From 4337640b7ab86136baed2fd6aa959e4828a75cea Mon Sep 17 00:00:00 2001
From: Lius <Lius2225@163.com>
Date: 星期四, 07 十二月 2023 17:33:51 +0800
Subject: [PATCH] 计算加工工件个数算法和密码安全策略
---
lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java | 107 +++++++++++++++++++++++++++++++++++++++--------------
1 files changed, 78 insertions(+), 29 deletions(-)
diff --git a/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
index 3035eff..39fb53f 100644
--- a/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
+++ b/lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
@@ -4,6 +4,7 @@
import com.alibaba.fastjson.JSONObject;
import com.aliyuncs.exceptions.ClientException;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
import com.baomidou.mybatisplus.core.toolkit.IdWorker;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
@@ -14,6 +15,7 @@
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.system.util.JwtUtil;
+import org.jeecg.common.system.vo.DictModel;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.*;
import org.jeecg.common.util.encryption.EncryptedString;
@@ -29,7 +31,6 @@
import org.jeecg.modules.system.util.RandImageUtil;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
@@ -103,7 +104,7 @@
return result;
}*/
//update-end-author:taoyan date:20190828 for:鏍¢獙楠岃瘉鐮�
-
+
//1. 鏍¢獙鐢ㄦ埛鏄惁鏈夋晥
//update-begin-author:wangshuai date:20200601 for: 鐧诲綍浠g爜楠岃瘉鐢ㄦ埛鏄惁娉ㄩ攢bug锛宨f鏉′欢姘歌繙涓篺alse
LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
@@ -119,10 +120,51 @@
String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
String syspassword = sysUser.getPassword();
if (!syspassword.equals(userpassword)) {
- result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒");
+ // 鑾峰彇鐢ㄦ埛澶辫触鏈�澶ф鏁�
+ //Integer maxAttempts = CommonConstant.MAX_ATTEMPTS;
+ List<DictModel> dictModels = sysDictService.queryEnableDictItemsByCode(CommonConstant.DICT_MAX_ATTEMPTS);
+ if (dictModels != null && !dictModels.isEmpty()) {
+ Integer maxAttempts = Integer.valueOf(dictModels.get(0).getValue());
+ if (redisUtil.hasKey(CommonConstant.PREFIX_LOGIN_COUNT + username)) {
+ Integer loginCount = (Integer) redisUtil.get(CommonConstant.PREFIX_LOGIN_COUNT + username) + 1;
+ if (loginCount < maxAttempts) {
+ result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒锛岃閲嶆柊灏濊瘯銆傚墿浣欏皾璇曟鏁帮細" + (maxAttempts - loginCount));
+ redisUtil.set(CommonConstant.PREFIX_LOGIN_COUNT + username, loginCount + 1, 300);
+ } else if (loginCount.equals(maxAttempts)) {
+ // 瓒呰繃鏈�澶х櫥褰曟鏁� 閿佸畾鐢ㄦ埛
+ //sysUserService.update(new SysUser().setStatus(CommonConstant.USER_FREEZE), new UpdateWrapper<SysUser>().lambda().eq(SysUser::getUsername, username));
+ // 鑾峰彇鐢ㄦ埛澶辫触閿佸畾鏃堕暱
+ List<DictModel> dictModelList = sysDictService.queryEnableDictItemsByCode(CommonConstant.DICT_USER_FREEZE);
+ if (dictModelList != null && !dictModelList.isEmpty()) {
+ Integer userFreezeTime = Integer.valueOf(dictModelList.get(0).getValue());
+ redisUtil.set(CommonConstant.PREFIX_LOGIN_COUNT + username, loginCount + 1, userFreezeTime * 60);
+ result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒锛屽凡鍒拌揪鏈�澶у皾璇曟鏁帮紝璇风◢鍚庡皾璇曪紒");
+ } else {
+ //淇敼鏁版嵁搴撻攣瀹氱敤鎴�
+ sysUserService.update(new SysUser().setStatus(CommonConstant.USER_FREEZE), new UpdateWrapper<SysUser>().lambda().eq(SysUser::getUsername, username));
+ //鍒犻櫎redis淇℃伅
+ redisUtil.del(CommonConstant.PREFIX_LOGIN_COUNT + username);
+ result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒锛屽凡鍒拌揪鏈�澶у皾璇曟鏁帮紝璇疯仈绯荤鐞嗗憳瑙i攣锛�");
+ }
+
+ } else {
+ result.error500("鎮ㄧ殑璐︽埛宸查攣瀹氾紝璇风◢鍚庡皾璇曪紒");
+ }
+ } else {
+ redisUtil.set(CommonConstant.PREFIX_LOGIN_COUNT + username, 1, 300);
+ result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒锛岃閲嶆柊灏濊瘯銆傚墿浣欏皾璇曟鏁帮細" + (maxAttempts - 1));
+ }
+ }
+
+
+ //result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒");
return result;
+ } else {
+ if (redisUtil.hasKey(CommonConstant.PREFIX_LOGIN_COUNT + username)) {
+ redisUtil.del(CommonConstant.PREFIX_LOGIN_COUNT + username);
+ }
}
-
+
//鐢ㄦ埛鐧诲綍淇℃伅
userInfo(sysUser, result);
//update-begin--Author:liusq Date:20210126 for锛氱櫥褰曟垚鍔燂紝鍒犻櫎redis涓殑楠岃瘉鐮�
@@ -161,7 +203,7 @@
}
//update-begin---author:liusq ---date:2022-06-29 for锛氭帴鍙h繑鍥炲�间慨鏀癸紝鍚屾淇敼杩欓噷鐨勫垽鏂�昏緫-----------
//update-end---author:scott ---date::2022-06-20 for锛歷ue3鍓嶇锛屾敮鎸佽嚜瀹氫箟棣栭〉--------------
-
+
obj.put("userInfo",sysUser);
obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
result.setResult(obj);
@@ -170,7 +212,7 @@
return result;
}
-
+
/**
* 閫�鍑虹櫥褰�
* @param request
@@ -204,7 +246,7 @@
return Result.error("Token鏃犳晥!");
}
}
-
+
/**
* 鑾峰彇璁块棶閲�
* @return
@@ -235,7 +277,7 @@
result.success("鐧诲綍鎴愬姛");
return result;
}
-
+
/**
* 鑾峰彇璁块棶閲�
* @return
@@ -256,8 +298,8 @@
result.setResult(oConvertUtils.toLowerCasePageList(list));
return result;
}
-
-
+
+
/**
* 鐧婚檰鎴愬姛閫夋嫨鐢ㄦ埛褰撳墠閮ㄩ棬
* @param user
@@ -282,7 +324,7 @@
/**
* 鐭俊鐧诲綍鎺ュ彛
- *
+ *
* @param jsonObject
* @return
*/
@@ -298,12 +340,12 @@
result.setSuccess(false);
return result;
}
-
+
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
Object object = redisUtil.get(redisKey);
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
-
+
if (object != null) {
result.setMessage("楠岃瘉鐮�10鍒嗛挓鍐咃紝浠嶇劧鏈夋晥锛�");
result.setSuccess(false);
@@ -337,7 +379,7 @@
}
return result;
}
-
+
/**
* smsmode 鐭俊妯℃澘鏂瑰紡 0 .鐧诲綍妯℃澘銆�1.娉ㄥ唽妯℃澘銆�2.蹇樿瀵嗙爜妯℃澘
*/
@@ -355,12 +397,12 @@
result.setSuccess(false);
return result;
}
-
+
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
//楠岃瘉鐮�10鍒嗛挓鍐呮湁鏁�
redisUtil.set(redisKey, captcha, 600);
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
-
+
//update-begin--Author:scott Date:20190812 for锛歩ssues#391
//result.setResult(captcha);
//update-end--Author:scott Date:20190812 for锛歩ssues#391
@@ -373,11 +415,11 @@
}
return result;
}
-
+
/**
* 鎵嬫満鍙风櫥褰曟帴鍙�
- *
+ *
* @param jsonObject
* @return
*/
@@ -386,14 +428,14 @@
public Result<JSONObject> phoneLogin(@RequestBody JSONObject jsonObject) {
Result<JSONObject> result = new Result<JSONObject>();
String phone = jsonObject.getString("mobile");
-
+
//鏍¢獙鐢ㄦ埛鏈夋晥鎬�
SysUser sysUser = sysUserService.getUserByPhone(phone);
result = sysUserService.checkUserIsEffective(sysUser);
if(!result.isSuccess()) {
return result;
}
-
+
String smscode = jsonObject.getString("captcha");
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
@@ -429,9 +471,16 @@
// 鐢熸垚token
String token = JwtUtil.sign(username, syspassword);
+ // 鑾峰彇token缂撳瓨鏈夋晥鏃堕棿
+ Integer expireTime = CommonConstant.TOKEN_EXPIRE_TIME;
+ List<DictModel> dictModels = sysDictService.queryEnableDictItemsByCode(CommonConstant.DICT_TOKEN_EXPIRE_TIME);
+ if (dictModels != null && !dictModels.isEmpty()) {
+ expireTime = Integer.valueOf(dictModels.get(0).getValue());
+ }
// 璁剧疆token缂撳瓨鏈夋晥鏃堕棿
- redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
- redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
+ redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token, (long) (expireTime + 1) * 60 * 60);
+
+ //redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, );
obj.put("token", token);
// update-begin--Author:sunjianlei Date:20210802 for锛氳幏鍙栫敤鎴风鎴蜂俊鎭�
@@ -505,13 +554,13 @@
String code = RandomUtil.randomString(BASE_CHECK_CODES,4);
//瀛樺埌redis涓�
String lowerCaseCode = code.toLowerCase();
-
+
//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
// 鍔犲叆瀵嗛挜浣滀负娣锋穯锛岄伩鍏嶇畝鍗曠殑鎷兼帴锛岃澶栭儴鍒╃敤锛岀敤鎴疯嚜瀹氫箟璇ュ瘑閽ュ嵆鍙�
String origin = lowerCaseCode+key+jeecgBaseConfig.getSignatureSecret();
String realKey = Md5Util.md5Encode(origin, "utf-8");
//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 銆愭紡娲炪�戝彂鐜版柊婕忔礊寰呭鐞�20220906
-
+
redisUtil.set(realKey, lowerCaseCode, 60);
log.info("鑾峰彇楠岃瘉鐮侊紝Redis key = {}锛宑heckCode = {}", realKey, code);
//杩斿洖鍓嶇
@@ -535,7 +584,7 @@
sysPermissionService.switchVue3Menu();
return res;
}
-
+
/**
* app鐧诲綍
* @param sysLoginModel
@@ -547,14 +596,14 @@
Result<JSONObject> result = new Result<JSONObject>();
String username = sysLoginModel.getUsername();
String password = sysLoginModel.getPassword();
-
+
//1. 鏍¢獙鐢ㄦ埛鏄惁鏈夋晥
SysUser sysUser = sysUserService.getUserByName(username);
result = sysUserService.checkUserIsEffective(sysUser);
if(!result.isSuccess()) {
return result;
}
-
+
//2. 鏍¢獙鐢ㄦ埛鍚嶆垨瀵嗙爜鏄惁姝g‘
String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
String syspassword = sysUser.getPassword();
@@ -562,7 +611,7 @@
result.error500("鐢ㄦ埛鍚嶆垨瀵嗙爜閿欒");
return result;
}
-
+
String orgCode = sysUser.getOrgCode();
if(oConvertUtils.isEmpty(orgCode)) {
//濡傛灉褰撳墠鐢ㄦ埛鏃犻�夋嫨閮ㄩ棬 鏌ョ湅閮ㄩ棬鍏宠仈淇℃伅
@@ -581,7 +630,7 @@
JSONObject obj = new JSONObject();
//鐢ㄦ埛鐧诲綍淇℃伅
obj.put("userInfo", sysUser);
-
+
// 鐢熸垚token
String token = JwtUtil.sign(username, syspassword);
// 璁剧疆瓒呮椂鏃堕棿
--
Gitblit v1.9.3