2021-4-25

添加了审计部分

src/main/java/com/example/survey/config/AuthFilterConfig.java

@@ -1,10 +1,13 @@
 package com.example.survey.config;
 
 import com.alibaba.fastjson.JSON;
+import com.example.survey.dao.AuditDao;
+import com.example.survey.entity.Audit;
 import com.example.survey.enumeration.ResultEnum;
 import com.example.survey.util.TokenUtil;
 import com.example.survey.vo.ResultVO;
 import lombok.extern.log4j.Log4j2;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 
 import javax.servlet.*;
@@ -12,6 +15,8 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.util.Calendar;
+import java.util.Date;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -20,10 +25,11 @@ import java.util.Set;
  * 权限过滤器
  */
 @Log4j2
-@Configuration
+//@Configuration
 public class AuthFilterConfig implements Filter {
 
-
+    @Autowired
+    private AuditDao auditDao;
 
     /**
      * 不需要token就能访问的路由
@@ -48,31 +54,57 @@ public class AuthFilterConfig implements Filter {
         HttpServletResponse response = (HttpServletResponse) servletResponse;
         String method = request.getMethod();
         String uri = request.getRequestURI();
+        String ip = request.getRemoteAddr();
+
+        //生成审计记录
+        Audit audit = new Audit();
+        audit.setIp(ip);
+        Calendar calendar = Calendar.getInstance();
+        calendar.setTime(new Date());
+        calendar.add(Calendar.HOUR_OF_DAY, 8);
+        audit.setTime(calendar.getTime());
+        audit.setUri(uri);
+
         log.info(method + uri);
 
         //判断是否需要token
-
         if (URIS.contains(uri)) {
+            audit.setUserPhone("登录操作，无需权限");
+            auditDao.saveAudit(audit);
+
             filterChain.doFilter(servletRequest, servletResponse);
             return;
         }
 
         String token = request.getHeader("Authorization");
-        if(uri.startsWith("/investigationRecord/record2word")){
+        if (uri.startsWith("/investigationRecord/record2word")) {
             token = request.getParameter("token");
         }
         if (token == null) {
             log.error("请求无token");
+
+            audit.setUserPhone("非法请求");
+            auditDao.saveAudit(audit);
+
             returnJson(response, new ResultVO(ResultEnum.NO_TOKEN));
             return;
         }
 
         if (!TokenUtil.isPass(token, uri, method)) {
             log.error("非法token或权限不够");
+
+            audit.setUserPhone("非法请求");
+            auditDao.saveAudit(audit);
+
             returnJson(response, new ResultVO(ResultEnum.INSUFFICIENT_PRIVILEGE));
             return;
         }
 
+        TokenUtil.refreshExpireTime(token);
+        TokenUtil.refreshExpireTime(token + " : USER_PHONE");
+
+        audit.setUserPhone((String) TokenUtil.get(token + " : USER_PHONE"));
+        auditDao.saveAudit(audit);
 
         filterChain.doFilter(servletRequest, servletResponse);
     }

src/main/java/com/example/survey/controller/AuditController.java

@@ -0,0 +1,36 @@
+package com.example.survey.controller;
+
+import com.example.survey.enumeration.ResultEnum;
+import com.example.survey.service.AuditService;
+import com.example.survey.vo.ResultVO;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.format.annotation.DateTimeFormat;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Date;
+
+/**
+ * @author Pope
+ */
+@RestController
+@RequestMapping("/audit")
+public class AuditController {
+
+    @Autowired
+    private AuditService auditService;
+
+    @GetMapping("/audit")
+    public ResultVO getAudit(@RequestParam(value = "beginTime",required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") Date beginTime,
+                             @RequestParam(value = "endTime",required = false) @DateTimeFormat(pattern = "yyyy-MM-dd HH:mm:ss") Date endTime,
+                             @RequestParam(value = "uri",required = false) String uri,
+                             @RequestParam("currentPage") int currentPage,
+                             @RequestParam(value = "pageSize", defaultValue = "30") int pageSize) {
+        ResultVO resultVO = new ResultVO(ResultEnum.SUCCESS);
+        resultVO.setData(auditService.listAuditLimit(beginTime, endTime, uri, currentPage, pageSize));
+        return resultVO;
+    }
+
+}

src/main/java/com/example/survey/controller/MetaDataController.java

@@ -29,7 +29,7 @@ public class MetaDataController {
         return new ResultVO(ResultEnum.SUCCESS);
     }
 
-    @GetMapping("/metaDataList")
+    @GetMapping("/nameList")
     public ResultVO listMetaData(@RequestParam(value = "name",required = false) String name,
                                 @RequestParam("currentPage")int currentPage,
                                 @RequestParam(value = "pageSize",defaultValue = "30")int pageSize){
@@ -37,20 +37,13 @@ public class MetaDataController {
         resultMap.put("totalCount", metaDataService.countMetaData(name));
         resultMap.put("currentPage", currentPage);
         resultMap.put("pageSize", pageSize);
-        resultMap.put("data", metaDataService.listMetaDataLimit(name,currentPage,pageSize));
+        resultMap.put("data", metaDataService.listMetaDataNameLimit(name,currentPage,pageSize));
 
         ResultVO resultVO = new ResultVO(ResultEnum.SUCCESS);
         resultVO.setData(resultMap);
         return resultVO;
     }
 
-    @GetMapping("/nameList")
-    public ResultVO getNameList(){
-        ResultVO resultVO = new ResultVO(ResultEnum.SUCCESS);
-        resultVO.setData(metaDataService.getNameList());
-        return resultVO;
-    }
-
     @PutMapping("/metaData")
     public ResultVO modifyMetaData(@RequestBody ModifyMetaDataDTO modifyMetaDataDTO){
         metaDataService.modifyMetaData(modifyMetaDataDTO);

src/main/java/com/example/survey/dao/AuditDao.java

@@ -0,0 +1,23 @@
+package com.example.survey.dao;
+
+import com.example.survey.entity.Audit;
+import com.example.survey.vo.AuditVO;
+
+import java.util.Date;
+import java.util.List;
+
+/**
+ * @author Pope
+ * 审计
+ */
+public interface AuditDao {
+
+    /**
+     * 存储审计记录
+     *
+     * @param audit 审计记录
+     */
+    void saveAudit(Audit audit);
+
+    List<Audit> listAuditLimit(Date beginTime, Date endTime, String uri, int offset, int pageSize);
+}

src/main/java/com/example/survey/dao/impl/AuditDaoImpl.java

@@ -0,0 +1,43 @@
+package com.example.survey.dao.impl;
+
+import com.example.survey.dao.AuditDao;
+import com.example.survey.entity.Audit;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.mongodb.core.MongoTemplate;
+import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.query.Query;
+import org.springframework.stereotype.Repository;
+
+import java.util.Date;
+import java.util.List;
+
+/**
+ * @author Pope
+ */
+@Repository
+public class AuditDaoImpl implements AuditDao {
+
+    @Autowired
+    private MongoTemplate mongoTemplate;
+
+    @Override
+    public void saveAudit(Audit audit) {
+        mongoTemplate.save(audit);
+    }
+
+    @Override
+    public List<Audit> listAuditLimit(Date beginTime, Date endTime, String uri, int offset, int pageSize) {
+        Criteria criteria = new Criteria();
+        if (uri != null) {
+            criteria.and("uri").is(uri);
+        }
+        if (beginTime != null) {
+            criteria.and("time").gte(beginTime);
+        }
+        if (endTime != null) {
+            criteria.and("time").lte(endTime);
+        }
+        Query query = new Query(criteria).skip(offset).limit(pageSize);
+        return mongoTemplate.find(query, Audit.class);
+    }
+}

src/main/java/com/example/survey/entity/Audit.java

@@ -11,10 +11,20 @@ import java.util.Date;
 @Data
 @Document(collection = "audit")
 public class Audit {
-
+    /**
+     * 发起请求用户名，若为非法用户则为“非法用户”
+     */
     private String userPhone;
+    /**
+     * 发起请求的ip
+     */
     private String ip;
+    /**
+     * 请求时间 yyyy-MM-dd : HH:mm:ss
+     */
     private Date time;
-    private String route;
+    /**
-
+     * 请求路由
+     */
+    private String uri;
 }

src/main/java/com/example/survey/service/AuditService.java

@@ -0,0 +1,24 @@
+package com.example.survey.service;
+
+import com.example.survey.vo.AuditVO;
+
+import java.util.Date;
+import java.util.List;
+
+/**
+ * @author Pope
+ */
+public interface AuditService {
+
+    /**
+     * 根据筛选条件分页查询审计记录
+     *
+     * @param beginTime 开始时间
+     * @param endTime 结束时间
+     * @param uri 接口路由
+     * @param currentPage 当前页数
+     * @param pageSize 页大小
+     * @return
+     */
+    List<AuditVO> listAuditLimit(Date beginTime, Date endTime,String uri, int currentPage, int pageSize);
+}

src/main/java/com/example/survey/service/MetaDataService.java

@@ -25,9 +25,9 @@ public interface MetaDataService {
      * @param name 元数据名
      * @param currentPage 当前页数
      * @param pageSize 页大小
-     * @return 元数据
+     * @return 元数据名称
      */
-    List<MetaDataVO> listMetaDataLimit(String name, int currentPage, int pageSize);
+    List<String> listMetaDataNameLimit(String name, int currentPage, int pageSize);
 
     /**
      * 根据元数据名查询数量

src/main/java/com/example/survey/service/impl/AuditServiceImpl.java

@@ -0,0 +1,34 @@
+package com.example.survey.service.impl;
+
+import com.example.survey.dao.AuditDao;
+import com.example.survey.service.AuditService;
+import com.example.survey.vo.AuditVO;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Date;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * @author Pope
+ */
+@Service
+public class AuditServiceImpl implements AuditService {
+
+    @Autowired
+    AuditDao auditDao;
+
+    @Override
+    public List<AuditVO> listAuditLimit(Date beginTime, Date endTime, String uri, int currentPage, int pageSize) {
+        return auditDao.listAuditLimit(beginTime, endTime, uri, currentPage * pageSize, pageSize).stream()
+                .map(audit -> {
+                    AuditVO auditVO = new AuditVO();
+                    auditVO.setIp(audit.getIp());
+                    auditVO.setTime(audit.getTime());
+                    auditVO.setUri(audit.getUri());
+                    auditVO.setUserPhone(audit.getUserPhone());
+                    return auditVO;
+                }).collect(Collectors.toList());
+    }
+}

src/main/java/com/example/survey/service/impl/MetaDataServiceImpl.java

@@ -50,20 +50,13 @@ public class MetaDataServiceImpl implements MetaDataService {
     }
 
     @Override
-    public List<MetaDataVO> listMetaDataLimit(String name, int currentPage, int pageSize) {
+    public List<String> listMetaDataNameLimit(String name, int currentPage, int pageSize) {
         List<MetaData> metaDataList = metaDataDao.listMetaDataLimit(name, currentPage * pageSize, pageSize);
         if (metaDataList == null) {
             return new ArrayList<>();
         }
         return metaDataList.stream()
-                .map(metaData -> {
+                .map(MetaData::getName)
-                    MetaDataVO metaDataVO = new MetaDataVO();
-                    metaDataVO.setName(metaData.getName());
-                    metaDataVO.setForm(metaData.getForm());
-                    metaDataVO.setFieldToNameList(metaData.getFieldToNameList());
-                    metaDataVO.setConfig(metaData.getConfig());
-                    return metaDataVO;
-                })
                 .collect(Collectors.toList());
     }
 

src/main/java/com/example/survey/service/impl/UserServiceImpl.java

@@ -51,12 +51,14 @@ public class UserServiceImpl implements UserService {
             if (TokenUtil.existKey(oldToken)) {
                 //已经登录，将旧token过期，
                 TokenUtil.expireKey(oldToken);
+                TokenUtil.expireKey(oldToken + " : USER_PHONE");
             }
         }
 
         //生成新的token并存入redis
         String newToken = UUID.randomUUID().toString();
         TokenUtil.set(user.getPhone(), newToken);
+        TokenUtil.set(newToken + " : USER_PHONE", user.getPhone());
 
         //生成角色列表
         Set<String> roleNameSet = new HashSet<>();

src/main/java/com/example/survey/vo/AuditVO.java

@@ -0,0 +1,21 @@
+package com.example.survey.vo;
+
+import com.fasterxml.jackson.annotation.JsonFormat;
+import lombok.Data;
+
+import java.util.Date;
+
+/**
+ * @author Pope
+ */
+@Data
+public class AuditVO {
+    private String userPhone;
+
+    private String ip;
+
+    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
+    private Date time;
+
+    private String uri;
+}

src/test/java/com/example/survey/controller/AuditApi.http

@@ -0,0 +1 @@
+GET http://{{host}}:{{port}}{{prefix}}/audit/audit?beginTime=2021-4-24 14:02:00&currentPage=0

src/test/java/com/example/survey/controller/UserApi.http

@@ -3,8 +3,8 @@ POST http://{{host}}:{{port}}{{prefix}}/user/login
 Content-Type: application/json
 
 {
-    "phone": "cveo111",
+    "phone": "cveo",
-    "password": "cveo111"
+    "password": "cveo123456"
 }
 
 ###
@@ -69,8 +69,8 @@ Authorization: 8f6b21a0-fa4b-4241-b5f7-58355048e1f9
 ###
 
 #查询用户列表
-GET http://{{host}}:{{port}}{{prefix}}/user/user?username=Pope&currentPage=0
+GET http://{{host}}:{{port}}{{prefix}}/user/userList?username=Pope&currentPage=0
-Authorization: 8f6b21a0-fa4b-4241-b5f7-58355048e1f9
+Authorization: 16d3e816-dc92-4476-8f56-02924e719713
 ###
 
 #修改用户角色