syslog日誌系統——介面的設計
阿新 • • 發佈:2018-12-19
資料介面的返回報文
{
"code": 0,
"count": 0,
"data": {},
"msg": "string"
}
資料介面呼叫總是返回上述報文格式JSON資料,這裡的欄位設計是為了相容layui的資料表格取數介面。
code欄位
介面成功返回時為0,發生呼叫錯誤時不為0
msg欄位
介面呼叫的訊息資訊,發生呼叫錯誤時為錯誤描述資訊,建議是直觀友好的資訊能夠直接顯示給使用者看。
data欄位
介面呼叫返回的業務資料
count欄位
資料分頁時使用,資料的總行數,layui資料表格元件需要該欄位
登入介面例子
登入成功
{
"code": 0,
"msg": "",
"data": {
"password": "e10adc3949ba59abbe56e057f20f883e",
"user": "admin",
"token": "3b9ce276b01c46d3be5ffc75698782d2"
},
"count": 0
}
登入失敗
{
"msg": "密碼錯誤!",
"code": -1
}
資料介面的令牌token機制
先呼叫登入介面,成功登陸後返回令牌token,然後用令牌作為引數進一步呼叫後續的介面。
token引數建議使用@RequestHeader傳輸,可以避免與get請求衝突。
根據安全級別可以把介面劃分為兩類:不需要令牌token和需要令牌token
登入介面示例程式碼
@ApiOperation(value = "登入")
@ApiImplicitParams({
@ApiImplicitParam(name = "user", value = "使用者名稱", dataType = "String", paramType = "query"),
@ApiImplicitParam(name = "password", value = "密碼", dataType = "String", paramType = "query")
})
@RequestMapping (path = "/sys/login", method = RequestMethod.GET, produces = "application/json;charset=UTF-8")
@IgnoreToken
public ResponseData login(@RequestParam String user, @RequestParam String password) {
Map<String, Object> map = sysService.login(user, password);
return ResponseData.success(map);
}
需要令牌token的介面示例程式碼
@ApiOperation(value = "新增使用者")
@ApiImplicitParams({
@ApiImplicitParam(name = "token", value = "令牌", dataType = "String", paramType = "header"),
@ApiImplicitParam(name = "userName", value = "使用者名稱", dataType = "String", paramType = "query"),
@ApiImplicitParam(name = "password", value = "密碼", dataType = "String", paramType = "query"),
@ApiImplicitParam(name = "fullName", value = "全名", dataType = "String", paramType = "query"),
@ApiImplicitParam(name = "remark", value = "備註", dataType = "String", paramType = "query")
})
@RequestMapping(path = "/sys/addUser", method = RequestMethod.GET, produces = "application/json;charset=UTF-8")
public ResponseData addUser(@RequestHeader String token, @RequestParam String userName, @RequestParam String password, @RequestParam(required = false) String fullName, @RequestParam(required = false) String remark){
throw new SysException("功能未實現!");
}
@IgnoreToken與Spring的AOP機制
通過@IgnoreToken標記介面是否需要校驗令牌,利用Spring框架定義一個通用的切面,輕鬆實現許可權的統一校驗。
@IgnoreRule標記介面是否需要進一步校驗介面許可權。
@Before("execution(* syslog.controller.*.*(..)) && [email protected](syslog.IgnoreToken)")
public void checkToken(JoinPoint jp) throws Throwable {
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
HttpServletRequest request = attributes.getRequest();
String token = request.getHeader("token");
//校驗令牌
SessionUtil.checkSession(token);
//獲取切面攔截的方法
MethodInvocationProceedingJoinPoint methodPoint = (MethodInvocationProceedingJoinPoint)jp;
Field field = methodPoint.getClass().getDeclaredField("methodInvocation");
field.setAccessible(true);
ReflectiveMethodInvocation invocation = (ReflectiveMethodInvocation) field.get(methodPoint);
Method method = invocation.getMethod();
//校驗介面許可權
IgnoreRule ignoreRule = method.getDeclaredAnnotation(IgnoreRule.class);
if (ignoreRule != null)
return;
String className = jp.getTarget().getClass().getName();
String methodName = method.getName();
String ruleName = className + "." + methodName;
sysService.checkRule(token, ruleName);
}