角色管理增加重放

backend/src/main/java/com/jiayue/ssi/aspectj/PreventReplayAspect.java

@@ -32,28 +32,33 @@ public class PreventReplayAspect {
 
     @Around("replayAspect()")
     public ResponseVO doAround(ProceedingJoinPoint pjp) throws Throwable {
-        // 获取request
-        HttpServletRequest request = ServletUtils.getRequest();
-        // 时间戳
-        String sysTime = request.getParameter("sysTime");
-        long sj = System.currentTimeMillis()-Long.parseLong(sysTime);
-        // 判断客户端的时间是否超过60秒
-        if (sj/1000>=60){
-            // 超过60秒视为无效请求
-            log.error(request.getRemoteAddr()+"本次请求时间戳无效");
-            return ResponseVO.fail("本次请求时间戳无效");
+        try {
+            // 获取request
+            HttpServletRequest request = ServletUtils.getRequest();
+            // 时间戳
+            String sysTime = request.getParameter("sysTime");
+            long sj = System.currentTimeMillis() - Long.parseLong(sysTime);
+            // 判断客户端的时间是否超过60秒
+            if (sj / 1000 >= 60) {
+                // 超过60秒视为无效请求
+                log.error(request.getRemoteAddr() + "本次请求时间戳无效");
+                return ResponseVO.fail("本次请求时间戳无效");
+            }
+            String lk = request.getParameter("lk");
+            Object islk = LocalCache.get(lk);
+            // 校验服务端授权码
+            if (islk == null || "".equals(islk)) {
+                // 记录用户失败日志
+                log.error(request.getRemoteAddr() + "本次请求授权码无效");
+                return ResponseVO.fail("本次请求授权码无效");
+            } else {
+                // 清除本地授权码存储
+                LocalCache.remove(lk);
+            }
         }
-        String lk = request.getParameter("lk");
-        Object islk = LocalCache.get(lk);
-        // 校验服务端授权码
-        if (islk == null || "".equals(islk)) {
-            // 记录用户失败日志
-            log.error(request.getRemoteAddr()+"本次请求授权码无效");
-            return ResponseVO.fail("本次请求授权码无效");
-        }
-        else {
-            // 清除本地授权码存储
-            LocalCache.remove(lk);
+        catch (Exception e) {
+            log.error("防重放解析失败",e);
+            return ResponseVO.fail("防重放解析失败,不能操作");
         }
         // result的值就是被拦截方法的返回值
         ResponseVO result = (ResponseVO)pjp.proceed();

backend/src/main/java/com/jiayue/ssi/controller/SysRoleController.java

@@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.jiayue.ssi.annotation.InterfaceLimit;
 
 import com.jiayue.ssi.annotation.OperateLog;
+import com.jiayue.ssi.annotation.PreventReplay;
 import com.jiayue.ssi.backenum.AuditType;
 import com.jiayue.ssi.backenum.BusinessType;
 import com.jiayue.ssi.constant.CustomException;
@@ -48,6 +49,7 @@ public class SysRoleController {
      */
     @GetMapping(value = "/getAll")
     @PreAuthorize("@ss.hasPermi('system:role:list')")
+    @PreventReplay
     public ResponseVO getAll(String currentPage, String pageSize, String roleName, String status, String roleKey) throws CustomException {
         try {
             Integer cp;
@@ -112,6 +114,7 @@ public class SysRoleController {
     @PostMapping(value = "/addRole")
     @OperateLog(title = "角色管理", businessType = BusinessType.INSERT, auditType = AuditType.SYS)
     @PreAuthorize("@ss.hasPermi('system:role:add')")
+    @PreventReplay
     public ResponseVO addRole(@RequestBody SysRole role) throws CustomException {
         try {
             if (StringUtils.isEmpty(role.getRoleName())) {
@@ -158,6 +161,7 @@ public class SysRoleController {
     @PostMapping(value = "/updateRole")
     @OperateLog(title = "角色管理", businessType = BusinessType.UPDATE, auditType = AuditType.SYS)
     @PreAuthorize("@ss.hasPermi('system:role:edit')")
+    @PreventReplay
     public ResponseVO updateRole(@RequestBody SysRole role) throws CustomException {
         try {
             SysRole existRole = roleService.getById(role.getRoleId());
@@ -206,6 +210,7 @@ public class SysRoleController {
      * 根据角色编号获取详细信息
      */
     @GetMapping(value = "getInfo")
+    @PreventReplay
     public ResponseVO getInfo(String roleId) throws CustomException {
         try {
             Long roleid;
@@ -233,6 +238,7 @@ public class SysRoleController {
     @PostMapping(value = "/delRole")
     @OperateLog(title = "角色管理", businessType = BusinessType.DELETE, auditType = AuditType.SYS)
     @PreAuthorize("@ss.hasPermi('system:role:remove')")
+    @PreventReplay
     public ResponseVO delRole(String roleId) throws CustomException {
         try {
             if (StringUtils.isEmpty(roleId)) {
@@ -260,6 +266,7 @@ public class SysRoleController {
      */
     @GetMapping(value = "/getRoleByType")
     @PreAuthorize("@ss.hasPermi('system:user:role')")
+    @PreventReplay
     public ResponseVO getRoleByType(String usertype) throws CustomException {
         try {
             if (StringUtils.isEmpty(usertype)) {

backend/src/main/java/com/jiayue/ssi/controller/UserLoginController.java

@@ -10,6 +10,7 @@ import com.jiayue.ssi.service.SysUserService;
 import com.jiayue.ssi.util.*;
 import com.wf.captcha.SpecCaptcha;
 import com.wf.captcha.base.Captcha;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -28,6 +29,7 @@ import java.util.Map;
  * @since 2023/02/20
  */
 @RestController
+@Slf4j
 public class UserLoginController {
     @Autowired
     SysUserService sysUserService;
@@ -131,7 +133,7 @@ public class UserLoginController {
                     String[] mailArray = {sysUser.getMailbox()};
                     sendMailUtil.executeSendMail(mailArray, "邮箱验证码", "口令：" + mailRandom + ",有效期4分钟。");
                 } catch (Exception e) {
-                    e.printStackTrace();
+                    log.error("用户名："+username+",邮箱验证码发送失败！");
                     return ResponseVO.fail("邮箱验证码发送失败！");
                 }
             }

backend/src/main/java/com/jiayue/ssi/filter/MailCodeFilter.java

@@ -78,6 +78,7 @@ public class MailCodeFilter extends OncePerRequestFilter {
             }
             filterChain.doFilter(request, response);
         } catch (Exception e) {
+            e.printStackTrace();
             ResponseInfo.doResponse(response, "邮箱口令错误！", 401);
             return;
         }

ui/src/views/sysManager/roleManager/index.vue

@@ -345,16 +345,25 @@ export default {
       return belongTo
     },
     /** 查询角色列表 */
-    getList() {
+    async getList() {
       this.loading = true;
+      let sysTime
+      let lk
+      await this.$axios.get('/sysPolicyController/getLicenseKey').then((res) => {
+        sysTime = res.data.sysTime
+        lk = res.data.lk
+      }).catch((error) => {
+      })
       var searchParams = {
         currentPage: this.currentPage,
         pageSize: this.pageSize,
         roleName: this.queryParams.roleName,
         roleKey: this.queryParams.roleKey,
-        status: this.queryParams.status
+        status: this.queryParams.status,
+        sysTime: sysTime,
+        lk: lk
       }
-      this.$axios.get('/sysRoleController/getAll',
+      await this.$axios.get('/sysRoleController/getAll',
         {params: searchParams}).then((res) => {
         this.roleList = res.data.records
         this.total = res.data.total
@@ -530,7 +539,7 @@ export default {
       this.edit = false;
     }, 500),
     /** 修改按钮操作 */
-    handleUpdate: debounce(function () {
+    handleUpdate: debounce(async function () {
       this.reset();
       const _selectData = this.$refs.xTable.getRadioRecord(true)
       if (_selectData == null) {
@@ -544,27 +553,49 @@ export default {
       if (_selectData.roleKey == 'xtgly' || _selectData.roleKey == 'sjgly') {
         this.edit=true;
       }
-
       const roleId = _selectData.roleId
-      // const roleMenu = this.getRoleMenuTreeselect(roleId);
+
+      let sysTime1
+      let lk1
+      await this.$axios.get('/sysPolicyController/getLicenseKey').then((res) => {
+        sysTime1 = res.data.sysTime
+        lk1 = res.data.lk
+      }).catch((error) => {
+      })
+      var param1 = {
+        roleId: roleId,
+        sysTime: sysTime1,
+        lk: lk1
+      }
+
+      await this.$axios.get('/sysMenuController/roleMenuTreeselect',
+        {params: param1}).then((res) => {
+        this.menuOptions = res.data.menus;
+        let checkedKeys = res.data.checkedKeys
+        checkedKeys.forEach((v) => {
+          this.$nextTick(() => {
+            this.$refs.menu.setChecked(v, true, false);
+          })
+        })
+      })
+
+      let sysTime
+      let lk
+      await this.$axios.get('/sysPolicyController/getLicenseKey').then((res) => {
+        sysTime = res.data.sysTime
+        lk = res.data.lk
+      }).catch((error) => {
+      })
+
       var param = {
-        roleId: roleId
+        roleId: roleId,
+        sysTime: sysTime,
+        lk: lk
       }
-      this.$axios.get('/sysRoleController/getInfo',
+      await this.$axios.get('/sysRoleController/getInfo',
         {params: param}).then((res2) => {
         this.form = res2.data;
         this.open = true;
-        this.$axios.get('/sysMenuController/roleMenuTreeselect',
-          {params: param}).then((res) => {
-          this.menuOptions = res.data.menus;
-          let checkedKeys = res.data.checkedKeys
-          console.log(checkedKeys)
-          checkedKeys.forEach((v) => {
-            this.$nextTick(() => {
-              this.$refs.menu.setChecked(v, true, false);
-            })
-          })
-        })
       })
       this.title = "修改角色";
     }, 1000),
@@ -581,7 +612,7 @@ export default {
     },
     /** 提交按钮 */
     submitForm: debounce(function () {
-      this.$refs["form"].validate(valid => {
+      this.$refs["form"].validate(async valid => {
         if (valid) {
           if (this.form.roleKey.trim() == 'xtgly' || this.form.roleKey.trim() == 'sjgly') {
             if (this.form.builtIn != '0') {
@@ -593,6 +624,17 @@ export default {
               return
             }
           }
+
+          let sysTime
+          let lk
+          await this.$axios.get('/sysPolicyController/getLicenseKey').then((res) => {
+            sysTime = res.data.sysTime
+            lk = res.data.lk
+          }).catch((error) => {
+          })
+          this.form.sysTime = sysTime
+          this.form.lk = lk
+
           if (this.form.roleId != undefined) {
             this.form.menuIds = this.getMenuAllCheckedKeys();
             // 更新操作
@@ -608,12 +650,10 @@ export default {
               }
               this.loading = false
             }).catch((error) => {
-              // this.$message.error(error)
               this.loading = false
             })
           } else {
             this.form.menuIds = this.getMenuAllCheckedKeys();
-
             this.$axios.post('/sysRoleController/addRole', this.form).then((res) => {
               if (res.code == 0) {
                 this.$message.success('新增成功')
@@ -626,7 +666,6 @@ export default {
               }
               this.loading = false
             }).catch((error) => {
-              // this.$message.error(error)
               this.loading = false
             })
           }
@@ -675,11 +714,21 @@ export default {
     /**
      * 删除提交
      */
-    doDelete: debounce(function (_selectData) {
+    doDelete: debounce(async function (_selectData) {
+      let sysTime
+      let lk
+      await this.$axios.get('/sysPolicyController/getLicenseKey').then((res) => {
+        sysTime = res.data.sysTime
+        lk = res.data.lk
+      }).catch((error) => {
+      })
+
       const param = {
-        roleId: _selectData.roleId
+        roleId: _selectData.roleId,
+        sysTime: sysTime,
+        lk: lk
       }
-      this.$axios.post('/sysRoleController/delRole', param).then((res) => {
+      await this.$axios.post('/sysRoleController/delRole', param).then((res) => {
         if (res.code == 0) {
           this.$message({
             type: 'success',