业务用户完成

authorize-api-service/src/main/java/com/xy/config/SaTokenInterceptorImpl.java

@@ -4,8 +4,10 @@ import cn.dev33.satoken.stp.StpUtil;
 import com.xy.ServerWebConfig;
 import com.xy.enums.SaTokenEnum;
 import com.xy.error.CommRuntimeException;
+import com.xy.redis.RedisCache;
 import com.xy.swagger.Knife4jConfig;
 import com.xy.utils.Emptys;
+import com.xy.utils.SaTokenUtils;
 import lombok.AllArgsConstructor;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -30,6 +32,7 @@ public class SaTokenInterceptorImpl extends HandlerInterceptorAdapter implements
      */
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        //登录校验
         String satoken = request.getHeader(saTokenAuthorizeConfig.getTokenName());
         if (!Emptys.check(satoken)) {
             throw new CommRuntimeException(SaTokenEnum.NO_LOGIN.getKey(), SaTokenEnum.NO_LOGIN.getName());
@@ -38,6 +41,14 @@ public class SaTokenInterceptorImpl extends HandlerInterceptorAdapter implements
         if (loginIdByToken == null) {
             throw new CommRuntimeException(SaTokenEnum.NO_LOGIN.getKey(), SaTokenEnum.NO_LOGIN.getName());
         }
+        //接口权限
+        if (saTokenAuthorizeConfig != null && saTokenAuthorizeConfig.getEnablePermission()) {
+            String permission = request.getRequestURI();
+            List<String> menuInterfaceUri = RedisCache.getMenuInterfaceUri(Long.parseLong(SaTokenUtils.getId().toString()));
+            if (!menuInterfaceUri.contains(permission)) {
+                throw new CommRuntimeException(SaTokenEnum.NO_AUTHORITY.getKey(), SaTokenEnum.NO_AUTHORITY.getName());
+            }
+        }
         return true;
     }
 

authorize-api-service/src/main/java/com/xy/redis/RedisCache.java

@@ -36,14 +36,14 @@ public class RedisCache {
     /**
      * 权限系统默认系统ID，代表本系统
      */
-    private static final Long DEFAULT_STSTEM_ID = 1L;
+    public static final Long DEFAULT_STSTEM_ID = 1L;
 
     private static RedisService<List<CacheEntity>> getRedisService() {
         return SpringBeanUtils.getBean(RedisService.class);
     }
 
     private static String getKey(Long loginId) {
-        return String.format("%s:%d", "system_menu", loginId);
+        return String.format("%s:%d", "menu", loginId);
     }
 
     /**
@@ -184,10 +184,13 @@ public class RedisCache {
      * @return
      */
     public static List<SysMenuJoinSysRoleMenu> getMenu(Long loginId, Long systemId) {
+        JList<SysMenuJoinSysRoleMenu> sysMenuJoinSysRoleMenus = new JArrayList<>();
         //获取redis缓存
         List<RedisCache.CacheEntity> cacheEntities = getRedisService().getMap(getKey(loginId), systemId.toString());
+        if (!Emptys.check(cacheEntities)) {
+            return sysMenuJoinSysRoleMenus;
+        }
         //角色菜单累加
-        JList<SysMenuJoinSysRoleMenu> sysMenuJoinSysRoleMenus = new JArrayList<>();
         cacheEntities.forEach(cacheEntity -> sysMenuJoinSysRoleMenus.addAll(cacheEntity.getList()));
         //去重
         sysMenuJoinSysRoleMenus.comparing(SysMenuJoinSysRoleMenu::getId);
@@ -235,18 +238,22 @@ public class RedisCache {
     /**
      * 判断数据查询权限
      *
-     * @param loginId 登录id
+     * @param loginId  登录id
+     * @param systemId 系统id
+     * @param systemId 接口uri
      * @return true=管理员数据查询权限 false=普通查询权限
      */
-    public static boolean getDataAuth(Long loginId, Long systemId) {
-        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+    public static boolean getDataAuth(Long loginId, Long systemId, String uri) {
         //获取redis缓存
         List<CacheEntity> cacheEntities = getRedisService().getMap(getKey(loginId), systemId.toString());
+        if (!Emptys.check(cacheEntities)) {
+            return false;
+        }
         //遍历角色
         for (CacheEntity cacheEntity : cacheEntities) {
             //根据 接口uri和管理员数据查询权限=true 查找角色菜单，找到则有管理员数据查询权限，反之普通查询权限
             SysMenuJoinSysRoleMenu sysMenuJoinSysRoleMenu = new JArrayList<>(cacheEntity.getList()).filter()
-                    .eq(SysMenuJoinSysRoleMenu::getInterfaceUri, request.getRequestURI())
+                    .eq(SysMenuJoinSysRoleMenu::getInterfaceUri, uri)
                     .eq(SysMenuJoinSysRoleMenu::getSelectIsAdmin, true)
                     .object();
             if (sysMenuJoinSysRoleMenu != null) {
@@ -263,11 +270,12 @@ public class RedisCache {
      * @return true=管理员数据查询权限 false=普通查询权限
      */
     public static boolean getDataAuth(Long loginId) {
-        return getDataAuth(loginId, DEFAULT_STSTEM_ID);
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+        return getDataAuth(loginId, DEFAULT_STSTEM_ID, request.getRequestURI());
     }
 
     /**
-     * 判断数据查询权限
+     * 判断数据查询权限（引用传递，业务系统无法使用）
      *
      * @param loginId            登录id
      * @param lambdaQueryWrapper 查询构造器
@@ -275,7 +283,8 @@ public class RedisCache {
      * @return true=管理员数据查询权限 false=普通查询权限
      */
     public static <T> boolean getDataAuth(Long loginId, Long systemId, LambdaQueryWrapper<T> lambdaQueryWrapper, SFunction<T, ?> function) {
-        boolean dataAuth = getDataAuth(loginId, systemId);
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+        boolean dataAuth = getDataAuth(loginId, systemId, request.getRequestURI());
         if (!dataAuth) {
             lambdaQueryWrapper.eq(function, loginId);
         }
@@ -283,7 +292,7 @@ public class RedisCache {
     }
 
     /**
-     * 判断数据查询权限
+     * 判断数据查询权限（引用传递，业务系统无法使用）
      *
      * @param loginId            登录id
      * @param lambdaQueryWrapper 查询构造器
@@ -302,6 +311,9 @@ public class RedisCache {
      */
     public static List<Long> getSystemIds(Long loginId) {
         Map<String, List<CacheEntity>> map = getRedisService().getMap(getKey(loginId));
+        if (!Emptys.check(map)) {
+            return new ArrayList<>();
+        }
         List<Long> list = new ArrayList<>(map.size());
         map.forEach((s, cacheEntities) -> list.add(Long.parseLong(s)));
         return list;
@@ -315,6 +327,9 @@ public class RedisCache {
      */
     public static List<Long> getRoleIds(Long loginId, Long systemId) {
         List<CacheEntity> cacheEntities = getRedisService().getMap(getKey(loginId), systemId.toString());
+        if (!Emptys.check(cacheEntities)) {
+            return new ArrayList<>();
+        }
         List<Long> list = new ArrayList<>(cacheEntities.size());
         cacheEntities.forEach(cacheEntity -> list.add(Long.parseLong(cacheEntity.getRoleId().toString())));
         return list;
@@ -330,6 +345,41 @@ public class RedisCache {
         return getRoleIds(loginId, DEFAULT_STSTEM_ID);
     }
 
+    /**
+     * 获取所有菜单接口uri
+     *
+     * @param loginId  登录id
+     * @param systemId 系统id
+     * @return
+     */
+    public static List<String> getMenuInterfaceUri(Long loginId, Long systemId) {
+        JList<String> list = new JArrayList<>();
+        //获取redis缓存
+        List<CacheEntity> cacheEntities = getRedisService().getMap(getKey(loginId), systemId.toString());
+        if (!Emptys.check(cacheEntities)) {
+            return list;
+        }
+        //遍历角色
+        for (CacheEntity cacheEntity : cacheEntities) {
+            List<SysMenuJoinSysRoleMenu> sysMenuJoinSysRoleMenus = cacheEntity.getList();
+            list.addAll(new JArrayList<>(sysMenuJoinSysRoleMenus).filter()
+                    .isNotNull(SysMenuJoinSysRoleMenu::getInterfaceUri).list()
+                    .getProperty(SysMenuJoinSysRoleMenu::getInterfaceUri)
+            );
+        }
+        return list.comparing();
+    }
+
+    /**
+     * 获取所有菜单接口uri
+     *
+     * @param loginId 登录id
+     * @return
+     */
+    public static List<String> getMenuInterfaceUri(Long loginId) {
+        return getMenuInterfaceUri(loginId, DEFAULT_STSTEM_ID);
+    }
+
     @Data
     @Accessors(chain = true)
     public static class CacheEntity {

authorize-api-service/src/main/java/com/xy/service/PublicInterfaceImpl.java

@@ -0,0 +1,88 @@
+package com.xy.service;
+
+import com.xy.dto.SysSystemUserDto;
+import com.xy.dto.SysSystemValueDto;
+import com.xy.dto.SysWorkUser.AddDto;
+import com.xy.dto.SysWorkUser.AuthByInterface;
+import com.xy.dto.SysWorkUser.LoginDto;
+import com.xy.dto.SysWorkUser.UpdateDto;
+import com.xy.utils.PageBean;
+import com.xy.utils.R;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.AllArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import javax.validation.Valid;
+
+@Service
+@AllArgsConstructor
+@Api(tags = "统一对外接口")
+public class PublicInterfaceImpl implements PublicInterface {
+
+    private SysSystemUserService sysSystemUserService;
+
+    private SysSystemValueService sysSystemValueService;
+
+    private SysWorkUserService sysWorkUserService;
+
+    @Override
+    @ApiOperation("租户登录")
+    public R<String> login(SysSystemUserDto.Login login) {
+        return sysSystemUserService.login(login);
+    }
+
+    @Override
+    @ApiOperation("租户注册")
+    public R<Boolean> register(SysSystemUserDto.Login login) {
+        return sysSystemUserService.register(login);
+    }
+
+    @Override
+    @ApiOperation("系统属性分页查询")
+    public R<PageBean<SysSystemValueDto.Vo>> page(SysSystemValueDto.Select select) {
+        return sysSystemValueService.page(select);
+    }
+
+    @Override
+    @ApiOperation("业务用户注册")
+    public R<Long> register(@Valid AddDto addDto) {
+        return sysWorkUserService.register(addDto);
+    }
+
+    @Override
+    @ApiOperation("业务用户登录")
+    public R<String> login(LoginDto loginDto) {
+        return sysWorkUserService.login(loginDto);
+    }
+
+    @Override
+    @ApiOperation("业务用户登出")
+    public R logout() {
+        return sysWorkUserService.logout();
+    }
+
+    @Override
+    @ApiOperation("业务用户修改")
+    public R<Boolean> update(@Valid UpdateDto updateDto) {
+        return sysWorkUserService.update(updateDto);
+    }
+
+    @Override
+    @ApiOperation("业务用户登录鉴权")
+    public R<Boolean> authByLogin() {
+        return sysWorkUserService.authByLogin();
+    }
+
+    @Override
+    @ApiOperation("业务用户接口鉴权")
+    public R<Boolean> authByInterface(AuthByInterface authByInterface) {
+        return sysWorkUserService.authByInterface(authByInterface);
+    }
+
+    @Override
+    @ApiOperation("业务用户数据鉴权")
+    public R<Boolean> authByData(AuthByInterface authByInterface) {
+        return sysWorkUserService.authByData(authByInterface);
+    }
+}

authorize-api-service/src/main/java/com/xy/service/impl/SysWorkUserServiceImpl.java

@@ -1,33 +1,36 @@
 package com.xy.service.impl;
 
+import cn.dev33.satoken.stp.StpUtil;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.crypto.SecureUtil;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.xy.dto.SysWorkUser.AddDto;
-import com.xy.dto.SysWorkUser.PageDto;
-import com.xy.dto.SysWorkUser.UpdateDto;
+import com.xy.config.SaTokenAuthorizeConfig;
+import com.xy.dto.SysWorkUser.*;
 import com.xy.entity.SysDeptRelation;
 import com.xy.entity.SysUserDept;
 import com.xy.entity.SysUserRole;
 import com.xy.entity.SysWorkUser;
 import com.xy.mapper.SysWorkUserMapper;
+import com.xy.redis.RedisCache;
 import com.xy.service.SysDeptRelationService;
 import com.xy.service.SysUserDeptService;
 import com.xy.service.SysUserRoleService;
 import com.xy.service.SysWorkUserService;
-import com.xy.utils.Beans;
-import com.xy.utils.PageBean;
-import com.xy.utils.R;
-import com.xy.utils.SaTokenUtils;
+import com.xy.utils.*;
 import com.xy.vo.SysWorkUserVo;
 import io.swagger.annotations.Api;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import javax.servlet.http.HttpServletRequest;
+import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -53,11 +56,27 @@ public class SysWorkUserServiceImpl extends ServiceImpl<SysWorkUserMapper, SysWo
     private final SysUserDeptService sysUserDeptService;
     private final SysDeptRelationService sysDeptRelationService;
 
+    private final HttpServletRequest request;
+
+    private final SaTokenAuthorizeConfig saTokenAuthorizeConfig;
+
     @Override
     @Transactional(rollbackFor = Exception.class)
-    public R<Boolean> add(AddDto addDto) {
-        SysWorkUser sysWorkUser = Beans.copy(SysWorkUser.class, addDto).create(Long.parseLong(SaTokenUtils.getId().toString()));
+    public R<Long> register(AddDto addDto) {
+        long longId = Long.parseLong(SaTokenUtils.getId().toString());
+        //校验
+        long count = count(new LambdaQueryWrapper<SysWorkUser>()
+                .eq(SysWorkUser::getAccount, addDto.getAccount())
+                .eq(SysWorkUser::getSysUserId, longId)
+        );
+        if (count > 0) {
+            return R.fail("账号已存在");
+        }
         //新增业务用户
+        SysWorkUser sysWorkUser = Beans.copy(SysWorkUser.class, addDto)
+                .create(Long.parseLong(SaTokenUtils.getId().toString()))
+                .setSysUserId(longId)
+                .setPassword(SecureUtil.md5(addDto.getPassword()));
         save(sysWorkUser);
         List<Long> roleIds = addDto.getRoleIds();
         if (CollUtil.isNotEmpty(roleIds)) {
@@ -75,13 +94,18 @@ public class SysWorkUserServiceImpl extends ServiceImpl<SysWorkUserMapper, SysWo
             //保存用户部门 绑定信息
             sysUserDeptService.saveBatch(sysUserDeptList);
         }
-        return R.ok(Boolean.TRUE);
+        return R.ok(sysWorkUser.getId());
     }
 
     @Override
     @Transactional(rollbackFor = Exception.class)
     public R<Boolean> update(UpdateDto updateDto) {
-        SysWorkUser sysWorkUser = Beans.copy(SysWorkUser.class, updateDto).update(Long.parseLong(SaTokenUtils.getId().toString()));
+        //更新用户信息
+        SysWorkUser sysWorkUser = Beans.copy(SysWorkUser.class, updateDto)
+                .update(Long.parseLong(SaTokenUtils.getId().toString()))
+                .setPassword(StringUtils.isNotEmpty(updateDto.getPassword()) ? SecureUtil.md5(updateDto.getPassword()) : null);
+        updateById(sysWorkUser);
+        //更新角色信息
         List<Long> roleIds = updateDto.getRoleIds();
         if (CollUtil.isNotEmpty(roleIds)) {
             List<SysUserRole> surList = sysUserRoleService.list(Wrappers.<SysUserRole>lambdaQuery()
@@ -95,11 +119,8 @@ public class SysWorkUserServiceImpl extends ServiceImpl<SysWorkUserMapper, SysWo
                 //保存用户角色绑定信息
                 sysUserRoleService.saveBatch(sysUserRoleList);
             }
-
         }
-
-        //更新用户信息
-        updateById(sysWorkUser);
+        //更新部门信息
         List<Long> deptIds = updateDto.getDeptIds();
         if (CollUtil.isNotEmpty(deptIds)) {
             List<SysUserDept> sysUserDeptList = sysUserDeptService.list(Wrappers.<SysUserDept>lambdaQuery()
@@ -117,6 +138,7 @@ public class SysWorkUserServiceImpl extends ServiceImpl<SysWorkUserMapper, SysWo
 
     @Override
     public R<PageBean<SysWorkUserVo>> page(PageDto dto) {
+        long longId = Long.parseLong(SaTokenUtils.getId().toString());
         Long deptId = dto.getDeptId();
         List<SysDeptRelation> deptRelations = sysDeptRelationService.list(Wrappers.<SysDeptRelation>lambdaQuery()
                 .eq(SysDeptRelation::getAncestor, deptId));
@@ -130,15 +152,96 @@ public class SysWorkUserServiceImpl extends ServiceImpl<SysWorkUserMapper, SysWo
         if (CollUtil.isNotEmpty(sysUserDeptList)) {
             userIds = sysUserDeptList.stream().map(SysUserDept::getWorkUserId).collect(Collectors.toList());
         }
-        IPage<SysWorkUser> page = page(toIPage(dto.getPage()), Wrappers.<SysWorkUser>lambdaQuery()
+        LambdaQueryWrapper<SysWorkUser> lambdaQueryWrapper = Wrappers.<SysWorkUser>lambdaQuery()
                 .eq(SysWorkUser::getSysId, dto.getSysId())
                 .eq(StrUtil.isNotBlank(dto.getAccount()), SysWorkUser::getAccount, dto.getAccount())
                 .eq(StrUtil.isNotBlank(dto.getEmail()), SysWorkUser::getEmail, dto.getEmail())
                 .eq(ObjectUtil.isNotEmpty(dto.getStatus()), SysWorkUser::getStatus, dto.getStatus())
-                .in(CollUtil.isNotEmpty(userIds), SysWorkUser::getId, userIds)
-        );
+                .in(CollUtil.isNotEmpty(userIds), SysWorkUser::getId, userIds);
+        //判断数据查询权限
+        RedisCache.getDataAuth(longId, lambdaQueryWrapper, SysWorkUser::getSysUserId);
+        IPage<SysWorkUser> page = page(toIPage(dto.getPage()), lambdaQueryWrapper);
         return R.ok(toPageBean(SysWorkUserVo.class, page));
     }
 
+    @Override
+    public R<String> login(LoginDto loginDto) {
+        long longId = Long.parseLong(SaTokenUtils.getId().toString());
+        //手机短信登录
+        if (!StringUtils.isEmpty(loginDto.getCode())) {
+
+        }
+        //账号、邮箱、手机、密码登录
+        LambdaQueryWrapper<SysWorkUser> lambdaQueryWrapper = new LambdaQueryWrapper<SysWorkUser>()
+                .and(sysWorkUserLambdaQueryWrapper -> sysWorkUserLambdaQueryWrapper
+                        .eq(SysWorkUser::getAccount, loginDto.getLoginName())
+                        .or()
+                        .eq(SysWorkUser::getEmail, loginDto.getLoginName())
+                        .or()
+                        .eq(SysWorkUser::getPhone, loginDto.getLoginName()))
+                .eq(SysWorkUser::getPassword, SecureUtil.md5(loginDto.getPassword()))
+                .eq(SysWorkUser::getSysUserId, longId);
+        SysWorkUser sysWorkUser = getOne(lambdaQueryWrapper);
+        if (sysWorkUser == null) {
+            return R.fail("账号或密码错误");
+        }
+        if (!sysWorkUser.getStatus()) {
+            return R.fail("账号已被封禁");
+        }
+        //生成token
+        StpUtil.login(sysWorkUser.getId());
+        //更新登录信息
+        SysWorkUser workUser = new SysWorkUser()
+                .setId(sysWorkUser.getId())
+                .setLastLoginId(loginDto.getLoginName())
+                .setLastLoginTime(LocalDateTime.now())
+                .setLoginNum(sysWorkUser.getLoginNum() + 1);
+        updateById(workUser);
+        //缓存权限相关到redis
+        RedisCache.workCache(sysWorkUser.getId());
+        return R.ok(StpUtil.getTokenValue());
+    }
+
+    @Override
+    public R logout() {
+        StpUtil.logout(SaTokenUtils.getId());
+        return R.ok();
+    }
+
+    @Override
+    public R<Boolean> authByLogin() {
+        String satoken = request.getHeader(saTokenAuthorizeConfig.getTokenName());
+        if (!Emptys.check(satoken)) {
+            return R.ok(false);
+        }
+        Object loginIdByToken = StpUtil.getLoginIdByToken(satoken);
+        if (loginIdByToken == null) {
+            return R.ok(false);
+        }
+        return R.ok(true);
+    }
+
+    @Override
+    public R<Boolean> authByInterface(AuthByInterface authByInterface) {
+        //登录鉴权
+        Boolean data = authByLogin().getData();
+        if (!data) {
+            return R.ok(false);
+        }
+        //接口鉴权
+        List<String> menuInterfaceUri = RedisCache.getMenuInterfaceUri(Long.parseLong(SaTokenUtils.getId().toString()), authByInterface.getSystemId());
+        if (!menuInterfaceUri.contains(authByInterface.getUri())) {
+            return R.ok(false);
+        }
+        return R.ok(true);
+    }
+
+    @Override
+    public R<Boolean> authByData(AuthByInterface authByInterface) {
+        long longId = Long.parseLong(SaTokenUtils.getId().toString());
+        boolean dataAuth = RedisCache.getDataAuth(longId, authByInterface.getSystemId(), authByInterface.getUri());
+        return R.ok(dataAuth);
+    }
+
 
 }

authorize-api/src/main/java/com/xy/dto/SysWorkUser/AddDto.java

@@ -6,6 +6,8 @@ import lombok.Data;
 import lombok.experimental.Accessors;
 
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Pattern;
 import java.util.List;
 
 @Data
@@ -15,35 +17,38 @@ public class AddDto {
 
 
     @ApiModelProperty(value = "系统ID", required = true)
-    @NotBlank(message = "未选择系统")
+    @NotNull(message = "sysId不能为空")
     private Long sysId;
 
     @ApiModelProperty(value = "账号", required = true)
-    @NotBlank(message = "账号不可为空")
+    @NotBlank(message = "account不可为空")
+    @Pattern(regexp = "^[a-zA-z0-9]{6,11}$", message = "account必须为数字或字母，长度6-11位之间")
     private String account;
 
 
-    @ApiModelProperty(value = "邮箱", required = false)
+    @ApiModelProperty(value = "邮箱")
+    @Pattern(regexp = "^(\\w+([-.][A-Za-z0-9]+)*){3,18}@\\w+([-.][A-Za-z0-9]+)*\\.\\w+([-.][A-Za-z0-9]+)*$", message = "email格式错误")
     private String email;
 
 
     @ApiModelProperty(value = "手机", required = true)
-    @NotBlank(message = "手机号不可为空")
+    @Pattern(regexp = "^((13[0-9])|(14[5|7])|(15([0-3]|[5-9]))|(17[013678])|(18[0,2-9]))\\d{8}$", message = "phone格式错误")
     private String phone;
 
 
     @ApiModelProperty(value = "密码", required = true)
     @NotBlank(message = "密码不可为空")
+    @Pattern(regexp = "^[a-zA-z0-9]{6,11}$", message = "password必须为数字或字母，长度6-11位之间")
     private String password;
 
 
-    @ApiModelProperty(value = "状态", required = false)
+    @ApiModelProperty(value = "状态")
     private Boolean status;
 
-    @ApiModelProperty(value = "角色ID(数组)", required = false)
+    @ApiModelProperty(value = "角色ID(数组)")
     private List<Long> roleIds;
 
-    @ApiModelProperty(value = "部门ID(数组)", required = false)
+    @ApiModelProperty(value = "部门ID(数组)")
     private List<Long> deptIds;
 
 

authorize-api/src/main/java/com/xy/dto/SysWorkUser/AuthByInterface.java

@@ -0,0 +1,24 @@
+package com.xy.dto.SysWorkUser;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotNull;
+
+@Data
+@ApiModel("接口鉴权")
+@Accessors(chain = true)
+public class AuthByInterface {
+
+    @NotNull(message = "systemId不能为空")
+    @ApiModelProperty("系统ID")
+    private Long systemId;
+
+    @NotBlank(message = "uri不能为空")
+    @ApiModelProperty("接口uri")
+    private String uri;
+
+}

authorize-api/src/main/java/com/xy/dto/SysWorkUser/LoginDto.java

@@ -0,0 +1,27 @@
+package com.xy.dto.SysWorkUser;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.Pattern;
+
+@Data
+@ApiModel("登录")
+@Accessors(chain = true)
+public class LoginDto {
+
+    @ApiModelProperty("账号,邮箱,手机")
+    @NotBlank(message = "lognName不能为空")
+    private String loginName;
+
+    @ApiModelProperty("密码")
+    @Pattern(regexp = "^[a-zA-z0-9]{6,11}$", message = "password必须为数字或字母，长度6-11位之间")
+    private String password;
+
+    @ApiModelProperty("短信验证码")
+    private String code;
+
+}

authorize-api/src/main/java/com/xy/dto/SysWorkUser/UpdateDto.java

@@ -5,7 +5,6 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.experimental.Accessors;
 
-import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import java.util.List;
 
@@ -18,10 +17,6 @@ public class UpdateDto {
     @NotNull(message = "未选中用户")
     private Long id;
 
-    @ApiModelProperty(value = "系统ID", required = true)
-    @NotBlank(message = "未选择系统")
-    private Long sysId;
-
     @ApiModelProperty(value = "邮箱", required = false)
     private String email;
 

authorize-api/src/main/java/com/xy/service/PublicInterface.java

@@ -0,0 +1,119 @@
+package com.xy.service;
+
+import com.xy.annotate.RestMappingController;
+import com.xy.dto.SysSystemUserDto;
+import com.xy.dto.SysSystemValueDto;
+import com.xy.dto.SysWorkUser.AddDto;
+import com.xy.dto.SysWorkUser.AuthByInterface;
+import com.xy.dto.SysWorkUser.LoginDto;
+import com.xy.dto.SysWorkUser.UpdateDto;
+import com.xy.utils.PageBean;
+import com.xy.utils.R;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import javax.validation.Valid;
+
+/**
+ * 统一对外接口
+ */
+@RestMappingController("public-interface")
+public interface PublicInterface {
+
+    /**
+     * 租户登录
+     * 无需token
+     *
+     * @param login
+     * @return
+     */
+    @PostMapping("systemUserLogin")
+    R<String> login(@RequestBody @Validated SysSystemUserDto.Login login);
+
+    /**
+     * 租户注册
+     * 无需token
+     *
+     * @param login
+     * @return
+     */
+    @PostMapping("systemUserRegister")
+    R<Boolean> register(@RequestBody @Validated SysSystemUserDto.Login login);
+
+    /**
+     * 系统属性分页查询
+     * 需要租户token
+     *
+     * @param select
+     * @return
+     */
+    @PostMapping("sysSystemPage")
+    R<PageBean<SysSystemValueDto.Vo>> page(@RequestBody @Validated SysSystemValueDto.Select select);
+
+    /**
+     * 业务用户注册
+     * 需要租户token
+     *
+     * @param addDto
+     * @return
+     */
+    @PostMapping("workUserRegister")
+    R<Long> register(@Valid @RequestBody AddDto addDto);
+
+    /**
+     * 业务用户登录
+     * 需要租户token
+     *
+     * @param loginDto
+     * @return
+     */
+    @PostMapping("workUserLogin")
+    R<String> login(@RequestBody @Validated LoginDto loginDto);
+
+    /**
+     * 业务用户登出
+     * 需要业务用户token
+     *
+     * @return
+     */
+    @PostMapping("workUserLogout")
+    R logout();
+
+    /**
+     * 业务用户修改
+     * 需要租户token
+     *
+     * @return
+     */
+    @PostMapping("workUserUpdate")
+    R<Boolean> update(@Valid @RequestBody UpdateDto updateDto);
+
+    /**
+     * 业务用户登录鉴权
+     * 需要业务用户token
+     *
+     * @return
+     */
+    @PostMapping("workUserAuthByLogin")
+    R<Boolean> authByLogin();
+
+    /**
+     * 业务用户接口鉴权
+     * 需要业务用户token
+     *
+     * @return
+     */
+    @PostMapping("workUserAuthByInterface")
+    R<Boolean> authByInterface(@RequestBody @Validated AuthByInterface authByInterface);
+
+    /**
+     * 业务用户数据鉴权
+     * 需要业务用户token
+     *
+     * @param authByInterface
+     * @return
+     */
+    @PostMapping("workUserAuthByData")
+    R<Boolean> authByData(@RequestBody @Validated AuthByInterface authByInterface);
+}

authorize-api/src/main/java/com/xy/service/SysWorkUserService.java

@@ -1,13 +1,12 @@
 package com.xy.service;
 
 import com.xy.annotate.RestMappingController;
-import com.xy.dto.SysWorkUser.AddDto;
-import com.xy.dto.SysWorkUser.PageDto;
-import com.xy.dto.SysWorkUser.UpdateDto;
+import com.xy.dto.SysWorkUser.*;
 import com.xy.utils.PageBean;
 import com.xy.utils.R;
 import com.xy.vo.SysWorkUserVo;
 import io.swagger.annotations.ApiOperation;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
@@ -22,9 +21,9 @@ import javax.validation.Valid;
 public interface SysWorkUserService {
 
 
-    @ApiOperation(value = "新增业务用户信息", notes = "新增业务用户信息")
-    @PostMapping("add")
-    R<Boolean> add(@Valid @RequestBody AddDto addDto);
+    @ApiOperation(value = "注册", notes = "注册")
+    @PostMapping("register")
+    R<Long> register(@Valid @RequestBody AddDto addDto);
 
     @ApiOperation(value = "更新业务用户信息", notes = "更新业务用户信息")
     @PostMapping("update")
@@ -33,6 +32,24 @@ public interface SysWorkUserService {
     @ApiOperation(value = "分页获取业务用户信息", notes = "分页获取角色信息")
     @PostMapping("page")
     R<PageBean<SysWorkUserVo>> page(PageDto dto);
- 
 
+    @PostMapping("login")
+    @ApiOperation("登录")
+    R<String> login(@RequestBody @Validated LoginDto loginDto);
+
+    @PostMapping("logout")
+    @ApiOperation("登出")
+    R logout();
+
+    @PostMapping("authByLogin")
+    @ApiOperation("登录鉴权")
+    R<Boolean> authByLogin();
+
+    @PostMapping("authByInterface")
+    @ApiOperation("接口鉴权")
+    R<Boolean> authByInterface(@RequestBody @Validated AuthByInterface authByInterface);
+
+    @PostMapping("authByData")
+    @ApiOperation("数据鉴权")
+    R<Boolean> authByData(@RequestBody @Validated AuthByInterface authByInterface);
 }

authorize-start/src/main/resources/bootstrap.yml

@@ -32,6 +32,8 @@ sa-token:
   is-log: false
   # 是否输出启动日志
   isPrint: false
+  # 是否开启接口鉴权
+  enablePermission: false
   # 需要过滤的url
   exclude-paths:
     - /**/sys-system-user/login