Merge remote-tracking branch 'origin/master'

backend/src/main/java/com/jiayue/ssi/backenum/BusinessType.java

@@ -16,6 +16,10 @@ public enum BusinessType
      */
     UNLOCK,
     /**
+     * 越权访问
+     */
+    BAC,
+    /**
      * 其它
      */
     OTHER,
@@ -76,4 +80,8 @@ public enum BusinessType
      * 清空数据
      */
     CLEAN,
+    /**
+     * 连接超时
+     */
+    CTO,
 }

backend/src/main/java/com/jiayue/ssi/config/MyAuthenticationProvider.java

@@ -14,11 +14,11 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 import javax.annotation.Resource;
 
 /**
-* security密码对比
-*
-* @author xsl
-* @since 2023/03/13
-*/
+ * security密码对比
+ *
+ * @author xsl
+ * @since 2023/03/13
+ */
 @Slf4j
 public class MyAuthenticationProvider extends DaoAuthenticationProvider {
 
@@ -36,16 +36,18 @@ public class MyAuthenticationProvider extends DaoAuthenticationProvider {
             String decryptPassword = null;
             //解密登陆密码
             try {
-                decryptPassword= SmUtil.sm3(presentedPassword).toUpperCase();
-            } catch (Exception e) {
-                log.error("用户密码解密错误，无法登录！");
-            }
+                decryptPassword = SmUtil.sm3(presentedPassword).toUpperCase();
+
 //            if (!this.passwordEncoder.matches(decryptPassword, userDetails.getPassword())) {
 //                this.logger.debug("Authentication failed: password does not match stored value");
 //                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
 //            }
-            if (!decryptPassword.equals(SM2CryptUtils.decrypt(userDetails.getPassword(), SecretKeyConstants.SERVER_PRIVATE_KEY))) {
-                this.logger.debug("Authentication failed: password does not match stored value");
+                if (!decryptPassword.equals(SM2CryptUtils.decrypt(userDetails.getPassword(), SecretKeyConstants.SERVER_PRIVATE_KEY))) {
+                    this.logger.debug("Authentication failed: password does not match stored value");
+                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
+                }
+            } catch (Exception e) {
+                log.error("用户密码解密错误，无法登录！");
                 throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
             }
         }

backend/src/main/java/com/jiayue/ssi/controller/SysUserController.java

@@ -668,7 +668,6 @@ public class SysUserController {
      * @return
      */
     @GetMapping("/getUserRole")
-    @OperateLog(title = "用户管理", businessType = BusinessType.GETROLE, auditType = AuditType.SYS,operdesc = "获取授权角色信息")
     @PreventReplay
     public ResponseVO getUserRole(Long userId) throws CustomException {
         try {

backend/src/main/java/com/jiayue/ssi/filter/JwtAuthenticationTokenFilter.java

@@ -9,13 +9,18 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.jiayue.ssi.backenum.AuditType;
+import com.jiayue.ssi.backenum.BusinessStatus;
+import com.jiayue.ssi.backenum.BusinessType;
 import com.jiayue.ssi.constant.CacheConstants;
 import com.jiayue.ssi.constant.Constants;
 import com.jiayue.ssi.constant.LoginConstants;
 import com.jiayue.ssi.dto.UserVisitInfoDto;
+import com.jiayue.ssi.entity.SysOperLog;
 import com.jiayue.ssi.entity.SysPolicy;
 import com.jiayue.ssi.entity.SysUser;
 import com.jiayue.ssi.factory.LoginFactory;
+import com.jiayue.ssi.factory.OperateLogFactory;
 import com.jiayue.ssi.service.SysPolicyService;
 import com.jiayue.ssi.service.SysUserService;
 import com.jiayue.ssi.service.impl.UserServiceImpl;
@@ -64,6 +69,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
         SecurityContextHolder.getContext().getAuthentication();
         String token = request.getHeader("Authorization");
         if (!StringUtils.isEmpty(token)) {
+            String username = "";
             try {
                 Claims claims = jwtTokenUtil.getClaimsFromToken(token);
                 if (claims==null){
@@ -72,7 +78,7 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
                     return;
                 }
 
-                String username = claims.getSubject();
+                username = claims.getSubject();
                 if (username != null) {
                     if (CacheConstants.LOGIN_TOKEN_MAP.get(username) == null) {
                         ResponseInfo.doResponse(response, "令牌无效，请重新登录！", 406);
@@ -146,7 +152,6 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
             }
             catch (ExpiredJwtException expiredJwtException){
                 Claims claims = expiredJwtException.getClaims();
-                String username = claims.getSubject();
                 String cacheToken = CacheConstants.LOGIN_TOKEN_MAP.get(username);
                 //内存token和当前token一致  说明是当前登陆用户访问
                 if (cacheToken!=null && !token.equals(cacheToken)) {
@@ -175,6 +180,27 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
                 SysPolicy sysPolicy = sysPolicyService.getOne(new QueryWrapper<>());
                 Long expiration = sysPolicy.getInactiveLogout().longValue()*1000*60L;
                 if (System.currentTimeMillis()>lastOperTime+expiration){
+                    SysOperLog operLog = new SysOperLog();
+                    operLog.setStatus(BusinessStatus.FAIL.ordinal());
+                    // 请求的地址
+                    String ip = IPUtils.getIpAddr();
+                    operLog.setOperIp(ip);
+                    operLog.setOperUrl(org.apache.commons.lang3.StringUtils.substring(ServletUtils.getRequest().getRequestURI(), 0, 255));
+                    operLog.setOperName(username);
+                    // 设置请求方式
+                    operLog.setRequestMethod(ServletUtils.getRequest().getMethod());
+                    operLog.setCreateBy(username);
+                    // 设置action动作
+                    operLog.setBusinessType(BusinessType.CTO.ordinal());
+                    // 设置标题
+                    operLog.setTitle("连接超时");
+                    // 操作描述
+                    operLog.setOperdesc("连接超时");
+                    // 审计类型
+                    operLog.setAuditType(AuditType.SYS.ordinal());
+                    // 保存数据库
+                    OperateLogFactory.recordOper(operLog);
+
                     LocalCache.remove(CacheConstants.REACTIVE_KEY + token);
                     // 超出配置设定值则退出
                     ResponseInfo.doResponse(response, "超出非活动时长退出！", 406);

backend/src/main/java/com/jiayue/ssi/filter/VerifySmFilter.java

@@ -6,7 +6,6 @@ import com.jiayue.ssi.constant.Constants;
 import com.jiayue.ssi.constant.SecretKeyConstants;
 import com.jiayue.ssi.factory.LoginFactory;
 import com.jiayue.ssi.servlet.ParameterRequestWrapper;
-import com.jiayue.ssi.util.IPUtils;
 import com.jiayue.ssi.util.ResponseInfo;
 import com.jiayue.ssi.util.SM2CryptUtils;
 import lombok.RequiredArgsConstructor;
@@ -179,7 +178,7 @@ public class VerifySmFilter extends OncePerRequestFilter {
                 }
             }
             //对参数里的字符进行合理化校验
-            String regex = "^[\\u4e00-\\u9fa5a-zA-Z0-9!@#$%^&*()_+|<>,.?/:;\\[\\]{}\\-\\s]*$";
+            String regex = "^[\\u4e00-\\u9fa5a-zA-Z0-9!@#$%^&*()_+|<>,.?/:;\\[\\]{}：；，。！¥（）“”‘’、《》【】？— \\-\\s]*$";
             for (String key : stringToMap.keySet()) {
                 if (!stringToMap.get(key).toString().matches(regex)) {
                     ResponseInfo.doResponse(response, "参数验证失败,包含特殊字符 " + stringToMap.get(key), 405);

backend/src/main/java/com/jiayue/ssi/handler/RestAccessDeniedHandler.java

@@ -3,6 +3,9 @@ package com.jiayue.ssi.handler;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.jiayue.ssi.annotation.OperateLog;
+import com.jiayue.ssi.backenum.AuditType;
+import com.jiayue.ssi.backenum.BusinessType;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Service;
@@ -19,6 +22,7 @@ import java.io.IOException;
 @Service
 public class RestAccessDeniedHandler implements AccessDeniedHandler {
     @Override
+    @OperateLog(title = "权限认证", businessType = BusinessType.BAC, auditType = AuditType.SYS,operdesc = "没有接口访问权限")
     public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException {
         response.setHeader("Access-Control-Allow-Origin", "*");
         response.setStatus(402);

backend/src/main/java/com/jiayue/ssi/util/ServletUtils.java

@@ -87,9 +87,9 @@ public class ServletUtils
         while(enumeration.hasMoreElements()){
             String name=(String)enumeration.nextElement();//得到name的名字。
             if (!"0".equals(name)){
-                System.out.print("属性"+name);
+//                System.out.print("属性"+name);
                 String value=request.getParameter(name);//是通过页面中的name属性得到值。
-                System.out.println(",值："+value);
+//                System.out.println(",值："+value);
                 String[] strArray = {value};
                 map.put(name,strArray);
             }

backend/src/main/resources/mapper/system/SysOperLogMapper.xml

@@ -12,6 +12,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 		<result property="method"         column="method"         />
 		<result property="requestMethod"  column="request_method" />
 		<result property="operatorType"   column="operator_type"  />
+		<result property="operdesc"   column="operdesc"  />
 		<result property="operName"       column="oper_name"      />
 		<result property="deptName"       column="dept_name"      />
 		<result property="operUrl"        column="oper_url"       />
@@ -32,13 +33,13 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 	</resultMap>
 
 	<sql id="selectOperLogVo">
-        select oper_id, title, business_type, audit_type, method, request_method, operator_type, oper_name, dept_name, oper_url, oper_ip, oper_location, oper_param, json_result, status, error_msg, oper_time, cost_time
+        select oper_id, title, business_type, audit_type, method, request_method, operator_type, oper_name, dept_name, oper_url, oper_ip, oper_location, oper_param, json_result, status, error_msg, oper_time, cost_time,operdesc
         from sys_oper_log
     </sql>
 
 	<insert id="insertOperlog" parameterType="SysOperLog">
-		insert into sys_oper_log(title, business_type,audit_type ,method, request_method, operator_type, oper_name, dept_name, oper_url, oper_ip, oper_location, oper_param, json_result, status, error_msg, cost_time, oper_time,create_by,create_time,del_flag)
-        values (#{title}, #{businessType}, #{auditType}, #{method}, #{requestMethod}, #{operatorType}, #{operName}, #{deptName}, #{operUrl}, #{operIp}, #{operLocation}, #{operParam}, #{jsonResult}, #{status}, #{errorMsg}, #{costTime}, sysdate(),#{createBy},sysdate(),0)
+		insert into sys_oper_log(title, business_type,audit_type ,method, request_method, operator_type, oper_name, dept_name, oper_url, oper_ip, oper_location, oper_param, json_result, status, error_msg, cost_time, oper_time,create_by,create_time,del_flag,operdesc)
+        values (#{title}, #{businessType}, #{auditType}, #{method}, #{requestMethod}, #{operatorType}, #{operName}, #{deptName}, #{operUrl}, #{operIp}, #{operLocation}, #{operParam}, #{jsonResult}, #{status}, #{errorMsg}, #{costTime}, sysdate(),#{createBy},sysdate(),0,#{operdesc})
 	</insert>
 
 	<select id="selectOperLogList" parameterType="SysOperLog" resultMap="SysOperLogResult">

ui/src/views/auditManager/operlog/index.vue

@@ -132,8 +132,8 @@
         <vxe-table-column field="auditType" title="审计类型" :formatter="auditTypeFormat"/>
         <vxe-table-column field="businessType" title="操作类型" :formatter="operTypeFormat"/>
         <vxe-table-column field="operName" title="操作人员" :sortable="true"/>
-        <vxe-table-column field="operIp" title="操作地址"/>
-        <vxe-table-column field="operLocation" title="操作地点"/>
+        <vxe-table-column field="operdesc" title="操作描述"/>
+<!--        <vxe-table-column field="operLocation" title="操作地点"/>-->
         <vxe-table-column field="status" title="操作状态" :formatter="statusFormat"/>
         <vxe-table-column field="operTime" title="操作日期" :sortable="true"/>
         <vxe-table-column field="costTime" title="消耗时间(毫秒)"/>
@@ -221,14 +221,21 @@ export default {
       showTable: true,
       currentPage: 1,
       pageSize: 10,
-      ///** 操作类型（0=其它,1=新增,2=修改,3=删除,4=授权,5=导出,6=导入,7=强退,8=生成代码,9=清空数据） */
+
       operTypeOptions: [
-        {value: '1', label: '新增'},
-        {value: '2', label: '修改'},
-        {value: '3', label: '删除'},
-        {value: '4', label: '授权'},
-        {value: '9', label: '清空数据'},
-        {value: '0', label: '其他'}
+        {value: '0', label: '查询'},
+        {value: '1', label: '解锁'},
+        {value: '2', label: '越权访问'},
+        {value: '3', label: '其它'},
+        {value: '4', label: '初始/重置密码'},
+        {value: '5', label: '新增'},
+        {value: '6', label: '修改'},
+        {value: '7', label: '个人密码修改'},
+        {value: '8', label: '删除'},
+        {value: '9', label: '授权'},
+        {value: '10', label: '获取角色信息'},
+        {value: '11', label: '导出'},
+        {value: '16', label: '连接超时'}
       ],
       ///** 审计类型（0=系统,1=业务） */
       auditTypeOptions: [
@@ -253,7 +260,7 @@ export default {
       list: [],
       // 是否显示弹出层
       open: false,
-      sortOrder: 'operTime&asc',
+      sortOrder: 'operTime&desc',
       // 日期范围
       dateRange: [],
       // 默认排序
@@ -293,7 +300,7 @@ export default {
   methods: {
     sortChangeEvent({column, property, order}) {
       if (order == null) {
-        order = 'asc'
+        order = 'desc'
       }
       this.currentPage = 1
       this.sortOrder = property+'&'+order
@@ -320,18 +327,40 @@ export default {
     operTypeFormat({cellValue}) {
       let belongTo = '未知的类型'
       for (let i = 0; i < this.operTypeOptions.length; i++) {
-        if (cellValue == "1") {
-          belongTo = "新增"
+        if (cellValue == "0") {
+          belongTo = "查询"
+        } else if (cellValue == "1") {
+          belongTo = "解锁"
         } else if (cellValue == "2") {
-          belongTo = "修改"
+          belongTo = "越权访问"
         } else if (cellValue == "3") {
-          belongTo = "删除"
+          belongTo = "其它"
         } else if (cellValue == "4") {
+          belongTo = "初始/重置密码"
+        } else if (cellValue == "5") {
+          belongTo = "新增"
+        }else if (cellValue == "6") {
+          belongTo = "修改"
+        }else if (cellValue == "7") {
+          belongTo = "个人密码修改"
+        }else if (cellValue == "8") {
+          belongTo = "删除"
+        }else if (cellValue == "9") {
           belongTo = "授权"
-        } else if (cellValue == "9") {
+        }else if (cellValue == "10") {
+          belongTo = "获取角色信息"
+        }else if (cellValue == "11") {
+          belongTo = "导出"
+        }else if (cellValue == "12") {
+          belongTo = "导入"
+        }else if (cellValue == "13") {
+          belongTo = "强退"
+        }else if (cellValue == "14") {
+          belongTo = "生成代码"
+        }else if (cellValue == "15") {
           belongTo = "清空数据"
-        } else if (cellValue == "0") {
-          belongTo = "其他"
+        }else if (cellValue == "16") {
+          belongTo = "连接超时"
         }
       }
       return belongTo
@@ -357,7 +386,7 @@ export default {
         lk = res.data.lk
       }).catch((error) => {
       })
-
+      console.log('order:'+this.sortOrder)
       this.loading = true;
       let _startOperTime;
       let _endOperTime;
@@ -382,6 +411,7 @@ export default {
         sysTime: sysTime,
         lk: lk
       }
+
       await this.$axios.get('/sysOperlogController/getAll',
         {params: searchParams}).then((res) => {
         this.list = res.data.records