预留使用患者密码作为key

src/main/java/thyyxxk/webserver/config/envionment/JcptMobile.java

@@ -14,5 +14,5 @@ public class JcptMobile {
     private Integer agentid;
     private String appid;
     private String url;
-    private String publicKey;
+    private String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDN7dqjx3C71g7P6qlcMHsnxawNSdgx7C0nHreDzAk0GFUO2xAkhxrYT9P2KQTPWzFQOje/DaxhWhJHssRQc8Q9lnaDZXta3wZvIvkLhW/NfJQNMLpOhYS6wyfTHrppSw/52TcxttmzmAEsza2ekkZbSvTwyVU4rIpKHyYt9r7bQIDAQAB";
 }

src/main/java/thyyxxk/webserver/controller/LoginController.java

@@ -30,14 +30,13 @@ public class LoginController {
 
     @PassToken
     @PostMapping("/login")
-    public ResultVo<UserInfo> login(@RequestBody UserInfo userInfo, HttpServletRequest request) {
-        return service.login(userInfo, request, true);
+    public ResultVo<UserInfo> login(@RequestBody UserInfo userInfo) {
+        return service.login(userInfo, true);
     }
 
-    @PassToken
     @GetMapping("/simpleLogin")
-    public ResultVo<UserInfo> simpleLogin(@RequestParam("code") String code, HttpServletRequest request) {
-        return service.simpleLogin(code, request);
+    public ResultVo<UserInfo> simpleLogin(@RequestParam("code") String code) {
+        return service.simpleLogin(code);
     }
 
     @GetMapping("/getWards")

src/main/java/thyyxxk/webserver/entity/login/UserInfo.java

@@ -8,6 +8,7 @@ import thyyxxk.webserver.constants.RestrictedDrugLevels;
 import thyyxxk.webserver.constants.Ysjb;
 import thyyxxk.webserver.utils.StringUtil;
 
+import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -16,8 +17,9 @@ import java.util.Map;
  * @author dj
  */
 @Data
-@Accessors(chain = true)
-public class UserInfo {
+public class UserInfo implements Serializable {
+
+    private static final long serialVersionUID = 1L;
 
     /**
      * 编码

src/main/java/thyyxxk/webserver/service/LoginService.java

@@ -28,10 +28,7 @@ import java.util.*;
 @RequiredArgsConstructor
 public class LoginService {
     private final LoginDao dao;
-    private final TokenService tokenService;
-    private final CorpWxSrvc srvc;
     private final UserCache userCache;
-    private final DeptCache deptCache;
     private final PublicServer publicServer;
     private final SendWxInfoService sendWxInfoService;
 
@@ -42,7 +39,7 @@ public class LoginService {
         private String newPwd;
     }
 
-    public ResultVo<UserInfo> login(UserInfo userInfo, HttpServletRequest request, boolean encrypt) {
+    public ResultVo<UserInfo> login(UserInfo userInfo, boolean encrypt) {
         UserInfo tempUserInfo = dao.findUserByCodeRsFromDjUserBase(userInfo.getCodeRs());
         if (null == tempUserInfo) {
             tempUserInfo = dao.findUserByCodeRsFromEmployeeMi(userInfo.getCodeRs());
@@ -58,7 +55,7 @@ public class LoginService {
         if (through) {
             return ResultVoUtil.fail(ExceptionEnum.INVALID_PASSWORD, userInfo);
         }
-        String token = TokenUtil.getInstance().createToken(tempUserInfo.getCode());
+        String token = TokenUtil.getInstance().createToken(tempUserInfo.getCode(), pwd);
         tempUserInfo = userCache.get(tempUserInfo.getCode());
         tempUserInfo.setToken(token);
         return ResultVoUtil.success(tempUserInfo);
@@ -92,12 +89,12 @@ public class LoginService {
         return ResultVoUtil.fail(ExceptionEnum.LOGICAL_ERROR, "验证码过期或者验证码错误。");
     }
 
-    public ResultVo<UserInfo> simpleLogin(String code, HttpServletRequest request) {
+    public ResultVo<UserInfo> simpleLogin(String code) {
         UserInfo us = dao.getUserInfoByCode(code);
         if (us == null) {
             return ResultVoUtil.fail(ExceptionEnum.NOT_EL_MESSAGE, "用户不存在");
         }
-        return login(us, request, false);
+        return login(us, false);
     }
 
     public ResultVo<List<CodeName>> getWards() {

src/main/java/thyyxxk/webserver/service/hutoolcache/UserCache.java

@@ -22,7 +22,7 @@ public class UserCache implements HutoolCacheInterface<UserInfo> {
     private final DeptCache deptCache;
     private static final int CACHE_SIZE = 512;
     private final Cache<String, UserInfo> cache = CacheUtil.newLFUCache(CACHE_SIZE);
-
+    private final Map<String, String> userPwd = new HashMap<>();
 
     @Override
     public void put(String key, UserInfo value) {
@@ -30,6 +30,11 @@ public class UserCache implements HutoolCacheInterface<UserInfo> {
             return;
         }
         cache.put(key, value);
+        userPwd.put(key, value.getPassword());
+    }
+
+    public String getUserPwd(String key) {
+        return userPwd.get(key);
     }
 
     @Override
@@ -42,7 +47,7 @@ public class UserCache implements HutoolCacheInterface<UserInfo> {
             userInfo = dbInfo(key);
             put(key, userInfo);
         }
-
+        userInfo.setPassword(null);
         return userInfo;
     }
 
@@ -61,6 +66,7 @@ public class UserCache implements HutoolCacheInterface<UserInfo> {
     @Override
     public void del(String key) {
         cache.remove(key);
+        userPwd.remove(key);
     }
 
     private UserInfo dbInfo(String code) {
@@ -122,6 +128,7 @@ public class UserCache implements HutoolCacheInterface<UserInfo> {
     @Override
     public void clear() {
         cache.clear();
+        userPwd.clear();
     }
 
     @Override

src/main/java/thyyxxk/webserver/service/settings/SettingsService.java

@@ -269,9 +269,9 @@ public class SettingsService {
         if (dao.doesThePersonnelNumberExist(userInfo.getCodeRs()) > 0) {
             return ResultVoUtil.fail(ExceptionEnum.LOGICAL_ERROR, "人事工号已存在,换一个.");
         }
-        userInfo.setCode("0" + publicServer.getPersonnelCode())
-                .setPyCode(PingYinUtils.pyShouZiMuDaXie(userInfo.getName()))
-                .setDCode(PingYinUtils.getWBCode(userInfo.getName()));
+        userInfo.setCode("0" + publicServer.getPersonnelCode());
+        userInfo.setPyCode(PingYinUtils.pyShouZiMuDaXie(userInfo.getName()));
+        userInfo.setDCode(PingYinUtils.getWBCode(userInfo.getName()));
         dao.saveEmployeeInfo(userInfo);
         dao.delPartTimeDeptByCode(userInfo.getCode());
         if (ListUtil.notBlank(userInfo.getPartTimeDept())) {

src/main/java/thyyxxk/webserver/utils/TokenUtil.java

@@ -2,6 +2,7 @@ package thyyxxk.webserver.utils;
 
 import cn.hutool.core.convert.Convert;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.extra.spring.SpringUtil;
 import cn.hutool.jwt.JWT;
 import cn.hutool.jwt.JWTUtil;
 import org.springframework.stereotype.Component;
@@ -9,6 +10,7 @@ import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import thyyxxk.webserver.config.exception.BizException;
 import thyyxxk.webserver.config.exception.ExceptionEnum;
+import thyyxxk.webserver.service.hutoolcache.UserCache;
 
 import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
@@ -22,6 +24,7 @@ import java.util.Objects;
 @Component
 public class TokenUtil {
     private static final String PRIVATE_KEY = "w2XS014bk6Ma7tYh";
+    private static final UserCache USER_CACHE = SpringUtil.getBean(UserCache.class);
 
     private TokenUtil() {
     }
@@ -39,7 +42,7 @@ public class TokenUtil {
         return INSTANCE;
     }
 
-    public String createToken(String code) {
+    public String createToken(String code, String pwd) {
         Map<String, Object> map = new HashMap<>();
         map.put("code", code);
         map.put("expire_time", System.currentTimeMillis() + 60 * 60 * 1000 * 240);
@@ -54,9 +57,16 @@ public class TokenUtil {
         if (now > expire_time) {
             throw new BizException(ExceptionEnum.TOKEN_EXPIRED);
         }
-        if (!JWTUtil.verify(token, PRIVATE_KEY.getBytes(StandardCharsets.UTF_8))) {
-            throw new BizException(ExceptionEnum.TOKEN_NOT_EXIST);
+        // 兼容老的
+        if (JWTUtil.verify(token, PRIVATE_KEY.getBytes(StandardCharsets.UTF_8))) {
+            return;
         }
+        String code = Convert.toStr(jwt.getPayload("code"));
+        String userPwd = USER_CACHE.getUserPwd(code);
+        if (JWTUtil.verify(token, userPwd.getBytes(StandardCharsets.UTF_8))) {
+            return;
+        }
+        throw new BizException(ExceptionEnum.TOKEN_NOT_EXIST);
     }
 
     public String getUserToken() {

src/main/resources/application-dev.yml

@@ -14,7 +14,7 @@ spring:
     cache: false
   datasource:
     dynamic:
-      primary: demo
+      primary: his
       strict: false
       datasource:
         his: