update

mec-auth/mec-auth-server/pom.xml

@@ -59,11 +59,13 @@
 			<groupId>com.ym</groupId>
 			<artifactId>mec-auth-api</artifactId>
 		</dependency>
-		
+
 		<dependency>
-			<groupId>org.springframework.social</groupId>
-			<artifactId>spring-social-security</artifactId>
+			<groupId>com.github.penggle</groupId>
+			<artifactId>kaptcha</artifactId>
+			<version>2.3.2</version>
 		</dependency>
 
+
 	</dependencies>
 </project>

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -65,7 +65,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Override
 	public void configure(WebSecurity web) throws Exception {
-		web.ignoring().antMatchers("/usernameLogin", "/smsLogin", "/refreshToken", "/v2/api-docs","/loginIn");
+		web.ignoring().antMatchers("/usernameLogin", "/smsLogin", "/refreshToken", "/v2/api-docs","/loginIn","/code/*");
 	}
 
 	@Bean

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/constant/SecurityConstants.java

@@ -5,4 +5,8 @@ public interface SecurityConstants {
 	public static final String USERNAME_PRINCIPAL_PREFIX = "username:";
 
 	public static final String PHONE_PRINCIPAL_PREFIX = "phone:";
+
+	String PARAM_VERIFY_EXCEPTION = "参数校验异常";
+
+	String VERIFY_FAILURE = "校验失败";
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/RoleController.java

@@ -1,11 +1,13 @@
 package com.ym.mec.auth.web.controller;
 
 import com.ym.mec.auth.api.entity.SysRole;
+import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysMenuService;
 import com.ym.mec.auth.service.SysRoleMenuService;
 import com.ym.mec.auth.service.SysRoleService;
 import com.ym.mec.common.controller.BaseController;
 import io.swagger.annotations.*;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import java.util.Date;
@@ -57,6 +59,9 @@ public class RoleController extends BaseController {
             @ApiImplicitParam(name = "menuIds", value = "菜单id,逗号分隔", required = true, dataType = "String") })
     @PostMapping("/addRoleMenu")
     public Object addRoleMenu(Integer roleId,String menuIds) {
+        if(roleId == null || StringUtils.isEmpty(menuIds)){
+            return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
+        }
         sysRoleMenuService.batchInsert(roleId,menuIds);
         return succeed();
     }
@@ -66,6 +71,9 @@ public class RoleController extends BaseController {
             @ApiImplicitParam(name = "menuIds", value = "菜单id,逗号分隔", required = true, dataType = "String") })
     @DeleteMapping("/delRoleMenu")
     public Object delRoleMenu(Integer roleId,String menuIds) {
+        if(roleId == null || StringUtils.isEmpty(menuIds)){
+            return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
+        }
         sysRoleMenuService.batchdel(roleId,menuIds);
         return succeed();
     }
@@ -74,6 +82,9 @@ public class RoleController extends BaseController {
     @ApiImplicitParams({ @ApiImplicitParam(name = "roleId", value = "角色编号", required = true, dataType = "Integer")})
     @GetMapping("/getMenus")
     public Object getMenus(Integer roleId) {
+        if(roleId == null){
+            return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
+        }
         return succeed(sysMenuService.getMenusByRoleId(roleId));
     }
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java

@@ -1,37 +1,102 @@
 package com.ym.mec.auth.web.controller;
 
+import com.google.code.kaptcha.Constants;
+import com.google.code.kaptcha.Producer;
+import com.ym.mec.auth.config.constant.SecurityConstants;
+import com.ym.mec.common.controller.BaseController;
+import com.ym.mec.common.validcode.SmsCodeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
+import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
-
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-
-import com.ym.mec.common.controller.BaseController;
-import com.ym.mec.common.validcode.SmsCodeService;
+import javax.imageio.ImageIO;
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.awt.image.BufferedImage;
+import java.util.concurrent.TimeUnit;
 
 @RestController
-@RequestMapping("sms")
-@Api(description = "短信服务")
+@RequestMapping("code")
+@Api(description = "验证码服务")
 public class SmsCodeController extends BaseController {
 
     @Autowired
     private SmsCodeService smsCodeService;
+    @Autowired
+    private Producer captchaProducer;
+    @Autowired
+    private RedisTemplate<String,String> redisTemplate;
 
     @ApiOperation("发送登录短信验证码")
     @ApiImplicitParam(name = "mobile", value = "手机号", required = true, dataType = "String")
-    @PostMapping("/sendVerifyCode")
-    //@PreAuthorize("hasAnyAuthority('student')")
+    @PostMapping("/sendSms")
     @PreAuthorize("@pcs.hasPermissions('sys_user_manage')")
     public Object sendLoginVerifyCode(String mobile) {
         smsCodeService.sendValidCode(mobile);
         return succeed();
     }
+
+    @PostMapping("/verifyLoginImage")
+    @ApiOperation("校验登录图形验证码")
+    @ApiImplicitParams({ @ApiImplicitParam(name = "phone", value = "手机号", required = true, dataType = "String"),
+            @ApiImplicitParam(name = "code", value = "验证码", required = true, dataType = "String") })
+    public Object verifyImageCode(String phone,String code){
+        if(StringUtils.isEmpty(phone) || StringUtils.isEmpty(code)){
+            return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
+        }
+        String redisKey = Constants.KAPTCHA_SESSION_KEY + phone;
+        if(redisTemplate.hasKey(redisKey)){
+            if(StringUtils.equals(redisTemplate.opsForValue().get(redisKey),code)){
+                return succeed();
+            }
+        }
+        return failed(SecurityConstants.VERIFY_FAILURE);
+    }
+
+    @GetMapping("/getLoginImage")
+    @ApiOperation("获取登录图片验证码")
+    @ApiImplicitParam(name = "phone", value = "手机号", required = true, dataType = "String")
+    public void getKaptchaImage(HttpServletResponse response, HttpSession session,String phone) throws Exception {
+        if(StringUtils.isEmpty(phone)){
+            return;
+        }
+
+        response.setDateHeader("Expires", 0);
+
+        // Set standard HTTP/1.1 no-cache headers.
+        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
+        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
+        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
+        // Set standard HTTP/1.0 no-cache header.
+        response.setHeader("Pragma", "no-cache");
+        // return a jpeg
+        response.setContentType("image/jpeg");
+        // create the text for the image
+        String capText = captchaProducer.createText();
+
+        redisTemplate.opsForValue().set(Constants.KAPTCHA_SESSION_KEY + phone,capText,3, TimeUnit.MINUTES);
+        // create the image with the text
+        BufferedImage bi = captchaProducer.createImage(capText);
+        ServletOutputStream out = response.getOutputStream();
+        // write the data out
+        ImageIO.write(bi, "jpg", out);
+        try {
+            out.flush();
+        } finally {
+            out.close();
+        }
+    }
     
     @PostMapping("/query")
     public Object query() {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/UserController.java

@@ -1,12 +1,14 @@
 package com.ym.mec.auth.web.controller;
 
 import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysRoleService;
 import com.ym.mec.auth.service.SysUserRoleService;
 import com.ym.mec.auth.service.SysUserService;
 import com.ym.mec.auth.web.controller.queryInfo.SysUserQueryInfo;
 import com.ym.mec.common.controller.BaseController;
 import io.swagger.annotations.*;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.*;
@@ -85,6 +87,9 @@ public class UserController extends BaseController {
 			@ApiImplicitParam(name = "roleIds", value = "角色id,逗号分隔", required = true, dataType = "String") })
 	@PostMapping("/addRole")
 	public Object getRole(Integer userId,String roleIds) {
+		if(userId == null || StringUtils.isEmpty(roleIds)){
+			return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
+		}
 		sysUserRoleService.batchInsert(userId,roleIds);
 		return succeed();
 	}
@@ -94,6 +99,9 @@ public class UserController extends BaseController {
 			@ApiImplicitParam(name = "roleIds", value = "角色id,逗号分隔", required = true, dataType = "String") })
 	@DeleteMapping("/delRole")
 	public Object delRole(Integer userId,String roleIds) {
+		if(userId == null || StringUtils.isEmpty(roleIds)){
+			return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
+		}
 		sysUserRoleService.batchDel(userId,roleIds);
 		return succeed();
 	}