fix APP login，fix login SMS send

ruoyi-app/src/main/java/com/ruoyi/app/base/AppLoginUser.java

@@ -0,0 +1,126 @@
+package com.ruoyi.app.base;
+
+import com.ruoyi.app.domain.TbAppUser;
+
+/**
+ * App登录用户
+ */
+public class AppLoginUser {
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 用户唯一标识
+     */
+    private String token;
+
+    /**
+     * 登陆时间
+     */
+    private Long loginTime;
+
+    /**
+     * 过期时间
+     */
+    private Long expireTime;
+
+    /**
+     * 登录IP地址
+     */
+    private String ipaddr;
+
+    /**
+     * 登录地点
+     */
+    private String loginLocation;
+
+    /**
+     * 浏览器类型
+     */
+    private String browser;
+
+    /**
+     * 操作系统
+     */
+    private String os;
+
+    /**
+     * 用户信息
+     */
+    private TbAppUser user;
+
+    public String getToken() {
+        return token;
+    }
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public AppLoginUser() {}
+    public AppLoginUser(TbAppUser user) {
+        this.user = user;
+    }
+
+    public Long getLoginTime()
+    {
+        return loginTime;
+    }
+    public void setLoginTime(Long loginTime)
+    {
+        this.loginTime = loginTime;
+    }
+
+    public String getIpaddr()
+    {
+        return ipaddr;
+    }
+    public void setIpaddr(String ipaddr)
+    {
+        this.ipaddr = ipaddr;
+    }
+
+    public String getLoginLocation()
+    {
+        return loginLocation;
+    }
+    public void setLoginLocation(String loginLocation)
+    {
+        this.loginLocation = loginLocation;
+    }
+
+    public String getBrowser()
+    {
+        return browser;
+    }
+    public void setBrowser(String browser)
+    {
+        this.browser = browser;
+    }
+
+    public String getOs()
+    {
+        return os;
+    }
+    public void setOs(String os)
+    {
+        this.os = os;
+    }
+
+    public Long getExpireTime()
+    {
+        return expireTime;
+    }
+    public void setExpireTime(Long expireTime)
+    {
+        this.expireTime = expireTime;
+    }
+
+    public TbAppUser getUser()
+    {
+        return user;
+    }
+    public void setUser(TbAppUser user)
+    {
+        this.user = user;
+    }
+
+}

ruoyi-app/src/main/java/com/ruoyi/app/base/AppTokenService.java

@@ -0,0 +1,195 @@
+package com.ruoyi.app.base;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.ruoyi.app.domain.TbAppUser;
+import com.ruoyi.common.constant.Constants;
+import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.core.redis.RedisCache;
+import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.ip.AddressUtils;
+import com.ruoyi.common.utils.ip.IpUtils;
+import com.ruoyi.common.utils.uuid.IdUtils;
+import eu.bitwalker.useragentutils.UserAgent;
+import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+
+/**
+ * @author Alex
+ */
+@Service("TokenService")
+public class AppTokenService {
+
+    /**令牌自定义标识*/
+    @Value("${token.header}")
+    private String header;
+    /**令牌秘钥*/
+    @Value("${token.secret}")
+    private String secret;
+    /**令牌有效期（默认7天）*/
+    @Value("${token.expireTime}")
+    private int expireTime;
+
+    protected static final long MILLIS_SECOND = 1000;
+    protected static final long MILLIS_MINUTE = 60 * MILLIS_SECOND;
+    private static final Long MILLIS_MINUTE_TEN = 20 * 60 * 1000L;
+
+    @Autowired
+    private RedisCache redisCache;
+
+    /**
+     * 获取用户身份信息
+     *
+     * @return 用户信息
+     */
+    public LoginUser getLoginUser(HttpServletRequest request) {
+        // 获取请求携带的令牌
+        String token = getToken(request);
+        if (StringUtils.isNotEmpty(token)) {
+            Claims claims = parseToken(token);
+            // 解析对应的用户信息
+            String uuid = (String) claims.get(Constants.APP_LOGIN_USER_KEY);
+            String userKey = getTokenKey(uuid);
+            LoginUser user = redisCache.getCacheObject(userKey);
+            return user;
+        }
+        return null;
+    }
+    /**
+     * 设置用户身份信息
+     */
+    public void setLoginUser(AppLoginUser loginUser) {
+        if (StringUtils.isNotNull(loginUser) && StringUtils.isNotEmpty(loginUser.getToken())) {
+            refreshToken(loginUser);
+        }
+    }
+    /**
+     * 删除用户身份信息
+     */
+    public void delLoginUser(String token) {
+        if (StringUtils.isNotEmpty(token)) {
+            String userKey = getTokenKey(token);
+            redisCache.deleteObject(userKey);
+        }
+    }
+    /**
+     * 创建令牌
+     *
+     * @param loginUser 用户信息
+     * @return 令牌
+     */
+    public String createToken(AppLoginUser loginUser) {
+        String token = IdUtils.fastUUID();
+        loginUser.setToken(token);
+        setUserAgent(loginUser);
+        refreshToken(loginUser);
+
+        Map<String, Object> claims = new HashMap<>(1);
+        claims.put(Constants.APP_LOGIN_USER_KEY, token);
+        return createToken(claims);
+    }
+    /**
+     * 验证令牌有效期，相差不足20分钟，自动刷新缓存
+     *
+     * @param loginUser
+     * @return 令牌
+     */
+    public void verifyToken(AppLoginUser loginUser) {
+        long expireTime = loginUser.getExpireTime();
+        long currentTime = System.currentTimeMillis();
+        if (expireTime - currentTime <= MILLIS_MINUTE_TEN) {
+            refreshToken(loginUser);
+        }
+    }
+    /**
+     * 刷新令牌有效期
+     *
+     * @param loginUser 登录信息
+     */
+    public void refreshToken(AppLoginUser loginUser) {
+        loginUser.setLoginTime(System.currentTimeMillis());
+        loginUser.setExpireTime(loginUser.getLoginTime() + expireTime * MILLIS_MINUTE);
+        // 根据uuid将loginUser缓存
+        String userKey = getTokenKey(loginUser.getToken());
+        redisCache.setCacheObject(userKey, loginUser, expireTime, TimeUnit.MINUTES);
+    }
+    /**
+     * 设置用户代理信息
+     *
+     * @param loginUser 登录信息
+     */
+    public void setUserAgent(AppLoginUser loginUser) {
+        UserAgent userAgent = UserAgent.parseUserAgentString(ServletUtils.getRequest().getHeader("User-Agent"));
+        String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
+        loginUser.setIpaddr(ip);
+        loginUser.setLoginLocation(AddressUtils.getRealAddressByIP(ip));
+        loginUser.setBrowser(userAgent.getBrowser().getName());
+        loginUser.setOs(userAgent.getOperatingSystem().getName());
+    }
+    /**
+     * 从数据声明生成令牌
+     *
+     * @param claims 数据声明
+     * @return 令牌
+     */
+    private String createToken(Map<String, Object> claims) {
+        String token = Jwts.builder()
+                .setClaims(claims)
+                .signWith(SignatureAlgorithm.HS512, secret).compact();
+        return token;
+    }
+
+    /**
+     * 从令牌中获取数据声明
+     *
+     * @param token 令牌
+     * @return 数据声明
+     */
+    private Claims parseToken(String token) {
+        return Jwts.parser()
+                .setSigningKey(secret)
+                .parseClaimsJws(token)
+                .getBody();
+    }
+
+    /**
+     * 从令牌中获取用户名
+     *
+     * @param token 令牌
+     * @return 用户名
+     */
+    public String getUsernameFromToken(String token) {
+        Claims claims = parseToken(token);
+        return claims.getSubject();
+    }
+
+    /**
+     * 获取请求token
+     *
+     * @param request
+     * @return token
+     */
+    private String getToken(HttpServletRequest request) {
+        String token = request.getHeader(header);
+        if (StringUtils.isNotEmpty(token) && token.startsWith(Constants.TOKEN_PREFIX))
+        {
+            token = token.replace(Constants.TOKEN_PREFIX, "");
+        }
+        return token;
+    }
+
+    private String getTokenKey(String uuid) {
+        return Constants.APP_LOGIN_TOKEN_KEY + uuid;
+    }
+}

ruoyi-app/src/main/java/com/ruoyi/app/base/TokenService.java

@@ -1,20 +0,0 @@
-package com.ruoyi.app.base;
-
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.algorithms.Algorithm;
-import com.ruoyi.app.domain.TbAppUser;
-import org.springframework.stereotype.Service;
-
-
-/**
- * @author Alex
- */
-@Service("TokenService")
-public class TokenService {
-    public String getToken(TbAppUser user) {
-        String token="";
-        token= JWT.create().withAudience(user.getId().toString())// 将 user id 保存到 token 里面
-                .sign(Algorithm.HMAC256(user.getMobile()));// 以 手机号 作为 token 的密钥
-        return token;
-    }
-}

ruoyi-app/src/main/java/com/ruoyi/app/controller/AppLoginController.java

@@ -4,12 +4,14 @@ package com.ruoyi.app.controller;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.ruoyi.app.annotation.UserLoginToken;
-import com.ruoyi.app.base.TokenService;
+import com.ruoyi.app.base.AppLoginUser;
+import com.ruoyi.app.base.AppTokenService;
 import com.ruoyi.app.domain.TbAppUser;
 import com.ruoyi.app.service.ITbAppUserService;
 import com.ruoyi.app.util.AliSMSUtil;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.utils.StringUtils;
+import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,13 +25,14 @@ import java.util.Map;
  * @author Alex
  * @date 2020-09-24
  */
+@Api(value = "APP登录",tags = "APP登录")
 @RequiredArgsConstructor(onConstructor_ = @Autowired)
 @RestController
 @RequestMapping("/app" )
 public class AppLoginController {
 
     @Autowired
-    TokenService tokenService;
+    AppTokenService tokenService;
     @Autowired
     private ITbAppUserService userService;
 
@@ -45,7 +48,6 @@ public class AppLoginController {
         if (StringUtils.isBlank(captcha)){
             return AjaxResult.error("验证码不能为空");
         }
-        //TODO 短信验证
         //手机短信验证
         boolean ckCaptcha = AliSMSUtil.getInstance().validateSmsCode(mobile, captcha);
         if (!ckCaptcha) {
@@ -56,10 +58,12 @@ public class AppLoginController {
         TbAppUser userForBase = userService.getOne(new QueryWrapper<TbAppUser>()
             .eq("mobile",mobile)
         );
-        if(userForBase==null){
+        if(userForBase == null){
             return AjaxResult.error("用户不存在");
         }
-        String token = tokenService.getToken(userForBase);
+        AppLoginUser loginUser =  new AppLoginUser();
+        loginUser.setUser(userForBase);
+        String token = tokenService.createToken(loginUser);
         jsonObject.put("token", token);
         jsonObject.put("user", userForBase);
         return AjaxResult.success(jsonObject);
@@ -75,8 +79,21 @@ public class AppLoginController {
     @ApiOperation(value = "发送短信验证码", notes = "发送短信验证码")
     @GetMapping("/captchaSend")
     public AjaxResult sendCaptcha(Integer type, String mobile){
+        TbAppUser user = userService.getOne(new QueryWrapper<TbAppUser>()
+                .eq("mobile",mobile)
+        );
+
+        //注册
+        if (type == 1){
+
+        }
+
+        if(user == null || user.getId() == null){
+
+            return AjaxResult.error("用户不存在");
+        }
         Map<String,String> map = AliSMSUtil.getInstance().sendSmsCode(type, mobile);
-        if(map.get("code").equals("1")) {
+        if(map.get("code").equals("200")) {
             return AjaxResult.success("发送成功");
         }
         return AjaxResult.error(map.get("msg"));
@@ -107,9 +124,6 @@ public class AppLoginController {
 
 
 
-
-
-
     @UserLoginToken
     @GetMapping("/getMessage")
     public String getMessage(){

ruoyi-app/src/main/java/com/ruoyi/app/util/AliSMSUtil.java

@@ -34,13 +34,13 @@ public class AliSMSUtil {
     //产品域名,开发者无需替换
     static final String domain = "dysmsapi.aliyuncs.com";
 
-    // TODO 此处需要替换成开发者自己的AK(在阿里云访问控制台寻找)
-    static final String accessKeyId = "LTAIuSBxXqyBNSCG";
-    static final String accessKeySecret = "K0QrsoGHQQFNya71vG9tmbjfOBnnFf";
+    // 此处需要替换成开发者自己的AK(在阿里云访问控制台寻找 个人头像-AccessKey管理)
+    static final String accessKeyId = "LTAI4GGRzVfuY4WwdKeBZ33u";
+    static final String accessKeySecret = "B6mwjlgi0OYIFVKhMPR0zzgbr6vkev";
 
     private static AliSMSUtil INSTANCE;
 
-    private static String SIGN_NAME = "传承云";
+    private static String SIGN_NAME = "华夏生命传承云";
 
     //单例
     public static AliSMSUtil getInstance(){
@@ -56,7 +56,7 @@ public class AliSMSUtil {
 
     /**
      * 发送验证码 type类型 1、用户注册;2、登录确认;3、身份验证;4、登录异常;5、修改密码;6、信息变更;phone:电话号码
-     * @param type 1、用户注册;2、登录确认;3、身份验证;4、登录异常;5、修改密码;6、信息变更;0、通用验证;
+     * @param type 1、用户注册;2、登录确认;3、身份验证;4、登录异常;5、修改密码;6、信息变更;
      * @param phone 电话号码
      * @return
      */
@@ -65,34 +65,31 @@ public class AliSMSUtil {
 
         String templateCode = "";
         switch (type){
-            case 0:
-                templateCode="SMS_140736533";
-                break;
             case 1://用户注册
-                templateCode="SMS_136825040";
+                templateCode="SMS_203800031";
                 break;
             case 2://登录确认
-                templateCode="SMS_136825042";
+                templateCode="SMS_203800033";
                 break;
             case 3://身份验证
-                templateCode="SMS_136825043";
+                templateCode="SMS_203800034";
                 break;
             case 4://登录异常
-                templateCode="SMS_136825041";
+                templateCode="SMS_203800032";
                 break;
             case 5://修改密码
-                templateCode="SMS_136825039";
+                templateCode="SMS_203800030";
                 break;
             case 6://信息变更
-                templateCode="SMS_136825038";
+                templateCode="SMS_203800029";
                 break;
             default:
                 templateCode="";
                 break;
         }
         if (templateCode.equals("")){
-            map.put("code","-1");
-            map.put("msg","验证类型不存在！");
+            map.put("code","500");
+            map.put("msg","验证类型不存在");
             return map;
         }
         String code = GetCode(phone);
@@ -119,7 +116,7 @@ public class AliSMSUtil {
             return false;
         }
         //时间超时了
-        if((CodeMapTime.get(phone).longValue()+EXPIRATIONTIME) < new Date().getTime()){
+        if((CodeMapTime.get(phone).longValue()+EXPIRATIONTIME) < System.currentTimeMillis()){
             CodeMap.remove(phone);
             CodeMapTime.remove(phone);
             return false;
@@ -209,7 +206,7 @@ public class AliSMSUtil {
     private  String GetCode(String phone){
         String key = GetNum();
         CodeMap.put(phone,key);
-        CodeMapTime.put(phone,new Date().getTime());
+        CodeMapTime.put(phone,System.currentTimeMillis());
         return key;
     }
 
@@ -236,7 +233,7 @@ public class AliSMSUtil {
             public void run() {
                 try {
                     if (CodeMapTime.size() > 0) {
-                        long nd = new Date().getTime();//获取系统时间
+                        long nd = System.currentTimeMillis();//获取系统时间
                         Iterator<Map.Entry<String, Long>> entries = CodeMapTime.entrySet().iterator();
                         while (entries.hasNext()) {
                             Map.Entry<String, Object> entry = (Map.Entry) entries.next();

ruoyi-app/src/main/resources/application.yml

@@ -66,7 +66,7 @@ token:
     # 令牌自定义标识
     header: token
     # 令牌密钥
-    secret: abcdefghijklmnopqrstuvwxyz
+    secret: abcdefghijklmnopqrstuvwxyz1234567890
     # 令牌有效期（默认10080分钟=7天）
     expireTime: 10080
   

ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java

@@ -61,6 +61,10 @@ public class Constants
      * 登录用户 redis key
      */
     public static final String LOGIN_TOKEN_KEY = "login_tokens:";
+    /**
+     * App登录用户 redis key
+     */
+    public static final String APP_LOGIN_TOKEN_KEY = "app_login_tokens:";
 
     /**
      * 防重提交 redis key
@@ -86,6 +90,10 @@ public class Constants
      * 令牌前缀
      */
     public static final String LOGIN_USER_KEY = "login_user_key";
+    /**
+     * 令牌前缀
+     */
+    public static final String APP_LOGIN_USER_KEY = "app_login_user_key";
 
     /**
      * 用户ID

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -114,6 +114,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter
                 .antMatchers("/*/api-docs").anonymous()
                 .antMatchers("/druid/**").anonymous()
                 .antMatchers("/template/**").anonymous()
+                .antMatchers("/app/login").anonymous()
+                .antMatchers("/app/captchaSend").anonymous()
+                .antMatchers("/app/captchaValidate").anonymous()
                 // 除上面外的所有请求全部需要鉴权认证
                 .anyRequest().authenticated()
                 .and()