:lock: 安全性提升

src/main/java/com/szwl/aspect/HeadTokenInterceptor.java

@@ -0,0 +1,43 @@
+package com.szwl.aspect;
+
+import cn.hutool.core.util.StrUtil;
+import com.szwl.constant.ConfigConsts;
+import com.szwl.constant.ResponseCodesEnum;
+import com.szwl.exception.BizException;
+import com.szwl.manager.TokenManager;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+@Component
+@Slf4j
+public class HeadTokenInterceptor implements HandlerInterceptor {
+    @Autowired
+    private TokenManager tokenManager;
+    //在Controller执行之前调用，如果返回false，controller不执行
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        String uri = request.getRequestURI();
+        log.info("preHandle uri:{}",uri);
+        String ifFeign = request.getHeader(ConfigConsts.INNER_FEIGN);
+        boolean checkToken = tokenManager.checkToken(request);
+        if(checkToken|| StrUtil.equals("1",ifFeign)){
+            return true;
+        }
+        throw new BizException(ResponseCodesEnum.L0006);
+    }
+    //controller执行之后，且页面渲染之前调用
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+    }
+    //页面渲染之后调用，一般用于资源清理操作
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        tokenManager.removeThreadLocalUser();
+    }
+}

src/main/java/com/szwl/aspect/MyWebMvcConfigurer.java

@@ -0,0 +1,63 @@
+package com.szwl.aspect;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
+
+@Configuration
+public class MyWebMvcConfigurer extends WebMvcConfigurationSupport {
+    @Value("${swagger.url:[]}")
+    private String[] swaggerExcludes;
+    // 白名单
+    @Value("${permitAll.url:[]}")
+    private String[] permitAll;
+    @Autowired
+    private HeadTokenInterceptor headTokenInterceptor;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        // 自定义去除的路径
+        String[] myExcludes = {
+                "/EsApi/**",
+                "/tOrder/**",
+                "/tCoinOrder/**",
+                "/tNameDictionary/**"
+        };
+        registry.addInterceptor(headTokenInterceptor)
+                .addPathPatterns("/**")
+                // 排除swagger路径
+                .excludePathPatterns(swaggerExcludes)
+                // 排除白名单路径
+                .excludePathPatterns(permitAll)
+                // 排除自定义路径
+                .excludePathPatterns(myExcludes);
+
+        // 特别包含需要进行TOKEN检查的路径
+        for (String path : new String[]{
+                "/tOrder/pageOrder",
+                "/tOrder/getStatistics",
+                "/tOrder/getEquipmentStatistics"
+        }) {
+            registry.addInterceptor(headTokenInterceptor)
+                    .addPathPatterns(path);
+        }
+
+        // 添加Spring Security默认的拦截器
+        super.addInterceptors(registry);
+    }
+
+    /**
+     * 添加静态资源
+     *
+     * @param registry
+     */
+    @Override
+    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("swagger-ui.html").addResourceLocations("classpath:/META-INF/resources/");
+        registry.addResourceHandler("doc.html").addResourceLocations("classpath:/META-INF/resources/");
+        registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/");
+    }
+}

src/main/java/com/szwl/constant/ConfigConsts.java

@@ -12,4 +12,9 @@ public class ConfigConsts {
     public static final String AUTHORIZATION = "Authorization";
     public static final String INNER_FEIGN = "innerFeign";
     public static final String SUCCESS = "SUCCESS";
+
+    /**
+     * token时效性
+     */
+    public static final Integer TOKEN_EXPIRE_MINUTE = 120;
 }

src/main/java/com/szwl/controller/EsController.java

@@ -39,25 +39,26 @@ public class EsController {
     TCoinOrderService tCoinOrderService;
     @Autowired
     TOrderService orderService;
+
     @PostMapping("/saveEsTCoinOrder")
     @ApiOperation("同步CoinOrder表数据")
     public ResponseEntity<?> saveEsTCoinOrder(@RequestBody TCoinOrderParam param) {
-        try{
+        try {
             // 初始化旧流水
             int num = 0;
             while (true) {
-                int limit =1000;
-                int offset= num * 1000;
+                int limit = 1000;
+                int offset = num * 1000;
                 LambdaQueryWrapper<TCoinOrder> query = Wrappers.lambdaQuery();
-                query.gt(TCoinOrder::getCreateDate,param.getCreateDate_start());
-                query.lt(TCoinOrder::getCreateDate,param.getCreateDate_end());
+                query.gt(TCoinOrder::getCreateDate, param.getCreateDate_start());
+                query.lt(TCoinOrder::getCreateDate, param.getCreateDate_end());
 //            List<TCoinOrder> list_es = tCoinOrderService.list(query);
                 Page<TCoinOrder> page = new Page<>(offset, limit, true);
                 IPage<TCoinOrder> iPage = tCoinOrderService.page(page, query);
                 List<TCoinOrder> list_es = iPage.getRecords();
-                if(list_es.size()>0){
+                if (list_es.size() > 0) {
                     esTCoinOrderService.insertBatch(list_es);
-                    for(TCoinOrder order:list_es){
+                    for (TCoinOrder order : list_es) {
                         try {
                             esTCoinOrderService.updateDataById(order);
                         } catch (Exception e) {
@@ -66,7 +67,7 @@ public class EsController {
                     }
                 }
                 num++;
-                if(list_es.size()< 1000){ // 数据小于 最大值 ,证明后面已无数据，则跳出
+                if (list_es.size() < 1000) { // 数据小于 最大值 ,证明后面已无数据，则跳出
                     break;
                 }
             }
@@ -80,8 +81,8 @@ public class EsController {
 //                    esTCoinOrderService.updateDataById(coinOrder);
 //                }
 //            }
-        }catch (Exception e){
-            log.error("ElasticsearchRunner InitEsTOrderThread 发生错误：{}" , e);
+        } catch (Exception e) {
+            log.error("ElasticsearchRunner InitEsTOrderThread 发生错误：{}", e);
             throw new cn.com.crbank.ommo.exception.MyException("ElasticsearchRunner InitEsTOrderThread 发生错误：" + e.getMessage());
         }
         return ResponseEntity
@@ -95,7 +96,7 @@ public class EsController {
     @PostMapping("/saveEsTOrder")
     @ApiOperation("同步Order表数据")
     public ResponseEntity<?> saveEsTOrder(@RequestBody TOrderParam param) {
-        try{
+        try {
 //            时间跨度不要太大，晚上不要超过一个月，白天访问不要超过一天
             //从3月20号开始同步
             // 初始化旧流水
@@ -104,17 +105,17 @@ public class EsController {
             int num = 0;
             while (true) {
                 int limit = 1000;
-                int offset= num * 1000;
+                int offset = num * 1000;
                 LambdaQueryWrapper<TOrder> query = Wrappers.lambdaQuery();
-                query.gt(TOrder::getCreateDate,param.getCreateDate_start());
-                query.lt(TOrder::getCreateDate,param.getCreateDate_end());
-                query.eq(TOrder::getStatus,1);
+                query.gt(TOrder::getCreateDate, param.getCreateDate_start());
+                query.lt(TOrder::getCreateDate, param.getCreateDate_end());
+                query.eq(TOrder::getStatus, 1);
                 Page<TOrder> page = new Page<>(offset, limit, true);
                 IPage<TOrder> iPage = orderService.page(page, query);
                 List<TOrder> list_es = iPage.getRecords();
-                if(list_es.size()>0){
+                if (list_es.size() > 0) {
                     esTOrderService.insertBatch(list_es);
-                    for(TOrder order:list_es){
+                    for (TOrder order : list_es) {
                         try {
                             esTOrderService.updateDataById(order);
                         } catch (Exception e) {
@@ -123,7 +124,7 @@ public class EsController {
                     }
                 }
                 num++;
-                if(list_es.size()< 1000){ // 数据小于 最大值 ,证明后面已无数据，则跳出
+                if (list_es.size() < 1000) { // 数据小于 最大值 ,证明后面已无数据，则跳出
                     break;
                 }
             }
@@ -131,17 +132,17 @@ public class EsController {
             int num2 = 0;
             while (true) {
                 int limit = 1000;
-                int offset= num2 * 1000;
+                int offset = num2 * 1000;
                 LambdaQueryWrapper<TOrder> query = Wrappers.lambdaQuery();
-                query.gt(TOrder::getCreateDate,param.getCreateDate_start());
-                query.lt(TOrder::getCreateDate,param.getCreateDate_end());
-                query.eq(TOrder::getStatus,3);
+                query.gt(TOrder::getCreateDate, param.getCreateDate_start());
+                query.lt(TOrder::getCreateDate, param.getCreateDate_end());
+                query.eq(TOrder::getStatus, 3);
                 Page<TOrder> page = new Page<>(offset, limit, true);
                 IPage<TOrder> iPage = orderService.page(page, query);
                 List<TOrder> list_es = iPage.getRecords();
-                if(list_es.size()>0){
+                if (list_es.size() > 0) {
                     esTOrderService.insertBatch(list_es);
-                    for(TOrder order:list_es){
+                    for (TOrder order : list_es) {
                         try {
                             esTOrderService.updateDataById(order);
                         } catch (Exception e) {
@@ -150,12 +151,12 @@ public class EsController {
                     }
                 }
                 num2++;
-                if(list_es.size()< 1000){ // 数据小于 最大值 ,证明后面已无数据，则跳出
+                if (list_es.size() < 1000) { // 数据小于 最大值 ,证明后面已无数据，则跳出
                     break;
                 }
             }
-        }catch (Exception e){
-            log.error("ElasticsearchRunner InitEsTOrderThread 发生错误：{}" , e);
+        } catch (Exception e) {
+            log.error("ElasticsearchRunner InitEsTOrderThread 发生错误：{}", e);
             throw new cn.com.crbank.ommo.exception.MyException("ElasticsearchRunner InitEsTOrderThread 发生错误：" + e.getMessage());
         }
         return ResponseEntity
@@ -167,13 +168,13 @@ public class EsController {
 
     @ApiOperation("删除订单号")
     @GetMapping("/deleteData")
-    public ResponseModel<?> deleteData(String sn){
+    public ResponseModel<?> deleteData(String sn) {
         LambdaQueryWrapper<TCoinOrder> snQuery = Wrappers.lambdaQuery();
-        snQuery.eq(TCoinOrder::getSn,sn);
+        snQuery.eq(TCoinOrder::getSn, sn);
         List<TCoinOrder> coinOrderList = tCoinOrderService.list(snQuery);
-        try{
-            if(coinOrderList.size() > 1) {
-                for(int i = 1; i < coinOrderList.size(); i++) {
+        try {
+            if (coinOrderList.size() > 1) {
+                for (int i = 1; i < coinOrderList.size(); i++) {
                     TCoinOrder coinOrder = coinOrderList.get(i);
                     Long id = coinOrder.getId();
                     tCoinOrderService.removeById(id);
@@ -181,7 +182,7 @@ public class EsController {
                 }
             }
         } catch (Exception e) {
-            log.error("ElasticsearchRunner deleteData 发生错误：{}" , e);
+            log.error("ElasticsearchRunner deleteData 发生错误：{}", e);
         }
         return R.ok();
     }

src/main/java/com/szwl/controller/TOrderController.java

@@ -15,11 +15,14 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.szwl.common.aop.LogAnnotation;
 import com.szwl.constant.ConfigConsts;
 import com.szwl.constant.ResponseCodesEnum;
+import com.szwl.exception.BizException;
 import com.szwl.feign.SzwlFeign;
+import com.szwl.manager.TokenManager;
 import com.szwl.model.bean.*;
 import com.szwl.model.bo.JsonMessage;
 import com.szwl.model.bo.R;
 import com.szwl.model.bo.ResponseModel;
+import com.szwl.model.bo.UserDetailBO;
 import com.szwl.model.dto.OrderDto;
 import com.szwl.model.entity.*;
 import com.szwl.model.excel.CoinOrderTarget;
@@ -82,6 +85,8 @@ public class TOrderController {
     SzwlFeign szwlFeign;
     @Autowired
     TOrderDetailsService orderDetailsService;
+    @Autowired
+    TokenManager tokenManager;
 
     @ApiOperation(value = "订单列表")
     @GetMapping("/pageOrder")
@@ -90,8 +95,14 @@ public class TOrderController {
                                              String payType, String productNo, String clientId,
                                              String trxNo, String dateType, String startDate,
                                              String companyType, String machineType, String endDate, long current, long size) {
+
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String authId = userDetailBO.getId().toString();
+        String username = userDetailBO.getUsername();
+
         //判断当前账号状态
-        TAdmin admin = R.getDataIfSuccess(szwlFeign.getAdmin(adminId));
+        TAdmin admin = R.getDataIfSuccess(szwlFeign.getAdmin(authId));
         if (StringUtils.isEmpty(type)) {
             if (StringUtils.isNotEmpty(admin.getIfForeign())) {
                 // 0 国内，1 海外
@@ -109,9 +120,9 @@ public class TOrderController {
         //0,线上 -》 国内
         if (type.equals("0")) {
             LambdaQueryWrapper<TOrder> query = Wrappers.lambdaQuery();
-            if (!userName.equals("admin")) {
-                if (StringUtils.isNotEmpty(userName)) {
-                    ResponseModel<TAdmin> adminByUsername = szwlFeign.getAdminByUsername(userName);
+            if (!username.equals("admin")) {
+                if (StringUtils.isNotEmpty(username)) {
+                    ResponseModel<TAdmin> adminByUsername = szwlFeign.getAdminByUsername(username);
                     TAdmin data = adminByUsername.getData();
                     if (data == null || data.getId() == null) {
                         return R.fail(ResponseCodesEnum.A0001, "找不到商家");
@@ -124,7 +135,7 @@ public class TOrderController {
                             //查找子账户所管理的机器
                             TAdminEquipment adminEquipment = R.getDataIfSuccess(szwlFeign.getClientIdList(String.valueOf(admin.getId())));
                             if (!adminEquipment.getType().equals("0")) {
-                                List<String> list = R.getDataIfSuccess(szwlFeign.getClientIds(adminId));
+                                List<String> list = R.getDataIfSuccess(szwlFeign.getClientIds(authId));
                                 if (list == null || list.isEmpty()) {
                                     return R.fail(ResponseCodesEnum.A0001, "没有机器/no machine");
                                 }
@@ -140,7 +151,7 @@ public class TOrderController {
                             if (admin.getType() > 1) {
                                 if (adminType.equals("all")) {
                                     //查找所有下级
-                                    List<Long> admidIdList = R.getDataIfSuccess(szwlFeign.getAdminIdList(adminId));
+                                    List<Long> admidIdList = R.getDataIfSuccess(szwlFeign.getAdminIdList(authId));
                                     query.in(TOrder::getAdminId, admidIdList);
                                 }
                             }
@@ -166,7 +177,7 @@ public class TOrderController {
                             //商家 判断是否子账户
                             if (admin.getIsAdmined()) {
                                 //商家自己
-                                query.eq(TOrder::getAdminId, adminId);
+                                query.eq(TOrder::getAdminId, authId);
                             } else {
                                 //商家 子账户
                                 //登录账户为子账户 不查下级 只查对应机器的订单
@@ -268,7 +279,7 @@ public class TOrderController {
                             e.printStackTrace();
                         }
                     }
-                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(userName)) {
+                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(username)) {
                         try {
                             query.gt(TOrder::getCreateDate, getStartTime(new Date()));
                             query.lt(TOrder::getCreateDate, getEndTime(new Date()));
@@ -293,7 +304,7 @@ public class TOrderController {
                             e.printStackTrace();
                         }
                     }
-                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(userName)) {
+                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(username)) {
                         try {
                             query.gt(TOrder::getRefundDate, getStartTime(new Date()));
                             query.lt(TOrder::getRefundDate, getEndTime(new Date()));
@@ -357,13 +368,13 @@ public class TOrderController {
         //1,海外
         if (type.equals("1")) {
             LambdaQueryWrapper<TCoinOrder> query = Wrappers.lambdaQuery();
-            if (!userName.equals("admin")) {
+            if (!username.equals("admin")) {
                 // 如果为账户
                 if (admin.getType() > 2) {
-                    userName = null;
+                    username = null;
                 }
-                if (StringUtils.isNotEmpty(userName)) {
-                    ResponseModel<TAdmin> adminByUsername = szwlFeign.getAdminByUsername(userName);
+                if (StringUtils.isNotEmpty(username)) {
+                    ResponseModel<TAdmin> adminByUsername = szwlFeign.getAdminByUsername(username);
                     TAdmin data = adminByUsername.getData();
                     if (data == null || data.getId() == null) {
                         return R.fail(ResponseCodesEnum.A0001, "找不到商家");
@@ -376,7 +387,7 @@ public class TOrderController {
                             //查找子账户所管理的机器
                             TAdminEquipment adminEquipment = R.getDataIfSuccess(szwlFeign.getClientIdList(String.valueOf(admin.getId())));
                             if (!adminEquipment.getType().equals("0")) {
-                                List<String> list = R.getDataIfSuccess(szwlFeign.getClientIds(adminId));
+                                List<String> list = R.getDataIfSuccess(szwlFeign.getClientIds(authId));
                                 if (list == null || list.isEmpty()) {
                                     return R.fail(ResponseCodesEnum.A0001, "没有机器/no machine");
                                 }
@@ -390,7 +401,7 @@ public class TOrderController {
                         if (admin.getIsAdmined() && admin.getType() > 1) {
                             if ("all".equals(adminType)) {
                                 //查找所有下级
-                                List<Long> admidIdList = R.getDataIfSuccess(szwlFeign.getAdminIdList(adminId));
+                                List<Long> admidIdList = R.getDataIfSuccess(szwlFeign.getAdminIdList(authId));
                                 query.in(TCoinOrder::getAdminId, admidIdList);
                             }
                         } else {
@@ -415,7 +426,7 @@ public class TOrderController {
                             //商家 判断是否子账户
                             if (admin.getIsAdmined()) {
                                 //商家自己
-                                query.eq(TCoinOrder::getAdminId, adminId);
+                                query.eq(TCoinOrder::getAdminId, authId);
                             } else {
                                 //商家 子账户
                                 //登录账户为子账户 不查下级 只查对应机器的订单
@@ -510,7 +521,7 @@ public class TOrderController {
                             e.printStackTrace();
                         }
                     }
-                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(userName)) {
+                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(username)) {
                         try {
                             query.gt(TCoinOrder::getCreateDate, getStartTime(new Date()));
                             query.lt(TCoinOrder::getCreateDate, getEndTime(new Date()));
@@ -535,7 +546,7 @@ public class TOrderController {
                             e.printStackTrace();
                         }
                     }
-                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(userName)) {
+                    if (StringUtils.isEmpty(startDate) && StringUtils.isEmpty(endDate) && StringUtils.isEmpty(sn) && StringUtils.isEmpty(trxNo) && StringUtils.isEmpty(clientId) && StringUtils.isEmpty(username)) {
                         try {
                             query.gt(TCoinOrder::getRefundDate, getStartTime(new Date()));
                             query.lt(TCoinOrder::getRefundDate, getEndTime(new Date()));
@@ -643,10 +654,14 @@ public class TOrderController {
     @ApiOperation(value = "获取首页数据统计")
     @PostMapping("/getStatistics")
     public ResponseEntity<?> getStatistics(@RequestBody StatisticsParam param) {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
+
         //  判断是否为外国
         log.info("param:{}", param);
-        String adminId = param.getAdminId();
-        TAdmin admin = R.getDataIfSuccess(szwlFeign.getAdmin(param.getAdminId()));
+//        String adminId = param.getAdminId();
+        TAdmin admin = R.getDataIfSuccess(szwlFeign.getAdmin(adminId));
         if (admin.getType() < 2) {
             // 如果是超管或公司人员
             param.setAdminId(null);
@@ -672,7 +687,7 @@ public class TOrderController {
                 param.setCompanyType("1");
             }
         } else {
-            param.setIfForeign(isForeignUser(param.getAdminId()));
+            param.setIfForeign(isForeignUser(adminId));
             if (admin.getType() == 2) {
                 //商家
                 if (param.getEquipmentId() != null && !param.getEquipmentId().isEmpty()) {
@@ -835,14 +850,17 @@ public class TOrderController {
     @ApiOperation(value = "机器销售排行统计")
     @PostMapping("/getEquipmentStatistics")
     public ResponseEntity<?> getEquipmentStatistics(@RequestBody StatisticsParam param) {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
         //  判断是否为外国
-        param.setIfForeign(isForeignUser(param.getAdminId()));
+        param.setIfForeign(isForeignUser(adminId));
         log.info("param:{}", param);
         FgObjectUtil.objectNullOrEmptySel(param, "chartType$");
-        String adminId = param.getAdminId();
+//        String adminId = param.getAdminId();
         ChartColumn chartColumn = new ChartColumn();
-        if (StringUtils.isNotEmpty(param.getAdminId())) {
-            TAdmin admin = R.getDataIfSuccess(szwlFeign.getAdmin(String.valueOf(param.getAdminId())));
+        if (StringUtils.isNotEmpty(adminId)) {
+            TAdmin admin = R.getDataIfSuccess(szwlFeign.getAdmin(String.valueOf(adminId)));
             // 申泽平台管理员
             if (admin.getId() == 2738) {
                 param.setCompanyType("0");

src/main/java/com/szwl/manager/TokenManager.java

@@ -0,0 +1,115 @@
+package com.szwl.manager;
+
+import cn.hutool.core.thread.threadlocal.NamedThreadLocal;
+import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSON;
+import com.szwl.constant.ConfigConsts;
+import com.szwl.model.bo.UserDetailBO;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.concurrent.TimeUnit;
+@Slf4j
+@Component
+public class TokenManager {
+    private static ThreadLocal<UserDetailBO> threadLocal = new NamedThreadLocal<>("order");
+    @Autowired
+    private RedisTemplate<String, String> redisTemplate;
+
+    /**
+     * 校验token
+     * @param request
+     * @return
+     */
+    public boolean checkToken(HttpServletRequest request){
+        String token = request.getHeader(ConfigConsts.AUTHORIZATION);
+        if(StrUtil.isEmpty(token)){
+            return false;
+        }
+        UserDetailBO details = getUserDetails(token);
+        if (null!= details) {
+            threadLocal.set(details);
+            updateAuthenticationExpire(token);
+            return true;
+        }
+        //登陆凭证已过期或不可用
+        log.info("--token {} is expired", token);
+        return false;
+    }
+
+    /**
+     * 获取登录用户
+     * @return
+     */
+    public UserDetailBO getLoginUserDetails() {
+        return threadLocal.get();
+    }
+
+    /**
+     * 清除 threadLocal
+     */
+    public void removeThreadLocalUser(){
+        threadLocal.remove();
+    }
+    /**
+     * 根据token查找认证信息
+     *
+     * @param token
+     * @return
+     */
+    public UserDetailBO getUserDetails(String token) {
+        String val = redisTemplate.opsForValue().get(token);
+        if (StringUtils.isNotEmpty(val)) {
+            try {
+                UserDetailBO details = JSON.parseObject(val, UserDetailBO.class);
+                return details;
+            } catch (Exception e) {
+                return null;
+            }
+        }
+        return null;
+    }
+
+    /**
+     * 保存用户信息
+     *
+     * @param token
+     * @param userDetails
+     */
+    public void saveAuthentication(String token, UserDetailBO userDetails) {
+        saveAuthentication(token, userDetails, ConfigConsts.TOKEN_EXPIRE_MINUTE, TimeUnit.MINUTES);
+    }
+
+    /**
+     * 保存用户信息
+     *
+     * @param token
+     * @param userDetails
+     */
+    public void saveAuthentication(String token, UserDetailBO userDetails, int timeout, TimeUnit timeUnit) {
+        userDetails.setCurrentToken(token);
+        redisTemplate.opsForValue().set(token, JSON.toJSONString(userDetails), timeout, timeUnit);
+    }
+
+    /**
+     * 删除用户认证信息
+     *
+     * @param token
+     */
+    public void deleteAuthentication(String token) {
+        redisTemplate.delete(token);
+    }
+
+    /**
+     * 更新用户认证的时效，防止一直操作但token过期
+     *
+     * @param token
+     */
+    public void updateAuthenticationExpire(String token) {
+        redisTemplate.expire(token, ConfigConsts.TOKEN_EXPIRE_MINUTE, TimeUnit.MINUTES);
+    }
+}

src/main/java/com/szwl/model/bo/UserDetailBO.java

@@ -0,0 +1,23 @@
+package com.szwl.model.bo;
+
+import com.szwl.model.entity.TAdmin;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+
+import java.util.List;
+
+@Data
+public class UserDetailBO extends TAdmin {
+    /**
+     * 当前IP地址
+     */
+    private String currentIp;
+
+    /**
+     * 当前token
+     */
+    private String currentToken;
+
+    @ApiModelProperty("菜单code list")
+    List<String> menuCodeList;
+}

src/main/java/com/szwl/model/utils/HttpClientUtils.java

@@ -59,7 +59,7 @@ public final class HttpClientUtils {
 //    public final static String Es_Order_Url = "http://app.sunzee.com.cn/ShenzeeServer/EsApi/getOrder";
     public final static String CoinOrder_Url = "http://app.sunzee.com.cn/ShenzeeServer/EsApi/getCoinOrder";
 //    public final static String Es_CoinOrder_Url = "http://app.sunzee.com.cn/ShenzeeServer/EsApi/getCoinOrder";
-public final static String Equipment_Url = "http://app.sunzee.com.cn/ShenzeeServer/EsApi/getEquipment";
+    public final static String Equipment_Url = "http://app.sunzee.com.cn/ShenzeeServer/EsApi/getEquipment";
     public final static String Update_Equipment_Url = "http://app.sunzee.com.cn/ShenzeeServer/EsApi/updateEquipment";
     private HttpClientUtils() {
     }