redisTemplate;
+
+
+ public boolean deleteKey(String key) {
+ return redisTemplate.delete(key);
+ }
+
+ public void setValue(String key, Object object, Long expire) {
+ redisTemplate.opsForValue().set(key, object, expire);
+ }
+
+}
diff --git a/summer-ospp/2023/pig/pig-auth/src/main/java/com/pig4cloud/pig/auth/utils/TokenManager.java b/summer-ospp/2023/pig/pig-auth/src/main/java/com/pig4cloud/pig/auth/utils/TokenManager.java
new file mode 100644
index 000000000..6a2c1ada1
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-auth/src/main/java/com/pig4cloud/pig/auth/utils/TokenManager.java
@@ -0,0 +1,36 @@
+package com.pig4cloud.pig.auth.utils;
+
+import io.jsonwebtoken.CompressionCodecs;
+import io.jsonwebtoken.Jwts;
+import io.jsonwebtoken.SignatureAlgorithm;
+import org.springframework.stereotype.Component;
+
+import java.util.Date;
+
+@Component
+public class TokenManager {
+ private long tokenExpiration = 24 * 60 * 60 * 1000;
+ private final static String TOKEN_SIGN_KEY = "MAKKEY_PIG";
+
+ public String createToken(String subject, String username, String id) {
+ String token = Jwts.builder()
+ .setSubject(subject)
+ .claim("nickname", username)
+ .claim("id", id)
+ .setExpiration(new Date(System.currentTimeMillis() + tokenExpiration))
+ .signWith(SignatureAlgorithm.HS512, TOKEN_SIGN_KEY)
+ .compressWith(CompressionCodecs.GZIP).compact();
+ return token;
+ }
+
+
+ public String getUserFromToken(String token) {
+ String user = Jwts.parser().setSigningKey(TOKEN_SIGN_KEY).parseClaimsJws(token).getBody().getSubject();
+ return user;
+ }
+
+ public void removeToken(String token) {
+ //jwttoken无需删除,客户端扔掉即可。
+ }
+
+}
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/pom.xml b/summer-ospp/2023/pig/pig-common/pig-common-security/pom.xml
new file mode 100644
index 000000000..7045c8287
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/pom.xml
@@ -0,0 +1,81 @@
+
+
+
+
+ 4.0.0
+
+ com.pig4cloud
+ pig-common
+ 3.6.7
+
+
+ pig-common-security
+ jar
+
+ pig 安全工具类
+
+
+
+
+ org.springframework.session
+ spring-session-data-redis
+
+
+
+ org.springframework.security
+ spring-security-cas
+
+
+
+ com.pig4cloud
+ pig-common-core
+
+
+ cn.hutool
+ hutool-extra
+
+
+
+ com.pig4cloud
+ pig-upms-api
+
+
+
+ org.springframework.cloud
+ spring-cloud-commons
+
+
+
+ org.springframework.cloud
+ spring-cloud-starter-openfeign
+
+
+ org.springframework.security
+ spring-security-oauth2-jose
+
+
+ org.springframework.security
+ spring-security-oauth2-authorization-server
+ ${spring.authorization.version}
+
+
+ org.springframework
+ spring-webmvc
+
+
+
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/annotation/EnablePigResourceServer.java b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/annotation/EnablePigResourceServer.java
new file mode 100644
index 000000000..7ee86239a
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/annotation/EnablePigResourceServer.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.pig4cloud.pig.common.security.annotation;
+
+import com.pig4cloud.pig.common.security.component.PigResourceServerAutoConfiguration;
+import com.pig4cloud.pig.common.security.component.PigResourceServerConfiguration;
+import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
+import com.pig4cloud.pig.common.security.config.*;
+import org.springframework.context.annotation.Import;
+
+import java.lang.annotation.*;
+
+/**
+ * @author lengleng
+ * @date 2022-06-04
+ *
+ * 资源服务注解
+ */
+@Documented
+@Inherited
+@Target({ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+//@Import({ PigResourceServerAutoConfiguration.class, PigResourceServerConfiguration.class })
+@Import({PigResourceServerAutoConfiguration.class, CasProperties.class, SecurityConfig.class})
+public @interface EnablePigResourceServer {
+
+}
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/config/CasProperties.java b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/config/CasProperties.java
new file mode 100644
index 000000000..1eda0a6f0
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/config/CasProperties.java
@@ -0,0 +1,59 @@
+package com.pig4cloud.pig.common.security.config;
+
+import lombok.Data;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Data
+@Component
+public class CasProperties {
+
+ /**
+ * 秘钥
+ */
+ @Value("${cas.key}")
+ private String casKey;
+
+ /**
+ * cas服务端地址
+ */
+ @Value("${cas.server.host.url}")
+ private String casServerUrl;
+
+ /**
+ * cas服务端地址
+ */
+ @Value("${cas.server.host.grant_url}")
+ private String casGrantingUrl;
+
+ /**
+ * cas服务端登录地址
+ */
+ @Value("${cas.server.host.login_url}")
+ private String casServerLoginUrl;
+
+ /**
+ * cas服务端登出地址 并回跳到制定页面
+ */
+ @Value("${cas.server.host.logout_url}")
+ private String casServerLogoutUrl;
+
+ /**
+ * cas客户端地址
+ */
+ @Value("${cas.service.host.url}")
+ private String casServiceUrl;
+
+ /**
+ * cas客户端地址登录地址
+ */
+ @Value("${cas.service.host.login_url}")
+ private String casServiceLoginUrl;
+
+ /**
+ * cas客户端地址登出地址
+ */
+ @Value("${cas.service.host.logout_url}")
+ private String casServiceLogoutUrl;
+
+}
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/config/SecurityConfig.java b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/config/SecurityConfig.java
new file mode 100644
index 000000000..8ed246682
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/config/SecurityConfig.java
@@ -0,0 +1,156 @@
+package com.pig4cloud.pig.common.security.config;
+
+import cn.hutool.core.util.ArrayUtil;
+import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties;
+import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor;
+import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.jasig.cas.client.session.SingleSignOutFilter;
+import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
+import org.springframework.security.cas.web.CasAuthenticationFilter;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+
+@Slf4j
+@Configuration
+@EnableWebSecurity // 启用web权限
+@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用方法验证
+@RequiredArgsConstructor
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+ @Autowired
+ private CasProperties casProperties;
+
+ @Autowired
+ private AuthenticationUserDetailsService casUserDetailService;
+
+ private final PermitAllUrlProperties permitAllUrl;
+
+
+ /**
+ * 定义认证用户信息获取来源,密码校验规则等
+ */
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ super.configure(auth);
+ auth.authenticationProvider(casAuthenticationProvider());
+ }
+
+ /**
+ * 定义安全策略
+ */
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+
+ http.authorizeRequests()// 配置安全策略
+ .antMatchers(ArrayUtil.toArray(permitAllUrl.getUrls(), String.class)).permitAll()
+ .anyRequest().authenticated()// 其余的所有请求都需要验证
+ .and().logout().permitAll()// 定义logout不需要验证
+ .and().formLogin();// 使用form表单登录
+
+ http.exceptionHandling()
+ .authenticationEntryPoint(casAuthenticationEntryPoint())
+ .and()
+ .addFilter(casAuthenticationFilter())
+ .addFilterBefore(casLogoutFilter(), LogoutFilter.class)
+ .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
+ // 取消跨站请求伪造防护
+ http.csrf().disable();
+// // 防止iframe 造成跨域
+ http.headers().frameOptions().disable();
+ // http.csrf().disable(); //禁用CSRF
+ }
+
+ /**
+ * 认证的入口
+ */
+ @Bean
+ public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
+ CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
+ casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
+ casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
+ return casAuthenticationEntryPoint;
+ }
+
+ /**
+ * 指定service相关信息
+ */
+ @Bean
+ public ServiceProperties serviceProperties() {
+ ServiceProperties serviceProperties = new ServiceProperties();
+ //设置cas客户端登录完整的url
+ serviceProperties.setService(casProperties.getCasServiceUrl() + casProperties.getCasServiceLoginUrl());
+ serviceProperties.setSendRenew(false);
+ serviceProperties.setAuthenticateAllArtifacts(true);
+ return serviceProperties;
+ }
+
+ /**
+ * CAS认证过滤器
+ */
+ @Bean
+ public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
+ CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
+ casAuthenticationFilter.setAuthenticationManager(authenticationManager());
+ casAuthenticationFilter.setFilterProcessesUrl(casProperties.getCasServiceUrl() + casProperties.getCasServiceLoginUrl());
+ casAuthenticationFilter.setServiceProperties(serviceProperties());
+ return casAuthenticationFilter;
+ }
+
+ /**
+ * cas 认证 Provider
+ */
+ @Bean
+ public CasAuthenticationProvider casAuthenticationProvider() {
+ CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
+ casAuthenticationProvider.setAuthenticationUserDetailsService(casUserDetailService);
+ // //这里只是接口类型,实现的接口不一样,都可以的。
+ casAuthenticationProvider.setServiceProperties(serviceProperties());
+ casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
+ casAuthenticationProvider.setKey("casAuthenticationProviderKey");
+ return casAuthenticationProvider;
+ }
+
+
+
+
+ @Bean
+ public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
+ return new Cas20ServiceTicketValidator(casProperties.getCasGrantingUrl());
+ }
+
+ /**
+ * 单点登出过滤器
+ */
+ @Bean
+ public SingleSignOutFilter singleSignOutFilter() {
+ SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
+ singleSignOutFilter.setLogoutCallbackPath(casProperties.getCasServerUrl());
+ singleSignOutFilter.setIgnoreInitConfiguration(true);
+ return singleSignOutFilter;
+ }
+
+ /**
+ * 请求单点退出过滤器
+ */
+ @Bean
+ public LogoutFilter casLogoutFilter() {
+ LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
+ logoutFilter.setFilterProcessesUrl(casProperties.getCasServiceLogoutUrl());
+ return logoutFilter;
+ }
+}
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUserDetailsServiceImpl.java b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUserDetailsServiceImpl.java
new file mode 100644
index 000000000..35f8b1b40
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/java/com/pig4cloud/pig/common/security/service/PigUserDetailsServiceImpl.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.pig4cloud.pig.common.security.service;
+
+import com.pig4cloud.pig.admin.api.dto.UserInfo;
+import com.pig4cloud.pig.admin.api.feign.RemoteUserService;
+import com.pig4cloud.pig.common.core.constant.CacheConstants;
+import com.pig4cloud.pig.common.core.util.R;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.springframework.context.annotation.Primary;
+import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import java.util.*;
+
+/**
+ * 用户详细信息
+ *
+ * @author lengleng hccake
+ */
+@Slf4j
+@Primary
+@RequiredArgsConstructor
+public class PigUserDetailsServiceImpl implements PigUserDetailsService, AuthenticationUserDetailsService {
+
+ private final RemoteUserService remoteUserService;
+
+ private final CacheManager cacheManager;
+
+ /**
+ * 用户名密码登录
+ *
+ * @param username 用户名
+ * @return
+ */
+ @Override
+ @SneakyThrows
+ public UserDetails loadUserByUsername(String username) {
+ Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+ if (cache != null && cache.get(username) != null) {
+ return (PigUser) cache.get(username).get();
+ }
+ return getUserDetails(remoteUserService.info(username), username);
+ }
+
+ @Override
+ public int getOrder() {
+ return Integer.MIN_VALUE;
+ }
+
+ @Override
+ public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException {
+ log.info("getCredentials:{}", token.getCredentials());
+ String username = token.getName();
+ Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+ if (cache != null && cache.get(username) != null) {
+ return (PigUser) cache.get(username).get();
+ }
+ R result = remoteUserService.saveIfNotExist(token.getAssertion().getPrincipal().getAttributes());
+ return getUserDetails(result, username);
+ }
+
+ private UserDetails getUserDetails(R result, String username) {
+ Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+ UserDetails userDetails = getUserDetails(result);
+ if (cache != null) {
+ cache.put(username, userDetails);
+ }
+ return userDetails;
+ }
+
+
+}
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 000000000..41365bcb5
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1,8 @@
+com.pig4cloud.pig.common.security.service.PigUserDetailsServiceImpl
+com.pig4cloud.pig.common.security.service.PigAppUserDetailsServiceImpl
+com.pig4cloud.pig.common.security.service.PigRedisOAuth2AuthorizationService
+com.pig4cloud.pig.common.security.service.PigRedisOAuth2AuthorizationConsentService
+com.pig4cloud.pig.common.security.component.PigSecurityInnerAspect
+com.pig4cloud.pig.common.security.component.PigSecurityMessageSourceConfiguration
+com.pig4cloud.pig.common.security.service.PigRemoteRegisteredClientRepository
+
diff --git a/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/resources/i18n/errors/messages_zh_CN.properties b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/resources/i18n/errors/messages_zh_CN.properties
new file mode 100644
index 000000000..86668a5d8
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pig-common-security/src/main/resources/i18n/errors/messages_zh_CN.properties
@@ -0,0 +1,50 @@
+AbstractAccessDecisionManager.accessDenied=\u4E0D\u5141\u8BB8\u8BBF\u95EE
+AbstractLdapAuthenticationProvider.emptyPassword=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF
+AbstractSecurityInterceptor.authenticationNotFound=\u672A\u5728SecurityContext\u4E2D\u67E5\u627E\u5230\u8BA4\u8BC1\u5BF9\u8C61
+OAuth2ResourceOwnerBaseAuthenticationProvider.tokenExpired=\u8BF7\u6C42\u4EE4\u724C\u5DF2\u8FC7\u671F
+AbstractUserDetailsAuthenticationProvider.smsBadCredentials=\u624B\u673A\u53F7\u4E0D\u5B58\u5728\u767B\u5F55\u5931\u8D25
+AbstractUserDetailsAuthenticationProvider.badCredentials=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF
+AbstractUserDetailsAuthenticationProvider.credentialsExpired=\u7528\u6237\u51ED\u8BC1\u5DF2\u8FC7\u671F
+AbstractUserDetailsAuthenticationProvider.disabled=\u7528\u6237\u5DF2\u5931\u6548
+AbstractUserDetailsAuthenticationProvider.expired=\u7528\u6237\u5E10\u53F7\u5DF2\u8FC7\u671F
+AbstractUserDetailsAuthenticationProvider.locked=\u7528\u6237\u5E10\u53F7\u5DF2\u88AB\u9501\u5B9A
+AbstractUserDetailsAuthenticationProvider.onlySupports=\u4EC5\u4EC5\u652F\u6301UsernamePasswordAuthenticationToken
+AccountStatusUserDetailsChecker.credentialsExpired=\u7528\u6237\u51ED\u8BC1\u5DF2\u8FC7\u671F
+AccountStatusUserDetailsChecker.disabled=\u7528\u6237\u5DF2\u5931\u6548
+AccountStatusUserDetailsChecker.expired=\u7528\u6237\u5E10\u53F7\u5DF2\u8FC7\u671F
+AccountStatusUserDetailsChecker.locked=\u7528\u6237\u5E10\u53F7\u5DF2\u88AB\u9501\u5B9A
+AclEntryAfterInvocationProvider.noPermission=\u7ED9\u5B9A\u7684Authentication\u5BF9\u8C61({0})\u6839\u672C\u65E0\u6743\u64CD\u63A7\u9886\u57DF\u5BF9\u8C61({1})
+AnonymousAuthenticationProvider.incorrectKey=\u5C55\u793A\u7684AnonymousAuthenticationToken\u4E0D\u542B\u6709\u9884\u671F\u7684key
+BindAuthenticator.badCredentials=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF
+BindAuthenticator.emptyPassword=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF
+CasAuthenticationProvider.incorrectKey=\u5C55\u793A\u7684CasAuthenticationToken\u4E0D\u542B\u6709\u9884\u671F\u7684key
+CasAuthenticationProvider.noServiceTicket=\u672A\u80FD\u591F\u6B63\u786E\u63D0\u4F9B\u5F85\u9A8C\u8BC1\u7684CAS\u670D\u52A1\u7968\u6839
+ConcurrentSessionControlAuthenticationStrategy.exceededAllowed=\u5DF2\u7ECF\u8D85\u8FC7\u4E86\u5F53\u524D\u4E3B\u4F53({0})\u88AB\u5141\u8BB8\u7684\u6700\u5927\u4F1A\u8BDD\u6570\u91CF
+DigestAuthenticationFilter.incorrectRealm=\u54CD\u5E94\u7ED3\u679C\u4E2D\u7684Realm\u540D\u5B57({0})\u540C\u7CFB\u7EDF\u6307\u5B9A\u7684Realm\u540D\u5B57({1})\u4E0D\u543B\u5408
+DigestAuthenticationFilter.incorrectResponse=\u9519\u8BEF\u7684\u54CD\u5E94\u7ED3\u679C
+DigestAuthenticationFilter.missingAuth=\u9057\u6F0F\u4E86\u9488\u5BF9'auth' QOP\u7684\u3001\u5FC5\u987B\u7ED9\u5B9A\u7684\u6458\u8981\u53D6\u503C; \u63A5\u6536\u5230\u7684\u5934\u4FE1\u606F\u4E3A{0}
+DigestAuthenticationFilter.missingMandatory=\u9057\u6F0F\u4E86\u5FC5\u987B\u7ED9\u5B9A\u7684\u6458\u8981\u53D6\u503C; \u63A5\u6536\u5230\u7684\u5934\u4FE1\u606F\u4E3A{0}
+DigestAuthenticationFilter.nonceCompromised=Nonce\u4EE4\u724C\u5DF2\u7ECF\u5B58\u5728\u95EE\u9898\u4E86\uFF0C{0}
+DigestAuthenticationFilter.nonceEncoding=Nonce\u672A\u7ECF\u8FC7Base64\u7F16\u7801; \u76F8\u5E94\u7684nonce\u53D6\u503C\u4E3A {0}
+DigestAuthenticationFilter.nonceExpired=Nonce\u5DF2\u7ECF\u8FC7\u671F/\u8D85\u65F6
+DigestAuthenticationFilter.nonceNotNumeric=Nonce\u4EE4\u724C\u7684\u7B2C1\u90E8\u5206\u5E94\u8BE5\u662F\u6570\u5B57\uFF0C\u4F46\u7ED3\u679C\u5374\u662F{0}
+DigestAuthenticationFilter.nonceNotTwoTokens=Nonce\u5E94\u8BE5\u7531\u4E24\u90E8\u5206\u53D6\u503C\u6784\u6210\uFF0C\u4F46\u7ED3\u679C\u5374\u662F{0}
+DigestAuthenticationFilter.usernameNotFound=\u7528\u6237\u540D{0}\u672A\u627E\u5230
+ExceptionTranslationFilter.insufficientAuthentication=\u8BBF\u95EE\u6B64\u8D44\u6E90\u9700\u8981\u5B8C\u5168\u8EAB\u4EFD\u9A8C\u8BC1
+JdbcDaoImpl.noAuthority=\u6CA1\u6709\u4E3A\u7528\u6237{0}\u6307\u5B9A\u89D2\u8272
+JdbcDaoImpl.notFound=\u672A\u627E\u5230\u7528\u6237{0}
+LdapAuthenticationProvider.badCredentials=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF
+LdapAuthenticationProvider.credentialsExpired=\u7528\u6237\u51ED\u8BC1\u5DF2\u8FC7\u671F
+LdapAuthenticationProvider.disabled=\u7528\u6237\u5DF2\u5931\u6548
+LdapAuthenticationProvider.expired=\u7528\u6237\u5E10\u53F7\u5DF2\u8FC7\u671F
+LdapAuthenticationProvider.locked=\u7528\u6237\u5E10\u53F7\u5DF2\u88AB\u9501\u5B9A
+LdapAuthenticationProvider.emptyUsername=\u7528\u6237\u540D\u4E0D\u5141\u8BB8\u4E3A\u7A7A
+LdapAuthenticationProvider.onlySupports=\u4EC5\u4EC5\u652F\u6301UsernamePasswordAuthenticationToken
+PasswordComparisonAuthenticator.badCredentials=\u7528\u6237\u540D\u6216\u5BC6\u7801\u9519\u8BEF
+#PersistentTokenBasedRememberMeServices.cookieStolen=Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack.
+ProviderManager.providerNotFound=\u672A\u67E5\u627E\u5230\u9488\u5BF9{0}\u7684AuthenticationProvider
+RememberMeAuthenticationProvider.incorrectKey=\u5C55\u793ARememberMeAuthenticationToken\u4E0D\u542B\u6709\u9884\u671F\u7684key
+RunAsImplAuthenticationProvider.incorrectKey=\u5C55\u793A\u7684RunAsUserToken\u4E0D\u542B\u6709\u9884\u671F\u7684key
+SubjectDnX509PrincipalExtractor.noMatching=\u672A\u5728subjectDN\: {0}\u4E2D\u627E\u5230\u5339\u914D\u7684\u6A21\u5F0F
+SwitchUserFilter.noCurrentUser=\u4E0D\u5B58\u5728\u5F53\u524D\u7528\u6237
+SwitchUserFilter.noOriginalAuthentication=\u4E0D\u80FD\u591F\u67E5\u627E\u5230\u539F\u5148\u7684\u5DF2\u8BA4\u8BC1\u5BF9\u8C61
diff --git a/summer-ospp/2023/pig/pig-common/pom.xml b/summer-ospp/2023/pig/pig-common/pom.xml
new file mode 100644
index 000000000..15908dee5
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-common/pom.xml
@@ -0,0 +1,45 @@
+
+
+
+
+ 4.0.0
+
+ com.pig4cloud
+ pig
+ 3.6.7
+
+
+ pig-common
+ pom
+
+ pig 公共聚合模块
+
+
+ pig-common-bom
+ pig-common-core
+ pig-common-datasource
+ pig-common-job
+ pig-common-log
+ pig-common-mybatis
+ pig-common-seata
+ pig-common-security
+ pig-common-feign
+ pig-common-swagger
+ pig-common-xss
+
+
diff --git a/summer-ospp/2023/pig/pig-upms/pig-upms-biz/pom.xml b/summer-ospp/2023/pig/pig-upms/pig-upms-biz/pom.xml
new file mode 100644
index 000000000..3a5deef56
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-upms/pig-upms-biz/pom.xml
@@ -0,0 +1,135 @@
+
+
+
+
+ 4.0.0
+
+ com.pig4cloud
+ pig-upms
+ 3.6.7
+
+
+ pig-upms-biz
+ jar
+
+ pig 通用用户权限管理系统业务处理模块
+
+
+
+ com.google.guava
+ guava
+ 29.0-jre
+
+
+
+ com.pig4cloud
+ pig-upms-api
+
+
+
+ com.pig4cloud.plugin
+ oss-spring-boot-starter
+
+
+
+ com.pig4cloud
+ pig-common-feign
+
+
+
+ com.pig4cloud
+ pig-common-security
+
+
+
+ com.pig4cloud
+ pig-common-log
+
+
+
+ com.pig4cloud
+ pig-common-swagger
+
+
+
+ com.baomidou
+ mybatis-plus-boot-starter
+
+
+ com.mysql
+ mysql-connector-j
+
+
+
+ com.alibaba.cloud
+ spring-cloud-starter-alibaba-nacos-discovery
+
+
+
+ com.alibaba.cloud
+ spring-cloud-starter-alibaba-nacos-config
+
+
+
+ io.springboot.sms
+ aliyun-sms-spring-boot-starter
+
+
+
+ com.pig4cloud
+ pig-common-xss
+
+
+
+ org.springframework.boot
+ spring-boot-starter-undertow
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+ io.fabric8
+ docker-maven-plugin
+
+
+
+
+ src/main/resources
+ true
+
+ **/*.xlsx
+ **/*.xls
+
+
+
+ src/main/resources
+ false
+
+ **/*.xlsx
+ **/*.xls
+
+
+
+
+
+
diff --git a/summer-ospp/2023/pig/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/SysUserController.java b/summer-ospp/2023/pig/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/SysUserController.java
new file mode 100644
index 000000000..670f47896
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/controller/SysUserController.java
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.pig4cloud.pig.admin.controller;
+
+import cn.hutool.core.collection.CollUtil;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.google.common.collect.Lists;
+import com.pig4cloud.pig.admin.api.dto.UserDTO;
+import com.pig4cloud.pig.admin.api.dto.UserInfo;
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+import com.pig4cloud.pig.admin.api.vo.UserExcelVO;
+import com.pig4cloud.pig.admin.api.vo.UserInfoVO;
+import com.pig4cloud.pig.admin.api.vo.UserVO;
+import com.pig4cloud.pig.admin.service.SysUserService;
+import com.pig4cloud.pig.admin.utils.BeanCreator;
+import com.pig4cloud.pig.common.core.exception.ErrorCodes;
+import com.pig4cloud.pig.common.core.util.MsgUtils;
+import com.pig4cloud.pig.common.core.util.R;
+import com.pig4cloud.pig.common.log.annotation.SysLog;
+import com.pig4cloud.pig.common.security.annotation.Inner;
+import com.pig4cloud.pig.common.security.util.SecurityUtils;
+import com.pig4cloud.pig.common.xss.core.XssCleanIgnore;
+import com.pig4cloud.plugin.excel.annotation.RequestExcel;
+import com.pig4cloud.plugin.excel.annotation.ResponseExcel;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+import org.springframework.beans.BeanUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author lengleng
+ * @date 2019/2/1
+ */
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/user")
+@Tag(name = "用户管理模块")
+@SecurityRequirement(name = HttpHeaders.AUTHORIZATION)
+public class SysUserController {
+
+ private final SysUserService userService;
+
+ /**
+ * 获取当前用户全部信息
+ *
+ * @return 用户信息
+ */
+ @GetMapping(value = {"/info"})
+ public R info() {
+ String username = SecurityUtils.getUser().getUsername();
+ SysUser user = userService.getOne(Wrappers.query().lambda().eq(SysUser::getUsername, username));
+ if (user == null) {
+ return R.failed(MsgUtils.getMessage(ErrorCodes.SYS_USER_QUERY_ERROR));
+ }
+ UserInfo userInfo = userService.getUserInfo(user);
+ UserInfoVO vo = new UserInfoVO();
+ vo.setSysUser(userInfo.getSysUser());
+ vo.setRoles(userInfo.getRoles());
+ vo.setPermissions(userInfo.getPermissions());
+ return R.ok(vo);
+ }
+
+ /**
+ * 获取指定用户全部信息
+ *
+ * @return 用户信息
+ */
+ @Inner
+ @GetMapping("/info/{username}")
+ public R info(@PathVariable String username) {
+ SysUser user = userService.getOne(Wrappers.query().lambda().eq(SysUser::getUsername, username));
+ if (user == null) {
+ return R.failed(MsgUtils.getMessage(ErrorCodes.SYS_USER_USERINFO_EMPTY, username));
+ }
+ return R.ok(userService.getUserInfo(user));
+ }
+
+ @Inner
+ @PostMapping("/sso_save")
+ public R save_sso(@RequestBody Map attributes) {
+ String username = (String) attributes.getOrDefault("username", "pig");
+ // 判断用户名是否存在
+ SysUser sysUser = userService.getOne(Wrappers.lambdaQuery().eq(SysUser::getUsername, username));
+ if (sysUser == null) {
+ SysUser sysUserByMap = BeanCreator.createSysUserByMap(attributes);
+ UserDTO userDTO = new UserDTO();
+ BeanUtils.copyProperties(sysUserByMap,userDTO);
+
+ userDTO.setPost(Lists.newArrayList(1l));
+ userDTO.setDeptId(6l);
+ userDTO.setRole(Lists.newArrayList(2l));
+ // 添加用户
+ userService.saveUser(userDTO);
+ }
+ return info(username);
+ }
+
+ /**
+ * 根据部门id,查询对应的用户 id 集合
+ *
+ * @param deptIds 部门id 集合
+ * @return 用户 id 集合
+ */
+ @Inner
+ @GetMapping("/ids")
+ public R> listUserIdByDeptIds(@RequestParam("deptIds") Set deptIds) {
+ return R.ok(userService.listUserIdByDeptIds(deptIds));
+ }
+
+ /**
+ * 通过ID查询用户信息
+ *
+ * @param id ID
+ * @return 用户信息
+ */
+ @GetMapping("/{id:\\d+}")
+ public R user(@PathVariable Long id) {
+ return R.ok(userService.getUserVoById(id));
+ }
+
+ /**
+ * 判断用户是否存在
+ *
+ * @param userDTO 查询条件
+ * @return
+ */
+ @Inner(false)
+ @GetMapping("/check/exist")
+ public R isExist(UserDTO userDTO) {
+ List sysUserList = userService.list(new QueryWrapper<>(userDTO));
+ if (CollUtil.isNotEmpty(sysUserList)) {
+ return R.ok(Boolean.TRUE, MsgUtils.getMessage(ErrorCodes.SYS_USER_EXISTING));
+ }
+ return R.ok(Boolean.FALSE);
+ }
+
+ /**
+ * 删除用户信息
+ *
+ * @param id ID
+ * @return R
+ */
+ @SysLog("删除用户信息")
+ @DeleteMapping("/{id:\\d+}")
+ @PreAuthorize("@pms.hasPermission('sys_user_del')")
+ public R userDel(@PathVariable Long id) {
+ SysUser sysUser = userService.getById(id);
+ return R.ok(userService.removeUserById(sysUser));
+ }
+
+ /**
+ * 添加用户
+ *
+ * @param userDto 用户信息
+ * @return success/false
+ */
+ @SysLog("添加用户")
+ @PostMapping
+ @XssCleanIgnore({"password"})
+ @PreAuthorize("@pms.hasPermission('sys_user_add')")
+ public R user(@RequestBody UserDTO userDto) {
+ return R.ok(userService.saveUser(userDto));
+ }
+
+ /**
+ * 管理员更新用户信息
+ *
+ * @param userDto 用户信息
+ * @return R
+ */
+ @SysLog("更新用户信息")
+ @PutMapping
+ @XssCleanIgnore({"password"})
+ @PreAuthorize("@pms.hasPermission('sys_user_edit')")
+ public R updateUser(@Valid @RequestBody UserDTO userDto) {
+ return userService.updateUser(userDto);
+ }
+
+ /**
+ * 分页查询用户
+ *
+ * @param page 参数集
+ * @param userDTO 查询参数列表
+ * @return 用户集合
+ */
+ @GetMapping("/page")
+ public R> getUserPage(Page page, UserDTO userDTO) {
+ return R.ok(userService.getUserWithRolePage(page, userDTO));
+ }
+
+ /**
+ * 个人修改个人信息
+ *
+ * @param userDto userDto
+ * @return success/false
+ */
+ @SysLog("修改个人信息")
+ @PutMapping("/edit")
+ @XssCleanIgnore({"password", "newpassword1"})
+ public R updateUserInfo(@Valid @RequestBody UserDTO userDto) {
+ userDto.setUsername(SecurityUtils.getUser().getUsername());
+ return userService.updateUserInfo(userDto);
+ }
+
+ /**
+ * @param username 用户名称
+ * @return 上级部门用户列表
+ */
+ @GetMapping("/ancestor/{username}")
+ public R> listAncestorUsers(@PathVariable String username) {
+ return R.ok(userService.listAncestorUsersByUsername(username));
+ }
+
+ /**
+ * 导出excel 表格
+ *
+ * @param userDTO 查询条件
+ * @return
+ */
+ @ResponseExcel
+ @GetMapping("/export")
+ @PreAuthorize("@pms.hasPermission('sys_user_import_export')")
+ public List export(UserDTO userDTO) {
+ return userService.listUser(userDTO);
+ }
+
+ /**
+ * 导入用户
+ *
+ * @param excelVOList 用户列表
+ * @param bindingResult 错误信息列表
+ * @return R
+ */
+ @PostMapping("/import")
+ @PreAuthorize("@pms.hasPermission('sys_user_import_export')")
+ public R importUser(@RequestExcel List excelVOList, BindingResult bindingResult) {
+ return userService.importUser(excelVOList, bindingResult);
+ }
+
+}
diff --git a/summer-ospp/2023/pig/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/utils/BeanCreator.java b/summer-ospp/2023/pig/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/utils/BeanCreator.java
new file mode 100644
index 000000000..e0ea3dca6
--- /dev/null
+++ b/summer-ospp/2023/pig/pig-upms/pig-upms-biz/src/main/java/com/pig4cloud/pig/admin/utils/BeanCreator.java
@@ -0,0 +1,23 @@
+package com.pig4cloud.pig.admin.utils;
+
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+
+import java.util.Map;
+
+public class BeanCreator {
+
+ private static final String DEFAULT_PASSWORD = "pigmax123456";
+
+ public static SysUser createSysUserByMap(Map map) {
+ SysUser sysUser = new SysUser();
+ String username = (String) map.get("username");
+ String phone = (String) map.get("mobile");
+ String deptId = (String) map.get("departmentId");
+ sysUser.setUsername(username);
+ sysUser.setPhone(phone);
+ sysUser.setDeptId(Long.parseLong(deptId));
+ sysUser.setPassword(DEFAULT_PASSWORD);
+ return sysUser;
+ }
+
+}
diff --git a/summer-ospp/2023/pig/vue/src/api/login.js b/summer-ospp/2023/pig/vue/src/api/login.js
new file mode 100644
index 000000000..62f9b69d4
--- /dev/null
+++ b/summer-ospp/2023/pig/vue/src/api/login.js
@@ -0,0 +1,179 @@
+/*
+ * Copyright (c) 2018-2025, lengleng All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * Neither the name of the pig4cloud.com developer nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * Author: lengleng (wangiegie@gmail.com)
+ */
+import { validatenull } from '@/util/validate'
+import request from '@/router/axios'
+import store from '@/store'
+import qs from 'qs'
+import { getStore, setStore } from '@/util/store.js'
+import website from '@/config/website'
+
+
+const scope = 'server'
+
+export const loginByUsername = (username, password, code, randomStr) => {
+ const grant_type = 'password'
+ const dataObj = qs.stringify({ 'username': username, 'password': password })
+
+ const basicAuth = 'Basic ' + window.btoa(website.formLoginClient)
+
+ // 保存当前选中的 basic 认证信息
+ setStore({
+ name: 'basicAuth',
+ content: basicAuth,
+ type: 'session'
+ })
+
+ return request({
+ url: '/auth/oauth2/token',
+ headers: {
+ isToken: false,
+ Authorization: basicAuth
+ },
+ method: 'post',
+ params: { randomStr, code, grant_type, scope },
+ data: dataObj
+ })
+}
+
+export const loginByMobile = (smsForm) => {
+ const grant_type = 'app'
+
+ const basicAuth = 'Basic ' + window.btoa(website.smsLoginClient)
+
+ // 保存当前选中的 basic 认证信息
+ setStore({
+ name: 'basicAuth',
+ content: basicAuth,
+ type: 'session'
+ })
+
+ return request({
+ url: '/auth/oauth2/token',
+ headers: {
+ isToken: false,
+ 'Authorization': basicAuth
+ },
+ method: 'post',
+ params: { phone: smsForm.phone, code: smsForm.code, grant_type, scope }
+ })
+}
+
+export const ssoLogin = (ticket,service) => {
+ return request({
+ url: '/auth/token/sso_login_get_token',
+ method: 'get',
+ params: { ticket, service }
+ })
+}
+
+export const refreshToken = refresh_token => {
+ const grant_type = 'refresh_token'
+ // 获取当前选中的 basic 认证信息
+ const basicAuth = getStore({ name: 'basicAuth' })
+
+ return request({
+ url: '/auth/oauth2/token',
+ headers: {
+ isToken: false,
+ Authorization: basicAuth
+ },
+ method: 'post',
+ params: { refresh_token, grant_type, scope }
+ })
+}
+
+export const getUserInfo = () => {
+ return request({
+ url: '/admin/user/info',
+ method: 'get'
+ })
+}
+
+export const logout = () => {
+ return request({
+ url: '/auth/token/logout',
+ method: 'delete'
+ })
+}
+
+/**
+ * 校验令牌,若有效期小于半小时自动续期
+ *
+ * 定时任务请求后端接口返回实际的有效时间,不进行本地计算避免 客户端和服务器机器时钟不一致
+ * @param refreshLock
+ */
+export const checkToken = (refreshLock, $store) => {
+ const token = store.getters.access_token
+ // 获取当前选中的 basic 认证信息
+ const basicAuth = getStore({ name: 'basicAuth' })
+
+ if (validatenull(token) || validatenull(basicAuth)) {
+ return
+ }
+
+ request({
+ url: '/auth/token/check_token',
+ headers: {
+ isToken: false,
+ Authorization: basicAuth
+ },
+ method: 'get',
+ params: { token }
+ }).then(response => {
+ const expire = response && response.data && response.data.exp
+ if (expire) {
+ const expiredPeriod = expire * 1000 - new Date().getTime()
+ console.log('当前token过期时间', expiredPeriod, '毫秒')
+ //小于半小时自动续约
+ if (expiredPeriod <= website.remainingTime) {
+ if (!refreshLock) {
+ refreshLock = true
+ $store.dispatch('RefreshToken')
+ .catch(() => {
+ clearInterval(this.refreshTime)
+ })
+ refreshLock = false
+ }
+ }
+ }
+ }).catch(error => {
+ console.error(error)
+ })
+}
+
+/**
+ * 注册用户
+ */
+export const registerUser = (userInfo) => {
+ return request({
+ url: '/admin/register/user',
+ method: 'post',
+ data: userInfo
+ })
+}
+
+
+/**
+ * 发送短信
+ */
+export const sendSmsCode = (form) => {
+ return request({
+ url: '/admin/app/sms',
+ method: 'post',
+ data: form
+ })
+}
diff --git a/summer-ospp/2023/pig/vue/src/page/login/userlogin.vue b/summer-ospp/2023/pig/vue/src/page/login/userlogin.vue
new file mode 100644
index 000000000..09036637d
--- /dev/null
+++ b/summer-ospp/2023/pig/vue/src/page/login/userlogin.vue
@@ -0,0 +1,169 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
{{ code.value }}
+
![]()
+
+ * 资源服务注解
+ */
+@Documented
+@Inherited
+@Target({ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+//@Import({ PigResourceServerAutoConfiguration.class, PigResourceServerConfiguration.class })
+@Import({PigResourceServerAutoConfiguration.class, CasProperties.class, SecurityConfig.class})
+public @interface EnablePigResourceServer {
+
+}
+
+```
+
+#### Config包下
+
+##### 新增CasProperties主要是CAS得配置信息配置在NACOS中
+
+```java
+package com.pig4cloud.pig.common.security.config;
+
+import lombok.Data;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Data
+@Component
+public class CasProperties {
+
+ /**
+ * 秘钥
+ */
+ @Value("${cas.key}")
+ private String casKey;
+
+ /**
+ * cas服务端地址
+ */
+ @Value("${cas.server.host.url}")
+ private String casServerUrl;
+
+ /**
+ * cas服务端地址
+ */
+ @Value("${cas.server.host.grant_url}")
+ private String casGrantingUrl;
+
+ /**
+ * cas服务端登录地址
+ */
+ @Value("${cas.server.host.login_url}")
+ private String casServerLoginUrl;
+
+ /**
+ * cas服务端登出地址 并回跳到制定页面
+ */
+ @Value("${cas.server.host.logout_url}")
+ private String casServerLogoutUrl;
+
+ /**
+ * cas客户端地址
+ */
+ @Value("${cas.service.host.url}")
+ private String casServiceUrl;
+
+ /**
+ * cas客户端地址登录地址
+ */
+ @Value("${cas.service.host.login_url}")
+ private String casServiceLoginUrl;
+
+ /**
+ * cas客户端地址登出地址
+ */
+ @Value("${cas.service.host.logout_url}")
+ private String casServiceLogoutUrl;
+
+}
+
+```
+
+##### SecurityConfig类主要是CAS的认证流程并且覆盖原本pig的认证流程
+
+```java
+package com.pig4cloud.pig.common.security.config;
+
+import cn.hutool.core.util.ArrayUtil;
+import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties;
+import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor;
+import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.jasig.cas.client.session.SingleSignOutFilter;
+import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
+import org.springframework.security.cas.web.CasAuthenticationFilter;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+
+@Slf4j
+@Configuration
+@EnableWebSecurity // 启用web权限
+@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用方法验证
+@RequiredArgsConstructor
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+ @Autowired
+ private CasProperties casProperties;
+
+ @Autowired
+ private AuthenticationUserDetailsService casUserDetailService;
+
+ private final PermitAllUrlProperties permitAllUrl;
+
+
+ /**
+ * 定义认证用户信息获取来源,密码校验规则等
+ */
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ super.configure(auth);
+ auth.authenticationProvider(casAuthenticationProvider());
+ }
+
+ /**
+ * 定义安全策略
+ */
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+
+ http.authorizeRequests()// 配置安全策略
+ .antMatchers(ArrayUtil.toArray(permitAllUrl.getUrls(), String.class)).permitAll()
+ .anyRequest().authenticated()// 其余的所有请求都需要验证
+ .and().logout().permitAll()// 定义logout不需要验证
+ .and().formLogin();// 使用form表单登录
+
+ http.exceptionHandling()
+ .authenticationEntryPoint(casAuthenticationEntryPoint())
+ .and()
+ .addFilter(casAuthenticationFilter())
+ .addFilterBefore(casLogoutFilter(), LogoutFilter.class)
+ .addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
+ // 取消跨站请求伪造防护
+ http.csrf().disable();
+// // 防止iframe 造成跨域
+ http.headers().frameOptions().disable();
+ // http.csrf().disable(); //禁用CSRF
+ }
+
+ /**
+ * 认证的入口
+ */
+ @Bean
+ public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
+ CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
+ casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
+ casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
+ return casAuthenticationEntryPoint;
+ }
+
+ /**
+ * 指定service相关信息
+ */
+ @Bean
+ public ServiceProperties serviceProperties() {
+ ServiceProperties serviceProperties = new ServiceProperties();
+ //设置cas客户端登录完整的url
+ serviceProperties.setService(casProperties.getCasServiceUrl() + casProperties.getCasServiceLoginUrl());
+ serviceProperties.setSendRenew(false);
+ serviceProperties.setAuthenticateAllArtifacts(true);
+ return serviceProperties;
+ }
+
+ /**
+ * CAS认证过滤器
+ */
+ @Bean
+ public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
+ CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
+ casAuthenticationFilter.setAuthenticationManager(authenticationManager());
+ casAuthenticationFilter.setFilterProcessesUrl(casProperties.getCasServiceUrl() + casProperties.getCasServiceLoginUrl());
+ casAuthenticationFilter.setServiceProperties(serviceProperties());
+ return casAuthenticationFilter;
+ }
+
+ /**
+ * cas 认证 Provider
+ */
+ @Bean
+ public CasAuthenticationProvider casAuthenticationProvider() {
+ CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
+ casAuthenticationProvider.setAuthenticationUserDetailsService(casUserDetailService);
+ // //这里只是接口类型,实现的接口不一样,都可以的。
+ casAuthenticationProvider.setServiceProperties(serviceProperties());
+ casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
+ casAuthenticationProvider.setKey("casAuthenticationProviderKey");
+ return casAuthenticationProvider;
+ }
+
+
+
+
+ @Bean
+ public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
+ return new Cas20ServiceTicketValidator(casProperties.getCasGrantingUrl());
+ }
+
+ /**
+ * 单点登出过滤器
+ */
+ @Bean
+ public SingleSignOutFilter singleSignOutFilter() {
+ SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
+ singleSignOutFilter.setLogoutCallbackPath(casProperties.getCasServerUrl());
+ singleSignOutFilter.setIgnoreInitConfiguration(true);
+ return singleSignOutFilter;
+ }
+
+ /**
+ * 请求单点退出过滤器
+ */
+ @Bean
+ public LogoutFilter casLogoutFilter() {
+ LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
+ logoutFilter.setFilterProcessesUrl(casProperties.getCasServiceLogoutUrl());
+ return logoutFilter;
+ }
+}
+
+```
+
+#### service包
+
+新增PigUserDetailsServiceImpl类主要功能为CAS服务认证成功方法,判断用户是否存在,存在获取用户信息,不存在调用远程接口新增用户并同步组织架构信息
+
+```java
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.pig4cloud.pig.common.security.service;
+
+import com.pig4cloud.pig.admin.api.dto.UserInfo;
+import com.pig4cloud.pig.admin.api.feign.RemoteUserService;
+import com.pig4cloud.pig.common.core.constant.CacheConstants;
+import com.pig4cloud.pig.common.core.util.R;
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.cache.Cache;
+import org.springframework.cache.CacheManager;
+import org.springframework.context.annotation.Primary;
+import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
+import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import java.util.*;
+
+/**
+ * 用户详细信息
+ *
+ * @author lengleng hccake
+ */
+@Slf4j
+@Primary
+@RequiredArgsConstructor
+public class PigUserDetailsServiceImpl implements PigUserDetailsService, AuthenticationUserDetailsService {
+
+ private final RemoteUserService remoteUserService;
+
+ private final CacheManager cacheManager;
+
+ /**
+ * 用户名密码登录
+ *
+ * @param username 用户名
+ * @return
+ */
+ @Override
+ @SneakyThrows
+ public UserDetails loadUserByUsername(String username) {
+ Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+ if (cache != null && cache.get(username) != null) {
+ return (PigUser) cache.get(username).get();
+ }
+ return getUserDetails(remoteUserService.info(username), username);
+ }
+
+ @Override
+ public int getOrder() {
+ return Integer.MIN_VALUE;
+ }
+
+ @Override
+ public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException {
+ log.info("getCredentials:{}", token.getCredentials());
+ String username = token.getName();
+ Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+ if (cache != null && cache.get(username) != null) {
+ return (PigUser) cache.get(username).get();
+ }
+ R result = remoteUserService.saveIfNotExist(token.getAssertion().getPrincipal().getAttributes());
+ return getUserDetails(result, username);
+ }
+
+ private UserDetails getUserDetails(R result, String username) {
+ Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
+ UserDetails userDetails = getUserDetails(result);
+ if (cache != null) {
+ cache.put(username, userDetails);
+ }
+ return userDetails;
+ }
+
+
+}
+
+```
+
+### pig-upms包
+
+#### pom的更改
+
+新增guava工具类
+
+```java
+
+
+
+
+ 4.0.0
+
+ com.pig4cloud
+ pig-upms
+ 3.6.7
+
+
+ pig-upms-biz
+ jar
+
+ pig 通用用户权限管理系统业务处理模块
+
+
+
+ com.google.guava
+ guava
+ 29.0-jre
+
+
+
+ com.pig4cloud
+ pig-upms-api
+
+
+
+ com.pig4cloud.plugin
+ oss-spring-boot-starter
+
+
+
+ com.pig4cloud
+ pig-common-feign
+
+
+
+ com.pig4cloud
+ pig-common-security
+
+
+
+ com.pig4cloud
+ pig-common-log
+
+
+
+ com.pig4cloud
+ pig-common-swagger
+
+
+
+ com.baomidou
+ mybatis-plus-boot-starter
+
+
+ com.mysql
+ mysql-connector-j
+
+
+
+ com.alibaba.cloud
+ spring-cloud-starter-alibaba-nacos-discovery
+
+
+
+ com.alibaba.cloud
+ spring-cloud-starter-alibaba-nacos-config
+
+
+
+ io.springboot.sms
+ aliyun-sms-spring-boot-starter
+
+
+
+ com.pig4cloud
+ pig-common-xss
+
+
+
+ org.springframework.boot
+ spring-boot-starter-undertow
+
+
+
+
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+ io.fabric8
+ docker-maven-plugin
+
+
+
+
+ src/main/resources
+ true
+
+ **/*.xlsx
+ **/*.xls
+
+
+
+ src/main/resources
+ false
+
+ **/*.xlsx
+ **/*.xls
+
+
+
+
+
+
+
+```
+
+#### controller包
+
+在SysUserController中新增方法主要为提供远程调用方法,判断用户是否存在,添加用户信息等
+
+```java
+/*
+ * Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.pig4cloud.pig.admin.controller;
+
+import cn.hutool.core.collection.CollUtil;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.google.common.collect.Lists;
+import com.pig4cloud.pig.admin.api.dto.UserDTO;
+import com.pig4cloud.pig.admin.api.dto.UserInfo;
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+import com.pig4cloud.pig.admin.api.vo.UserExcelVO;
+import com.pig4cloud.pig.admin.api.vo.UserInfoVO;
+import com.pig4cloud.pig.admin.api.vo.UserVO;
+import com.pig4cloud.pig.admin.service.SysUserService;
+import com.pig4cloud.pig.admin.utils.BeanCreator;
+import com.pig4cloud.pig.common.core.exception.ErrorCodes;
+import com.pig4cloud.pig.common.core.util.MsgUtils;
+import com.pig4cloud.pig.common.core.util.R;
+import com.pig4cloud.pig.common.log.annotation.SysLog;
+import com.pig4cloud.pig.common.security.annotation.Inner;
+import com.pig4cloud.pig.common.security.util.SecurityUtils;
+import com.pig4cloud.pig.common.xss.core.XssCleanIgnore;
+import com.pig4cloud.plugin.excel.annotation.RequestExcel;
+import com.pig4cloud.plugin.excel.annotation.ResponseExcel;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+
+import org.springframework.beans.BeanUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.*;
+
+import javax.validation.Valid;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * @author lengleng
+ * @date 2019/2/1
+ */
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/user")
+@Tag(name = "用户管理模块")
+@SecurityRequirement(name = HttpHeaders.AUTHORIZATION)
+public class SysUserController {
+
+ private final SysUserService userService;
+
+ /**
+ * 获取当前用户全部信息
+ *
+ * @return 用户信息
+ */
+ @GetMapping(value = {"/info"})
+ public R info() {
+ String username = SecurityUtils.getUser().getUsername();
+ SysUser user = userService.getOne(Wrappers.query().lambda().eq(SysUser::getUsername, username));
+ if (user == null) {
+ return R.failed(MsgUtils.getMessage(ErrorCodes.SYS_USER_QUERY_ERROR));
+ }
+ UserInfo userInfo = userService.getUserInfo(user);
+ UserInfoVO vo = new UserInfoVO();
+ vo.setSysUser(userInfo.getSysUser());
+ vo.setRoles(userInfo.getRoles());
+ vo.setPermissions(userInfo.getPermissions());
+ return R.ok(vo);
+ }
+
+ /**
+ * 获取指定用户全部信息
+ *
+ * @return 用户信息
+ */
+ @Inner
+ @GetMapping("/info/{username}")
+ public R info(@PathVariable String username) {
+ SysUser user = userService.getOne(Wrappers.query().lambda().eq(SysUser::getUsername, username));
+ if (user == null) {
+ return R.failed(MsgUtils.getMessage(ErrorCodes.SYS_USER_USERINFO_EMPTY, username));
+ }
+ return R.ok(userService.getUserInfo(user));
+ }
+
+ @Inner
+ @PostMapping("/sso_save")
+ public R save_sso(@RequestBody Map attributes) {
+ String username = (String) attributes.getOrDefault("username", "pig");
+ // 判断用户名是否存在
+ SysUser sysUser = userService.getOne(Wrappers.lambdaQuery().eq(SysUser::getUsername, username));
+ if (sysUser == null) {
+ SysUser sysUserByMap = BeanCreator.createSysUserByMap(attributes);
+ UserDTO userDTO = new UserDTO();
+ BeanUtils.copyProperties(sysUserByMap,userDTO);
+
+ userDTO.setPost(Lists.newArrayList(1l));
+ userDTO.setDeptId(6l);
+ userDTO.setRole(Lists.newArrayList(2l));
+ // 添加用户
+ userService.saveUser(userDTO);
+ }
+ return info(username);
+ }
+
+ /**
+ * 根据部门id,查询对应的用户 id 集合
+ *
+ * @param deptIds 部门id 集合
+ * @return 用户 id 集合
+ */
+ @Inner
+ @GetMapping("/ids")
+ public R> listUserIdByDeptIds(@RequestParam("deptIds") Set deptIds) {
+ return R.ok(userService.listUserIdByDeptIds(deptIds));
+ }
+
+ /**
+ * 通过ID查询用户信息
+ *
+ * @param id ID
+ * @return 用户信息
+ */
+ @GetMapping("/{id:\\d+}")
+ public R user(@PathVariable Long id) {
+ return R.ok(userService.getUserVoById(id));
+ }
+
+ /**
+ * 判断用户是否存在
+ *
+ * @param userDTO 查询条件
+ * @return
+ */
+ @Inner(false)
+ @GetMapping("/check/exist")
+ public R isExist(UserDTO userDTO) {
+ List sysUserList = userService.list(new QueryWrapper<>(userDTO));
+ if (CollUtil.isNotEmpty(sysUserList)) {
+ return R.ok(Boolean.TRUE, MsgUtils.getMessage(ErrorCodes.SYS_USER_EXISTING));
+ }
+ return R.ok(Boolean.FALSE);
+ }
+
+ /**
+ * 删除用户信息
+ *
+ * @param id ID
+ * @return R
+ */
+ @SysLog("删除用户信息")
+ @DeleteMapping("/{id:\\d+}")
+ @PreAuthorize("@pms.hasPermission('sys_user_del')")
+ public R userDel(@PathVariable Long id) {
+ SysUser sysUser = userService.getById(id);
+ return R.ok(userService.removeUserById(sysUser));
+ }
+
+ /**
+ * 添加用户
+ *
+ * @param userDto 用户信息
+ * @return success/false
+ */
+ @SysLog("添加用户")
+ @PostMapping
+ @XssCleanIgnore({"password"})
+ @PreAuthorize("@pms.hasPermission('sys_user_add')")
+ public R user(@RequestBody UserDTO userDto) {
+ return R.ok(userService.saveUser(userDto));
+ }
+
+ /**
+ * 管理员更新用户信息
+ *
+ * @param userDto 用户信息
+ * @return R
+ */
+ @SysLog("更新用户信息")
+ @PutMapping
+ @XssCleanIgnore({"password"})
+ @PreAuthorize("@pms.hasPermission('sys_user_edit')")
+ public R updateUser(@Valid @RequestBody UserDTO userDto) {
+ return userService.updateUser(userDto);
+ }
+
+ /**
+ * 分页查询用户
+ *
+ * @param page 参数集
+ * @param userDTO 查询参数列表
+ * @return 用户集合
+ */
+ @GetMapping("/page")
+ public R> getUserPage(Page page, UserDTO userDTO) {
+ return R.ok(userService.getUserWithRolePage(page, userDTO));
+ }
+
+ /**
+ * 个人修改个人信息
+ *
+ * @param userDto userDto
+ * @return success/false
+ */
+ @SysLog("修改个人信息")
+ @PutMapping("/edit")
+ @XssCleanIgnore({"password", "newpassword1"})
+ public R updateUserInfo(@Valid @RequestBody UserDTO userDto) {
+ userDto.setUsername(SecurityUtils.getUser().getUsername());
+ return userService.updateUserInfo(userDto);
+ }
+
+ /**
+ * @param username 用户名称
+ * @return 上级部门用户列表
+ */
+ @GetMapping("/ancestor/{username}")
+ public R> listAncestorUsers(@PathVariable String username) {
+ return R.ok(userService.listAncestorUsersByUsername(username));
+ }
+
+ /**
+ * 导出excel 表格
+ *
+ * @param userDTO 查询条件
+ * @return
+ */
+ @ResponseExcel
+ @GetMapping("/export")
+ @PreAuthorize("@pms.hasPermission('sys_user_import_export')")
+ public List export(UserDTO userDTO) {
+ return userService.listUser(userDTO);
+ }
+
+ /**
+ * 导入用户
+ *
+ * @param excelVOList 用户列表
+ * @param bindingResult 错误信息列表
+ * @return R
+ */
+ @PostMapping("/import")
+ @PreAuthorize("@pms.hasPermission('sys_user_import_export')")
+ public R importUser(@RequestExcel List excelVOList, BindingResult bindingResult) {
+ return userService.importUser(excelVOList, bindingResult);
+ }
+
+}
+
+```
+
+#### utils包
+
+新增BeanCreator方法,主要创建SysUser对象工具类
+
+```java
+package com.pig4cloud.pig.admin.utils;
+
+import com.pig4cloud.pig.admin.api.entity.SysUser;
+
+import java.util.Map;
+
+public class BeanCreator {
+
+ private static final String DEFAULT_PASSWORD = "pigmax123456";
+
+ public static SysUser createSysUserByMap(Map map) {
+ SysUser sysUser = new SysUser();
+ String username = (String) map.get("username");
+ String phone = (String) map.get("mobile");
+ String deptId = (String) map.get("departmentId");
+ sysUser.setUsername(username);
+ sysUser.setPhone(phone);
+ sysUser.setDeptId(Long.parseLong(deptId));
+ sysUser.setPassword(DEFAULT_PASSWORD);
+ return sysUser;
+ }
+
+}
+
+```
+
+### vue包
+
+主要是对pig前端页面的修改
+
+#### api包
+
+新增获取token的方法
+
+```js
+/*
+ * Copyright (c) 2018-2025, lengleng All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * Neither the name of the pig4cloud.com developer nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * Author: lengleng (wangiegie@gmail.com)
+ */
+import { validatenull } from '@/util/validate'
+import request from '@/router/axios'
+import store from '@/store'
+import qs from 'qs'
+import { getStore, setStore } from '@/util/store.js'
+import website from '@/config/website'
+
+
+const scope = 'server'
+
+export const loginByUsername = (username, password, code, randomStr) => {
+ const grant_type = 'password'
+ const dataObj = qs.stringify({ 'username': username, 'password': password })
+
+ const basicAuth = 'Basic ' + window.btoa(website.formLoginClient)
+
+ // 保存当前选中的 basic 认证信息
+ setStore({
+ name: 'basicAuth',
+ content: basicAuth,
+ type: 'session'
+ })
+
+ return request({
+ url: '/auth/oauth2/token',
+ headers: {
+ isToken: false,
+ Authorization: basicAuth
+ },
+ method: 'post',
+ params: { randomStr, code, grant_type, scope },
+ data: dataObj
+ })
+}
+
+export const loginByMobile = (smsForm) => {
+ const grant_type = 'app'
+
+ const basicAuth = 'Basic ' + window.btoa(website.smsLoginClient)
+
+ // 保存当前选中的 basic 认证信息
+ setStore({
+ name: 'basicAuth',
+ content: basicAuth,
+ type: 'session'
+ })
+
+ return request({
+ url: '/auth/oauth2/token',
+ headers: {
+ isToken: false,
+ 'Authorization': basicAuth
+ },
+ method: 'post',
+ params: { phone: smsForm.phone, code: smsForm.code, grant_type, scope }
+ })
+}
+
+export const ssoLogin = (ticket,service) => {
+ return request({
+ url: '/auth/token/sso_login_get_token',
+ method: 'get',
+ params: { ticket, service }
+ })
+}
+
+export const refreshToken = refresh_token => {
+ const grant_type = 'refresh_token'
+ // 获取当前选中的 basic 认证信息
+ const basicAuth = getStore({ name: 'basicAuth' })
+
+ return request({
+ url: '/auth/oauth2/token',
+ headers: {
+ isToken: false,
+ Authorization: basicAuth
+ },
+ method: 'post',
+ params: { refresh_token, grant_type, scope }
+ })
+}
+
+export const getUserInfo = () => {
+ return request({
+ url: '/admin/user/info',
+ method: 'get'
+ })
+}
+
+export const logout = () => {
+ return request({
+ url: '/auth/token/logout',
+ method: 'delete'
+ })
+}
+
+/**
+ * 校验令牌,若有效期小于半小时自动续期
+ *
+ * 定时任务请求后端接口返回实际的有效时间,不进行本地计算避免 客户端和服务器机器时钟不一致
+ * @param refreshLock
+ */
+export const checkToken = (refreshLock, $store) => {
+ const token = store.getters.access_token
+ // 获取当前选中的 basic 认证信息
+ const basicAuth = getStore({ name: 'basicAuth' })
+
+ if (validatenull(token) || validatenull(basicAuth)) {
+ return
+ }
+
+ request({
+ url: '/auth/token/check_token',
+ headers: {
+ isToken: false,
+ Authorization: basicAuth
+ },
+ method: 'get',
+ params: { token }
+ }).then(response => {
+ const expire = response && response.data && response.data.exp
+ if (expire) {
+ const expiredPeriod = expire * 1000 - new Date().getTime()
+ console.log('当前token过期时间', expiredPeriod, '毫秒')
+ //小于半小时自动续约
+ if (expiredPeriod <= website.remainingTime) {
+ if (!refreshLock) {
+ refreshLock = true
+ $store.dispatch('RefreshToken')
+ .catch(() => {
+ clearInterval(this.refreshTime)
+ })
+ refreshLock = false
+ }
+ }
+ }
+ }).catch(error => {
+ console.error(error)
+ })
+}
+
+/**
+ * 注册用户
+ */
+export const registerUser = (userInfo) => {
+ return request({
+ url: '/admin/register/user',
+ method: 'post',
+ data: userInfo
+ })
+}
+
+
+/**
+ * 发送短信
+ */
+export const sendSmsCode = (form) => {
+ return request({
+ url: '/admin/app/sms',
+ method: 'post',
+ data: form
+ })
+}
+
+```
+
+#### userlogin改造
+
+```html
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
{{ code.value }}
+
![]()
+
e5L
zV?qQX$Js{M#|(;fyRy|+y0yTHq`ro1rHkdZh#G?dm#(@G1-AxXwNV_-zO8I7HtUU=
zqpe(u6GupKy?Dtm;z@@A4k8gGqJ*c^S^>_=-(^k==?ZryZ+gt0~_eV0it{F
zt9rdWilT2gUO)d5;<6?oMu9$zMbo@_57yeCR}$B&LdcwWwcG&OOk3jTfw6vN)L9=p
z(`0BlC{fBLs=km&73`HNX%kj*%@JNoB(&+B2j<2IKy>8-)I`3E)bEvX4j!kgvn^x7
z98D@jSHO`8rYcj=ZgUwh>h`B#mD2QA_p9wz4UDHNmyyn?21#s-7QDk49jMN)8LXK#
zoF3|kUiQQ+xKa=&c&o=$A6oG4aWW8ZH9dlwZQ5>ihNULJEYWJw&N{Yw{ZM9`gvWfq
z++1)#jGKn0>bCo;phnGwDaF+p=Eg*v2D$-txGIZS_RG~2xFs=gBl~LG{OtCa)y`Q?
z{vq-!TN;4`OZ`bJkG;$|9mjT=M?=*H=rALYqg<^b*uoVmiwK9TeERol&6Av;*2Dy!
z%UQmp^T4{M?Ol`xO}>y{T{=#{uID?cLhD?VeydYp|C~fL21Qe
zIA&a*Df5goaE{bo2Ljjc-$PHKl6C_QV)BY^v2o1yJu?34(?W`Br^l(zI8AeUsdf=8
zBTrPbI;L^f9576L($h+n0md!kU_yJ>TaHh4%TQle&~#uPc1sXNXP(0;9d$&^H_yUl
z?YPy#-D_*mzgropBo&V{f>GGG+`H&o%2u#?t;mXyxhiULASGh3uusX_e?Y^$Xyu%P
zlWy>kLrYMP`qQ}})pWdu#vz6WE>k%RNcm-XBz)%nE40NG4J;j$E!ST02Ls!AvIAaf
zE+wm*XP95k#G_%HGM{TT9)t!o40pgzs>6+F8&aY;dE`+6)q7{win~Fw?A&kKZYww3
zdq}NCF@KXEkoL~wDsT|~^zB3t7g5BIc9iP+9
zVe=b}qP58v^_$w;F^W{ZQq0o^0a%H6Wi_F2;t(4T8u$(4fiW?-ifCpQOzzwix{+ij
zCbJLZ!{UP|4wTx{D7w4Ur}v8V7&jN0*$rW}utG5ZcSFkfUucxwJ)v5ajuxhBJAyMN
z6JxNqcPkbB{Ut7pzIM(gz<;$S(cHJ`Oci=aIK&pI^mRlP1o*p&h5tjHgh7D6P&EF3
zy#ME)1y=rFC*i-`Nf-q9Dq-_=4dTx-g)di)9z*IESpAw)`El)W|9U6kV*$R=Nf_2`
z|M$4wx0YJ`Q>tQwsp|O3{cu&C*-7~LSZ8(;1_A!Us?DFJlmC1tVG!V}jK|;Ur~8Zc
zVEM$e8~lO*U#+YBdwV|#pr7v63j%zVG5Dv@e$uV?bbsDs-Tk6Jm;!{3&-It{g<13;
zdEvO*{7I_)m%9c00ABdB(F6QNfzj{XdO-kWFo_@fakt+4Bwpm<0ICbHcD?zu7~5yK
z2f)9W1AsujY!1AvE)h7z98%Gj+pvC))OVCb>$*kBD`cnZS_Y}`tG4YXPA?3d`r?(f
z+>VgAl2P>Zxu~+Gd+`VSsg?3%Nl1k&Q9u*H9=4@N_BZB736VaSG;V$TFdLz%*{ErX
zGBYt`NMCih_VKVv%{9r2D^mE=^S!wR9LHw0#wxc@lg|&=2Blyv^*hvE_nce??@qk&
zBMy%^+ySv9FdX>Dmr^Hrk2*W-E>xs?(-XQT+xNYV7DF*YiC~nOZ)4C5d=^z%>b#R1
zVNa-WB>qXXNg~aRkii^ZsN?@*?=7I?YLaw8F*7qWm(XHMvRJanB8!=sSr%F>ix)J$>GZzm2k;Pu-o9+n4
z9mlHC@xa_2uc!zSI0qko;=yxLA>E{`o>v*5zV*WsUC>}+=JL4p)#X+3%Zaqjf+9-L
zhF?cqhn!LlQ;E?w`>tYw{!M=zt6=X(pI5bvv9+l3#INGqCCGx0@e*oKDqMGhh>OhItFByeFnwv>1#4k=b?q2`WifwmHs5iOmiUzQzoz;Yg&xwoGD6a>82edeH9}-5QR>tUh6r{Uc1fIewfbp
zb=+7gT-LC_MNFqSl8YsjM2tPJFlQ{wr!AoJi2Xh!qu`IyhV?kJ44^Mg_?%mpSU&Q#
zuI|P<)3^@14rtyI-Rmst>(Qtw^GaA5!~W8b(}t=2nfKRyIcB~O4?TR}AM*KD_Kw1K
z_*j~S?
z;6V8W4}+18wJM)0zFoM`uS{i`O?G60R)YEXK~}bzB__+OXpen1SShj{QOZ1-S#F?<
z0$q_lhgf#nA`7rtz)5^Ssw9x4#Oap7ZNQpeSftE(sb=4V;>@MNSUXK9>Uf92APBIn|jF|8@?
zt20AE5QpNvWW9s>tR`*lU2uHpF~P9XM!5uVZdG3!W(rJ?*X4$z*eR|Z)z=gTMh@(E
zn$1zYhHjg`<{q&S$XZ93M^qRIEYS4+G`iUikIbMBBz&e$-CD}~MOEczp)lfo4HTA*>qE`KD(8bjGix3gCwK0+X$|s@}h9TCV{1LtdbzVMN
zwJ<)fymq$?yMYVOoww9|tK>C7uzi0|_O)!5xze%f6vXErXNtm$31=AxD+#`@hm9863U>N*an9Hx`Bf`iT2%C>@KDLr0vDPvyD0j)$FMtNQxheJqBYNC&A
zPdW2}^x!jD$tS7wO4ZG^b#Vns^tWOO{n|&(T<=B~KDaOAcrVw)mKHJjv$OI7d#=5!
zV^O8SLk!udHcT_NPfnFej!p?H7*`CmrIS7_p0Bs6KJL#I>yu#}k9(soHfGEdG
zoMW-`>Nk}*)brYLceSwgc(giJk9D`{IM0#0ao{2I{y17yds7FPh*nk+4yc3jD;zJ{
z_+A97lJaX;d%lGH2*QHW(B3T$jw!a$(SkRAPD0=;`PMCtqnevuhnf#>%8q(bjTkz5Win`_`Ke12ERWK
z>>l5ruT94hn0b0%j~YP-wRlW$yIgCN+s_JoH`H`e!_bN2tDYJh;3>C7uqm)C_!1AT
zwX8=HshrAzsX?gH-$RhB4ds_~X{@GP#NI;kJ-Hh8pu+tTaa;0qm$hw;7>z(=>BE#F
z*R9Z
zwU>+wN)OI-9c91t2;_94`D*yG>Ianuu3y9T*9qb$nPIP`K4YV$g$-OaTY4uBD9@hk
z;D~7498R|DLI(yb<0f0}J-WXdGo9?#_4qVx1&=q|gD<$Yz30+#h|X&OXZzQ->joH_
zwmKS);ePOECSEJ|IFQ&Y^9eY)8-CBybw-@3D=xu#eY{pi(-s{5@d14rR$=+-B~D?L
z%@?Pn0ZnMPI$WQi+xb7SRK?ni^`83*MO-e^*z5$Kf(S#}8r-1pZ5#-R+vc_|;@aN$
zl4^c0iQEJwU-H{L>Nb$j__(qnW{H&R+Syp2)!00OvxtSW@7}Y&d7_ZqAOgD?=iQHQ
z69zth+q^K)P|ZbTXGxlrnsBh;7T`;Dv63FLk17Iuz}PYw2tLUZZXdpXW}HI|H!4OT
zLvw(qI!gyhZO1^GM=IxCX0o1GD7z=HVB#wX;fM;Jj_6M;rvL`Uvv01QhJHJ@`KEG^
zBlpzI?!s@Zm3SO{^Nqh5P1|t~!E3{`?_WtYntLM6t(nmW_
zhL34^?m;p`AM_YLW+Bktj{?f)CAA1f6s1sbbM1N#DvW(Y*`l4#Mw6AmPtDHv(i9?V
z3)5R1_BfF|e&Hr@)*l#~eB>tM-mLp+3)OAjotaR{u}R3wIkFVmso`wY=cEH09MC7d
zJah*zx#7`XO0cRiK6Q(JKD&%y8zPRu*H8VmI+XxyB-XwTu0B0Qw=R^@!?)~>nhuAx
zHGde>{-oySB&K#gwI6IazMQe**pKtOX(ZZqQeWqHH>ps<9GG;@D!tY|7#t(AMK-E0
z^TkKL(8Et6#Rwv>p_sS?xf+wR7a15e&T5>m&Z*{G4Zxihac%Fl&udveEK17i;
z(xt2`sN_663;9^J0oO+@eHgQDWZe*l8nbJ5!KL{R
z>+UO0Tv7UxlOwM-mk(>cxTIoYsr!tmyS;>LXNa#EDa{5f@FG0WLxa3fN=yMRwyDc@
zzj#@U$-($qpof}}pstzne4;bAiE(7QQIPza>FO5^?`LggGzrM`kcG5Xti;r>QLZG3
zz>M`JLKEwETvr(+w1<9^Fvvn0`XhZPL|{>8np8IcvnuGMDV7W{v!tLdOX%{2TV0cU
zQkU&>Ys`yA(w<)U^H*7=ID|*-qd119fFBVu4X3;69GktN1df
z!4=tzzuBB_UG;Ph4bSWxgvv!&PWT&
zGtapT${Lp%!7feb5fJv555m6*Ul^B~?d|eO)szofNhZ_zEgSDJy)32LPDv}%e8BbC921^T&-D{oagGOOOfI*3T+
z3Ui#xbkn|ZMwrd}!}fDgvxEFmk5uQ+ddi`a3J8KVM))Cm#)b9<&2MLjg&AJjY;ecg
zBhbYNEv3eEk041fWMi@XTyPO?q}|ZAOA4kV2ztbwX5!fZ4#P{(G-pGoX`uk*jSS4d
z{!gfPpf}1@CaWI5FSOOBvsrAH{pR~MdDUxBmL`8M5U<0_Czm_WGZ>#0=uQk|pmbor
z^!g%nBYAB*vhN|`3AibJmwpiRGl*tY8}HfpJvhT&z?c4K4veET@bD&*ZsZTQ5O`t9
zq*KW90)GAa=HD;CF#>n&x<#c8hH)c
zj<)pAf-b<%5S$nVJFQpJx`6#RuIjB1pbg!`f_ubD+yTT{OzcSaOx_?-c6Ca-3{+NM
zpw##Z3jzD1J6%6zQ+ONWZ2)>b%j~`GiaAQ3XRDKnNJs9Ai@#z`bLKs&{AM(ejx^Yp
zB=of+a;`67tLq*Gv9HTX%~s>PSX4f$sP^534F6?SXwtndV>-M0F+A$Ij(cRjhabxo
z@TihVRAGvJ?bXl7pVSGo^i;<2!MiHyd_1q15Dia>11N!wm)Y5nbe@V(N9M{cP>@oe
zOK&f;S~U4MOE6!xpHxG7^4NrZtqT=gyT7D*tveJ{xj%GhilxN4kYTYtS!0I_WXMU0
z*Cch5o;20dvA`PC{~>VA5WugBjV(^PknwvwcLcG&8Nl(#V0(CXBg$e;{~_R>8eI>C
zE9w!6i`kt~3LoKS8pglR(CS_3aC-QtyKGb8yt&__^Ca{uFlg4A?;!aI4%Z#4hPAi6
z)jlYr?myN&u|V^E$RKEa)O?UhjEn
zd|{HfmbbUcRn*ky8F-N)Eo{_sIxFeiZuddWDYF9<2=z}-Q|H5j*L$!k#7b-nN5{Z1
zY4K^iYA{-+nLkxRIipR^aQGhL-j=7^@x$)u0jy*2xJ_?ZG{_qrr!gpVqZaYH4>D7I
zgG2D94lJlQ^a_Glo|a%;lRUb_ba?q8m6-D;eN@1RjP+o0E6PLpVO{TMY-Lu`VO@cj
zIvh~egla=?E|BHvXzE0N(|{
zdt*)OajUUj0Qn(H2YGWbHJt0Nr%>=CVYlQ54xI_Tl3+))xNAtlJ$D#tA#NaJ2$~mm
zXptR>O&~A!A`d7!NZc(sp#r(*J@VPlzCEj_7kQJSD6EA|=K{D)IiPV`U+7W`X+3#8
z`sK8YJD{;Ze)<4=B(oV*ev|*n}Qch%J&D=s7OH>z?AZMPwQZT~g*s
zq+xz2gdNF2a%2Ze1Kqo6D^Oy(@G~LO*26wezOVyD3A5L}S~!oP@q+9%3lC3#Z5B_y
z-fF~GbW;=I&mTBQ2dw0kT)`lB0|**~KC4qj%Xh+}!<>I)LZ_h#E+pK`y@1#P{?p+;
zE?jCd*oJ@Hw^zQLWn}ksdYNw4Af%c6i%7KwCr)I}`uvq-b0)fO*-KDD9!b5W?cN^-
z@<1*uqD9#CD-E>6O1}{)AETPP(2UxZYGj$n-5PQZ^J_-5liC1F*nINy(sPS}{&pSb
zs9WNItKS0teSjgaW`t`nq>pE_jV6{Nmao$zejKDLM9+$ZfMRVi+4n5)o9ws)yrS_f_9Z+TF|XF8SoE|XNnX}qtvSJQP-
zP*uSs@o`~%GoweNsuMv?Y9!NTrR||8C}oi`KOfd>4-FW+8Da^cWdx&|Rj$RRa#NI`
zN))8JnY;0^YJc-^(>Qi*PQ^m=mCb)W$;VSQ7S^RdGFxH(n
z;BK
zSM0ud;s78j_A$3P^iDW;I#?{~5GXdAzXl&c;Eg{If5M7%bXsroy!EuacJV@Kp*1i=7YQLmF2$@LVt3HAY6Vx2kmAI1!<5qfg$d;1K`!vp$Mkp|pGa#1Ub
z%5&N(aX$Nsj(7tJrdw^b*8I`<@ID5tiTfx7FEw-zAq6e;RMm{yGM(~=ewPdr5lbCb
z8Z+YQrET5NL3TYU{tA9NXvWvIXQeG5`g+InTU-%A?TyE|T*wfRy#7s=UbFzo3LqQ*
zzN8YMpo&VRQv;Bs#z7w`L+$^hb#%%$m;z|h!(kk-Bjh5%pD$&&6!AI)K=Zb2!uhP!
zT>#lUhT=l$JT}9%CYM1>oy^J$-j&#aDl`WN
zzjW)AVnceCS+RvshwaZvuH;sM&MUBN)&XS`k-U2Sh|6%NvQ9GjKkB#YfZZPCmVwQo
z7etiHq10)s`v6drddwrbg?5?B#ZYu>s=Fk=nguwgFmEBL3JK1{P%(tg+MScyb
z%UA`vPgv{X$+e+wz>zwRQ0*PS)VNt|+HF7K>2cO=hvHKZa;7fX^&v)%>2ubRgX3cm
z>T&AumN(kfAg0P%VOrTbE?5eX1L+=Fu2kTJw5TV`v8QU>FEJP^X+5Qnh<*!oH+I<8
z#^+2uQrw38kUHvAdsBnGPcRJ@Aig(uYyrBp?J38s>M`Q<;JL!CyM>gxXNJke&-O}d
zsikkQmvxj!@C7j`hdj>CT%JR>I`Tq^YB$Tg(~|J+F9&I9eR9chBI2M*_5qo!ZT3K+
zIizRWC%Pp!l!==Fpy;QJv%;cMkZIQiIdwUBEkR1l6~~$f+NY^)%)6~Z8R~#IaN~o@
z%p7J8XLxKuQ37cl0F5JF%Ut>Ys&z$y~c>2
zdnEA!y7h=nX0i4~q`LYMC=WC8A`7~UFgl;OXHYmzIZwi9g7Lbc#*HsUvS^mm^peyu7aO;C0(ALFd`j04U>m%`SrRDwxoaA
zv8bYZuN$M<*59oWv6XS1p9lS{=L~ymdRWne?kXtQtvpbD)6Nj{`LQlt#ufO*&W(~g
z0)U?McGoi;#q3ky)1e4(n(d2`-z7S%dO3U^W@g@5pHKBWuwd=0d>IiPM9Ak7xQ(eU
zHT#9+Dy=jh>22GNKqm6KhpwDh%z~!hOQz%4bC7d6y-UvjxzWmi%EW&MfjbTyx~z)5
z^Y?@Hlo%sfho}AZLvEA8xftzFjCNxPqmF0=j!;D3}+)?Eevx%onhiaq=>t$9CG|2bw)bO->)TorL##fx_>Te7z
zo*Bq6n@Jz1`qk0Pit0`0<~2Vdesvs@t3DIOT#+l?v&{@Ga9D>Ytq>m_NbD#JinWrh
z4iFJ}Oll#tdnFJ0GSMs;w9D4fUOOIFwIbN&eY8E!oL_31Ox~V|Yo{c^wpA+FJS^u^
z!FF}FW8pQD+Ws1Th^!%Zk@Mli(+}IhZXZ4T$!s4Tfn<7&8X+v>UZA_$r{x|M>uq#R
zTgtt|rs3E)NwVtkRU
ziQosIiJNucyOaet(5M;XK2W!8*HafEzb*}E><@;-&!-py5gpGbW`Wll&nFF&Rs==1
z$s&4d*YZ?^Ef1|EZR~1%A`$NURjsX^!{GW)gjY$!)Q=usgHEJvc>??qw`SKyUe88M
ztz%DfwfeDUjg!)QT?q!tCT3p_dFKV#5nq1j@D3#w2{RBgI24VCSG?uEysi59;7;m@
z-3Y=rCq64bY6$H*N%lFRpR{(7HSlpKZTE~CpT~K8>5qb87W`
z7$2U09jaiLp?GAMZTrBU88stZnn^2jEO)OpU8N#kW-WNrKR1}5$C?$BC~yFX=;Wi1?Da5W
zzF2{y!cdt57U?C{Cec8}DEB$`@nx%9yQROAbt<6$)KIHol+$&zo>_~_#^=rMBJsw2
zvQ)GJtL^LmhX*!%AgC2$LVtD={tJnAe-G6B@0^7HCc@)?NNV^?AqfN!A#po&ReKC^
z+i4n_yCv9rWfD?Nsrg;jVT*D=smCPwQV
zTz`gRL0B-5t3)>WQ3HtH*X11S(zmo^fOrVkE2Ge+O(6aqrnPOCJsxK
z!;8<@$`tBcS0#U(l{0sJ@_an?Tc@$u&8my;ITzINerec*|20ZO_;OigdJT^e3;y;x
zejaqQd9TA<(J|dq;nUj!c?d=OvnTb{9=9$z=m~s?fkOV_wQ%@Y96T^cuA{Rpx7xmP
zF3R}=G%u6cCLnrxd2`xFN5H%J1^q2&Z%S;nFDnq`lMBC;(YDo4q3RSwi>wnrEqTlt
z*Qad?1{wj$)6K#pVav&QmNgZrKrUx0PLa<&`#0*)+d(ETmX%x>a3`j99N^x>e!)zk
ztf<`qtmkPz(2R^7vD&@5r(yxZCdE_o$u+rYD|rfe1G>r|e<-Wa#Tu$4t1Wal@Wjum
z^&^dK^80OLd*A<@Vmes_AhFID{|yd%6H
zS1$|(68#~Jtl_#p3h(EdO1R>=-^C|Un{FCJZ=F;>R&YVfY2!Gk>_F1FOJlsiI&==Q
zp}0B8%*7R&K&I#vN0~SwXuPR!G{gL9aJ%I`?K7ncAe4V~~rQp-3SvCRLf|Z>;rW*W{`z6x2$|G81Cti@|Zs
zXv(|Riq?-T2
z)0^4hz_Qq%Nh(WM+kQU0su)JTNA2$$2J8Olh?@CPH$@1aMvf`_`ttVE=pnSjLFwvesJp6!Hcntu(IF5T0hnBhz6Y{l-F<^23!P2d6j~&;A
znK2jSO&fRdg)uHUR8PSx4l>ZC08#W@6)ZT#{09zoEM2uJcigwPdVpPc745k
zLfN0%S#g;l`zX9PY%!V!0|>T@sTDtc!$xq>5uJ<^=7Z#O{}`(1xY@LR95^d@^jbnb
znNm8e4BSCBS1=+Vv#gok_O%d7v`!z9*!&#Nq|U&cZ|;rWE^PA^KGyT&8K@Q}TjU_r
z#IkS^_8>hZ&w$*xy79&w$*g^?udqKF)Drx=XO!TT&uJf^=a7k)GY)a~UN211jEmQ+Lce8pxt78S!VWYc0K-?nN
z{WwS?7dx~JrwA!AOvQvXRb=XKNHPaTUwQ}OV~
zd0xm~8NnZtKnE#{tB9p!!x15YUJnr~Ezw)B)$RI;82SAT)cW=A^cfkMMY%6PE5*1P
z&LAX3(>HbFC#9^~s6PspA2^i4uZ&IN7k#gk-nVT~>gwnp-K}TInPs$Hus?5^6_#Xi#JNX
zj;e%B)6dV)8AbKu)vLfaA%2iGFg&*BT3$It(?EJJU|<`>l<|FEM?LoB(%
zARo>6fEnHk36U#upCF9|76Im}(`#_}2;-&n=$UsIBl>Y$ubDyv=WNCq3sescR3z1Q
z<~UJHV1Up4E%>EvykpztDq2ges5Z98%n&_3{iNG3-+!{>76y?~S+(n<(U($DEryLB
zqzfZnmFs8E!G>7K+a$Zw8y`w3u`4?`nAN|G|sd`=3DN0R4I`B
ztXRQb#jvJzH`BooYE%UH4IIdcWWBYb=n>C`j45(BCelLF<1!lT@Cg)Fr0zF^8tj?O
zV{Y)pjnn#YVLu$UgpW=!f<1%O*szzjuqA<}^EjLit;u?X4M(-Guz0B501Vc9JNX^3
zY7k|M!(QbN50~W>E(1+zJ4<~*;?NKF+$J{BAAB@zp--xm{U{Lyq5!asM=(E^@&Gi
zM;@C(v=+Svngg`w;oopV^STh+qN4tC9LgtL0;|A2hKa9SMpqrALF8T
zsOoMx8y0pqm`QEY!$8F&Vu1Im
zs7{W+g&AB%MUI|c?G2>l(Y(BS9R?$85xV#h2zK33MJ|6US)jJD^GuMiL?0W`Am|_$
zxlWkivbppelDPWg;H6wR}GEX
z58o}hi@?tF?jm3DLk%6Za&pTW#5j5p0qtv79|>fQ!sTiv_xPfK_t|I7HW_u%5tefF
z(bXQcjjB4L0}}UJ+yU^g_!*KyB38r~!?f`2>TAGsr`*8t2PR%(cEsagS4|C@!lE4|
zG1kaoYynF=HABj6R~PilR8}W~#PyBN!`>WI+yReN-LH#3k_YVc{g}2NdToYg>{>m-
z9@SlN2X@!Z
zQ?Y-S`*e@Xu{N14-2Lrl{7Sk{z&zYsxt5q_u$7tvw<^52Cm8H2uwL
zPbj9-ArSls`Aw}w)wx4-(e-T2I>Q`&zin8a0p9O2a|m2mr+{$07oZX$EuooWz=d?3
zhPS;_blQE}3mqge;9wM_7S9U
zN1fFP$dUs{W#Ea3bKZ7~cT$cQkdkY-kYDoQvR0$w-{LO179ij*J~brk=>8;6ZT2~9
zvV11M-*puTN4onOtIfGF=;!pKZZ3R$B_vG9NbeB9%&=R=qV-)Ez=17;I-#L_a4Qe)y%t8@G}3*t
zPI9?J%R2OVJ4eJ_-CwZVfBZf?N}7V>_*9(aUK~;`A;dy#_~0b2?Fs=m6n>vc_c|aM
z3frAo_xcM?DEt|N=7!LZE#dQ7sSHvPyG?=dR=MWxSi`uv`4q=$P`MZdu?RTh-DW%A
zd$&HU_d|ozJ;22BB^{VYoyRQ+xuKR-i}LgtzUJ8?HjMt>YZoqmls=?f8DMGjP~%+L
zGDA~j@@fUx@=RwL{igXuCRx)068H=Xgof9KUHGhma&~87SH?^S9ZYDx-qnN3Wn`P;
ze*P$(!67nP?a{)OYxE%?AyPMx;mrYs*)<`eEBO1d=!CPd3^2NgqLkUfGZbq@qkptk
znoCcS5}MQtfv8UepEL>|-+a$H0p|hrjfau%$mRk8W{}OCOuwM-*O~JMEe9$9pZs7K
zuWC56?pJS(e^;l2m95hk27~N*@VEL5==psC$E3n3cH4=^kBvJaY#2y0u(qA(rg$F?
zUNvPighe*9GOkZtNWSk+`s&0JetSFJyVtpB`rN^JM#N7w^-Gkx|C#)F+So;KwUoCW@tV26|$9
z_l$iY>)c2*<4`#FHQc|0FCH{UzxGrmnhxbI^E>V$bnzY#q_H*dL7vrn`%c)SYL0Kek((7KSI
zD&K7YP$-bE4_#6sD^&^m3PX-Q`k}%k6T4i*ht2Qj68
z74_}5qA5JQ-5y|BrL8z#$3N;GURxWKk+``!9C)mZs8Vf}sNJO)DYylgRJPtp5|IZv
z6$)a05)vmop_<@hkp1ZN;gV)TvY#3L6;>n7mhU*121auO33B+ufQOtZS
zZ}_HGOAckP3Pm?iLL^bIKs2C>evpHT4<2*Us~s^S9?|GDIvzA8w&Olw=FG=lV+NE4YV;noR5J{0I*W83#H#_%M`eMqczNNE-MoQ&Iky9<$Mb3#^z;t(sWFqH`Z!Iet*flRNr5RKLZB^t
zGb0e|e%p=e$LpMP^RBUYJkOMY^Uh~oF4_!nVGAzVqC^qSUELBv@43&HD=|0@szZ)&
zE*WBEb#&k|Ws5R~zQ?xp5|;sJSHBKg$`bK{!YAo092}IeDpA&olA&9&Oe#y&&#rt6
zNQystTgDHD&rn6BWP<2WrvzV9X9W9|;z8COQM^}0?ar+WMMvJur8KDy_mTG2CA0<>
zn-IB)=3q=y$-A|N3R5CS@$rQ~5|cJK3e_y?B7Cy(9t~?5-_hmW#&3LwLxw`8&lBZ$
zu_^RE?>>Ti?+e9cDxK|}RJnTQ`sFIK`1q>gy}QxrplVK}O&@6>4BcM$)omJH0Gfn+
z`Bel*C)kotLlmBye7PXe_)e(4W1+F<+Kk3^B{_lVe1Oa*J)(sdy}j?$wLn@Pp!>x^
z(79^eN!H|bH2g)k=!ydS>+>zTf=6Ku-)Ue$&D)yfVFhQ;oMZjm3V-_UBRxfW+wxOI
zU^!;Ll&p!xs27n9bNe9MA*Nhdh>g$J`g2|TekHw&!(g|RQ)GdF$9#q%=1v~3)pmbe
zjPYVS?FeaP{uIGWO+2`WHtKmkvjQZGx-IKR^zoErs)9P5Fadf9+|7OEmaiOIBD|2H
zV1vF_ZJ*((G71dxXt?PC{E3*Cy{RxRwCI%g+f!s2vgpLS%?CuB^d&b*OzM-Pd~c>8
z)~h;Kn>Rm!>nOYWWZQOujs;YPgh)+}?N^mr;T%%+$=9BGonUEt0=yW^Kt}XtFJ{g5
zt_>!6=Y?$7pn7>!8}6{P(I8hvB*?~=3SeQwuuB_@3nlKjgN9Lfdi6qRupqX*K)%f2
zIq$dDXp;wd2!yu%K>EClP~Xi~w@tW~Lb8q3IUh!_auyFdu(_1|-J+N1zG}z3A#EGC
zN`1+ap{W=h3WKv=S8X4m&tjb|SgT>ae9GTRNG@|b;`$!2_rE|Oxcq7zes=N-H)`aj
zl_KsJYT;Q=d`kE8*+(;n8zCP0O7G$GB>CM80JIB6}aP<0iD0Ifh8O^!+534F%I
z91hw2JeIAxAn7!md$eG}rh0usQN1hl)8YD+T%57eT|!XMCh!6J+FW)NJ$fkY=!tiE
zj%zH)7@9VN$t!QdBrlWi-OgX~4eLfJ55V`boe;xlwzFSCl(Pjt@Yp3G
z7X=_aiIH2F#%a^X;R1O0wzDac$YzN|vEYw?N?`ui9wa2=wndv4)ycS4cjLlrluSVQ
zztZ?+#{7PgK=*)=bEFO(eTX_gXly_s`Gs=%r^Lrt{l%}AXCU_XO%-_jd)AbAo3v@hdc11+#w$edYI#8ynFZS4=ox}nPVng2`u6qo!gHZq?_Tic)XhF?r$E!xVdPg
zefnz#q)7w%kI!!|j)?)BHf&1bvA^t