syslog日志系统——接口的设计

数据接口的返回报文

{
  "code": 0,
  "count": 0,
  "data": {},
  "msg": "string"
}

数据接口调用总是返回上述报文格式JSON数据，这里的字段设计是为了兼容layui的数据表格取数接口。

code字段

接口成功返回时为0，发生调用错误时不为0

msg字段

接口调用的消息信息，发生调用错误时为错误描述信息，建议是直观友好的信息能够直接显示给用户看。

data字段

接口调用返回的业务数据

count字段

数据分页时使用，数据的总行数，layui数据表格组件需要该字段

登录接口例子

登录成功

{
  "code": 0,
  "msg": "",
  "data": {
    "password": "e10adc3949ba59abbe56e057f20f883e",
    "user": "admin",
    "token": "3b9ce276b01c46d3be5ffc75698782d2"
  },
  "count": 0
}

登录失败

{
  "msg": "密码错误！",
  "code": -1
}

数据接口的令牌token机制

先调用登录接口，成功登陆后返回令牌token，然后用令牌作为参数进一步调用后续的接口。
token参数建议使用@RequestHeader传输，可以避免与get请求冲突。
根据安全级别可以把接口划分为两类：不需要令牌token和需要令牌token

登录接口示例代码

    @ApiOperation(value = "登录")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "user", value = "用户名", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "password", value = "密码", dataType = "String", paramType = "query")
    })
    @RequestMapping(path = "/sys/login", method = RequestMethod.GET, produces = "application/json;charset=UTF-8")
    @IgnoreToken
    public ResponseData login(@RequestParam String user, @RequestParam String password) {

        Map<String, Object> map = sysService.login(user, password);

        return ResponseData.success(map);
    }

需要令牌token的接口示例代码

    @ApiOperation(value = "新增用户")
    @ApiImplicitParams({
            @ApiImplicitParam(name = "token", value = "令牌", dataType = "String", paramType = "header"),
            @ApiImplicitParam(name = "userName", value = "用户名", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "password", value = "密码", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "fullName", value = "全名", dataType = "String", paramType = "query"),
            @ApiImplicitParam(name = "remark", value = "备注", dataType = "String", paramType = "query")
    })
    @RequestMapping(path = "/sys/addUser", method = RequestMethod.GET, produces = "application/json;charset=UTF-8")
    public ResponseData addUser(@RequestHeader String token, @RequestParam String userName, @RequestParam String password, @RequestParam(required = false) String fullName, @RequestParam(required = false) String remark){

        throw new SysException("功能未实现！");
    }

@IgnoreToken与Spring的AOP机制

通过@IgnoreToken标记接口是否需要校验令牌，利用Spring框架定义一个通用的切面，轻松实现权限的统一校验。
@IgnoreRule标记接口是否需要进一步校验接口权限。

    @Before("execution(* syslog.controller.*.*(..)) && !@annotation(syslog.IgnoreToken)")
    public void checkToken(JoinPoint jp) throws Throwable {
        ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attributes.getRequest();
        String token = request.getHeader("token");
        //校验令牌
        SessionUtil.checkSession(token);

       //获取切面拦截的方法
        MethodInvocationProceedingJoinPoint methodPoint = (MethodInvocationProceedingJoinPoint)jp;
        Field field = methodPoint.getClass().getDeclaredField("methodInvocation");
        field.setAccessible(true);
        ReflectiveMethodInvocation invocation = (ReflectiveMethodInvocation) field.get(methodPoint);
        Method method = invocation.getMethod();

        //校验接口权限
        IgnoreRule ignoreRule = method.getDeclaredAnnotation(IgnoreRule.class);
        if (ignoreRule != null)
            return;
        String className = jp.getTarget().getClass().getName();
        String methodName = method.getName();
        String ruleName = className + "." + methodName;
        sysService.checkRule(token, ruleName);
    }