1. 程式人生 > >syslog日誌系統——介面的設計

syslog日誌系統——介面的設計

資料介面的返回報文

{
  "code": 0,
  "count": 0,
  "data": {},
  "msg": "string"
}

資料介面呼叫總是返回上述報文格式JSON資料,這裡的欄位設計是為了相容layui的資料表格取數介面。

code欄位

介面成功返回時為0,發生呼叫錯誤時不為0

msg欄位

介面呼叫的訊息資訊,發生呼叫錯誤時為錯誤描述資訊,建議是直觀友好的資訊能夠直接顯示給使用者看。

data欄位

介面呼叫返回的業務資料

count欄位

資料分頁時使用,資料的總行數,layui資料表格元件需要該欄位

登入介面例子

登入成功

{
  "code": 0,
  "msg": "",
"data": { "password": "e10adc3949ba59abbe56e057f20f883e", "user": "admin", "token": "3b9ce276b01c46d3be5ffc75698782d2" }, "count": 0 }

登入失敗

{
  "msg": "密碼錯誤!",
  "code": -1
}

資料介面的令牌token機制

先呼叫登入介面,成功登陸後返回令牌token,然後用令牌作為引數進一步呼叫後續的介面。
token引數建議使用@RequestHeader傳輸,可以避免與get請求衝突。
根據安全級別可以把介面劃分為兩類:不需要令牌token和需要令牌token

登入介面示例程式碼

    @ApiOperation(value = "登入")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "user", value = "使用者名稱", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "password", value = "密碼", dataType = "String", paramType = "query")
    })
    @RequestMapping
(path = "/sys/login", method = RequestMethod.GET, produces = "application/json;charset=UTF-8") @IgnoreToken public ResponseData login(@RequestParam String user, @RequestParam String password) { Map<String, Object> map = sysService.login(user, password); return ResponseData.success(map); }

需要令牌token的介面示例程式碼

    @ApiOperation(value = "新增使用者")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "token", value = "令牌", dataType = "String", paramType = "header"),
            @ApiImplicitParam(name = "userName", value = "使用者名稱", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "password", value = "密碼", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "fullName", value = "全名", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "remark", value = "備註", dataType = "String", paramType = "query")
    })
    @RequestMapping(path = "/sys/addUser", method = RequestMethod.GET, produces = "application/json;charset=UTF-8")
    public ResponseData addUser(@RequestHeader String token, @RequestParam String userName, @RequestParam String password, @RequestParam(required = false) String fullName, @RequestParam(required = false) String remark){

        throw new SysException("功能未實現!");
    }

@IgnoreToken與Spring的AOP機制

通過@IgnoreToken標記介面是否需要校驗令牌,利用Spring框架定義一個通用的切面,輕鬆實現許可權的統一校驗。
@IgnoreRule標記介面是否需要進一步校驗介面許可權。

    @Before("execution(* syslog.controller.*.*(..)) && [email protected](syslog.IgnoreToken)")
    public void checkToken(JoinPoint jp) throws Throwable {
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attributes.getRequest();
        String token = request.getHeader("token");
        //校驗令牌
        SessionUtil.checkSession(token);

       //獲取切面攔截的方法
        MethodInvocationProceedingJoinPoint methodPoint = (MethodInvocationProceedingJoinPoint)jp;
        Field field = methodPoint.getClass().getDeclaredField("methodInvocation");
        field.setAccessible(true);
        ReflectiveMethodInvocation invocation = (ReflectiveMethodInvocation) field.get(methodPoint);
        Method method = invocation.getMethod();

        //校驗介面許可權
        IgnoreRule ignoreRule = method.getDeclaredAnnotation(IgnoreRule.class);
        if (ignoreRule != null)
            return;
        String className = jp.getTarget().getClass().getName();
        String methodName = method.getName();
        String ruleName = className + "." + methodName;
        sysService.checkRule(token, ruleName);
    }