6 years ago · 43028566d9
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java
@@ -107,5 +107,10 @@ public @interface Authorize {
 
				      */
			
 
				     RequiresDataAccess dataAccess() default @RequiresDataAccess(ignore = true);
			
 
				 
			
 
				+    /**
			
 
				+     * @return 双重验证
			
 
				+     */
			
 
				+    TwoFactor twoFactor() default @TwoFactor(ignore = true);
			
 
				+
			
 
				     String[] description() default {};
			
 
				 }
			
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/TwoFactor.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/TwoFactor.java
@@ -0,0 +1,17 @@
 
				+package org.hswebframework.web.authorization.annotation;
			
 
				+
			
 
				+import java.lang.annotation.*;
			
 
				+
			
 
				+@Target({ElementType.TYPE, ElementType.METHOD})
			
 
				+@Retention(RetentionPolicy.RUNTIME)
			
 
				+@Inherited
			
 
				+@Documented
			
 
				+public @interface TwoFactor {
			
 
				+    String operation() default "";
			
 
				+
			
 
				+    long timeout() default 10 * 60 * 1000L;
			
 
				+
			
 
				+    String provider() default "totp";
			
 
				+
			
 
				+    boolean ignore() default false;
			
 
				+}
			
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/twofactor/TwoFactorValidator.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/twofactor/TwoFactorValidator.java
@@ -0,0 +1,25 @@
 
				+package org.hswebframework.web.authorization.twofactor;
			
 
				+
			
 
				+/**
			
 
				+ * 双重验证器,用于某些接口需要双重验证时使用,如: 短信验证码,动态口令等
			
 
				+ */
			
 
				+public interface TwoFactorValidator {
			
 
				+
			
 
				+    /**
			
 
				+     * 验证code是否有效,如果验证码有效,则保持此验证有效期.在有效期内,调用{@link this#expired()} 将返回false
			
 
				+     *
			
 
				+     * @param code    验证码
			
 
				+     * @param timeout 保持验证通过有效期
			
 
				+     * @return 验证码是否有效
			
 
				+     */
			
 
				+    boolean verify(String code, long timeout);
			
 
				+
			
 
				+    /**
			
 
				+     * 验证是否已经过期,过期则需要重新进行验证
			
 
				+     *
			
 
				+     * @return 是否过期
			
 
				+     */
			
 
				+    boolean expired();
			
 
				+
			
 
				+
			
 
				+}
			
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/twofactor/TwoFactorValidatorManager.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/twofactor/TwoFactorValidatorManager.java
@@ -0,0 +1,19 @@
 
				+package org.hswebframework.web.authorization.twofactor;
			
 
				+
			
 
				+import org.hswebframework.web.authorization.Authentication;
			
 
				+
			
 
				+/**
			
 
				+ * 双重验证管理器
			
 
				+ */
			
 
				+public interface TwoFactorValidatorManager {
			
 
				+
			
 
				+    /**
			
 
				+     * 获取用户使用的双重验证器
			
 
				+     *
			
 
				+     * @param userId    用户id
			
 
				+     * @param operation 进行的操作
			
 
				+     * @return 验证器
			
 
				+     */
			
 
				+    TwoFactorValidator getValidator(String userId, String operation);
			
 
				+
			
 
				+}