package com.zhazhapan.efo.web.controller; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONObject; import com.zhazhapan.efo.EfoApplication; import com.zhazhapan.efo.annotation.AuthInterceptor; import com.zhazhapan.efo.config.TokenConfig; import com.zhazhapan.efo.entity.User; import com.zhazhapan.efo.enums.InterceptorLevel; import com.zhazhapan.efo.modules.constant.ConfigConsts; import com.zhazhapan.efo.modules.constant.DefaultValues; import com.zhazhapan.efo.service.IUserService; import com.zhazhapan.efo.util.ControllerUtils; import com.zhazhapan.modules.constant.ValueConsts; import com.zhazhapan.util.Checker; import com.zhazhapan.util.Formatter; import com.zhazhapan.util.encryption.JavaEncrypt; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; /** * @author pantao * @since 2018/1/22 */ @RestController @RequestMapping("/user") @Api(value = "/user", description = "用户相关操作") public class UserController { private final IUserService userService; private final HttpServletRequest request; private final JSONObject jsonObject; @Autowired public UserController(IUserService userService, HttpServletRequest request, JSONObject jsonObject) { this.userService = userService; this.request = request; this.jsonObject = jsonObject; } @ApiOperation(value = "更新用户权限(注:不是文件权限)") @AuthInterceptor(InterceptorLevel.ADMIN) @RequestMapping(value = "/{id}/{permission}", method = RequestMethod.PUT) public String updatePermission(@PathVariable("id") int id, @PathVariable("permission") int permission) { User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING); if (user.getPermission() < ValueConsts.THREE_INT && permission > 1) { jsonObject.put("message", "权限不够,设置失败"); } else if (userService.updatePermission(id, permission)) { jsonObject.put("message", "更新成功"); } else { jsonObject.put("message", "更新失败,请稍后重新尝试"); } return jsonObject.toJSONString(); } @ApiOperation("重置用户密码(管理员接口)") @AuthInterceptor(InterceptorLevel.ADMIN) @RequestMapping(value = "/reset/{id}/{password}", method = RequestMethod.PUT) public String resetPassword(@PathVariable("id") int id, @PathVariable("password") String password) { return ControllerUtils.getResponse(userService.resetPassword(id, password)); } @ApiOperation(value = "更新用户的默认文件权限") @ApiImplicitParam(name = "auth", value = "权限", example = "1,1,1,1", required = true) @AuthInterceptor(InterceptorLevel.ADMIN) @RequestMapping(value = "/{id}/auth", method = RequestMethod.PUT) public String updateFileAuth(@PathVariable("id") int id, String auth) { return ControllerUtils.getResponse(userService.updateFileAuth(id, auth)); } @ApiOperation(value = "获取所有用户") @ApiImplicitParams({@ApiImplicitParam(name = "user", value = "指定用户(默认所有用户)"), @ApiImplicitParam(name = "offset", value = "偏移量", required = true)}) @AuthInterceptor(InterceptorLevel.ADMIN) @RequestMapping(value = "/all", method = RequestMethod.GET) public String getUser(String user, int offset) { User u = (User) request.getSession().getAttribute(ValueConsts.USER_STRING); return Formatter.listToJson(userService.listUser(u.getPermission(), user, offset)); } @ApiOperation(value = "更新我的基本信息") @ApiImplicitParams({@ApiImplicitParam(name = "avatar", value = "头像(可空)"), @ApiImplicitParam(name = "realName", value = "真实姓名(可空)"), @ApiImplicitParam(name = "email", value = "邮箱(可空)"), @ApiImplicitParam(name = "code", value = "验证码(可空)")}) @AuthInterceptor(InterceptorLevel.USER) @RequestMapping(value = "/info", method = RequestMethod.PUT) public String updateBasicInfo(String avatar, String realName, String email, String code) { User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING); jsonObject.put("message", "保存成功"); boolean emilVerify = EfoApplication.settings.getBooleanUseEval(ConfigConsts.EMAIL_VERIFY_OF_SETTINGS); if (Checker.isNotEmpty(email) && !email.equals(user.getEmail())) { if (!emilVerify || isCodeValidate(code)) { if (userService.emailExists(email)) { jsonObject.put("message", "邮箱更新失败,该邮箱已经存在"); } else { user.setEmail(email); } } else { jsonObject.put("message", "邮箱更新失败,验证码校验失败"); } } if (userService.updateBasicInfoById(user.getId(), avatar, realName, user.getEmail())) { user.setAvatar(avatar); user.setRealName(realName); jsonObject.put("status", "success"); } else { jsonObject.put("message", "服务器发生错误,请稍后重新尝试"); } jsonObject.put("email", user.getEmail()); return jsonObject.toString(); } @ApiOperation(value = "更新我的密码") @ApiImplicitParams({@ApiImplicitParam(name = "oldPassword", value = "原密码", required = true), @ApiImplicitParam (name = "newPassword", value = "新密码", required = true)}) @AuthInterceptor(InterceptorLevel.USER) @RequestMapping(value = "/password", method = RequestMethod.PUT) public String updatePassword(String oldPassword, String newPassword) { User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING); jsonObject.put("status", "error"); try { if (user.getPassword().equals(JavaEncrypt.sha256(oldPassword))) { if (userService.updatePasswordById(newPassword, user.getId())) { jsonObject.put("status", "success"); TokenConfig.removeTokenByValue(user.getId()); } else { jsonObject.put("message", "新密码格式不正确"); } } else { jsonObject.put("message", "原密码不正确"); } } catch (NoSuchAlgorithmException | UnsupportedEncodingException e) { jsonObject.put("message", "服务器内部错误,请稍后重新尝试"); } return jsonObject.toString(); } @ApiOperation(value = "获取我的基本信息") @AuthInterceptor(InterceptorLevel.USER) @RequestMapping(value = "/info", method = RequestMethod.GET) public String getInfo() { User user = (User) request.getSession().getAttribute(ValueConsts.USER_STRING); JSONObject object = JSON.parseObject(user.toString()); object.remove(ValueConsts.ID_STRING); object.remove(ValueConsts.PASSWORD_STRING); return object.toString(); } @ApiOperation(value = "登录(用户名密码和token必须有一个输入)") @ApiImplicitParams({@ApiImplicitParam(name = "username", value = "用户名"), @ApiImplicitParam(name = "password", value = "密码"), @ApiImplicitParam(name = "auto", value = "是否自动登录", dataType = "Boolean"), @ApiImplicitParam(name = "token", value = "用于自动登录")}) @AuthInterceptor(InterceptorLevel.NONE) @RequestMapping(value = "/login", method = RequestMethod.PUT) public String login(String username, String password, boolean auto, String token) { //使用密码登录 User user = userService.login(username, password, ValueConsts.NULL_STRING, ValueConsts.NULL_RESPONSE); if (Checker.isNull(user) || user.getPermission() < 1) { jsonObject.put("status", "failed"); } else { request.getSession().setAttribute(ValueConsts.USER_STRING, user); jsonObject.put("status", "success"); if (auto) { jsonObject.put("token", TokenConfig.generateToken(token, user.getId())); } else { jsonObject.put("token", ""); TokenConfig.removeTokenByValue(user.getId()); } } return jsonObject.toString(); } @ApiOperation(value = "用户注册(当不需要验证邮箱时,邮箱和验证码可空)") @ApiImplicitParams({@ApiImplicitParam(name = "username", value = "用户名", required = true), @ApiImplicitParam(name = "email", value = "邮箱"), @ApiImplicitParam(name = "password", value = "密码", required = true), @ApiImplicitParam(name = "code", value = "验证码")}) @AuthInterceptor(InterceptorLevel.NONE) @RequestMapping(value = "/register", method = RequestMethod.POST) public String register(String username, String email, String password, String code) { boolean emilVerify = EfoApplication.settings.getBooleanUseEval(ConfigConsts.EMAIL_VERIFY_OF_SETTINGS); jsonObject.put("status", "error"); if (!emilVerify || isCodeValidate(code)) { if (userService.usernameExists(username)) { jsonObject.put("message", "用户名已经存在"); } else if (userService.emailExists(email)) { jsonObject.put("message", "该邮箱已经被注册啦"); } else if (userService.register(username, email, password)) { jsonObject.put("status", "success"); } else { jsonObject.put("message", "数据格式不合法"); } } else { jsonObject.put("message", "验证码校验失败"); } return jsonObject.toString(); } @ApiOperation(value = "重置我的密码") @ApiImplicitParams({@ApiImplicitParam(name = "email", value = "邮箱", required = true), @ApiImplicitParam(name = "code", value = "验证码", required = true), @ApiImplicitParam(name = "password", value = "密码", required = true)}) @AuthInterceptor(InterceptorLevel.NONE) @RequestMapping(value = "/password/reset", method = RequestMethod.PUT) public String resetPassword(String email, String code, String password) { jsonObject.put("status", "error"); if (isCodeValidate(code)) { if (userService.resetPasswordByEmail(email, password)) { jsonObject.put("status", "success"); } else { jsonObject.put("message", "格式不合法"); } } else { jsonObject.put("message", "验证码校验失败"); } return jsonObject.toString(); } @ApiOperation(value = "检测用户名是否已经注册") @ApiImplicitParam(name = "username", value = "用户名", required = true) @AuthInterceptor(InterceptorLevel.NONE) @RequestMapping(value = "/username/exists", method = RequestMethod.GET) public String usernameExists(String username) { jsonObject.put("exists", userService.usernameExists(username)); return jsonObject.toString(); } @ApiOperation(value = "检测邮箱是否已经注册") @ApiImplicitParam(name = "email", value = "邮箱", required = true) @AuthInterceptor(InterceptorLevel.NONE) @RequestMapping(value = "/email/exists", method = RequestMethod.GET) public String emailExists(String email) { jsonObject.put("exists", userService.emailExists(email)); return jsonObject.toString(); } private boolean isCodeValidate(String code) { return Checker.checkNull(code).equals(String.valueOf(request.getSession().getAttribute(DefaultValues .CODE_STRING))); } }