diff --git a/continew-admin-common/src/main/java/top/charles7c/continew/admin/common/constant/SysConstants.java b/continew-admin-common/src/main/java/top/charles7c/continew/admin/common/constant/SysConstants.java index b4dd0b2a..1164ee9d 100644 --- a/continew-admin-common/src/main/java/top/charles7c/continew/admin/common/constant/SysConstants.java +++ b/continew-admin-common/src/main/java/top/charles7c/continew/admin/common/constant/SysConstants.java @@ -46,11 +46,6 @@ public class SysConstants { */ public static final String ALL_PERMISSION = StringConstants.ASTERISK; - /** - * 默认密码 - */ - public static final String DEFAULT_PASSWORD = "123456"; - /** * 账号登录 URI */ diff --git a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserPasswordResetReq.java b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserPasswordResetReq.java new file mode 100644 index 00000000..40e0e7ef --- /dev/null +++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserPasswordResetReq.java @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package top.charles7c.continew.admin.system.model.req; + +import io.swagger.v3.oas.annotations.media.Schema; +import jakarta.validation.constraints.NotBlank; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; + +/** + * 用户密码重置信息 + * + * @author Charles7c + * @since 2024/2/2 22:50 + */ +@Data +@Schema(description = "用户密码重置信息") +public class UserPasswordResetReq implements Serializable { + + @Serial + private static final long serialVersionUID = 1L; + + /** + * 新密码(加密) + */ + @Schema(description = "新密码(加密)", example = "Gzc78825P5baH190lRuZFb9KJxRt/psN2jiyOMPoc5WRcCvneCwqDm3Q33BZY56EzyyVy7vQu7jQwYTK4j1+5w==") + @NotBlank(message = "新密码不能为空") + private String newPassword; +} diff --git a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserReq.java b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserReq.java index 6d88edc8..754caef5 100644 --- a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserReq.java +++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/model/req/UserReq.java @@ -28,6 +28,7 @@ import top.charles7c.continew.admin.common.constant.RegexConstants; import top.charles7c.continew.admin.common.enums.DisEnableStatusEnum; import top.charles7c.continew.admin.common.enums.GenderEnum; import top.charles7c.continew.starter.extension.crud.model.req.BaseReq; +import top.charles7c.continew.starter.extension.crud.util.ValidateGroup; import java.io.Serial; import java.util.List; @@ -61,6 +62,13 @@ public class UserReq extends BaseReq { @Pattern(regexp = RegexConstants.GENERAL_NAME, message = "昵称长度为 2 到 30 位,可以包含中文、字母、数字、下划线,短横线") private String nickname; + /** + * 密码(加密) + */ + @Schema(description = "密码(加密)", example = "E7c72TH+LDxKTwavjM99W1MdI9Lljh79aPKiv3XB9MXcplhm7qJ1BJCj28yaflbdVbfc366klMtjLIWQGqb0qw==") + @NotBlank(message = "密码不能为空", groups = ValidateGroup.Crud.Add.class) + private String password; + /** * 邮箱 */ diff --git a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/UserService.java b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/UserService.java index fbe01841..cf90ef3f 100644 --- a/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/UserService.java +++ b/continew-admin-system/src/main/java/top/charles7c/continew/admin/system/service/UserService.java @@ -20,6 +20,7 @@ import org.springframework.web.multipart.MultipartFile; import top.charles7c.continew.admin.system.model.entity.UserDO; import top.charles7c.continew.admin.system.model.query.UserQuery; import top.charles7c.continew.admin.system.model.req.UserBasicInfoUpdateReq; +import top.charles7c.continew.admin.system.model.req.UserPasswordResetReq; import top.charles7c.continew.admin.system.model.req.UserReq; import top.charles7c.continew.admin.system.model.req.UserRoleUpdateReq; import top.charles7c.continew.admin.system.model.resp.UserDetailResp; @@ -92,9 +93,10 @@ public interface UserService extends BaseService authorize(@PathVariable String source) { AuthRequest authRequest = this.getAuthRequest(source); return R.ok("操作成功", authRequest.authorize(AuthStateUtils.createState())); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/common/CaptchaController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/common/CaptchaController.java index aa7eb080..b5c3aac7 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/common/CaptchaController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/common/CaptchaController.java @@ -105,7 +105,7 @@ public class CaptchaController { @Operation(summary = "获取邮箱验证码", description = "发送验证码到指定邮箱") @GetMapping("/mail") - public R getMailCaptcha(@NotBlank(message = "邮箱不能为空") @Pattern(regexp = RegexPool.EMAIL, message = "邮箱格式错误") String email) throws MessagingException { + public R getMailCaptcha(@NotBlank(message = "邮箱不能为空") @Pattern(regexp = RegexPool.EMAIL, message = "邮箱格式错误") String email) throws MessagingException { String limitKeyPrefix = CacheConstants.LIMIT_KEY_PREFIX; String captchaKeyPrefix = CacheConstants.CAPTCHA_KEY_PREFIX; String limitCaptchaKey = limitKeyPrefix + captchaKeyPrefix + email; @@ -129,9 +129,9 @@ public class CaptchaController { @Operation(summary = "获取短信验证码", description = "发送验证码到指定手机号") @GetMapping("/sms") - public R getSmsCaptcha(@NotBlank(message = "手机号不能为空") @Pattern(regexp = RegexPool.MOBILE, message = "手机号格式错误") String phone, - CaptchaVO captchaReq, - HttpServletRequest request) { + public R getSmsCaptcha(@NotBlank(message = "手机号不能为空") @Pattern(regexp = RegexPool.MOBILE, message = "手机号格式错误") String phone, + CaptchaVO captchaReq, + HttpServletRequest request) { // 行为验证码校验 ResponseModel verificationRes = captchaService.verification(captchaReq); ValidationUtils.throwIfNotEqual(verificationRes.getRepCode(), RepCodeEnum.SUCCESS.getCode(), verificationRes diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/monitor/OnlineUserController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/monitor/OnlineUserController.java index 7f609903..72cc262b 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/monitor/OnlineUserController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/monitor/OnlineUserController.java @@ -62,7 +62,7 @@ public class OnlineUserController { @Parameter(name = "token", description = "令牌", example = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJsb2dpblR5cGUiOiJsb2dpbiIsImxvZ2luSWQiOjEsInJuU3RyIjoiTUd6djdyOVFoeHEwdVFqdFAzV3M5YjVJRzh4YjZPSEUifQ.7q7U3ouoN7WPhH2kUEM7vPe5KF3G_qavSG-vRgIxKvE", in = ParameterIn.PATH) @SaCheckPermission("monitor:online:user:delete") @DeleteMapping("/{token}") - public R kickout(@PathVariable String token) { + public R kickout(@PathVariable String token) { String currentToken = StpUtil.getTokenValue(); CheckUtils.throwIfEqual(token, currentToken, "不能强退自己"); StpUtil.kickoutByTokenValue(token); diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/AnnouncementController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/AnnouncementController.java index e2b61dff..9204115e 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/AnnouncementController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/AnnouncementController.java @@ -56,8 +56,8 @@ public class AnnouncementController extends BaseController update(@Validated(ValidateGroup.Crud.Update.class) @RequestBody AnnouncementReq req, + @PathVariable Long id) { this.checkTime(req); return super.update(req, id); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MenuController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MenuController.java index b5558f8a..bc3a93e3 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MenuController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MenuController.java @@ -55,7 +55,7 @@ public class MenuController extends BaseController update(@Validated(ValidateGroup.Crud.Update.class) @RequestBody MenuReq req, @PathVariable Long id) { this.checkPath(req); return super.update(req, id); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MessageController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MessageController.java index dc3742e3..91106e93 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MessageController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/MessageController.java @@ -61,7 +61,7 @@ public class MessageController { @Operation(summary = "删除数据", description = "删除数据") @Parameter(name = "ids", description = "ID 列表", example = "1,2", in = ParameterIn.PATH) @DeleteMapping("/{ids}") - public R delete(@PathVariable List ids) { + public R delete(@PathVariable List ids) { baseService.delete(ids); return R.ok("删除成功"); } @@ -69,7 +69,7 @@ public class MessageController { @Operation(summary = "标记已读", description = "将消息标记为已读状态") @Parameter(name = "ids", description = "消息ID列表", example = "1,2", in = ParameterIn.QUERY) @PatchMapping("/read") - public R readMessage(@RequestParam(required = false) List ids) { + public R readMessage(@RequestParam(required = false) List ids) { messageUserService.readMessage(ids); return R.ok(); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/OptionController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/OptionController.java index 2650952f..8c6b2d90 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/OptionController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/OptionController.java @@ -59,7 +59,7 @@ public class OptionController { @Operation(summary = "修改参数", description = "修改参数") @SaCheckPermission("system:config:update") @PatchMapping - public R update(@Validated @RequestBody List req) { + public R update(@Validated @RequestBody List req) { optionService.update(req); return R.ok(); } @@ -67,7 +67,7 @@ public class OptionController { @Operation(summary = "重置参数", description = "重置参数") @SaCheckPermission("system:config:reset") @PatchMapping("/value") - public R resetValue(@Validated @RequestBody OptionResetValueReq req) { + public R resetValue(@Validated @RequestBody OptionResetValueReq req) { optionService.resetValue(req); return R.ok(); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java index 4afa4c6a..f44b20bc 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserCenterController.java @@ -80,14 +80,14 @@ public class UserCenterController { @Operation(summary = "修改基础信息", description = "修改用户基础信息") @PatchMapping("/basic/info") - public R updateBasicInfo(@Validated @RequestBody UserBasicInfoUpdateReq req) { + public R updateBasicInfo(@Validated @RequestBody UserBasicInfoUpdateReq req) { userService.updateBasicInfo(req, LoginHelper.getUserId()); return R.ok("修改成功"); } @Operation(summary = "修改密码", description = "修改用户登录密码") @PatchMapping("/password") - public R updatePassword(@Validated @RequestBody UserPasswordUpdateReq updateReq) { + public R updatePassword(@Validated @RequestBody UserPasswordUpdateReq updateReq) { String rawOldPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq .getOldPassword())); ValidationUtils.throwIfNull(rawOldPassword, "当前密码解密失败"); @@ -97,12 +97,12 @@ public class UserCenterController { ValidationUtils.throwIf(!ReUtil .isMatch(RegexConstants.PASSWORD, rawNewPassword), "密码长度为 6 到 32 位,可以包含字母、数字、下划线,特殊字符,同时包含字母和数字"); userService.updatePassword(rawOldPassword, rawNewPassword, LoginHelper.getUserId()); - return R.ok("修改成功"); + return R.ok("修改成功,请牢记你的新密码"); } @Operation(summary = "修改手机号", description = "修改手机号") @PatchMapping("/phone") - public R updatePhone(@Validated @RequestBody UserPhoneUpdateReq updateReq) { + public R updatePhone(@Validated @RequestBody UserPhoneUpdateReq updateReq) { String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq .getCurrentPassword())); ValidationUtils.throwIfBlank(rawCurrentPassword, "当前密码解密失败"); @@ -117,7 +117,7 @@ public class UserCenterController { @Operation(summary = "修改邮箱", description = "修改用户邮箱") @PatchMapping("/email") - public R updateEmail(@Validated @RequestBody UserEmailUpdateRequest updateReq) { + public R updateEmail(@Validated @RequestBody UserEmailUpdateRequest updateReq) { String rawCurrentPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(updateReq .getCurrentPassword())); ValidationUtils.throwIfBlank(rawCurrentPassword, "当前密码解密失败"); @@ -147,7 +147,7 @@ public class UserCenterController { @Operation(summary = "绑定三方账号", description = "绑定三方账号") @Parameter(name = "source", description = "来源", example = "gitee", in = ParameterIn.PATH) @PostMapping("/social/{source}") - public R bindSocial(@PathVariable String source, @RequestBody AuthCallback callback) { + public R bindSocial(@PathVariable String source, @RequestBody AuthCallback callback) { AuthRequest authRequest = authRequestFactory.get(source); AuthResponse response = authRequest.login(callback); ValidationUtils.throwIf(!response.ok(), response.getMsg()); @@ -159,7 +159,7 @@ public class UserCenterController { @Operation(summary = "解绑三方账号", description = "解绑三方账号") @Parameter(name = "source", description = "来源", example = "gitee", in = ParameterIn.PATH) @DeleteMapping("/social/{source}") - public R unbindSocial(@PathVariable String source) { + public R unbindSocial(@PathVariable String source) { userSocialService.deleteBySourceAndUserId(source, LoginHelper.getUserId()); return R.ok("解绑成功"); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserController.java index 35416124..a1b3619e 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/system/UserController.java @@ -16,26 +16,28 @@ package top.charles7c.continew.admin.webapi.system; +import cn.dev33.satoken.annotation.SaCheckPermission; +import cn.hutool.core.util.ReUtil; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.enums.ParameterIn; import io.swagger.v3.oas.annotations.tags.Tag; - import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.PatchMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RestController; - -import cn.dev33.satoken.annotation.SaCheckPermission; - -import top.charles7c.continew.admin.common.constant.SysConstants; +import top.charles7c.continew.admin.common.constant.RegexConstants; +import top.charles7c.continew.admin.common.util.SecureUtils; import top.charles7c.continew.admin.system.model.query.UserQuery; +import top.charles7c.continew.admin.system.model.req.UserPasswordResetReq; import top.charles7c.continew.admin.system.model.req.UserReq; import top.charles7c.continew.admin.system.model.req.UserRoleUpdateReq; import top.charles7c.continew.admin.system.model.resp.UserDetailResp; import top.charles7c.continew.admin.system.model.resp.UserResp; import top.charles7c.continew.admin.system.service.UserService; +import top.charles7c.continew.starter.core.util.ExceptionUtils; +import top.charles7c.continew.starter.core.util.validate.ValidationUtils; import top.charles7c.continew.starter.extension.crud.annotation.CrudRequestMapping; import top.charles7c.continew.starter.extension.crud.controller.BaseController; import top.charles7c.continew.starter.extension.crud.util.ValidateGroup; @@ -56,24 +58,34 @@ public class UserController extends BaseController add(@Validated(ValidateGroup.Crud.Add.class) @RequestBody UserReq req) { + String rawPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getPassword())); + ValidationUtils.throwIfNull(rawPassword, "密码解密失败"); + ValidationUtils.throwIf(!ReUtil + .isMatch(RegexConstants.PASSWORD, rawPassword), "密码长度为 6 到 32 位,可以包含字母、数字、下划线,特殊字符,同时包含字母和数字"); + req.setPassword(rawPassword); Long id = baseService.add(req); - return R.ok(String.format("新增成功,请牢记默认密码:%s", SysConstants.DEFAULT_PASSWORD), id); + return R.ok("新增成功", id); } @Operation(summary = "重置密码", description = "重置用户登录密码为默认密码") @Parameter(name = "id", description = "ID", example = "1", in = ParameterIn.PATH) @SaCheckPermission("system:user:password:reset") @PatchMapping("/{id}/password") - public R resetPassword(@PathVariable Long id) { - baseService.resetPassword(id); - return R.ok(String.format("重置密码成功,请牢记默认密码:%s", SysConstants.DEFAULT_PASSWORD)); + public R resetPassword(@Validated @RequestBody UserPasswordResetReq req, @PathVariable Long id) { + String rawNewPassword = ExceptionUtils.exToNull(() -> SecureUtils.decryptByRsaPrivateKey(req.getNewPassword())); + ValidationUtils.throwIfNull(rawNewPassword, "新密码解密失败"); + ValidationUtils.throwIf(!ReUtil + .isMatch(RegexConstants.PASSWORD, rawNewPassword), "密码长度为 6 到 32 位,可以包含字母、数字、下划线,特殊字符,同时包含字母和数字"); + req.setNewPassword(rawNewPassword); + baseService.resetPassword(req, id); + return R.ok("重置密码成功"); } @Operation(summary = "分配角色", description = "为用户新增或移除角色") @Parameter(name = "id", description = "ID", example = "1", in = ParameterIn.PATH) @SaCheckPermission("system:user:role:update") @PatchMapping("/{id}/role") - public R updateRole(@Validated @RequestBody UserRoleUpdateReq updateReq, @PathVariable Long id) { + public R updateRole(@Validated @RequestBody UserRoleUpdateReq updateReq, @PathVariable Long id) { baseService.updateRole(updateReq, id); return R.ok("分配成功"); } diff --git a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/tool/GeneratorController.java b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/tool/GeneratorController.java index 0c35a696..fe5b1648 100644 --- a/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/tool/GeneratorController.java +++ b/continew-admin-webapi/src/main/java/top/charles7c/continew/admin/webapi/tool/GeneratorController.java @@ -89,7 +89,7 @@ public class GeneratorController { @Parameter(name = "tableName", description = "表名称", required = true, example = "sys_user", in = ParameterIn.PATH) @SaCheckPermission("tool:generator:list") @PostMapping("/config/{tableName}") - public R saveConfig(@Validated @RequestBody GenConfigReq req, @PathVariable String tableName) { + public R saveConfig(@Validated @RequestBody GenConfigReq req, @PathVariable String tableName) { generatorService.saveConfig(req, tableName); return R.ok("保存成功"); } @@ -106,7 +106,7 @@ public class GeneratorController { @Parameter(name = "tableName", description = "表名称", required = true, example = "sys_user", in = ParameterIn.PATH) @SaCheckPermission("tool:generator:list") @PostMapping("/{tableName}") - public R generate(@PathVariable String tableName) { + public R generate(@PathVariable String tableName) { ValidationUtils.throwIf(projectProperties.isProduction(), "仅支持在开发环境生成代码"); generatorService.generate(tableName); return R.ok("生成成功,请查看生成代码是否正确"); diff --git a/continew-admin-webapi/src/main/resources/config/application-dev.yml b/continew-admin-webapi/src/main/resources/config/application-dev.yml index 4abb490c..279aff47 100644 --- a/continew-admin-webapi/src/main/resources/config/application-dev.yml +++ b/continew-admin-webapi/src/main/resources/config/application-dev.yml @@ -258,8 +258,4 @@ spring.servlet: max-request-size: 20MB ## 头像支持格式配置 avatar: - support-suffix: - - jpg - - jpeg - - png - - gif + support-suffix: jpg,jpeg,png,gif diff --git a/continew-admin-webapi/src/main/resources/config/application-prod.yml b/continew-admin-webapi/src/main/resources/config/application-prod.yml index 2edaaf20..59989037 100644 --- a/continew-admin-webapi/src/main/resources/config/application-prod.yml +++ b/continew-admin-webapi/src/main/resources/config/application-prod.yml @@ -258,8 +258,4 @@ spring.servlet: max-request-size: 20MB ## 头像支持格式配置 avatar: - support-suffix: - - jpg - - jpeg - - png - - gif + support-suffix: jpg,jpeg,png,gif