whm
/
BookingHeChuan
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

用户密码改为DES加密

Browse Source
booking_auth_dev
wanghaomei 2 years ago
parent 853c12fd80
commit 2f9a1add26
10 changed files with 91 additions and 27 deletions
Show Stats Download Patch File Download Diff File

4
Myshipping.Application/Myshipping.Application.xml
Unescape Escape View File

@ -1548,9 +1548,9 @@
<param name="input"></param> <param name="input"></param>
<returns></returns> <returns></returns>
</member> </member>
<member name="M:Magic.Application.BookingOrderService.List(Magic.Application.BookingOrderInput)"> <member name="M:Magic.Application.BookingOrderService.Updata">
<summary> <summary>
获取订舱主表列表
</summary> </summary>
<param name="input"></param> <param name="input"></param>
<returns></returns> <returns></returns>

51
Myshipping.Application/Service/BookingOrder/BookingOrderService.cs
Unescape Escape View File

@ -7,12 +7,18 @@ using SqlSugar;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Myshipping.Application.Entity; using Myshipping.Application.Entity;
using Microsoft.AspNetCore.Authorization;
using Furion;
using Microsoft.AspNetCore.Http;
using Furion.DataEncryption;
using System.Collections.Generic;
namespace Magic.Application namespace Magic.Application
{ {
/// <summary> /// <summary>
/// 订舱主表服务 /// 订舱主表服务
/// </summary> /// </summary>
[ApiDescriptionSettings("Application",Name = "BookingOrder", Order = 1)] [ApiDescriptionSettings("Application", Name = "BookingOrder", Order = 1)]
public class BookingOrderService : IBookingOrderService, IDynamicApiController, ITransient public class BookingOrderService : IBookingOrderService, IDynamicApiController, ITransient
{ {
private readonly SqlSugarRepository<BookingOrder> _rep; private readonly SqlSugarRepository<BookingOrder> _rep;
@ -189,7 +195,7 @@ namespace Magic.Application
public async Task Update(UpdateBookingOrderInput input) public async Task Update(UpdateBookingOrderInput input)
{ {
var entity = input.Adapt<BookingOrder>(); var entity = input.Adapt<BookingOrder>();
await _rep.AsUpdateable(entity).IgnoreColumns(ignoreAllNullColumns:true).ExecuteCommandAsync(); await _rep.AsUpdateable(entity).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();
} }
/// <summary> /// <summary>
@ -204,14 +210,47 @@ namespace Magic.Application
} }
/// <summary> /// <summary>
/// 获取订舱主表列表 ///
/// </summary> /// </summary>
/// <param name="input"></param> /// <param name="input"></param>
/// <returns></returns> /// <returns></returns>
[HttpGet("/BookingOrder/list")] [AllowAnonymous]
public async Task<dynamic> List([FromQuery] BookingOrderInput input) [HttpGet("/BookingOrder/updata")]
public async Task<dynamic> Updata()
{
var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object>
{
{ClaimConst.CLAINM_USERID, 111},
{ClaimConst.TENANT_ID, 10},
{ClaimConst.CLAINM_ACCOUNT, "admin"},
{ClaimConst.CLAINM_NAME, "管理员"},
{ClaimConst.CLAINM_SUPERADMIN, AdminType.Admin},
{ ClaimConst.CLAINM_TENANT_TYPE, TenantTypeEnum.SYSTEM },
{ ClaimConst.CLAINM_TENANT_NAME, "测试" },
});
var httpContext = App.GetService<IHttpContextAccessor>().HttpContext;
httpContext.SigninToSwagger(accessToken);
return Task.Run(() =>
{
return $"当前用户:{UserManager.Name}";
});
}
[AllowAnonymous]
[HttpGet("/BookingOrder/test")]
public async Task<dynamic> Test(string str, bool encrpyt = true)
{
var keyDES = App.GetOptions<EncryptKeyOptions>().DES;
if (encrpyt)
{ {
return await _rep.ToListAsync(); return $"{keyDES} {DESCEncryption.Encrypt(str, keyDES)}";
}
else
{
return DESCEncryption.Decrypt(str, keyDES);
}
} }
} }
} }

1
Myshipping.Application/Service/BookingOrder/IBookingOrderService.cs
Unescape Escape View File

@ -9,7 +9,6 @@ namespace Magic.Application
Task Add(AddBookingOrderInput input); Task Add(AddBookingOrderInput input);
Task Delete(DeleteBookingOrderInput input); Task Delete(DeleteBookingOrderInput input);
Task<BookingOrder> Get([FromQuery] QueryeBookingOrderInput input); Task<BookingOrder> Get([FromQuery] QueryeBookingOrderInput input);
Task<dynamic> List([FromQuery] BookingOrderInput input);
Task<dynamic> Page([FromQuery] BookingOrderInput input); Task<dynamic> Page([FromQuery] BookingOrderInput input);
Task Update(UpdateBookingOrderInput input); Task Update(UpdateBookingOrderInput input);
} }

9
Myshipping.Core/ConfigOption/ConfigOptions.cs
Unescape Escape View File

@ -208,3 +208,12 @@ public class ThirdParty
public string scope { get; set; } public string scope { get; set; }
} }
/// <summary>
/// 加密key
/// </summary>
public class EncryptKeyOptions: IConfigurableOptions
{
public string AES { get; set; }
public string DES { get; set; }
}

5
Myshipping.Core/Myshipping.Core.xml
Unescape Escape View File

@ -492,6 +492,11 @@
scope scope
</summary> </summary>
</member> </member>
<member name="T:Myshipping.Core.EncryptKeyOptions">
<summary>
加密key
</summary>
</member>
<member name="F:Myshipping.Core.ClaimConst.CLAINM_USERID"> <member name="F:Myshipping.Core.ClaimConst.CLAINM_USERID">
<summary> <summary>
用户Id 用户Id

7
Myshipping.Core/Service/Auth/AuthService.cs
Unescape Escape View File

@ -47,7 +47,7 @@ public class AuthService : IAuthService, IDynamicApiController, ITransient
{ {
_sysUserRep = sysUserRep; _sysUserRep = sysUserRep;
_sysLogVisRep = sysLogVisRep; _sysLogVisRep = sysLogVisRep;
_sysTenantRep=sysTenantRep; _sysTenantRep = sysTenantRep;
_httpContextAccessor = httpContextAccessor; _httpContextAccessor = httpContextAccessor;
_sysEmpService = sysEmpService; _sysEmpService = sysEmpService;
_sysRoleService = sysRoleService; _sysRoleService = sysRoleService;
@ -68,8 +68,9 @@ public class AuthService : IAuthService, IDynamicApiController, ITransient
[AllowAnonymous] [AllowAnonymous]
public async Task<string> LoginAsync([Required] LoginInput input) public async Task<string> LoginAsync([Required] LoginInput input)
{ {
var keyDES = App.GetOptions<EncryptKeyOptions>().DES;
// 获取加密后的密码 // 获取加密后的密码
var encryptPassword = MD5Encryption.Encrypt(input.Password); var encryptPassword = DESCEncryption.Encrypt(input.Password, keyDES);
// 判断用户名和密码是否正确(排除全局多租户过滤器)Filter(null,true) // 判断用户名和密码是否正确(排除全局多租户过滤器)Filter(null,true)
var user = _sysUserRep.AsQueryable().Filter(null, true) var user = _sysUserRep.AsQueryable().Filter(null, true)
@ -106,7 +107,7 @@ public class AuthService : IAuthService, IDynamicApiController, ITransient
var httpContext = App.HttpContext; var httpContext = App.HttpContext;
await _eventPublisher.PublishAsync(new ChannelEventSource("Update:UserLoginInfo", await _eventPublisher.PublishAsync(new ChannelEventSource("Update:UserLoginInfo",
new SysUser {Id = user.Id, LastLoginIp = httpContext.GetLocalIpAddressToIPv4(), LastLoginTime = DateTime.Now})); new SysUser { Id = user.Id, LastLoginIp = httpContext.GetLocalIpAddressToIPv4(), LastLoginTime = DateTime.Now }));
return accessToken; return accessToken;
} }

6
Myshipping.Core/Service/Tenant/SysTenantService.cs
Unescape Escape View File

@ -12,6 +12,7 @@ using SqlSugar;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Furion;
namespace Myshipping.Core.Service; namespace Myshipping.Core.Service;
@ -155,7 +156,7 @@ public class SysTenantService : ISysTenantService, IDynamicApiController, ITrans
Email = newTenant.Email, Email = newTenant.Email,
Phone = newTenant.Phone, Phone = newTenant.Phone,
AdminType = AdminType.Admin, AdminType = AdminType.Admin,
Sex=Gender.MALE Sex = Gender.MALE
}; };
newUser = await _sysUserRep.InsertReturnEntityAsync(newUser); newUser = await _sysUserRep.InsertReturnEntityAsync(newUser);
@ -315,8 +316,9 @@ public class SysTenantService : ISysTenantService, IDynamicApiController, ITrans
[HttpPost("/sysTenant/resetPwd")] [HttpPost("/sysTenant/resetPwd")]
public async Task ResetUserPwd(QueryTenantInput input) public async Task ResetUserPwd(QueryTenantInput input)
{ {
var keyDES = App.GetOptions<EncryptKeyOptions>().DES;
var tenantAdminUser = await GetTenantAdminUser(input.Id); var tenantAdminUser = await GetTenantAdminUser(input.Id);
tenantAdminUser.Password = MD5Encryption.Encrypt(await _sysConfigService.GetDefaultPassword()); tenantAdminUser.Password = DESCEncryption.Encrypt(await _sysConfigService.GetDefaultPassword(), keyDES);
// 更新密码 // 更新密码
await _sysUserRep.AsUpdateable(tenantAdminUser) await _sysUserRep.AsUpdateable(tenantAdminUser)
.Where(wh => wh.Id.Equals(tenantAdminUser.Id)).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync(); .Where(wh => wh.Id.Equals(tenantAdminUser.Id)).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();

26
Myshipping.Core/Service/User/SysUserService.cs
Unescape Escape View File

@ -15,6 +15,7 @@ using System.IO;
using System.Linq; using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Yitter.IdGenerator; using Yitter.IdGenerator;
using Furion;
namespace Myshipping.Core.Service; namespace Myshipping.Core.Service;
@ -59,7 +60,7 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
var searchValue = input.SearchValue; var searchValue = input.SearchValue;
var pid = input.SysEmpParam.OrgId; var pid = input.SysEmpParam.OrgId;
var users = await _sysUserRep.AsQueryable().InnerJoin<SysEmp>((u, e) => u.Id == e.Id) var users = await _sysUserRep.AsQueryable().InnerJoin<SysEmp>((u, e) => u.Id == e.Id)
.InnerJoin<SysOrg>((u, e, o)=> e.OrgId == o.Id) .InnerJoin<SysOrg>((u, e, o) => e.OrgId == o.Id)
.InnerJoin<SysTenant>((u, e, o, t) => u.TenantId == t.Id) .InnerJoin<SysTenant>((u, e, o, t) => u.TenantId == t.Id)
.WhereIF(!string.IsNullOrWhiteSpace(searchValue), (u, e, o) => u.Account.Contains(input.SearchValue.Trim()) || .WhereIF(!string.IsNullOrWhiteSpace(searchValue), (u, e, o) => u.Account.Contains(input.SearchValue.Trim()) ||
u.Name.Contains(input.SearchValue.Trim()) || u.Name.Contains(input.SearchValue.Trim()) ||
@ -68,9 +69,9 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
o.Pids.Contains(pid.Trim())) o.Pids.Contains(pid.Trim()))
.WhereIF(Enum.IsDefined(typeof(CommonStatus), input.SearchStatus), (u, e, o) => u.Status == input.SearchStatus) .WhereIF(Enum.IsDefined(typeof(CommonStatus), input.SearchStatus), (u, e, o) => u.Status == input.SearchStatus)
.Where((u, e, o) => u.AdminType == AdminType.None) .Where((u, e, o) => u.AdminType == AdminType.None)
.Select<UserOutput>("u.*,t.Name As TenantName ").ToDataFilter("u","Id",FilterType.User).ToPagedListAsync(input.PageNo, input.PageSize); .Select<UserOutput>("u.*,t.Name As TenantName ").ToDataFilter("u", "Id", FilterType.User).ToPagedListAsync(input.PageNo, input.PageSize);
var empInfos =await _sysEmpService.GetEmpInfo(users.Items.Select(m => long.Parse(m.Id)).ToList()); var empInfos = await _sysEmpService.GetEmpInfo(users.Items.Select(m => long.Parse(m.Id)).ToList());
foreach (var user in users.Items) foreach (var user in users.Items)
{ {
user.SysEmpInfo = empInfos.FirstOrDefault(m => m.Id == long.Parse(user.Id)); user.SysEmpInfo = empInfos.FirstOrDefault(m => m.Id == long.Parse(user.Id));
@ -97,9 +98,10 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
var isExist = await _sysUserRep.AnyAsync(u => u.Account == input.Account); var isExist = await _sysUserRep.AnyAsync(u => u.Account == input.Account);
if (isExist) throw Oops.Oh(ErrorCode.D1003); if (isExist) throw Oops.Oh(ErrorCode.D1003);
var keyDES = App.GetOptions<EncryptKeyOptions>().DES;
var user = input.Adapt<SysUser>(); var user = input.Adapt<SysUser>();
user.AdminType = AdminType.None; user.AdminType = AdminType.None;
user.Password = MD5Encryption.Encrypt(input.Password); user.Password = DESCEncryption.Encrypt(input.Password, keyDES);
if (string.IsNullOrEmpty(user.Name)) if (string.IsNullOrEmpty(user.Name))
user.Name = user.Account; user.Name = user.Account;
if (string.IsNullOrEmpty(user.NickName)) if (string.IsNullOrEmpty(user.NickName))
@ -148,7 +150,7 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
{ {
_sysUserRep.CurrentBeginTran(); _sysUserRep.CurrentBeginTran();
// 直接删除用户 // 直接删除用户
await _sysUserRep.AsUpdateable(new SysUser {IsDeleted = true}).UpdateColumns(user.FalseDeleteColumn()).Where(wh => wh.Id == user.Id).ExecuteCommandAsync(); await _sysUserRep.AsUpdateable(new SysUser { IsDeleted = true }).UpdateColumns(user.FalseDeleteColumn()).Where(wh => wh.Id == user.Id).ExecuteCommandAsync();
// 删除员工及附属机构职位信息 // 删除员工及附属机构职位信息
await _sysEmpService.DeleteEmpInfoByUserId(user.Id); await _sysEmpService.DeleteEmpInfoByUserId(user.Id);
@ -297,10 +299,11 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
[HttpPost("/sysUser/updatePwd")] [HttpPost("/sysUser/updatePwd")]
public async Task UpdateUserPwd(ChangePasswordUserInput input) public async Task UpdateUserPwd(ChangePasswordUserInput input)
{ {
var keyDES = App.GetOptions<EncryptKeyOptions>().DES;
var user = await _sysUserRep.FirstOrDefaultAsync(u => u.Id == input.Id); var user = await _sysUserRep.FirstOrDefaultAsync(u => u.Id == input.Id);
if (MD5Encryption.Encrypt(input.Password) != user.Password) if (DESCEncryption.Encrypt(input.Password, keyDES) != user.Password)
throw Oops.Oh(ErrorCode.D1004); throw Oops.Oh(ErrorCode.D1004);
user.Password = MD5Encryption.Encrypt(input.NewPassword); user.Password = DESCEncryption.Encrypt(input.NewPassword, keyDES);
await _sysUserRep.AsUpdateable(user).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync(); await _sysUserRep.AsUpdateable(user).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();
} }
@ -334,8 +337,9 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
[HttpPost("/sysUser/resetPwd")] [HttpPost("/sysUser/resetPwd")]
public async Task ResetUserPwd(QueryUserInput input) public async Task ResetUserPwd(QueryUserInput input)
{ {
var keyDES = App.GetOptions<EncryptKeyOptions>().DES;
var user = await _sysUserRep.FirstOrDefaultAsync(u => u.Id == input.Id); var user = await _sysUserRep.FirstOrDefaultAsync(u => u.Id == input.Id);
user.Password = MD5Encryption.Encrypt(await _sysConfigService.GetDefaultPassword()); user.Password = DESCEncryption.Encrypt(await _sysConfigService.GetDefaultPassword(), keyDES);
await _sysUserRep.AsUpdateable(user).IgnoreColumns(it => new { it.AdminType }).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync(); await _sysUserRep.AsUpdateable(user).IgnoreColumns(it => new { it.AdminType }).IgnoreColumns(ignoreAllNullColumns: true).ExecuteCommandAsync();
} }
@ -382,7 +386,7 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
//这里如果报错看下AdminType的值 不能是0必须是在枚举值内的 //这里如果报错看下AdminType的值 不能是0必须是在枚举值内的
var users = await _sysUserRep.ToListAsync(); var users = await _sysUserRep.ToListAsync();
if(!users.Any()) if (!users.Any())
throw Oops.Oh("没有数据"); throw Oops.Oh("没有数据");
var memoryStream = new MemoryStream(); var memoryStream = new MemoryStream();
memoryStream.SaveAs(users); memoryStream.SaveAs(users);
@ -492,7 +496,7 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
if (!UserManager.IsSuperAdmin) if (!UserManager.IsSuperAdmin)
{ {
var dataScopes = await GetUserDataScopeIdList(UserManager.UserId); var dataScopes = await GetUserDataScopeIdList(UserManager.UserId);
if (dataScopes == null ||orgId <= 0|| !dataScopes.Contains(orgId)) if (dataScopes == null || orgId <= 0 || !dataScopes.Contains(orgId))
throw Oops.Oh(ErrorCode.D1013); throw Oops.Oh(ErrorCode.D1013);
} }
} }
@ -503,7 +507,7 @@ public class SysUserService : ISysUserService, IDynamicApiController, ITransient
[NonAction] [NonAction]
public async Task<List<long>> GetDataScopeIdUserList(long userId = 0) public async Task<List<long>> GetDataScopeIdUserList(long userId = 0)
{ {
userId = userId<=0? UserManager.UserId: userId; userId = userId <= 0 ? UserManager.UserId : userId;
var list = await _sysCacheService.GetUsersDataScope(userId); // 先从缓存里面读取 var list = await _sysCacheService.GetUsersDataScope(userId); // 先从缓存里面读取
if (list == null || list.Count < 1) if (list == null || list.Count < 1)
{ {

1
Myshipping.Web.Core/Startup.cs
Unescape Escape View File

@ -37,6 +37,7 @@ public class Startup : AppStartup
services.AddConfigurableOptions<SystemSettingsOptions>(); services.AddConfigurableOptions<SystemSettingsOptions>();
services.AddConfigurableOptions<UploadFileOptions>(); services.AddConfigurableOptions<UploadFileOptions>();
services.AddConfigurableOptions<OAuthOptions>(); services.AddConfigurableOptions<OAuthOptions>();
services.AddConfigurableOptions<EncryptKeyOptions>();
#region 上传文件大小限制 #region 上传文件大小限制
long maxRequestBodySize = Convert.ToInt64(App.Configuration["MaxRequestBodySize"]); long maxRequestBodySize = Convert.ToInt64(App.Configuration["MaxRequestBodySize"]);

4
Myshipping.Web.Core/applicationconfig.json
Unescape Escape View File

@ -49,6 +49,10 @@
"ExpiredTime": 1440, // long 20 "ExpiredTime": 1440, // long 20
"ClockSkew": 5 // long 5 "ClockSkew": 5 // long 5
}, },
"EncryptKey": {
"AES": "072B13C9AD5644C5B914DFE66F4B5D11",
"DES": "072B13C9"
},
"Cache": { "Cache": {
"CacheType": "MemoryCache", // RedisCache "CacheType": "MemoryCache", // RedisCache
"RedisConnectionString": "127.0.0.1:6379,password=,defaultDatabase=2" "RedisConnectionString": "127.0.0.1:6379,password=,defaultDatabase=2"

Write Preview
Loading…
Cancel
Save