xiaozhang/xinli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修正接口

Browse Source
This commit is contained in:
胡圣锋 2025-11-16 01:49:47 +08:00
parent 06bb112c7f
commit 0036540fcd
5 changed files with 53 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ruoyi-ui/src/views/login.vue
View File

@ -1,6 +1,6 @@
<template> <template>
<div class="login"> <div class="login">
<el-form ref="loginForm" :model="loginForm" :rules="loginRules" class="login-form"> <el-form ref="loginForm" :model="loginForm" :rules="loginRules" :class="['login-form', { 'admin-mode': isAdminMode }]">
<h1 style="text-align: center; color: #1890ff;">心理健康测评系统</h1> <h1 style="text-align: center; color: #1890ff;">心理健康测评系统</h1>
<h3 class="title">{{ isAdminMode ? '管理员登录' : '学员登录' }}</h3> <h3 class="title">{{ isAdminMode ? '管理员登录' : '学员登录' }}</h3>
@ -341,6 +341,9 @@ export default {
padding: 25px 25px 5px 25px; padding: 25px 25px 5px 25px;
z-index: 1; z-index: 1;
border: 1px solid #dcdfe6; border: 1px solid #dcdfe6;
&.admin-mode {
border: 1px solid #606266;
}
.el-input { .el-input {
height: 38px; height: 38px;
input { input {
@ -410,13 +413,13 @@ export default {
display: block; display: block;
} }
.admin-login-link { .admin-login-link {
color: #409EFF; color: #a4b2c0;
font-size: 16px; font-size: 16px;
font-weight: bold; font-weight: bold;
text-decoration: none; text-decoration: none;
display: inline-block; display: inline-block;
padding: 6px 20px; padding: 3px 20px;
border: 2px solid #409EFF; border: 1px solid #9aaec2;
border-radius: 4px; border-radius: 4px;
transition: all 0.3s; transition: all 0.3s;
cursor: pointer; cursor: pointer;

9
ry-xinli-framework/src/main/java/com/ddnai/framework/config/ResourcesConfig.java
View File

@ -55,12 +55,19 @@ public class ResourcesConfig implements WebMvcConfigurer
public CorsFilter corsFilter() public CorsFilter corsFilter()
{ {
CorsConfiguration config = new CorsConfiguration(); CorsConfiguration config = new CorsConfiguration();
// 设置访问源地址 // 设置访问源地址使用 addAllowedOriginPattern 支持通配符
// 注意如果设置了 allowCredentials(true)则不能使用 "*"必须指定具体源地址
config.addAllowedOriginPattern("*"); config.addAllowedOriginPattern("*");
// 设置访问源请求头 // 设置访问源请求头
config.addAllowedHeader("*"); config.addAllowedHeader("*");
// 设置访问源请求方法 // 设置访问源请求方法
config.addAllowedMethod("*"); config.addAllowedMethod("*");
// 允许发送凭证信息cookies等
// 注意当使用通配符 "*" allowCredentials 必须为 false
// 如果需要发送凭证请使用 addAllowedOrigin 指定具体源地址
// config.addAllowedOrigin("http://1.15.149.240:20001");
// config.setAllowCredentials(true);
config.setAllowCredentials(false);
// 有效期 1800秒 // 有效期 1800秒
config.setMaxAge(1800L); config.setMaxAge(1800L);
// 添加映射路径拦截一切请求 // 添加映射路径拦截一切请求

11
ry-xinli-framework/src/main/java/com/ddnai/framework/config/SecurityConfig.java
View File

@ -15,7 +15,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.firewall.HttpFirewall; import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.web.filter.CorsFilter; import org.springframework.web.filter.CorsFilter;
@ -134,8 +133,10 @@ public class SecurityConfig
// 注解标记允许匿名访问的url // 注解标记允许匿名访问的url
.authorizeHttpRequests((requests) -> { .authorizeHttpRequests((requests) -> {
permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll()); permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
// 对于登录login 学员登录student/login 注册register 验证码captchaImage 允许匿名访问 // OPTIONS 预检请求允许匿名访问CORS 需要
requests.antMatchers("/login", "/student/login", "/register", "/captchaImage").permitAll() requests.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
// 对于登录login 学员登录student/login 注册register 验证码captchaImage 退出logout 允许匿名访问
.antMatchers("/login", "/student/login", "/register", "/captchaImage", "/logout").permitAll()
// API接口可匿名访问 // API接口可匿名访问
.antMatchers("/api/**").permitAll() .antMatchers("/api/**").permitAll()
// 静态资源可匿名访问 // 静态资源可匿名访问
@ -144,10 +145,10 @@ public class SecurityConfig
// 除上面外的所有请求全部需要鉴权认证 // 除上面外的所有请求全部需要鉴权认证
.anyRequest().authenticated(); .anyRequest().authenticated();
}) })
// 添加CORS filter最前面处理跨域必须在所有其他过滤器之前
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
// 添加Logout filter // 添加Logout filter
.logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler)) .logout(logout -> logout.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler))
// 添加CORS filter最前面处理跨域
.addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
// 添加JWT filter // 添加JWT filter
.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class) .addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
.build(); .build();

1
ry-xinli-framework/src/main/java/com/ddnai/framework/security/filter/SystemDisabledFilter.java
View File

@ -49,6 +49,7 @@ public class SystemDisabledFilter extends OncePerRequestFilter
"/register", "/register",
"/captchaImage", "/captchaImage",
"/student/login", "/student/login",
"/logout",
"/system/config/configKey/sys.system.disabled", "/system/config/configKey/sys.system.disabled",
"/system/config/configKey/sys.system.expireDate", "/system/config/configKey/sys.system.expireDate",
"/system/config/configKey/sys.system.disabledMessage", "/system/config/configKey/sys.system.disabledMessage",

24
ry-xinli-framework/src/main/java/com/ddnai/framework/security/handle/LogoutSuccessHandlerImpl.java
View File

@ -38,6 +38,24 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
@Override @Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException throws IOException, ServletException
{
// 设置 CORS 响应头解决跨域问题
String origin = request.getHeader("Origin");
if (origin != null)
{
response.setHeader("Access-Control-Allow-Origin", origin);
}
else
{
response.setHeader("Access-Control-Allow-Origin", "*");
}
response.setHeader("Access-Control-Allow-Credentials", "false");
response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.setHeader("Access-Control-Allow-Headers", "*");
response.setHeader("Access-Control-Max-Age", "1800");
// 尝试获取登录用户信息如果获取失败例如token已过期或无效也允许退出
try
{ {
LoginUser loginUser = tokenService.getLoginUser(request); LoginUser loginUser = tokenService.getLoginUser(request);
if (StringUtils.isNotNull(loginUser)) if (StringUtils.isNotNull(loginUser))
@ -48,6 +66,12 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
// 记录用户退出日志 // 记录用户退出日志
AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGOUT, MessageUtils.message("user.logout.success"))); AsyncManager.me().execute(AsyncFactory.recordLogininfor(userName, Constants.LOGOUT, MessageUtils.message("user.logout.success")));
} }
}
catch (Exception e)
{
// 获取用户信息失败例如token已过期仍然允许退出只是不删除token和记录日志
// 这种情况通常发生在token已过期但用户仍然点击退出按钮的场景
}
ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.success(MessageUtils.message("user.logout.success")))); ServletUtils.renderString(response, JSON.toJSONString(AjaxResult.success(MessageUtils.message("user.logout.success"))));
} }
} }