                    if (StringUtils.isNotBlank(s)) {
                        if (Integer.parseInt(s) >= 5) {
                            opsForValue.set(SHIRO_IS_LOCK + username, "LOCK");
                            stringRedisTemplate.expire(SHIRO_IS_LOCK + username, 12, TimeUnit.HOURS);
                        }
                    }
                    throw new IncorrectCredentialsException("用户名或密码不正确！");
                }

                //登录时插入系统日志
                String operationContent = username + "登录本系统";
                if (employee.getBankBranchName() != null) {
                    operationContent += "，归属网点" + employee.getBankBranchName();
                }
                this.sysLogController.insertSysLog(operationContent, username);

                String token = JwtTokenUtil.sign(username, employee.getId());
                // 将token信息存入Redis
                stringRedisTemplate.opsForValue().set(SHIRO_JWT_TOKEN + token, employee.getId(), 240, TimeUnit.MINUTES);

                JSONObject jsonObject = new JSONObject(true);
                jsonObject.put("token", token);
                jsonObject.put("userId", employee.getId());
                jsonObject.put("userName", employee.getUsername());
                jsonObject.put("expire", TimeUtils.format(LocalDateTime.now().plusMinutes(240), TimeUtils.FORMAT_ONE));

                resultMap.put("resultCode", 200);
                resultMap.put("message", "成功");
                resultMap.put("data", jsonObject);
                return ResponseEntity.status(HttpStatus.OK).body(resultMap);
            } catch (Exception e) {
                resultMap.put("status", 500);
                resultMap.put("message", e.getMessage());
            }
        }
        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(resultMap);
    }

    @RequestMapping(value = "/user/logout", method = RequestMethod.GET)
    public ResponseEntity<JSONObject> logout(@RequestHeader(value = "token") String token) {
        try {
            if (StringUtils.isNotBlank(token)) {
                SecurityUtils.getSubject().logout();
                this.stringRedisTemplate.delete(SHIRO_JWT_TOKEN + token);
            }
            JSONObject resultMap = new JSONObject();
            resultMap.put("resultCode", 200);
            resultMap.put("message", "成功");
            resultMap.put("data", "");
            return ResponseEntity.status(HttpStatus.OK).body(resultMap);
        } catch (Exception e) {
            LOGGER.error("注销错误！", e);
        }
        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build();
    }

    @ApiOperation(value = "获取单个成员信息")
    @GetMapping(value = "/user/getUserInfo")
    @RequiresPermissions("/user/getUserInfo")
    public ResponseEntity<JSONObject> getById(String userId, @RequestHeader("token") String token) {
        try {
            Employee employee = employeeService.selectByEmpId(userId);
//            BankBranchInfo bankBranch = this.employeeService.getById(Id);
//            if (bankBranch != null) {
//                employee.setBankBranchName(bankBranch.getName());
//            }
            if (null == employee) {
                return ResponseEntity.status(HttpStatus.NOT_FOUND).body(null);
            }

            JSONObject jsonObject = new JSONObject(true);
            jsonObject.put("token", token);
            jsonObject.put("userId", employee.getId());
            jsonObject.put("userName", employee.getUsername());
            long expire = stringRedisTemplate.getExpire(SHIRO_JWT_TOKEN + token) == null ? 0L : stringRedisTemplate.getExpire(SHIRO_JWT_TOKEN + token);
            jsonObject.put("expire", TimeUtils.format(LocalDateTime.now().plusMinutes(expire), TimeUtils.FORMAT_ONE));

            JSONObject resultMap = new JSONObject();
            resultMap.put("resultCode", 200);
            resultMap.put("message", "成功");
            resultMap.put("data", jsonObject);
            return ResponseEntity.ok(resultMap);
        } catch (Exception e) {
            logger.error("查询成员信息错误！", e);
        }
        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(null);
    }

    @ApiImplicitParams(value = {
            @ApiImplicitParam(name = "_index", value = "分页起始偏移量", paramType = "query", dataType = "Integer"),
            @ApiImplicitParam(name = "_size", value = "返回条数", paramType = "query", dataType = "Integer"),
            @ApiImplicitParam(name = "nameOrCode", value = "名称或编码", paramType = "query", dataType = "String"),
            @ApiImplicitParam(name = "startDate", value = "创建时间-开始", paramType = "query", dataType = "String"),
            @ApiImplicitParam(name = "endDate", value = "创建时间-结束", paramType = "query", dataType = "String")
    })
    @PostMapping("/exhibitionBoard/getPage")
    @RequiresPermissions("exhibition:board:page")
    @ApiOperation(value = "获取展板分页列表", notes = "获取展板分页列表")
    public ResponseEntity<JSONObject> getExhibitionBoardPageList(GenericPageParam genericPageParam) {
        LambdaQueryWrapper<ExhibitionBoard> queryWrapper = new LambdaQueryWrapper<>();
        // 对名称或编码模糊查询
        if (StringUtils.isNotBlank(genericPageParam.getNameOrCode())) {
            queryWrapper.like(ExhibitionBoard::getName, genericPageParam.getNameOrCode());
        }
        // 对版权方模糊查询
        if (StringUtils.isNotBlank(genericPageParam.getBoardCopyrightOwnerId())) {
            queryWrapper.like(ExhibitionBoard::getCopyrightOwnerId, genericPageParam.getBoardCopyrightOwnerId());
        }
        // 根据创建时间区间检索
        if (genericPageParam.getStartDate() != null && genericPageParam.getEndDate() != null) {
            queryWrapper.ge(ExhibitionBoard::getCreateTime, genericPageParam.getStartDate().atTime(0, 0, 0))
                    .le(ExhibitionBoard::getCreateTime, genericPageParam.getEndDate().atTime(23, 59, 59));
        }
        // 设置排序规则
        queryWrapper.orderByDesc(ExhibitionBoard::getCreateTime);
        // 设置查询内容
        queryWrapper.select(
                ExhibitionBoard::getId,
                ExhibitionBoard::getName,
                ExhibitionBoard::getAuditStatus,
                ExhibitionBoard::getCreateTime,
                ExhibitionBoard::getUpdateTime);
        Page<ExhibitionBoard> page = this.exhibitionBoardService.page(getPage(), queryWrapper);
        for (ExhibitionBoard exhibitionBoard : page.getRecords()) {

        }
        JSONObject resultMap = new JSONObject();
        resultMap.put("resultCode", 200);
        resultMap.put("message", "成功");
        resultMap.put("data", page);
        return ResponseEntity.ok(resultMap);
    }

    @ApiOperation(value = "获取展板详情", notes = "获取展板详情")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "id", value = "标识ID", dataType = "String", paramType = "path")
    })
    @GetMapping("/exhibitionBoard/getby/{id}")
    @RequiresPermissions("exhibition:board:get:id")
    public Map<String, Object> getById(@PathVariable("id") String id) {
        ExhibitionBoard exhibitionBoard = exhibitionBoardService.getById(id);
        return getResult(exhibitionBoard);
    }

}