package com.whyc.service; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.github.pagehelper.PageHelper; import com.github.pagehelper.PageInfo; import com.whyc.dto.Response; import com.whyc.mapper.UserInfMapper; import com.whyc.pojo.UserInf; import com.whyc.util.MD5Util; import com.whyc.util.RSAUtil; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.util.List; import java.util.stream.Collectors; @Service public class UserInfService { @Autowired(required = false) private UserInfMapper mapper; //查询所有用户信息 public Response getAllUser( int pageCurr, int pageSize) { PageHelper.startPage(pageCurr,pageSize); List list=mapper.getAllUser(); PageInfo pageInfo=new PageInfo(list); return new Response().setII(1,list!=null,pageInfo,"数据返回"); } //编辑权限 public Response updateUser(int uid,String uname, int udownloadRole) { UpdateWrapper wrapper=new UpdateWrapper(); wrapper.set("udownload_role",udownloadRole); if(uname!=null){ wrapper.set("uname",uname); } wrapper.eq("uid",uid); int bl=mapper.update(null,wrapper); return new Response().set(1,bl>0); } //新添加用户信息 public Response addUser(UserInf uinf) { QueryWrapper wrapper=new QueryWrapper(); //判断是否存在普通用户(uid>100),若无,初始为1001 int judgecount=mapper.judgeUname(); if(judgecount==0){ uinf.setUid(1001); }else{ //查询出最大的uid String maxUid=mapper.getMaxUid(); if(maxUid==null){ maxUid="1001"; } uinf.setUid(Integer.valueOf(maxUid)+1); } String pwd= RSAUtil.encrypt("123456", RSAUtil.getPublicKey()); uinf.setUsnid(pwd); wrapper.eq("uname",uinf.getUname()); List list=mapper.selectList(wrapper); if(list!=null&&list.size()>0){ return new Response().setII(1,false,list,"用户名已存在"); } int bl=mapper.insert(uinf); return new Response().set(1,bl>0); } //修改密码 public Response changeSnId(String uname,String oldSnId, String newSnId) { if(uname==null||uname.equals("")){ return new Response().set(1,false,"找不到用户"); } //验证老密码是否正确 String snIdRsa=mapper.selectSnId(uname); //解密 String snId=RSAUtil.decrypt(snIdRsa,RSAUtil.getPrivateKey()); String[] decOld=RSAUtil.decryptFrontP(oldSnId,RSAUtil.fontSeparator); String oldId=decOld[0]; String[] newOld=RSAUtil.decryptFrontP(newSnId,RSAUtil.fontSeparator); String newId=newOld[0]; if(oldId.equals(snId)){ UpdateWrapper wrapper=new UpdateWrapper(); wrapper.set("usnid",RSAUtil.encrypt(newId,RSAUtil.getPublicKey())); wrapper.eq("uname",uname); int flag=mapper.update(null,wrapper); return new Response().set(1,flag>0,flag>0?"修改成功":"修改失败"); }else { return new Response().set(1,false,"原密码不正确"); } } //重置密码 public Response resetSnId(int uid ) { UpdateWrapper wrapper=new UpdateWrapper(); wrapper.set("usnid",RSAUtil.encrypt("123456",RSAUtil.getPublicKey())); wrapper.eq("uid",uid); int flag=mapper.update(null,wrapper); return new Response().set(1,flag>0,flag>0?"修改成功":"修改失败"); } //删除用户信息 public Response delUser(int uid) { UpdateWrapper wrapper=new UpdateWrapper(); wrapper.eq("uid",uid); int bl=mapper.delete(wrapper); return new Response().setII(1,bl>0,bl,"删除返回"); } public Response login(String uname, String usnId, HttpServletRequest request) { Response response = new Response(); String[] dataArr = RSAUtil.decryptFrontP(usnId, RSAUtil.fontSeparator); //验签md5 if(dataArr[0]==null||dataArr[1]==null){ return response.set(1, false, "密码验签失败"); } if (!dataArr[1].equals(MD5Util.encryptMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])))) { return response.set(1, false, "密码验签失败"); } UsernamePasswordToken userToken = new UsernamePasswordToken(uname, dataArr[0]); Subject subject = SecurityUtils.getSubject(); try { subject.login(userToken); } catch (Exception e) { if(e instanceof UnknownAccountException){ return response.set(1,false,"账号不存在"); } return response.set(1,false,"密码错误"); } //登录成功 ServletContext servletContext = request.getServletContext(); servletContext.setAttribute(uname, request.getSession().getId()); //Session存储当前用户及权限组列表 UserInf userDB = (UserInf) subject.getPrincipal(); userDB.setUsnid(null); request.getSession().setAttribute("user", userDB); return response.setII(1,true, userDB,"登录成功"); } public Response loginWithoutRsa(String uname, String usnId, HttpServletRequest request) { Response response = new Response(); UsernamePasswordToken userToken = new UsernamePasswordToken(uname, usnId); Subject subject = SecurityUtils.getSubject(); try { subject.login(userToken); } catch (Exception e) { if(e instanceof UnknownAccountException){ return response.set(1,false,"账号不存在"); } return response.set(1,false,"密码错误"); } //登录成功 ServletContext servletContext = request.getServletContext(); servletContext.setAttribute(uname, request.getSession().getId()); //Session存储当前用户及权限组列表 UserInf userDB = (UserInf) subject.getPrincipal(); userDB.setUsnid(null); request.getSession().setAttribute("user", userDB); return response.setII(1,true, userDB,"登录成功"); } public void logout() { Subject subject = SecurityUtils.getSubject(); subject.logout(); } //将用户添加至100~1000管理员 public Response improveRole(int uid) { //判断表是否存在 String tableName = mapper.existTable(); if(tableName==null){ ///创建100~1000的id表,不存在则创建 mapper.createNumber(); //插入默认数据 String sql=" INSERT INTO db_user.temp_numbers(unumber) " + " VALUES "; for(int i=101;i<=1000;i++){ sql+="("+i+")"; if(i!=1000){ sql+=","; } } mapper.setUnumber(sql); } String minUid=mapper.getIn1000(); if(minUid==null){ return new Response().set(1,false,"管理员个数超过上限"); } UpdateWrapper wrapper =new UpdateWrapper(); wrapper.set("uid",Integer.valueOf(minUid)); wrapper.eq("uid",Integer.valueOf(uid)); int flag= mapper.update(null,wrapper); return new Response().set(1,flag>0,flag>0?"身份变更成功":"身份变更失败"); } //将管理员变成普通用户 public Response dropRole(int uid, HttpServletRequest request) { //查询最大的uid String maxUid=mapper.getMaxUid(); if(maxUid==null){ maxUid="1001"; } //根据用户id查询用户信息 QueryWrapper qWrapper=new QueryWrapper(); qWrapper.eq("uid",Integer.valueOf(uid)); qWrapper.last("limit 1"); UserInf uinf=mapper.selectOne(qWrapper); if(uinf==null){ return new Response().set(1,false,"需要变更的用户信息不正确"); } //编辑 UpdateWrapper wrapper =new UpdateWrapper(); wrapper.set("uid",Integer.valueOf(maxUid)+1); wrapper.eq("uid",Integer.valueOf(uid)); int flag= mapper.update(null,wrapper); //如果是普通用户自己强退,将用户名对应的sessionId变更 ServletContext servletContext = request.getServletContext(); servletContext.setAttribute(uinf.getUname(),"123456"); return new Response().set(1,flag>0,flag>0?"身份变更成功":"身份变更失败"); } public Response getUserNameList() { QueryWrapper query = Wrappers.query(); query.select("uname"); List userNameList = mapper.selectList(query).stream().map(UserInf::getUname).collect(Collectors.toList()); return new Response().set(1,userNameList); } //登录检测 public Response checkUserWebSocket(HttpSession httpSession){ Response model = new Response(); try { UserInf user = (UserInf) httpSession.getAttribute("user"); if(user!=null){ String sessionId = (String) httpSession.getServletContext().getAttribute(user.getUname()); if(httpSession.getId().equals(sessionId)){ model.set(1,user,null); }else{ if(sessionId.equals("123456")){ model.set(1,false,"身份权限变更,请重新登录"); }else{ model.set(1,false,"不同主机登录"); } //用户在其他主机登录,强迫用户在本机的session失效 httpSession.invalidate(); } } else { model.set(1,false,"用户信息失效,请重新登录"); } }catch (Exception e){ model.set(1,false,"登录信息失效,重新登录"); } return model; } }