From 1110448b9a0a11c40053ba4850592ad1bd8c815a Mon Sep 17 00:00:00 2001
From: qiaowei <jov123@163.com>
Date: Thu, 27 Jun 2019 16:44:08 +0800
Subject: [PATCH] =?utf8?q?=E4=BF=AE=E6=94=B9=E6=89=8B=E6=9C=BA=E8=AE=A4?=
 =?utf8?q?=E8=AF=81=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 .../com/supwisdom/dlpay/mobile/MobileApi.kt   | 45 +++++++++++++++----
 .../dlpay/mobile/service/MobileUserService.kt |  6 ++-
 .../service/impl/MobileUserServiceImpl.kt     |  8 ++++
 .../kotlin/com/supwisdom/dlpay/security.kt    | 12 ++---
 4 files changed, 57 insertions(+), 14 deletions(-)

diff --git a/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt b/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt
index a39db676..0b034d6f 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt
@@ -3,6 +3,7 @@ package com.supwisdom.dlpay.mobile
 import com.supwisdom.dlpay.api.bean.JsonResult
 import com.supwisdom.dlpay.mobile.service.MobileUserService
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.data.redis.core.RedisTemplate
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler
 import org.springframework.web.bind.annotation.RequestMapping
@@ -10,14 +11,39 @@ import org.springframework.web.bind.annotation.RestController
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpServletResponse
 import org.springframework.web.bind.annotation.RequestMethod
+import org.springframework.web.bind.annotation.RequestParam
 import java.security.Principal
 
+@RestController
+@RequestMapping("/mobileapi/i")
+class ApiInit {
+    @Autowired
+    lateinit var redisTemplate: RedisTemplate<String, String>
+    /*
+    * TODO 防止重复调用发验证码
+    * */
+    @RequestMapping("/code")
+    fun code(@RequestParam phone: String): JsonResult {
+        return JsonResult.ok("OK")
+    }
+
+    @RequestMapping("/checkcode")
+    fun check(@RequestParam phone: String,@RequestParam code: String): JsonResult {
+        return JsonResult.ok("OK")
+    }
+
+    @RequestMapping("/register")
+    fun register(@RequestParam uid: String,@RequestParam pwd: String,@RequestParam repwd: String): JsonResult {
+        return JsonResult.ok("OK")
+    }
+}
+
 
 @RestController
-@RequestMapping("/mobileapi")
-class MobileApiController {
+@RequestMapping("/mobileapi/v1")
+class ApiV1 {
     @Autowired
-    lateinit var userService: MobileUserService
+    lateinit var redisTemplate: RedisTemplate<String, String>
     @RequestMapping("/logout")
     fun logout(request: HttpServletRequest, response: HttpServletResponse): JsonResult {
         SecurityContextHolder.getContext().authentication?.also {
@@ -25,14 +51,17 @@ class MobileApiController {
         }
         return JsonResult.ok("退出成功")
     }
-}
 
-@RestController
-@RequestMapping("/mobileapi/v1")
-class ApiV1 {
     @RequestMapping("/infor")
     fun getUserInfor(): JsonResult {
-        val p =  SecurityContextHolder.getContext().authentication
+        val p = SecurityContextHolder.getContext().authentication
+        return JsonResult.ok("OK").put("name", p.name)!!
+    }
+
+
+    @RequestMapping("/register")
+    fun register(): JsonResult {
+        val p = SecurityContextHolder.getContext().authentication
         return JsonResult.ok("OK")
     }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/com/supwisdom/dlpay/mobile/service/MobileUserService.kt b/src/main/kotlin/com/supwisdom/dlpay/mobile/service/MobileUserService.kt
index 6d10c466..f8b5d8d8 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/mobile/service/MobileUserService.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/mobile/service/MobileUserService.kt
@@ -1,5 +1,9 @@
 package com.supwisdom.dlpay.mobile.service
 
+import com.supwisdom.dlpay.mobile.domain.TBMobileUser
 import org.springframework.security.core.userdetails.UserDetailsService
 
-interface MobileUserService : UserDetailsService
\ No newline at end of file
+interface MobileUserService : UserDetailsService {
+
+    fun getByUid(uid: String): TBMobileUser?
+}
\ No newline at end of file
diff --git a/src/main/kotlin/com/supwisdom/dlpay/mobile/service/impl/MobileUserServiceImpl.kt b/src/main/kotlin/com/supwisdom/dlpay/mobile/service/impl/MobileUserServiceImpl.kt
index 9f163348..179f5fee 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/mobile/service/impl/MobileUserServiceImpl.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/mobile/service/impl/MobileUserServiceImpl.kt
@@ -34,4 +34,12 @@ class MobileUserServiceImpl : MobileUserService {
         }
         return temp
     }
+
+    override fun getByUid(uid: String): TBMobileUser? {
+        var t = mobileUserDao.findById(uid)
+        if(t.isPresent){
+            return t.get()
+        }
+        return null
+    }
 }
\ No newline at end of file
diff --git a/src/main/kotlin/com/supwisdom/dlpay/security.kt b/src/main/kotlin/com/supwisdom/dlpay/security.kt
index 614f5488..5aad561c 100644
--- a/src/main/kotlin/com/supwisdom/dlpay/security.kt
+++ b/src/main/kotlin/com/supwisdom/dlpay/security.kt
@@ -81,7 +81,7 @@ class ApiJwtAuthenticationFilter : OncePerRequestFilter() {
             url = url.replace(context, "")
         }
         logger.info(url)
-        if (!url.startsWith("/api/") && !url.startsWith("/mobileapi/")){
+        if(!url.startsWith("/api/")&&!url.startsWith("/mobileapi/v1/")){
             filterChain.doFilter(request, response)
             return
         }
@@ -98,7 +98,7 @@ class ApiJwtAuthenticationFilter : OncePerRequestFilter() {
                     return
                 }
                 val claims = getUtil().verifyToken(jwt)
-                if(url == "/mobileapi/logout"){
+                if(url.equals("/mobileapi/v1/logout")){
                     SecurityContextHolder.clearContext()
                     apiJwtRepository.deleteById(claims[ReservedClaimNames.JWT_ID].toString())
                     throw JoseException("JWT has not been register")
@@ -115,11 +115,11 @@ class ApiJwtAuthenticationFilter : OncePerRequestFilter() {
                 }
                 val tenantId = request.getHeader(Constants.HEADER_TETANTID)
                 if (tenantId == null) {
-                    response.sendError(HttpStatus.UNAUTHORIZED.value(), "未定义租户ID")
+                    response.status=HttpStatus.UNAUTHORIZED.value()
                     return
                 }
                 if (claims[Constants.JWT_CLAIM_TENANTID] != tenantId) {
-                    response.sendError(HttpStatus.UNAUTHORIZED.value(), "未定义租户ID")
+                    response.status=HttpStatus.UNAUTHORIZED.value()
                     return
                 }
                 val auth = UsernamePasswordAuthenticationToken(claims[Constants.JWT_CLAIM_UID], null,
@@ -133,6 +133,7 @@ class ApiJwtAuthenticationFilter : OncePerRequestFilter() {
                     apiJwtRepository.deleteById(e.jwtContext.jwtClaims.jwtId)
                 }
                 response.status=HttpStatus.UNAUTHORIZED.value()
+                return
             } catch (e: JoseException) {
                 SecurityContextHolder.clearContext()
                 // jwt 失效后返回 401
@@ -224,9 +225,10 @@ class WebSecurityConfig {
                 http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                         .and()
                         .antMatcher("/mobileapi/**")
+
                         .addFilterAfter(apiFilter,
                                 UsernamePasswordAuthenticationFilter::class.java)
-                        .authorizeRequests().anyRequest().authenticated()
+                        .authorizeRequests().antMatchers("/mobileapi/i/**").permitAll().anyRequest().authenticated()
                         .and()
                         .formLogin()
                         .loginProcessingUrl("/mobileapi/login")
-- 
2.17.1