为Shiro做准备

src/xyz/luxnk/lproject/MainModule.java

@@ -1,5 +1,6 @@
 package xyz.luxnk.lproject;
 
+import org.nutz.integration.shiro.ShiroSessionProvider;
 import org.nutz.mvc.annotation.*;
 import org.nutz.mvc.ioc.provider.ComboIocProvider;
 
@@ -13,6 +14,7 @@ import org.nutz.mvc.ioc.provider.ComboIocProvider;
 @Fail("jsp:jsp.500")
 @Localization(value = "msg/", defaultLocalizationKey = "zh-CN")
 @ChainBy(args = "mvc/luxnkproject-mvc-chain.js")
+@SessionBy(ShiroSessionProvider.class)
 public class MainModule {
 
 }

src/xyz/luxnk/lproject/MainSetup.java

@@ -9,6 +9,7 @@ import org.nutz.ioc.Ioc;
 import org.nutz.mvc.NutConfig;
 import org.nutz.mvc.Setup;
 import xyz.luxnk.lproject.bean.UserInfo;
+import xyz.luxnk.lproject.service.UserService;
 import xyz.luxnk.lproject.util.SnowflakeIdWorker;
 
 import java.util.Date;
@@ -23,16 +24,13 @@ public class MainSetup implements Setup {
         Ioc ioc = nc.getIoc();
         Dao dao = ioc.get(Dao.class);
         Daos.createTablesInPackage(dao, "xyz.luxnk.lproject", false);
+        Daos.migration(dao, UserInfo.class, true, false, false);
         CustomMake.me().register("snowflake", ioc.get(SnowflakeIdWorker.class));
 
         // 如果用户表中没有数据，插入一条默认数据
         if (dao.count(UserInfo.class) == 0) {
-            UserInfo userInfo = new UserInfo();
-            userInfo.setUsername("Luxnk");
-            userInfo.setPassword("111111");
-            userInfo.setCreateTime(new Date());
-            userInfo.setUpdateTime(new Date());
-            dao.insert(userInfo);
+            UserService us = ioc.get(UserService.class);
+            us.add("Luxnk", "111111");
         }
 
         // 获取NutQuartzCronJobFactory从而触发计划任务的初始化与启动

src/xyz/luxnk/lproject/bean/Permission.java

@@ -0,0 +1,52 @@
+package xyz.luxnk.lproject.bean;
+
+import org.nutz.dao.entity.annotation.*;
+
+@Table("permission")
+public class Permission extends BasePojo {
+
+    @Id
+    protected long id;
+
+    @Name
+    protected String name;
+
+    @Column
+    protected String alias;
+
+    @Column
+    @ColDefine(type = ColType.VARCHAR, width = 500)
+    private String description;
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getAlias() {
+        return alias;
+    }
+
+    public void setAlias(String alias) {
+        this.alias = alias;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+}

src/xyz/luxnk/lproject/bean/Role.java

@@ -0,0 +1,65 @@
+package xyz.luxnk.lproject.bean;
+
+import org.nutz.dao.entity.annotation.*;
+
+import java.util.List;
+
+@Table("role")
+public class Role extends BasePojo {
+
+    @Id
+    protected long id;
+
+    @Name
+    protected String name;
+
+    @Column
+    protected String alias;
+
+    @Column
+    @ColDefine(type = ColType.VARCHAR, width = 500)
+    private String description;
+
+    @ManyMany(from = "role_id", relation = "relation_role_permission", target = Permission.class, to = "permission_id")
+    protected List<Permission> permissions;
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getAlias() {
+        return alias;
+    }
+
+    public void setAlias(String alias) {
+        this.alias = alias;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public List<Permission> getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(List<Permission> permissions) {
+        this.permissions = permissions;
+    }
+}

src/xyz/luxnk/lproject/bean/UserInfo.java

@@ -3,6 +3,7 @@ package xyz.luxnk.lproject.bean;
 import org.nutz.dao.entity.annotation.*;
 
 import java.util.Date;
+import java.util.List;
 
 /**
  * 用户基本信息Pojo
@@ -24,6 +25,15 @@ public class UserInfo extends BasePojo {
     @Column
     private String salt;
 
+    @Column
+    private boolean locked;
+
+    @ManyMany(from = "u_id", relation = "relation_user_role", target = Role.class, to = "role_id")
+    private List<Role> roles;
+
+    @ManyMany(from = "u_id", relation = "relation_user_permission", target = Permission.class, to = "permission_id")
+    private List<Permission> permissions;
+
     @One(target = UserProfile.class, field = "id", key = "userId")
     private UserProfile profile;
 
@@ -59,6 +69,30 @@ public class UserInfo extends BasePojo {
         this.salt = salt;
     }
 
+    public boolean isLocked() {
+        return locked;
+    }
+
+    public void setLocked(boolean locked) {
+        this.locked = locked;
+    }
+
+    public List<Role> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(List<Role> roles) {
+        this.roles = roles;
+    }
+
+    public List<Permission> getPermissions() {
+        return permissions;
+    }
+
+    public void setPermissions(List<Permission> permissions) {
+        this.permissions = permissions;
+    }
+
     public UserProfile getProfile() {
         return profile;
     }

src/xyz/luxnk/lproject/module/UserModule.java

@@ -1,10 +1,12 @@
 package xyz.luxnk.lproject.module;
 
+import org.apache.shiro.SecurityUtils;
 import org.nutz.aop.interceptor.ioc.TransAop;
 import org.nutz.dao.Cnd;
 import org.nutz.dao.Dao;
 import org.nutz.dao.QueryResult;
 import org.nutz.dao.pager.Pager;
+import org.nutz.integration.shiro.SimpleShiroToken;
 import org.nutz.ioc.aop.Aop;
 import org.nutz.ioc.loader.annotation.Inject;
 import org.nutz.ioc.loader.annotation.IocBean;
@@ -15,6 +17,7 @@ import org.nutz.mvc.annotation.*;
 import org.nutz.mvc.filter.CheckSession;
 import xyz.luxnk.lproject.bean.UserInfo;
 import xyz.luxnk.lproject.bean.UserProfile;
+import xyz.luxnk.lproject.service.UserService;
 import xyz.luxnk.lproject.util.Toolkit;
 
 import javax.servlet.http.HttpSession;
@@ -27,6 +30,9 @@ import java.util.Date;
 @Filters(@By(type = CheckSession.class, args = {"me", "/"}))    // 检查当前Session是否带me这个属性
 public class UserModule extends BaseModule {
 
+    @Inject
+    protected UserService userService;
+
     @At("/")
     @Ok("jsp:jsp.user.list")    // 真实路径是 /WEB-INF/jsp/user/list.jsp
     public void index() {}
@@ -54,11 +60,13 @@ public class UserModule extends BaseModule {
         if (!Toolkit.checkCaptcha(_captcha, captcha)) {
             return re.setv("ok", false).setv("msg", "验证码错误");
         }
-        UserInfo userInfo = dao.fetch(UserInfo.class, Cnd.where("username", "=", username).and("password", "=", password));
-        if (userInfo == null) {
+        String userId = userService.fetch(username, password);
+        //UserInfo userInfo = dao.fetch(UserInfo.class, Cnd.where("username", "=", username).and("password", "=", password));
+        if (userId.equals("")) {
             return re.setv("ok", false).setv("msg", "用户名或密码错误");
         } else {
-            session.setAttribute("me", userInfo.getId());
+            session.setAttribute("me", userId);
+            //SecurityUtils.getSubject().login(new SimpleShiroToken(userId));
             return re.setv("ok", true);
         }
     }
@@ -123,29 +131,24 @@ public class UserModule extends BaseModule {
         if (msg != null) {
             return re.setv("ok", false).setv("msg", msg);
         }
-        userInfo.setCreateTime(new Date());
-        userInfo.setUpdateTime(new Date());
-        userInfo = dao.insert(userInfo);
+        userInfo = userService.add(userInfo.getUsername(), userInfo.getPassword());
         return re.setv("ok", true).setv("data", userInfo);
     }
 
     /**
-     * 更新用户
-     * @param userInfo
+     * 更新用户密码
+     * @param password
+     * @param me
      * @return
      */
     @At
-    public Object update(@Param("..")UserInfo userInfo) {
-       NutMap re = new NutMap();
-       String msg = checkUser(userInfo, false);
-       if (msg != null) {
-           return re.setv("ok", false).setv("msg", msg);
-       }
-       userInfo.setUsername(null);  // 不允许更新用户名
-       userInfo.setCreateTime(null);    // 不允许更新创建时间
-       userInfo.setUpdateTime(new Date());  // 设置正确的更新时间
-       dao.updateIgnoreNull(userInfo);  // 真正更新的其实只有password和salt
-       return re.setv("ok", true);
+    public Object update(@Param("password")String password, @Attr("me")String me) {
+        NutMap re = new NutMap();
+        if (Strings.isBlank(password) || password.length() < 6) {
+            return re.setv("ok", false).setv("msg", "密码不符合要求");
+        }
+        userService.updatePassword(me, password);
+        return re.setv("ok", true);
     }
 
     /**

src/xyz/luxnk/lproject/service/UserService.java

@@ -0,0 +1,65 @@
+package xyz.luxnk.lproject.service;
+
+import org.apache.shiro.crypto.hash.Sha256Hash;
+import org.nutz.dao.Cnd;
+import org.nutz.ioc.loader.annotation.IocBean;
+import org.nutz.lang.random.R;
+import org.nutz.service.IdNameEntityService;
+import xyz.luxnk.lproject.bean.UserInfo;
+
+import java.util.Date;
+
+@IocBean(fields = "dao")
+public class UserService extends IdNameEntityService<UserInfo> {
+
+    /**
+     * 添加新用户
+     * @param username
+     * @param password
+     * @return
+     */
+    public UserInfo add(String username, String password) {
+        UserInfo userInfo = new UserInfo();
+        userInfo.setUsername(username.trim());
+        userInfo.setSalt(R.UU16());
+        userInfo.setPassword(new Sha256Hash(password, userInfo.getSalt()).toHex());
+        userInfo.setCreateTime(new Date());
+        userInfo.setUpdateTime(new Date());
+        return dao().insert(userInfo);
+    }
+
+    /**
+     * 根据用户名密码验证用户登录信息
+     * @param username
+     * @param password
+     * @return
+     */
+    public String fetch(String username, String password) {
+        UserInfo userInfo = dao().fetch(UserInfo.class, Cnd.where("username", "=", username));
+        if (userInfo == null) {
+            return "";
+        }
+        String _pass = new Sha256Hash(password, userInfo.getSalt()).toHex();
+        if (_pass.equalsIgnoreCase(userInfo.getPassword())) {
+            return userInfo.getId();
+        }
+        return "";
+    }
+
+    /**
+     * 更新用户密码
+     * @param userId
+     * @param password
+     */
+    public void updatePassword(String userId, String password) {
+        UserInfo userInfo = fetch(userId);
+        if (userInfo == null) {
+            return;
+        }
+        userInfo.setSalt(R.UU16());
+        userInfo.setPassword(new Sha256Hash(password, userInfo.getSalt()).toHex());
+        userInfo.setUpdateTime(new Date());
+        dao().update(userInfo, "^(password|salt|updateTime)$");
+    }
+
+}