- 后端：User 模块，接入统一的 OAuth2 服务

2019-05-17 00:35:42 +08:00 · 2019-05-17 00:35:42 +08:00 · 68027b9f16
commit 68027b9f16
parent be94f29791
28 changed files with 229 additions and 178 deletions
--- a/docs/guides/功能列表/功能列表-管理后台.md
+++ b/docs/guides/功能列表/功能列表-管理后台.md
@ -14,11 +14,11 @@
    - [x] 发布商品
    - [x] 商品列表
    - [x] 展示类目
-    - [ ] 品牌管理【待认领】
+    - [ ] 品牌管理【开发中 @黑子】
 - [ ] 订单管理
    - [ ] 销售单 开发中
    - [ ] 售后单 开发中
-    - [ ] 订单评价【开发中】
+    - [ ] 订单评价【开发中 @wang171776704】
 - [ ] 会员管理
    - [ ] 会员资料 20%【待认领】
    - TODO 需要补充
@ -33,8 +33,10 @@
 - [ ] 系统管理
    - [x] 员工管理
    - [x] 角色管理 <!--【前端页面需要细化下】-->
-    - [ ] 权限管理
-    - [ ] 短信管理
+    - [x] 权限管理 <!--【前端页面需要细化下】-->
+    - [ ] 部门管理【待认领】
+    - [x] 数据字典
+    - [ ] 短信管理【开发中 @小范】
        - [ ] 短信模板
        - [ ] 发送日志
    - [ ] 员工操作日志
--- a/mobile-web/src/page/account/phonelogin.vue
+++ b/mobile-web/src/page/account/phonelogin.vue
@ -69,7 +69,7 @@ export default {
      let that = this;
      let response = doPassportMobileRegister(this.mobile, this.code);
      response.then(data => {
-        setLoginToken(data.accessToken, data.refreshToken);
+        setLoginToken(data.token.accessToken, data.token.refreshToken);
        Dialog.alert({
          title: '系统提示',
          message: '登陆成功',
--- a/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/AdminService.java
+++ b/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/AdminService.java
@ -17,7 +17,7 @@ import java.util.Map;
 public interface AdminService {

    /**
-     * 用户认证。认证成功后，返回认证信息
+     * 管理员认证。认证成功后，返回认证信息
     *
     * 实际上，就是用户名 + 密码登陆
     *
--- a/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/OAuth2Service.java
+++ b/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/OAuth2Service.java
@ -20,6 +20,8 @@ public interface OAuth2Service {

    // TODO @see 刷新 token

+    void removeToken(Integer userId); // TODO 需要优化
+
    /**
     * 通过 accessToken 获得身份信息
     *
--- a/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/bo/oauth2/OAuth2AuthenticationBO.java
+++ b/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/bo/oauth2/OAuth2AuthenticationBO.java
@ -5,10 +5,12 @@ import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import lombok.experimental.Accessors;

+import java.io.Serializable;
+
@ApiModel("OAUTH2 认证 BO")
@Data
@Accessors(chain = true)
-public class OAuth2AuthenticationBO {
+public class OAuth2AuthenticationBO implements Serializable {

    @ApiModelProperty(value = "用户编号", required = true, example = "1")
    private Integer userId;
--- a/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/dto/oauth2/OAuth2CreateTokenDTO.java
+++ b/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/dto/oauth2/OAuth2CreateTokenDTO.java
@ -8,11 +8,12 @@ import lombok.Data;
 import lombok.experimental.Accessors;

 import javax.validation.constraints.NotNull;
+import java.io.Serializable;

@ApiModel("OAuth2 创建 Token DTO")
@Data
@Accessors(chain = true)
-public class OAuth2CreateTokenDTO {
+public class OAuth2CreateTokenDTO implements Serializable {

    @ApiModelProperty(value = "用户编号", required = true, example = "1")
    @NotNull(message = "用户编号不能为空")
--- a/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/dto/oauth2/OAuth2GetTokenDTO.java
+++ b/system/system-service-api/src/main/java/cn/iocoder/mall/admin/api/dto/oauth2/OAuth2GetTokenDTO.java
@ -9,11 +9,12 @@ import lombok.experimental.Accessors;

 import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
+import java.io.Serializable;

@ApiModel("OAuth2 身份验证 DTO")
@Data
@Accessors(chain = true)
-public class OAuth2GetTokenDTO {
+public class OAuth2GetTokenDTO implements Serializable {

    @ApiModelProperty(value = "accessToken", required = true, example = "001e8f49b20e47f7b3a2de774497cd50")
    @NotEmpty(message = "accessToken 不能为空")
--- a/system/system-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
+++ b/system/system-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
@ -64,6 +64,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
     *
     * @param adminId 管理员编号
     */
+    @Override
    @Transactional
    public void removeToken(Integer adminId) {
        // 设置 access token 失效
--- a/system/system-service-impl/src/main/java/cn/iocoder/mall/admin/service/SmsYunPianPlatform.java
+++ b/system/system-service-impl/src/main/java/cn/iocoder/mall/admin/service/SmsYunPianPlatform.java
@ -1,9 +1,9 @@
 package cn.iocoder.mall.admin.service;

+import cn.iocoder.common.framework.exception.ServiceException;
 import cn.iocoder.mall.admin.api.SmsPlatform;
 import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
 import cn.iocoder.mall.admin.api.constant.SmsApplyStatusEnum;
-import cn.iocoder.mall.admin.api.exception.SmsFailException;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
@ -104,7 +104,7 @@ public class SmsYunPianPlatform implements SmsPlatform {
        String result = post(URL_SIGN_ADD, params);
        JSONObject jsonObject = JSON.parseObject(result);
        if (!(jsonObject.getInteger("code") == SUCCESS_CODE)) {
-            throw new SmsFailException(AdminErrorCodeEnum.SMS_SIGN_ADD_FAIL.getCode(),
+            throw new ServiceException(AdminErrorCodeEnum.SMS_SIGN_ADD_FAIL.getCode(),
                    AdminErrorCodeEnum.SMS_SIGN_ADD_FAIL.getMessage());
        }

@ -124,13 +124,13 @@ public class SmsYunPianPlatform implements SmsPlatform {
        JSONObject jsonObject = JSON.parseObject(result);

        if (!(jsonObject.getInteger("code") == SUCCESS_CODE)) {
-            throw new SmsFailException(AdminErrorCodeEnum.SMS_SIGN_ADD_FAIL.getCode(),
+            throw new ServiceException(AdminErrorCodeEnum.SMS_SIGN_ADD_FAIL.getCode(),
                    AdminErrorCodeEnum.SMS_SIGN_ADD_FAIL.getMessage());
        }

        JSONArray jsonArray = jsonObject.getJSONArray("sign");
        if (jsonArray.size() <= 0) {
-            throw new SmsFailException(AdminErrorCodeEnum.SMS_SIGN_NOT_EXISTENT.getCode(),
+            throw new ServiceException(AdminErrorCodeEnum.SMS_SIGN_NOT_EXISTENT.getCode(),
                    AdminErrorCodeEnum.SMS_SIGN_NOT_EXISTENT.getMessage());
        }

@ -151,7 +151,7 @@ public class SmsYunPianPlatform implements SmsPlatform {
        JSONObject jsonObject = JSON.parseObject(result);

        if (!(jsonObject.getInteger("code") == SUCCESS_CODE)) {
-            throw new SmsFailException(AdminErrorCodeEnum.SMS_SIGN_UPDATE_FAIL.getCode(),
+            throw new ServiceException(AdminErrorCodeEnum.SMS_SIGN_UPDATE_FAIL.getCode(),
                    AdminErrorCodeEnum.SMS_SIGN_UPDATE_FAIL.getMessage());
        }

--- a/user/user-application/src/main/java/cn/iocoder/mall/user/application/controller/users/PassportController.java
+++ b/user/user-application/src/main/java/cn/iocoder/mall/user/application/controller/users/PassportController.java
@ -5,13 +5,13 @@ import cn.iocoder.mall.user.api.MobileCodeService;
 import cn.iocoder.mall.user.api.OAuth2Service;
 import cn.iocoder.mall.user.api.UserService;
 import cn.iocoder.mall.user.api.bo.OAuth2AccessTokenBO;
+import cn.iocoder.mall.user.api.bo.user.UserAuthenticationBO;
+import cn.iocoder.mall.user.api.dto.user.UserAuthenticationByMobileCodeDTO;
 import cn.iocoder.mall.user.application.convert.PassportConvert;
 import cn.iocoder.mall.user.application.vo.users.UsersAccessTokenVO;
-import cn.iocoder.mall.user.application.vo.users.UsersMobileRegisterVO;
 import cn.iocoder.mall.user.sdk.annotation.PermitAll;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
-import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import org.apache.dubbo.config.annotation.Reference;
 import org.springframework.web.bind.annotation.PostMapping;
@ -43,14 +43,8 @@ public class PassportController {
    @PermitAll
    @PostMapping("/mobile/register")
    @ApiOperation(value = "手机号 + 验证码登陆（注册）", notes = "如果手机对应的账号不存在，则会自动创建")
-    @ApiImplicitParams({
-            @ApiImplicitParam(name = "mobile", value = "手机号", required = true, example = "15601691300"),
-            @ApiImplicitParam(name = "code", value = "验证码", required = true, example = "9999")
-    })
-    public CommonResult<UsersMobileRegisterVO> mobileRegister(@RequestParam("mobile") String mobile,
-                                                              @RequestParam("code") String code) {
-        OAuth2AccessTokenBO result = oauth2Service.getAccessToken(mobile, code);
-        return success(PassportConvert.INSTANCE.convert(result));
+    public CommonResult<UserAuthenticationBO> mobileRegister(UserAuthenticationByMobileCodeDTO userAuthenticationByMobileCodeDTO) {
+        return success(userService.authenticationByMobileCode(userAuthenticationByMobileCodeDTO));
    }

    @PermitAll
--- a/user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/context/UserSecurityContext.java
+++ b/user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/context/UserSecurityContext.java
@ -1,18 +1,18 @@
 package cn.iocoder.mall.user.sdk.context;

+import lombok.Data;
+import lombok.experimental.Accessors;
+
 /**
 * User Security 上下文
 */
+@Data
+@Accessors(chain = true)
 public class UserSecurityContext {

-    private final Integer userId;
+    /**
+     * 用户编号
+     */
+    private Integer userId;

-    public UserSecurityContext(Integer userId) {
-        this.userId = userId;
-    }
-
-    public Integer getUserId() {
-        return userId;
-    }
-
-}
+}
--- a/user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/context/UserSecurityContextHolder.java
+++ b/user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/context/UserSecurityContextHolder.java
@ -17,7 +17,7 @@ public class UserSecurityContextHolder {
        UserSecurityContext ctx = SECURITY_CONTEXT.get();
        // 为空时，设置一个空的进去
        if (ctx == null) {
-            ctx = new UserSecurityContext(null);
+            ctx = new UserSecurityContext();
            SECURITY_CONTEXT.set(ctx);
        }
        return ctx;
--- a/user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/interceptor/UserSecurityInterceptor.java
+++ b/user/user-sdk/src/main/java/cn/iocoder/mall/user/sdk/interceptor/UserSecurityInterceptor.java
@ -1,11 +1,14 @@
 package cn.iocoder.mall.user.sdk.interceptor;

-import cn.iocoder.common.framework.constant.MallConstants;
+import cn.iocoder.common.framework.constant.UserTypeEnum;
 import cn.iocoder.common.framework.exception.ServiceException;
 import cn.iocoder.common.framework.util.HttpUtil;
 import cn.iocoder.common.framework.util.MallUtil;
-import cn.iocoder.mall.user.api.OAuth2Service;
-import cn.iocoder.mall.user.api.bo.OAuth2AuthenticationBO;
+import cn.iocoder.common.framework.util.StringUtil;
+import cn.iocoder.mall.admin.api.OAuth2Service;
+import cn.iocoder.mall.admin.api.bo.oauth2.OAuth2AuthenticationBO;
+import cn.iocoder.mall.admin.api.constant.AdminErrorCodeEnum;
+import cn.iocoder.mall.admin.api.dto.oauth2.OAuth2GetTokenDTO;
 import cn.iocoder.mall.user.sdk.annotation.PermitAll;
 import cn.iocoder.mall.user.sdk.context.UserSecurityContext;
 import cn.iocoder.mall.user.sdk.context.UserSecurityContextHolder;
@ -18,40 +21,55 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 /**
- * 安全拦截器
+ * User 安全拦截器
 */
@Component
 public class UserSecurityInterceptor extends HandlerInterceptorAdapter {

-    @Reference(validation = "true", version = "${dubbo.provider.OAuth2Service.version:1.0.0}")
+    @Reference(validation = "true", version = "${dubbo.consumer.OAuth2Service.version:1.0.0}")
    private OAuth2Service oauth2Service;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        // 设置当前访问的用户类型。注意，即使未登陆，我们也认为是用户
-        MallUtil.setUserType(request, MallConstants.USER_TYPE_USER);
-        // 校验访问令牌是否正确。若正确，返回授权信息
+        MallUtil.setUserType(request, UserTypeEnum.USER.getValue());
+
+        // 根据 accessToken 获得认证信息，判断是谁
        String accessToken = HttpUtil.obtainAuthorization(request);
        OAuth2AuthenticationBO authentication = null;
-        if (accessToken != null) {
-            authentication = oauth2Service.checkToken(accessToken); // TODO 芋艿，如果访问的地址无需登录，这里也不用抛异常
-            // 添加到 SecurityContext
-            UserSecurityContext context = new UserSecurityContext(authentication.getUserId());
-            UserSecurityContextHolder.setContext(context);
-            // 同时也记录管理员编号到 AdminAccessLogInterceptor 中。因为：
-            // AdminAccessLogInterceptor 需要在 AdminSecurityInterceptor 之前执行，这样记录的访问日志才健全
-            // AdminSecurityInterceptor 执行后，会移除 AdminSecurityContext 信息，这就导致 AdminAccessLogInterceptor 无法获得管理员编号
-            // 因此，这里需要进行记录
-            if (authentication.getUserId() != null) {
-                MallUtil.setUserId(request, authentication.getUserId());
+        ServiceException serviceException = null;
+        if (StringUtil.hasText(accessToken)) {
+            try {
+                authentication = oauth2Service.getAuthentication(new OAuth2GetTokenDTO().setAccessToken(accessToken)
+                        .setUserType(UserTypeEnum.USER.getValue()));
+            } catch (ServiceException e) {
+                serviceException = e;
            }
        }
-        // 校验是否需要已授权
+
+        // 进行鉴权
        HandlerMethod method = (HandlerMethod) handler;
        boolean isPermitAll = method.hasMethodAnnotation(PermitAll.class);
-        if (!isPermitAll && authentication == null) {
-            throw new ServiceException(-1, "未授权"); // TODO 这里要改下
+        if (!isPermitAll) { // 如果需要鉴权
+            if (serviceException != null) { // 认证失败，抛出上面认证失败的 ServiceException 异常
+                throw serviceException;
+            }
+            if (authentication == null) { // 无认证信息，抛出未登陆 ServiceException 异常
+                throw new ServiceException(AdminErrorCodeEnum.OAUTH2_NOT_LOGIN.getCode(), AdminErrorCodeEnum.OAUTH2_NOT_LOGIN.getMessage());
+            }
+            // TODO 芋艿，后续拓展读取用户信息
        }
+
+        // 鉴权完成，初始化 AdminSecurityContext 上下文
+        UserSecurityContext context = new UserSecurityContext();
+        UserSecurityContextHolder.setContext(context);
+        if (authentication != null) {
+            context.setUserId(authentication.getUserId());
+            MallUtil.setUserId(request, authentication.getUserId()); // 记录到 request 中，避免 AdminSecurityContext 后续清理掉后，其它地方需要用到 userId
+            // TODO 芋艿，后续拓展读取用户信息
+        }
+
+        // 返回成功
        return super.preHandle(request, response, handler);
    }

--- a/user/user-service-api/pom.xml
+++ b/user/user-service-api/pom.xml
@ -17,6 +17,11 @@
            <artifactId>common-framework</artifactId>
            <version>1.0-SNAPSHOT</version>
        </dependency>
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>system-service-api</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>

        <!-- 工具类相关 -->
        <dependency>
--- a/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/OAuth2Service.java
+++ b/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/OAuth2Service.java
@ -4,10 +4,9 @@ package cn.iocoder.mall.user.api;
 import cn.iocoder.mall.user.api.bo.OAuth2AccessTokenBO;
 import cn.iocoder.mall.user.api.bo.OAuth2AuthenticationBO;

+@Deprecated
 public interface OAuth2Service {

-    OAuth2AccessTokenBO getAccessToken(String mobile, String code);
-
    /**
     * 校验访问令牌，获取身份信息( 不包括 accessToken 等等 )
     *
--- a/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/UserAccessLogService.java
+++ b/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/UserAccessLogService.java
@ -2,6 +2,7 @@ package cn.iocoder.mall.user.api;

 import cn.iocoder.mall.user.api.dto.UserAccessLogAddDTO;

+@Deprecated
 public interface UserAccessLogService {

    void addUserAccessLog(UserAccessLogAddDTO userAccessLogAddDTO);
--- a/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/UserService.java
+++ b/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/UserService.java
@ -2,13 +2,17 @@ package cn.iocoder.mall.user.api;

 import cn.iocoder.common.framework.constant.CommonStatusEnum;
 import cn.iocoder.common.framework.validator.InEnum;
+import cn.iocoder.mall.user.api.bo.user.UserAuthenticationBO;
 import cn.iocoder.mall.user.api.bo.UserBO;
 import cn.iocoder.mall.user.api.bo.UserPageBO;
 import cn.iocoder.mall.user.api.dto.UserPageDTO;
 import cn.iocoder.mall.user.api.dto.UserUpdateDTO;
+import cn.iocoder.mall.user.api.dto.user.UserAuthenticationByMobileCodeDTO;

 public interface UserService {

+    UserAuthenticationBO authenticationByMobileCode(UserAuthenticationByMobileCodeDTO userAuthenticationByMobileCodeDTO);
+
    UserPageBO getUserPage(UserPageDTO userPageDTO);

    UserBO getUser(Integer userId);
--- a/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/bo/user/UserAuthenticationBO.java
+++ b/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/bo/user/UserAuthenticationBO.java
@ -0,0 +1,22 @@
+package cn.iocoder.mall.user.api.bo.user;
+
+import cn.iocoder.mall.admin.api.bo.oauth2.OAuth2AccessTokenBO;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+@ApiModel("用户认证 BO")
+@Data
+@Accessors(chain = true)
+public class UserAuthenticationBO {
+
+    @ApiModelProperty(value = "用户编号", required = true, example = "1")
+    private Integer id;
+
+    @ApiModelProperty(value = "昵称", required = true, example = "小王")
+    private String nickname;
+
+    private OAuth2AccessTokenBO token;
+
+}
--- a/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/dto/user/UserAuthenticationByMobileCodeDTO.java
+++ b/user/user-service-api/src/main/java/cn/iocoder/mall/user/api/dto/user/UserAuthenticationByMobileCodeDTO.java
@ -0,0 +1,29 @@
+package cn.iocoder.mall.user.api.dto.user;
+
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.experimental.Accessors;
+import org.hibernate.validator.constraints.Length;
+
+import javax.validation.constraints.NotEmpty;
+import javax.validation.constraints.Pattern;
+
+@ApiModel("用户认证 DTO")
+@Data
+@Accessors(chain = true)
+public class UserAuthenticationByMobileCodeDTO {
+
+    @ApiModelProperty(value = "手机号", required = true, example = "15601691300")
+    @NotEmpty(message = "手机号不能为空")
+    @Length(min = 11, max = 11, message = "账号长度为 11 位")
+    @Pattern(regexp = "^[0-9]+$", message = "手机号必须都是数字")
+    private String mobile;
+
+    @ApiModelProperty(value = "手机验证码", required = true, example = "1024")
+    @NotEmpty(message = "手机验证码不能为空")
+    @Length(min = 4, max = 6, message = "手机验证码长度为 4-6 位")
+    @Pattern(regexp = "^[0-9]+$", message = "手机验证码必须都是数字")
+    private String code;
+
+}
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/convert/UserConvert.java
+++ b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/convert/UserConvert.java
@ -1,8 +1,9 @@
 package cn.iocoder.mall.user.biz.convert;

-import cn.iocoder.mall.user.biz.dataobject.UserDO;
+import cn.iocoder.mall.user.api.bo.user.UserAuthenticationBO;
 import cn.iocoder.mall.user.api.bo.UserBO;
 import cn.iocoder.mall.user.api.dto.UserUpdateDTO;
+import cn.iocoder.mall.user.biz.dataobject.UserDO;
 import org.mapstruct.Mapper;
 import org.mapstruct.Mappings;
 import org.mapstruct.factory.Mappers;
@ -17,10 +18,13 @@ public interface UserConvert {
    @Mappings({})
    UserBO convert(UserDO userDO);

+    @Mappings({})
+    UserAuthenticationBO convert2(UserDO userDO);
+
    @Mappings({})
    UserDO convert(UserUpdateDTO userUpdateDTO);

    @Mappings({})
    List<UserBO> convert(List<UserDO> userDOs);

-}
+}
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dao/MobileCodeMapper.java
+++ b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dao/MobileCodeMapper.java
@ -1,19 +1,12 @@
 package cn.iocoder.mall.user.biz.dao;

 import cn.iocoder.mall.user.biz.dataobject.MobileCodeDO;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
 import org.springframework.stereotype.Repository;

@Repository // 实际不加也没问entity，就是不想 IDEA 那看到有个报错
-public interface MobileCodeMapper {
-
-    void insert(MobileCodeDO entity);
-
-    /**
-     * 更新手机验证码
-     *
-     * @param entity 更新信息
-     */
-    void update(MobileCodeDO entity);
+public interface MobileCodeMapper extends BaseMapper<MobileCodeDO> {

    /**
     * 获得手机号的最后一个手机验证码
@ -21,6 +14,12 @@ public interface MobileCodeMapper {
     * @param mobile 手机号
     * @return 手机验证码
     */
-    MobileCodeDO selectLast1ByMobile(String mobile);
+    default MobileCodeDO selectLast1ByMobile(String mobile) {
+        QueryWrapper<MobileCodeDO> query = new QueryWrapper<MobileCodeDO>()
+                .eq("mobile", mobile)
+                .orderByDesc("id")
+                .last("limit 1");
+        return selectOne(query);
+    }

-}
+}
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/MobileCodeDO.java
+++ b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/MobileCodeDO.java
@ -1,14 +1,17 @@
 package cn.iocoder.mall.user.biz.dataobject;

+import cn.iocoder.common.framework.dataobject.BaseDO;
+import com.baomidou.mybatisplus.annotation.TableName;
 import lombok.Data;
 import lombok.experimental.Accessors;

 import java.util.Date;

 // TODO 优化，IP
+@TableName("mobile_code")
@Data
@Accessors(chain = true)
-public class MobileCodeDO {
+public class MobileCodeDO extends BaseDO {

    /**
     * 编号
@ -34,10 +37,6 @@ public class MobileCodeDO {
     * 注册的用户编号
     */
    private Integer usedUserId;
-    /**
-     * 创建时间
-     */
-    private Date createTime;
    /**
     * 使用时间
     */
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/service/MobileCodeServiceImpl.java
+++ b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/service/MobileCodeServiceImpl.java
@ -50,21 +50,21 @@ public class MobileCodeServiceImpl implements MobileCodeService {
     */
    public MobileCodeDO validLastMobileCode(String mobile, String code) {
        // TODO: 2019-04-09 Sin 暂时先忽略掉验证码校验
-        return new MobileCodeDO().setCode(code).setCreateTime(new Date()).setId(1);
-//        MobileCodeDO mobileCodePO = mobileCodeMapper.selectLast1ByMobile(mobile);
-//        if (mobileCodePO == null) { // 若验证码不存在，抛出异常
-//            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_NOT_FOUND.getCode());
-//        }
-//        if (System.currentTimeMillis() - mobileCodePO.getCreateTime().getTime() >= codeExpireTimes) { // 验证码已过期
-//            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_EXPIRED.getCode());
-//        }
-//        if (mobileCodePO.getUsed()) { // 验证码已使用
-//            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_USED.getCode());
-//        }
-//        if (!mobileCodePO.getCode().equals(code)) {
-//            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_NOT_CORRECT.getCode());
-//        }
-//        return mobileCodePO;
+//        return new MobileCodeDO().setCode(code).setCreateTime(new Date()).setId(1);
+        MobileCodeDO mobileCodePO = mobileCodeMapper.selectLast1ByMobile(mobile);
+        if (mobileCodePO == null) { // 若验证码不存在，抛出异常
+            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_NOT_FOUND.getCode());
+        }
+        if (System.currentTimeMillis() - mobileCodePO.getCreateTime().getTime() >= codeExpireTimes) { // 验证码已过期
+            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_EXPIRED.getCode());
+        }
+        if (mobileCodePO.getUsed()) { // 验证码已使用
+            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_USED.getCode());
+        }
+        if (!mobileCodePO.getCode().equals(code)) {
+            throw ServiceExceptionUtil.exception(UserErrorCodeEnum.MOBILE_CODE_NOT_CORRECT.getCode());
+        }
+        return mobileCodePO;
    }

    /**
@ -75,7 +75,7 @@ public class MobileCodeServiceImpl implements MobileCodeService {
     */
    public void useMobileCode(Integer id, Integer userId) {
        MobileCodeDO update = new MobileCodeDO().setId(id).setUsed(true).setUsedUserId(userId).setUsedTime(new Date());
-        mobileCodeMapper.update(update);
+        mobileCodeMapper.updateById(update);
    }

    // TODO 芋艿，后面要返回有效时间
@ -99,7 +99,8 @@ public class MobileCodeServiceImpl implements MobileCodeService {
        MobileCodeDO newMobileCodePO = new MobileCodeDO().setMobile(mobile)
                .setCode("9999") // TODO 芋艿，随机 4 位验证码 or 6 位验证码
                .setTodayIndex(lastMobileCodePO != null ? lastMobileCodePO.getTodayIndex() : 1)
-                .setUsed(false).setCreateTime(new Date());
+                .setUsed(false);
+        newMobileCodePO.setCreateTime(new Date());
        mobileCodeMapper.insert(newMobileCodePO);
        // TODO 发送验证码短信
    }
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/service/OAuth2ServiceImpl.java
+++ b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/service/OAuth2ServiceImpl.java
@ -49,27 +49,6 @@ public class OAuth2ServiceImpl implements OAuth2Service {
    @Autowired
    private OAuth2RefreshTokenMapper oauth2RefreshTokenMapper;

-    @Override
-    @Transactional
-    public OAuth2AccessTokenBO getAccessToken(String mobile, String code) {
-        // 校验传入的 mobile 和 code 是否合法
-        MobileCodeDO mobileCodeDO = mobileCodeService.validLastMobileCode(mobile, code);
-        // 获取用户
-        UserDO userDO = userService.getUser(mobile);
-        if (userDO == null) { // 用户不存在，则进行创建用户
-            userDO = userService.createUser(mobile);
-            Assert.notNull(userDO, "创建用户必然成功");
-        }
-        // 创建刷新令牌
-        OAuth2RefreshTokenDO oauth2RefreshTokenDO = createOAuth2RefreshToken(userDO.getId());
-        // 创建访问令牌
-        OAuth2AccessTokenDO oauth2AccessTokenDO = createOAuth2AccessToken(userDO.getId(), oauth2RefreshTokenDO.getId());
-        // 标记已使用
-        mobileCodeService.useMobileCode(mobileCodeDO.getId(), userDO.getId());
-        // 转换返回
-        return OAuth2Convert.INSTANCE.convertToAccessTokenWithExpiresIn(oauth2AccessTokenDO);
-    }
-
    @Override
    public OAuth2AuthenticationBO checkToken(String accessToken) throws ServiceException {
        OAuth2AccessTokenDO accessTokenDO = oauth2AccessTokenMapper.selectByTokenId(accessToken);
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/service/UserServiceImpl.java
+++ b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/service/UserServiceImpl.java
@ -3,20 +3,28 @@ package cn.iocoder.mall.user.biz.service;
 import cn.iocoder.common.framework.constant.CommonStatusEnum;
 import cn.iocoder.common.framework.constant.DeletedStatusEnum;
 import cn.iocoder.common.framework.constant.SysErrorCodeEnum;
+import cn.iocoder.common.framework.constant.UserTypeEnum;
 import cn.iocoder.common.framework.util.ServiceExceptionUtil;
 import cn.iocoder.common.framework.util.ValidationUtil;
+import cn.iocoder.mall.admin.api.OAuth2Service;
+import cn.iocoder.mall.admin.api.bo.oauth2.OAuth2AccessTokenBO;
+import cn.iocoder.mall.admin.api.dto.oauth2.OAuth2CreateTokenDTO;
 import cn.iocoder.mall.user.api.UserService;
+import cn.iocoder.mall.user.api.bo.user.UserAuthenticationBO;
 import cn.iocoder.mall.user.api.bo.UserBO;
 import cn.iocoder.mall.user.api.bo.UserPageBO;
 import cn.iocoder.mall.user.api.constant.UserConstants;
 import cn.iocoder.mall.user.api.constant.UserErrorCodeEnum;
 import cn.iocoder.mall.user.api.dto.UserPageDTO;
 import cn.iocoder.mall.user.api.dto.UserUpdateDTO;
+import cn.iocoder.mall.user.api.dto.user.UserAuthenticationByMobileCodeDTO;
 import cn.iocoder.mall.user.biz.convert.UserConvert;
 import cn.iocoder.mall.user.biz.dao.UserMapper;
 import cn.iocoder.mall.user.biz.dao.UserRegisterMapper;
+import cn.iocoder.mall.user.biz.dataobject.MobileCodeDO;
 import cn.iocoder.mall.user.biz.dataobject.UserDO;
 import cn.iocoder.mall.user.biz.dataobject.UserRegisterDO;
+import org.apache.dubbo.config.annotation.Reference;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@ -35,7 +43,10 @@ public class UserServiceImpl implements UserService {
    @Autowired
    private UserRegisterMapper userRegisterMapper;
    @Autowired
-    private OAuth2ServiceImpl oAuth2Service;
+    private MobileCodeServiceImpl mobileCodeService;
+
+    @Reference(validation = "true", version = "${dubbo.consumer.OAuth2Service.version}")
+    private OAuth2Service oAuth2Service;

    public UserDO getUser(String mobile) {
        return userMapper.selectByMobile(mobile);
@ -67,6 +78,36 @@ public class UserServiceImpl implements UserService {
        userRegisterMapper.insert(userRegisterDO);
    }

+    @Override
+    @Transactional
+    public UserAuthenticationBO authenticationByMobileCode(UserAuthenticationByMobileCodeDTO userAuthenticationByMobileCodeDTO) {
+        String mobile = userAuthenticationByMobileCodeDTO.getMobile();
+        String code = userAuthenticationByMobileCodeDTO.getCode();
+        // 校验手机格式
+        if (!ValidationUtil.isMobile(mobile)) {
+            throw ServiceExceptionUtil.exception(SysErrorCodeEnum.VALIDATION_REQUEST_PARAM_ERROR.getCode(), "手机格式不正确"); // TODO 有点搓
+        }
+        // 校验验证码是否正确
+        MobileCodeDO mobileCodeDO = mobileCodeService.validLastMobileCode(mobile, code);
+        // 获得用户
+        UserDO user = userMapper.selectByMobile(mobile);
+        if (user == null) { // 用户不存在，则进行创建
+            user = new UserDO().setMobile(mobile).setStatus(UserConstants.STATUS_ENABLE);
+            user.setCreateTime(new Date());
+            user.setDeleted(DeletedStatusEnum.DELETED_NO.getValue());
+            userMapper.insert(user);
+            // 插入注册信息 TODO 芋艿 后续完善，记录 ip、ua 等等
+            createUserRegister(user);
+        }
+        // 更新验证码已使用
+        mobileCodeService.useMobileCode(mobileCodeDO.getId(), user.getId());
+        // 创建 accessToken
+        OAuth2AccessTokenBO accessTokenBO = oAuth2Service.createToken(new OAuth2CreateTokenDTO().setUserId(user.getId())
+                .setUserType(UserTypeEnum.USER.getValue()));
+        // 转换返回
+        return UserConvert.INSTANCE.convert2(user).setToken(accessTokenBO);
+    }
+
    @Override
    public UserPageBO getUserPage(UserPageDTO userPageDTO) {
        UserPageBO userPageBO = new UserPageBO();
--- a/user/user-service-impl/src/main/resources/config/application.yaml
+++ b/user/user-service-impl/src/main/resources/config/application.yaml
@ -6,19 +6,17 @@ spring:
    username: root
    password: ${MALL_MYSQL_PASSWORD}

-# mybatis
-#mybatis:
-#  config-location: classpath:mybatis-config.xml
-#  mapper-locations: classpath:mapper/*.xml
-#  type-aliases-package: cn.iocoder.mall.user.biz.dataobject
-
 # mybatis-plus
 mybatis-plus:
  configuration:
-    mapUnderscoreToCamelCase: true # 虽然默认为 true ，但是还是显示去指定下。
+    map-underscore-to-camel-case: true # 虽然默认为 true ，但是还是显示去指定下。
+  global-config:
+    db-config:
+      id-type: auto
+      logic-delete-value: 1 # 逻辑已删除值(默认为 1)
+      logic-not-delete-value: 0 # 逻辑未删除值(默认为 0)
  mapperLocations: classpath*:mapper/*.xml
  typeAliasesPackage: cn.iocoder.mall.user.biz.dataobject
-  config-location: classpath:mybatis-config.xml

 # dubbo
 dubbo:
@ -43,3 +41,6 @@ dubbo:
      version: 1.0.0
    UserService:
      version: 1.0.0
+  consumer:
+    OAuth2Service:
+      version: 1.0.0
--- a/user/user-service-impl/src/main/resources/mapper/MobileCodeMapper.xml
+++ b/user/user-service-impl/src/main/resources/mapper/MobileCodeMapper.xml
@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
-<mapper namespace="cn.iocoder.mall.user.biz.dao.MobileCodeMapper">
-
-    <insert id="insert" parameterType="MobileCodeDO">
-        INSERT INTO mobile_code (
-          id, mobile, code, today_index, used,
-          userd_user_id, used_time, create_time
-        ) VALUES (
-          #{id}, #{mobile}, #{code}, #{todayIndex}, #{used},
-          #{usedUserId}, #{usedTime}, #{createTime}
-        )
-    </insert>
-
-    <update id="update" parameterType="MobileCodeDO">
-        UPDATE mobile_code
-        <set>
-            <if test="used != null"> used = #{used}, </if>
-            <if test="usedUserId != null"> userd_user_id = #{usedUserId}, </if>
-            <if test="usedTime != null"> used_time = #{usedTime}, </if>
-        </set>
-        WHERE id = #{id}
-    </update>
-
-    <select id="selectLast1ByMobile" parameterType="String" resultType="MobileCodeDO">
-      SELECT
-          id, mobile, code, today_index, used,
-          userd_user_id, used_time, create_time
-      FROM mobile_code
-      WHERE mobile = #{mobile}
-      ORDER BY id DESC
-      LIMIT 1
-    </select>
-
-</mapper>
--- a/user/user-service-impl/src/main/resources/mybatis-config.xml
+++ b/user/user-service-impl/src/main/resources/mybatis-config.xml
@ -1,19 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd">
-<configuration>
-
-    <settings>
-        <!-- 使用驼峰命名法转换字段。 -->
-        <setting name="mapUnderscoreToCamelCase" value="true"/>
-    </settings>
-
-    <typeAliases>
-        <typeAlias alias="Integer" type="java.lang.Integer"/>
-        <typeAlias alias="Long" type="java.lang.Long"/>
-        <typeAlias alias="HashMap" type="java.util.HashMap"/>
-        <typeAlias alias="LinkedHashMap" type="java.util.LinkedHashMap"/>
-        <typeAlias alias="ArrayList" type="java.util.ArrayList"/>
-        <typeAlias alias="LinkedList" type="java.util.LinkedList"/>
-    </typeAliases>
-
-</configuration>