2 سال پیش · 7275c97cfc
--- a/backend/src/main/java/com/jiayue/ssi/annotation/AgainVerify.java
+++ b/backend/src/main/java/com/jiayue/ssi/annotation/AgainVerify.java
@@ -0,0 +1,12 @@
 
				+package com.jiayue.ssi.annotation;
			
 
				+
			
 
				+import java.lang.annotation.*;
			
 
				+
			
 
				+/**
			
 
				+ * 重新鉴别
			
 
				+ */
			
 
				+@Documented
			
 
				+@Target(ElementType.METHOD)
			
 
				+@Retention(RetentionPolicy.RUNTIME)
			
 
				+public @interface AgainVerify {
			
 
				+}
			
--- a/backend/src/main/java/com/jiayue/ssi/aspectj/AgainVerifyAspect.java
+++ b/backend/src/main/java/com/jiayue/ssi/aspectj/AgainVerifyAspect.java
@@ -0,0 +1,63 @@
 
				+package com.jiayue.ssi.aspectj;
			
 
				+
			
 
				+import cn.hutool.crypto.SmUtil;
			
 
				+import com.jiayue.ssi.annotation.AgainVerify;
			
 
				+import com.jiayue.ssi.annotation.InterfaceLimit;
			
 
				+import com.jiayue.ssi.util.InterfaceLimitUtil;
			
 
				+import com.jiayue.ssi.util.ResponseVO;
			
 
				+import com.jiayue.ssi.util.SecurityContextUtil;
			
 
				+import lombok.extern.slf4j.Slf4j;
			
 
				+import org.aspectj.lang.ProceedingJoinPoint;
			
 
				+import org.aspectj.lang.annotation.Around;
			
 
				+import org.aspectj.lang.annotation.Aspect;
			
 
				+import org.aspectj.lang.annotation.Pointcut;
			
 
				+import org.springframework.core.annotation.Order;
			
 
				+import org.springframework.security.authentication.BadCredentialsException;
			
 
				+import org.springframework.stereotype.Component;
			
 
				+import org.springframework.web.context.request.RequestAttributes;
			
 
				+import org.springframework.web.context.request.RequestContextHolder;
			
 
				+import org.springframework.web.context.request.ServletRequestAttributes;
			
 
				+
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+
			
 
				+/**
			
 
				+* 重新鉴别
			
 
				+*
			
 
				+* @author xsl
			
 
				+* @since 2023/04/06
			
 
				+*/
			
 
				+@Aspect
			
 
				+@Component
			
 
				+@Slf4j
			
 
				+@Order(3)
			
 
				+public class AgainVerifyAspect {
			
 
				+    /**
			
 
				+     * 层切点
			
 
				+     */
			
 
				+    @Pointcut("@annotation(againVerify)")
			
 
				+    public void controllerAspect(AgainVerify againVerify) {
			
 
				+    }
			
 
				+
			
 
				+    @Around("controllerAspect(againVerify)")
			
 
				+    public ResponseVO doAround(ProceedingJoinPoint pjp, AgainVerify againVerify) throws Throwable {
			
 
				+        // 获得request对象
			
 
				+        RequestAttributes ra = RequestContextHolder.getRequestAttributes();
			
 
				+        ServletRequestAttributes sra = (ServletRequestAttributes) ra;
			
 
				+        HttpServletRequest request = sra.getRequest();
			
 
				+        String againPwd = request.getParameter("againPwd");
			
 
				+        String decryptPassword = null;
			
 
				+        //加密密码
			
 
				+        try {
			
 
				+            decryptPassword= SmUtil.sm3(againPwd).toUpperCase();
			
 
				+        } catch (Exception e) {
			
 
				+            e.printStackTrace();
			
 
				+        }
			
 
				+        if (!decryptPassword.equals(SecurityContextUtil.getSysUser().getPassword())) {
			
 
				+            log.error("鉴别失败,不能操作");
			
 
				+            return ResponseVO.fail("鉴别失败,不能操作");
			
 
				+        }
			
 
				+        // result的值就是被拦截方法的返回值
			
 
				+        ResponseVO result = (ResponseVO)pjp.proceed();
			
 
				+        return result;
			
 
				+    }
			
 
				+}
			
--- a/backend/src/main/java/com/jiayue/ssi/aspectj/InterfaceLimitAspect.java
+++ b/backend/src/main/java/com/jiayue/ssi/aspectj/InterfaceLimitAspect.java
@@ -7,6 +7,7 @@ import org.aspectj.lang.ProceedingJoinPoint;
 
				 import org.aspectj.lang.annotation.Around;
			
 
				 import org.aspectj.lang.annotation.Aspect;
			
 
				 import org.aspectj.lang.annotation.Pointcut;
			
 
				+import org.springframework.core.annotation.Order;
			
 
				 import org.springframework.stereotype.Component;
			
 
				 import org.springframework.web.context.request.RequestAttributes;
			
 
				 import org.springframework.web.context.request.RequestContextHolder;
			
@@ -23,6 +24,7 @@ import lombok.extern.slf4j.Slf4j;
 
				 @Aspect
			
 
				 @Component
			
 
				 @Slf4j
			
 
				+@Order(1)
			
 
				 public class InterfaceLimitAspect {
			
 
				     /**
			
 
				      * 层切点
			
@@ -39,7 +41,7 @@ public class InterfaceLimitAspect {
 
				         HttpServletRequest request = sra.getRequest();
			
 
				         if (!InterfaceLimitUtil.checkInterface(request,interfaceLimit.time(),interfaceLimit.value())){
			
 
				             log.error("接口拦截：{} 请求超过限制频率【{}次/{}ms】,IP为{}", request.getRequestURI(), interfaceLimit.value(), interfaceLimit.time(), request.getRemoteAddr());
			
 
				-            return ResponseVO.fail(null,"请求过于频繁，请稍后再试");
			
 
				+            return ResponseVO.fail("请求过于频繁，请稍后再试");
			
 
				         }
			
 
				         // result的值就是被拦截方法的返回值
			
 
				         ResponseVO result = (ResponseVO)pjp.proceed();
			
--- a/backend/src/main/java/com/jiayue/ssi/aspectj/OperateLogAspect.java
+++ b/backend/src/main/java/com/jiayue/ssi/aspectj/OperateLogAspect.java
@@ -22,6 +22,7 @@ import org.aspectj.lang.annotation.Before;
 
				 import org.slf4j.Logger;
			
 
				 import org.slf4j.LoggerFactory;
			
 
				 import org.springframework.core.NamedThreadLocal;
			
 
				+import org.springframework.core.annotation.Order;
			
 
				 import org.springframework.stereotype.Component;
			
 
				 import org.springframework.validation.BindingResult;
			
 
				 import org.springframework.web.multipart.MultipartFile;
			
@@ -42,6 +43,7 @@ import java.util.Map;
 
				  */
			
 
				 @Aspect
			
 
				 @Component
			
 
				+@Order(5)
			
 
				 public class OperateLogAspect {
			
 
				     private static final Logger log = LoggerFactory.getLogger(OperateLogAspect.class);
			
 
				 
			
--- a/backend/src/main/java/com/jiayue/ssi/controller/SysUserController.java
+++ b/backend/src/main/java/com/jiayue/ssi/controller/SysUserController.java
@@ -4,6 +4,7 @@ import cn.hutool.core.lang.Validator;
 
				 import cn.hutool.crypto.SmUtil;
			
 
				 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
			
 
				 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
			
 
				+import com.jiayue.ssi.annotation.AgainVerify;
			
 
				 import com.jiayue.ssi.annotation.InterfaceLimit;
			
 
				 import com.jiayue.ssi.annotation.OperateLog;
			
 
				 import com.jiayue.ssi.backenum.AuditType;
			
@@ -266,6 +267,7 @@ public class SysUserController {
 
				      */
			
 
				     @PostMapping(value = "/delUser")
			
 
				     @InterfaceLimit
			
 
				+    @AgainVerify
			
 
				     @OperateLog(title = "用户管理", businessType = BusinessType.DELETE,auditType = AuditType.SYS)
			
 
				     @PreAuthorize("@ss.hasPermi('system:user:remove')")
			
 
				     public ResponseVO delete(String id) {
			
--- a/ui/src/views/sysManager/userManager/index.vue
+++ b/ui/src/views/sysManager/userManager/index.vue
@@ -460,21 +460,27 @@ export default {
 
				         });
			
 
				         return
			
 
				       }
			
 
				-      this.$confirm('是否确认删除用户?', '提示', {
			
 
				+      this.$prompt('请输入密码','鉴别操作',{
			
 
				         confirmButtonText: '确定',
			
 
				         cancelButtonText: '取消',
			
 
				-        type: 'warning'
			
 
				-      }).then(() => {
			
 
				-        this.doDelete(_selectData)
			
 
				-      }).catch(() => {
			
 
				-      });
			
 
				+        inputType:'password',
			
 
				+        inputValidator:(val)=>{
			
 
				+          if (val===null || val.length<1 || val.length>20){
			
 
				+            return false;
			
 
				+          }
			
 
				+        },
			
 
				+        inputErrorMessage: '不能为空,最多可录入20个字符'
			
 
				+      }).then(async({value})=>{
			
 
				+        this.doDelete(_selectData,value)
			
 
				+      })
			
 
				     },
			
 
				     /**
			
 
				      * 删除提交
			
 
				      */
			
 
				-    doDelete:debounce(function(_selectData){
			
 
				+    doDelete:debounce(function(_selectData,againPwd){
			
 
				       const param = {
			
 
				-        id: _selectData.id
			
 
				+        id: _selectData.id,
			
 
				+        againPwd:againPwd
			
 
				       }
			
 
				       this.$axios.post('/sysUserController/delUser', param).then((res) => {
			
 
				         if (res.code == 0) {