Merge remote-tracking branch 'origin/main'

bonus-api/bonus-api-system/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-api</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-api/bonus-api-system/src/main/java/com/bonus/system/api/domain/SysUser.java

@@ -11,6 +11,7 @@ import org.apache.commons.lang3.builder.ToStringStyle;
 
 import javax.validation.constraints.Email;
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 import java.util.Date;
 import java.util.List;
@@ -194,7 +195,7 @@ public class SysUser extends BaseEntity {
     }
 
     @Xss(message = "用户昵称不能包含脚本字符")
-    @Size(min = 0, max = 30, message = "用户昵称长度不能超过30个字符")
+    @Size(min = 0, max = 20, message = "用户昵称长度不能超过20个字符")
     public String getNickName() {
         return nickName;
     }
@@ -205,7 +206,7 @@ public class SysUser extends BaseEntity {
 
     @Xss(message = "用户账号不能包含脚本字符")
     @NotBlank(message = "用户账号不能为空")
-    @Size(min = 0, max = 30, message = "用户账号长度不能超过30个字符")
+    @Size(min = 0, max = 20, message = "用户账号长度不能超过20个字符")
     public String getUserName() {
         return userName;
     }
@@ -215,7 +216,7 @@ public class SysUser extends BaseEntity {
     }
 
     @Email(message = "邮箱格式不正确")
-//    @Size(min = 0, max = 50, message = "邮箱长度不能超过50个字符")
+    @Size(min = 0, max = 50, message = "邮箱长度不能超过50个字符")
     public String getEmail() {
         return email;
     }
@@ -224,7 +225,7 @@ public class SysUser extends BaseEntity {
         this.email = email;
     }
 
-//    @Size(min = 0, max = 11, message = "手机号码长度不能超过11个字符")
+    @Pattern(regexp = "^\\d{11}$", message = "手机号码只能包含11位数字")
     public String getPhonenumber() {
         return phonenumber;
     }

bonus-api/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-auth/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
@@ -87,7 +87,7 @@
         <dependency>
             <groupId>com.bonus</groupId>
             <artifactId>bonus-common-config</artifactId>
-            <version>24.11.0-SNAPSHOT</version>
+            <version>24.12.0-SNAPSHOT</version>
             <scope>compile</scope>
         </dependency>
         <dependency>

bonus-auth/src/main/java/com/bonus/auth/controller/TokenController.java

@@ -1,5 +1,6 @@
 package com.bonus.auth.controller;
 
+import com.alibaba.fastjson.JSONObject;
 import com.bonus.auth.config.LoginType;
 import com.bonus.auth.factory.LoginStrategyFactory;
 import com.bonus.auth.form.LoginBody;
@@ -8,6 +9,7 @@ import com.bonus.auth.service.*;
 import com.bonus.common.core.constant.CacheConstants;
 import com.bonus.common.core.constant.SecurityConstants;
 import com.bonus.common.core.domain.R;
+import com.bonus.common.core.exception.ServiceException;
 import com.bonus.common.core.utils.JwtUtils;
 import com.bonus.common.core.utils.StringUtils;
 import com.bonus.common.core.web.domain.AjaxResult;
@@ -23,14 +25,19 @@ import com.bonus.system.api.domain.SysUser;
 import com.bonus.system.api.model.LoginUser;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.RestTemplate;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Set;
 
 /**
@@ -71,6 +78,18 @@ public class TokenController {
     @Resource
     private RemoteConfigService configService;
 
+    @Value("${third-party-login.iws.webAppId}")
+    private String iwsWebAppId;
+
+    @Value("${third-party-login.iws.webUrl}")
+    private String iwsWebUrl;
+
+    @Value("${third-party-login.iws.h5AppId}")
+    private String iwsH5AppId;
+
+    @Value("${third-party-login.iws.h5Url}")
+    private String iwsH5Url;
+
     @PostMapping("isAdmin")
     public R<?> isAdmin(@RequestBody LoginBody form) {
         if (!config.isAdmin()) {
@@ -139,6 +158,33 @@ public class TokenController {
 
     }
 
+    /**
+     * i皖送登录
+     * @return
+     */
+    @PostMapping("iwsLogin")
+    public R<?> iwsLogin(@RequestBody LoginBody form) {
+        //获取i皖送传过来的票据
+        String ticket = form.getTicket();
+        log.info("ticket=" + ticket);
+        if (StringUtils.isNotEmpty(ticket)) {
+            LoginUser loginUser = new LoginUser();
+            SysUser sysUser = new SysUser();
+            if (form.getSysType()!=null && "1".equals(form.getSysType())){
+                sysLoginService.iwsH5Login(ticket,iwsH5AppId,iwsH5Url,loginUser,sysUser);
+            } else if (form.getSysType()!=null && "0".equals(form.getSysType())) {
+                sysLoginService.iwsWebLogin(ticket,iwsWebAppId,iwsWebUrl,loginUser,sysUser);
+            }else {
+                throw new ServiceException("登录失败，请稍后重试");
+            }
+            logService.saveLogin(sysUser.getUserName(), "登录", "登录成功", null, "成功");
+            //生成系统token
+            return R.ok(tokenService.createToken(loginUser));
+
+        }
+        return R.fail("登录失败！");
+    }
+
     /**
      * 获取手机验证码
      *

bonus-auth/src/main/java/com/bonus/auth/form/LoginBody.java

@@ -38,4 +38,13 @@ public class LoginBody {
 
     private String mobileCodeType;
 
+    /**
+     * i皖送使用的ticket
+     */
+    private String ticket;
+
+    /**
+     * i皖送登录方式 0：web端登录  1：H5登录
+     */
+    private String sysType;
 }

bonus-auth/src/main/java/com/bonus/auth/service/EmailOtpLoginStrategy.java

@@ -31,7 +31,7 @@ public class EmailOtpLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/密码错误");
         }
         passwordValidatorService.checkPhoneCaptcha(email, otp);
-        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(email), SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(email, SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(email, userResult);
         LoginUser userInfo = userResult.getData();

bonus-auth/src/main/java/com/bonus/auth/service/EmailPasswordLoginStrategy.java

@@ -34,7 +34,7 @@ public class EmailPasswordLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/密码错误");
         }
         //通过手机号获取用户信息
-        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(email), SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(email, SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(email, userResult);
         //获取用户信息

bonus-auth/src/main/java/com/bonus/auth/service/PhoneOtpLoginStrategy.java

@@ -33,7 +33,7 @@ public class PhoneOtpLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/验证码错误");
         }
         passwordValidatorService.checkPhoneCaptcha(phone, otp);
-        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(phone), SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(phone, SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(phone, userResult);
         LoginUser userInfo = userResult.getData();

bonus-auth/src/main/java/com/bonus/auth/service/PhonePasswordLoginStrategy.java

@@ -36,7 +36,7 @@ public class PhonePasswordLoginStrategy implements LoginStrategy {
             throw new ServiceException("用户不存在/密码错误");
         }
         //通过手机号获取用户信息
-        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(phone), SecurityConstants.INNER);
+        R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(phone, SecurityConstants.INNER);
         //验证用户是否存在
         passwordValidatorService.validateUserResult(phone, userResult);
         //获取用户信息

bonus-auth/src/main/java/com/bonus/auth/service/RegisterVerificationCodeSender.java

@@ -44,7 +44,7 @@ public class RegisterVerificationCodeSender implements VerificationCodeStrategy
             if (!systemConfig.getRegistersConfig().isEmailRegisters()) {
                 throw new ServiceException("请输入正确的联系方式");
             }
-            R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(contactInfo) , SecurityConstants.INNER);
+            R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(contactInfo , SecurityConstants.INNER);
             if (userResult.getData() != null) {
                 throw new ServiceException("联系方式已经注册账号");
             }
@@ -53,7 +53,7 @@ public class RegisterVerificationCodeSender implements VerificationCodeStrategy
             if (!systemConfig.getRegistersConfig().isPhoneRegisters()) {
                 throw new ServiceException("请输入正确的联系方式");
             }
-            R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(contactInfo), SecurityConstants.INNER);
+            R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(contactInfo, SecurityConstants.INNER);
             if (userResult.getData() != null) {
                 throw new ServiceException("联系方式已经注册账号");
             }

bonus-auth/src/main/java/com/bonus/auth/service/SysLoginService.java

@@ -1,5 +1,6 @@
 package com.bonus.auth.service;
 
+import com.alibaba.fastjson.JSONObject;
 import com.bonus.auth.config.VerificationCodeType;
 import com.bonus.auth.factory.VerificationCodeStrategyFactory;
 import com.bonus.auth.form.RegisterBody;
@@ -13,22 +14,29 @@ import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.common.core.web.domain.AjaxResult;
 import com.bonus.common.security.utils.SecurityUtils;
 import com.bonus.config.SystemConfig;
+import com.bonus.system.api.RemoteConfigService;
 import com.bonus.system.api.RemoteUserService;
 import com.bonus.system.api.domain.SysUser;
 import com.bonus.system.api.model.LoginUser;
 import com.hankcs.hanlp.HanLP;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
 
 import javax.annotation.Resource;
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * 登录校验方法
  * 提供登录、注册、验证码获取等服务
  */
 @Component
+@Slf4j
 public class SysLoginService {
-    @Autowired
+    @Resource
     private RemoteUserService remoteUserService;
 
 
@@ -44,6 +52,9 @@ public class SysLoginService {
     @Autowired
     private SystemConfig systemConfig;
 
+    @Resource
+    private RemoteConfigService configService;
+
     /**
      * 获取验证码
      *
@@ -87,12 +98,12 @@ public class SysLoginService {
         int contactType = getContactType(registerBody.getMobile());
 
         if (contactType == 0) {
-            R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(Sm4Utils.encrypt(registerBody.getMobile()) , SecurityConstants.INNER);
+            R<LoginUser> userResult = remoteUserService.getUserInfoByEmail(registerBody.getMobile() , SecurityConstants.INNER);
             if (userResult.getData() != null) {
                 throw new ServiceException("联系方式已经注册账号");
             }
         } else if (contactType == 1) {
-            R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(Sm4Utils.encrypt(registerBody.getMobile()) , SecurityConstants.INNER);
+            R<LoginUser> userResult = remoteUserService.getUserInfoByPhone(registerBody.getMobile() , SecurityConstants.INNER);
             if (userResult.getData() != null) {
                 throw new ServiceException("联系方式已经注册账号");
             }
@@ -184,4 +195,104 @@ public class SysLoginService {
             return pinyin;
         }
     }
+
+    /**
+     * i皖送Web端登录
+     * @param ticket
+     * @param iwsWebAppId
+     * @param iwsWebUrl
+     * @return
+     */
+    public void iwsWebLogin(String ticket, String iwsWebAppId, String iwsWebUrl,LoginUser loginUser,SysUser sysUser) {
+        Map<String, Object> paramMap = new HashMap<>();
+        paramMap.put("ticket", ticket);
+        paramMap.put("appId", iwsWebAppId);
+        RestTemplate restTemplate = new RestTemplate();
+        ResponseEntity<String> authResponse = restTemplate.getForEntity(iwsWebUrl, String.class, paramMap);
+        log.info("authResponse:" + authResponse.toString());
+        if ("200".equals(authResponse.getStatusCode())){
+            // 根据ResponseEntity<String> responseEntity对象，获取body部分，body为json格式字符串
+            String content = authResponse.getBody();
+            // 将json字符串转化为json对象
+            JSONObject json = JSONObject.parseObject(content);
+            // 取出data部分对象
+            JSONObject data = json.getJSONObject("data");
+            sysUser.setUserName(data.get("userName").toString());
+            sysUser.setNickName(data.get("name").toString());
+            sysUser.setPhonenumber(data.get("mobile").toString());
+            loginUser.setSysUser(sysUser);
+            createUser(sysUser,loginUser);
+        }
+    }
+
+    /**
+     * 先查，如果没有进行创建
+     * @param sysUser
+     * @param loginUser
+     */
+    private void createUser(SysUser sysUser, LoginUser loginUser) {
+        //通过用户名获取人员信息
+        R<LoginUser> userResult = remoteUserService.getUserInfo(sysUser.getUserName(), SecurityConstants.INNER);
+        if (userResult.getData() == null || R.FAIL == userResult.getCode()) {
+            log.info("登录用户不存在,进行创建----");
+            RegisterBody registerBody = new RegisterBody();
+            registerBody.setUsername(sysUser.getUserName());
+            registerBody.setNickName(sysUser.getNickName());
+            registerBody.setMobile(sysUser.getPhonenumber());
+            //获取配置中的初始密码
+            AjaxResult result = configService.getConfigKey("sys.user.initPassword");
+            if (result.isSuccess())
+            {
+                sysUser.setPassword(result.get("msg").toString());
+            }
+            //新用户注册
+            try {
+                register(registerBody);
+                //查询用户信息
+                userResult = remoteUserService.getUserInfo(sysUser.getUserName(), SecurityConstants.INNER);
+                loginUser = userResult.getData();
+                sysUser = loginUser.getSysUser();
+                //初始化一个角色
+                Long[] roleIds = new Long[5];
+                // 将数组的第一个元素赋值为 2
+                roleIds[0] = 2L;
+                remoteUserService.insertAuthRole(sysUser.getUserId(),roleIds,SecurityConstants.INNER);
+            }catch (Exception e){
+                throw new ServiceException("登录失败，请稍后重试");
+            }
+        }else {
+            loginUser = userResult.getData();
+            sysUser = loginUser.getSysUser();
+        }
+    }
+
+    /**
+     * i皖送H5端登录
+     * @param ticket
+     * @param iwsH5AppId
+     * @param iwsH5Url
+     * @return
+     */
+    public void iwsH5Login(String ticket, String iwsH5AppId, String iwsH5Url,LoginUser loginUser,SysUser sysUser) {
+        Map<String, Object> paramMap = new HashMap<>();
+        paramMap.put("ticket", ticket);
+        paramMap.put("appId", iwsH5AppId);
+        RestTemplate restTemplate = new RestTemplate();
+        ResponseEntity<String> authResponse = restTemplate.getForEntity(iwsH5Url, String.class, paramMap);
+        log.info("authResponse:" + authResponse.toString());
+        if ("200".equals(authResponse.getStatusCode())){
+            // 根据ResponseEntity<String> responseEntity对象，获取body部分，body为json格式字符串
+            String content = authResponse.getBody();
+            // 将json字符串转化为json对象
+            JSONObject json = JSONObject.parseObject(content);
+            // 取出data部分对象
+            JSONObject data = json.getJSONObject("data");
+            JSONObject userInfo = data.getJSONObject("userInfo");
+            sysUser.setUserName(userInfo.get("userName").toString());
+            sysUser.setNickName(userInfo.get("name").toString());
+            sysUser.setPhonenumber(userInfo.get("mobile").toString());
+            loginUser.setSysUser(sysUser);
+            createUser(sysUser,loginUser);
+        }
+    }
 }

bonus-auth/src/main/resources/bootstrap-smart_site_local.yml

@@ -0,0 +1,27 @@
+# Tomcat
+server: 
+  port: 38081
+
+# Spring
+spring:
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+      config:
+        # 配置中心地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+        # 配置文件格式
+        file-extension: yml
+        # 共享配置
+        shared-configs:
+          - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
+
+#加密组件
+jasypt:
+  encryptor:
+    password: Encrypt
+

bonus-common/bonus-common-config/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-common/bonus-common-core/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/constant/SecurityConstants.java

@@ -46,4 +46,5 @@ public class SecurityConstants
      * 角色权限
      */
     public static final String ROLE_PERMISSION = "role_permission";
+
 }

bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/encryption/Sm4Utils.java

@@ -19,7 +19,7 @@ public class Sm4Utils {
      * 加密数据，使用固定盐
      *
      * @param plainText 明文，待加密的字符串
-     * @return 加密后的密文（包含盐），Hex 编码格式
+     * @return 加密后的密文（包含盐），Hex 编码格式，如果加密异常就返回传入的字符串
      */
     public static String encrypt(String plainText) {
         try {
@@ -29,8 +29,7 @@ public class Sm4Utils {
             // 返回带盐的加密结果（Hex编码）
             return HexUtil.encodeHexStr(encryptedData);
         } catch (Exception e) {
-//            e.printStackTrace();
+            return plainText; // 发生异常时返回传入字符串
-            return null; // 发生异常时返回null
         }
     }
 
@@ -38,7 +37,7 @@ public class Sm4Utils {
      * 解密数据，使用固定盐
      *
      * @param cipherText 密文（包含盐），Hex 编码格式的字符串
-     * @return 解密后的明文字符串
+     * @return 解密后的明文字符串，如果解密异常就返回传入的字符串
      */
     public static String decrypt(String cipherText) {
         try {
@@ -48,8 +47,7 @@ public class Sm4Utils {
             byte[] decryptedData = sm4.decrypt(cipherText);
             return new String(decryptedData);
         } catch (Exception e) {
-//            e.printStackTrace();
+            return cipherText; // 发生异常时返回传入字符串
-            return null; // 发生异常时返回null
         }
     }
 
@@ -63,7 +61,7 @@ public class Sm4Utils {
         System.out.println("加密后: " + encryptedText);
 
         // 解密密文
-        String decryptedText = Sm4Utils.decrypt(encryptedText);
+        String decryptedText = Sm4Utils.decrypt(plainText);
         System.out.println("解密后: " + decryptedText);
     }
 }

bonus-common/bonus-common-datascope/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/bonus-common-datasource/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/bonus-common-log/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/bonus-common-redis/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/bonus-common-seata/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-common/bonus-common-security/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/annotation/RequiresPermissionsOrInnerAuth.java

@@ -1,17 +1,15 @@
 package com.bonus.common.security.annotation;
 
-import java.lang.annotation.ElementType;
+import java.lang.annotation.*;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
 
 /**
  * @author wangvivi
  */
-@Target(ElementType.METHOD)
 @Retention(RetentionPolicy.RUNTIME)
+@Target({ ElementType.METHOD, ElementType.TYPE })
+@Documented
 public @interface RequiresPermissionsOrInnerAuth {
-    InnerAuth innerAuth() default @InnerAuth();
+    InnerAuth innerAuth() default @InnerAuth(isUser = false);
-    RequiresPermissions requiresPermissions() default @RequiresPermissions();
+    RequiresPermissions requiresPermissions() default @RequiresPermissions(value = {});
 }
 

bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/aspect/PermissionOrInnerAuthAspect.java

@@ -11,6 +11,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.core.Ordered;
 import org.springframework.stereotype.Component;
@@ -24,13 +25,14 @@ import java.lang.reflect.Method;
  */
 @Aspect
 @Component
-@Slf4j
+public class PermissionOrInnerAuthAspect
-public class PermisssionOrInnerAuthAspect
 {
-    @Around("@annotation(RequiresPermissionsOrInnerAuth)")
+    @Pointcut("@annotation(com.bonus.common.security.annotation.RequiresPermissionsOrInnerAuth)")
-    public Object innerAround(ProceedingJoinPoint point, RequiresPermissionsOrInnerAuth permissionsOrInnerAuth) throws Throwable
+    public void permissionOrInnerAuthAspect() {}
+
+    @Around("permissionOrInnerAuthAspect()")
+    public Object innerAround(ProceedingJoinPoint point) throws Throwable
     {
-        log.info("******************RequiresPermissionsOrInnerAuth**********");
         MethodSignature signature = (MethodSignature) point.getSignature();
         RequiresPermissionsOrInnerAuth auth = signature.getMethod().getAnnotation(RequiresPermissionsOrInnerAuth.class);
 
@@ -56,7 +58,7 @@ public class PermisssionOrInnerAuthAspect
         try {
             AuthUtil.checkInnerAuth(innerAuth);
         } catch (InnerAuthException e){
-            log.error("内部认证失败:{}",e.getMessage());
+//            log.error("内部认证失败:{}",e.getMessage());
             return false;
         }
         return true;
@@ -66,4 +68,13 @@ public class PermisssionOrInnerAuthAspect
         AuthUtil.checkPermi(requiresPermissions,point);
         return true;
     }
+
+//    /**
+//     * 确保在权限认证aop执行前执行
+//     */
+//    @Override
+//    public int getOrder()
+//    {
+//        return Ordered.HIGHEST_PRECEDENCE + 2;
+//    }
 }

bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/SecurityUtils.java

@@ -7,6 +7,7 @@ import com.bonus.common.core.utils.ServletUtils;
 import com.bonus.common.core.utils.StringUtils;
 import com.bonus.common.core.utils.encryption.Sm4Utils;
 import com.bonus.system.api.model.LoginUser;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -116,14 +117,25 @@ public class SecurityUtils
     }
 
     public static void main(String[] args) {
+ //老的加密方式要保留，偶尔调试要用
+//        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+//        String encodePass =  passwordEncoder.encode("Bonus$2026");
+//        System.out.println(encodePass);
+//        boolean result = passwordEncoder.matches("Bonus$2026", "$2a$10$0TaYZgPNd7eqpvsKx4KZnu0nPiSQlVn5SZZaJa2q6tLPuI9bWD0lW");
+//        System.out.println("result: " + result);
+
 //$2a$10$7JB720yubVSZvUI0rEqK/.VqGOZTH.ulu33dHOiBE8ByOhJIrdAu2
         //$2a$10$zvlw3Mu8M.j.MhAChrYwluj88ziX6lVD3AoRrBQpwKMcdIZvKMoR2
 //        String msg= encryptPassword("Admin@1234");
 //       String msg= encryptPassword("15888888888");
 //        boolean rest = matchesPassword("Bonus$2024","$2a$10$8JaKSUAU.K.mceU1.YQbd.wP4EJzbrsIscjAwPlfDR7wAWV6s/BGa");
-        String msg = Sm4Utils.encrypt("Bonus$2026");
+        String msg = Sm4Utils.encrypt("18956025265");
-//        String msg = Sm4Utils.decrypt("4eb762402e0ce5ef9d0028e2d622c53bc8ea1d7680ea4416975e4cc23b4ef7f0");
         System.err.println(msg);
+
+        String msg1 = Sm4Utils.encrypt("1895");
+        System.err.println(msg1);
+//        String msg = Sm4Utils.decrypt("4eb762402e0ce5ef9d0028e2d622c53bc8ea1d7680ea4416975e4cc23b4ef7f0");
+
 //        System.err.println(rest);
     }
 }

bonus-common/bonus-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -4,6 +4,8 @@ com.bonus.common.security.config.VerificationCodeConfig
 com.bonus.common.security.service.TokenService
 com.bonus.common.security.service.SmsService
 com.bonus.common.security.service.EmailService
+com.bonus.common.security.aspect.PermissionOrInnerAuthAspect
 com.bonus.common.security.aspect.PreAuthorizeAspect
 com.bonus.common.security.aspect.InnerAuthAspect
+com.bonus.common.security.aspect.PreventRepeatSubmitAspect
 com.bonus.common.security.handler.GlobalExceptionHandler

bonus-common/bonus-common-sensitive/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/bonus-common-swagger/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-common</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     

bonus-common/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-gateway/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-gateway/src/main/resources/bootstrap-smart_site_local.yml

@@ -0,0 +1,43 @@
+# Tomcat
+server:
+  port: 38080
+
+# Spring
+spring:
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+      config:
+        # 配置中心地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+        # 配置文件格式
+        file-extension: yml
+        # 共享配置
+        shared-configs:
+          - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
+    sentinel:
+      # 取消控制台懒加载
+      eager: true
+      transport:
+        # 控制台地址
+        dashboard: 127.0.0.1:18858
+      # nacos配置持久化
+      datasource:
+        ds1:
+          nacos:
+            server-addr: 127.0.0.1:8848
+            namespace: sgzb_bns
+            dataId: sentinel-bonus-gateway
+            groupId: DEFAULT_GROUP
+            data-type: json
+            rule-type: gw-flow
+
+#加密组件
+jasypt:
+  encryptor:
+    password: Encrypt
+

bonus-modules/bonus-face/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-modules</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-modules/bonus-file/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-modules</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-modules/bonus-file/src/main/resources/bootstrap-smart_site_local.yml

@@ -0,0 +1,21 @@
+# Tomcat
+server:
+  port: 39300
+
+# Spring
+spring:
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+      config:
+        # 配置中心地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+        # 配置文件格式
+        file-extension: yml
+        # 共享配置
+        shared-configs:
+          - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}

bonus-modules/bonus-gen/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-modules</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-modules/bonus-job/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-modules</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-modules/bonus-system/pom.xml

@@ -5,7 +5,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-modules</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 	

bonus-modules/bonus-system/src/main/java/com/bonus/system/controller/SysUserController.java

@@ -24,7 +24,6 @@ import com.bonus.system.service.*;
 import com.bonus.system.warning.WebSocketHandler;
 import org.apache.commons.lang3.ArrayUtils;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.scheduling.annotation.Async;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -77,15 +76,13 @@ public class SysUserController extends BaseController {
     /**
      * 获取用户列表
      */
-    @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth, requiresPermissions = @RequiresPermissions("system:user:list"))
+    @RequiresPermissionsOrInnerAuth(innerAuth = @InnerAuth(isUser = false), requiresPermissions = @RequiresPermissions("system:user:list"))
     @GetMapping("/list")
-    @PreventRepeatSubmit
     @SysLog(title = "用户管理", businessType = OperaType.QUERY, logType = 0, module = "系统管理->用户管理", details = "查询用户列表")
     public TableDataInfo list(SysUser user) {
         try {
             startPage();
             List<SysUser> list = userService.selectUserList(user);
-            webSocketHandler.sendMessageToAll("213123");
             return getDataTable(list);
         } catch (Exception e) {
             logger.error(e.toString(), e);

bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java

@@ -90,10 +90,16 @@ public class SysUserServiceImpl implements ISysUserService {
     @DataScope(deptAlias = "d", userAlias = "u")
     public List<SysUser> selectUserList(SysUser user) {
         try {
+            //临时获取开始时间和结束时间
+            String beginTime = (String) user.getParams().get("beginTime");
+            String endTime = (String) user.getParams().get("endTime");
             BaseEntity entity = CommonDataPermissionInfo.backMissionInfo(user.getParams().get("dataScope").toString());
             BeanUtils.copyProperties(entity, user);
+            user.getParams().put("beginTime", beginTime);
+            user.getParams().put("endTime", endTime);
         } catch (Exception e) {
             e.printStackTrace();
+
         }
         if (user.getUserName() != null) {
             String userName =user.getUserName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_");
@@ -562,7 +568,14 @@ public class SysUserServiceImpl implements ISysUserService {
             } catch (Exception e) {
                 failureNum++;
                 String msg = "<br/>" + failureNum + "、账号 " + user.getUserName() + " 导入失败：";
-                failureMsg.append(msg + e.getMessage());
+                //修复禅道bug 4076，wangweiwei 2024/12/16
+                String message = e.getMessage();
+                if (message != null && message.contains(":")) {
+                    // 去掉冒号及其前面的字段名部分
+                    failureMsg.append(msg + message.substring(message.indexOf(":") + 2).trim());
+                }else {
+                    failureMsg.append(msg + e.getMessage());
+                }
                 log.error(msg, e);
             }
         }

bonus-modules/bonus-system/src/main/resources/bootstrap-smart_site_local.yml

@@ -0,0 +1,26 @@
+# Tomcat
+server:
+  port: 38082
+
+# Spring
+spring:
+  cloud:
+    nacos:
+      discovery:
+        # 服务注册地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+      config:
+        # 配置中心地址
+        server-addr: 127.0.0.1:8848
+        namespace: smart_site
+        # 配置文件格式
+        file-extension: yml
+        # 共享配置
+        shared-configs:
+          - application-${spring.profiles.active}.${spring.cloud.nacos.config.file-extension}
+
+#加密组件
+jasypt:
+  encryptor:
+    password: Encrypt

bonus-modules/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

bonus-visual/bonus-monitor/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus-visual</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 	

bonus-visual/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>com.bonus</groupId>
         <artifactId>bonus</artifactId>
-        <version>24.11.0-SNAPSHOT</version>
+        <version>24.12.0-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
 

pom.xml

@@ -6,14 +6,14 @@
 
     <groupId>com.bonus</groupId>
     <artifactId>bonus</artifactId>
-    <version>24.11.0-SNAPSHOT</version>
+    <version>24.12.0-SNAPSHOT</version>
 
     <name>bonus</name>
     <url>http://www.ahbonus.cn</url>
     <description>博诺思微服务系统</description>
 
     <properties>
-        <bonus.version>24.11.0-SNAPSHOT</bonus.version>
+        <bonus.version>24.12.0-SNAPSHOT</bonus.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <java.version>1.8</java.version>

sql/bns_202411_patch.sql

@@ -55,3 +55,10 @@ INSERT INTO `sys_menu` VALUES (2023, '修改', 2020, 3, '#', '', NULL, 1, 0, 'F'
 INSERT INTO `sys_menu` VALUES (2024, '删除', 2020, 4, '#', '', NULL, 1, 0, 'F', '0', '0', 'system:whitelist:remove', '#', 'admin', '2024-11-06 06:23:22', 'bonus_admin', '2024-11-06 06:25:20', '', '0');
 INSERT INTO `sys_menu` VALUES (2025, '导出', 2020, 5, '#', '', NULL, 1, 0, 'F', '0', '0', 'system:whitelist:export', '#', 'admin', '2024-11-06 06:23:22', 'bonus_admin', '2024-11-06 06:25:28', '', '0');
 INSERT INTO `sys_menu` VALUES (2026, '用户锁定', 1, 7, 'lockUser', 'system/lockUser/index', NULL, 1, 0, 'C', '0', '0', NULL, 'radio', 'bonus_admin', '2024-11-07 03:10:44', '', NULL, '', '0');
+
+
+INSERT INTO sys_config (config_name,config_key,config_value,config_type,create_by,create_time,update_by,update_time,remark) VALUES
+     ('登录失败锁定-次数','sys.login.failed.times','5','Y','admin','2024-11-05 01:22:10','',NULL,NULL),
+	 ('登录失败锁定-时间','sys.login.failed.locktime','20','Y','admin','2024-11-05 01:24:37','',NULL,NULL),
+	 ('系统并发访问限制','sys.backend.concurrency','100','Y','admin','2024-11-05 03:23:01','admin','2024-11-06 01:22:16',NULL),
+	 ('系统会话时长','sys.visit.tokentime','29','Y','admin','2024-11-06 01:23:35','admin','2024-11-06 01:23:49',NULL);

sql/bns_202412_patch.sql

@@ -0,0 +1,16 @@
+SET NAMES utf8mb4;
+
+-- 省
+alter table sys_dept add province varchar(50) null comment '省';
+-- 市
+alter table sys_dept add city varchar(50) null comment '市';
+-- 县
+alter table sys_dept add district varchar(50) null comment '县';
+-- 详细地址
+alter table sys_dept add address varchar(255) null comment '详细地址';
+-- 公司简称
+alter table sys_dept add dept_abbreviation varchar(255) null comment '公司简称';
+-- 公司概述
+alter table sys_dept add remark varchar(255) null comment '公司概述';
+-- 公司logo
+alter table sys_dept add logo varchar(255) null comment '公司logo';