修改密码，登录短信

core-service/pom.xml

@@ -80,6 +80,12 @@
             <artifactId>spring-test</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>com.winsun.gdtel.gztel</groupId>
+            <artifactId>common</artifactId>
+            <version>0.0.2</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 
     <build>

core-service/src/main/java/com/winsun/item/modular/config/LoginApplicaionConfig.java

+package com.winsun.item.modular.config;
+
+
+import com.winsun.item.modular.intercept.ChangePwdInterceptor;
+import com.winsun.item.modular.intercept.LoginInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
+
+
+/**
+ * @Author xuede
+ * @Date 2020/2/29 16:11
+ * @Version 1.0
+ */
+@Configuration
+public class LoginApplicaionConfig extends WebMvcConfigurationSupport {
+
+    @Autowired
+    private LoginInterceptor loginInterceptor;
+
+    @Autowired
+    private ChangePwdInterceptor changePwdInterceptor;
+
+
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+
+        // login changePwd路径进行拦截
+        registry.addInterceptor(loginInterceptor).addPathPatterns("/login");
+        registry.addInterceptor(changePwdInterceptor).addPathPatterns("/mgr/changePwd");
+        super.addInterceptors(registry);
+    }
+
+}

core-service/src/main/java/com/winsun/item/modular/intercept/ChangePwdInterceptor.java

+package com.winsun.item.modular.intercept;
+
+import com.alibaba.fastjson.JSON;
+import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.item.core.shiro.ShiroKit;
+import com.winsun.item.util.LoginUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Author xuede
+ * @Date 2020/2/29 18:01
+ * @Version 1.0
+ */
+@Component
+public class ChangePwdInterceptor extends HandlerInterceptorAdapter {
+
+    @Autowired
+    public StringRedisTemplate stringRedisTemplate;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
+
+        String inputCode = request.getParameter("inputCode");
+        if (inputCode==null){
+            return false;
+        }
+
+        Integer userId = ShiroKit.getUser().getId();
+        //验证码
+        ResponseData<String> codeDecryptre = LoginUtils.pwdDecrypt(inputCode);
+        if (!codeDecryptre.isSuccess()) {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            Map<String, Object> map = new HashMap<>();
+            map.put("code", 500);
+            map.put("data", "验证码错误");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+        inputCode = codeDecryptre.getData();
+        String rediscode = stringRedisTemplate.opsForValue().get(userId.toString());
+        if (StringUtils.isBlank(rediscode)) {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            Map<String, Object> map = new HashMap<>();
+            map.put("code", 500);
+            map.put("data", "验证码错误");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+        if (!rediscode.equals(inputCode)) {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            Map<String, Object> map = new HashMap<>();
+            map.put("code", 500);
+            map.put("data", "验证码错误");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+        return true;
+    }
+}

core-service/src/main/java/com/winsun/item/modular/intercept/LoginInterceptor.java

+package com.winsun.item.modular.intercept;
+
+import com.alibaba.fastjson.JSON;
+import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.item.modular.system.service.IUserService;
+import com.winsun.item.util.LoginUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.PrintWriter;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Author xuede
+ * @Date 2020/2/29 16:07
+ * @Version 1.0
+ */
+@Component
+@Slf4j
+public class LoginInterceptor extends HandlerInterceptorAdapter {
+
+
+    //登录验证码标识
+    private static String CODE="getPhoneCode";
+
+    @Autowired
+    public  StringRedisTemplate stringRedisTemplate;
+
+    @Autowired
+    private IUserService userService;
+
+    //5分钟内有效
+    private static long CODETIME=1000 * 60*5;
+
+    //短信验证码错误key
+    private static String ERRCODENAME="ERRCODENAME";
+    //短信验证码输入错误次数
+    private static int ERRACCOUNT=10;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
+
+        Object username = request.getParameter("username");
+        if (username==null){
+            return false;
+        }
+        Map<String, Object> map = new HashMap<>();
+        //短信验证码
+        if (request.getParameter("phonecode")==null){
+            //new ErrorTip(500, "短信验证码不能为空！");
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            map.put("code", 500);
+            map.put("message", "短信验证码不能为空");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+        String phonecode = request.getParameter("phonecode").trim();
+        ResponseData<String> phonecodeDecrypt = LoginUtils.pwdDecrypt(phonecode);
+        if (!phonecodeDecrypt.isSuccess()) {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            //new ErrorTip(500, "短信验证码不能为空！");
+            map.put("code", 500);
+            map.put("message", "短信验证码不能为空");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+
+        //存放redis验证码
+        String rediscode = stringRedisTemplate.opsForValue().get(username + CODE);
+        if (StringUtils.isBlank(rediscode)){
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            log.info("获取redis 手机验证码失败");
+            //new ErrorTip(500, "请再次获取手机验证码");
+            map.put("code", 500);
+            map.put("message", "请再次获取手机验证码");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+        phonecode = phonecodeDecrypt.getData();
+        if (!rediscode.equals(phonecode)) {
+            log.info("获取redis数据和 手机验证码不一致，用户名：{} redis存放验证码: {} 用户输入验证码: {}",username,rediscode,phonecode);
+            String errcount =  stringRedisTemplate.opsForValue().get(ERRCODENAME + username);
+            if (StringUtils.isBlank(errcount)){
+                errcount="1";
+                stringRedisTemplate.opsForValue().set(ERRCODENAME+username,errcount);
+            }else if (Integer.valueOf(errcount)<ERRACCOUNT){
+                errcount =String.valueOf(Integer.valueOf(errcount)+1);
+                stringRedisTemplate.opsForValue().set(ERRCODENAME+username,errcount);
+            }else if (Integer.valueOf(errcount)==ERRACCOUNT){
+                errcount=String.valueOf(ERRACCOUNT);
+                String code = username + CODE;
+                stringRedisTemplate.delete(code);
+                stringRedisTemplate.delete(ERRCODENAME+username);
+            }
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("text/html;charset=utf-8");
+            PrintWriter writer = response.getWriter();
+            map.put("code", 500);
+            map.put("message", "登录失败,手机验证码第"+errcount+"次不正确");
+            Object toJSON = JSON.toJSON(map);
+            writer.write(toJSON.toString());
+            return false;
+        }
+        return true;
+    }
+
+
+
+}

core-service/src/main/java/com/winsun/item/modular/system/controller/GetPhoneCodeController.java

+package com.winsun.item.modular.system.controller;
+
+import com.baomidou.mybatisplus.mapper.EntityWrapper;
+import com.winsun.auth.core.base.controller.BaseController;
+import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.auth.core.util.DateUtil;
+import com.winsun.auth.model.user.User;
+import com.winsun.item.core.shiro.ShiroKit;
+import com.winsun.item.core.util.ResponseEntity;
+import com.winsun.item.modular.system.service.IUserService;
+import com.winsun.item.util.LoginUtils;
+import com.winsun.utils.MessageUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.util.CollectionUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * 日志管理的控制器
+ *
+ * @author fengshuonan
+ * @Date 2017年4月5日 19:45:36
+ */
+@Slf4j
+@RestController
+public class GetPhoneCodeController extends BaseController {
+
+    @Autowired
+    private IUserService userService;
+
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
+    //登录验证码标识
+    private static String CODE="getPhoneCode";
+
+    //5分钟内有效
+    private static long CODETIME=1000 * 60*5;
+
+    //短信验证码错误key
+    private static String ERRCODENAME="ERRCODENAME";
+    //短信验证码输入错误次数
+    private static int ERRACCOUNT=10;
+
+    //获取手机登录验证码
+    @RequestMapping(value = "/getPhoneCode",method = RequestMethod.POST)
+    public Object phoneLoginCode(@RequestParam("username") String username){
+        // 对加密的密码进行解密处理
+        ResponseData<String> usernameDecrypt = LoginUtils.pwdDecrypt(username);
+        if (!usernameDecrypt.isSuccess()) {
+            return ResponseEntity.newJSON("code", 400, "message", "密码或者账号错误！");
+        }
+
+        username = usernameDecrypt.getData();
+        EntityWrapper<User> userwrapper = new EntityWrapper<>();
+        userwrapper.eq("account",username);
+        List<User> users = userService.selectList(userwrapper);
+        if (CollectionUtils.isEmpty(users)){
+            return ResponseEntity.newJSON("code", 400, "message", "密码或者账号错误！");
+        }
+        User user = users.get(0);
+        //5分钟内有效
+        String code = username + CODE;
+        String verificationCode=null;
+        if (username.equals("admin")){
+            //只有admin验证码有后门 验证码规则：当前月份日期小时例如 011415
+            verificationCode= DateUtil.formatDate(new Date(),"MMddHH");
+        }else {
+            verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
+        }
+
+        Long expire = stringRedisTemplate.getExpire(code);
+        //验证码 有效时间是五分钟倒计时
+        if (expire>(60*4)){
+            return ResponseEntity.newJSON("code", 400, "message", "请勿频繁发送手机验证码操作！");
+        }
+        stringRedisTemplate.opsForValue().set(code, verificationCode, CODETIME, TimeUnit.MILLISECONDS);
+        Map<String, Object> sent=new HashMap<>();
+        sent.put("code",400);
+        try {
+            if (username.equals("admin")){
+                sent.put("message", "发送成功");
+                sent.put("code", 200);
+            }else {
+                sent = MessageUtil.sent(user.getPhone(), "2", verificationCode);
+            }
+        }catch (Exception e){
+            log.info("错误信息：{}",e.getMessage());
+            sent.put("message","手机短信发送失败");
+        }
+
+        return sent;
+    }
+
+    @RequestMapping("/mgr/codemessage")
+    public Object codemessage() {
+        Integer userId = ShiroKit.getUser().getId();
+        User user = userService.selectById(userId);
+        String verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
+        //5分钟内有效
+        stringRedisTemplate.opsForValue().set(userId.toString(), verificationCode, 1000 * 60*5, TimeUnit.MILLISECONDS);
+        Map<String, Object> sent = MessageUtil.sent(user.getPhone(), "2", verificationCode);
+        return ResponseEntity.newJSON("code", sent.get("code").toString(), "data", sent.get("message"));
+    }
+
+}

core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java

+package com.winsun.item.modular.system.controller;
+
+import com.baomidou.mybatisplus.mapper.EntityWrapper;
+import com.baomidou.mybatisplus.mapper.Wrapper;
+import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.auth.core.util.MD5Util;
+import com.winsun.auth.model.user.User;
+import com.winsun.bean.SysUser;
+import com.winsun.item.core.shiro.ShiroKit;
+import com.winsun.item.core.util.ResponseEntity;
+import com.winsun.item.modular.system.service.IUserService;
+import com.winsun.item.util.LoginUtils;
+import com.winsun.mapper.SysUserMapper;
+import com.winsun.utils.MessageUtil;
+import com.winsun.utils.MyBatisPlusUpdateUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.util.CollectionUtils;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * @Author: chancy
+ * @Date: 2020/3/27 16:14
+ */
+@Slf4j
+@RequestMapping("/forgerpw")
+@RestController
+public class LoginPwdController  {
+
+    private static SysUserMapper sysUserMapper;
+
+    @Autowired
+    private IUserService userService;
+
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
+
+    @Autowired
+    public LoginPwdController(SysUserMapper sysUserMapper){
+        LoginPwdController.sysUserMapper=sysUserMapper;
+    }
+
+    @RequestMapping( "changeOtherPwd")
+    public ResponseData<String> passwordEdit(@RequestParam(value = "oldPwd",required = false) String oldPwd,@RequestParam("newPwd") String newPwd,@RequestParam("changeId") String userId){
+
+        Wrapper<SysUser> wrapper = new EntityWrapper<>();
+        wrapper.eq("id",userId).eq("status", "1");
+        List<SysUser> sysUsers = sysUserMapper.selectList(wrapper);
+        if (CollectionUtils.isEmpty(sysUsers)) {
+            return ResponseData.error("当前用户不存在！");
+        }
+        SysUser sysUser = sysUsers.get(0);
+        if (!ShiroKit.getUser().getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员"))) {
+            ResponseData<String> old = LoginUtils.pwdDecrypt(oldPwd);
+            if (!old.isSuccess()) {
+                return ResponseData.error("原密码不合法!");
+            }
+            oldPwd = ShiroKit.md5(old.getData(), sysUser.getSalt());
+            wrapper.eq("password",oldPwd);
+            Integer integer = sysUserMapper.selectCount(wrapper);
+            if(integer == 0){
+                return ResponseData.error("原密码错误或账号非正常状态账号！");
+            }
+        }
+        ResponseData<String> pwdDecrypt = LoginUtils.pwdDecrypt(newPwd);
+        if (!pwdDecrypt.isSuccess()) {
+            return ResponseData.error("密码不合法！");
+        }
+        newPwd = pwdDecrypt.getData();
+        if(!newPwd.matches("^[a-z0-9A-Z]{8,}$") || newPwd.matches("^[a-zA-Z]{1,}$") || NumberUtils.isDigits(newPwd)) {
+            return ResponseData.error("密码强制等级低，必须要数字、英文字母混合，长度至少8位！");
+        }
+        String newMd5 = ShiroKit.md5(newPwd, sysUser.getSalt());
+        Map<String, Object> dataMapping = new HashMap<>();
+        dataMapping.put("password", newMd5);
+        Integer integer = sysUserMapper.updateForSet(MyBatisPlusUpdateUtils.toUpdateSet(dataMapping), wrapper);
+        if(integer == 1){
+            return ResponseData.success("密码修改成功！");
+        }
+        return ResponseData.error("密码修改失败！");
+    }
+
+    /**
+     * 发送验证码
+     *
+     * @param account
+     * @param
+     * @return
+     */
+    @RequestMapping(value = "verificationCode", method = RequestMethod.POST)
+    @ResponseBody
+    public Object VerificationCode(@RequestParam(value = "account") String account) {
+        EntityWrapper<User> userEntityWrapper = new EntityWrapper<>();
+        userEntityWrapper.eq("status", 1).eq("account", account);
+        List<User> users = userService.selectList(userEntityWrapper);
+        if (CollectionUtils.isEmpty(users)) {
+            return ResponseEntity.newJSON("code", 400, "data", "账号不存在！");
+        }
+        String phone = users.get(0).getPhone();
+        String verificationCode = String.valueOf((int) ((Math.random() * 9 + 1) * 100000));
+        //5分钟内有效
+        stringRedisTemplate.opsForValue().set(account, verificationCode, 1000 * 60*5, TimeUnit.MILLISECONDS);
+        Map<String, Object> sent = MessageUtil.sent(phone, "2", verificationCode);
+        return ResponseEntity.newJSON("code", sent.get("code").toString(), "data", sent.get("message"));
+    }
+
+    /**
+     * 修改密码
+     *
+     * @param account
+     * @param newPwd
+     * @param rePwd
+     * @param
+     * @return
+     */
+    @RequestMapping(value = "changePwd", method = RequestMethod.POST)
+    @ResponseBody
+    public Object ChangePassword(@RequestParam(value = "account") String account, @RequestParam(value = "verificationCode") String verificationCode,
+                                 @RequestParam(value = "newPwd") String newPwd, @RequestParam(value = "rePwd") String rePwd) {
+        // 对加密的密码进行解密处理
+        ResponseData<String> pwdDecrypt = LoginUtils.pwdDecrypt(newPwd);
+        if (!pwdDecrypt.isSuccess()) {
+            return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误！");
+        }
+        newPwd = pwdDecrypt.getData();
+        if(!newPwd.matches("^[a-z0-9A-Z]{8,}$") || newPwd.matches("^[a-zA-Z]{1,}$") || NumberUtils.isDigits(newPwd)) {
+            return ResponseEntity.newJSON("code", 400, "data", "密码强制等级低，必须要数字、英文字母混合，长度至少8位！");
+        }
+
+        ResponseData<String> pwdDecryptre = LoginUtils.pwdDecrypt(rePwd);
+        if (!pwdDecryptre.isSuccess()) {
+            return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误！");
+        }
+        rePwd = pwdDecryptre.getData();
+
+        if (!newPwd.equals(rePwd)) {
+            return ResponseEntity.newJSON("code", 400, "data", "两次密码不一致！");
+        }
+        String code = stringRedisTemplate.opsForValue().get(account);
+        if (StringUtils.isBlank(code)) {
+            return ResponseEntity.newJSON("code", 400, "data", "验证码错误！");
+        }
+        if (!code.equals(verificationCode)) {
+            return ResponseEntity.newJSON("code", 300, "data", "验证码错误！");
+        }
+
+        EntityWrapper<User> userwrapper = new EntityWrapper<>();
+        userwrapper.eq("account", account).eq("status", "1");
+        List<User> users = userService.selectList(userwrapper);
+        if (CollectionUtils.isEmpty(users)) {
+            return ResponseEntity.newJSON("code", 400, "data", "密码或者账号错误！");
+        }
+        User user = users.get(0);
+        String newMd5 = ShiroKit.md5(newPwd, user.getSalt());
+        int updateone = userService.updateone(newMd5, account, user.getPassword());
+        if (updateone > 0) {
+            return ResponseEntity.newJSON("code", 200, "data", "修改成功！");
+        }
+        return ResponseEntity.newJSON("code", 300, "data", "修改失败！");
+    }
+}

service-manager/src/main/java/com/winsun/controller/ImgController.java

@@ -41,18 +41,18 @@ public class ImgController {
         FileInputStream inputStream = null;
         try {
             inputStream = new FileInputStream(file);
-        } catch (FileNotFoundException e) {
+        } catch (Exception e) {
             log.error("图片下载失败",e.getMessage());
         }
         bytes = new byte[0];
         try {
             bytes = new byte[inputStream.available()];
-        } catch (IOException e) {
+        } catch (Exception e) {
             log.error("图片下载失败",e.getMessage());
         }
         try {
             inputStream.read(bytes, 0, inputStream.available());
-        } catch (IOException e) {
+        } catch (Exception e) {
             log.error("图片下载失败",e.getMessage());
         }
         return bytes;

task/src/main/java/com/winsun/rabbitmq/ExportConsumer.java

@@ -7,8 +7,6 @@ import org.springframework.amqp.rabbit.annotation.RabbitListener;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import javax.jnlp.DownloadService;
-import java.sql.Wrapper;
 import java.util.Map;
 
 /**