From e5a94c9d747fa73ec7eb16b284ed5bc4b057bacc Mon Sep 17 00:00:00 2001
From: puzhibing <393733352@qq.com>
Date: 星期三, 15 一月 2025 22:34:11 +0800
Subject: [PATCH] 加密
---
ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java | 67 +++++++++++++++++++++++++++++++--
1 files changed, 62 insertions(+), 5 deletions(-)
diff --git a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
index 53ed3c5..b41500b 100644
--- a/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
+++ b/ruoyi-auth/src/main/java/com/ruoyi/auth/service/SysLoginService.java
@@ -1,5 +1,6 @@
package com.ruoyi.auth.service;
+import com.ruoyi.system.api.RemoteUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import com.ruoyi.common.core.constant.CacheConstants;
@@ -17,6 +18,7 @@
import com.ruoyi.system.api.domain.SysUser;
import com.ruoyi.system.api.model.LoginUser;
+import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
/**
@@ -26,16 +28,16 @@
*/
@Component
public class SysLoginService {
- @Autowired
+ @Resource
private RemoteUserService remoteUserService;
- @Autowired
+ @Resource
private SysPasswordService passwordService;
- @Autowired
+ @Resource
private SysRecordLogService recordLogService;
- @Autowired
+ @Resource
private RedisService redisService;
/**
@@ -88,7 +90,62 @@
}
if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "用户已停用,请联系管理员");
- throw new ServiceException("对不起,您的账号:" + username + " 已停用");
+// throw new ServiceException("对不起,您的账号:" + username + " 已停用");
+ throw new ServiceException("您的账号已被禁用,请联系平台");
+ }
+ passwordService.validate(user, password, request);
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_SUCCESS_STATUS, "登录成功");
+ return userInfo;
+ }
+ public LoginUser loginShop(String username, String password, HttpServletRequest request) {
+ username = username.trim();
+ // 查询用户信息
+ R<LoginUser> userResult = remoteUserService.infoShop(username, SecurityConstants.INNER);
+
+ if (StringUtils.isNull(userResult) || StringUtils.isNull(userResult.getData())) {
+ recordLogService.recordLogininfor(request, null, username, Constants.LOGIN_FAIL_STATUS, "登录用户不存在");
+ throw new ServiceException("登录用户:" + username + " 不存在");
+ }
+ LoginUser userInfo = userResult.getData();
+ SysUser user = userResult.getData().getSysUser();
+
+ // 用户名或密码为空 错误
+ if (StringUtils.isAnyBlank(username, password)) {
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "用户/密码必须填写");
+ throw new ServiceException("用户/密码必须填写");
+ }
+ // 密码如果不在指定范围内 错误
+ if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
+ || password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "用户密码不在指定范围");
+ throw new ServiceException("用户密码不在指定范围");
+ }
+ // 用户名不在指定范围内 错误
+ if (username.length() < UserConstants.USERNAME_MIN_LENGTH
+ || username.length() > UserConstants.USERNAME_MAX_LENGTH) {
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "用户名不在指定范围");
+ throw new ServiceException("用户名不在指定范围");
+ }
+ // IP黑名单校验
+ String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST));
+ if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr())) {
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "很遗憾,访问IP已被列入系统黑名单");
+ throw new ServiceException("很遗憾,访问IP已被列入系统黑名单");
+ }
+
+ if (R.FAIL == userResult.getCode()) {
+ throw new ServiceException(userResult.getMsg());
+ }
+
+
+ if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "对不起,您的账号已被删除");
+ throw new ServiceException("对不起,您的账号:" + username + " 已被删除");
+ }
+ if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
+ recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_FAIL_STATUS, "用户已停用,请联系管理员");
+// throw new ServiceException("对不起,您的账号:" + username + " 已停用");
+ throw new ServiceException("您的账号已被禁用,请联系平台");
}
passwordService.validate(user, password, request);
recordLogService.recordLogininfor(request, user.getUserId().intValue(), username, Constants.LOGIN_SUCCESS_STATUS, "登录成功");
--
Gitblit v1.7.1