commit

PddServer/pom.xml

@@ -47,6 +47,10 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
 
         <!-- mysql -->
         <dependency>

PddServer/src/main/java/org/ta/pddserver/config/APIFilter.java

@@ -2,13 +2,15 @@ package org.ta.pddserver.config;
 
 import jakarta.servlet.*;
 import jakarta.servlet.annotation.WebFilter;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.core.annotation.Order;
+import org.ta.pddserver.utils.JsonResponse;
 
 import java.io.IOException;
 
 @WebFilter(
-        urlPatterns = {"/apis/*"}, filterName = "apiFilter"
+        urlPatterns = {"/hj-api/*"}, filterName = "apiFilter"
 )
 @Order(1)
 @Slf4j
@@ -22,6 +24,12 @@ public class APIFilter implements Filter {
     @Override
     public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
         log.info("API 开始处理请求，过滤数据");
+
+        HttpServletRequest  request = (HttpServletRequest) servletRequest;
+        String url = request.getRequestURI();
+        log.info("url = {}", url);
+        filterChain.doFilter(servletRequest, servletResponse);
+
     }
 
 

PddServer/src/main/java/org/ta/pddserver/config/ApiConfig.java

+package org.ta.pddserver.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class ApiConfig implements WebMvcConfigurer {
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**") // 对所有路径应用CORS配置
+                .allowedOrigins("http://localhost:8021", "http://ppd-jy-cc.linyihai-dt.com") // 允许的源
+                .allowedMethods("GET", "POST", "PUT", "DELETE") // 允许的方法
+                .allowedHeaders("*") // 允许的头部
+                .allowCredentials(true) // 是否发送cookies等凭证信息
+                .exposedHeaders("Authorization", "st", "ms", "Set-Cookie", "Cookie")
+                .maxAge(3600); // 预检请求的缓存时间（秒）
+    }
+
+
+
+//    @Override
+//    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+//        registry.addResourceHandler("/static/**").addResourceLocations("http://localhost:8021/");
+//        registry.addResourceHandler("/templates/**").addResourceLocations("http://localhost:8021/");
+//    }
+}

PddServer/src/main/java/org/ta/pddserver/config/RepeatedlyReadFilter.java

@@ -2,11 +2,13 @@ package org.ta.pddserver.config;
 
 import jakarta.servlet.*;
 import jakarta.servlet.http.HttpServletRequest;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 
 import java.io.IOException;
 
 @Component
+@Slf4j
 public class RepeatedlyReadFilter implements Filter {
     @Override
     public void init(FilterConfig filterConfig) {
@@ -22,5 +24,7 @@ public class RepeatedlyReadFilter implements Filter {
         } catch (Exception e) {
             e.printStackTrace();
         }
+        log.info("RepeatedlyReadFilter doFilter ok");
     }
+
 }

PddServer/src/main/java/org/ta/pddserver/config/security/JwtAuthFilter.java

+package org.ta.pddserver.config.security;
+
+import jakarta.annotation.Resource;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import lombok.RequiredArgsConstructor;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthFilter extends OncePerRequestFilter {
+    private final JwtUtils jwtUtils;
+    @Resource
+    private final UserDetailsServiceImpl userDetailsService;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        try {
+            String jwt = parseJwt(request);
+            String username = jwtUtils.extractUsername(jwt);
+            UserDetails userDetails = userDetailsService.loadUserByUsername(username);
+            if (jwt != null && jwtUtils.validateToken(jwt, userDetails)) {
+                UsernamePasswordAuthenticationToken authentication =
+                        new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
+                authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+            }
+        } catch (Exception e) {
+            logger.error("无法设置用户认证: {}", e);
+        }
+        filterChain.doFilter(request, response);
+    }
+
+    private String parseJwt(HttpServletRequest request) {
+        String headerAuth = request.getHeader("Authorization");
+        if (headerAuth != null && headerAuth.startsWith("HJAuth ")) {
+            return headerAuth.substring(7);
+        }
+        return null;
+    }
+
+}

PddServer/src/main/java/org/ta/pddserver/config/security/JwtUtils.java

+package org.ta.pddserver.config.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+@Component
+public class JwtUtils {
+//    @Value("${app.jwt.secret}")
+    private String secret = "Allen";
+//    @Value("${app.jwt.expiration}")
+    private long expiration = 3600 * 18;
+    public String generateToken(UserDetails userDetails) {
+        return userDetails.getUsername() + ":" + userDetails.getPassword();
+    }
+    public String extractUsername(String token) {
+        return token.split(":")[0];
+    }
+    public boolean validateToken(String token, UserDetails userDetails) {
+        final String username = extractUsername(token);
+        return (username.equals(userDetails.getUsername())) && !isTokenExpired(token);
+    }
+    private boolean isTokenExpired(String token) {
+        return false;
+    }
+
+    @Bean
+    PasswordEncoder passwordEncoder() {
+        return new BCryptPasswordEncoder();
+    }
+}

PddServer/src/main/java/org/ta/pddserver/config/security/SecurityConfig.java

+package org.ta.pddserver.config.security;
+
+import jakarta.annotation.Resource;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@RequiredArgsConstructor
+public class SecurityConfig {
+    @Resource
+    private UserDetailsServiceImpl userDetailsService;
+    @Resource
+    private JwtAuthFilter jwtAuthFilter;
+
+
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http.csrf(csrf -> csrf.disable())
+                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .authorizeHttpRequests(auth -> auth
+                        .requestMatchers("/hj-api/**", "/api/auth/login").permitAll()
+//                        .requestMatchers("/hj-api/*").hasRole("ADMIN")
+                        .requestMatchers("/test/**").hasAnyRole("ADMIN", "USER")
+                        .anyRequest().authenticated()
+                )
+                .addFilterBefore(jwtAuthFilter, UsernamePasswordAuthenticationFilter.class)
+                .userDetailsService(userDetailsService);
+        return http.build();
+    }
+
+    @Bean
+    public AuthenticationManager authenticationManager(AuthenticationConfiguration config) throws Exception {
+        return config.getAuthenticationManager();
+    }
+}

PddServer/src/main/java/org/ta/pddserver/config/security/UserDetailsServiceImpl.java

+package org.ta.pddserver.config.security;
+
+import jakarta.annotation.Resource;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+import org.ta.pddserver.entity.UserEntity;
+import org.ta.pddserver.service.impl.UserImpl;
+
+@Slf4j
+@Component
+public class UserDetailsServiceImpl implements UserDetailsService {
+
+    @Resource
+    private UserImpl userService;
+    @Resource
+    PasswordEncoder passwordEncoder;
+
+
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+
+        log.info("UserDetailsManager loadUserByUsername username={}", username);
+        UserEntity userEntity = userService.getInfoByAccount(username);
+
+        if (userEntity == null) {
+            log.info("UserDetailsManager loadUserByUsername user is null");
+            //用户不存在，抛出异常
+            throw new UsernameNotFoundException(username);
+        } else {
+            log.info("UserDetailsManager loadUserByUsername user is find! " + passwordEncoder.encode(userEntity.getPassword()));
+            return org.springframework.security.core.userdetails.User.withUsername(userEntity.getAccount())
+                    .password(passwordEncoder.encode(userEntity.getPassword()))
+                    .roles("ADMIN", "USER")
+                    .authorities("delete", "update", "read", "edit")
+                    .build();
+        }
+    }
+}

PddServer/src/main/java/org/ta/pddserver/controller/AuthController.java

+package org.ta.pddserver.controller;
+
+import com.alibaba.fastjson.JSONObject;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.*;
+import org.ta.pddserver.config.security.JwtUtils;
+import org.ta.pddserver.model.api.request.UserRequest;
+import org.ta.pddserver.utils.JsonResponse;
+
+@RestController
+@RequestMapping("/auth")
+@RequiredArgsConstructor
+public class AuthController {
+    private final AuthenticationManager authenticationManager;
+    private final JwtUtils jwtUtils;
+    @PostMapping("/login")
+    public ResponseEntity<JSONObject> login(@RequestBody UserRequest loginRequest) {
+        Authentication authentication = authenticationManager.authenticate(
+                new UsernamePasswordAuthenticationToken(
+                        loginRequest.getAccount(),
+                        loginRequest.getPassword()
+                )
+        );
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
+        String jwt = jwtUtils.generateToken(userDetails);
+        return ResponseEntity.ok( JsonResponse.generateLocalCommonSuccessResponse( userDetails.getUsername(), jwt));
+    }
+}

PddServer/src/main/java/org/ta/pddserver/controller/TestController.java

 package org.ta.pddserver.controller;
 
-import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
-import jakarta.annotation.Resource;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.web.bind.annotation.GetMapping;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import org.ta.pddserver.entity.LogOrderBuyerDetailEntity;
-import org.ta.pddserver.entity.LogOrderItemEntity;
-import org.ta.pddserver.entity.LogOrderMailDetailEntity;
-import org.ta.pddserver.entity.OrderCreateEntity;
-import org.ta.pddserver.service.impl.LogOrderBuyerDetailImpl;
-import org.ta.pddserver.service.impl.LogOrderItemImpl;
-import org.ta.pddserver.service.impl.LogOrderMailDetailImpl;
-import org.ta.pddserver.service.impl.OrderCreateImpl;
-
-import java.util.List;
+import org.ta.pddserver.config.security.JwtUtils;
+import org.ta.pddserver.model.api.request.UserRequest;
+import org.ta.pddserver.utils.JsonResponse;
 
 @RestController
-//@RequestMapping("/test")
-@Slf4j
+@RequestMapping("/test")
+@RequiredArgsConstructor
 public class TestController {
-
-    @Resource
-    OrderCreateImpl orderCreateImpl;
-    @Resource
-    LogOrderBuyerDetailImpl logOrderBuyerDetailImpl;
-    @Resource
-    LogOrderItemImpl logOrderItemImpl;
-    @Resource
-    LogOrderMailDetailImpl logOrderMailDetailImpl;
-
-
-
-//    @GetMapping("")
-    public String test() {
-        List<OrderCreateEntity> orderCreateEntityList = orderCreateImpl.list();
-        for (OrderCreateEntity orderCreateEntity : orderCreateEntityList) {
-            String logisticsOrderCode = orderCreateEntity.getLogisticsOrderCode();
-            LogOrderBuyerDetailEntity buyerDetailEntity = logOrderBuyerDetailImpl.getByOrderCode(logisticsOrderCode);
-            if (buyerDetailEntity == null) {
-                log.info("{} 缺少购买者详情信息。   ------------", logisticsOrderCode);
-                String buyerDetails =  orderCreateEntity.getBuyerDetail();
-            }
-            List<LogOrderMailDetailEntity> mailDetailEntityList = logOrderMailDetailImpl.getListByCode(logisticsOrderCode);
-            String mailDetails = orderCreateEntity.getMailDetails();
-            JSONArray mailArr = JSONArray.parseArray(mailDetails);
-            if (mailDetailEntityList.size() < mailArr.size()) {
-                log.info("{} 包裹信息异常 应该 {} 个， 现有{}个。", logisticsOrderCode, mailArr.size(), mailDetailEntityList.size());
-//                LogOrderMailDetailEntity mailDetailEntity = new LogOrderMailDetailEntity();
-//                mailDetailEntity.setUid(orderCreateEntity.getUid());
-//                mailDetailEntity.setLogisticsOrderCode(logisticsOrderCode);
-//                mailDetailEntity.setMailNo(mailArr.getJSONObject(0).getString("mailNo"));
-//                mailDetailEntity.setExpressCode(mailArr.getJSONObject(0).getString("expressCode"));
-//                mailDetailEntity.setStatus(1);
-//                mailDetailEntity.setCreated(orderCreateEntity.getCreated());
-//                mailDetailEntity.setUpdated(orderCreateEntity.getUpdated());
-//                mailDetailEntity.setRemarks("add");
-//                logOrderMailDetailImpl.save(mailDetailEntity);
-            }
-            String items = orderCreateEntity.getItems();
-            JSONArray itemArr = JSONArray.parseArray(items);
-            List<LogOrderItemEntity> itemEntityList = logOrderItemImpl.getByCode(logisticsOrderCode);
-            if (itemEntityList.size() != itemArr.size()) {
-                log.info("{} 商品信息异常 应该 {} 个， 现有{}个。", logisticsOrderCode, itemArr.size(), itemEntityList.size());
-//                LogOrderItemEntity orderItemEntity = new LogOrderItemEntity();
-//                JSONObject itemObject = itemArr.getJSONObject(0);
-//                orderItemEntity.setUid(itemObject.getString("uid"));
-//                orderItemEntity.setLogisticsOrderCode(orderCreateEntity.getLogisticsOrderCode());
-//                orderItemEntity.setItemId(itemObject.getString("itemId"));
-//                orderItemEntity.setItemName(itemObject.getString("itemName"));
-//                orderItemEntity.setCategoryId(itemObject.getLong("categoryId"));
-//                orderItemEntity.setCategoryName(itemObject.getString("categoryName"));
-//                orderItemEntity.setTotalActualPayment(itemObject.getLong("totalActualPayment"));
-//                orderItemEntity.setCurrencyUnit(itemObject.getString("currencyUnit"));
-//                orderItemEntity.setCurrency(itemObject.getString("currency"));
-//                orderItemEntity.setItemQuantity(itemObject.getInteger("itemQuantity"));
-//                orderItemEntity.setItemPicUrl(itemObject.getString("itemPicUrl"));
-//                orderItemEntity.setItemSkuProperty(itemObject.getString("itemSkuProperty"));
-//                orderItemEntity.setChargedStatus(itemObject.getBoolean("chargedStatus"));
-//                orderItemEntity.setGoodsType(itemObject.getString("goodsType"));
-//                orderItemEntity.setMagneticStatus(itemObject.getBoolean("magneticStatus"));
-//                orderItemEntity.setCreated(orderCreateEntity.getCreated());
-//                orderItemEntity.setUpdated(orderCreateEntity.getUpdated());
-//                orderItemEntity.setRemarks("add");
-//                logOrderItemImpl.save(orderItemEntity);
-            }
-        }
-        return "end";
+    private final AuthenticationManager authenticationManager;
+    private final JwtUtils jwtUtils;
+    @PostMapping("/hello")
+    public ResponseEntity<JSONObject> login(@RequestBody UserRequest loginRequest) {
+        return ResponseEntity.ok( JsonResponse.generateLocalCommonSuccessResponse("hello", "hello"));
     }
 }

PddServer/src/main/java/org/ta/pddserver/utils/OnlineUserData.java

 package org.ta.pddserver.utils;
 
+import lombok.Data;
+
 import java.io.Serializable;
 
+@Data
 public class OnlineUserData implements Serializable {
-    public static final String ONLINE_CLIENT_DATA = "REGISTER-COMPANY-DATA";
+    public static final String ONLINE_CLIENT_DATA = "USER";
 
     private String userId; // 操作用户父级id
 
     private String account; // 操作用户父级id
 
     private String name; // 操作用户父级id
-
-    public String getUserId() {
-        return userId;
-    }
-
-    public void setUserId(String userId) {
-        this.userId = userId;
-    }
-
-    public String getAccount() {
-        return account;
-    }
-
-    public void setAccount(String account) {
-        this.account = account;
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
 }

PddServer/src/main/resources/application.yaml

@@ -5,6 +5,7 @@ spring:
     host: 127.0.0.1
     port: 5672
 
+
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
 #    url: jdbc:mysql://192.168.2.222:3306/pdd_api?useUnicode=true&characterEncoding=utf8&useSSL=false&serverTimezone=GMT
@@ -26,12 +27,14 @@ spring:
   application:
     name: PddServer
 server:
-#  port: 9000 # 正式端口号 - 向拼多多正式环境开放接口
+  #  port: 9000 # 正式端口号 - 向拼多多正式环境开放接口
   port: 9100 # 正式端口号 - 向海际系统正式环境开放接口
 #  port: 8600 # 测试端口号
 logging:
   level:
     org:
+      springframework:
+        security: DEBUG
       ta:
         pddserver: debug
 mybatis-plus: