refactor: 第三方接口

1、使用第三方平台ID登录
2、与系统用户绑定后返回访问令牌

@@ -71,10 +71,14 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
     public static final String WEBJARS_ENTRY_POINT = "/webjars/**";
     public static final String DEVICE_API_ENTRY_POINT = "/api/v1/**";
     public static final String FORM_BASED_LOGIN_ENTRY_POINT = "/api/auth/login";
+
+    //Thingskit function
     public static final String CODE_BASED_LOGIN_ENTRY_POINT = "/api/yt/auth/code/login";
+    public static final String[] YT_NOT_AUTH_API = new String[]{"/api/yt/auth/code/login","/api/yt/third/bind","/api/yt/third/login/*", "/api/yt/noauth/**"};
+
     public static final String PUBLIC_LOGIN_ENTRY_POINT = "/api/auth/login/public";
     public static final String TOKEN_REFRESH_ENTRY_POINT = "/api/auth/token";
-    protected static final String[] NON_TOKEN_BASED_AUTH_ENTRY_POINTS = new String[] {"/index.html", "/assets/**", "/static/**", "/api/noauth/**", "/webjars/**",  "/api/license/**", "/api/yt/noauth/**"};
+    protected static final String[] NON_TOKEN_BASED_AUTH_ENTRY_POINTS = new String[] {"/index.html", "/assets/**", "/static/**", "/api/noauth/**", "/webjars/**",  "/api/license/**"};
     public static final String TOKEN_BASED_AUTH_ENTRY_POINT = "/api/**";
     public static final String WS_TOKEN_BASED_AUTH_ENTRY_POINT = "/api/ws/**";
 
@@ -142,8 +146,12 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
 
     protected JwtTokenAuthenticationProcessingFilter buildJwtTokenAuthenticationProcessingFilter() throws Exception {
         List<String> pathsToSkip = new ArrayList<>(Arrays.asList(NON_TOKEN_BASED_AUTH_ENTRY_POINTS));
-        pathsToSkip.addAll(Arrays.asList(WS_TOKEN_BASED_AUTH_ENTRY_POINT, TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT,CODE_BASED_LOGIN_ENTRY_POINT,
+        pathsToSkip.addAll(Arrays.asList(WS_TOKEN_BASED_AUTH_ENTRY_POINT, TOKEN_REFRESH_ENTRY_POINT, FORM_BASED_LOGIN_ENTRY_POINT,
                 PUBLIC_LOGIN_ENTRY_POINT, DEVICE_API_ENTRY_POINT, WEBJARS_ENTRY_POINT));
+
+        //Thingskit function
+        pathsToSkip.addAll(Arrays.asList(YT_NOT_AUTH_API));
+
         SkipPathRequestMatcher matcher = new SkipPathRequestMatcher(pathsToSkip, TOKEN_BASED_AUTH_ENTRY_POINT);
         JwtTokenAuthenticationProcessingFilter filter
                 = new JwtTokenAuthenticationProcessingFilter(failureHandler, jwtHeaderTokenExtractor, matcher);
@@ -209,7 +217,10 @@ public class ThingsboardSecurityConfiguration extends WebSecurityConfigurerAdapt
                 .antMatchers(WEBJARS_ENTRY_POINT).permitAll() // Webjars
                 .antMatchers(DEVICE_API_ENTRY_POINT).permitAll() // Device HTTP Transport API
                 .antMatchers(FORM_BASED_LOGIN_ENTRY_POINT).permitAll() // Login end-point
-                .antMatchers(CODE_BASED_LOGIN_ENTRY_POINT).permitAll() // SmsCode Login end-point
+
+                //Thingskit function
+                .antMatchers(YT_NOT_AUTH_API).permitAll() // SmsCode Login end-point
+
                 .antMatchers(PUBLIC_LOGIN_ENTRY_POINT).permitAll() // Public login end-point
                 .antMatchers(TOKEN_REFRESH_ENTRY_POINT).permitAll() // Token refresh end-point
                 .antMatchers(NON_TOKEN_BASED_AUTH_ENTRY_POINTS).permitAll() // static resources, user activation and password reset end-points

@@ -4,10 +4,16 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
+import org.jetbrains.annotations.NotNull;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
+import org.thingsboard.server.common.data.StringUtils;
+import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.common.data.security.model.JwtToken;
 import org.thingsboard.server.common.data.yunteng.common.DeleteGroup;
 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
 import org.thingsboard.server.common.data.yunteng.dto.YtOpinionDTO;
@@ -20,6 +26,15 @@ import org.thingsboard.server.dao.yunteng.entities.YtOpinionEntity;
 import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity;
 import org.thingsboard.server.dao.yunteng.service.YtOpinionService;
 import org.thingsboard.server.dao.yunteng.service.YtThirdPlatformService;
+import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
+import org.thingsboard.server.service.security.auth.rest.LoginResponse;
+import org.thingsboard.server.service.security.model.JwtTokenPair;
+import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.model.UserPrincipal;
+import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
+import org.thingsboard.server.service.security.permission.Operation;
+
+import java.util.UUID;
 
 import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.*;
 
@@ -32,6 +47,8 @@ import static org.thingsboard.server.common.data.yunteng.constant.QueryConstant.
 @RequiredArgsConstructor
 public class YtThirdPlatformController extends BaseController {
 
+    private final JwtTokenFactory tokenFactory;
+    private final RefreshTokenRepository refreshTokenRepository;
     private final YtThirdPlatformService thirdService;
 
     @GetMapping(params = {PAGE_SIZE, PAGE})
@@ -47,14 +64,15 @@ public class YtThirdPlatformController extends BaseController {
 
 
         IPage<YtThirdUserEntity> pageInfrom = thirdService.getPage(page, pageSize, orderBy, orderType);
-        return thirdService.pageDatas(pageInfrom,platformName,name);
+        return thirdService.pageDatas(pageInfrom, platformName, name);
     }
 
-    @PostMapping
-    @ApiOperation("绑定|编辑")
-    public YtThirdUserDTO saveOrUpdateAlarmProfile(
+    @PostMapping("bind")
+    @ApiOperation("绑定")
+    public JwtTokenPair saveOrUpdateAlarmProfile(
             @Validated @RequestBody YtThirdUserDTO dto) throws ThingsboardException {
-        return thirdService.saveOrUpdate(dto);
+        String tbUserId = thirdService.saveOrUpdate(dto);
+        return buildJwtToken(tbUserId);
     }
 
     @DeleteMapping
@@ -65,5 +83,30 @@ public class YtThirdPlatformController extends BaseController {
         return thirdService.deleteDataByIds(deleteDTO);
     }
 
+    @GetMapping("login/{thirdId}")
+    @ApiOperation("第三方登录")
+    public JwtTokenPair login(@PathVariable("thirdId") String thirdId)
+            throws ThingsboardException {
+        String tbUserId = thirdService.login(thirdId);
+        return buildJwtToken(tbUserId);
+    }
+
+    @NotNull
+    private JwtTokenPair buildJwtToken(String tbUserId) {
+        String accessToken="";
+        String refreshToken="";
+        if(StringUtils.isNotEmpty(tbUserId)){
+            UserId userId = new UserId(UUID.fromString(tbUserId));
+            User user = userService.findUserById(null, userId);
+            UserCredentials credentials = userService.findUserCredentialsByUserId(user.getTenantId(), userId);
+            UserPrincipal principal = new UserPrincipal(UserPrincipal.Type.USER_NAME, user.getEmail());
+            SecurityUser securityUser = new SecurityUser(user, credentials.isEnabled(), principal);
+            accessToken = tokenFactory.createAccessJwtToken(securityUser).getToken();
+            refreshToken = refreshTokenRepository.requestRefreshToken(securityUser).getToken();
+
+        }
+        return new JwtTokenPair(accessToken, refreshToken);
+    }
+
 
 }

@@ -3,6 +3,7 @@ package org.thingsboard.server.common.data.yunteng.dto;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
+import org.thingsboard.server.common.data.yunteng.enums.LoginMethodEnum;
 import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
 
 import javax.validation.constraints.NotEmpty;
@@ -26,10 +27,17 @@ public class YtThirdUserDTO extends BaseDTO {
     @ApiModelProperty(value = "用户头像", required = false)
     private String avatarUrl;
 
-    @ApiModelProperty(value = "系统用户ID", required = true)
-    @NotEmpty(message = "系统用户ID不能为空")
+    @ApiModelProperty(value = "系统用户ID", required = false)
     private String appUserId;
 
+    @ApiModelProperty(value = "系统用户唯一标识，例如：用户ID、账号、手机号", required = true)
+    @NotEmpty(message = "系统用户唯一标识不能为空")
+    private String appUserKey;
+    @ApiModelProperty(value = "系统用户有效性验证密钥，例如：密码、短信验证码", required = true)
+    private String appUserSecret;
+    @ApiModelProperty(value = "有效性验证方式", required = true)
+    private LoginMethodEnum loginMethod;
+
 
 
 }

+package org.thingsboard.server.common.data.yunteng.enums;
+
+/** 登录方式
+ * @author Administrator*/
+public enum LoginMethodEnum {
+  ACCOUNT,
+  PHONE
+}

@@ -6,14 +6,30 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.fasterxml.jackson.databind.JsonNode;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.thingsboard.server.common.data.StringUtils;
+import org.thingsboard.server.common.data.audit.ActionType;
+import org.thingsboard.server.common.data.id.EntityId;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserId;
+import org.thingsboard.server.common.data.security.Authority;
+import org.thingsboard.server.common.data.yunteng.core.cache.CacheUtils;
 import org.thingsboard.server.common.data.yunteng.core.exception.YtDataValidationException;
 import org.thingsboard.server.common.data.yunteng.core.message.ErrorMessage;
 import org.thingsboard.server.common.data.yunteng.dto.DeleteDTO;
+import org.thingsboard.server.common.data.yunteng.dto.UserDetailsDTO;
 import org.thingsboard.server.common.data.yunteng.dto.YtOpinionDTO;
 import org.thingsboard.server.common.data.yunteng.dto.YtThirdUserDTO;
+import org.thingsboard.server.common.data.yunteng.dto.request.CodeTTL;
+import org.thingsboard.server.common.data.yunteng.enums.MessageTypeEnum;
+import org.thingsboard.server.common.data.yunteng.enums.MsgTemplatePurposeEnum;
 import org.thingsboard.server.common.data.yunteng.enums.ThirdPlatformEnum;
 import org.thingsboard.server.common.data.yunteng.utils.tools.YtPageData;
 import org.thingsboard.server.dao.yunteng.entities.User;
@@ -22,12 +38,15 @@ import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity;
 import org.thingsboard.server.dao.yunteng.mapper.UserMapper;
 import org.thingsboard.server.dao.yunteng.mapper.YtOpinionMapper;
 import org.thingsboard.server.dao.yunteng.mapper.YtThirdPlatformMapper;
-import org.thingsboard.server.dao.yunteng.service.AbstractBaseService;
-import org.thingsboard.server.dao.yunteng.service.UserOrganizationMappingService;
-import org.thingsboard.server.dao.yunteng.service.YtOpinionService;
-import org.thingsboard.server.dao.yunteng.service.YtThirdPlatformService;
+import org.thingsboard.server.dao.yunteng.service.*;
 
 import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.UUID;
+
+import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.CacheConfigKey.MOBILE_LOGIN_SMS_CODE;
+import static org.thingsboard.server.common.data.yunteng.constant.FastIotConstants.DEFAULT_DELIMITER;
 
 @Slf4j
 @Service
@@ -36,7 +55,8 @@ public class YtThirdPlatformServiceImpl extends AbstractBaseService<YtThirdPlatf
     implements YtThirdPlatformService {
 
   private final UserMapper userMapper;
-
+  private final CacheUtils cacheUtils;
+  private final PasswordEncoder passwordEncoder;
   @Override
   public YtPageData<YtThirdUserDTO> pageDatas(IPage<YtThirdUserEntity> pageInfrom, ThirdPlatformEnum platformName, String name) {
     Wrapper pageFilter = new QueryWrapper<YtThirdUserEntity>()
@@ -53,25 +73,95 @@ public class YtThirdPlatformServiceImpl extends AbstractBaseService<YtThirdPlatf
 
   @Override
   @Transactional(rollbackFor=Exception.class)
-  public YtThirdUserDTO saveOrUpdate(YtThirdUserDTO videoDTO) {
-    User user = userMapper.selectById(videoDTO.getAppUserId());
+  public String saveOrUpdate(YtThirdUserDTO dto) {
+    User user = null;
+    switch (dto.getLoginMethod()){
+      case PHONE:
+        user = checkPhoneCode(dto.getAppUserKey(),dto.getAppUserSecret());
+        break;
+      case ACCOUNT:
+        user = checkUsernamePassword(dto.getAppUserKey(),dto.getAppUserSecret());
+        break;
+    }
     if(user == null){
       throw new YtDataValidationException(ErrorMessage.USER_NOT_EXISTS.getMessage());
     }
-    if(StringUtils.isEmpty(user.getAvatar()) && StringUtils.isNotEmpty(videoDTO.getAvatarUrl())){
-      user.setAvatar(videoDTO.getAvatarUrl());
+    if(StringUtils.isEmpty(user.getAvatar()) && StringUtils.isNotEmpty(dto.getAvatarUrl())){
+      user.setAvatar(dto.getAvatarUrl());
       userMapper.updateById(user);
     }
     Wrapper filter = new QueryWrapper<YtThirdUserEntity>().lambda()
-            .eq(YtThirdUserEntity::getThirdUserId,videoDTO.getThirdUserId());
+            .eq(YtThirdUserEntity::getThirdUserId,dto.getThirdUserId());
     YtThirdUserEntity oldVideo = baseMapper.selectOne(filter);
     if (null == oldVideo) {
-      baseMapper.insert(videoDTO.getEntity(YtThirdUserEntity.class));
+      baseMapper.insert(dto.getEntity(YtThirdUserEntity.class));
     }else {
-      videoDTO.setId(oldVideo.getId());
-      baseMapper.updateById(videoDTO.getEntity(YtThirdUserEntity.class));
+      dto.setId(oldVideo.getId());
+      baseMapper.updateById(dto.getEntity(YtThirdUserEntity.class));
+    }
+    return user.getTbUser();
+  }
+
+  /**
+   * 验证用户名和密码有效性
+   * @param key     用户名
+   * @param secret  密码
+   * @return
+   */
+  private User checkUsernamePassword(String key,String secret){
+    Wrapper filter = new QueryWrapper<User>()
+            .lambda()
+            .eq(User::getUsername,key);
+    User user = userMapper.selectOne(filter);
+
+    if (user == null) {
+      throw new UsernameNotFoundException("User not found: " + key);
     }
-    return videoDTO;
+    if(!passwordEncoder.matches(secret, user.getPassword())){
+      throw new BadCredentialsException("Authentication Failed. Username or Password not valid.");
+    }
+    return user;
+  }
+
+  /**
+   * 验证手机号和验证码有效性
+   * @param key    手机号
+   * @param secret 验证码
+   * @return
+   */
+  private User checkPhoneCode(String key,String secret){
+    Wrapper filter = new QueryWrapper<User>()
+            .lambda()
+            .eq(User::getPhoneNumber,key);
+    User users = userMapper.selectOne(filter);
+    if (users == null) {
+      throw new UsernameNotFoundException("phone number not found: " + key);
+    }
+    String cacheKey =
+            MsgTemplatePurposeEnum.FOR_LOGIN.name()
+                    + DEFAULT_DELIMITER
+                    + MessageTypeEnum.PHONE_MESSAGE.name()
+                    + DEFAULT_DELIMITER
+                    + key;
+
+    boolean correct =
+            cacheUtils
+                    .get(MOBILE_LOGIN_SMS_CODE, cacheKey)
+                    .map(
+                            o -> {
+                              CodeTTL codeTTL = (CodeTTL) o;
+                              if (System.currentTimeMillis() - codeTTL.getSendTs() < 5 * 60 * 1000) {
+                                return Objects.equals(codeTTL.getCode(), secret);
+                              } else {
+                                return false;
+                              }
+                            })
+                    .orElse(false);
+    Optional<UserDetailsDTO> optionalUser;
+    if (!correct) {
+      throw new BadCredentialsException("验证码不正确");
+    }
+    return users;
   }
 
 
@@ -84,6 +174,10 @@ public class YtThirdPlatformServiceImpl extends AbstractBaseService<YtThirdPlatf
     return baseMapper.delete(filter) > 0;
   }
 
+  @Override
+  public String login(String thirdUserId) {
+    return baseMapper.login(thirdUserId);
+  }
 
   @Override
   public String accessToken(String appKey, String appSecret) {

 package org.thingsboard.server.dao.yunteng.mapper;
 
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.thingsboard.server.common.data.yunteng.dto.YtVideoDTO;
 import org.thingsboard.server.dao.yunteng.entities.YtThirdUserEntity;
 
+import java.util.List;
+
 /**
  * @author Administrator
  */
 @Mapper
 public interface YtThirdPlatformMapper extends BaseMapper<YtThirdUserEntity> {
+    /**
+     * 第三方登录接口
+     *
+     * @param thirdId
+     * @return
+     */
+    String login(@Param("thirdId") String thirdId);
 }

@@ -30,7 +30,7 @@ public interface YtThirdPlatformService extends BaseService<YtThirdUserEntity> {
      * @param dto
      * @return
      */
-    YtThirdUserDTO saveOrUpdate(YtThirdUserDTO dto);
+    String saveOrUpdate(YtThirdUserDTO dto);
 
     /**
      * @param deleteDTO
@@ -38,6 +38,13 @@ public interface YtThirdPlatformService extends BaseService<YtThirdUserEntity> {
      */
     boolean deleteDataByIds(DeleteDTO deleteDTO);
 
+    /**
+     * 第三方登录
+     * @param thirdUserId
+     * @return
+     */
+    String login(String thirdUserId);
+
 
 
 

+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+
+<mapper namespace="org.thingsboard.server.dao.yunteng.mapper.YtThirdPlatformMapper">
+
+    <select id="login" resultType="string">
+        SELECT sus.tb_user
+        FROM iotfs_third_user base
+        LEFT JOIN sys_user sus ON base.app_user_id = sus.id
+        <where>
+            <if test="thirdId !=null and thirdId !=''">
+                AND base.third_user_id = #{thirdId}
+            </if>
+        </where>
+    </select>
+
+
+</mapper>