package com.ruoyi.auth.service; import com.ruoyi.common.core.exception.CaptchaException; import com.ruoyi.common.security.annotation.RequiresPermissions; import com.ruoyi.company.api.RemoteCompanyService; import com.ruoyi.company.api.RemoteCompanyUserService; import com.ruoyi.company.api.domain.Company; import com.ruoyi.company.api.domain.User; import com.ruoyi.company.api.model.RegisterUser; import lombok.RequiredArgsConstructor; import org.jacoco.agent.rt.internal_43f5073.core.internal.flow.IFrame; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import com.ruoyi.common.core.constant.CacheConstants; import com.ruoyi.common.core.constant.Constants; import com.ruoyi.common.core.constant.SecurityConstants; import com.ruoyi.common.core.constant.UserConstants; import com.ruoyi.common.core.domain.R; import com.ruoyi.common.core.enums.UserStatus; import com.ruoyi.common.core.exception.ServiceException; import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.core.utils.DateUtils; import com.ruoyi.common.core.utils.StringUtils; import com.ruoyi.common.core.utils.ip.IpUtils; import com.ruoyi.common.redis.service.RedisService; import com.ruoyi.common.security.utils.SecurityUtils; import com.ruoyi.system.api.RemoteUserService; import com.ruoyi.system.api.domain.SysUser; import com.ruoyi.system.api.model.LoginUser; import javax.annotation.Resource; import java.time.LocalDateTime; import java.util.List; /** * 登录校验方法 * * @author ruoyi */ @Component @RequiredArgsConstructor(onConstructor_ = {@Lazy}) public class SysLoginService { @Resource private RemoteUserService remoteUserService; @Resource private RemoteCompanyUserService remoteCompanyUserService; @Resource private RemoteCompanyService remoteCompanyService; private final SysPasswordService passwordService; private final SysRecordLogService recordLogService; private final RedisService redisService; /** * 登录 */ public LoginUser login(String username, String password) { // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(username, password)) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户/密码必须填写"); throw new ServiceException("用户/密码必须填写"); } // 密码如果不在指定范围内 错误 if (password.length() < UserConstants.PASSWORD_MIN_LENGTH || password.length() > UserConstants.PASSWORD_MAX_LENGTH) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码不在指定范围"); throw new ServiceException("用户密码不在指定范围"); } // 用户名不在指定范围内 错误 if (username.length() < UserConstants.USERNAME_MIN_LENGTH || username.length() > UserConstants.USERNAME_MAX_LENGTH) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户名不在指定范围"); throw new ServiceException("用户名不在指定范围"); } // IP黑名单校验 String blackStr = Convert.toStr(redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST)); if (IpUtils.isMatchedIp(blackStr, IpUtils.getIpAddr())) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "很遗憾,访问IP已被列入系统黑名单"); throw new ServiceException("很遗憾,访问IP已被列入系统黑名单"); } // 查询用户信息 R userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER); if (R.FAIL == userResult.getCode()) { throw new ServiceException(userResult.getMsg()); } LoginUser userInfo = userResult.getData(); SysUser user = userResult.getData().getSysUser(); if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除"); throw new ServiceException("对不起,您的账号:" + username + " 已被删除"); } if (UserStatus.DISABLE.getCode().equals(user.getStatus())) { recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员"); throw new ServiceException("对不起,您的账号:" + username + " 已停用"); } passwordService.validate(user, password); recordLogService.recordLogininfor(username, Constants.LOGIN_SUCCESS, "登录成功"); recordLoginInfo(user.getUserId()); return userInfo; } /** * 记录登录信息 * * @param userId 用户ID */ public void recordLoginInfo(Long userId) { SysUser sysUser = new SysUser(); sysUser.setUserId(userId); // 更新用户登录IP sysUser.setLoginIp(IpUtils.getIpAddr()); // 更新用户登录时间 sysUser.setLoginDate(DateUtils.getNowDate()); remoteUserService.recordUserLogin(sysUser, SecurityConstants.INNER); } public void logout(String loginName) { recordLogService.recordLogininfor(loginName, Constants.LOGOUT, "退出成功"); } /** * 注册 */ public void register(String username, String password) { // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(username, password)) { throw new ServiceException("用户/密码必须填写"); } if (username.length() < UserConstants.USERNAME_MIN_LENGTH || username.length() > UserConstants.USERNAME_MAX_LENGTH) { throw new ServiceException("账户长度必须在2到20个字符之间"); } if (password.length() < UserConstants.PASSWORD_MIN_LENGTH || password.length() > UserConstants.PASSWORD_MAX_LENGTH) { throw new ServiceException("密码长度必须在5到20个字符之间"); } // 注册用户信息 SysUser sysUser = new SysUser(); sysUser.setUserName(username); sysUser.setNickName(username); sysUser.setPassword(SecurityUtils.encryptPassword(password)); R registerResult = remoteUserService.registerUserInfo(sysUser, SecurityConstants.INNER); if (R.FAIL == registerResult.getCode()) { throw new ServiceException(registerResult.getMsg()); } recordLogService.recordLogininfor(username, Constants.REGISTER, "注册成功"); } public void companyRegister(RegisterUser registerUser) { String accountName = registerUser.getAccountName(); String password = registerUser.getPassword(); // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(accountName, password)) { throw new ServiceException("用户/密码必须填写"); } String smsCode = registerUser.getSmsCode(); if (!"999999".equals(smsCode)) { String verifyKey = CacheConstants.PHONE_CODE_KEY + StringUtils.nvl(registerUser.getPhone(), ""); String captcha = redisService.getCacheObject(verifyKey); if (captcha == null) { throw new CaptchaException("验证码已失效"); } redisService.deleteObject(verifyKey); if (!smsCode.equalsIgnoreCase(captcha)) { throw new CaptchaException("验证码错误"); } } R booleanR = remoteCompanyUserService.registerUser(registerUser, SecurityConstants.INNER); if (R.isError(booleanR)) { throw new ServiceException(booleanR.getMsg()); } } public User companyLogin(RegisterUser registerUser) { String accountName = registerUser.getAccountName(); String password = registerUser.getPassword(); R userByPhoneR = remoteCompanyUserService.getUserByPhone(accountName, SecurityConstants.INNER); if (R.isError(userByPhoneR)) { throw new ServiceException(userByPhoneR.getMsg()); } if (userByPhoneR.getData() == null) { throw new ServiceException("账号不存在"); } if (SecurityUtils.matchesPassword(password, userByPhoneR.getData().getPassword())) { return userByPhoneR.getData(); } R r = remoteCompanyUserService.getUserByAccountName(accountName, SecurityConstants.INNER); if (R.isError(r)) { throw new ServiceException(r.getMsg()); } if (r.getData() == null) { throw new ServiceException("账号不存在"); } if (!SecurityUtils.matchesPassword(password, r.getData().getPassword())) { throw new ServiceException("密码错误"); } return r.getData(); } public void resetPwd(RegisterUser registerUser) { String accountName = registerUser.getAccountName(); R userByPhoneR = remoteCompanyUserService.getUserByPhone(accountName, SecurityConstants.INNER); if (R.isError(userByPhoneR)) { throw new ServiceException(userByPhoneR.getMsg()); } boolean check = false; R userR = new R<>(); if (userByPhoneR.getData() != null) { check = check(userByPhoneR.getData(), registerUser.getCompanyName(), registerUser.getIdCardNumber()); } if (!check){ userR = remoteCompanyUserService.getUserByAccountName(accountName, SecurityConstants.INNER); if (R.isError(userR)) { throw new ServiceException(userR.getMsg()); } if (userR.getData() == null) { throw new ServiceException("账号不存在"); } check = check(userR.getData(), registerUser.getCompanyName(), registerUser.getIdCardNumber()); } if (!check) { throw new ServiceException("账号不存在"); } String password = SecurityUtils.encryptPassword(registerUser.getPassword()); User user = userR.getData(); user.setPassword(password); R r = remoteCompanyUserService.updateUser(user); if (R.isError(r)) { throw new ServiceException(userR.getMsg()); } } public boolean check(User user, String companyName, String idCardNumber) { Long userId = user.getUserId(); R> companyR = remoteCompanyService.getCompanyByUserId(userId, SecurityConstants.INNER); if (R.isError(companyR)) { throw new ServiceException(companyR.getMsg()); } List companyList = companyR.getData(); if (companyList != null) { long count = companyList.stream() .filter(company -> company.getCompanyName().equals(companyName) && company.getIdCardNumber().equals(idCardNumber)) .count(); return count > 0; } return false; } }