Merge branch 'main' of https://git.jsspisoft.com/ry-das

2024-06-21 14:02:16 +08:00 · 2024-06-21 14:02:16 +08:00 · d438bdaf07
commit d438bdaf07
parent 0c90654ee5 f8cbe540ca
16 changed files with 250 additions and 140 deletions
--- a/das/src/main/java/com/das/common/config/AesProperties.java
+++ b/das/src/main/java/com/das/common/config/AesProperties.java
@ -13,11 +13,11 @@ import org.springframework.stereotype.Component;
@Component
@Getter
@Setter
-@ConfigurationProperties(prefix = "aes")
+@ConfigurationProperties(prefix = "das.aes")
 public class AesProperties {
    /**
     * token 请求头
     */
-    private String aeskey;
+    private String key;
 }
--- a/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java
+++ b/das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java
@ -1,46 +1,50 @@
 package com.das.common.interceptor;
 import cn.hutool.core.codec.Base64;
 import cn.hutool.crypto.Mode;
 import cn.hutool.crypto.Padding;
 import cn.hutool.crypto.symmetric.AES;
 import com.das.common.config.AesProperties;
 import com.das.common.utils.AESUtil;
 import com.das.common.utils.AdminRedisTemplate;
 import io.micrometer.common.util.StringUtils;
-import jakarta.annotation.Resource;
+import jakarta.servlet.FilterChain;
 import jakarta.servlet.ReadListener;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.filter.OncePerRequestFilter;
-import jakarta.servlet.*;
+import java.io.BufferedReader;
-import jakarta.servlet.http.HttpServletRequest;
+import java.io.ByteArrayInputStream;
-
+import java.io.IOException;
-import java.io.*;
+import java.io.InputStreamReader;
-import java.nio.charset.Charset;
+import java.util.Optional;
 public class DecryptingOncePerRequestFilter extends OncePerRequestFilter {
    private String aeskey;
    private AdminRedisTemplate adminRedisTemplate;
    public DecryptingOncePerRequestFilter(String aeskey, AdminRedisTemplate adminRedisTemplate) {
        this.aeskey = aeskey;
        this.adminRedisTemplate = adminRedisTemplate;
    }
 //    @Autowired
 //    AESUtil aesUtils;
 //
 //    @Autowired
 //    AesProperties aesProperties;
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        // 读取加密的请求体数据
        String iv = request.getHeader("v");
        // 读取加密的请求体数据
        String encryptedData = readRequestBody(request);
        if (StringUtils.isNotBlank(encryptedData)) {
-            String key = "b6967ee87b86d85a";
+            encryptedData = AESUtil.decrypt(aeskey, encryptedData, iv);
            AES aes = new AES(Mode.CBC, Padding.ZeroPadding, key.getBytes(), iv.getBytes());
            encryptedData = aes.decryptStr(Base64.decode(encryptedData), Charset.forName("UTF-8"));
            // 使用自定义的请求包装器替换原始请求
            filterChain.doFilter(new DecryptingHttpServletRequestWrapper(request, encryptedData), response);
        } else {
            filterChain.doFilter(request, response);
        }
    }
--- a/das/src/main/java/com/das/common/interceptor/FilterConfig.java
+++ b/das/src/main/java/com/das/common/interceptor/FilterConfig.java
@ -2,6 +2,9 @@ package com.das.common.interceptor;
 import com.das.common.config.AesProperties;
 import com.das.common.utils.AdminRedisTemplate;
 import jakarta.annotation.Resource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@ -9,17 +12,24 @@ import org.springframework.context.annotation.Configuration;
 /**
 * @author
 * @Description 请求参数过滤器配置
 */
@Configuration
 public class FilterConfig {
    @Resource
    private AesProperties aesProperties;
    @Resource
    private AdminRedisTemplate adminRedisTemplate;
    @Bean
    public FilterRegistrationBean decryptingFilterRegistration() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        //注册过滤器
-        registrationBean.setFilter(new DecryptingOncePerRequestFilter());
+        registrationBean.setFilter(new DecryptingOncePerRequestFilter(aesProperties.getKey(), adminRedisTemplate));
-        registrationBean.addUrlPatterns("/*"); // 设置过滤器应用的URL模式
+        registrationBean.addUrlPatterns("/api/auth/login"); // 设置过滤器应用的URL模式
-        registrationBean.setOrder(1); // 设置过滤器的顺序
+        registrationBean.setOrder(2); // 设置过滤器的顺序
        return registrationBean;
    }
 }
--- a/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java
+++ b/das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java
@ -0,0 +1,51 @@
 package com.das.common.interceptor;
 import com.das.common.utils.AESUtil;
 import com.das.common.utils.AdminRedisTemplate;
 import io.micrometer.common.util.StringUtils;
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.ReadListener;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.ServletInputStream;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.web.filter.OncePerRequestFilter;
 import java.io.BufferedReader;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStreamReader;
 public class TokenOncePerRequestFilter extends OncePerRequestFilter {
    private String aeskey;
    private AdminRedisTemplate adminRedisTemplate;
    public TokenOncePerRequestFilter(String aeskey, AdminRedisTemplate adminRedisTemplate) {
        this.aeskey = aeskey;
        this.adminRedisTemplate = adminRedisTemplate;
    }
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        String iv = request.getHeader("v");
        // token解密
        String token = request.getHeader("token");
        if (StringUtils.isNotBlank(token)) {
            token = AESUtil.decrypt(aeskey, token, iv);
            if (adminRedisTemplate.exists(token)) {
                filterChain.doFilter(new TokenUpdatingHttpServletRequestWrapper(request, token), response);
            } else {
                throw new RuntimeException("token已失效");
            }
        } else {
            throw new RuntimeException("token为空");
        }
    }
 }
--- a/das/src/main/java/com/das/common/interceptor/TokenUpdatingHttpServletRequestWrapper.java
+++ b/das/src/main/java/com/das/common/interceptor/TokenUpdatingHttpServletRequestWrapper.java
@ -0,0 +1,35 @@
 package com.das.common.interceptor;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.Map;
 public class TokenUpdatingHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String newTokenValue;
    public TokenUpdatingHttpServletRequestWrapper(HttpServletRequest request, String newTokenValue) {
        super(request);
        this.newTokenValue = newTokenValue;
    }
    @Override
    public String getHeader(String name) {
        if ("token".equalsIgnoreCase(name)) {
            return newTokenValue; // 返回新的token值
        }
        return super.getHeader(name); // 对于其他header，委托给父类处理
    }
    @Override
    public Enumeration<String> getHeaders(String name) {
        if ("token".equalsIgnoreCase(name)) {
            return Collections.enumeration(Collections.singletonList(newTokenValue)); // 返回包含新token值的枚举
        }
        return super.getHeaders(name); // 对于其他header，委托给父类处理
    }
 }
--- a/das/src/main/java/com/das/common/interceptor/WebFilterConfig.java
+++ b/das/src/main/java/com/das/common/interceptor/WebFilterConfig.java
@ -0,0 +1,33 @@
 package com.das.common.interceptor;
 import com.das.common.config.AesProperties;
 import com.das.common.utils.AdminRedisTemplate;
 import jakarta.annotation.Resource;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 /**
 * @author
 * @Description token过滤器配置
 */
@Configuration
 public class WebFilterConfig {
    @Resource
    private AesProperties aesProperties;
    @Resource
    private AdminRedisTemplate adminRedisTemplate;
    @Bean
    public FilterRegistrationBean tokenFilterRegistration() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        //注册过滤器
        registrationBean.setFilter(new TokenOncePerRequestFilter(aesProperties.getKey(), adminRedisTemplate));
        registrationBean.addUrlPatterns("/api/auth/logout"); // 设置过滤器应用的URL模式
        registrationBean.setOrder(1); // 设置过滤器的顺序
        return registrationBean;
    }
 }
--- a/das/src/main/java/com/das/common/utils/AESUtil.java
+++ b/das/src/main/java/com/das/common/utils/AESUtil.java
@ -14,7 +14,7 @@ import java.nio.charset.Charset;
 * @author xxx
 * @date 2020-09-16 11:17
 **/
-@Component
+
 public class AESUtil {
    /**
--- a/das/src/main/java/com/das/modules/auth/controller/CaptchaImageController.java
+++ b/das/src/main/java/com/das/modules/auth/controller/CaptchaImageController.java
@ -1,48 +0,0 @@
 package com.das.modules.auth.controller;
 import cn.hutool.core.util.IdUtil;
 import com.das.common.captcha.CaptchaProperties;
 import com.das.common.captcha.CaptchaUtil;
 import com.das.common.captcha.CaptchaVO;
 import com.das.common.result.R;
 import com.das.common.utils.AdminRedisTemplate;
 import com.google.code.kaptcha.Producer;
 import jakarta.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 /**
 * @author chenhaojie
 * @Description 获取验证码
 */
@Slf4j
@RequestMapping("/api/captcha")
@RestController
 public class CaptchaImageController {
    @Resource
    private Producer producer;
    @Resource
    private CaptchaProperties captchaProperties;
     @Value("${aes.Key}")
     String key;
    @Resource
    private AdminRedisTemplate adminRedisTemplate;
    /**
     * 获取验证码
     */
    @PostMapping("/captchaImage")
    public R<CaptchaVO> getCaptcha() {
        String uuid = IdUtil.fastSimpleUUID();
        String imageBase64Str = CaptchaUtil.getImageBase64Str(producer, adminRedisTemplate, captchaProperties, uuid);
        CaptchaVO captchaVO = new CaptchaVO(uuid, imageBase64Str);
        return R.success(captchaVO);
    }
 }
--- a/das/src/main/java/com/das/modules/auth/controller/LoginController.java
+++ b/das/src/main/java/com/das/modules/auth/controller/LoginController.java
@ -1,11 +1,18 @@
 package com.das.modules.auth.controller;
 import cn.hutool.core.util.IdUtil;
 import com.das.common.captcha.CaptchaProperties;
 import com.das.common.captcha.CaptchaUtil;
 import com.das.common.captcha.CaptchaVO;
 import com.das.common.result.R;
 import com.das.common.utils.AdminRedisTemplate;
 import com.das.modules.auth.domain.LoginUserDetails;
 import com.das.modules.auth.domain.request.LoginRequest;
 import com.das.modules.auth.domain.request.RefreshTokenRequest;
 import com.das.modules.auth.domain.vo.LoginVO;
 import com.das.modules.auth.service.ILoginService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.google.code.kaptcha.Producer;
 import io.micrometer.common.util.StringUtils;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
@ -26,9 +33,14 @@ import org.springframework.web.bind.annotation.*;
 public class LoginController {
    @Resource
    private ILoginService loginService;
     @Value("${aes.Key}")
     String key;
    @Resource
    private Producer producer;
    @Resource
    private CaptchaProperties captchaProperties;
    @Resource
    private AdminRedisTemplate adminRedisTemplate;
    /**
     * 登录接口
@ -57,8 +69,17 @@ public class LoginController {
        }
    }
    @PostMapping("/captchaImage")
    public R<CaptchaVO> getCaptcha() {
        String uuid = IdUtil.fastSimpleUUID();
        String imageBase64Str = CaptchaUtil.getImageBase64Str(producer, adminRedisTemplate, captchaProperties, uuid);
        CaptchaVO captchaVO = new CaptchaVO(uuid, imageBase64Str);
        return R.success(captchaVO);
    }
    @PostMapping("/refreshToken")
-    public R<LoginVO> refreshToken(@NotEmpty(message = "刷新token不允许为空") @RequestParam("refreshToken")String refreshToken){
+    public R<LoginVO> refreshToken(@RequestBody RefreshTokenRequest refreshToken){
        LoginVO loginVO  = loginService.refreshToken(refreshToken);
        return R.success(loginVO);
    }
--- a/das/src/main/java/com/das/modules/auth/domain/request/LoginRequest.java
+++ b/das/src/main/java/com/das/modules/auth/domain/request/LoginRequest.java
@ -39,7 +39,7 @@ public class LoginRequest {
     * 验证码唯一标识
     */
    @NotBlank(message = "验证码唯一标识不允许为空")
-    private String uuid;
+    private String key;
 }
--- a/das/src/main/java/com/das/modules/auth/domain/request/RefreshTokenRequest.java
+++ b/das/src/main/java/com/das/modules/auth/domain/request/RefreshTokenRequest.java
@ -0,0 +1,21 @@
 package com.das.modules.auth.domain.request;
 import jakarta.validation.constraints.NotBlank;
 import lombok.Data;
 /**
 * @author chenhaojie
 * @Description
 */
@Data
 public class RefreshTokenRequest {
    /**
     * * 刷新token不允许为空
     */
    @NotBlank(message = "刷新token不允许为空")
    private String refreshToken;
 }
--- a/das/src/main/java/com/das/modules/auth/domain/vo/LoginVO.java
+++ b/das/src/main/java/com/das/modules/auth/domain/vo/LoginVO.java
@ -14,7 +14,7 @@ public class LoginVO implements Serializable {
    private static final long serialVersionUID = 1L;
    /**
-     *
+     * 新token
     */
    private String accessToken;
--- a/das/src/main/java/com/das/modules/auth/service/ILoginService.java
+++ b/das/src/main/java/com/das/modules/auth/service/ILoginService.java
@ -3,6 +3,7 @@ package com.das.modules.auth.service;
 import com.das.modules.auth.domain.LoginUserDetails;
 import com.das.modules.auth.domain.request.LoginRequest;
 import com.das.modules.auth.domain.request.RefreshTokenRequest;
 import com.das.modules.auth.domain.vo.LoginVO;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import jakarta.servlet.http.HttpServletRequest;
@ -18,7 +19,7 @@ public interface ILoginService {
    /**
     * 登录接口
     *
-     * @param data 登录请求
+     * @param loginRequest 登录请求
     * @return 登录成功
     */
    LoginUserDetails login(LoginRequest loginRequest, HttpServletRequest request, HttpServletResponse response) throws JsonProcessingException;
@ -34,5 +35,5 @@ public interface ILoginService {
     * @param refreshToken
     * @return
     */
-    LoginVO refreshToken(String refreshToken);
+    LoginVO refreshToken(RefreshTokenRequest refreshToken);
 }
--- a/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java
+++ b/das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java
@ -7,18 +7,17 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.das.common.captcha.CaptchaUtil;
 import com.das.common.config.SaTokenProperties;
 import com.das.common.exceptions.ServiceException;
 import com.das.common.utils.AESUtil;
 import com.das.common.utils.AdminRedisTemplate;
 import com.das.modules.auth.domain.LoginUserDetails;
 import com.das.modules.auth.domain.request.LoginRequest;
 import com.das.modules.auth.domain.request.RefreshTokenRequest;
 import com.das.modules.auth.domain.vo.LoginVO;
 import com.das.modules.auth.domain.vo.SysUserVo;
 import com.das.modules.auth.entity.SysUser;
 import com.das.modules.auth.mapper.SysUserMapper;
 import com.das.modules.auth.service.ILoginService;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@ -43,10 +42,8 @@ public class LoginServiceImpl implements ILoginService {
    @Autowired
    private AdminRedisTemplate adminRedisTemplate;
    @Resource
    private AESUtil aesUtil;
-    @Value("${aes.Key}")
+    @Value("${das.aes.key}")
    private String key;
@ -60,7 +57,7 @@ public class LoginServiceImpl implements ILoginService {
        String name = loginRequest.getUsername();
        String password = loginRequest.getPassword();
        String code = loginRequest.getCode();
-        String uuid = loginRequest.getUuid();
+        String key = loginRequest.getKey();
        LoginUserDetails loginInfo = new LoginUserDetails();
        LambdaQueryWrapper<SysUser> wrapper = Wrappers.lambdaQuery();
@ -70,17 +67,17 @@ public class LoginServiceImpl implements ILoginService {
            loginInfo.setMsg("无账号信息");
            return loginInfo;
        }
-        if (!CaptchaUtil.checkVerificationCode(uuid, code, adminRedisTemplate)) {
+//        if (!CaptchaUtil.checkVerificationCode(key, code, adminRedisTemplate)) {
-            loginInfo.setMsg("验证码不正确");
+//            loginInfo.setMsg("验证码不正确");
-            return loginInfo;
+//            return loginInfo;
-        }
+//        }
        if (!BCrypt.checkpw(password, sysUser.getPassword())) {
            loginInfo.setMsg("账号密码错误");
            return loginInfo;
        }
        StpUtil.login(sysUser.getAccount());// 执行登录，这里username为用户唯一标识
        String refreshTokenUuid = IdUtil.fastSimpleUUID();
-        String token = StpUtil.getTokenValue();
+        String token = StpUtil.getTokenValue().replace("-", "");
        String refreshToken = "refresh:" + refreshTokenUuid;
        SysUserVo sysUserVo = new SysUserVo();
@ -92,7 +89,7 @@ public class LoginServiceImpl implements ILoginService {
        sysUserVo.setOrgId(sysUser.getOrgId());
        loginInfo.setSysUser(sysUserVo); // 存储用户信息到会话
-        loginInfo.setToken(StpUtil.getTokenValue());
+        loginInfo.setToken(token);
        loginInfo.setRefreshToken(refreshTokenUuid);
        adminRedisTemplate.setEx(token, loginInfo, Duration.ofSeconds(saTokenProperties.getExpireTime()));
        adminRedisTemplate.setEx(refreshToken, loginInfo, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime()));
@ -102,24 +99,22 @@ public class LoginServiceImpl implements ILoginService {
    @Override
    public boolean logout(HttpServletRequest request) {
        String iv = request.getHeader("v");
        String token = request.getHeader("token");
-        System.out.println("iv:" + iv);
+        adminRedisTemplate.del(token);
        token = aesUtil.decrypt(key, token, iv);
        StpUtil.logoutByTokenValue(token);
        return true;
    }
    @Override
-    public LoginVO refreshToken(String refreshToken) {
+    public LoginVO refreshToken(RefreshTokenRequest refreshToken) {
-        LoginUserDetails loginUserDetails = adminRedisTemplate.get(refreshToken);
+        LoginUserDetails loginUserDetails = adminRedisTemplate.get(refreshToken.getRefreshToken());
        LoginVO loginInfo = new LoginVO();
        if (loginUserDetails == null) {
            loginInfo.setMsg("token过期，请重新登录");
            return loginInfo;
        }
        StpUtil.login(loginUserDetails.getSysUser().getAccount());// 执行登录，这里username为用户唯一标识
-        String newToken = StpUtil.getTokenValue();
+        String newToken = StpUtil.getTokenValue().replace("-", "");;
        String newRefreshTokenUuid = IdUtil.fastSimpleUUID();
        String newRefreshToken = "refresh:" + newRefreshTokenUuid;
        loginInfo.setAccessToken(newToken);
@ -129,7 +124,7 @@ public class LoginServiceImpl implements ILoginService {
        String oldRefreshToken = loginUserDetails.getRefreshToken();
        adminRedisTemplate.setEx(newToken, loginUserDetails, Duration.ofSeconds(saTokenProperties.getExpireTime()));
-        adminRedisTemplate.setEx(refreshToken, loginUserDetails, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime()));
+        adminRedisTemplate.setEx(newRefreshToken, loginUserDetails, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime()));
        // 删除原有刷新token
        adminRedisTemplate.del("refresh:" + oldRefreshToken);
--- a/das/src/main/resources/application.yml
+++ b/das/src/main/resources/application.yml
@ -91,5 +91,6 @@ captcha:
  verify-type: calculate
  expire: 120
-aes:
+das:
-  Key: b6967ee87b86d85a
+  aes:
    key: b6967ee87b86d85a
--- a/docs/api/api_list.md
+++ b/docs/api/api_list.md
@ -14,7 +14,7 @@
 | 参数名称 | 说明     |   备注  |
 | -------- | -------- | --- |
-| Token    | 令牌     |   需要鉴权的API 才需要添加此参数  |
+| token    | 令牌     |   需要鉴权的API 才需要添加此参数  |
 | V        | 加密向量 |  必须添加   |
 加密采用AES/CBC/ZeroPadding加密方式，密钥长度为16位。，IV长度为16位（每次请求时随机生成）。
@ -25,13 +25,13 @@
 | 接口分类  | 接口描述 | API接口                     | 权限              |
 |:-----:| :------- |:--------------------------|-----------------|
-| 获取验证码 | 获取验证码 | /api/captchaImage         |                 |
+| 获取验证码 | 获取验证码 | /api/auth/captchaImage         |                 |
 | 系统登录  | 系统登录 | /api/auth/login           | /XXXX/XXX/XXX/X |
-| 系统登录  | 退出登录 | /api/auth/revoke          |                 |
+| 系统登录  | 退出登录 | /api/auth/logout          |                 |
 | 系统登录  | 修改密码 | /api/auth/password/change |                 |
 ## 验证码获取
-> /api/captchaImage
+> /api/auth/captchaImage
 入参示例
@ -44,9 +44,9 @@
  "code": 200,
  "msg": "操作成功",
  "data": {
-        "img": "",
+    "img": "",
-        "uuid": "9007a0158f7c4635b4e6e577de7406e0"
+    "key": "9007a0158f7c4635b4e6e577de7406e0"
-        }
+  }
 }
 ```
 调用成功返回描述
@ -54,13 +54,13 @@
 | 变量名               | 变量类型   | 可为NULL | 描述         |
 | -------------------- |--------| -------- |------------|
 | img                | String | No       | 图片base64编码 |
-| uuid                | String | No       | 验证码唯一标志    |
+| key                | String | No       | 验证码唯一标志    |
 ## 系统登录
 使用用户名和密码，验证码和验证码的唯一标识登录系统，POST请求
-> /api/auth/invoke
+> /api/auth/login
 入参示例
@ -69,7 +69,7 @@
  "userName":"xx",
  "password":"xxx",
  "code":"xxx",
-  "uuid":"xxx"
+  "key":"xxx"
 }
 ```
@ -80,7 +80,7 @@
 | userName | String   | no   | 用户名  |
 | password | String   | no   | 用户密码 |
 | code | String   | no   | 验证码  |
-| uuid | String   | no   | 唯一标志 |
+| key | String   | no   | 唯一标志 |
 调用成功返回示例
@ -98,29 +98,15 @@
 | 变量名               | 变量类型   | 可为NULL | 描述                       |
 | -------------------- |--------| -------- | -------------------------- |
-| token                | String | No       | 令牌值                     |
+| token                | String | No       | 令牌(未加密)                     |
 ## 退出登录
 注销令牌退出登录，POST请求
-> /api/auth/revoke
+> /api/auth/logout
-入参示例
+无入参
 ```json
 {
  "userName":"xx",
  "token":"xxx"
 }
 ```
 入参描述
 | 参数名   | 参数类型 | 可选 | 描述   |
 | -------- | -------- | ---- | ------ |
 | userName | String   | no   | 用户名 |
 | token    | String   | no   | token  |
 调用成功返回示例
@ -136,16 +122,15 @@
 修改登录密码，POST请求
-api/auth/password/change
+> api/auth/password/change
 入参示例
-```
+```json
 {
-"userName":"xx",
+  "userName":"xx",
-"oldPassword":"xx",
+  "oldPassword":"xx",
-"newPassword":"xxx",
+  "newPassword":"xxx",
 "token":"xxx"
 }
 ```
@ -156,18 +141,19 @@ api/auth/password/change
 | oldPassword | String   | NO   | 旧密码 |
 | newPassword | String   | NO   | 新密码 |
 | userName    | String   | NO   | 用户名 |
 | token       | String   | NO   | token  |
 调用成功返回示例
 ```json
 {
-"code":"200",
+  "code":"200",
-"msg":"修改成功",
+  "msg":"修改成功",
-"data":"null"
+  "data":"null"
 }
 ```
 !> 下面的文档有待确认
 # 公司机构模块API接口
 组织机构模块提供的API包括机构查询、添加、修改等功能。