From 37c4d4dd61f39828191672138026b0b2bc1e66bb Mon Sep 17 00:00:00 2001 From: BanTanger <88583317+BanTanger@users.noreply.github.com> Date: Thu, 28 Nov 2024 00:16:51 +0800 Subject: [PATCH] =?UTF-8?q?Revert=20"feat:=20=E6=96=B0=E5=A2=9E=E8=AE=BF?= =?UTF-8?q?=E9=97=AE=E7=A7=81=E6=9C=89=E8=B5=84=E6=BA=90=E6=8B=A6=E6=88=AA?= =?UTF-8?q?=E6=B3=A8=E8=A7=A3,=E7=BB=99=E9=9C=80=E8=A6=81=E7=9A=84?= =?UTF-8?q?=E6=8E=A5=E5=8F=A3=E6=B7=BB=E5=8A=A0=E7=99=BB=E9=99=86=E6=A0=A1?= =?UTF-8?q?=E9=AA=8C=E6=B3=A8=E8=A7=A3=20(#71)"=20(#72)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 7a9291d2e5f659ee2ead37cb6104d6925fcb8bfa. --- .../achobeta/api/dto/like/LikeRequestDTO.java | 2 +- .../com/achobeta/aop/AuthVerifyAspect.java | 2 - .../achobeta/aop/LoginVerificationAspect.java | 4 +- .../aop/SelfPermissionVerificationAspect.java | 79 ------------------- .../trigger/http/AnnounceController.java | 5 -- .../achobeta/trigger/http/AuthController.java | 2 - .../trigger/http/DeviceController.java | 4 - .../achobeta/trigger/http/LikeController.java | 14 ++-- .../achobeta/trigger/http/ReadController.java | 2 - .../achobeta/trigger/http/TeamController.java | 8 -- .../achobeta/trigger/http/UserController.java | 3 - .../types/constraint/LoginVerification.java | 6 -- .../SelfPermissionVerification.java | 17 ---- 13 files changed, 7 insertions(+), 141 deletions(-) delete mode 100644 polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java delete mode 100644 polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java diff --git a/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java b/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java index db469e70..36a9fbf3 100644 --- a/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java +++ b/polaris-api/src/main/java/com/achobeta/api/dto/like/LikeRequestDTO.java @@ -18,7 +18,7 @@ public class LikeRequestDTO { @NotBlank(message = "点赞的用户id不能为空") @FieldDesc(name = "点赞人id") - private String userId; + private String fromId; @NotBlank(message = "获赞的人id不能为空") @FieldDesc(name = "获赞人id") private String toId; diff --git a/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java b/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java index 56167a86..5b8adc83 100644 --- a/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java +++ b/polaris-app/src/main/java/com/achobeta/aop/AuthVerifyAspect.java @@ -10,7 +10,6 @@ import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.reflect.MethodSignature; -import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import javax.annotation.Resource; @@ -28,7 +27,6 @@ @Aspect @Component @Slf4j -@Order(Integer.MIN_VALUE+2) public class AuthVerifyAspect { @Resource diff --git a/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java b/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java index 2360ee96..3ab9dd60 100644 --- a/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java +++ b/polaris-app/src/main/java/com/achobeta/aop/LoginVerificationAspect.java @@ -10,7 +10,6 @@ import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; -import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -29,7 +28,6 @@ @Slf4j @Component @Aspect -@Order(Integer.MIN_VALUE) public class LoginVerificationAspect { private final long EXPIRED = 100*1000; @@ -89,7 +87,7 @@ public Object checkToken(ProceedingJoinPoint joinPoint) throws Throwable { } if(accessTokenExpired <= EXPIRED){ - //如果token已经超时失效也会进这里 + //如果token是持久化的或者已经超时失效也会进这里 response.setHeader(ACCESS_TOKEN_NEED_REFRESH, "true"); } diff --git a/polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java b/polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java deleted file mode 100644 index f5b9e1d3..00000000 --- a/polaris-app/src/main/java/com/achobeta/aop/SelfPermissionVerificationAspect.java +++ /dev/null @@ -1,79 +0,0 @@ -package com.achobeta.aop; - -import com.achobeta.domain.login.model.valobj.TokenVO; -import com.achobeta.types.enums.GlobalServiceStatusCode; -import com.achobeta.types.exception.AppException; -import lombok.extern.slf4j.Slf4j; -import org.aspectj.lang.ProceedingJoinPoint; -import org.aspectj.lang.annotation.Around; -import org.aspectj.lang.annotation.Aspect; -import org.aspectj.lang.annotation.Pointcut; -import org.springframework.core.annotation.Order; -import org.springframework.stereotype.Component; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import javax.servlet.http.HttpServletRequest; - -/** - * @Author: 严豪哲 - * @Description: 访问个人私有资源权限拦截器 - * @Date: 2024/11/27 21:40 - * @Version: 1.0 - */ - -@Slf4j -@Component -@Aspect -@Order(Integer.MIN_VALUE+1) -public class SelfPermissionVerificationAspect { - - private final String TOKENINFO = "tokenInfo"; - - /** - * 拦截入口 - */ - @Pointcut("@annotation(com.achobeta.types.constraint.SelfPermissionVerification)") - public void pointCut(){ - } - - /** - * 拦截处理 - * @param joinPoint joinPoint 信息 - * @return result - * @throws Throwable if any - */ - @Around("pointCut()") - public Object checkToken(ProceedingJoinPoint joinPoint) throws Throwable { - - //获取当前请求信息 - ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes(); - HttpServletRequest request = attributes.getRequest(); - - //获取token信息 - TokenVO tokenVO = (TokenVO) request.getAttribute(TOKENINFO); - - //正常不会进到这 因为登陆校验在本校验之前 - if(tokenVO == null || tokenVO.getUserId() == null){ - log.info("登陆校验未通过,tokenInfo为空,无法获取userId"); - throw new AppException(String.valueOf(GlobalServiceStatusCode.LOGIN_UNKNOWN_ERROR.getCode()), GlobalServiceStatusCode.LOGIN_UNKNOWN_ERROR.getMessage()); - } - - //这里如果再从redis里面获取token信息,token可能过期失效,所以这里不获取用登录校验处传来的 - String tokenUserId = String.valueOf(tokenVO.getUserId()); - - // 获取用户ID - Object arg = joinPoint.getArgs()[0]; - String targetUserId = (String) arg.getClass().getMethod("getUserId").invoke(arg); - - // 校验用户ID是否相同 - if (tokenUserId.equals(targetUserId)) { - log.info("当前用户访问的是个人私有资源,用户id相同,可以放行,userId:{}",tokenUserId); - return joinPoint.proceed(); - } else { - log.info("当前用户访问的是个人私有资源,用户id不相同,不可以放行,userId:{}",tokenUserId); - throw new AppException(String.valueOf(GlobalServiceStatusCode.USER_NO_PERMISSION.getCode()), GlobalServiceStatusCode.USER_NO_PERMISSION.getMessage()); - } - - } -} diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java index efb21b19..b513b0e7 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AnnounceController.java @@ -4,7 +4,6 @@ import com.achobeta.domain.announce.model.valobj.UserAnnounceVO; import com.achobeta.domain.announce.service.IAnnounceService; import com.achobeta.types.Response; -import com.achobeta.types.constraint.LoginVerification; import com.achobeta.types.enums.GlobalServiceStatusCode; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; @@ -33,7 +32,6 @@ public class AnnounceController implements com.achobeta.api.IAnnounceService { * @return */ @GetMapping("/getUserAnnounce") - @LoginVerification @Override public Response getUserAnnounce(@Valid GetUserAnnounceRequestDTO getUserAnnounceRequestDTO) { try { @@ -57,7 +55,6 @@ public Response getUserAnnounce(@Valid GetUserAnnoun } @Override - @LoginVerification @PostMapping("/readUserAnnounce") public Response readAnnounce(@Valid @RequestBody ReadAnnounceRequestDTO readAnnounceRequestDTO) { try { @@ -79,7 +76,6 @@ public Response readAnnounce(@Valid @RequestBody ReadAnnounceRequestDTO readAnno } @Override - @LoginVerification @GetMapping("/getAnnounceCount") public Response getUserAnnounceCount(@Valid GetUserAnnounceCountRequestDTO getUserAnnounceCountRequestDTO) { try { @@ -98,7 +94,6 @@ public Response getUserAnnounceCount(@Valid Get } @Override - @LoginVerification @PostMapping("/readAllAnnounce") public Response readAllAnnounce(@Valid @RequestBody ReadAllAnnounceRequestDTO readAllAnnounceRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java index a4334c8b..2d001475 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/AuthController.java @@ -3,7 +3,6 @@ import com.achobeta.api.dto.AuthRequestDTO; import com.achobeta.types.Response; import com.achobeta.types.annotation.AuthVerify; -import com.achobeta.types.constraint.LoginVerification; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.validation.annotation.Validated; @@ -33,7 +32,6 @@ public class AuthController { * @return */ @GetMapping("test") - @LoginVerification @AuthVerify("TEAM_DELETE") public Response test(@Valid AuthRequestDTO authRequestDTO) { log.info("进入鉴权测试接口,参数:{}", authRequestDTO); diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java index 3b7f0bbd..e116cbac 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/DeviceController.java @@ -5,8 +5,6 @@ import com.achobeta.domain.device.model.valobj.UserCommonDevicesVO; import com.achobeta.domain.device.service.IDeviceService; import com.achobeta.types.Response; -import com.achobeta.types.constraint.LoginVerification; -import com.achobeta.types.constraint.SelfPermissionVerification; import com.achobeta.types.enums.GlobalServiceStatusCode; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; @@ -34,8 +32,6 @@ public class DeviceController implements com.achobeta.api.IDeviceService { * @return */ @GetMapping("/getDevices") - @LoginVerification - @SelfPermissionVerification @Override public Response getDevices(@Valid GetUserDeviceRequestDTO getUserDeviceRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java index 3947bc4b..0abf6766 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/LikeController.java @@ -3,8 +3,6 @@ import com.achobeta.api.dto.like.LikeRequestDTO; import com.achobeta.domain.like.service.ILikeService; import com.achobeta.types.Response; -import com.achobeta.types.constraint.LoginVerification; -import com.achobeta.types.constraint.SelfPermissionVerification; import com.achobeta.types.enums.GlobalServiceStatusCode; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; @@ -28,25 +26,23 @@ public class LikeController implements com.achobeta.api.ILikeService { private final ILikeService service; @Override - @LoginVerification - @SelfPermissionVerification @PostMapping("/like") public Response like(@Valid @RequestBody LikeRequestDTO likeRequestDTO) { try { log.info("点赞系统开始,fromId:{} toId:{} liked:{}", - likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); - service.Like(likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); + likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); + service.Like(likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); log.info("点赞系统结束,fromId:{} toId:{} liked:{}", - likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); + likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked()); return Response.SYSTEM_SUCCESS(); } catch (AppException e){ log.error("fromId:{} toId:{} liked:{} 已知异常e:{}", - likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e.getMessage(), e); + likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e.getMessage(), e); return Response.CUSTOMIZE_ERROR(GlobalServiceStatusCode.REQUEST_NOT_VALID); } catch (Exception e) { log.error("fromId:{} toId:{} liked:{}", - likeRequestDTO.getUserId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e); + likeRequestDTO.getFromId(),likeRequestDTO.getToId(),likeRequestDTO.isLiked(), e); return Response.SERVICE_ERROR(e.getMessage()); } } diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java index 9d1e5064..56e47da0 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/ReadController.java @@ -13,7 +13,6 @@ import javax.validation.constraints.Min; import com.achobeta.types.constraint.LoginVerification; -import com.achobeta.types.constraint.SelfPermissionVerification; import lombok.extern.slf4j.Slf4j; import org.springframework.http.ResponseEntity; import org.springframework.validation.annotation.Validated; @@ -44,7 +43,6 @@ public class ReadController implements IReadService { */ @PostMapping("render") @LoginVerification - @SelfPermissionVerification @Override public Response render(@Valid @RequestBody RenderRequestDTO renderRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java index 820bb843..e4ab081c 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/TeamController.java @@ -11,7 +11,6 @@ import com.achobeta.types.Response; import com.achobeta.types.annotation.AuthVerify; import com.achobeta.types.common.Constants; -import com.achobeta.types.constraint.LoginVerification; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -48,7 +47,6 @@ public class TeamController implements ITeamService { */ @Override @DeleteMapping("member") - @LoginVerification @AuthVerify("MEMBER:MEMBER_DELETE") public Response deleteMember(@Valid DeleteMemberRequestDTO requestDTO) { try { @@ -85,7 +83,6 @@ public Response deleteMember(@Valid DeleteMemberRequest */ @Override @PostMapping("member") - @LoginVerification @AuthVerify("MEMBER:MEMBER_ADD") public Response addMember(@Valid @RequestBody AddMemberRequestDTO requestDTO) { try { @@ -136,7 +133,6 @@ public Response addMember(@Valid @RequestBody AddMemberReq */ @Override @PutMapping("member/detail") - @LoginVerification @AuthVerify("MEMBER:MEMBER_MODIFY") public Response modifyMemberInfo(@Valid @RequestBody ModifyMemberInfoRequestDTO requestDTO) { String teamId = requestDTO.getTeamId(); @@ -165,7 +161,6 @@ public Response modifyMemberInfo(@Valid @RequestBod * 查看团队成员信息详情接口 */ @GetMapping("/member/detail") - @LoginVerification @Override public Response queryMemberInfo(@Valid QueryMemberInfoRequestDTO requestDTO) { try { @@ -211,7 +206,6 @@ public Response queryMemberInfo(@Valid QueryMemberIn */ @PutMapping("structure") @Override - @LoginVerification @AuthVerify("STRUCTURE:STRUCTURE_MODIFY") public Response modifyStructure(@Valid @RequestBody ModifyStructureRequestDTO modifyStructureRequestDTO) { try { @@ -267,7 +261,6 @@ public Response modifyStructure(@Valid @RequestBody * @return */ @Override - @LoginVerification @GetMapping("/member/list") public Response queryMemberList(@Valid RequestMemberListDTO requestMemberListDTO) { try { @@ -305,7 +298,6 @@ public Response queryMemberList(@Valid RequestMemberListD */ @GetMapping("structure") @Override - @LoginVerification @AuthVerify("STRUCTURE:STRUCTURE_VIEW") public Response queryStructure(@Valid QueryStructureRequestDTO querystructureRequestDTO) { try { diff --git a/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java b/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java index 6a85d04a..b4538527 100644 --- a/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java +++ b/polaris-trigger/src/main/java/com/achobeta/trigger/http/UserController.java @@ -12,7 +12,6 @@ import com.achobeta.types.Response; import com.achobeta.types.common.Constants; -import com.achobeta.types.constraint.LoginVerification; import com.achobeta.types.exception.AppException; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -45,7 +44,6 @@ public class UserController implements IUserService { * @date 2024/11/9 */ @PutMapping("info") - @LoginVerification @Override public Response modifyUserInfo(@Valid @RequestBody ModifyUserInfoRequestDTO modifyUserInfoRequestDTO) { try { @@ -87,7 +85,6 @@ public Response modifyUserInfo(@Valid @RequestBody Mo * @date 2024/11/6 */ @GetMapping("info") - @LoginVerification @Override public Response queryUserCenterInfo(@Valid QueryUserInfoRequestDTO queryUserInfoRequestDTO) { try { diff --git a/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java b/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java index 994cd4d4..916d8146 100644 --- a/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java +++ b/polaris-types/src/main/java/com/achobeta/types/constraint/LoginVerification.java @@ -5,12 +5,6 @@ import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; -/** - * @Author: 严豪哲 - * @Description: 登录验证注解 - * @Date: 2024/11/18 10:27 - * @Version: 1.0 - */ @Target(ElementType.METHOD) @Retention(RetentionPolicy.RUNTIME) public @interface LoginVerification { diff --git a/polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java b/polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java deleted file mode 100644 index 3944ff55..00000000 --- a/polaris-types/src/main/java/com/achobeta/types/constraint/SelfPermissionVerification.java +++ /dev/null @@ -1,17 +0,0 @@ -package com.achobeta.types.constraint; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @Author: 严豪哲 - * @Description: 访问个人私有资源权限注解 - * @Date: 2024/11/27 21:40 - * @Version: 1.0 - */ -@Target(ElementType.METHOD) -@Retention(RetentionPolicy.RUNTIME) -public @interface SelfPermissionVerification { -}