新增h5登录接口

ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java

@@ -1,5 +1,6 @@
 package com.ruoyi.web.controller.system;
 
+import com.ruoyi.common.annotation.Anonymous;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.domain.entity.SysMenu;
@@ -25,30 +26,6 @@ import java.util.Date;
 import java.util.List;
 import java.util.Set;
 
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
-import org.springframework.web.bind.annotation.RestController;
-import com.ruoyi.common.constant.Constants;
-import com.ruoyi.common.core.domain.AjaxResult;
-import com.ruoyi.common.core.domain.entity.SysMenu;
-import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.domain.model.LoginBody;
-import com.ruoyi.common.core.domain.model.LoginUser;
-import com.ruoyi.common.core.text.Convert;
-import com.ruoyi.common.utils.DateUtils;
-import com.ruoyi.common.utils.SecurityUtils;
-import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.framework.web.service.SysLoginService;
-import com.ruoyi.framework.web.service.SysPermissionService;
-import com.ruoyi.framework.web.service.TokenService;
-import com.ruoyi.system.service.ISysConfigService;
-import com.ruoyi.system.service.ISysMenuService;
-
 /**
  * 登录验证
  *
@@ -90,6 +67,19 @@ public class SysLoginController
     }
 
     /**
+     * H5 登录（不校验验证码，匿名可访问）。账号须在菜单权限标识或角色权限字符中包含「h5」。
+     */
+    @Anonymous
+    @PostMapping("/h5/login")
+    public AjaxResult loginH5(@RequestBody LoginBody loginBody)
+    {
+        AjaxResult ajax = AjaxResult.success();
+        String token = loginService.loginH5(loginBody.getUsername(), loginBody.getPassword());
+        ajax.put(Constants.TOKEN, token);
+        return ajax;
+    }
+
+    /**
      * 获取用户信息
      *
      * @return 用户信息

ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java

@@ -7,6 +7,7 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
+import java.util.Set;
 import com.ruoyi.common.constant.CacheConstants;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.constant.UserConstants;
@@ -36,6 +37,9 @@ import com.ruoyi.system.service.ISysUserService;
 @Component
 public class SysLoginService
 {
+    /** H5 端要求的权限字符，对应菜单「权限标识」sys_menu.perms 或角色「权限字符」sys_role.role_key */
+    public static final String H5_MENU_PERM = "h5";
+
     @Autowired
     private TokenService tokenService;
 
@@ -51,6 +55,9 @@ public class SysLoginService
     @Autowired
     private ISysConfigService configService;
 
+    @Autowired
+    private SysPermissionService permissionService;
+
     /**
      * 登录验证
      * 
@@ -103,6 +110,76 @@ public class SysLoginService
     }
 
     /**
+     * H5 端登录（不校验验证码）。账号须具备权限字符 h5：出现在菜单权限标识（perms）或角色权限字符（role_key，支持逗号多值）中任一即可。
+     *
+     * @param username 用户名
+     * @param password 密码
+     * @return JWT
+     */
+    public String loginH5(String username, String password)
+    {
+        loginPreCheck(username, password);
+        Authentication authentication = null;
+        try
+        {
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
+            AuthenticationContextHolder.setContext(authenticationToken);
+            authentication = authenticationManager.authenticate(authenticationToken);
+        }
+        catch (Exception e)
+        {
+            if (e instanceof BadCredentialsException)
+            {
+                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));
+                throw new UserPasswordNotMatchException();
+            }
+            else
+            {
+                AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));
+                throw new ServiceException(e.getMessage());
+            }
+        }
+        finally
+        {
+            AuthenticationContextHolder.clearContext();
+        }
+        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
+        if (!hasH5PermissionMarker(loginUser.getPermissions())
+                && !hasH5PermissionMarker(permissionService.getRolePermission(loginUser.getUser())))
+        {
+            AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.login.h5.denied")));
+            throw new ServiceException(MessageUtils.message("user.login.h5.denied"));
+        }
+        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
+        recordLoginInfo(loginUser.getUserId());
+        return tokenService.createToken(loginUser, userService.selectUserByUserName(username).getOrgId());
+    }
+
+    /** 菜单权限标识（sys_menu.perms）或角色权限字符（sys_role.role_key）中需包含该值之一 */
+    private boolean hasH5PermissionMarker(Set<String> markers)
+    {
+        if (markers == null || markers.isEmpty())
+        {
+            return false;
+        }
+        for (String perm : markers)
+        {
+            if (StringUtils.isEmpty(perm))
+            {
+                continue;
+            }
+            for (String part : perm.split(","))
+            {
+                if (H5_MENU_PERM.equals(part.trim()))
+                {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
+
+    /**
      * 校验验证码
      * 
      * @param username 用户名