update

5.1.2 OAuth2接口调用.md

@@ -0,0 +1,90 @@
+## 目前主要支持的oauth协议
+
+### 一、 密码模式
+密码模式(password)主要针对自家应用，可信度较高，所以可以使用简便安全共存的模式，操作步骤如下
+1. 调用 http://localhost/blade-auth/oauth/token 传入对应的参数
+
+* 请求头：
+`Tenant-Id`:`000000`(替换为对应的租户id)
+`Authorization ： Basic c3dvcmQ6c3dvcmRfc2VjcmV0` （"c3dvcmQ6c3dvcmRfc2VjcmV0"为clientId:clientSecret串转换为的base64编码,需要和`blade_client`表的对应字段相匹配）
+![](../../images/screenshot_1559032174304.png)    
+
+* 表单：
+`grant_type`：`password
+`
+`scope`：`all
+`
+`username`：`admin
+`
+`password`：`21232f297a57a5a743894a0e4a801fc3
+`
+
+* 注意：其中的`sword`和`sword_secret`分别是`blade_client`表`client_id`和`client_secret`字段值，请一一对应。
+
+* 注意：框架对密码进行了**二次加密**，由前端调用传参需要现将原密码进行**md5**加密后再进行传递，原密码是`admin`，所以md5加密后是`21232f297a57a5a743894a0e4a801fc3`，具体如下
+![](../../images/screenshot_1584615713114.png)
+
+2. 若想避免填写错误，快速导入参数，可以参考这个帖子：[https://sns.bladex.vip/article-14982.html](https://sns.bladex.vip/article-14982.html)
+
+
+
+
+#### 调用认证接口返回结果
+![](../../images/screenshot_1574305684211.png)
+![](../../images/screenshot_1584617184986.png)
+![](../../images/screenshot_1584617205489.png)
+
+
+
+
+### 二、刷新token
+刷新token(refresh_token)存在时间会比access_token更长，主要用于access_token快过期的时候，调用oauth接口获取到刷新后的token以达到token续期的目的
+1. 调用 http://localhost/blade-auth/oauth/token 传入对应的参数
+* 请求头：
+ `Tenant-Id`:`000000`(替换为对应的租户id)
+`Authorization ： Basic c3dvcmQ6c3dvcmRfc2VjcmV0` （"c3dvcmQ6c3dvcmRfc2VjcmV0"为clientId:clientSecret串转换为的base64编码）
+
+* 表单：
+`grant_type`：`refresh_token`
+`scope`：`all
+`
+`refresh_token`: `eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXN0IjoidGVzdCIsInVzZXJfbmFtZSI6ImFkbWluIiwic2NvcGUiOlsiYWxsIl0sImV4cCI6MTU1MzE2MTA5NSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6IjE0YmMyYjAyLTgxY2UtNDFiNC04ZTI3LTA5YWE0ZmU4ZWMwYyIsImNsaWVudF9pZCI6ImJsYWRlIn0.jTmioQDq-fSNNn7YCwl3wP0JE-etSWtzLDe545mDbP4
+`
+
+ ### 三、 授权码模式
+授权码模式(authorization_code)主要针对第三方应用，是最为复杂也最为安全的一种模式，操作步骤如下
+1. 打开浏览器访问如下地址：http://localhost:8100/oauth/authorize?tenant_id=000000&client_id=sword&redirect_uri=http://localhost:8888&code=233333&response_type=code
+2. 输入用户名为`admin`，密码为md5(admin)也就是上文提到的`21232f297a57a5a743894a0e4a801fc3`
+![](../../images/screenshot_1584617264880.png)
+3. 点击Authorize按钮，通过授权
+![](../../images/screenshot_1584617280348.png)
+4. 系统自动跳转至http://localhost:8888并加上了code参数
+![](../../images/screenshot_1584617315712.png)
+5. 获取跳转后的code值(http://localhost:8888/?code=VhYNLR)之后，调用 http://localhost/blade-auth/oauth/token 传入对应的参数
+
+* 请求头：
+ `Tenant-Id`:`000000`(替换为对应的租户id)
+`Authorization ： Basic c3dvcmQ6c3dvcmRfc2VjcmV0` （"c3dvcmQ6c3dvcmRfc2VjcmV0"为clientId:clientSecret串转换为的base64编码,需要和`blade_client`表的对应字段相匹配）
+![](../../images/screenshot_1559032174304.png)    
+* 表单：
+`grant_type`：`authorization_code
+`
+`scope`：`all
+`
+`code`：`VhYNLR
+`
+`redirect_uri`： `http://localhost:8888
+` 
+* 注意：
+其中的`sword`和`sword_secret`分别是`blade_client`表`client_id`和`client_secret`字段值，请一一对应。
+其中的`http://localhost:8888`是`blade_client`表的`web_server_redirect_uri`字段值，也请一一对应。
+
+### 四、获取到token后如何获取用户信息
+1. 拼接请求头
+`Authorization ：bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXN0IjoidGVzdCIsInVzZXJfbmFtZSI6ImFkbWluIiwic2NvcGUiOlsiYWxsIl0sImV4cCI6MTU1MzE2MTA5NSwiYXV0aG9yaXRpZXMiOlsiUk9MRV9VU0VSIl0sImp0aSI6IjE0YmMyYjAyLTgxY2UtNDFiNC04ZTI3LTA5YWE0ZmU4ZWMwYyIsImNsaWVudF9pZCI6ImJsYWRlIn0.jTmioQDq-fSNNn7YCwl3wP0JE-etSWtzLDe545mDbP4
+`
+2. 调用 http://localhost/blade-auth/oauth/user-info 既可获得对应用户信息
+
+
+
+

src/main/java/com/zhiqiyun/open/Application.java

@@ -25,26 +25,4 @@ public class Application {
         SpringApplication app = new SpringApplication(Application.class);
         app.run(args);
     }
-
-
-    @Bean
-    public DbSearcher dbSearcher() throws Exception {
-
-        DbConfig config = new DbConfig();
-
-        InputStream inStream = Application.class.getResourceAsStream("/ip2region.db");
-
-        byte[] buff = new byte[1024];
-
-        ByteArrayOutputStream o = new ByteArrayOutputStream();
-
-        int rc = 0;
-        while ((rc = inStream.read(buff, 0, 1024)) > 0) {
-            o.write(buff, 0, rc);
-        }
-
-        byte[] in2b = o.toByteArray();
-
-        return new DbSearcher(config, in2b);
-    }
 }

src/main/java/com/zhiqiyun/open/config/DbSearcherConfig.java

@@ -0,0 +1,36 @@
+package com.zhiqiyun.open.config;
+
+import com.zhiqiyun.open.Application;
+import lombok.extern.slf4j.Slf4j;
+import org.lionsoul.ip2region.DbConfig;
+import org.lionsoul.ip2region.DbSearcher;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+@Slf4j
+@Configuration
+public class DbSearcherConfig {
+	@Bean
+	public DbSearcher dbSearcher() throws Exception {
+
+		DbConfig config = new DbConfig();
+
+		InputStream inStream = Application.class.getResourceAsStream("/ip2region.db");
+
+		byte[] buff = new byte[1024];
+
+		ByteArrayOutputStream o = new ByteArrayOutputStream();
+
+		int rc = 0;
+		while ((rc = inStream.read(buff, 0, 1024)) > 0) {
+			o.write(buff, 0, rc);
+		}
+
+		byte[] in2b = o.toByteArray();
+
+		return new org.lionsoul.ip2region.DbSearcher(config, in2b);
+	}
+}

src/main/java/com/zhiqiyun/open/manager/package-info.java

@@ -1 +0,0 @@
-package com.zhiqiyun.open.manager;

src/main/java/com/zhiqiyun/open/manager/FundaErrorController.java → src/main/java/com/zhiqiyun/open/mvc/FundaErrorController.java

@@ -1,9 +1,10 @@
-package com.zhiqiyun.open.manager;
+package com.zhiqiyun.open.mvc;
 
 import com.zhiqiyun.open.exception.NoFoundException;
 import com.zhiqiyun.open.exception.NoLoginException;
 import com.zhiqiyun.open.exception.NotSufficientFundsException;
 import com.zhiqiyun.open.exception.PermissionDeniedException;
+import com.zhiqiyun.open.mvc.Result;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.boot.web.servlet.error.ErrorController;
 import org.springframework.validation.BindingResult;

src/main/java/com/zhiqiyun/open/manager/Result.java → src/main/java/com/zhiqiyun/open/mvc/Result.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager;
+package com.zhiqiyun.open.mvc;
 
 /**
  * @author jtoms

src/main/java/com/zhiqiyun/open/manager/controller/AuthorityInfoController.java → src/main/java/com/zhiqiyun/open/mvc/manager/controller/AuthorityInfoController.java

@@ -1,7 +1,7 @@
-package com.zhiqiyun.open.manager.controller;
+package com.zhiqiyun.open.mvc.manager.controller;
 
 import com.zhiqiyun.open.annotation.Permission;
-import com.zhiqiyun.open.manager.Result;
+import com.zhiqiyun.open.mvc.Result;
 import com.zhiqiyun.open.models.AuthorityInfo;
 import com.zhiqiyun.open.service.AuthorityInfoService;
 import org.springframework.beans.factory.annotation.Autowired;

src/main/java/com/zhiqiyun/open/manager/controller/IndexController.java → src/main/java/com/zhiqiyun/open/mvc/manager/controller/IndexController.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.controller;
+package com.zhiqiyun.open.mvc.manager.controller;
 
 import com.zhiqiyun.open.service.Ip2RegionService;
 import com.zhiqiyun.open.service.SequenceService;

src/main/java/com/zhiqiyun/open/manager/controller/OauthController.java → src/main/java/com/zhiqiyun/open/mvc/manager/controller/OauthController.java

@@ -1,15 +1,15 @@
-package com.zhiqiyun.open.manager.controller;
+package com.zhiqiyun.open.mvc.manager.controller;
 
 import com.alibaba.fastjson.JSON;
 import com.zhiqiyun.open.annotation.Permission;
 import com.zhiqiyun.open.enmus.AccountType;
 import com.zhiqiyun.open.enmus.PasswordType;
 import com.zhiqiyun.open.enmus.UserLoginLogState;
-import com.zhiqiyun.open.manager.Result;
-import com.zhiqiyun.open.manager.params.ChangePasswordParam;
-import com.zhiqiyun.open.manager.params.LoginParam;
-import com.zhiqiyun.open.manager.params.QueryPageParams;
-import com.zhiqiyun.open.manager.params.SaveUserBaseInfoParam;
+import com.zhiqiyun.open.mvc.Result;
+import com.zhiqiyun.open.mvc.manager.params.ChangePasswordParam;
+import com.zhiqiyun.open.mvc.manager.params.LoginParam;
+import com.zhiqiyun.open.mvc.manager.params.QueryPageParams;
+import com.zhiqiyun.open.mvc.manager.params.SaveUserBaseInfoParam;
 import com.zhiqiyun.open.models.*;
 import com.zhiqiyun.open.mybatis.paginator.domain.PageResult;
 import com.zhiqiyun.open.service.CaptchaService;

src/main/java/com/zhiqiyun/open/manager/controller/RoleInfoController.java → src/main/java/com/zhiqiyun/open/mvc/manager/controller/RoleInfoController.java

@@ -1,9 +1,9 @@
-package com.zhiqiyun.open.manager.controller;
+package com.zhiqiyun.open.mvc.manager.controller;
 
 import com.zhiqiyun.open.annotation.Permission;
-import com.zhiqiyun.open.manager.Result;
-import com.zhiqiyun.open.manager.params.QueryRoleParam;
-import com.zhiqiyun.open.manager.params.SaveRoleParam;
+import com.zhiqiyun.open.mvc.Result;
+import com.zhiqiyun.open.mvc.manager.params.QueryRoleParam;
+import com.zhiqiyun.open.mvc.manager.params.SaveRoleParam;
 import com.zhiqiyun.open.models.RoleInfo;
 import com.zhiqiyun.open.mybatis.paginator.domain.PageResult;
 import com.zhiqiyun.open.service.RoleInfoService;

src/main/java/com/zhiqiyun/open/manager/controller/UserInfoController.java → src/main/java/com/zhiqiyun/open/mvc/manager/controller/UserInfoController.java

@@ -1,12 +1,12 @@
-package com.zhiqiyun.open.manager.controller;
+package com.zhiqiyun.open.mvc.manager.controller;
 
 import com.zhiqiyun.open.annotation.Permission;
 import com.zhiqiyun.open.enmus.AccountType;
 import com.zhiqiyun.open.enmus.PasswordType;
 import com.zhiqiyun.open.enmus.UserState;
-import com.zhiqiyun.open.manager.Result;
-import com.zhiqiyun.open.manager.params.QueryUserParam;
-import com.zhiqiyun.open.manager.params.SaveUserParam;
+import com.zhiqiyun.open.mvc.Result;
+import com.zhiqiyun.open.mvc.manager.params.QueryUserParam;
+import com.zhiqiyun.open.mvc.manager.params.SaveUserParam;
 import com.zhiqiyun.open.models.RoleInfo;
 import com.zhiqiyun.open.models.UserBaseInfo;
 import com.zhiqiyun.open.models.UserLoginAccount;
@@ -122,10 +122,9 @@ public class UserInfoController {
 		return Result.instance(Result.Code.MESSAGE_SUCCESS).setData(loginPassword);
 	}
 
-
 	@Permission(value = "oauth.user.disable", tags = "禁用用户")
-	@PostMapping("/disable")
-	public Result disable(@RequestBody List<Long> ids) {
+	@PostMapping("/disableByIds")
+	public Result disableByIds(@RequestBody List<Long> ids) {
 		if (ids.contains(1000L)) {
 			return Result.instance(Result.Code.MESSAGE_ERROR, "系统管理员不能禁用");
 		}
@@ -142,8 +141,8 @@ public class UserInfoController {
 	}
 
 	@Permission(value = "oauth.user.enable", tags = "启用用户")
-	@PostMapping("/enabled")
-	public Result enabled(@RequestBody List<Long> ids) {
+	@PostMapping("/enabledByIds")
+	public Result enabledByIds(@RequestBody List<Long> ids) {
 		if (ids.isEmpty()) {
 			return Result.instance(Result.Code.MESSAGE_ERROR, "请选择要启用的用户");
 		}
@@ -157,15 +156,15 @@ public class UserInfoController {
 	}
 
 	@Permission(value = "oauth.user.reset.login.password", tags = "重置用户密码")
-	@PostMapping("/resetLoginPassword")
-	public Result resetPasswd(@RequestBody Long[] ids) {
+	@PostMapping("/resetLoginPasswordByIds")
+	public Result resetLoginPasswordByIds(@RequestBody Long[] ids) {
 		String password = RandomUtil.get(6);
 		for (Long uid : ids) {
 			String salt = RandomUtil.getSalt();
 			String hashPassword = this.oauthService.generatePassword(password, salt);
 			this.userBaseInfoService.updatePassword(uid, hashPassword, salt, PasswordType.login);
 		}
-		return Result.instance(Result.Code.MESSAGE_SUCCESS).setData(password);
+		return Result.instance(Result.Code.SUCCESS).setData(password);
 	}
 
 

src/main/java/com/zhiqiyun/open/manager/params/ChangePasswordParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/ChangePasswordParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import com.zhiqiyun.open.utils.validation.StrongPassword;
 

src/main/java/com/zhiqiyun/open/manager/params/LoginParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/LoginParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import lombok.Data;
 

src/main/java/com/zhiqiyun/open/manager/params/QueryPageParams.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/QueryPageParams.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import com.zhiqiyun.open.mybatis.paginator.domain.Order;
 import com.zhiqiyun.open.mybatis.paginator.domain.PageBounds;

src/main/java/com/zhiqiyun/open/manager/params/QueryRoleParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/QueryRoleParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import lombok.Data;
 import lombok.EqualsAndHashCode;

src/main/java/com/zhiqiyun/open/manager/params/QueryUserParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/QueryUserParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import com.zhiqiyun.open.enmus.Gender;
 import com.zhiqiyun.open.enmus.UserState;

src/main/java/com/zhiqiyun/open/manager/params/SaveRoleParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/SaveRoleParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import lombok.Data;
 

src/main/java/com/zhiqiyun/open/manager/params/SaveUserBaseInfoParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/SaveUserBaseInfoParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import com.zhiqiyun.open.enmus.Gender;
 import lombok.Data;

src/main/java/com/zhiqiyun/open/manager/params/SaveUserParam.java → src/main/java/com/zhiqiyun/open/mvc/manager/params/SaveUserParam.java

@@ -1,4 +1,4 @@
-package com.zhiqiyun.open.manager.params;
+package com.zhiqiyun.open.mvc.manager.params;
 
 import com.zhiqiyun.open.enmus.Gender;
 import com.zhiqiyun.open.utils.validation.MobileNumber;

src/main/java/com/zhiqiyun/open/mvc/package-info.java

@@ -0,0 +1 @@
+package com.zhiqiyun.open.mvc;