package com.example.springboot.controller;
|
|
import com.example.springboot.security.constant.SystemConstant;
|
import com.example.springboot.security.util.SecurityUtil;
|
import com.example.springboot.entity.User;
|
import com.example.springboot.entity.vo.Result;
|
import com.example.springboot.entity.vo.UserVo;
|
import com.example.springboot.service.UserService;
|
import io.swagger.annotations.Api;
|
import io.swagger.annotations.ApiOperation;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authz.annotation.RequiresAuthentication;
|
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
import org.apache.shiro.authz.annotation.RequiresRoles;
|
import org.apache.shiro.crypto.hash.SimpleHash;
|
import org.apache.shiro.util.ByteSource;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.PostMapping;
|
import org.springframework.web.bind.annotation.RequestBody;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RestController;
|
|
import java.util.Map;
|
|
@RestController
|
@Slf4j
|
@RequestMapping("/api/user")
|
@Api(tags = "用户")
|
public class UserController {
|
@Autowired
|
private UserService userService;
|
|
|
@ApiOperation(value = "修改密码")
|
@PostMapping("/changePassword")
|
@RequiresAuthentication
|
public Result changePassword(@RequestBody Map<String, String> request) {
|
User currentUser = SecurityUtil.getCurrentUser();
|
String oldPassword = request.get("oldPassword");
|
String newPassword = request.get("newPassword");
|
|
// 校验旧密码是否正确
|
if (!verifyPassword(currentUser, oldPassword)) {
|
return Result.fail("旧密码不正确");
|
}
|
|
// 更新密码
|
updatePassword(currentUser, newPassword);
|
|
return Result.success("密码修改成功");
|
}
|
/**
|
* 验证密码是否正确
|
*/
|
private boolean verifyPassword(User user, String password) {
|
Object salt = ByteSource.Util.bytes(SystemConstant.JWT_SECRET_KEY);
|
String md5 = new SimpleHash("MD5", password, salt, 1024).toHex();
|
return md5.equals(user.getPassword());
|
}
|
|
/**
|
* 更新密码
|
*/
|
private void updatePassword(User user, String newPassword) {
|
Object salt = ByteSource.Util.bytes(SystemConstant.JWT_SECRET_KEY);
|
String md5 = new SimpleHash("MD5", newPassword, salt, 1024).toHex();
|
user.setPassword(md5);
|
userService.saveOrUpdate(user);
|
}
|
|
@ApiOperation(value = "重置密码")
|
@PostMapping("/resetPass")
|
@RequiresRoles({"admin"})
|
|
public Result resetPassword(@RequestBody UserVo userVO) {
|
User user = userService.getById(userVO.getId());
|
if (user == null) {
|
return Result.fail("用户不存在");
|
}
|
|
// 生成默认密码
|
String newPassword = "123456";
|
|
// 更新密码
|
updatePassword(user, newPassword);
|
|
return Result.success("密码重置成功,新密码为:" + newPassword);
|
}
|
|
/**
|
* 更新密码
|
*/
|
|
|
|
@ApiOperation(value = "分页查询用户")
|
@GetMapping("/selectPage")
|
// @RequiresRoles({"admin"})
|
@RequiresPermissions({"user:select"})
|
public Result selectPage(UserVo userVO) {
|
return Result.success(userService.selectPage(userVO));
|
}
|
|
@ApiOperation(value = "添加或修改用户")
|
@PostMapping("/saveOrUpdate")
|
@RequiresRoles({"admin"})
|
@RequiresPermissions({"user:update", "user:add"})
|
public Result saveOrUpdate(@RequestBody User user) {
|
if ("admin".equals(user.getUsername())) {
|
return Result.fail("管理员不可以被禁用");
|
}
|
Integer count = userService.lambdaQuery()
|
.eq(User::getUsername, user.getUsername())
|
.ne(user.getId() != null, User::getId, user.getId())
|
.count();
|
if (count > 0) {
|
return Result.fail("用户名已存在");
|
}
|
|
// 如果密码未修改,则不进行加密操作
|
if (user.getId() != null) {
|
User existingUser = userService.getById(user.getId());
|
if (existingUser != null && existingUser.getPassword().equals(user.getPassword())) {
|
user.setPassword(existingUser.getPassword());
|
} else {
|
// 密码发生了变化,进行加密操作
|
Object salt = ByteSource.Util.bytes(SystemConstant.JWT_SECRET_KEY);
|
String md5 = new SimpleHash("MD5", user.getPassword(), salt, 1024).toHex();
|
user.setPassword(md5);
|
}
|
}
|
|
userService.saveOrUpdate(user);
|
return Result.success();
|
}
|
|
@ApiOperation(value = "通过id删除用户")
|
@PostMapping("/removeById")
|
@RequiresRoles({"admin"})
|
@RequiresPermissions({"user:delete"})
|
public Result removeById(@RequestBody UserVo userVO) {
|
userService.removeById(userVO.getId());
|
return Result.success();
|
}
|
|
@ApiOperation(value = "通过id查询用户")
|
@GetMapping("/getById")
|
@RequiresPermissions({"user:select"})
|
public Result selectById(UserVo userVO) {
|
return Result.success(userService.getById(userVO.getId()));
|
}
|
|
|
|
@ApiOperation(value = "注销登录,前提是在登录状态")
|
@PostMapping("/loginOut")
|
public Result loginOut() {
|
User currentUser = SecurityUtil.getCurrentUser();
|
if (currentUser == null) {
|
return Result.fail("您暂未登录");
|
}
|
SecurityUtils.getSubject().logout();
|
return Result.success("注销成功");
|
}
|
|
private class UpdatePasswordRequest {
|
}
|
}
|
