From 91a5a591e162ef2a18efc22c777370e69e2bd999 Mon Sep 17 00:00:00 2001 From: wzp Date: Tue, 24 Dec 2024 12:59:13 +0800 Subject: [PATCH] feat: it seems working?! --- .../CustomAuthorizationHandler.java | 30 +++++++++++---- src/main/java/org/blue/club/dao/AuthDao.java | 9 +++++ .../org/blue/club/services/UserServices.java | 38 ++++++++++++++++++- 3 files changed, 67 insertions(+), 10 deletions(-) create mode 100644 src/main/java/org/blue/club/dao/AuthDao.java diff --git a/src/main/java/org/blue/club/configuration/CustomAuthorizationHandler.java b/src/main/java/org/blue/club/configuration/CustomAuthorizationHandler.java index 53c6ad9..0e7a1dd 100644 --- a/src/main/java/org/blue/club/configuration/CustomAuthorizationHandler.java +++ b/src/main/java/org/blue/club/configuration/CustomAuthorizationHandler.java @@ -2,6 +2,7 @@ package org.blue.club.configuration; import lombok.RequiredArgsConstructor; import org.blue.club.annotation.Auth; +import org.blue.club.dao.AuthDao; import org.blue.club.dao.UserDao; import org.blue.club.entities.dto.User; import org.blue.club.entities.vo.data.UserVo; @@ -24,23 +25,36 @@ public class CustomAuthorizationHandler implements AuthorizationHandler { private final JwtUtils jwtUtils; private final UserDao userDao; private final VoUtils voUtils; + private final AuthDao authDao; + private User guestUser; @Override public Optional auth(String token, Annotation ann) { if (ann instanceof Auth auth) { - Optional i = jwtUtils.verifyToken(token); - if (i.isEmpty()) throw new AuthorizationException(Result.failed(HttpStatus.UNAUTHORIZED, "token错误!")); - Long userId = i.get(); - UserVo userVo = userDao.selectOneWithRelationsById(userId); - if (userVo == null) throw new AuthorizationException(Result.failed(HttpStatus.UNAUTHORIZED, "用户不存在!")); - User user = voUtils.vo2DtoSafe(userVo, User.class); + User user = guestUser; + if (guestUser == null) { + user = new User(); + user.setId(-1L); + user.setName("游客"); + user.setAuth(authDao.selectOneWithRelationsById(1)); + guestUser = user; + } + if (token != null) { + Optional i = jwtUtils.verifyToken(token); + if (i.isEmpty()) throw new AuthorizationException(Result.failed(HttpStatus.UNAUTHORIZED, "token错误!")); + Long userId = i.get(); + UserVo userVo = userDao.selectOneWithRelationsById(userId); + if (userVo == null) + throw new AuthorizationException(Result.failed(HttpStatus.UNAUTHORIZED, "用户不存在!")); + user = voUtils.vo2DtoSafe(userVo, User.class); + } long[] auths = auth.auths(); LongStream authStream = Arrays.stream(auths); - boolean isAuthAccept = auths.length == 0 || auth.authType().equals(Auth.LogicType.ANY) ? authStream.anyMatch(user::isAuth) : authStream.allMatch(user::isAuth); + boolean isAuthAccept = auths.length == 0 || (auth.authType().equals(Auth.LogicType.ANY) ? authStream.anyMatch(user::isAuth) : authStream.allMatch(user::isAuth)); if (!isAuthAccept) throw new AuthorizationException(Result.failed(HttpStatus.UNAUTHORIZED, "权限不足!")); long[] permissions = auth.permissions(); LongStream permissionStream = Arrays.stream(permissions); - boolean isPermissionAccept = permissions.length == 0 || auth.permissionType().equals(Auth.LogicType.ANY) ? permissionStream.anyMatch(user::hasPermission) : permissionStream.allMatch(user::hasPermission); + boolean isPermissionAccept = permissions.length == 0 || (auth.permissionType().equals(Auth.LogicType.ANY) ? permissionStream.anyMatch(user::hasPermission) : permissionStream.allMatch(user::hasPermission)); if (!isPermissionAccept) throw new AuthorizationException(Result.failed(HttpStatus.UNAUTHORIZED, "权限不足!")); return Optional.of(user); diff --git a/src/main/java/org/blue/club/dao/AuthDao.java b/src/main/java/org/blue/club/dao/AuthDao.java new file mode 100644 index 0000000..3a1ef89 --- /dev/null +++ b/src/main/java/org/blue/club/dao/AuthDao.java @@ -0,0 +1,9 @@ +package org.blue.club.dao; + +import com.mybatisflex.core.BaseMapper; +import org.apache.ibatis.annotations.Mapper; +import org.blue.club.entities.vo.data.AuthVo; + +@Mapper +public interface AuthDao extends BaseMapper { +} diff --git a/src/main/java/org/blue/club/services/UserServices.java b/src/main/java/org/blue/club/services/UserServices.java index 148ee62..3c11abb 100644 --- a/src/main/java/org/blue/club/services/UserServices.java +++ b/src/main/java/org/blue/club/services/UserServices.java @@ -1,6 +1,8 @@ package org.blue.club.services; import com.mybatisflex.core.paginate.Page; +import jakarta.servlet.ServletOutputStream; +import jakarta.servlet.http.HttpServletResponse; import lombok.RequiredArgsConstructor; import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; @@ -16,16 +18,20 @@ import org.blue.club.entities.vo.data.AvatarTmpVo; import org.blue.club.entities.vo.data.UserVo; import org.blue.club.entities.vo.VerifyVo; import org.blue.club.utils.FileUtils; +import org.blue.club.utils.VerifyCodeUtils; import org.mmga.spring.boot.starter.entities.PagerData; import org.mmga.spring.boot.starter.entities.Result; import org.mmga.spring.boot.starter.exception.AuthorizationException; import org.mmga.spring.boot.starter.utils.RandomUtils; import org.mmga.spring.boot.starter.utils.VoUtils; +import org.springframework.http.ContentDisposition; import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; +import org.springframework.util.StreamUtils; import org.springframework.web.multipart.MultipartFile; import java.io.File; +import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.DigestInputStream; import java.security.MessageDigest; @@ -34,7 +40,7 @@ import java.util.List; import java.util.Optional; import static com.mybatisflex.core.query.QueryMethods.select; -import static org.blue.club.entities.vo.table.UserVoTableDef.USER_VO; +import static org.blue.club.entities.vo.data.table.UserVoTableDef.USER_VO; @Slf4j @Service @@ -48,6 +54,7 @@ public class UserServices { private final File avatarFolder; private final AvatarOperationDao avatarOperationDao; private final FileUtils fileUtils; + private final VerifyCodeUtils verifyCodeUtils; private boolean isWrongVerifyCode(String key, String code) { Optional targetCode = verifyDao.findById(key); @@ -178,7 +185,34 @@ public class UserServices { } public Result getVerifyCode() { + VerifyCodeResponse verifyCodeResponse = verifyCodeUtils.generateVerifyCode(); + //TODO ERROR CANNOT CREATE RESPONSE BODY + return Result.success(verifyCodeResponse); + } - return null; + @SneakyThrows + public void getAvatar(HttpServletResponse response, String sha1) { + File targetFile = new File(avatarFolder, sha1); + if (!targetFile.getAbsolutePath().startsWith(avatarFolder.getAbsolutePath())) { + Result.failed(HttpStatus.NOT_FOUND, "文件不存在!").writeToResponse(response); + return; + } + if (!targetFile.exists()) { + Result.failed(HttpStatus.NOT_FOUND, "文件不存在!").writeToResponse(response); + return; + } + try (FileInputStream fileInputStream = new FileInputStream(targetFile)) { + response.setContentType("image/png"); + response.setHeader("Content-Disposition", ContentDisposition.attachment().filename(sha1 + ".png").build().toString()); + ServletOutputStream outputStream = response.getOutputStream(); + StreamUtils.copy(fileInputStream, outputStream); + } + } + + public Result getUserInfo(int userId) { + UserVo userVo = userDao.selectOneWithRelationsById(userId); + if (userVo == null) return Result.failed("用户不存在!"); + User user = voUtils.vo2DtoSafe(userVo, User.class); + return Result.success(user); } }