mirror of
https://github.com/ZSCNetSupportDept/WechatTicketSystem.git
synced 2025-10-28 23:55:04 +08:00
Merge pull request #2 from SolaKun/develop
add bypass parameter to login
This commit is contained in:
Sola
@@ -44,6 +44,7 @@ public class Response {
|
||||
REQUEST_EXPIRED(-21),
|
||||
WRONG_PASSWORD(-22),
|
||||
INCORRECT_WECHAT(-23),
|
||||
PERMISSION_DENIED(-24),
|
||||
INTERNAL_ERROR(-90),
|
||||
DATABASE_ERROR(-91),
|
||||
;
|
||||
|
||||
@@ -2,10 +2,16 @@ package love.sola.netsupport.api.admin;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import love.sola.netsupport.api.Response;
|
||||
import love.sola.netsupport.enums.Access;
|
||||
import love.sola.netsupport.enums.Attribute;
|
||||
import love.sola.netsupport.pojo.Operator;
|
||||
import love.sola.netsupport.pojo.User;
|
||||
import love.sola.netsupport.sql.SQLCore;
|
||||
import love.sola.netsupport.sql.TableUser;
|
||||
import love.sola.netsupport.util.Checker;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import love.sola.netsupport.wechat.Command;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
|
||||
import javax.servlet.ServletConfig;
|
||||
import javax.servlet.ServletException;
|
||||
@@ -22,7 +28,7 @@ import java.io.PrintWriter;
|
||||
* Don't modify this source without my agreement
|
||||
* ***********************************************
|
||||
*/
|
||||
@WebServlet(name = "GetUser",urlPatterns = "/api/getuser",loadOnStartup = 1)
|
||||
@WebServlet(name = "GetUser",urlPatterns = "/api/admin/getuser",loadOnStartup = 42)
|
||||
public class GetUser extends HttpServlet {
|
||||
|
||||
private Gson gson = SQLCore.gson;
|
||||
@@ -48,6 +54,15 @@ public class GetUser extends HttpServlet {
|
||||
}
|
||||
|
||||
private Response query(HttpServletRequest request) {
|
||||
WxSession session = Checker.isAuthorized(request, Command.LOGIN);
|
||||
if (session == null) {
|
||||
return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
}
|
||||
Operator op = (Operator) session.getAttribute(Attribute.OPERATOR);
|
||||
if (op.getAccess() != Access.ROOT) {
|
||||
return new Response(Response.ResponseCode.PERMISSION_DENIED);
|
||||
}
|
||||
|
||||
String id = request.getParameter("id");
|
||||
String name = request.getParameter("name");
|
||||
if ((id == null || id.isEmpty()) && (name == null || name.isEmpty())) {
|
||||
|
||||
89
src/main/java/love/sola/netsupport/api/admin/Login.java
Normal file
89
src/main/java/love/sola/netsupport/api/admin/Login.java
Normal file
@@ -0,0 +1,89 @@
|
||||
package love.sola.netsupport.api.admin;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import love.sola.netsupport.api.Response;
|
||||
import love.sola.netsupport.enums.Access;
|
||||
import love.sola.netsupport.enums.Attribute;
|
||||
import love.sola.netsupport.pojo.Operator;
|
||||
import love.sola.netsupport.pojo.User;
|
||||
import love.sola.netsupport.sql.SQLCore;
|
||||
import love.sola.netsupport.sql.TableOperator;
|
||||
import love.sola.netsupport.sql.TableUser;
|
||||
import love.sola.netsupport.util.Crypto;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import love.sola.netsupport.util.RSAUtil;
|
||||
import love.sola.netsupport.wechat.Command;
|
||||
import love.sola.netsupport.wechat.WechatSession;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
/**
|
||||
* ***********************************************
|
||||
* Created by Sola on 2015/12/12.
|
||||
* Don't modify this source without my agreement
|
||||
* ***********************************************
|
||||
*/
|
||||
|
||||
@WebServlet(name = "Login", urlPatterns = "/api/admin/login", loadOnStartup = 31)
|
||||
public class Login extends HttpServlet {
|
||||
|
||||
private Gson gson = SQLCore.gson;
|
||||
|
||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
doGet(request, response);
|
||||
}
|
||||
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
request.setCharacterEncoding("utf-8");
|
||||
response.setCharacterEncoding("utf-8");
|
||||
response.addHeader("Content-type", "text/json;charset=utf-8");
|
||||
PrintWriter out = response.getWriter();
|
||||
String json = gson.toJson(login(request));
|
||||
out.println(ParseUtil.parseJsonP(request, json));
|
||||
out.close();
|
||||
}
|
||||
|
||||
private Response login(HttpServletRequest request) {
|
||||
try {
|
||||
int oid = Integer.parseInt(request.getParameter("id"));
|
||||
String password = request.getParameter("pass");
|
||||
boolean bypass = request.getParameter("bypass") != null;
|
||||
Operator op = TableOperator.get(oid);
|
||||
if (op == null)
|
||||
return new Response(Response.ResponseCode.OPERATOR_NOT_FOUND);
|
||||
else if (op.getAccess() == Access.NOLOGIN)
|
||||
return new Response(Response.ResponseCode.PERMISSION_DENIED);
|
||||
|
||||
if (!Crypto.check(bypass ? password : RSAUtil.decrypt(password), op.getPassword())) {
|
||||
return new Response(Response.ResponseCode.WRONG_PASSWORD);
|
||||
}
|
||||
|
||||
String sid = WechatSession.genId();
|
||||
WxSession session = WechatSession.get(sid, true);
|
||||
if (bypass) {
|
||||
session.setAttribute(Attribute.AUTHORIZED, Command.fromId(Integer.parseInt(request.getParameter("bypass"))));
|
||||
} else {
|
||||
session.setAttribute(Attribute.AUTHORIZED, Command.LOGIN);
|
||||
}
|
||||
|
||||
session.setAttribute(Attribute.WECHAT, op.getWechat());
|
||||
session.setAttribute(Attribute.OPERATOR, op);
|
||||
|
||||
if (request.getParameter("bypassuser") != null) {
|
||||
User u = TableUser.getById(Long.parseLong(request.getParameter("bypassuser")));
|
||||
session.setAttribute(Attribute.USER, u);
|
||||
}
|
||||
|
||||
return new Response(Response.ResponseCode.OK, sid);
|
||||
} catch (Exception e) {
|
||||
return new Response(Response.ResponseCode.REQUEST_FAILED, e);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -27,7 +27,7 @@ import java.io.PrintWriter;
|
||||
* Don't modify this source without my agreement
|
||||
* ***********************************************
|
||||
*/
|
||||
@WebServlet(name = "TicketUpdate", urlPatterns = "/api/ticketupdate", loadOnStartup = 32)
|
||||
@WebServlet(name = "TicketUpdate", urlPatterns = "/api/admin/ticketupdate", loadOnStartup = 32)
|
||||
public class TicketUpdate extends HttpServlet {
|
||||
|
||||
private Gson gson = SQLCore.gson;
|
||||
|
||||
@@ -15,7 +15,7 @@ public class Crypto {
|
||||
}
|
||||
|
||||
public static boolean check(String plain, String hash) {
|
||||
return BCrypt.checkpw(RSAUtil.decrypt(plain), hash);
|
||||
return BCrypt.checkpw(plain, hash);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package love.sola.netsupport.wechat;
|
||||
|
||||
import love.sola.netsupport.config.Settings;
|
||||
import me.chanjar.weixin.common.session.InternalSession;
|
||||
import me.chanjar.weixin.common.session.StandardSessionManager;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
|
||||
@@ -32,4 +33,9 @@ public class WechatSession {
|
||||
public static String genId() {
|
||||
return UUID.randomUUID().toString();
|
||||
}
|
||||
|
||||
public static InternalSession[] list() {
|
||||
return manager.findSessions();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user