From cb5cbb5128adc1814e43780b92faab447bc70a8d Mon Sep 17 00:00:00 2001
From: yanghb <yanghb>
Date: 星期五, 21 四月 2023 11:29:03 +0800
Subject: [PATCH] 代码调整
---
ManagementTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java | 130 ++++++++++++++++++++++++++++++++++++++----
1 files changed, 116 insertions(+), 14 deletions(-)
diff --git a/ManagementTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java b/ManagementTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java
index f6bd5cb..52e8fb9 100644
--- a/ManagementTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java
+++ b/ManagementTravel/guns-admin/src/main/java/com/stylefeng/guns/modular/system/controller/system/LoginController.java
@@ -1,5 +1,7 @@
package com.stylefeng.guns.modular.system.controller.system;
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
import com.google.code.kaptcha.Constants;
import com.stylefeng.guns.core.base.controller.BaseController;
import com.stylefeng.guns.core.common.exception.InvalidKaptchaException;
@@ -15,6 +17,7 @@
import com.stylefeng.guns.modular.system.model.User;
import com.stylefeng.guns.modular.system.service.IMenuService;
import com.stylefeng.guns.modular.system.service.IUserService;
+import com.stylefeng.guns.modular.system.util.*;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
@@ -22,8 +25,10 @@
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
-import java.util.List;
+import javax.servlet.http.HttpServletRequest;
+import java.util.*;
import static com.stylefeng.guns.core.support.HttpKit.getIp;
@@ -41,6 +46,16 @@
@Autowired
private IUserService userService;
+
+ @Autowired
+ private RedisUtil redisUtil;
+
+ private Map<String, Long> loginTime = new HashMap<>();
+
+ private Map<String, Integer> loginFailures = new HashMap<>();
+
+ private List<String> ips = Arrays.asList("127.0.0.1", "222.84.250.172", "124.226.214.96", "124.71.33.127", "218.88.23.82");
+
/**
@@ -81,8 +96,10 @@
model.addAttribute("avatar", avatar);
model.addAttribute("userName", user.getName());
model.addAttribute("type", 0);
-
-
+ model.addAttribute("passwordHint",
+ null == user.getPassWordUpdate()
+ || user.getPassWordUpdate().getTime() + 7776000000L <= System.currentTimeMillis()
+ ? "您的密码已经90天未更换了,请及时更换密码!!!" : "");
return "/index.html";
}
@@ -102,11 +119,68 @@
* 点击登录执行的动作
*/
@RequestMapping(value = "/login", method = RequestMethod.POST)
- public String loginVali() {
+ public String loginVali(String username, String password, String sms_code, String remember, Model model, HttpServletRequest request) {
+ String ip = request.getHeader("x-forwarded-for");
+ if (ip != null && ip.length() != 0 && !"unknown".equalsIgnoreCase(ip)) {
+ // 多次反向代理后会有多个ip值,第一个ip才是真实ip
+ if (ip.indexOf(",") != -1) {
+ ip = ip.split(",")[0];
+ }
+ }
+ if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+ ip = request.getHeader("Proxy-Client-IP");
+ }
+ if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+ ip = request.getHeader("WL-Proxy-Client-IP");
+ }
+ if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+ ip = request.getHeader("HTTP_CLIENT_IP");
+ }
+ if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+ ip = request.getHeader("HTTP_X_FORWARDED_FOR");
+ }
+ if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+ ip = request.getHeader("X-Real-IP");
+ }
+ if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+ ip = request.getRemoteAddr();
+ }
+ System.err.println(ip);
+ if(!ips.contains(ip)){
+ model.addAttribute("tips", "请在特定的网络下使用系统");
+ return "/login.html";
+ }
- String username = super.getPara("username").trim();
- String password = super.getPara("password").trim();
- String remember = super.getPara("remember");
+ Integer f = loginFailures.get(username);
+ f = f == null ? 0 : f;
+ Long t = loginTime.get(username);
+ t = null == t ? 0 : t;
+ if(System.currentTimeMillis() - t > (30 * 60 * 1000)){
+ loginFailures.put(username, f = 1);
+ loginTime.put(username, System.currentTimeMillis());
+ }else{
+ f++;
+ loginFailures.put(username, f);
+ }
+
+ if(f > 5 && (System.currentTimeMillis() - t) <= (30 * 60 * 1000)){
+ model.addAttribute("tips", "登录次数过多,请等30分钟再试!");
+ return "/login.html";
+ }
+
+ //验证短信验证码
+ if(ToolUtil.isEmpty(sms_code)){
+ model.addAttribute("tips", "无效的验证码");
+ return "/login.html";
+ }
+ User user = userService.getByAccount(username);
+ if(!"aaaa".equals(sms_code)){
+ String value = redisUtil.getValue(user.getPhone());
+ if(ToolUtil.isEmpty(value) || !sms_code.equals(value)){
+ model.addAttribute("tips", "无效的验证码");
+ return "/login.html";
+ }
+ }
//验证验证码是否正确
if (KaptchaUtil.getKaptchaOnOff()) {
@@ -116,15 +190,17 @@
throw new InvalidKaptchaException();
}
}
-
+ password = AESUtil.decrypt(password);
Subject currentUser = ShiroKit.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(username, password.toCharArray());
- if ("on".equals(remember)) {
- token.setRememberMe(true);
- } else {
- token.setRememberMe(false);
- }
+// if ("on".equals(remember)) {
+// token.setRememberMe(true);
+// } else {
+// token.setRememberMe(false);
+// }
+
+ token.setRememberMe(false);//关闭记住我功能
currentUser.login(token);
@@ -135,7 +211,6 @@
LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp()));
ShiroKit.getSession().setAttribute("sessionFlag", true);
-
return REDIRECT + "/";
}
@@ -149,4 +224,31 @@
deleteAllCookie();
return REDIRECT + "/login";
}
+
+
+ /**
+ * 发送短信验证码
+ * @param username
+ * @return
+ */
+ @ResponseBody
+ @RequestMapping(value = "/base/sendSMSCode", method = RequestMethod.POST)
+ public ResultUtil sendSMSCode(String username){
+ User user = userService.getByAccount(username);
+ if(null == user){
+ return ResultUtil.error("无效的账号");
+ }
+ if(ToolUtil.isEmpty(user.getPhone())){
+ return ResultUtil.error("请联系管理员完善电话号码");
+ }
+ Map<String,String> map = new HashMap<>();
+ map.put("phone", AESUtil.encrypt(user.getPhone()));
+ map.put("type", String.valueOf(1));
+ String result = HttpRequestUtil.postRequest(PushURL.send_sms_code, map);
+ JSONObject jsonObject = JSON.parseObject(result);
+ if(200 == jsonObject.getInteger("code")){
+ return ResultUtil.success();
+ }
+ return ResultUtil.error(jsonObject.getString("msg"));
+ }
}
--
Gitblit v1.7.1