一期

auth/src/main/java/com/rax/auth/support/base/OAuth2ResourceOwnerBaseAuthenticationProvider.java

@@ -224,7 +224,7 @@ public abstract class OAuth2ResourceOwnerBaseAuthenticationProvider<T extends OA
 
 			OAuth2Authorization authorization = authorizationBuilder.build();
 
-			checkIsLogin(authorization);
+//			checkIsLogin(authorization);
 
 			this.authorizationService.save(authorization);
 
@@ -305,7 +305,7 @@ public abstract class OAuth2ResourceOwnerBaseAuthenticationProvider<T extends OA
 	/**
 	 * 新登录用户会把老登录用户给踢下线
 	 */
-	private void checkIsLogin(OAuth2Authorization authorization) {
+	/*private void checkIsLogin(OAuth2Authorization authorization) {
 		String username = Base64.encode(authorization.getPrincipalName());
 		RedisTemplate<String, String> redisTemplate = SpringContextHolder.getBean(RedisTemplate.class);
 		String previousAccessToken = redisTemplate.opsForValue().get(LOGGED_IN + username + "::a::");
@@ -321,6 +321,6 @@ public abstract class OAuth2ResourceOwnerBaseAuthenticationProvider<T extends OA
 			String refreshToken = authorization.getRefreshToken().getToken().getTokenValue();
 			redisTemplate.opsForValue().set(LOGGED_IN + username + "::c::", refreshToken, clientDetailsById.getData().getRefreshTokenValidity(), TimeUnit.SECONDS);
 		}
-	}
+	}*/
 
 }

upms/upms-biz/src/main/java/com/rax/admin/controller/SysUserController.java

@@ -34,6 +34,7 @@ import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
+import java.util.regex.Pattern;
 
 /**
  * @author lengleng
@@ -54,6 +55,10 @@ public class SysUserController {
 
 	private final SysHospitalService sysHospitalService;
 
+	private final static String PASSWD_PATTERN = "^[a-zA-Z0-9]{8,16}$";
+
+	private final static String ACCOUNT_PATTERN = "^[a-zA-Z0-9]{2,16}$";
+
 	/**
 	 * 获取指定用户全部信息
 	 *
@@ -157,6 +162,15 @@ public class SysUserController {
 	@PostMapping
 	@PreAuthorize("@pms.hasPermission('sys_user_add')")
 	public R user(@RequestBody UserDTO userDto) {
+		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getPassword());
+		if (!matches) {
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
+		}
+
+		boolean accountMatches = Pattern.matches(ACCOUNT_PATTERN, userDto.getUsername());
+		if (!accountMatches) {
+			return R.failed("用户名至少2~16位字母或数字（区分大小写）");
+		}
 		return R.ok(userService.saveUser(userDto));
 	}
 
@@ -186,7 +200,22 @@ public class SysUserController {
 	@PostMapping("/page")
 	public R getUserPage(Page page, UserDTO userDTO) {
 		String hospitalId = sysHospitalService.getCurrentHospital();
+		if (StringUtils.hasText(hospitalId) && !"null".equals(hospitalId)) {
 			userDTO.setHospitalId(Long.valueOf(hospitalId));
+		} else {
+			RaxUser raxUser = (RaxUser) SecurityUtils.getAuthentication().getPrincipal();
+			List<SysRole> rolesByUserId = roleService.findRolesByUserId(raxUser.getId());
+			boolean isAdmin = false;
+			for (SysRole role: rolesByUserId) {
+				if (ADMIN_ROLE_CODE.equals(role.getRoleCode())) {
+					isAdmin = true;
+					break;
+				}
+			}
+			if (!isAdmin) {
+				return R.ok(new Page<>());
+			}
+		}
 		return R.ok(userService.getUsersWithRolePage(page, userDTO));
 	}
 
@@ -196,6 +225,7 @@ public class SysUserController {
 	 * @return 用户集合
 	 */
 	@PostMapping("/list")
+	@PreAuthorize("@pms.hasPermission('sys_user_list')")
 	public R getUserPage(Page page, String name) {
 		return R.ok(userService.getUsersPage(page, name));
 	}

upms/upms-biz/src/main/java/com/rax/admin/service/impl/SysUserServiceImpl.java

@@ -74,7 +74,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
 	private final RedisTemplate redisTemplate;
 
-	private final static String PASSWD_PATTERN = "^(?=.*\\d)(?=.*[a-zA-Z])(?=.*[^\\da-zA-Z\\s]).{9,15}$";
+	private final static String PASSWD_PATTERN = "^[a-zA-Z0-9]{8,16}$";
+
+	private final static String ACCOUNT_PATTERN = "^[a-zA-Z0-9]{2,16}$";
 
 	private final SysUserMapper userMapper;
 
@@ -94,7 +96,10 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		sysUser.setDelFlag(CommonConstants.STATUS_NORMAL);
 		sysUser.setCreateBy(userDto.getUsername());
 		sysUser.setPassword(ENCODER.encode(userDto.getPassword()));
-		sysUser.setHospitalId(Long.valueOf(sysHospitalService.getCurrentHospital()));
+		String hosptital = sysHospitalService.getCurrentHospital();
+		if (StringUtils.hasText(hosptital) && !"null".equals(hosptital)) {
+			sysUser.setHospitalId(Long.valueOf(hosptital));
+		}
 		baseMapper.insert(sysUser);
 		// 保存用户岗位信息
 		Optional.ofNullable(userDto.getPost()).ifPresent(posts -> {
@@ -412,6 +417,18 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		} else {
 			return R.failed("验证码已失效");
 		}
+
+		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getPassword());
+		if (!matches) {
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
+		}
+
+		boolean accountMatches = Pattern.matches(ACCOUNT_PATTERN, userDto.getUsername());
+		if (!accountMatches) {
+			return R.failed("用户名至少2~16位字母或数字（区分大小写）");
+		}
+
+
 		// 判断用户名是否存在
 		SysUser sysUser = this.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, userDto.getUsername()));
 		if (sysUser != null) {
@@ -459,6 +476,13 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 		if (StrUtil.isEmpty(userDto.getNewpassword1())) {
 			return R.failed("新密码不能为空");
 		}
+
+		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getNewpassword1());
+		if (!matches) {
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
+		}
+
+
 		String password = ENCODER.encode(userDto.getNewpassword1());
 
 		this.update(Wrappers.<SysUser>lambdaUpdate()
@@ -494,9 +518,11 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
 
 		boolean matches = Pattern.matches(PASSWD_PATTERN, userDto.getPassword());
 		if (!matches) {
-			return R.failed("密码至少包含字母、数字、特殊字符，不少于9位，最多15位");
+			return R.failed("密码至少8~16位字母或数字（区分大小写）");
 		}
-
+		Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+		// 立即删除
+		cache.evictIfPresent(userDto.getUsername());
 		String password = ENCODER.encode(userDto.getPassword());
 		this.update(Wrappers.<SysUser>lambdaUpdate()
 				.set(SysUser::getPassword, password)

upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/ChatHandler.java

@@ -14,6 +14,9 @@ import java.util.Map;
 import java.util.Timer;
 import java.util.TimerTask;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
 
 public class ChatHandler implements WebSocketHandler {
 	@Resource
@@ -22,7 +25,7 @@ public class ChatHandler implements WebSocketHandler {
 	@Resource
 	private ChatService chatService;
 
-	private Map<String, TimerTask> timerTaskMap = new ConcurrentHashMap();
+	private Map<String, ScheduledExecutorService> timerTaskMap = new ConcurrentHashMap();
 
 	@Override
 	public void afterConnectionEstablished(WebSocketSession session) throws Exception {
@@ -73,9 +76,8 @@ public class ChatHandler implements WebSocketHandler {
 
 	private void startHeartbeat(WebSocketSession session) {
 		if (!timerTaskMap.containsKey(session.getId())) {
-			TimerTask timerTask = new TimerTask() {
+			ScheduledExecutorService heartbeatExecutor = Executors.newScheduledThreadPool(1);
-				@Override
+			heartbeatExecutor.scheduleAtFixedRate(() -> {
-				public void run() {
 				try {
 					if (session.isOpen()) {
 						JSONObject jsonObject = new JSONObject();
@@ -90,17 +92,14 @@ public class ChatHandler implements WebSocketHandler {
 					e.printStackTrace();
 					stopHeartbeat(session);
 				}
-				}
+			}, 0, 10, TimeUnit.SECONDS);
-			};
+			timerTaskMap.put(session.getId(), heartbeatExecutor);
-			// 定时任务，设置1秒
-			Timer timer = new Timer();
-			timer.schedule(timerTask, 0, 1000);
-			timerTaskMap.put(session.getId(), timerTask);
 		}
 	}
 
 	private void stopHeartbeat(WebSocketSession session) {
-		TimerTask timerTask = timerTaskMap.get(session.getId());
+		ScheduledExecutorService heartbeatExecutor = timerTaskMap.get(session.getId());
-		timerTask.cancel();
+		heartbeatExecutor.shutdownNow();
 	}
+
 }

upms/upms-biz/src/main/java/com/rax/vital/handler/mysql/MedicineHandler.java

@@ -24,7 +24,9 @@ public class MedicineHandler implements WebSocketHandler {
 	@Resource
 	private OAuth2AuthorizationService authorizationService;
 
-	private Map<String, TimerTask> timerTaskMap = new ConcurrentHashMap();
+//	private Map<String, TimerTask> timerTaskMap = new ConcurrentHashMap();
+
+	private Map<String, ScheduledExecutorService> timerTaskMap = new ConcurrentHashMap();
 
 	@Override
 	public void afterConnectionEstablished(WebSocketSession session) {
@@ -71,9 +73,8 @@ public class MedicineHandler implements WebSocketHandler {
 
 	private void startHeartbeat(WebSocketSession session) {
 		if (!timerTaskMap.containsKey(session.getId())) {
-			TimerTask timerTask = new TimerTask() {
+			ScheduledExecutorService heartbeatExecutor = Executors.newScheduledThreadPool(1);
-				@Override
+			heartbeatExecutor.scheduleAtFixedRate(() -> {
-				public void run() {
 				try {
 					if (session.isOpen()) {
 						JSONObject jsonObject = new JSONObject();
@@ -88,17 +89,14 @@ public class MedicineHandler implements WebSocketHandler {
 					e.printStackTrace();
 					stopHeartbeat(session);
 				}
-				}
+			}, 0, 10, TimeUnit.SECONDS);
-			};
+			timerTaskMap.put(session.getId(), heartbeatExecutor);
-			// 定时任务，设置1秒
-			Timer timer = new Timer();
-			timer.schedule(timerTask, 0, 1000);
-			timerTaskMap.put(session.getId(), timerTask);
 		}
 	}
 
 	private void stopHeartbeat(WebSocketSession session) {
-		TimerTask timerTask = timerTaskMap.get(session.getId());
+		ScheduledExecutorService heartbeatExecutor = timerTaskMap.get(session.getId());
-		timerTask.cancel();
+		heartbeatExecutor.shutdownNow();
 	}
+
 }

upms/upms-biz/src/main/java/com/rax/vital/medicine/service/impl/ChatServiceImpl.java

@@ -22,10 +22,7 @@ import org.springframework.web.socket.TextMessage;
 import org.springframework.web.socket.WebSocketSession;
 
 import java.io.IOException;
-import java.sql.Connection;
+import java.sql.*;
-import java.sql.PreparedStatement;
-import java.sql.SQLException;
-import java.sql.Statement;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
@@ -178,6 +175,27 @@ public class ChatServiceImpl implements ChatService {
 						sessionMap.put(session.getId(), session);
 					}
 				}
+
+				String sql = "select content, create_time \"creatTime\", create_user \"createUser\", create_name \"createName\" from t_chat where deleted = 0 and revoked = 0 order by create_time asc ";
+				Connection connection = dataSource.getConnection();
+				try {
+					Statement statement = connection.createStatement();
+					ResultSet resultSet = statement.executeQuery(sql);
+					while (resultSet.next()) {
+						Map map = new HashMap();
+						map.put("content", resultSet.getString("content"));
+						map.put("creatTime", resultSet.getString("creatTime"));
+						map.put("createUser", resultSet.getString("createUser"));
+						map.put("createName", resultSet.getString("createName"));
+						history.add(map);
+					}
+					JSONObject param = new JSONObject();
+					param.put("history", history);
+					param.put("msgType", "msg");
+					session.sendMessage(new TextMessage(param.toJSONString().getBytes()));
+				} catch (Exception e) {
+					e.printStackTrace();
+				}
 			} else {
 				JSONObject jsonObject = new JSONObject();
 				jsonObject.put("status", 1);
@@ -193,10 +211,10 @@ public class ChatServiceImpl implements ChatService {
 			}
 		}
 
-		SysUser sysUser = SysUserService.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, username));
-
 		if (StringUtils.hasText(msg)) {
 			JSONObject param = new JSONObject();
+			SysUser sysUser = SysUserService.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, username));
+
 			Connection connection = dataSource.getConnection();
 			try {
 				Statement statement = connection.createStatement();
@@ -238,8 +256,8 @@ public class ChatServiceImpl implements ChatService {
 				e.printStackTrace();
 			}
 
-			Map<String, WebSocketSession> sessionMap = databaseSessionMap.get(databaseName);
+			Map<String, WebSocketSession> sessionMap1 = databaseSessionMap.get(databaseName);
-			for (Map.Entry<String, WebSocketSession> entry : sessionMap.entrySet()) {
+			for (Map.Entry<String, WebSocketSession> entry : sessionMap1.entrySet()) {
 				WebSocketSession value = entry.getValue();
 				try {
 					value.sendMessage(new TextMessage(param.toJSONString().getBytes()));

upms/upms-biz/src/main/resources/mapper/SysUserMapper.xml

@@ -75,26 +75,24 @@
 	<select id="getUserVoByUsername" resultMap="baseResultMap">
 		SELECT
 		<include refid="userRoleSql"/>
-        FROM
+		FROM sys_user u
-        sys_user u
 				 LEFT JOIN sys_user_role urole ON urole.user_id = u.user_id
 				 LEFT JOIN sys_role r ON r.role_id = urole.role_id and r.del_flag = '0'
-        WHERE u.username = #{username} and u.del_flag = '0'
+		WHERE u.username = #{username}
+		  and u.del_flag = '0'
 	</select>
 
 	<select id="getUserVoById" resultMap="baseResultMap">
 		SELECT
 		<include refid="userRoleDeptSql"/>
-        FROM
+		FROM sys_user u
-        sys_user u
 				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id and d.del_flag = '0'
-        WHERE
+		WHERE u.user_id = #{id}
-        u.user_id = #{id} and u.del_flag = '0'
+		  and u.del_flag = '0'
 	</select>
 
 	<select id="getUserVosPage" resultMap="baseResultMap">
-        SELECT
+		SELECT u.user_id,
-        u.user_id,
 			   u.username,
 			   u.password,
 			   u.salt,
@@ -112,13 +110,13 @@
 			   u.name,
 			   u.email,
 			   d.name        dept_name
-        FROM
+		FROM sys_user u
-        sys_user u
 				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
 		<where>
-            u.del_flag = '0'
+			u.del_flag = '0' and u.user_id != '1'
-			and
+			<if test="query.hospitalId != null and query.hospitalId != ''">
-			u.hospital_id = #{query.hospitalId}
+				and u.hospital_id = #{query.hospitalId}
+			</if>
 			<if test="query.name != null and query.name != ''">
 				<bind name="nameLike" value="'%' + query.name + '%'"/>
 				AND u.name LIKE #{nameLike}
@@ -142,8 +140,7 @@
 	</select>
 
 	<select id="getUsersPage" resultMap="baseResultMap">
-		SELECT
+		SELECT u.user_id,
-		u.user_id,
 			   u.username,
 			   u.password,
 			   u.salt,
@@ -161,11 +158,10 @@
 			   u.name,
 			   u.email,
 			   d.name        dept_name
-		FROM
+		FROM sys_user u
-		sys_user u
 				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
 		<where>
-			u.del_flag = '0'
+			u.del_flag = '0' and u.user_id != '1'
 			<if test="name != null and name != ''">
 				<bind name="nameLike" value="'%' + name + '%'"/>
 				AND u.name LIKE #{nameLike}
@@ -176,8 +172,7 @@
 	</select>
 
 	<select id="selectVoList" resultMap="baseResultMap">
-        SELECT
+		SELECT u.user_id,
-        u.user_id,
 			   u.username,
 			   u.password,
 			   u.salt,
@@ -195,8 +190,7 @@
 			   u.name,
 			   u.email,
 			   d.name        dept_name
-        FROM
+		FROM sys_user u
-        sys_user u
 				 LEFT JOIN sys_dept d ON d.dept_id = u.dept_id
 		<where>
 			u.del_flag = '0'
@@ -217,11 +211,14 @@
 	<select id="getUserListByHospital" resultType="map">
 		SELECT user_id "id", name, hospital_id "hospitalId", phone
 		FROM sys_user
-		WHERE del_flag = 0 AND hospital_id = #{hospitalId} ORDER BY create_time DESC;
+		WHERE del_flag = 0
+		  AND hospital_id = #{hospitalId}
+		ORDER BY create_time DESC;
 	</select>
 
 	<update id="deleteByIds">
-		update sys_user set del_flag = 1
+		update sys_user
+		set del_flag = 1
 		where
 		<if test="ids != null and ids.length != 0">
 			<foreach item="item" index="index" collection="ids"
@@ -234,23 +231,24 @@
 	<select id="getUserCount" resultType="long">
 		select count(*)
 		from sys_user
-        where del_flag = 0
+		where del_flag = 0 and user_id != '1'
 	</select>
 
 	<select id="getUserCountSlot" resultType="long">
 		select count(*)
 		from sys_user
-		where del_flag = 0 and create_time <![CDATA[ >= ]]> #{start} and create_time <![CDATA[ <= ]]> #{end}
+		where del_flag = 0 and user_id != '1'
+		  and create_time <![CDATA[ >= ]]> #{start}
+		  and create_time <![CDATA[ <= ]]> #{end}
 	</select>
 
 	<select id="getCountByDate" resultType="map">
-		select DATE_FORMAT(create_time, '%Y-%m-%d') "date", count(*) "count" from sys_user
+		select DATE_FORMAT(create_time, '%Y-%m-%d') "date", count(*) "count"
-		where
+		from sys_user
-		del_flag = 0
+		where del_flag = 0 and user_id != 1
 		  and create_time <![CDATA[ >= ]]> #{startTime}
 		  and create_time <![CDATA[ <= ]]> #{endTime}
 		GROUP BY DATE_FORMAT(create_time, '%Y-%m-%d')
 		ORDER BY DATE_FORMAT(create_time, '%Y-%m-%d') asc;
 	</select>
-
 </mapper>