diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/api/AllocCanteenApi.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/api/AllocCanteenApi.java index 03ad04fc..d61b1fee 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/api/AllocCanteenApi.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/api/AllocCanteenApi.java @@ -14,6 +14,8 @@ import com.bonus.canteen.core.allocation.canteen.service.AllocAreaService; import com.bonus.canteen.core.allocation.canteen.service.AllocCanteenService; import com.bonus.canteen.core.allocation.canteen.service.AllocMealLineService; import com.bonus.canteen.core.allocation.canteen.vo.*; +import com.bonus.canteen.core.auth.config.LeNiuDataPermission; +import com.bonus.canteen.core.auth.enums.DataPermissionTypeEnum; import com.bonus.canteen.core.auth.po.MgrUserAuthPO; import com.bonus.canteen.core.common.enums.AllocCanteenTypeEnum; import com.bonus.canteen.core.common.utils.TenantContextHolder; @@ -251,6 +253,10 @@ public class AllocCanteenApi { return this.allocStallMapper.listAuthStallByUserRole(); } + @LeNiuDataPermission( + alias = "t1", + permissionType = DataPermissionTypeEnum.PERMISSION_AREA + ) public List listAreaByUserRole(MgrUserAuthPO mgrUserAuthPO) { return this.allocAreaMapper.listAreaByUserRole(mgrUserAuthPO); } diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/canteen/service/impl/AllocAreaServiceImpl.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/canteen/service/impl/AllocAreaServiceImpl.java index ec8945d5..a0731eb0 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/canteen/service/impl/AllocAreaServiceImpl.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/allocation/canteen/service/impl/AllocAreaServiceImpl.java @@ -201,11 +201,7 @@ public class AllocAreaServiceImpl extends ServiceImpl> getSystemAuthAreaTree() { - MgrUserAuthPO mgrUserAuthPO = this.mgrAuthApi.getUserAuthPO(); List areaList = ((AllocAreaMapper)this.baseMapper).listSystemArea(TenantContextHolder.getTenantId()); - if (GlobalConstants.SUPER_ADMIN_ROLE_KEY.equals(mgrUserAuthPO.getRoleCode())) { - areaList = new ArrayList<>(); - } List filterAreaTreeList = ((AllocAreaMapper)this.baseMapper).listAllTreeArea(); if (CollUtil.isNotEmpty(filterAreaTreeList)) { List filterAreaIdList = (List)filterAreaTreeList.stream().map(BaseTreeNode::getId).collect(Collectors.toList()); diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/api/MgrAuthApi.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/api/MgrAuthApi.java index 2147cea0..8a545a4f 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/api/MgrAuthApi.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/api/MgrAuthApi.java @@ -131,7 +131,9 @@ public class MgrAuthApi { MgrUserAuthPO mgrUserAuthPO = this.getUserAuthPO(); if (!filterOtherRole) { return CollUtil.newArrayList(new AllocCanteenTreeVO[0]); - } else if (!ObjectUtil.equal(mgrUserAuthPO.getRoleType(), MgrRoleTypeV2Enum.ROLE_ADMIN.getKey()) && !ObjectUtil.equal(mgrUserAuthPO.getRoleType(), MgrRoleTypeV2Enum.ROLE_ORG.getKey())) { + } else if (!ObjectUtil.equal(mgrUserAuthPO.getRoleType(), MgrRoleTypeV2Enum.ROLE_ADMIN.getKey()) + && !ObjectUtil.equal(mgrUserAuthPO.getRoleCode(), GlobalConstants.SUPER_ADMIN_ROLE_KEY) + && !ObjectUtil.equal(mgrUserAuthPO.getRoleType(), MgrRoleTypeV2Enum.ROLE_ORG.getKey())) { return this.mgrRoleCanteenMapper.getTenantCanteen(excludeMiddle, tenantId, mgrUserAuthPO, delFlag); } else { List list = CollUtil.newArrayList(new AllocCanteenTreeVO[0]); diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/config/LeNiuDataPermissionHandler.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/config/LeNiuDataPermissionHandler.java index 074f7667..f993e727 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/config/LeNiuDataPermissionHandler.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/config/LeNiuDataPermissionHandler.java @@ -4,6 +4,7 @@ import cn.hutool.core.util.ObjectUtil; import com.bonus.canteen.core.auth.enums.DataPermissionTypeEnum; import com.bonus.canteen.core.auth.enums.RoleCodeV2Enum; import com.bonus.common.core.exception.ServiceException; +import com.bonus.common.houqin.constant.GlobalConstants; import com.bonus.common.security.utils.SecurityUtils; import net.sf.jsqlparser.expression.Expression; import net.sf.jsqlparser.expression.HexValue; @@ -87,7 +88,7 @@ public class LeNiuDataPermissionHandler { private String getSqlByAliasAndPermissionType(Long userId, String roleCode, DataPermissionTypeEnum permissionType, String alias) { StringBuilder sb = new StringBuilder(); - if (roleCode.startsWith(RoleCodeV2Enum.ROLE_ADMIN.key())) { + if (roleCode.startsWith(RoleCodeV2Enum.ROLE_ADMIN.key()) || GlobalConstants.SUPER_ADMIN_ROLE_KEY.equals(roleCode)) { return ""; } else { if (ObjectUtil.equal(DataPermissionTypeEnum.PERMISSION_ORG, permissionType)) { diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/oauth/controller/AuthController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/oauth/controller/AuthController.java index 3dd83f11..9e5352ba 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/oauth/controller/AuthController.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/auth/oauth/controller/AuthController.java @@ -20,6 +20,7 @@ import com.bonus.canteen.core.merchant.entity.MercMerchant; import com.bonus.canteen.core.open.modules.auth.constants.CheckEnum; import com.bonus.canteen.core.open.modules.auth.model.OpenApp; import com.bonus.canteen.core.open.modules.auth.service.OpenAppService; +import com.bonus.canteen.core.secure.dto.ClientLoginDto; import com.bonus.common.core.exception.ServiceException; import com.bonus.common.core.web.domain.AjaxResult; import com.bonus.common.houqin.constant.LeConstants; @@ -163,8 +164,8 @@ public class AuthController { @ApiOperation("设备认证") @PostMapping({"/device/login"}) - public AjaxResult deviceLogin(@RequestHeader Map header, @RequestParam String encryptedDeviceSn) { - String deviceSn = SmUtils.decryptBySm2(encryptedDeviceSn); + public AjaxResult deviceLogin(@RequestHeader Map header, @RequestBody ClientLoginDto dto) { + String deviceSn = SmUtils.decryptBySm2(dto.getDeviceSn()); String encryptKey = HeaderFetchUtil.getValueFromHeadersIgnoreCase(header, this.secureProperties.getSecurity().getServerEncryptedClientKeyHeaderName()); String clientKey = SmUtils.decryptBySm4WithServerKey(encryptKey); if (CharSequenceUtil.isEmpty(deviceSn)) { diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java index 5310634f..0b1d46b6 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/config/SmUtils.java @@ -87,27 +87,11 @@ public class SmUtils { } public static void main(String[] args) throws NoSuchAlgorithmException { - sm2(); + //sm2() 移到 SmUtilsTest.java sm4(); sm4WithoutIV(); } - private static void sm2() { - System.out.println("=================sm2==================="); - String privateKeyStr = "D55F4709BE51FCDC71D6385885A5CAEE70A09438F862BEB4E56F64A70C76EF5F"; - String pubKeyStr = "04768E8E44656FFD4BA58C0270002A28365A5F6B0F6D40E88B9221CDFAAA8E82C8CCEDBA5FC2D03F20B11492EBE90CC04782682AFE326363A503F086C04A14092C"; - SM2 sm2 = SmUtil.sm2(privateKeyStr, pubKeyStr); - String data = "liolay123466789"; - byte[] encrypt = sm2.encrypt("liolay".getBytes(StandardCharsets.UTF_8)); - System.out.println("encrypt:" + Base64.encodeUrlSafe(encrypt)); - PrintStream var10000 = System.out; - byte[] var10001 = sm2.sign(data.getBytes(StandardCharsets.UTF_8)); - var10000.println("sign:" + Base64Encoder.encode(var10001)); - var10000 = System.out; - String var5 = new String(sm2.decrypt(encrypt)); - var10000.println("decrypt:" + var5); - } - private static void sm4() throws NoSuchAlgorithmException { System.out.println("================sm4=================="); BouncyCastleProvider provider = new BouncyCastleProvider(); diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/controller/KeyExchangeController.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/controller/KeyExchangeController.java index fbef4868..e1a95604 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/controller/KeyExchangeController.java +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/controller/KeyExchangeController.java @@ -2,11 +2,9 @@ package com.bonus.canteen.core.secure.controller; import com.bonus.canteen.core.config.SecureProperties; import com.bonus.canteen.core.config.SmUtils; +import com.bonus.canteen.core.secure.dto.ClientLoginDto; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; @RestController @RequestMapping @@ -17,12 +15,11 @@ public class KeyExchangeController { this.publicKey = secureProperties.getSecurity().getClientSm2Key(); } - @GetMapping({"${secure.security.key-exchange-path:/exchange/key}"}) - public ExchangedKey exchangeKey(@RequestParam String clientKey) { + @PostMapping({"${secure.security.key-exchange-path:/exchange/key}"}) + public ExchangedKey exchangeKey(@RequestBody ClientLoginDto dto) { ExchangedKey exchangedKey = new ExchangedKey(); - try { - String decryptedClientKey = SmUtils.decryptBySm2(clientKey); + String decryptedClientKey = SmUtils.decryptBySm2(dto.getClientKey()); String encryptedClientKey = SmUtils.encryptBySm4WithServerKey(decryptedClientKey); String encryptedClientKeySign = SmUtils.signBySm2(encryptedClientKey); return exchangedKey.setSign(encryptedClientKeySign).setServerEncryptClientKey(encryptedClientKey); diff --git a/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/dto/ClientLoginDto.java b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/dto/ClientLoginDto.java new file mode 100644 index 00000000..0cc56aa6 --- /dev/null +++ b/bonus-modules/bonus-smart-canteen/src/main/java/com/bonus/canteen/core/secure/dto/ClientLoginDto.java @@ -0,0 +1,9 @@ +package com.bonus.canteen.core.secure.dto; + +import lombok.Data; + +@Data +public class ClientLoginDto { + private String clientKey; + private String deviceSn; +} diff --git a/bonus-modules/bonus-smart-canteen/src/main/resources/mapper/alloc/AllocAreaMapper.xml b/bonus-modules/bonus-smart-canteen/src/main/resources/mapper/alloc/AllocAreaMapper.xml index 9be9b051..d4def381 100644 --- a/bonus-modules/bonus-smart-canteen/src/main/resources/mapper/alloc/AllocAreaMapper.xml +++ b/bonus-modules/bonus-smart-canteen/src/main/resources/mapper/alloc/AllocAreaMapper.xml @@ -61,17 +61,5 @@ t1.super_id FROM alloc_area t1 WHERE t1.if_del = 2 - - and EXISTS ( - SELECT null - FROM sys_role_area it1 - LEFT JOIN sys_role it2 ON it2.role_id = it1.role_id - LEFT JOIN sys_user_role it3 ON it1.role_id = it3.role_id - WHERE it2.del_flag = 0 - AND it2.role_key = #{authPO.roleCode} - AND it3.user_id = #{authPO.userId} - AND t1.area_id = it1.area_id - ) - diff --git a/bonus-modules/bonus-smart-canteen/src/test/java/com/bonus/canteen/core/config/SmUtilsTest.java b/bonus-modules/bonus-smart-canteen/src/test/java/com/bonus/canteen/core/config/SmUtilsTest.java new file mode 100644 index 00000000..521baf1d --- /dev/null +++ b/bonus-modules/bonus-smart-canteen/src/test/java/com/bonus/canteen/core/config/SmUtilsTest.java @@ -0,0 +1,75 @@ +package com.bonus.canteen.core.config; + +import cn.hutool.core.codec.Base64; +import cn.hutool.core.codec.Base64Encoder; +import cn.hutool.crypto.SmUtil; +import cn.hutool.crypto.asymmetric.SM2; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.runner.RunWith; +import org.springframework.test.context.junit4.SpringRunner; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import java.io.PrintStream; +import java.nio.charset.StandardCharsets; +import java.security.NoSuchAlgorithmException; + +@RunWith(SpringRunner.class) +public class SmUtilsTest { + + public static void main(String[] args) throws NoSuchAlgorithmException { + sm2(); +// sm4(); +// sm4WithoutIV(); + } + + private static void sm2() { + System.out.println("=================sm2==================="); + String privateKeyStr = "D55F4709BE51FCDC71D6385885A5CAEE70A09438F862BEB4E56F64A70C76EF5F"; + String pubKeyStr = "04768E8E44656FFD4BA58C0270002A28365A5F6B0F6D40E88B9221CDFAAA8E82C8CCEDBA5FC2D03F20B11492EBE90CC04782682AFE326363A503F086C04A14092C"; + SM2 sm2 = SmUtil.sm2(privateKeyStr, pubKeyStr); + String data = "liolay123466789"; + byte[] encrypt = sm2.encrypt("2AD2252000231631".getBytes(StandardCharsets.UTF_8)); + System.out.println("encrypt:" + Base64.encode(encrypt)); + PrintStream var10000 = System.out; + byte[] var10001 = sm2.sign(data.getBytes(StandardCharsets.UTF_8)); + var10000.println("sign:" + Base64Encoder.encode(var10001)); + var10000 = System.out; + String var5 = new String(sm2.decrypt(encrypt)); + var10000.println("decrypt:" + var5); + } + + private static void sm4() throws NoSuchAlgorithmException { + System.out.println("================sm4=================="); + BouncyCastleProvider provider = new BouncyCastleProvider(); + KeyGenerator generator = KeyGenerator.getInstance("SM4", provider); + SecretKey secretKey = generator.generateKey(); + byte[] encoded = secretKey.getEncoded(); + String key = Base64Encoder.encode(encoded); + System.out.println("key: " + key); + String data = "liolay"; + String encryptBySm4 = SmUtils.encryptBySm4(data, encoded); + System.out.println("encrypt: " + encryptBySm4); + PrintStream var10000 = System.out; + String var10001 = SmUtils.decryptBySm4(encryptBySm4, encoded); + var10000.println("decrypt: " + var10001); + var10000 = System.out; + var10001 = SmUtils.decryptBySm4(encryptBySm4, key); + var10000.println("decrypt: " + var10001); + } + + private static void sm4WithoutIV() throws NoSuchAlgorithmException { + System.out.println("================sm4WithoutIV=================="); + BouncyCastleProvider provider = new BouncyCastleProvider(); + KeyGenerator generator = KeyGenerator.getInstance("SM4", provider); + SecretKey secretKey = generator.generateKey(); + byte[] key = secretKey.getEncoded(); + String keyEncode = Base64Encoder.encode(key); + System.out.println("key: " + keyEncode); + String plainData = "liolay"; + String encryptedData = SmUtils.encryptBySm4(plainData, key); + System.out.println("encrypt: " + encryptedData); + String decryptData = SmUtils.decryptBySm4(encryptedData, key); + System.out.println("decrypt: " + decryptData); + } + +}