Skip to content

Commit

Permalink
Merge pull request #91 from gitxiaofeng/master
Browse files Browse the repository at this point in the history 
feature:新增权限功能
  • Loading branch information
@gitxiaofeng
gitxiaofeng authored May 17, 2021
2 parents 7bef203 + 19f0369 commit 3e0ae29
Show file tree
Hide file tree
Showing 38 changed files with 359 additions and 31 deletions.
20 changes: 19 additions & 1 deletion case-server/sql/case-server.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,4 +96,22 @@ CREATE TABLE `user` (
`gmt_created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '注册时间',
`gmt_updated` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '更新时间',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=677 DEFAULT CHARSET=utf8 COMMENT='用户信息';
) ENGINE=InnoDB AUTO_INCREMENT=677 DEFAULT CHARSET=utf8 COMMENT='用户信息';

alter table user add column authority_name varchar(63) default '' after salt;

# 增加权限信息表
CREATE TABLE `authority` (
`id` bigint(20) unsigned NOT NULL AUTO_INCREMENT COMMENT '主键id',
`authority_name` varchar(63) NOT NULL DEFAULT ''COMMENT '权限名称,ROLE_开头,全大写',
`authority_desc` varchar(255) NOT NULL DEFAULT ''COMMENT '权限描述',
`authority_content` varchar(1023) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '权限内容,可访问的url,多个时用,隔开',
`gmt_created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_updated` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 COMMENT='权限信息';

INSERT INTO `authority` (id,authority_name,authority_desc,authority_content) VALUES (1, 'ROLE_USER', '普通用户', '/api/dir/list,/api/record/list,/api/record/getRecordInfo,/api/user/**,/api/case/list*');
INSERT INTO `authority` (id,authority_name,authority_desc,authority_content) VALUES (2, 'ROLE_ADMIN', '管理员', '/api/dir/list,/api/backup/**,/api/record/**,/api/file/**,/api/user/**,/api/case/**');
INSERT INTO `authority` (id,authority_name,authority_desc,authority_content) VALUES (3, 'ROLE_SA', '超级管理员','/api/**');

2 changes: 2 additions & 0 deletions case-server/src/main/java/com/xiaoju/framework/constants/enums/StatusCode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ public enum StatusCode implements Status {
FILE_EXPORT_ERROR(10009, "导出失败,请稍后再试"),
NODE_ALREADY_EXISTS(20001, "节点已存在"),
WS_UNKNOWN_ERROR(100010, "websocket访问异常"),
AUTHORITY_ERROR(100011, "权限认证错误"),
ASPECT_ERROR(100012, "权限内部处理错误"),

// 内部异常
INTERNAL_ERROR(10400, "内部参数校验或逻辑出错"),
Expand Down
12 changes: 7 additions & 5 deletions case-server/src/main/java/com/xiaoju/framework/controller/WebController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.servlet.http.HttpServletRequest;

/**
* 重定向
*
Expand All @@ -22,27 +24,27 @@ public String login(){
}

@RequestMapping("/case/caseList/1")
public String index(){
public String index(HttpServletRequest request){
return "index";
}

@RequestMapping(value ="/test/1/*")
public String requirementId(){
public String requirementId(HttpServletRequest request){
return "index";
}

@RequestMapping(value ="/caseManager/1/*/*/*")
public String tcRecord(){
public String tcRecord(HttpServletRequest request){
return "index";
}

@RequestMapping(value ="/caseManager/1/*/*")
public String tcCase(){
public String tcCase(HttpServletRequest request){
return "index";
}

@RequestMapping(value="/api/file/*")
public String file() {
public String file(HttpServletRequest request) {
System.out.println("pre request");
return "index";
}
Expand Down
65 changes: 65 additions & 0 deletions case-server/src/main/java/com/xiaoju/framework/entity/dto/Authority.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
package com.xiaoju.framework.entity.dto;

import java.util.Date;

public class Authority {
private Long id;

private String authorityName;

private String authorityDesc;

private String authorityContent;

private Date gmtCreated;

private Date gmtUpdated;

public Long getId() {
return id;
}

public void setId(Long id) {
this.id = id;
}

public String getAuthorityName() {
return authorityName;
}

public void setAuthorityName(String authorityName) {
this.authorityName = authorityName == null ? null : authorityName.trim();
}

public String getAuthorityDesc() {
return authorityDesc;
}

public void setAuthorityDesc(String authorityDesc) {
this.authorityDesc = authorityDesc == null ? null : authorityDesc.trim();
}

public String getAuthorityContent() {
return authorityContent;
}

public void setAuthorityContent(String authorityContent) {
this.authorityContent = authorityContent == null ? null : authorityContent.trim();
}

public Date getGmtCreated() {
return gmtCreated;
}

public void setGmtCreated(Date gmtCreated) {
this.gmtCreated = gmtCreated;
}

public Date getGmtUpdated() {
return gmtUpdated;
}

public void setGmtUpdated(Date gmtUpdated) {
this.gmtUpdated = gmtUpdated;
}
}
2 changes: 2 additions & 0 deletions case-server/src/main/java/com/xiaoju/framework/entity/dto/User.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ public class User {

private String salt;

private String authorityName;

private Integer isDelete;

private Integer channel;
Expand Down
104 changes: 104 additions & 0 deletions case-server/src/main/java/com/xiaoju/framework/filter/WebSocketFilter.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
package com.xiaoju.framework.filter;

import com.alibaba.fastjson.JSONObject;
import com.xiaoju.framework.constants.enums.StatusCode;
import com.xiaoju.framework.entity.dto.Authority;
import com.xiaoju.framework.mapper.AuthorityMapper;
import com.xiaoju.framework.mapper.UserMapper;
import com.xiaoju.framework.util.CookieUtils;
import org.apache.tomcat.websocket.server.WsFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;

import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.io.OutputStream;
import java.util.*;

@Component
public class WebSocketFilter extends FilterRegistrationBean<WsFilter> {

// 保存对应权限的路径匹配列表
private Map<String, List<String>> roleAuthority = new HashMap<>();

@Resource
private AuthorityMapper authorityMapper;
@Resource
private UserMapper userMapper;

@Value("${authority.flag}")
private Boolean authorityFlag;

@PostConstruct
public void init() {

// authority表中id1,2,3分别表示普通用户、管理员、超管
for (long i = 1; i < 4; i++) {
Authority authority = authorityMapper.selectByPrimaryKey(i);
String[] authorityContent = authority.getAuthorityContent().split(",");

roleAuthority.put(authority.getAuthorityName(), Arrays.asList(authorityContent));
}
setFilter(new WsAuthFilter());
setUrlPatterns(Arrays.asList("/api/dir/*", "/api/backup/*", "/api/record/*", "/api/file/*", "/api/case/*"));
}

class WsAuthFilter extends WsFilter {
final Logger LOGGER = LoggerFactory.getLogger(WsAuthFilter.class);

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
try {
authenticateByCookie(req);
chain.doFilter(request, response);
} catch (SecurityException e) {
LOGGER.error("认证失败。", e);
JSONObject o = new JSONObject();
o.put("code", StatusCode.AUTHORITY_ERROR);
o.put("msg", StatusCode.AUTHORITY_ERROR.getMsg());
OutputStream out = response.getOutputStream();
out.write(o.toJSONString().getBytes("UTF-8"));
out.flush();
}
}

private void authenticateByCookie(HttpServletRequest req) {
if (!authorityFlag) return;
String username = CookieUtils.getCookieValue(req, "username");
String authorityName = userMapper.selectByUserName(username).getAuthorityName();

List<String> authorityContent = roleAuthority.get(StringUtils.isEmpty(authorityName)?"ROLE_USER":authorityName);

String pathInfo = req.getPathInfo();
String path;
if (pathInfo == null) {
path = req.getServletPath();
} else {
path = req.getServletPath() + pathInfo;
}

AntPathMatcher antPathMatcher = new AntPathMatcher();
for (String auth: authorityContent) {
boolean bRet = antPathMatcher.match(auth, path);
if (bRet) {
LOGGER.info("权限认证成功, auth:" + auth + ", path: " + path);
return;
}
}
LOGGER.info("权限认证失败, request path: " + path + ",username: " + username);
throw new SecurityException("认证失败");
}
}
}
7 changes: 0 additions & 7 deletions case-server/src/main/java/com/xiaoju/framework/handler/Room.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,7 @@
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.xiaoju.framework.entity.dto.RecordWsDto;
import com.xiaoju.framework.entity.persistent.TestCase;
import com.xiaoju.framework.entity.xmind.IntCount;
import com.xiaoju.framework.mapper.CaseBackupMapper;
import com.xiaoju.framework.mapper.TestCaseMapper;
import com.xiaoju.framework.service.CaseBackupService;
import com.xiaoju.framework.service.RecordService;
Expand All @@ -15,10 +12,6 @@
import org.apache.poi.util.StringUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.*;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

import javax.annotation.Resource;
Expand Down
17 changes: 17 additions & 0 deletions case-server/src/main/java/com/xiaoju/framework/mapper/AuthorityMapper.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package com.xiaoju.framework.mapper;

import com.xiaoju.framework.entity.dto.Authority;

public interface AuthorityMapper {
int deleteByPrimaryKey(Long id);

int insert(Authority record);

int insertSelective(Authority record);

Authority selectByPrimaryKey(Long id);

int updateByPrimaryKeySelective(Authority record);

int updateByPrimaryKey(Authority record);
}
2 changes: 1 addition & 1 deletion case-server/src/main/java/com/xiaoju/framework/util/TreeUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ public static void getPriority0(Stack<JSONObject> stackCheck, Stack<IntCount> iC

static boolean isPriorityIn(Integer data, List<String> priorities) {
for (String priority : priorities) {
if (data == Integer.parseInt(priority)) {
if (data != null && data.equals(Integer.parseInt(priority))) {
return true;
}
}
Expand Down
5 changes: 4 additions & 1 deletion case-server/src/main/resources/application.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,4 +38,7 @@ spring.thymeleaf.prefix=classpath:/web/dist/
spring.thymeleaf.suffix=.html

# 关闭devtools
spring.devtools.add-properties=false
spring.devtools.add-properties=false

# 权限开关,默认关闭
authority.flag=false
Loading

0 comments on commit 3e0ae29

Please sign in to comment.