Merge branch 'main' of https://git.jsspisoft.com/ry-das

das/src/main/java/com/das/common/config/AesProperties.java

@@ -13,11 +13,11 @@ import org.springframework.stereotype.Component;
 @Component
 @Getter
 @Setter
-@ConfigurationProperties(prefix = "aes")
+@ConfigurationProperties(prefix = "das.aes")
 public class AesProperties {
 
     /**
      * token 请求头
      */
-    private String aeskey;
+    private String key;
 }

das/src/main/java/com/das/common/interceptor/DecryptingOncePerRequestFilter.java

@@ -1,46 +1,50 @@
 package com.das.common.interceptor;
 
 
-import cn.hutool.core.codec.Base64;
-import cn.hutool.crypto.Mode;
-import cn.hutool.crypto.Padding;
-import cn.hutool.crypto.symmetric.AES;
-import com.das.common.config.AesProperties;
 import com.das.common.utils.AESUtil;
+import com.das.common.utils.AdminRedisTemplate;
 import io.micrometer.common.util.StringUtils;
-import jakarta.annotation.Resource;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletRequestWrapper;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import jakarta.servlet.*;
-import jakarta.servlet.http.HttpServletRequest;
-
-import java.io.*;
-import java.nio.charset.Charset;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.Optional;
 
 public class DecryptingOncePerRequestFilter extends OncePerRequestFilter {
+    private String aeskey;
+
+    private AdminRedisTemplate adminRedisTemplate;
+    public DecryptingOncePerRequestFilter(String aeskey, AdminRedisTemplate adminRedisTemplate) {
+        this.aeskey = aeskey;
+        this.adminRedisTemplate = adminRedisTemplate;
+    }
 
-//    @Autowired
-//    AESUtil aesUtils;
-//
-//    @Autowired
-//    AesProperties aesProperties;
 
     @Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
             throws ServletException, IOException {
-        // 读取加密的请求体数据
         String iv = request.getHeader("v");
+
+
+        // 读取加密的请求体数据
         String encryptedData = readRequestBody(request);
         if (StringUtils.isNotBlank(encryptedData)) {
-            String key = "b6967ee87b86d85a";
-            AES aes = new AES(Mode.CBC, Padding.ZeroPadding, key.getBytes(), iv.getBytes());
-            encryptedData = aes.decryptStr(Base64.decode(encryptedData), Charset.forName("UTF-8"));
+            encryptedData = AESUtil.decrypt(aeskey, encryptedData, iv);
 
             // 使用自定义的请求包装器替换原始请求
             filterChain.doFilter(new DecryptingHttpServletRequestWrapper(request, encryptedData), response);
+        } else {
+            filterChain.doFilter(request, response);
         }
 
     }

das/src/main/java/com/das/common/interceptor/FilterConfig.java

@@ -2,6 +2,9 @@ package com.das.common.interceptor;
 
 
 import com.das.common.config.AesProperties;
+import com.das.common.utils.AdminRedisTemplate;
+import jakarta.annotation.Resource;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -9,17 +12,24 @@ import org.springframework.context.annotation.Configuration;
 
 /**
  * @author
+ * @Description 请求参数过滤器配置
  */
 @Configuration
 public class FilterConfig {
 
+    @Resource
+    private AesProperties aesProperties;
+
+    @Resource
+    private AdminRedisTemplate adminRedisTemplate;
+
     @Bean
     public FilterRegistrationBean decryptingFilterRegistration() {
         FilterRegistrationBean registrationBean = new FilterRegistrationBean();
         //注册过滤器
-        registrationBean.setFilter(new DecryptingOncePerRequestFilter());
-        registrationBean.addUrlPatterns("/*"); // 设置过滤器应用的URL模式
-        registrationBean.setOrder(1); // 设置过滤器的顺序
+        registrationBean.setFilter(new DecryptingOncePerRequestFilter(aesProperties.getKey(), adminRedisTemplate));
+        registrationBean.addUrlPatterns("/api/auth/login"); // 设置过滤器应用的URL模式
+        registrationBean.setOrder(2); // 设置过滤器的顺序
         return registrationBean;
     }
 }

das/src/main/java/com/das/common/interceptor/TokenOncePerRequestFilter.java

@@ -0,0 +1,51 @@
+package com.das.common.interceptor;
+
+
+import com.das.common.utils.AESUtil;
+import com.das.common.utils.AdminRedisTemplate;
+import io.micrometer.common.util.StringUtils;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ReadListener;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletInputStream;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+public class TokenOncePerRequestFilter extends OncePerRequestFilter {
+    private String aeskey;
+
+    private AdminRedisTemplate adminRedisTemplate;
+    public TokenOncePerRequestFilter(String aeskey, AdminRedisTemplate adminRedisTemplate) {
+        this.aeskey = aeskey;
+        this.adminRedisTemplate = adminRedisTemplate;
+    }
+
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        String iv = request.getHeader("v");
+        // token解密
+        String token = request.getHeader("token");
+        if (StringUtils.isNotBlank(token)) {
+            token = AESUtil.decrypt(aeskey, token, iv);
+            if (adminRedisTemplate.exists(token)) {
+                filterChain.doFilter(new TokenUpdatingHttpServletRequestWrapper(request, token), response);
+            } else {
+                throw new RuntimeException("token已失效");
+            }
+        } else {
+            throw new RuntimeException("token为空");
+        }
+    }
+
+}
+
+

das/src/main/java/com/das/common/interceptor/TokenUpdatingHttpServletRequestWrapper.java

@@ -0,0 +1,35 @@
+package com.das.common.interceptor;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.Map;
+
+public class TokenUpdatingHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+    private String newTokenValue;
+
+    public TokenUpdatingHttpServletRequestWrapper(HttpServletRequest request, String newTokenValue) {
+        super(request);
+        this.newTokenValue = newTokenValue;
+    }
+
+    @Override
+    public String getHeader(String name) {
+        if ("token".equalsIgnoreCase(name)) {
+            return newTokenValue; // 返回新的token值
+        }
+        return super.getHeader(name); // 对于其他header，委托给父类处理
+    }
+
+    @Override
+    public Enumeration<String> getHeaders(String name) {
+        if ("token".equalsIgnoreCase(name)) {
+            return Collections.enumeration(Collections.singletonList(newTokenValue)); // 返回包含新token值的枚举
+        }
+        return super.getHeaders(name); // 对于其他header，委托给父类处理
+    }
+
+}

das/src/main/java/com/das/common/interceptor/WebFilterConfig.java

@@ -0,0 +1,33 @@
+package com.das.common.interceptor;
+
+
+import com.das.common.config.AesProperties;
+import com.das.common.utils.AdminRedisTemplate;
+import jakarta.annotation.Resource;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * @author
+ * @Description token过滤器配置
+ */
+@Configuration
+public class WebFilterConfig {
+
+    @Resource
+    private AesProperties aesProperties;
+
+    @Resource
+    private AdminRedisTemplate adminRedisTemplate;
+    
+    @Bean
+    public FilterRegistrationBean tokenFilterRegistration() {
+        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
+        //注册过滤器
+        registrationBean.setFilter(new TokenOncePerRequestFilter(aesProperties.getKey(), adminRedisTemplate));
+        registrationBean.addUrlPatterns("/api/auth/logout"); // 设置过滤器应用的URL模式
+        registrationBean.setOrder(1); // 设置过滤器的顺序
+        return registrationBean;
+    }
+}

das/src/main/java/com/das/common/utils/AESUtil.java

@@ -14,7 +14,7 @@ import java.nio.charset.Charset;
  * @author xxx
  * @date 2020-09-16 11:17
  **/
-@Component
+
 public class AESUtil {
 
     /**

das/src/main/java/com/das/modules/auth/controller/CaptchaImageController.java

@@ -1,48 +0,0 @@
-package com.das.modules.auth.controller;
-
-import cn.hutool.core.util.IdUtil;
-import com.das.common.captcha.CaptchaProperties;
-import com.das.common.captcha.CaptchaUtil;
-import com.das.common.captcha.CaptchaVO;
-import com.das.common.result.R;
-import com.das.common.utils.AdminRedisTemplate;
-import com.google.code.kaptcha.Producer;
-import jakarta.annotation.Resource;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
-
-
-/**
- * @author chenhaojie
- * @Description 获取验证码
- */
-@Slf4j
-@RequestMapping("/api/captcha")
-@RestController
-public class CaptchaImageController {
-    @Resource
-    private Producer producer;
-    @Resource
-    private CaptchaProperties captchaProperties;
-
-     @Value("${aes.Key}")
-     String key;
-    @Resource
-    private AdminRedisTemplate adminRedisTemplate;
-
-    /**
-     * 获取验证码
-     */
-    @PostMapping("/captchaImage")
-    public R<CaptchaVO> getCaptcha() {
-        String uuid = IdUtil.fastSimpleUUID();
-        String imageBase64Str = CaptchaUtil.getImageBase64Str(producer, adminRedisTemplate, captchaProperties, uuid);
-        CaptchaVO captchaVO = new CaptchaVO(uuid, imageBase64Str);
-        return R.success(captchaVO);
-    }
-
-
-}

das/src/main/java/com/das/modules/auth/controller/LoginController.java

@@ -1,11 +1,18 @@
 package com.das.modules.auth.controller;
 
+import cn.hutool.core.util.IdUtil;
+import com.das.common.captcha.CaptchaProperties;
+import com.das.common.captcha.CaptchaUtil;
+import com.das.common.captcha.CaptchaVO;
 import com.das.common.result.R;
+import com.das.common.utils.AdminRedisTemplate;
 import com.das.modules.auth.domain.LoginUserDetails;
 import com.das.modules.auth.domain.request.LoginRequest;
+import com.das.modules.auth.domain.request.RefreshTokenRequest;
 import com.das.modules.auth.domain.vo.LoginVO;
 import com.das.modules.auth.service.ILoginService;
 import com.fasterxml.jackson.core.JsonProcessingException;
+import com.google.code.kaptcha.Producer;
 import io.micrometer.common.util.StringUtils;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
@@ -26,9 +33,14 @@ import org.springframework.web.bind.annotation.*;
 public class LoginController {
     @Resource
     private ILoginService loginService;
-     @Value("${aes.Key}")
-     String key;
 
+    @Resource
+    private Producer producer;
+    @Resource
+    private CaptchaProperties captchaProperties;
+
+    @Resource
+    private AdminRedisTemplate adminRedisTemplate;
 
     /**
      * 登录接口
@@ -57,8 +69,17 @@ public class LoginController {
         }
 
     }
+
+    @PostMapping("/captchaImage")
+    public R<CaptchaVO> getCaptcha() {
+        String uuid = IdUtil.fastSimpleUUID();
+        String imageBase64Str = CaptchaUtil.getImageBase64Str(producer, adminRedisTemplate, captchaProperties, uuid);
+        CaptchaVO captchaVO = new CaptchaVO(uuid, imageBase64Str);
+        return R.success(captchaVO);
+    }
+
     @PostMapping("/refreshToken")
-    public R<LoginVO> refreshToken(@NotEmpty(message = "刷新token不允许为空") @RequestParam("refreshToken")String refreshToken){
+    public R<LoginVO> refreshToken(@RequestBody RefreshTokenRequest refreshToken){
         LoginVO loginVO  = loginService.refreshToken(refreshToken);
         return R.success(loginVO);
     }

das/src/main/java/com/das/modules/auth/domain/request/LoginRequest.java

@@ -39,7 +39,7 @@ public class LoginRequest {
      * 验证码唯一标识
      */
     @NotBlank(message = "验证码唯一标识不允许为空")
-    private String uuid;
+    private String key;
 
 
 }

das/src/main/java/com/das/modules/auth/domain/request/RefreshTokenRequest.java

@@ -0,0 +1,21 @@
+package com.das.modules.auth.domain.request;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+
+
+/**
+ * @author chenhaojie
+ * @Description
+ */
+@Data
+public class RefreshTokenRequest {
+
+    /**
+     * * 刷新token不允许为空
+     */
+    @NotBlank(message = "刷新token不允许为空")
+    private String refreshToken;
+
+
+}

das/src/main/java/com/das/modules/auth/domain/vo/LoginVO.java

@@ -14,7 +14,7 @@ public class LoginVO implements Serializable {
     private static final long serialVersionUID = 1L;
 
     /**
-     *
+     * 新token
      */
     private String accessToken;
 

das/src/main/java/com/das/modules/auth/service/ILoginService.java

@@ -3,6 +3,7 @@ package com.das.modules.auth.service;
 
 import com.das.modules.auth.domain.LoginUserDetails;
 import com.das.modules.auth.domain.request.LoginRequest;
+import com.das.modules.auth.domain.request.RefreshTokenRequest;
 import com.das.modules.auth.domain.vo.LoginVO;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import jakarta.servlet.http.HttpServletRequest;
@@ -18,7 +19,7 @@ public interface ILoginService {
     /**
      * 登录接口
      *
-     * @param data 登录请求
+     * @param loginRequest 登录请求
      * @return 登录成功
      */
     LoginUserDetails login(LoginRequest loginRequest, HttpServletRequest request, HttpServletResponse response) throws JsonProcessingException;
@@ -34,5 +35,5 @@ public interface ILoginService {
      * @param refreshToken
      * @return
      */
-    LoginVO refreshToken(String refreshToken);
+    LoginVO refreshToken(RefreshTokenRequest refreshToken);
 }

das/src/main/java/com/das/modules/auth/service/impl/LoginServiceImpl.java

@@ -7,18 +7,17 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.das.common.captcha.CaptchaUtil;
 import com.das.common.config.SaTokenProperties;
-import com.das.common.exceptions.ServiceException;
 import com.das.common.utils.AESUtil;
 import com.das.common.utils.AdminRedisTemplate;
 import com.das.modules.auth.domain.LoginUserDetails;
 import com.das.modules.auth.domain.request.LoginRequest;
+import com.das.modules.auth.domain.request.RefreshTokenRequest;
 import com.das.modules.auth.domain.vo.LoginVO;
 import com.das.modules.auth.domain.vo.SysUserVo;
 import com.das.modules.auth.entity.SysUser;
 import com.das.modules.auth.mapper.SysUserMapper;
 import com.das.modules.auth.service.ILoginService;
 import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@@ -43,10 +42,8 @@ public class LoginServiceImpl implements ILoginService {
     @Autowired
     private AdminRedisTemplate adminRedisTemplate;
 
-    @Resource
-    private AESUtil aesUtil;
 
-    @Value("${aes.Key}")
+    @Value("${das.aes.key}")
     private String key;
 
 
@@ -60,7 +57,7 @@ public class LoginServiceImpl implements ILoginService {
         String name = loginRequest.getUsername();
         String password = loginRequest.getPassword();
         String code = loginRequest.getCode();
-        String uuid = loginRequest.getUuid();
+        String key = loginRequest.getKey();
 
         LoginUserDetails loginInfo = new LoginUserDetails();
         LambdaQueryWrapper<SysUser> wrapper = Wrappers.lambdaQuery();
@@ -70,17 +67,17 @@ public class LoginServiceImpl implements ILoginService {
             loginInfo.setMsg("无账号信息");
             return loginInfo;
         }
-        if (!CaptchaUtil.checkVerificationCode(uuid, code, adminRedisTemplate)) {
-            loginInfo.setMsg("验证码不正确");
-            return loginInfo;
-        }
+//        if (!CaptchaUtil.checkVerificationCode(key, code, adminRedisTemplate)) {
+//            loginInfo.setMsg("验证码不正确");
+//            return loginInfo;
+//        }
         if (!BCrypt.checkpw(password, sysUser.getPassword())) {
             loginInfo.setMsg("账号密码错误");
             return loginInfo;
         }
         StpUtil.login(sysUser.getAccount());// 执行登录，这里username为用户唯一标识
         String refreshTokenUuid = IdUtil.fastSimpleUUID();
-        String token = StpUtil.getTokenValue();
+        String token = StpUtil.getTokenValue().replace("-", "");
         String refreshToken = "refresh:" + refreshTokenUuid;
 
         SysUserVo sysUserVo = new SysUserVo();
@@ -92,7 +89,7 @@ public class LoginServiceImpl implements ILoginService {
         sysUserVo.setOrgId(sysUser.getOrgId());
 
         loginInfo.setSysUser(sysUserVo); // 存储用户信息到会话
-        loginInfo.setToken(StpUtil.getTokenValue());
+        loginInfo.setToken(token);
         loginInfo.setRefreshToken(refreshTokenUuid);
         adminRedisTemplate.setEx(token, loginInfo, Duration.ofSeconds(saTokenProperties.getExpireTime()));
         adminRedisTemplate.setEx(refreshToken, loginInfo, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime()));
@@ -102,24 +99,22 @@ public class LoginServiceImpl implements ILoginService {
 
     @Override
     public boolean logout(HttpServletRequest request) {
-        String iv = request.getHeader("v");
         String token = request.getHeader("token");
-        System.out.println("iv:" + iv);
-        token = aesUtil.decrypt(key, token, iv);
+        adminRedisTemplate.del(token);
         StpUtil.logoutByTokenValue(token);
         return true;
     }
 
     @Override
-    public LoginVO refreshToken(String refreshToken) {
-        LoginUserDetails loginUserDetails = adminRedisTemplate.get(refreshToken);
+    public LoginVO refreshToken(RefreshTokenRequest refreshToken) {
+        LoginUserDetails loginUserDetails = adminRedisTemplate.get(refreshToken.getRefreshToken());
         LoginVO loginInfo = new LoginVO();
         if (loginUserDetails == null) {
             loginInfo.setMsg("token过期，请重新登录");
             return loginInfo;
         }
         StpUtil.login(loginUserDetails.getSysUser().getAccount());// 执行登录，这里username为用户唯一标识
-        String newToken = StpUtil.getTokenValue();
+        String newToken = StpUtil.getTokenValue().replace("-", "");;
         String newRefreshTokenUuid = IdUtil.fastSimpleUUID();
         String newRefreshToken = "refresh:" + newRefreshTokenUuid;
         loginInfo.setAccessToken(newToken);
@@ -129,7 +124,7 @@ public class LoginServiceImpl implements ILoginService {
         String oldRefreshToken = loginUserDetails.getRefreshToken();
 
         adminRedisTemplate.setEx(newToken, loginUserDetails, Duration.ofSeconds(saTokenProperties.getExpireTime()));
-        adminRedisTemplate.setEx(refreshToken, loginUserDetails, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime()));
+        adminRedisTemplate.setEx(newRefreshToken, loginUserDetails, Duration.ofSeconds(saTokenProperties.getRefreshExpireTime()));
         // 删除原有刷新token
         adminRedisTemplate.del("refresh:" + oldRefreshToken);
 

das/src/main/resources/application.yml

@@ -91,5 +91,6 @@ captcha:
   verify-type: calculate
   expire: 120
 
-aes:
-  Key: b6967ee87b86d85a
+das:
+  aes:
+    key: b6967ee87b86d85a

docs/api/api_list.md

@@ -14,7 +14,7 @@
 
 | 参数名称 | 说明     |   备注  |
 | -------- | -------- | --- |
-| Token    | 令牌     |   需要鉴权的API 才需要添加此参数  |
+| token    | 令牌     |   需要鉴权的API 才需要添加此参数  |
 | V        | 加密向量 |  必须添加   |
 
 加密采用AES/CBC/ZeroPadding加密方式，密钥长度为16位。，IV长度为16位（每次请求时随机生成）。
@@ -25,13 +25,13 @@
 
 | 接口分类  | 接口描述 | API接口                     | 权限              |
 |:-----:| :------- |:--------------------------|-----------------|
-| 获取验证码 | 获取验证码 | /api/captchaImage         |                 |
+| 获取验证码 | 获取验证码 | /api/auth/captchaImage         |                 |
 | 系统登录  | 系统登录 | /api/auth/login           | /XXXX/XXX/XXX/X |
-| 系统登录  | 退出登录 | /api/auth/revoke          |                 |
+| 系统登录  | 退出登录 | /api/auth/logout          |                 |
 | 系统登录  | 修改密码 | /api/auth/password/change |                 |
 
 ## 验证码获取
-> /api/captchaImage
+> /api/auth/captchaImage
 
 
 入参示例
@@ -45,7 +45,7 @@
   "msg": "操作成功",
   "data": {
     "img": "",
-        "uuid": "9007a0158f7c4635b4e6e577de7406e0"
+    "key": "9007a0158f7c4635b4e6e577de7406e0"
   }
 }
 ```
@@ -54,13 +54,13 @@
 | 变量名               | 变量类型   | 可为NULL | 描述         |
 | -------------------- |--------| -------- |------------|
 | img                | String | No       | 图片base64编码 |
-| uuid                | String | No       | 验证码唯一标志    |
+| key                | String | No       | 验证码唯一标志    |
 
 ## 系统登录
 
 使用用户名和密码，验证码和验证码的唯一标识登录系统，POST请求
 
-> /api/auth/invoke
+> /api/auth/login
 
 入参示例
 
@@ -69,7 +69,7 @@
   "userName":"xx",
   "password":"xxx",
   "code":"xxx",
-  "uuid":"xxx"
+  "key":"xxx"
 }
 ```
 
@@ -80,7 +80,7 @@
 | userName | String   | no   | 用户名  |
 | password | String   | no   | 用户密码 |
 | code | String   | no   | 验证码  |
-| uuid | String   | no   | 唯一标志 |
+| key | String   | no   | 唯一标志 |
 
 调用成功返回示例
 
@@ -98,29 +98,15 @@
 
 | 变量名               | 变量类型   | 可为NULL | 描述                       |
 | -------------------- |--------| -------- | -------------------------- |
-| token                | String | No       | 令牌值                     |
+| token                | String | No       | 令牌(未加密)                     |
 
 ## 退出登录
 
 注销令牌退出登录，POST请求
 
-> /api/auth/revoke
+> /api/auth/logout
 
-入参示例
-
-```json
-{
-  "userName":"xx",
-  "token":"xxx"
-}
-```
-
-入参描述
-
-| 参数名   | 参数类型 | 可选 | 描述   |
-| -------- | -------- | ---- | ------ |
-| userName | String   | no   | 用户名 |
-| token    | String   | no   | token  |
+无入参
 
 调用成功返回示例
 
@@ -136,16 +122,15 @@
 
 修改登录密码，POST请求
 
-api/auth/password/change
+> api/auth/password/change
 
 入参示例
 
-```
+```json
 {
-"userName":"xx",
-"oldPassword":"xx",
-"newPassword":"xxx",
-"token":"xxx"
+  "userName":"xx",
+  "oldPassword":"xx",
+  "newPassword":"xxx",
 }
 ```
 
@@ -156,18 +141,19 @@ api/auth/password/change
 | oldPassword | String   | NO   | 旧密码 |
 | newPassword | String   | NO   | 新密码 |
 | userName    | String   | NO   | 用户名 |
-| token       | String   | NO   | token  |
 
 调用成功返回示例
 
 ```json
 {
-"code":"200",
-"msg":"修改成功",
-"data":"null"
+  "code":"200",
+  "msg":"修改成功",
+  "data":"null"
 }
 ```
 
+!> 下面的文档有待确认
+
 # 公司机构模块API接口
 
 组织机构模块提供的API包括机构查询、添加、修改等功能。