package com.ruoyi.auth.service; import com.ruoyi.auth.form.MgtPasswordDTO; import com.ruoyi.common.core.constant.CacheConstants; import com.ruoyi.common.core.constant.Constants; import com.ruoyi.common.core.constant.SecurityConstants; import com.ruoyi.common.core.constant.UserConstants; import com.ruoyi.common.core.domain.R; import com.ruoyi.common.core.enums.UserStatus; import com.ruoyi.common.core.exception.CaptchaException; import com.ruoyi.common.core.exception.ServiceException; import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.core.utils.DateUtils; import com.ruoyi.common.core.utils.StringUtils; import com.ruoyi.common.core.utils.ip.IpUtils; import com.ruoyi.common.redis.service.RedisService; import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.company.api.RemoteCompanyService; import com.ruoyi.company.api.RemoteCompanyUserService; import com.ruoyi.company.api.domain.Company; import com.ruoyi.company.api.domain.User; import com.ruoyi.company.api.domain.dto.MgtCompanyDTO; import com.ruoyi.company.api.model.RegisterUser; import com.ruoyi.system.api.RemoteUserService; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.api.model.AppUser; import com.ruoyi.system.api.model.LoginUser; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import javax.annotation.Resource; import java.util.Collection; import java.util.List; import java.util.Objects; import java.util.regex.Matcher; import java.util.regex.Pattern; /** * 登录校验方法 * * @author ruoyi */ @Component @RequiredArgsConstructor(onConstructor_ = {@Lazy}) public class SysLoginService { @Resource private RemoteUserService remoteUserService; @Resource private RemoteCompanyUserService remoteCompanyUserService; @Resource private RemoteCompanyService remoteCompanyService; private final SysPasswordService passwordService; private final SysRecordLogService recordLogService; private final RedisService redisService; /** * 登录 */ public LoginUser login(String username, String password) { // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(username, password)) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户/密码必须填写"); throw new ServiceException("用户/密码必须填写"); } // 密码如果不在指定范围内 错误 if (password.length() < UserConstants.PASSWORD_MIN_LENGTH || password.length() > UserConstants.PASSWORD_MAX_LENGTH) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码不在指定范围"); throw new ServiceException("用户密码不在指定范围"); } // 用户名不在指定范围内 错误 if (username.length() < UserConstants.USERNAME_MIN_LENGTH || username.length() > UserConstants.USERNAME_MAX_LENGTH) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户名不在指定范围"); throw new ServiceException("用户名不在指定范围"); } // IP黑名单校验 String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST)); if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr())) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "很遗憾,访问IP已被列入系统黑名单"); throw new ServiceException("很遗憾,访问IP已被列入系统黑名单"); } // 查询用户信息 R userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER); if (R.FAIL == userResult.getCode()) { throw new ServiceException(userResult.getMsg()); } LoginUser userInfo = userResult.getData(); SysUser user = userResult.getData().getSysUser(); if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除"); throw new ServiceException("对不起,您的账号:" + username + " 已被删除"); } if (UserStatus.DISABLE.getCode().equals(user.getStatus())) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员"); throw new ServiceException("对不起,您的账号:" + username + " 已停用"); } passwordService.validate(user, password); recordLogService.recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功"); recordLoginInfo(user.getUserId()); return userInfo; } /** * 记录登录信息 * * @param userId 用户ID */ public void recordLoginInfo(Long userId) { SysUser sysUser = new SysUser(); sysUser.setUserId(userId); // 更新用户登录IP sysUser.setLoginIp(IpUtils.getIpAddr()); // 更新用户登录时间 sysUser.setLoginDate(DateUtils.getNowDate()); remoteUserService.recordUserLogin(sysUser, SecurityConstants.INNER); } public void logout(String loginName) { recordLogService.recordLogininfor(loginName, Constants.LOGOUT, "退出成功"); } /** * 注册 */ public void register(String username, String password) { // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(username, password)) { throw new ServiceException("用户/密码必须填写"); } if (username.length() < UserConstants.USERNAME_MIN_LENGTH || username.length() > UserConstants.USERNAME_MAX_LENGTH) { throw new ServiceException("账户长度必须在2到20个字符之间"); } if (password.length() < UserConstants.PASSWORD_MIN_LENGTH || password.length() > UserConstants.PASSWORD_MAX_LENGTH) { throw new ServiceException("密码长度必须在5到20个字符之间"); } // 注册用户信息 SysUser sysUser = new SysUser(); sysUser.setUserName(username); sysUser.setNickName(username); sysUser.setPassword(SecurityUtils.encryptPassword(password)); R registerResult = remoteUserService.registerUserInfo(sysUser, SecurityConstants.INNER); if (R.FAIL == registerResult.getCode()) { throw new ServiceException(registerResult.getMsg()); } recordLogService.recordLogininfor(username, Constants.REGISTER, "注册成功"); } public void companyRegister(MgtCompanyDTO registerUser) { String accountName = registerUser.getAccountName(); String password = registerUser.getPassword(); // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(accountName, password)) { throw new ServiceException("用户/密码必须填写"); } String smsCode = registerUser.getSmsCode(); if (!"999999".equals(smsCode)) { String verifyKey = CacheConstants.PHONE_CODE_KEY + StringUtils.nvl(registerUser.getPhone(), ""); String captcha = redisService.getCacheObject(verifyKey); if (captcha == null){ throw new ServiceException("验证码错误"); } String[] split = captcha.split(":"); long l = Long.parseLong(split[1]); long l1 = System.currentTimeMillis(); // 判断是否大于两分钟 if (l1 - l > 2 * 60 * 1000) { throw new CaptchaException("验证码已失效"); } captcha = split[0]; if (!smsCode.equalsIgnoreCase(captcha)) { throw new CaptchaException("验证码错误"); } } R booleanR = remoteCompanyUserService.registerUser(registerUser, SecurityConstants.INNER); if (R.isError(booleanR)) { throw new ServiceException(booleanR.getMsg()); } } public User companyLogin(RegisterUser registerUser) { // 输入验证 if (registerUser == null || registerUser.getAccountName() == null || registerUser.getPassword() == null) { throw new ServiceException("无效的输入"); } String accountName = registerUser.getAccountName(); String password = registerUser.getPassword(); R userByPhoneR = remoteCompanyUserService.getUserByPhone(accountName, SecurityConstants.INNER); R userByAccountNameR = remoteCompanyUserService.getUserByAccountName(accountName, SecurityConstants.INNER); User user = null; if (userByPhoneR.getData() != null) { user = userByPhoneR.getData(); } else if (userByAccountNameR.getData() != null) { user = userByAccountNameR.getData(); } if (user == null) { throw new ServiceException("账号不存在"); } if (!SecurityUtils.matchesPassword(password, user.getPassword())) { throw new ServiceException("账号或密码错误"); } return user; } public void resetPwd(RegisterUser registerUser) { User user = check(registerUser); String verifyKey = CacheConstants.PHONE_CODE_KEY + StringUtils.nvl(registerUser.getPhone(), ""); String captcha = redisService.getCacheObject(verifyKey); if (captcha == null) { throw new CaptchaException("验证码错误"); } String[] split = captcha.split(":"); long l = Long.parseLong(split[1]); long l1 = System.currentTimeMillis(); // 判断是否大于两分钟 if (l1 - l > 2 * 60 * 1000) { throw new CaptchaException("验证码已失效"); } captcha = split[0]; if (!registerUser.getCode().equalsIgnoreCase(captcha)) { throw new CaptchaException("验证码错误"); } String password = SecurityUtils.encryptPassword(registerUser.getPassword()); user.setPassword(password); R r = remoteCompanyUserService.updateUser(user, SecurityConstants.INNER); if (R.isError(r)) { throw new ServiceException(r.getMsg()); } forceLogout(user.getUserId()); } public void forceLogout(Long userId) { Collection keys = redisService.keys(CacheConstants.LOGIN_TOKEN_KEY + "*"); for (String key : keys) { Object user = redisService.getCacheObject(key); if (user instanceof AppUser) { AppUser appUser = (AppUser) user; if (appUser.getUserId().equals(userId)) { redisService.deleteObject(key); } } } } public User check(RegisterUser registerUser) { String accountName = registerUser.getAccountName(); R userByPhoneR = remoteCompanyUserService.getUserByPhone(accountName, SecurityConstants.INNER); R userByAccountNameR= remoteCompanyUserService.getUserByAccountName(accountName, SecurityConstants.INNER); User user; if (userByPhoneR.getData() != null) { user = userByPhoneR.getData(); } else if (userByAccountNameR.getData() != null) { user = userByAccountNameR.getData(); }else { throw new ServiceException("账号不存在"); } R> companyListR = remoteCompanyService.getCompanyByUserId(user.getUserId(), SecurityConstants.INNER); List companyList = companyListR.getData(); long count = companyList.stream().filter(company -> company.getCompanyName() .equals(registerUser.getCompanyName()) && company.getIdCardNumber().equals(registerUser.getIdCardNumber())).count(); if (count == 0) { return null; } return user; } /** * 管理端-修改密码 * @param dto */ public void modifyPwd(MgtPasswordDTO dto) { Long userId = SecurityUtils.getUserId(); SysUser sysUser = remoteUserService.getUserById(userId, SecurityConstants.INNER).getData(); if (Objects.isNull(sysUser)){ throw new ServiceException("用户不存在"); } if (!SecurityUtils.matchesPassword(dto.getOldPassword(), sysUser.getPassword())){ throw new ServiceException("原密码错误"); } sysUser.setPassword(SecurityUtils.encryptPassword(dto.getNewPassword())); remoteUserService.updateUser(sysUser,SecurityConstants.INNER); } }