用户删除增加密码鉴别功能

backend/src/main/java/com/jiayue/ssi/annotation/AgainVerify.java

@@ -0,0 +1,12 @@
+package com.jiayue.ssi.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * 重新鉴别
+ */
+@Documented
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface AgainVerify {
+}

backend/src/main/java/com/jiayue/ssi/aspectj/AgainVerifyAspect.java

@@ -0,0 +1,63 @@
+package com.jiayue.ssi.aspectj;
+
+import cn.hutool.crypto.SmUtil;
+import com.jiayue.ssi.annotation.AgainVerify;
+import com.jiayue.ssi.annotation.InterfaceLimit;
+import com.jiayue.ssi.util.InterfaceLimitUtil;
+import com.jiayue.ssi.util.ResponseVO;
+import com.jiayue.ssi.util.SecurityContextUtil;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestAttributes;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+* 重新鉴别
+*
+* @author xsl
+* @since 2023/04/06
+*/
+@Aspect
+@Component
+@Slf4j
+@Order(3)
+public class AgainVerifyAspect {
+    /**
+     * 层切点
+     */
+    @Pointcut("@annotation(againVerify)")
+    public void controllerAspect(AgainVerify againVerify) {
+    }
+
+    @Around("controllerAspect(againVerify)")
+    public ResponseVO doAround(ProceedingJoinPoint pjp, AgainVerify againVerify) throws Throwable {
+        // 获得request对象
+        RequestAttributes ra = RequestContextHolder.getRequestAttributes();
+        ServletRequestAttributes sra = (ServletRequestAttributes) ra;
+        HttpServletRequest request = sra.getRequest();
+        String againPwd = request.getParameter("againPwd");
+        String decryptPassword = null;
+        //加密密码
+        try {
+            decryptPassword= SmUtil.sm3(againPwd).toUpperCase();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        if (!decryptPassword.equals(SecurityContextUtil.getSysUser().getPassword())) {
+            log.error("鉴别失败,不能操作");
+            return ResponseVO.fail("鉴别失败,不能操作");
+        }
+        // result的值就是被拦截方法的返回值
+        ResponseVO result = (ResponseVO)pjp.proceed();
+        return result;
+    }
+}

backend/src/main/java/com/jiayue/ssi/aspectj/InterfaceLimitAspect.java

@@ -7,6 +7,7 @@ import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Pointcut;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
@@ -23,6 +24,7 @@ import lombok.extern.slf4j.Slf4j;
 @Aspect
 @Component
 @Slf4j
+@Order(1)
 public class InterfaceLimitAspect {
     /**
      * 层切点
@@ -39,7 +41,7 @@ public class InterfaceLimitAspect {
         HttpServletRequest request = sra.getRequest();
         if (!InterfaceLimitUtil.checkInterface(request,interfaceLimit.time(),interfaceLimit.value())){
             log.error("接口拦截：{} 请求超过限制频率【{}次/{}ms】,IP为{}", request.getRequestURI(), interfaceLimit.value(), interfaceLimit.time(), request.getRemoteAddr());
-            return ResponseVO.fail(null,"请求过于频繁，请稍后再试");
+            return ResponseVO.fail("请求过于频繁，请稍后再试");
         }
         // result的值就是被拦截方法的返回值
         ResponseVO result = (ResponseVO)pjp.proceed();

backend/src/main/java/com/jiayue/ssi/aspectj/OperateLogAspect.java

@@ -22,6 +22,7 @@ import org.aspectj.lang.annotation.Before;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.core.NamedThreadLocal;
+import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.multipart.MultipartFile;
@@ -42,6 +43,7 @@ import java.util.Map;
  */
 @Aspect
 @Component
+@Order(5)
 public class OperateLogAspect {
     private static final Logger log = LoggerFactory.getLogger(OperateLogAspect.class);
 

backend/src/main/java/com/jiayue/ssi/controller/SysUserController.java

@@ -4,6 +4,7 @@ import cn.hutool.core.lang.Validator;
 import cn.hutool.crypto.SmUtil;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.jiayue.ssi.annotation.AgainVerify;
 import com.jiayue.ssi.annotation.InterfaceLimit;
 import com.jiayue.ssi.annotation.OperateLog;
 import com.jiayue.ssi.backenum.AuditType;
@@ -266,6 +267,7 @@ public class SysUserController {
      */
     @PostMapping(value = "/delUser")
     @InterfaceLimit
+    @AgainVerify
     @OperateLog(title = "用户管理", businessType = BusinessType.DELETE,auditType = AuditType.SYS)
     @PreAuthorize("@ss.hasPermi('system:user:remove')")
     public ResponseVO delete(String id) {

ui/src/views/sysManager/userManager/index.vue

@@ -460,21 +460,27 @@ export default {
         });
         return
       }
-      this.$confirm('是否确认删除用户?', '提示', {
+      this.$prompt('请输入密码','鉴别操作',{
         confirmButtonText: '确定',
         cancelButtonText: '取消',
-        type: 'warning'
-      }).then(() => {
-        this.doDelete(_selectData)
-      }).catch(() => {
-      });
+        inputType:'password',
+        inputValidator:(val)=>{
+          if (val===null || val.length<1 || val.length>20){
+            return false;
+          }
+        },
+        inputErrorMessage: '不能为空,最多可录入20个字符'
+      }).then(async({value})=>{
+        this.doDelete(_selectData,value)
+      })
     },
     /**
      * 删除提交
      */
-    doDelete:debounce(function(_selectData){
+    doDelete:debounce(function(_selectData,againPwd){
       const param = {
-        id: _selectData.id
+        id: _selectData.id,
+        againPwd:againPwd
       }
       this.$axios.post('/sysUserController/delUser', param).then((res) => {
         if (res.code == 0) {