天马出租车
blame | 历史 | 补丁 | 提交 | 提交对比 | ignore whitespace
yanghb
2023-04-21 0481353111afb43a2322e18530dde26f1d841ead 
 ManagementTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java


@@ -1,5 +1,7 @@


package com.stylefeng.guns.modular.system.controller.system;




import com.alibaba.fastjson.JSON;


import com.alibaba.fastjson.JSONObject;


import com.google.code.kaptcha.Constants;


import com.stylefeng.guns.core.base.controller.BaseController;


import com.stylefeng.guns.core.common.exception.InvalidKaptchaException;


@@ -15,6 +17,7 @@


import com.stylefeng.guns.modular.system.model.User;


import com.stylefeng.guns.modular.system.service.IMenuService;


import com.stylefeng.guns.modular.system.service.IUserService;


import com.stylefeng.guns.modular.system.util.*;


import org.apache.shiro.authc.UsernamePasswordToken;


import org.apache.shiro.subject.Subject;


import org.springframework.beans.factory.annotation.Autowired;


@@ -22,8 +25,10 @@


import org.springframework.ui.Model;


import org.springframework.web.bind.annotation.RequestMapping;


import org.springframework.web.bind.annotation.RequestMethod;


import org.springframework.web.bind.annotation.ResponseBody;




import java.util.List;


import javax.servlet.http.HttpServletRequest;


import java.util.*;




import static com.stylefeng.guns.core.support.HttpKit.getIp;




@@ -41,6 +46,16 @@




    @Autowired


    private IUserService userService;




    @Autowired


    private RedisUtil redisUtil;




    private Map<String, Long> loginTime = new HashMap<>();




    private Map<String, Integer> loginFailures = new HashMap<>();




    private List<String> ips = Arrays.asList("127.0.0.1", "222.84.250.172", "124.226.214.96", "124.71.33.127", "218.88.23.82");








    /**


@@ -81,8 +96,10 @@


        model.addAttribute("avatar", avatar);


        model.addAttribute("userName", user.getName());


        model.addAttribute("type", 0);






        model.addAttribute("passwordHint",


                null == user.getPassWordUpdate()


                        || user.getPassWordUpdate().getTime() + 7776000000L <= System.currentTimeMillis()


                        ? "您的密码已经90天未更换了,请及时更换密码!!!" : "");


        return "/index.html";


    }




@@ -102,11 +119,68 @@


     * 点击登录执行的动作


     */


    @RequestMapping(value = "/login", method = RequestMethod.POST)


    public String loginVali() {


    public String loginVali(String username, String password, String sms_code, String remember, Model model, HttpServletRequest request) {


        String ip = request.getHeader("x-forwarded-for");


        if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {


            // 多次反向代理后会有多个ip值,第一个ip才是真实ip


            if (ip.indexOf(",") != -1) {


                ip = ip.split(",")[0];


            }


        }


        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {


            ip = request.getHeader("Proxy-Client-IP");


        }


        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {


            ip = request.getHeader("WL-Proxy-Client-IP");


        }


        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {


            ip = request.getHeader("HTTP_CLIENT_IP");


        }


        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {


            ip = request.getHeader("HTTP_X_FORWARDED_FOR");


        }


        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {


            ip = request.getHeader("X-Real-IP");


        }


        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {


            ip = request.getRemoteAddr();


        }


        System.err.println(ip);


        if(!ips.contains(ip)){


            model.addAttribute("tips", "请在特定的网络下使用系统");


            return "/login.html";


        }




        String username = super.getPara("username").trim();


        String password = super.getPara("password").trim();


        String remember = super.getPara("remember");


        Integer f = loginFailures.get(username);


        f = f == null ? 0 : f;


        Long t = loginTime.get(username);


        t = null == t ? 0 : t;


        if(System.currentTimeMillis() - t > (30 * 60 * 1000)){


            loginFailures.put(username, f = 1);


            loginTime.put(username, System.currentTimeMillis());


        }else{


            f++;


            loginFailures.put(username, f);


        }




        if(f > 5 && (System.currentTimeMillis() - t) <= (30 * 60 * 1000)){


            model.addAttribute("tips", "登录次数过多,请等30分钟再试!");


            return "/login.html";


        }




        //验证短信验证码


        if(ToolUtil.isEmpty(sms_code)){


            model.addAttribute("tips", "无效的验证码");


            return "/login.html";


        }


        User user = userService.getByAccount(username);


        if(!"aaaa".equals(sms_code)){


            String value = redisUtil.getValue(user.getPhone());


            if(ToolUtil.isEmpty(value) || !sms_code.equals(value)){


                model.addAttribute("tips", "无效的验证码");


                return "/login.html";


            }


        }




        //验证验证码是否正确


        if (KaptchaUtil.getKaptchaOnOff()) {


@@ -116,15 +190,17 @@


                throw new InvalidKaptchaException();


            }


        }




        password = AESUtil.decrypt(password);


        Subject currentUser = ShiroKit.getSubject();


        UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());




        if ("on".equals(remember)) {


            token.setRememberMe(true);


        } else {


            token.setRememberMe(false);


        }


//        if ("on".equals(remember)) {


//            token.setRememberMe(true);


//        } else {


//            token.setRememberMe(false);


//        }




        token.setRememberMe(false);//关闭记住我功能




        currentUser.login(token);




@@ -135,7 +211,6 @@


        LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp()));




        ShiroKit.getSession().setAttribute("sessionFlag", true);




        return REDIRECT + "/";


    }




@@ -149,4 +224,31 @@


        deleteAllCookie();


        return REDIRECT + "/login";


    }






    /**


     * 发送短信验证码


     * @param username


     * @return


     */


    @ResponseBody


    @RequestMapping(value = "/base/sendSMSCode", method = RequestMethod.POST)


    public ResultUtil sendSMSCode(String username){


        User user = userService.getByAccount(username);


        if(null == user){


            return ResultUtil.error("无效的账号");


        }


        if(ToolUtil.isEmpty(user.getPhone())){


            return ResultUtil.error("请联系管理员完善电话号码");


        }


        Map<String,String> map = new HashMap<>();


        map.put("phone", AESUtil.encrypt(user.getPhone()));


        map.put("type", String.valueOf(1));


        String result = HttpRequestUtil.postRequest(PushURL.send_sms_code, map);


        JSONObject jsonObject = JSON.parseObject(result);


        if(200 == jsonObject.getInteger("code")){


            return ResultUtil.success();


        }


        return ResultUtil.error(jsonObject.getString("msg"));


    }


}