wangyimeng
2022-03-16 69d9692f6194d1e03ec81cf87ea8f0e7a62f7173
src/main/java/com/genersoft/iot/vmp/vmanager/user/UserController.java
@@ -1,29 +1,182 @@
package com.genersoft.iot.vmp.vmanager.user;
import org.springframework.beans.factory.annotation.Value;
import com.genersoft.iot.vmp.conf.security.SecurityUtils;
import com.genersoft.iot.vmp.conf.security.dto.LoginUser;
import com.genersoft.iot.vmp.service.IRoleService;
import com.genersoft.iot.vmp.service.IUserService;
import com.genersoft.iot.vmp.storager.dao.dto.Role;
import com.genersoft.iot.vmp.storager.dao.dto.User;
import com.genersoft.iot.vmp.vmanager.bean.WVPResult;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.util.DigestUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
import javax.security.sasl.AuthenticationException;
import java.text.SimpleDateFormat;
import java.util.List;
@Api(tags = "用户管理")
@CrossOrigin
@RestController
@RequestMapping("/api")
@RequestMapping("/api/user")
public class UserController {
    @Value("${auth.username}")
    private String usernameConfig;
    @Autowired
    private AuthenticationManager authenticationManager;
    @Value("${auth.password}")
    private String passwordConfig;
    @Autowired
    private IUserService userService;
    @RequestMapping("/user/login")
    public String login(String username, String password){
        if (!StringUtils.isEmpty(username) && username.equals(usernameConfig)
                && !StringUtils.isEmpty(password) && password.equals(passwordConfig)) {
            return "success";
    @Autowired
    private IRoleService roleService;
    private final SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    @ApiOperation("登录")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "username", required = true, value = "用户名", dataTypeClass = String.class),
            @ApiImplicitParam(name = "password", required = true, value = "密码(32位md5加密)", dataTypeClass = String.class),
    })
    @GetMapping("/login")
    public WVPResult<LoginUser> login(@RequestParam String username, @RequestParam String password){
        LoginUser user = null;
        WVPResult<LoginUser> result = new WVPResult<>();
        try {
            user = SecurityUtils.login(username, password, authenticationManager);
        } catch (AuthenticationException e) {
            e.printStackTrace();
            result.setCode(-1);
            result.setMsg("fail");
        }
        if (user != null) {
            result.setCode(0);
            result.setMsg("success");
            result.setData(user);
        }else {
            result.setCode(-1);
            result.setMsg("fail");
        }
        return result;
    }
    @ApiOperation("修改密码")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "username", required = true, value = "用户名", dataTypeClass = String.class),
            @ApiImplicitParam(name = "oldpassword", required = true, value = "旧密码(已md5加密的密码)", dataTypeClass = String.class),
            @ApiImplicitParam(name = "password", required = true, value = "新密码(未md5加密的密码)", dataTypeClass = String.class),
    })
    @PostMapping("/changePassword")
    public String changePassword(@RequestParam String oldPassword, @RequestParam String password){
        // 获取当前登录用户id
        LoginUser userInfo = SecurityUtils.getUserInfo();
        if (userInfo== null) {
            return "fail";
        }
        String username = userInfo.getUsername();
        LoginUser user = null;
        try {
            user = SecurityUtils.login(username, oldPassword, authenticationManager);
            if (user != null) {
                int userId = SecurityUtils.getUserId();
                boolean result = userService.changePassword(userId, DigestUtils.md5DigestAsHex(password.getBytes()));
                if (result) {
                    return "success";
                }
            }
        } catch (AuthenticationException e) {
            e.printStackTrace();
        }
        return "fail";
    }
    @ApiOperation("添加用户")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "username", required = true, value = "用户名", dataTypeClass = String.class),
            @ApiImplicitParam(name = "password", required = true, value = "密码(未md5加密的密码)", dataTypeClass = String.class),
            @ApiImplicitParam(name = "roleId", required = true, value = "角色ID", dataTypeClass = String.class),
    })
    @PostMapping("/add")
    public ResponseEntity<WVPResult<Integer>> add(@RequestParam String username,
                                                 @RequestParam String password,
                                                 @RequestParam Integer roleId){
        WVPResult<Integer> result = new WVPResult<>();
        if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password) || roleId == null) {
            result.setCode(-1);
            result.setMsg("参数不可为空");
            return new ResponseEntity<>(null, HttpStatus.BAD_REQUEST);
        }
        // 获取当前登录用户id
        int currenRoleId = SecurityUtils.getUserInfo().getRole().getId();
        if (currenRoleId != 1) {
            // 只用角色id为1才可以删除和添加用户
            result.setCode(-1);
            result.setMsg("用户无权限");
            return new ResponseEntity<>(result, HttpStatus.FORBIDDEN);
        }
        User user = new User();
        user.setUsername(username);
        user.setPassword(DigestUtils.md5DigestAsHex(password.getBytes()));
        Role role = roleService.getRoleById(roleId);
        if (role == null) {
            result.setCode(-1);
            result.setMsg("roleId is not found");
            // 角色不存在
            return new ResponseEntity<>(result, HttpStatus.OK);
        }
        user.setRole(role);
        user.setCreateTime(format.format(System.currentTimeMillis()));
        user.setUpdateTime(format.format(System.currentTimeMillis()));
        int addResult = userService.addUser(user);
        result.setCode(addResult > 0 ? 0 : -1);
        result.setMsg(addResult > 0 ? "success" : "fail");
        result.setData(addResult);
        return new ResponseEntity<>(result, HttpStatus.OK);
    }
    @ApiOperation("删除用户")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "id", required = true, value = "用户Id", dataTypeClass = Integer.class),
    })
    @DeleteMapping("/delete")
    public ResponseEntity<WVPResult<String>> delete(@RequestParam Integer id){
        // 获取当前登录用户id
        int currenRoleId = SecurityUtils.getUserInfo().getRole().getId();
        WVPResult<String> result = new WVPResult<>();
        if (currenRoleId != 1) {
            // 只用角色id为0才可以删除和添加用户
            result.setCode(-1);
            result.setMsg("用户无权限");
            return new ResponseEntity<>(result, HttpStatus.FORBIDDEN);
        }
        int deleteResult = userService.deleteUser(id);
        result.setCode(deleteResult>0? 0 : -1);
        result.setMsg(deleteResult>0? "success" : "fail");
        return new ResponseEntity<>(result, HttpStatus.OK);
    }
    @ApiOperation("查询用户")
    @ApiImplicitParams({})
    @GetMapping("/all")
    public ResponseEntity<WVPResult<List<User>>> all(){
        // 获取当前登录用户id
        List<User> allUsers = userService.getAllUsers();
        WVPResult<List<User>> result = new WVPResult<>();
        result.setCode(0);
        result.setMsg("success");
        result.setData(allUsers);
        return new ResponseEntity<>(result, HttpStatus.OK);
    }
}