diff --git a/src/main/java/cc/iteachyou/cms/controller/admin/UserLoginController.java b/src/main/java/cc/iteachyou/cms/controller/admin/UserLoginController.java index 2a5c18a..b9192c6 100644 --- a/src/main/java/cc/iteachyou/cms/controller/admin/UserLoginController.java +++ b/src/main/java/cc/iteachyou/cms/controller/admin/UserLoginController.java @@ -1,27 +1,5 @@ package cc.iteachyou.cms.controller.admin; -import java.io.IOException; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.shiro.SecurityUtils; -import org.apache.shiro.authc.DisabledAccountException; -import org.apache.shiro.crypto.hash.SimpleHash; -import org.apache.shiro.util.ByteSource; -import org.springframework.beans.BeanUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.ResponseBody; -import org.springframework.web.servlet.ModelAndView; - -import com.wf.captcha.ArithmeticCaptcha; -import com.wf.captcha.utils.CaptchaUtil; - import cc.iteachyou.cms.annotation.Log; import cc.iteachyou.cms.annotation.Log.OperatorType; import cc.iteachyou.cms.common.BaseController; @@ -36,138 +14,157 @@ import cc.iteachyou.cms.security.token.TokenManager; import cc.iteachyou.cms.service.MenuService; import cn.hutool.crypto.asymmetric.KeyType; import cn.hutool.crypto.asymmetric.RSA; +import com.wf.captcha.ArithmeticCaptcha; +import com.wf.captcha.utils.CaptchaUtil; import lombok.extern.slf4j.Slf4j; +import org.apache.shiro.SecurityUtils; +import org.apache.shiro.authc.DisabledAccountException; +import org.apache.shiro.crypto.hash.SimpleHash; +import org.apache.shiro.util.ByteSource; +import org.springframework.beans.BeanUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.ResponseBody; +import org.springframework.web.servlet.ModelAndView; + +import java.io.IOException; +import java.util.List; /** * 用户登录相关,不需要做登录限制 - * */ @Slf4j @Controller @RequestMapping("/admin/u") public class UserLoginController extends BaseController { - @Autowired - private MenuService menuService; + @Autowired + private MenuService menuService; - // 产生验证码 - @RequestMapping("/getVerifyCode") - public void getKaptcha() throws IOException { - ArithmeticCaptcha captcha = new ArithmeticCaptcha(130, 48); + // 产生验证码 + @RequestMapping("/getVerifyCode") + public void getKaptcha() throws IOException { + ArithmeticCaptcha captcha = new ArithmeticCaptcha(130, 48); captcha.getArithmeticString(); // 获取运算的公式:3+2=? captcha.text(); // 获取运算的结果:5 - CaptchaUtil.out(captcha, request, response); - } + CaptchaUtil.out(captcha, request, response); + } - /** - * 登录跳转 - * - * @return - */ - @RequestMapping("toLogin") - public ModelAndView toLogin() { - ModelAndView mv = new ModelAndView(); - User user = (User) SecurityUtils.getSubject().getPrincipal(); - RSA rsa = new RSA(); - - session.setAttribute(Constant.RSA_PRIVATE_KEY, rsa.getPrivateKeyBase64()); - - mv.addObject("publicKey", rsa.getPublicKeyBase64()); - mv.setViewName("admin/login"); - return mv; - } - - /** - * 首页跳转 - * - * @return - */ - @RequestMapping("toIndex") - public ModelAndView toIndex() { - ModelAndView mv = new ModelAndView(); - String userId = TokenManager.getUserId(); - /** - * 查询当前用户所拥有的菜单权限 - */ - List menus = menuService.queryListByUserId(userId); - mv.addObject("menus", menus); - mv.setViewName("admin/index"); - return mv; - } + /** + * 登录跳转 + * + * @return + */ + @RequestMapping("toLogin") + public ModelAndView toLogin() { + ModelAndView mv = new ModelAndView(); + User user = (User) SecurityUtils.getSubject().getPrincipal(); + RSA rsa = new RSA(); - /** - * 登录提交 - * @param entity 登录的UUser - * @param rememberMe 是否记住 - * @param request,用来取登录之前Url地址,用来登录后跳转到没有登录之前的页面。 - * @return - */ - @Log(operType = OperatorType.OTHER, module = "登录模块", content = "用户登录") - @RequestMapping(value = "login", method = RequestMethod.POST) - @ResponseBody - public ResponseResult login(@RequestBody UsernamePasswordREQ entity) { - ResponseResult result = null; - User user = new User(); - try { - // 验证码校验 - if(!CaptchaUtil.ver(entity.getVcode(), request)) { - result = ResponseResult.Factory.newInstance(Boolean.FALSE, - StateCodeEnum.USER_CODE_ERROR.getCode(), null, - StateCodeEnum.USER_CODE_ERROR.getDescription()); - return result; - } - - // 清除验证码 - CaptchaUtil.clear(request); - - String privateKey = (String) session.getAttribute(Constant.RSA_PRIVATE_KEY); - RSA rsa = new RSA(privateKey, null); - - String username = new String(rsa.decrypt(entity.getUsername(), KeyType.PrivateKey)); - String password = new String(rsa.decrypt(entity.getPassword(), KeyType.PrivateKey)); - - boolean rememberMe = entity.isRememberMe(); - ByteSource salt = ByteSource.Util.bytes(username + password); - SimpleHash sh = new SimpleHash("MD5", password, salt, 1024); - user.setUsername(username); - user.setPassword(sh.toString()); - user.setSaltByte(salt); - user = TokenManager.login(user, rememberMe, salt); - - UserLoginVO userVO = new UserLoginVO(); - BeanUtils.copyProperties(user, userVO); + session.setAttribute(Constant.RSA_PRIVATE_KEY, rsa.getPrivateKeyBase64()); - result = ResponseResult.Factory.newInstance(Boolean.TRUE, - StateCodeEnum.HTTP_SUCCESS.getCode(), userVO, - StateCodeEnum.HTTP_SUCCESS.getDescription()); - session.removeAttribute(Constant.RSA_PRIVATE_KEY); - } catch (DisabledAccountException e) { - // 帐号已经禁用 - result = ResponseResult.Factory.newInstance(Boolean.FALSE, - StateCodeEnum.USER_MOBILE_EXCEPTION.getCode(), null, - StateCodeEnum.USER_MOBILE_EXCEPTION.getDescription()); - } catch (Exception e) { - e.printStackTrace(); - // 帐号或密码错误 - result = ResponseResult.Factory.newInstance(Boolean.FALSE, - StateCodeEnum.USER_PASSWORD_ERROR.getCode(), null, - StateCodeEnum.USER_PASSWORD_ERROR.getDescription()); - } - return result; - } + mv.addObject("publicKey", rsa.getPublicKeyBase64()); + mv.setViewName("admin/login"); + return mv; + } - /** - * 退出 - * - * @return - */ - @Log(operType = OperatorType.OTHER, module = "登录模块", content = "用户退出登录") - @RequestMapping(value = "logout", method = RequestMethod.GET) - public String logout() { - try { - TokenManager.logout(); - } catch (Exception e) { - log.error("errorMessage:" + e.getMessage()); - } - return "redirect:/admin/toLogin"; - } + /** + * 首页跳转 + * + * @return + */ + @RequestMapping("toIndex") + public ModelAndView toIndex() { + ModelAndView mv = new ModelAndView(); + String userId = TokenManager.getUserId(); + /** + * 查询当前用户所拥有的菜单权限 + */ + List menus = menuService.queryListByUserId(userId); + mv.addObject("menus", menus); + mv.setViewName("admin/index"); + return mv; + } + + /** + * 登录提交 + * + * @param entity 登录的UUser + * @param rememberMe 是否记住 + * @param request,用来取登录之前Url地址,用来登录后跳转到没有登录之前的页面。 + * @return + */ + @Log(operType = OperatorType.OTHER, module = "登录模块", content = "用户登录") + @RequestMapping(value = "login", method = RequestMethod.POST) + @ResponseBody + public ResponseResult login(@RequestBody UsernamePasswordREQ entity) { + ResponseResult result = null; + User user = new User(); + try { + // 验证码校验 + if (!CaptchaUtil.ver(entity.getVcode(), request)) { + result = ResponseResult.Factory.newInstance(Boolean.FALSE, + StateCodeEnum.USER_CODE_ERROR.getCode(), null, + StateCodeEnum.USER_CODE_ERROR.getDescription()); + return result; + } + + // 清除验证码 + CaptchaUtil.clear(request); + + String privateKey = (String) session.getAttribute(Constant.RSA_PRIVATE_KEY); + RSA rsa = new RSA(privateKey, null); + + String username = new String(rsa.decrypt(entity.getUsername(), KeyType.PrivateKey)); + String password = new String(rsa.decrypt(entity.getPassword(), KeyType.PrivateKey)); + + boolean rememberMe = entity.isRememberMe(); + ByteSource salt = ByteSource.Util.bytes(username + password); + SimpleHash sh = new SimpleHash("MD5", password, salt, 1024); + user.setUsername(username); + user.setPassword(sh.toString()); + user.setSaltByte(salt); + user = TokenManager.login(user, rememberMe, salt); + log.info("用户名" + user.getUsername()); + log.info("密码" + user.getPassword()); + log.info("盐" + user.getSalt()); + UserLoginVO userVO = new UserLoginVO(); + BeanUtils.copyProperties(user, userVO); + + result = ResponseResult.Factory.newInstance(Boolean.TRUE, + StateCodeEnum.HTTP_SUCCESS.getCode(), userVO, + StateCodeEnum.HTTP_SUCCESS.getDescription()); + session.removeAttribute(Constant.RSA_PRIVATE_KEY); + } catch (DisabledAccountException e) { + // 帐号已经禁用 + result = ResponseResult.Factory.newInstance(Boolean.FALSE, + StateCodeEnum.USER_MOBILE_EXCEPTION.getCode(), null, + StateCodeEnum.USER_MOBILE_EXCEPTION.getDescription()); + } catch (Exception e) { + e.printStackTrace(); + // 帐号或密码错误 + result = ResponseResult.Factory.newInstance(Boolean.FALSE, + StateCodeEnum.USER_PASSWORD_ERROR.getCode(), null, + StateCodeEnum.USER_PASSWORD_ERROR.getDescription()); + } + return result; + } + + /** + * 退出 + * + * @return + */ + @Log(operType = OperatorType.OTHER, module = "登录模块", content = "用户退出登录") + @RequestMapping(value = "logout", method = RequestMethod.GET) + public String logout() { + try { + TokenManager.logout(); + } catch (Exception e) { + log.error("errorMessage:" + e.getMessage()); + } + return "redirect:/admin/toLogin"; + } } diff --git a/src/main/resources/templates/admin/dashboard/index.html b/src/main/resources/templates/admin/dashboard/index.html index 4bbbedc..0c63e0c 100644 --- a/src/main/resources/templates/admin/dashboard/index.html +++ b/src/main/resources/templates/admin/dashboard/index.html @@ -1,40 +1,40 @@  - - - Dreamer CMS - 后台管理系统 - - - - + + + Dreamer CMS - 后台管理系统 + + + +
-

仪表盘

+

仪表盘

+
  • 首页
    • +
  • 仪表盘
    • +
    -
    -
    -
    - 欢迎使用专业的JAVA网站管理系统,轻松建站的首选利器——梦想家CMS内容管理系统 -
    -
    -
    +
    +
    +
    + 欢迎使用专业的JAVA网站管理系统,轻松建站的首选利器——梦想家CMS内容管理系统 +
    +
    +
    -
    信息统计
    -
    -
    +
    信息统计
    +
    +
    @@ -72,78 +72,81 @@
    -
    +
    -
    - 版本信息及商业授权 -
    -
    -
    -
    -
    - 梦想家CMS内容管理系统 -
    -
    - 当前系统版本为开源版V4.0.1 -
      -
    • 升级FastJson漏洞
      • -
    • 修复Sql标签注入风险
      • -
    • 修复Log4j漏洞
      • -
    • 修改分页标签、栏目文档标签、SQL标签Bug
      • -
    • 主题包的缩略图支持重新上传
      • -
    - 根据软件使用协议,未经商业授权的系统请务必保留官方版权。前后台页底必须保留 "Powered by I Teach You , 我教你!" 文字和链接! -
    -
    -
    -
    -
    +
    + 版本信息及商业授权 +
    +
    +
    +
    +
    + 梦想家CMS内容管理系统 +
    +
    + 当前系统版本为开源版V4.0.1 +
      +
    • 升级FastJson漏洞
      • +
    • 修复Sql标签注入风险
      • +
    • 修复Log4j漏洞
      • +
    • 修改分页标签、栏目文档标签、SQL标签Bug
      • +
    • 主题包的缩略图支持重新上传
      • +
    + 根据软件使用协议,未经商业授权的系统请务必保留官方版权。前后台页底必须保留 "Powered by I Teach You + , 我教你!" 文字和链接! +
    +
    +
    +
    +
    -
    -
    -
    最新文章
    -
    -
      -
    • - -
      • -
    -
    -
    -
    -
    -
    -
    开发团队
    -
    -

    版权所有:I Tech You , 我教你!

    -

    开发团队成员:王俊南

    -

    官方网址:http://www.iteachyou.cc

    -

    官方演示网址:http://cms.iteachyou.cc

    -

    码云源码网址:https://gitee.com/iteachyou/dreamer_cms

    -

    Github源码网址:https://github.com/iteachyou-wjn/dreamer_cms

    -

    官方QQ群:①597652651②623605199③573574854

    -
    -
    -
    -
    -
    -
    服务器信息
    -
    -

    JVM名称:

    -

    JAVA版本:

    -

    JAVA安装路径:

    -

    JVM总内存:

    -

    JVM可用内存:

    -

    操作系统名称:

    -

    操作系统架构:

    -

    数据库版本:

    -
    -
    -
    +
    +
    +
    最新文章
    +
    +
      +
    • + +
      • +
    +
    +
    +
    +
    +
    +
    开发团队
    +
    +

    版权所有:I Tech You + , 我教你!

    + + + + + + +
    +
    +
    +
    +
    +
    服务器信息
    +
    +

    JVM名称:

    +

    JAVA版本:

    +

    JAVA安装路径:

    +

    JVM总内存:

    +

    JVM可用内存:

    +

    操作系统名称:

    +

    操作系统架构:

    +

    数据库版本:

    +
    +
    +
    - +