fix 密码强校验,微信登录后台账号返回token

ruoyi-admin/src/main/java/com/ruoyi/web/controller/wx/WxPayController.java

@@ -1,40 +1,26 @@
 package com.ruoyi.web.controller.wx;
 
-import com.alibaba.fastjson.JSONObject;
-import com.ruoyi.common.constant.CacheConstants;
+
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
-import com.ruoyi.common.core.domain.entity.SysDept;
 import com.ruoyi.common.core.domain.entity.SysUser;
-import com.ruoyi.common.core.domain.model.LoginUser;
-import com.ruoyi.common.enums.UserStatus;
 import com.ruoyi.common.exception.base.BaseException;
-import com.ruoyi.common.utils.ServletUtils;
 import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.ip.IpUtils;
-import com.ruoyi.common.utils.uuid.IdUtils;
 import com.ruoyi.framework.web.service.SysLoginService;
 import com.ruoyi.system.domain.wx.AppletLoginForm;
 import com.ruoyi.system.domain.wx.AppletSessionDTO;
 import com.ruoyi.system.domain.wx.WxPayOrderReqVo;
-import com.ruoyi.system.domain.wx.WxPayRespVo;
-import com.ruoyi.system.service.ISysPostService;
 import com.ruoyi.system.service.ISysUserService;
 import com.ruoyi.system.service.IWxPayService;
 import io.swagger.annotations.ApiOperation;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
-import utils.WxCodeSessionUtil;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
+
 
 /**
  * @Author: tjf
@@ -77,7 +63,7 @@ public class WxPayController extends BaseController {
     @PostMapping("/jsCode")
     public AjaxResult code2Session(@RequestBody AppletLoginForm form) {
         AjaxResult ajax = AjaxResult.success();
-        AppletSessionDTO dto = WxCodeSessionUtil.jscode2Session(form);
+        AppletSessionDTO dto = wxPayService.jscode2Session(form);
         ajax.put(Constants.APPLETSESSIONDTO, dto);
         String phoneNumber = dto.getPhoneNumber();
         if (StringUtils.isBlank(phoneNumber)) {

ruoyi-admin/src/main/resources/application.yml

@@ -77,13 +77,13 @@ xss:
 # 微信小程序支付配置信息
 wx:
   # 微信小程序appid
-  app-id: xxxxx
+  app-id: wx4492fe7554b0cb0a
   # 商户号
   mch-id: xxxx
   # 证书序列号
   mch-serial-no: xxxxx
   # 小程序密钥
-  app-secret: xxxxxx
+  app-secret: 4b0d27de8fe102c788acaa757e421f78
   # api密钥
   api-key: xxxxxxxx
   # 回调接口地址

ruoyi-system/src/main/java/com/ruoyi/system/service/IWxPayService.java

@@ -1,6 +1,8 @@
 package com.ruoyi.system.service;
 
 import com.ruoyi.common.core.domain.AjaxResult;
+import com.ruoyi.system.domain.wx.AppletLoginForm;
+import com.ruoyi.system.domain.wx.AppletSessionDTO;
 import com.ruoyi.system.domain.wx.WxPayOrderReqVo;
 
 import javax.servlet.http.HttpServletRequest;
@@ -23,4 +25,6 @@ public interface IWxPayService {
      * @return
      */
     void payNotify(HttpServletRequest request);
+
+    AppletSessionDTO jscode2Session(AppletLoginForm form);
 }

ruoyi-system/src/main/java/com/ruoyi/system/service/impl/WxPayServiceImpl.java

@@ -3,11 +3,11 @@ package com.ruoyi.system.service.impl;
 
 
 
+import com.alibaba.fastjson.JSONObject;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.exception.ServiceException;
-import com.ruoyi.system.domain.wx.WxPayOrderReqVo;
-import com.ruoyi.system.domain.wx.WxPayRespVo;
-import com.ruoyi.system.domain.wx.WxPayV3Bean;
+import com.ruoyi.common.utils.sign.Base64;
+import com.ruoyi.system.domain.wx.*;
 import com.ruoyi.system.service.IWxPayService;
 import com.wechat.pay.java.core.Config;
 import com.wechat.pay.java.core.RSAAutoCertificateConfig;
@@ -20,7 +20,11 @@ import com.wechat.pay.java.service.payments.jsapi.model.Amount;
 import com.wechat.pay.java.service.payments.jsapi.model.Payer;
 import com.wechat.pay.java.service.payments.jsapi.model.PrepayRequest;
 import com.wechat.pay.java.service.payments.jsapi.model.PrepayResponse;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
+import utils.AppletDecryptDataUtil;
+import utils.HttpClientUtils;
 import utils.WxPayUtil;
 
 import javax.annotation.Resource;
@@ -41,6 +45,20 @@ import static com.wechat.pay.java.core.http.Constant.*;
 @Service
 public class WxPayServiceImpl implements IWxPayService {
 
+    private  final String JSCODE_SESSION_API = "https://api.weixin.qq.com/sns/jscode2session?appid=APPID&secret=SECRET&js_code=JSCODE&grant_type=authorization_code";
+
+    /**
+     * 小程序appId
+     */
+    @Value("${wx.appId}")
+    private  String appId;
+
+    /**
+     * 小程序密钥
+     */
+    @Value("${wx.appSecret}")
+    private  String appSecret;
+
     @Resource
     private WxPayV3Bean wxPayV3Bean;
     /**
@@ -164,4 +182,75 @@ public class WxPayServiceImpl implements IWxPayService {
             System.out.println("获取微信支付回调失败");
         }
     }
+    /**
+     * 根据code获取小程序openid和unionid
+     *
+     * @param form
+     * @return
+     */
+    @Override
+    public AppletSessionDTO jscode2Session(AppletLoginForm form) {
+        // 获取openId和sessionKey
+        JSONObject result;
+        try {
+            String requestUrl = JSCODE_SESSION_API.replace("APPID", appId)
+                    .replace("SECRET", appSecret)
+                    .replace("JSCODE", form.getCode().trim());
+
+            String jsonStr = HttpClientUtils.doGet(requestUrl);
+            result = JSONObject.parseObject(jsonStr);
+            if (StringUtils.isEmpty(result.toString())) {
+                throw new RuntimeException("错误");
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+            throw new RuntimeException("错误");
+        }
+
+        int errcode = result.getIntValue("errcode");
+        if (errcode != 0) {
+            String errmsg = result.getString("errmsg");
+            throw new RuntimeException("获取小程序授权错误信息, " + errmsg);
+        }
+        // 获取openId,unionId,sessionKey
+        AppletSessionDTO appletSession = new AppletSessionDTO();
+        appletSession.setOpenId(result.getString("openid"));
+        // unionId有可能是空
+        appletSession.setUnionId(result.getString("unionid"));
+        appletSession.setSessionKey(result.getString("session_key"));
+        String phoneNumber = getPhoneNumber(form, appletSession);
+        appletSession.setPhoneNumber(phoneNumber);
+        return appletSession;
+    }
+
+    /**
+     * 手机号解密
+     */
+    private static String getPhoneNumber(AppletLoginForm form, AppletSessionDTO appletSession) {
+
+        // 解密文件
+        String encryptedData = form.getEncryptedData();
+        // 解密向量
+        String iv = form.getIv();
+        // 加密秘钥
+        byte[] dataByte = Base64.decode(encryptedData);
+        // session_key
+        byte[] keyByte = Base64.decode(appletSession.getSessionKey());
+        // 偏移量
+        byte[] ivByte = Base64.decode(iv);
+        JSONObject result;
+        try {
+            result = AppletDecryptDataUtil.decryptData(keyByte, ivByte, dataByte);
+        } catch (Exception e) {
+            e.printStackTrace();
+            return null;
+        }
+
+        assert result != null;
+        String purePhoneNumber = result.getString("purePhoneNumber");
+        if (null == purePhoneNumber || purePhoneNumber.isEmpty()) {
+            throw new RuntimeException("获取手机号失败");
+        }
+        return purePhoneNumber;
+    }
 }

ruoyi-system/src/main/java/utils/WxCodeSessionUtil.java

@@ -1,109 +0,0 @@
-package utils;
-
-
-import com.alibaba.fastjson.JSONObject;
-import com.ruoyi.common.utils.sign.Base64;
-import com.ruoyi.system.domain.wx.AppletLoginForm;
-import com.ruoyi.system.domain.wx.AppletSessionDTO;
-import com.ruoyi.system.domain.wx.WxPayV3Bean;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.stereotype.Component;
-
-import javax.annotation.Resource;
-
-/**
- *小程序工具类
- */
-@Component
-public class WxCodeSessionUtil {
-
-    private static final String JSCODE_SESSION_API = "https://api.weixin.qq.com/sns/jscode2session?appid=wx4492fe7554b0cb0a&secret=4b0d27de8fe102c788acaa757e421f78&js_code=JSCODE&grant_type=authorization_code";
-
-    /**
-     * 小程序appId
-     */
-    @Value("${wx.appId}")
-    private static String appId = "wx4492fe7554b0cb0a";
-
-    /**
-     * 小程序密钥
-     */
-    @Value("${wx.appSecret}")
-    private static String appSecret = "4b0d27de8fe102c788acaa757e421f78";
-
-
-    /**
-     * 根据code获取小程序openid和unionid
-     *
-     * @param form
-     * @return
-     */
-    public static AppletSessionDTO jscode2Session(AppletLoginForm form) {
-        // 获取openId和sessionKey
-        JSONObject result;
-        try {
-            String requestUrl = JSCODE_SESSION_API.replace("APPID", appId)
-                    .replace("SECRET", appSecret)
-                    .replace("JSCODE", form.getCode().trim());
-
-            String jsonStr = HttpClientUtils.doGet(requestUrl);
-            result = JSONObject.parseObject(jsonStr);
-            if (StringUtils.isEmpty(result.toString())) {
-                throw new RuntimeException("错误");
-            }
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new RuntimeException("错误");
-        }
-
-        int errcode = result.getIntValue("errcode");
-        if (errcode != 0) {
-            String errmsg = result.getString("errmsg");
-            throw new RuntimeException("获取小程序授权错误信息, " + errmsg);
-        }
-        // 获取openId,unionId,sessionKey
-        AppletSessionDTO appletSession = new AppletSessionDTO();
-        appletSession.setOpenId(result.getString("openid"));
-        // unionId有可能是空
-        appletSession.setUnionId(result.getString("unionid"));
-        appletSession.setSessionKey(result.getString("session_key"));
-        String phoneNumber = getPhoneNumber(form, appletSession);
-        appletSession.setPhoneNumber(phoneNumber);
-        return appletSession;
-    }
-
-    /**
-     * 手机号解密
-     */
-    private static String getPhoneNumber(AppletLoginForm form, AppletSessionDTO appletSession) {
-
-        // 解密文件
-        String encryptedData = form.getEncryptedData();
-        // 解密向量
-        String iv = form.getIv();
-        // 加密秘钥
-        byte[] dataByte = Base64.decode(encryptedData);
-        // session_key
-        byte[] keyByte = Base64.decode(appletSession.getSessionKey());
-        // 偏移量
-        byte[] ivByte = Base64.decode(iv);
-        JSONObject result;
-        try {
-            result = AppletDecryptDataUtil.decryptData(keyByte, ivByte, dataByte);
-        } catch (Exception e) {
-            e.printStackTrace();
-            return null;
-        }
-
-        assert result != null;
-        String purePhoneNumber = result.getString("purePhoneNumber");
-        if (null == purePhoneNumber || purePhoneNumber.isEmpty()) {
-            throw new RuntimeException("获取手机号失败");
-        }
-        return purePhoneNumber;
-    }
-
-
-}