2021-4-25
添加了审计部分
This commit is contained in:
parent
9c75d90d65
commit
29a94e1a64
@ -1,10 +1,13 @@
|
||||
package com.example.survey.config;
|
||||
|
||||
import com.alibaba.fastjson.JSON;
|
||||
import com.example.survey.dao.AuditDao;
|
||||
import com.example.survey.entity.Audit;
|
||||
import com.example.survey.enumeration.ResultEnum;
|
||||
import com.example.survey.util.TokenUtil;
|
||||
import com.example.survey.vo.ResultVO;
|
||||
import lombok.extern.log4j.Log4j2;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
|
||||
import javax.servlet.*;
|
||||
@ -12,6 +15,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
@ -20,10 +25,11 @@ import java.util.Set;
|
||||
* 权限过滤器
|
||||
*/
|
||||
@Log4j2
|
||||
@Configuration
|
||||
//@Configuration
|
||||
public class AuthFilterConfig implements Filter {
|
||||
|
||||
|
||||
@Autowired
|
||||
private AuditDao auditDao;
|
||||
|
||||
/**
|
||||
* 不需要token就能访问的路由
|
||||
@ -48,31 +54,57 @@ public class AuthFilterConfig implements Filter {
|
||||
HttpServletResponse response = (HttpServletResponse) servletResponse;
|
||||
String method = request.getMethod();
|
||||
String uri = request.getRequestURI();
|
||||
String ip = request.getRemoteAddr();
|
||||
|
||||
//生成审计记录
|
||||
Audit audit = new Audit();
|
||||
audit.setIp(ip);
|
||||
Calendar calendar = Calendar.getInstance();
|
||||
calendar.setTime(new Date());
|
||||
calendar.add(Calendar.HOUR_OF_DAY, 8);
|
||||
audit.setTime(calendar.getTime());
|
||||
audit.setUri(uri);
|
||||
|
||||
log.info(method + uri);
|
||||
|
||||
//判断是否需要token
|
||||
|
||||
if (URIS.contains(uri)) {
|
||||
audit.setUserPhone("登录操作,无需权限");
|
||||
auditDao.saveAudit(audit);
|
||||
|
||||
filterChain.doFilter(servletRequest, servletResponse);
|
||||
return;
|
||||
}
|
||||
|
||||
String token = request.getHeader("Authorization");
|
||||
if(uri.startsWith("/investigationRecord/record2word")){
|
||||
if (uri.startsWith("/investigationRecord/record2word")) {
|
||||
token = request.getParameter("token");
|
||||
}
|
||||
if (token == null) {
|
||||
log.error("请求无token");
|
||||
|
||||
audit.setUserPhone("非法请求");
|
||||
auditDao.saveAudit(audit);
|
||||
|
||||
returnJson(response, new ResultVO(ResultEnum.NO_TOKEN));
|
||||
return;
|
||||
}
|
||||
|
||||
if (!TokenUtil.isPass(token, uri, method)) {
|
||||
log.error("非法token或权限不够");
|
||||
|
||||
audit.setUserPhone("非法请求");
|
||||
auditDao.saveAudit(audit);
|
||||
|
||||
returnJson(response, new ResultVO(ResultEnum.INSUFFICIENT_PRIVILEGE));
|
||||
return;
|
||||
}
|
||||
|
||||
TokenUtil.refreshExpireTime(token);
|
||||
TokenUtil.refreshExpireTime(token + " : USER_PHONE");
|
||||
|
||||
audit.setUserPhone((String) TokenUtil.get(token + " : USER_PHONE"));
|
||||
auditDao.saveAudit(audit);
|
||||
|
||||
filterChain.doFilter(servletRequest, servletResponse);
|
||||
}
|
||||
|
||||
@ -0,0 +1,36 @@
|
||||
package com.example.survey.controller;
|
||||
|
||||
import com.example.survey.enumeration.ResultEnum;
|
||||
import com.example.survey.service.AuditService;
|
||||
import com.example.survey.vo.ResultVO;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.format.annotation.DateTimeFormat;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
/**
|
||||
* @author Pope
|
||||
*/
|
||||
@RestController
|
||||
@RequestMapping("/audit")
|
||||
public class AuditController {
|
||||
|
||||
@Autowired
|
||||
private AuditService auditService;
|
||||
|
||||
@GetMapping("/audit")
|
||||
public ResultVO getAudit(@RequestParam(value = "beginTime",required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") Date beginTime,
|
||||
@RequestParam(value = "endTime",required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") Date endTime,
|
||||
@RequestParam(value = "uri",required = false) String uri,
|
||||
@RequestParam("currentPage") int currentPage,
|
||||
@RequestParam(value = "pageSize", defaultValue = "30") int pageSize) {
|
||||
ResultVO resultVO = new ResultVO(ResultEnum.SUCCESS);
|
||||
resultVO.setData(auditService.listAuditLimit(beginTime, endTime, uri, currentPage, pageSize));
|
||||
return resultVO;
|
||||
}
|
||||
|
||||
}
|
||||
@ -29,7 +29,7 @@ public class MetaDataController {
|
||||
return new ResultVO(ResultEnum.SUCCESS);
|
||||
}
|
||||
|
||||
@GetMapping("/metaDataList")
|
||||
@GetMapping("/nameList")
|
||||
public ResultVO listMetaData(@RequestParam(value = "name",required = false) String name,
|
||||
@RequestParam("currentPage")int currentPage,
|
||||
@RequestParam(value = "pageSize",defaultValue = "30")int pageSize){
|
||||
@ -37,20 +37,13 @@ public class MetaDataController {
|
||||
resultMap.put("totalCount", metaDataService.countMetaData(name));
|
||||
resultMap.put("currentPage", currentPage);
|
||||
resultMap.put("pageSize", pageSize);
|
||||
resultMap.put("data", metaDataService.listMetaDataLimit(name,currentPage,pageSize));
|
||||
resultMap.put("data", metaDataService.listMetaDataNameLimit(name,currentPage,pageSize));
|
||||
|
||||
ResultVO resultVO = new ResultVO(ResultEnum.SUCCESS);
|
||||
resultVO.setData(resultMap);
|
||||
return resultVO;
|
||||
}
|
||||
|
||||
@GetMapping("/nameList")
|
||||
public ResultVO getNameList(){
|
||||
ResultVO resultVO = new ResultVO(ResultEnum.SUCCESS);
|
||||
resultVO.setData(metaDataService.getNameList());
|
||||
return resultVO;
|
||||
}
|
||||
|
||||
@PutMapping("/metaData")
|
||||
public ResultVO modifyMetaData(@RequestBody ModifyMetaDataDTO modifyMetaDataDTO){
|
||||
metaDataService.modifyMetaData(modifyMetaDataDTO);
|
||||
|
||||
23
src/main/java/com/example/survey/dao/AuditDao.java
Normal file
23
src/main/java/com/example/survey/dao/AuditDao.java
Normal file
@ -0,0 +1,23 @@
|
||||
package com.example.survey.dao;
|
||||
|
||||
import com.example.survey.entity.Audit;
|
||||
import com.example.survey.vo.AuditVO;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author Pope
|
||||
* 审计
|
||||
*/
|
||||
public interface AuditDao {
|
||||
|
||||
/**
|
||||
* 存储审计记录
|
||||
*
|
||||
* @param audit 审计记录
|
||||
*/
|
||||
void saveAudit(Audit audit);
|
||||
|
||||
List<Audit> listAuditLimit(Date beginTime, Date endTime, String uri, int offset, int pageSize);
|
||||
}
|
||||
43
src/main/java/com/example/survey/dao/impl/AuditDaoImpl.java
Normal file
43
src/main/java/com/example/survey/dao/impl/AuditDaoImpl.java
Normal file
@ -0,0 +1,43 @@
|
||||
package com.example.survey.dao.impl;
|
||||
|
||||
import com.example.survey.dao.AuditDao;
|
||||
import com.example.survey.entity.Audit;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.data.mongodb.core.MongoTemplate;
|
||||
import org.springframework.data.mongodb.core.query.Criteria;
|
||||
import org.springframework.data.mongodb.core.query.Query;
|
||||
import org.springframework.stereotype.Repository;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author Pope
|
||||
*/
|
||||
@Repository
|
||||
public class AuditDaoImpl implements AuditDao {
|
||||
|
||||
@Autowired
|
||||
private MongoTemplate mongoTemplate;
|
||||
|
||||
@Override
|
||||
public void saveAudit(Audit audit) {
|
||||
mongoTemplate.save(audit);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Audit> listAuditLimit(Date beginTime, Date endTime, String uri, int offset, int pageSize) {
|
||||
Criteria criteria = new Criteria();
|
||||
if (uri != null) {
|
||||
criteria.and("uri").is(uri);
|
||||
}
|
||||
if (beginTime != null) {
|
||||
criteria.and("time").gte(beginTime);
|
||||
}
|
||||
if (endTime != null) {
|
||||
criteria.and("time").lte(endTime);
|
||||
}
|
||||
Query query = new Query(criteria).skip(offset).limit(pageSize);
|
||||
return mongoTemplate.find(query, Audit.class);
|
||||
}
|
||||
}
|
||||
@ -11,10 +11,20 @@ import java.util.Date;
|
||||
@Data
|
||||
@Document(collection = "audit")
|
||||
public class Audit {
|
||||
|
||||
/**
|
||||
* 发起请求用户名,若为非法用户则为“非法用户”
|
||||
*/
|
||||
private String userPhone;
|
||||
/**
|
||||
* 发起请求的ip
|
||||
*/
|
||||
private String ip;
|
||||
/**
|
||||
* 请求时间 yyyy-MM-dd : HH:mm:ss
|
||||
*/
|
||||
private Date time;
|
||||
private String route;
|
||||
|
||||
/**
|
||||
* 请求路由
|
||||
*/
|
||||
private String uri;
|
||||
}
|
||||
|
||||
24
src/main/java/com/example/survey/service/AuditService.java
Normal file
24
src/main/java/com/example/survey/service/AuditService.java
Normal file
@ -0,0 +1,24 @@
|
||||
package com.example.survey.service;
|
||||
|
||||
import com.example.survey.vo.AuditVO;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* @author Pope
|
||||
*/
|
||||
public interface AuditService {
|
||||
|
||||
/**
|
||||
* 根据筛选条件分页查询审计记录
|
||||
*
|
||||
* @param beginTime 开始时间
|
||||
* @param endTime 结束时间
|
||||
* @param uri 接口路由
|
||||
* @param currentPage 当前页数
|
||||
* @param pageSize 页大小
|
||||
* @return
|
||||
*/
|
||||
List<AuditVO> listAuditLimit(Date beginTime, Date endTime,String uri, int currentPage, int pageSize);
|
||||
}
|
||||
@ -25,9 +25,9 @@ public interface MetaDataService {
|
||||
* @param name 元数据名
|
||||
* @param currentPage 当前页数
|
||||
* @param pageSize 页大小
|
||||
* @return 元数据
|
||||
* @return 元数据名称
|
||||
*/
|
||||
List<MetaDataVO> listMetaDataLimit(String name, int currentPage, int pageSize);
|
||||
List<String> listMetaDataNameLimit(String name, int currentPage, int pageSize);
|
||||
|
||||
/**
|
||||
* 根据元数据名查询数量
|
||||
|
||||
@ -0,0 +1,34 @@
|
||||
package com.example.survey.service.impl;
|
||||
|
||||
import com.example.survey.dao.AuditDao;
|
||||
import com.example.survey.service.AuditService;
|
||||
import com.example.survey.vo.AuditVO;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* @author Pope
|
||||
*/
|
||||
@Service
|
||||
public class AuditServiceImpl implements AuditService {
|
||||
|
||||
@Autowired
|
||||
AuditDao auditDao;
|
||||
|
||||
@Override
|
||||
public List<AuditVO> listAuditLimit(Date beginTime, Date endTime, String uri, int currentPage, int pageSize) {
|
||||
return auditDao.listAuditLimit(beginTime, endTime, uri, currentPage * pageSize, pageSize).stream()
|
||||
.map(audit -> {
|
||||
AuditVO auditVO = new AuditVO();
|
||||
auditVO.setIp(audit.getIp());
|
||||
auditVO.setTime(audit.getTime());
|
||||
auditVO.setUri(audit.getUri());
|
||||
auditVO.setUserPhone(audit.getUserPhone());
|
||||
return auditVO;
|
||||
}).collect(Collectors.toList());
|
||||
}
|
||||
}
|
||||
@ -50,20 +50,13 @@ public class MetaDataServiceImpl implements MetaDataService {
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<MetaDataVO> listMetaDataLimit(String name, int currentPage, int pageSize) {
|
||||
public List<String> listMetaDataNameLimit(String name, int currentPage, int pageSize) {
|
||||
List<MetaData> metaDataList = metaDataDao.listMetaDataLimit(name, currentPage * pageSize, pageSize);
|
||||
if (metaDataList == null) {
|
||||
return new ArrayList<>();
|
||||
}
|
||||
return metaDataList.stream()
|
||||
.map(metaData -> {
|
||||
MetaDataVO metaDataVO = new MetaDataVO();
|
||||
metaDataVO.setName(metaData.getName());
|
||||
metaDataVO.setForm(metaData.getForm());
|
||||
metaDataVO.setFieldToNameList(metaData.getFieldToNameList());
|
||||
metaDataVO.setConfig(metaData.getConfig());
|
||||
return metaDataVO;
|
||||
})
|
||||
.map(MetaData::getName)
|
||||
.collect(Collectors.toList());
|
||||
}
|
||||
|
||||
|
||||
@ -51,12 +51,14 @@ public class UserServiceImpl implements UserService {
|
||||
if (TokenUtil.existKey(oldToken)) {
|
||||
//已经登录,将旧token过期,
|
||||
TokenUtil.expireKey(oldToken);
|
||||
TokenUtil.expireKey(oldToken + " : USER_PHONE");
|
||||
}
|
||||
}
|
||||
|
||||
//生成新的token并存入redis
|
||||
String newToken = UUID.randomUUID().toString();
|
||||
TokenUtil.set(user.getPhone(), newToken);
|
||||
TokenUtil.set(newToken + " : USER_PHONE", user.getPhone());
|
||||
|
||||
//生成角色列表
|
||||
Set<String> roleNameSet = new HashSet<>();
|
||||
|
||||
21
src/main/java/com/example/survey/vo/AuditVO.java
Normal file
21
src/main/java/com/example/survey/vo/AuditVO.java
Normal file
@ -0,0 +1,21 @@
|
||||
package com.example.survey.vo;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonFormat;
|
||||
import lombok.Data;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
/**
|
||||
* @author Pope
|
||||
*/
|
||||
@Data
|
||||
public class AuditVO {
|
||||
private String userPhone;
|
||||
|
||||
private String ip;
|
||||
|
||||
@JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
|
||||
private Date time;
|
||||
|
||||
private String uri;
|
||||
}
|
||||
@ -0,0 +1 @@
|
||||
GET http://{{host}}:{{port}}{{prefix}}/audit/audit?beginTime=2021-4-24 14:02:00¤tPage=0
|
||||
@ -3,8 +3,8 @@ POST http://{{host}}:{{port}}{{prefix}}/user/login
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
"phone": "cveo111",
|
||||
"password": "cveo111"
|
||||
"phone": "cveo",
|
||||
"password": "cveo123456"
|
||||
}
|
||||
|
||||
###
|
||||
@ -69,8 +69,8 @@ Authorization: 8f6b21a0-fa4b-4241-b5f7-58355048e1f9
|
||||
###
|
||||
|
||||
#查询用户列表
|
||||
GET http://{{host}}:{{port}}{{prefix}}/user/user?username=Pope¤tPage=0
|
||||
Authorization: 8f6b21a0-fa4b-4241-b5f7-58355048e1f9
|
||||
GET http://{{host}}:{{port}}{{prefix}}/user/userList?username=Pope¤tPage=0
|
||||
Authorization: 16d3e816-dc92-4476-8f56-02924e719713
|
||||
###
|
||||
|
||||
#修改用户角色
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user