mirror of
https://github.com/FatttSnake/Pinnacle-OA.git
synced 2026-04-04 22:41:24 +08:00
Fixed jwt verify. Blocked access to the password for the user controller.
This commit is contained in:
@@ -6,6 +6,7 @@ import com.cfive.pinnacle.entity.common.ResponseResult;
|
||||
import com.cfive.pinnacle.service.IUserService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@@ -31,7 +32,13 @@ public class UserController {
|
||||
|
||||
@GetMapping
|
||||
public ResponseResult getAllUser() {
|
||||
List<User> users = userService.list();
|
||||
List<User> users = userService.getBasicInfo();
|
||||
return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", users);
|
||||
}
|
||||
|
||||
@GetMapping("/{id}")
|
||||
public ResponseResult getUser(@PathVariable int id) {
|
||||
User user = userService.getBasicInfo(id);
|
||||
return ResponseResult.build(ResponseCode.DATABASE_SELECT_OK, "success", user);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,47 +17,99 @@ public class LoginUser implements UserDetails {
|
||||
private Collection<? extends GrantedAuthority> authorities;
|
||||
private String password;
|
||||
private String username;
|
||||
private Boolean accountNonExpired;
|
||||
private Boolean accountNonLocked;
|
||||
private Boolean credentialsNonExpired;
|
||||
private Boolean enabled;
|
||||
private Boolean accountNonExpired = true;
|
||||
private Boolean accountNonLocked = true;
|
||||
private Boolean credentialsNonExpired = true;
|
||||
private Boolean enabled = true;
|
||||
|
||||
public LoginUser(User user) {
|
||||
this.user = user;
|
||||
this.username = user.getUsername();
|
||||
this.password = user.getPasswd();
|
||||
this.enabled = user.getEnable() == 1;
|
||||
}
|
||||
|
||||
public User getUser() {
|
||||
return user;
|
||||
}
|
||||
|
||||
public void setUser(User user) {
|
||||
this.user = user;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return null;
|
||||
return authorities;
|
||||
}
|
||||
|
||||
public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
|
||||
this.authorities = authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPassword() {
|
||||
return user.getPasswd();
|
||||
return password;
|
||||
}
|
||||
|
||||
public void setPassword(String password) {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return user.getUsername();
|
||||
return username;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonExpired() {
|
||||
return true;
|
||||
return this.accountNonExpired;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonLocked() {
|
||||
return true;
|
||||
return this.accountNonLocked;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCredentialsNonExpired() {
|
||||
return true;
|
||||
return this.credentialsNonExpired;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return user.getEnable() == 1;
|
||||
return this.enabled;
|
||||
}
|
||||
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
public Boolean getAccountNonExpired() {
|
||||
return accountNonExpired;
|
||||
}
|
||||
|
||||
public void setAccountNonExpired(Boolean accountNonExpired) {
|
||||
this.accountNonExpired = accountNonExpired;
|
||||
}
|
||||
|
||||
public Boolean getAccountNonLocked() {
|
||||
return accountNonLocked;
|
||||
}
|
||||
|
||||
public void setAccountNonLocked(Boolean accountNonLocked) {
|
||||
this.accountNonLocked = accountNonLocked;
|
||||
}
|
||||
|
||||
public Boolean getCredentialsNonExpired() {
|
||||
return credentialsNonExpired;
|
||||
}
|
||||
|
||||
public void setCredentialsNonExpired(Boolean credentialsNonExpired) {
|
||||
this.credentialsNonExpired = credentialsNonExpired;
|
||||
}
|
||||
|
||||
public Boolean getEnabled() {
|
||||
return enabled;
|
||||
}
|
||||
|
||||
public void setEnabled(Boolean enabled) {
|
||||
this.enabled = enabled;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -4,6 +4,7 @@ import com.auth0.jwt.interfaces.DecodedJWT;
|
||||
import com.cfive.pinnacle.entity.permission.LoginUser;
|
||||
import com.cfive.pinnacle.utils.JwtUtil;
|
||||
import com.cfive.pinnacle.utils.RedisCache;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
@@ -44,8 +45,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
|
||||
}
|
||||
|
||||
String redisKey = "login:" + userId;
|
||||
System.out.println(redisCache.getCacheObject(redisKey).toString());
|
||||
LoginUser loginUser = redisCache.getCacheObject(redisKey);
|
||||
LoginUser loginUser = new ObjectMapper().convertValue(redisCache.getCacheObject(redisKey), LoginUser.class);
|
||||
if (Objects.isNull(loginUser)) {
|
||||
throw new RuntimeException("Not logged in");
|
||||
}
|
||||
|
||||
@@ -3,6 +3,8 @@ package com.cfive.pinnacle.service;
|
||||
import com.cfive.pinnacle.entity.User;
|
||||
import com.baomidou.mybatisplus.extension.service.IService;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* 用户 服务类
|
||||
@@ -12,5 +14,7 @@ import com.baomidou.mybatisplus.extension.service.IService;
|
||||
* @since 2023-04-30
|
||||
*/
|
||||
public interface IUserService extends IService<User> {
|
||||
List<User> getBasicInfo();
|
||||
|
||||
User getBasicInfo(int id);
|
||||
}
|
||||
|
||||
@@ -1,11 +1,15 @@
|
||||
package com.cfive.pinnacle.service.impl;
|
||||
|
||||
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
|
||||
import com.cfive.pinnacle.entity.User;
|
||||
import com.cfive.pinnacle.mapper.UserMapper;
|
||||
import com.cfive.pinnacle.service.IUserService;
|
||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* 用户 服务实现类
|
||||
@@ -16,5 +20,29 @@ import org.springframework.stereotype.Service;
|
||||
*/
|
||||
@Service
|
||||
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements IUserService {
|
||||
private UserMapper userMapper;
|
||||
|
||||
@Autowired
|
||||
public void setUserMapper(UserMapper userMapper) {
|
||||
this.userMapper = userMapper;
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<User> getBasicInfo() {
|
||||
List<User> users = userMapper.selectList(null);
|
||||
users.forEach(user -> {
|
||||
user.setPasswd("");
|
||||
});
|
||||
|
||||
return users;
|
||||
}
|
||||
|
||||
@Override
|
||||
public User getBasicInfo(int id) {
|
||||
LambdaQueryWrapper<User> wrapper = new LambdaQueryWrapper<>();
|
||||
wrapper.eq(User::getId, id);
|
||||
User user = userMapper.selectOne(wrapper);
|
||||
user.setPasswd("");
|
||||
return user;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user