Search in sources :

Example 31 with UserModel

use of io.jpom.model.data.UserModel in project Jpom by dromara.

the class NodeForward method addUser.

private static void addUser(HttpRequest httpRequest, NodeModel nodeModel, NodeUrl nodeUrl) {
    UserModel userModel = BaseServerController.getUserModel();
    addUser(httpRequest, nodeModel, nodeUrl, userModel);
}
Also used : UserModel(io.jpom.model.data.UserModel)

Example 32 with UserModel

use of io.jpom.model.data.UserModel in project Jpom by dromara.

the class PermissionInterceptor method preHandle.

@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, HandlerMethod handlerMethod) throws Exception {
    this.init();
    this.addNode(request);
    UserModel userModel = BaseServerController.getUserModel();
    if (userModel == null || userModel.isSuperSystemUser()) {
        // 没有登录、或者超级管理直接放过
        return true;
    }
    // 
    boolean permission = this.checkSystemPermission(userModel, request, response, handlerMethod);
    if (!permission) {
        return false;
    }
    permission = this.checkNodeDataPermission(userModel, request, response, handlerMethod);
    if (!permission) {
        return false;
    }
    Feature feature = handlerMethod.getMethodAnnotation(Feature.class);
    if (feature == null) {
        return true;
    }
    MethodFeature method = feature.method();
    if (ArrayUtil.contains(DEMO, method) && userModel.isDemoUser()) {
        this.errorMsg(response, DEMO_TIP);
        return false;
    }
    ClassFeature classFeature = feature.cls();
    if (classFeature == ClassFeature.NULL) {
        Feature feature1 = handlerMethod.getBeanType().getAnnotation(Feature.class);
        if (feature1 != null && feature1.cls() != ClassFeature.NULL) {
            classFeature = feature1.cls();
        }
    }
    // 判断功能权限
    if (method != MethodFeature.LIST) {
        String workspaceId = ServletUtil.getHeader(request, Const.WORKSPACEID_REQ_HEADER, CharsetUtil.CHARSET_UTF_8);
        boolean exists = userBindWorkspaceService.exists(userModel.getId(), workspaceId + StrUtil.DASHED + method.name());
        if (!exists) {
            this.errorMsg(response, "您没有对应功能【" + classFeature.getName() + StrUtil.DASHED + method.getName() + "】管理权限");
            return false;
        }
    }
    return true;
}
Also used : UserModel(io.jpom.model.data.UserModel) ClassFeature(io.jpom.permission.ClassFeature) MethodFeature(io.jpom.permission.MethodFeature) Feature(io.jpom.permission.Feature) MethodFeature(io.jpom.permission.MethodFeature) ClassFeature(io.jpom.permission.ClassFeature)

Example 33 with UserModel

use of io.jpom.model.data.UserModel in project Jpom by dromara.

the class InstallController method installSubmit.

/**
 * 初始化提交
 *
 * @param userName 系统管理员登录名
 * @param userPwd  系统管理员的登录密码
 * @return json
 * @api {post} install_submit.json 初始化提交
 * @apiGroup index
 * @apiUse defResultJson
 * @apiParam {String} userName 系统管理员登录名
 * @apiParam {String} userPwd 设置的登录密码 sha1 后传入
 * @apiSuccess {JSON}  data.tokenData token 相关信息
 * @apiSuccess {String}  data.mfaKey 二次验证的key
 * @apiSuccess {String}  data.url 二次验证的二维码相关字符串用户快速扫码导入
 */
@PostMapping(value = "install_submit.json", produces = MediaType.APPLICATION_JSON_VALUE)
@NotLogin
public String installSubmit(@ValidatorConfig(value = { @ValidatorItem(value = ValidatorRule.NOT_EMPTY, msg = "登录名不能为空"), @ValidatorItem(value = ValidatorRule.NOT_BLANK, range = UserModel.USER_NAME_MIN_LEN + ":" + Const.ID_MAX_LEN, msg = "登录名长度范围" + UserModel.USER_NAME_MIN_LEN + "-" + Const.ID_MAX_LEN), @ValidatorItem(value = ValidatorRule.WORD, msg = "登录名不能包含汉字并且不能包含特殊字符") }) String userName, @ValidatorItem(value = ValidatorRule.NOT_BLANK, msg = "密码不能为空") String userPwd) {
    // 
    Assert.state(!userService.canUse(), "系统已经初始化过啦,请勿重复初始化");
    boolean systemOccupyUserName = StrUtil.equalsAnyIgnoreCase(userName, UserModel.DEMO_USER, JpomApplication.SYSTEM_ID, UserModel.SYSTEM_ADMIN);
    Assert.state(!systemOccupyUserName, "当前登录名已经被系统占用啦");
    // 创建用户
    UserModel userModel = new UserModel();
    userModel.setName(UserModel.SYSTEM_OCCUPY_NAME);
    userModel.setId(userName);
    userModel.setSalt(userService.generateSalt());
    userModel.setPassword(SecureUtil.sha1(userPwd + userModel.getSalt()));
    userModel.setSystemUser(1);
    userModel.setParent(UserModel.SYSTEM_ADMIN);
    try {
        BaseServerController.resetInfo(userModel);
        userService.insert(userModel);
    } catch (Exception e) {
        DefaultSystemLog.getLog().error("初始化用户失败", e);
        return JsonMessage.getString(400, "初始化失败:" + e.getMessage());
    }
    // 自动登录
    setSessionAttribute(LoginInterceptor.SESSION_NAME, userModel);
    UserLoginDto userLoginDto = userService.getUserJwtId(userModel);
    List<WorkspaceModel> bindWorkspaceModels = userBindWorkspaceService.listUserWorkspaceInfo(userModel);
    userLoginDto.setBindWorkspaceModels(bindWorkspaceModels);
    // 二次验证信息
    JSONObject jsonObject = new JSONObject();
    String tfaKey = TwoFactorAuthUtils.generateTFAKey();
    jsonObject.put("mfaKey", tfaKey);
    jsonObject.put("url", TwoFactorAuthUtils.generateOtpAuthUrl(userName, tfaKey));
    jsonObject.put("tokenData", userLoginDto);
    return JsonMessage.getString(200, "初始化成功", jsonObject);
}
Also used : UserModel(io.jpom.model.data.UserModel) WorkspaceModel(io.jpom.model.data.WorkspaceModel) JSONObject(com.alibaba.fastjson.JSONObject) UserLoginDto(io.jpom.model.dto.UserLoginDto) NotLogin(io.jpom.common.interceptor.NotLogin) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 34 with UserModel

use of io.jpom.model.data.UserModel in project Jpom by dromara.

the class BuildInfoTriggerController method createTriggerUrl.

private String createTriggerUrl() {
    UserModel user = getUser();
    int randomInt = RandomUtil.randomInt(1, BUILD_INFO_TRIGGER_TOKEN_DIGEST_COUNT_MAX);
    String fill = StrUtil.fillBefore(randomInt + "", '0', BUILD_INFO_TRIGGER_TOKEN_FILL_LEN);
    String nowStr = new Digester(DigestAlgorithm.SHA256).setDigestCount(randomInt).digestHex(user.getId());
    return StrUtil.format("{}{}", fill, nowStr);
}
Also used : UserModel(io.jpom.model.data.UserModel) Digester(cn.hutool.crypto.digest.Digester)

Example 35 with UserModel

use of io.jpom.model.data.UserModel in project Jpom by dromara.

the class BaseServerController method resetInfo.

/**
 * 为线程设置 用户
 *
 * @param userModel 用户
 */
public static void resetInfo(UserModel userModel) {
    UserModel userModel1 = USER_MODEL_THREAD_LOCAL.get();
    if (userModel1 != null && userModel == UserModel.EMPTY) {
        // 已经存在,更新为 empty 、跳过
        return;
    }
    USER_MODEL_THREAD_LOCAL.set(userModel);
}
Also used : UserModel(io.jpom.model.data.UserModel)

Aggregations

UserModel (io.jpom.model.data.UserModel)66 JSONObject (com.alibaba.fastjson.JSONObject)17 MethodFeature (io.jpom.permission.MethodFeature)15 ClassFeature (io.jpom.permission.ClassFeature)14 Feature (io.jpom.permission.Feature)14 NodeModel (io.jpom.model.data.NodeModel)10 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)8 NotLogin (io.jpom.common.interceptor.NotLogin)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 UserService (io.jpom.service.user.UserService)5 GetMapping (org.springframework.web.bind.annotation.GetMapping)5 StrUtil (cn.hutool.core.util.StrUtil)4 Entity (cn.hutool.db.Entity)4 JSONArray (com.alibaba.fastjson.JSONArray)4 BuildInfoModel (io.jpom.model.data.BuildInfoModel)4 List (java.util.List)4 JsonMessage (cn.jiangzeyin.common.JsonMessage)3 BaseServerController (io.jpom.common.BaseServerController)3 WorkspaceModel (io.jpom.model.data.WorkspaceModel)3 UserLoginDto (io.jpom.model.dto.UserLoginDto)3