Startsida Utforska Hjälp
Registrera dig Logga in
wenhongquan
/
FileManager
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 911867d5a5
Grenar Taggar
FileManager
/
ruoyi-system
/
src
/
main
/
java
/
com
/
ruoyi
/
system
/
service
/
SysLoginService.java

SysLoginService.java 6.5 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 
  1. package com.ruoyi.system.service;
    2. 

  2. 

  3. import cn.dev33.satoken.stp.StpUtil;
    4. 

  4. import cn.hutool.core.util.ObjectUtil;
    5. 

  5. import com.ruoyi.common.constant.Constants;
    6. 

  6. import com.ruoyi.common.core.domain.entity.SysUser;
    7. 

  7. import com.ruoyi.common.core.domain.model.LoginUser;
    8. 

  8. import com.ruoyi.common.core.service.LogininforService;
    9. 

  9. import com.ruoyi.common.enums.DeviceType;
    10. 

  10. import com.ruoyi.common.enums.UserStatus;
    11. 

  11. import com.ruoyi.common.exception.user.CaptchaException;
    12. 

  12. import com.ruoyi.common.exception.user.CaptchaExpireException;
    13. 

  13. import com.ruoyi.common.exception.user.UserException;
    14. 

  14. import com.ruoyi.common.helper.LoginHelper;
    15. 

  15. import com.ruoyi.common.utils.*;
    16. 

  16. import com.ruoyi.common.utils.redis.RedisUtils;
    17. 

  17. import lombok.RequiredArgsConstructor;
    18. 

  18. import lombok.extern.slf4j.Slf4j;
    19. 

  19. import org.springframework.stereotype.Service;
    20. 

  20. 

  21. import javax.servlet.http.HttpServletRequest;
    22. 

  22. import java.util.concurrent.TimeUnit;
    23. 

  23. 

  24. /**
    25. 

  25.  * 登录校验方法
    26. 

  26.  *
    27. 

  27.  * @author Lion Li
    28. 

  28.  */
    29. 

  29. @RequiredArgsConstructor
    30. 

  30. @Slf4j
    31. 

  31. @Service
    32. 

  32. public class SysLoginService {
    33. 

  33. 

  34.     private final ISysUserService userService;
    35. 

  35.     private final ISysConfigService configService;
    36. 

  36.     private final LogininforService asyncService;
    37. 

  37.     private final SysPermissionService permissionService;
    38. 

  38. 

  39.     /**
    40. 

  40.      * 登录验证
    41. 

  41.      *
    42. 

  42.      * @param username 用户名
    43. 

  43.      * @param password 密码
    44. 

  44.      * @param code     验证码
    45. 

  45.      * @param uuid     唯一标识
    46. 

  46.      * @return 结果
    47. 

  47.      */
    48. 

  48.     public String login(String username, String password, String code, String uuid) {
    49. 

  49.         HttpServletRequest request = ServletUtils.getRequest();
    50. 

  50.         boolean captchaOnOff = configService.selectCaptchaOnOff();
    51. 

  51.         // 验证码开关
    52. 

  52.         if (captchaOnOff) {
    53. 

  53.             validateCaptcha(username, code, uuid, request);
    54. 

  54.         }
    55. 

  55.         // 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip)
    56. 

  56.         Integer errorNumber = RedisUtils.getCacheObject(Constants.LOGIN_ERROR + username);
    57. 

  57.         // 锁定时间内登录 则踢出
    58. 

  58.         if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
    59. 

  59.             asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
    60. 

  60.             throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
    61. 

  61.         }
    62. 

  62. 

  63.         SysUser user = loadUserByUsername(username);
    64. 

  64. 

  65.         if (!SecurityUtils.matchesPassword(password, user.getPassword())) {
    66. 

  66.             // 是否第一次
    67. 

  67.             errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
    68. 

  68.             // 达到规定错误次数 则锁定登录
    69. 

  69.             if (errorNumber.equals(Constants.LOGIN_ERROR_NUMBER)) {
    70. 

  70.                 RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber, Constants.LOGIN_ERROR_LIMIT_TIME, TimeUnit.MINUTES);
    71. 

  71.                 asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME), request);
    72. 

  72.                 throw new UserException("user.password.retry.limit.exceed", Constants.LOGIN_ERROR_LIMIT_TIME);
    73. 

  73.             } else {
    74. 

  74.                 // 未达到规定错误次数 则递增
    75. 

  75.                 RedisUtils.setCacheObject(Constants.LOGIN_ERROR + username, errorNumber);
    76. 

  76.                 asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.retry.limit.count", errorNumber), request);
    77. 

  77.                 throw new UserException("user.password.retry.limit.count", errorNumber);
    78. 

  78.             }
    79. 

  79.         }
    80. 

  80. 

  81.         // 登录成功 清空错误次数
    82. 

  82.         RedisUtils.deleteObject(Constants.LOGIN_ERROR + username);
    83. 

  83.         asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
    84. 

  84.         recordLoginInfo(user.getUserId(), username);
    85. 

  85. 

  86.         LoginUser loginUser = buildLoginUser(user);
    87. 

  87. 

  88.         // 生成token
    89. 

  89.         LoginHelper.loginByDevice(loginUser, DeviceType.PC);
    90. 

  90.         return StpUtil.getTokenValue();
    91. 

  91.     }
    92. 

  92. 

  93.     /**
    94. 

  94.      * 校验验证码
    95. 

  95.      *
    96. 

  96.      * @param username 用户名
    97. 

  97.      * @param code     验证码
    98. 

  98.      * @param uuid     唯一标识
    99. 

  99.      */
    100. 

  100.     public void validateCaptcha(String username, String code, String uuid, HttpServletRequest request) {
    101. 

  101.         String verifyKey = Constants.CAPTCHA_CODE_KEY + uuid;
    102. 

  102.         String captcha = RedisUtils.getCacheObject(verifyKey);
    103. 

  103.         RedisUtils.deleteObject(verifyKey);
    104. 

  104.         if (captcha == null) {
    105. 

  105.             asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"), request);
    106. 

  106.             throw new CaptchaExpireException();
    107. 

  107.         }
    108. 

  108.         if (!code.equalsIgnoreCase(captcha)) {
    109. 

  109.             asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"), request);
    110. 

  110.             throw new CaptchaException();
    111. 

  111.         }
    112. 

  112.     }
    113. 

  113. 

  114.     private SysUser loadUserByUsername(String username) {
    115. 

  115.         SysUser user = userService.selectUserByUserName(username);
    116. 

  116.         if (StringUtils.isNull(user)) {
    117. 

  117.             log.info("登录用户:{} 不存在.", username);
    118. 

  118.             throw new UserException("user.not.exists", username);
    119. 

  119.         } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
    120. 

  120.             log.info("登录用户:{} 已被删除.", username);
    121. 

  121.             throw new UserException("user.password.delete", username);
    122. 

  122.         } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
    123. 

  123.             log.info("登录用户:{} 已被停用.", username);
    124. 

  124.             throw new UserException("user.blocked", username);
    125. 

  125.         }
    126. 

  126.         return user;
    127. 

  127.     }
    128. 

  128. 

  129.     /**
    130. 

  130.      * 构建登录用户
    131. 

  131.      */
    132. 

  132.     private LoginUser buildLoginUser(SysUser user) {
    133. 

  133.         LoginUser loginUser = new LoginUser();
    134. 

  134.         loginUser.setUserId(user.getUserId());
    135. 

  135.         loginUser.setDeptId(user.getDeptId());
    136. 

  136.         loginUser.setUsername(user.getUserName());
    137. 

  137.         loginUser.setUserType(user.getUserType());
    138. 

  138.         loginUser.setMenuPermission(permissionService.getMenuPermission(user));
    139. 

  139.         loginUser.setRolePermission(permissionService.getRolePermission(user));
    140. 

  140.         return loginUser;
    141. 

  141.     }
    142. 

  142. 

  143.     /**
    144. 

  144.      * 记录登录信息
    145. 

  145.      *
    146. 

  146.      * @param userId 用户ID
    147. 

  147.      */
    148. 

  148.     public void recordLoginInfo(Long userId, String username) {
    149. 

  149.         SysUser sysUser = new SysUser();
    150. 

  150.         sysUser.setUserId(userId);
    151. 

  151.         sysUser.setLoginIp(ServletUtils.getClientIP());
    152. 

  152.         sysUser.setLoginDate(DateUtils.getNowDate());
    153. 

  153.         sysUser.setUpdateBy(username);
    154. 

  154.         userService.updateUserProfile(sysUser);
    155. 

  155.     }
    156. 

  156. }
    157.