SysLoginService.java 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341
  1. package com.ruoyi.web.service;
  2. import cn.dev33.satoken.exception.NotLoginException;
  3. import cn.dev33.satoken.secure.BCrypt;
  4. import cn.dev33.satoken.stp.StpUtil;
  5. import cn.hutool.core.util.ObjectUtil;
  6. import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
  7. import com.ruoyi.common.core.constant.Constants;
  8. import com.ruoyi.common.core.constant.GlobalConstants;
  9. import com.ruoyi.common.core.domain.dto.RoleDTO;
  10. import com.ruoyi.common.core.domain.model.LoginUser;
  11. import com.ruoyi.common.core.domain.model.XcxLoginUser;
  12. import com.ruoyi.common.core.enums.DeviceType;
  13. import com.ruoyi.common.core.enums.LoginType;
  14. import com.ruoyi.common.core.enums.TenantStatus;
  15. import com.ruoyi.common.core.enums.UserStatus;
  16. import com.ruoyi.common.core.exception.user.CaptchaException;
  17. import com.ruoyi.common.core.exception.user.CaptchaExpireException;
  18. import com.ruoyi.common.core.exception.user.UserException;
  19. import com.ruoyi.common.core.utils.*;
  20. import com.ruoyi.common.log.event.LogininforEvent;
  21. import com.ruoyi.common.redis.utils.RedisUtils;
  22. import com.ruoyi.common.satoken.utils.LoginHelper;
  23. import com.ruoyi.common.tenant.exception.TenantException;
  24. import com.ruoyi.common.tenant.helper.TenantHelper;
  25. import com.ruoyi.common.web.config.properties.CaptchaProperties;
  26. import com.ruoyi.system.domain.SysUser;
  27. import com.ruoyi.system.domain.vo.SysTenantVo;
  28. import com.ruoyi.system.domain.vo.SysUserVo;
  29. import com.ruoyi.system.mapper.SysUserMapper;
  30. import com.ruoyi.system.service.ISysPermissionService;
  31. import com.ruoyi.system.service.ISysTenantService;
  32. import jakarta.servlet.http.HttpServletRequest;
  33. import lombok.RequiredArgsConstructor;
  34. import lombok.extern.slf4j.Slf4j;
  35. import org.springframework.beans.factory.annotation.Value;
  36. import org.springframework.stereotype.Service;
  37. import java.time.Duration;
  38. import java.util.Date;
  39. import java.util.List;
  40. import java.util.function.Supplier;
  41. /**
  42. * 登录校验方法
  43. *
  44. * @author Lion Li
  45. */
  46. @RequiredArgsConstructor
  47. @Slf4j
  48. @Service
  49. public class SysLoginService {
  50. private final SysUserMapper userMapper;
  51. private final CaptchaProperties captchaProperties;
  52. private final ISysPermissionService permissionService;
  53. private final ISysTenantService tenantService;
  54. @Value("${user.password.maxRetryCount}")
  55. private Integer maxRetryCount;
  56. @Value("${user.password.lockTime}")
  57. private Integer lockTime;
  58. /**
  59. * 登录验证
  60. *
  61. * @param username 用户名
  62. * @param password 密码
  63. * @param code 验证码
  64. * @param uuid 唯一标识
  65. * @return 结果
  66. */
  67. public String login(String tenantId, String username, String password, String code, String uuid) {
  68. HttpServletRequest request = ServletUtils.getRequest();
  69. boolean captchaEnabled = captchaProperties.getEnable();
  70. // 验证码开关
  71. if (captchaEnabled) {
  72. validateCaptcha(tenantId, username, code, uuid, request);
  73. }
  74. // 校验租户
  75. checkTenant(tenantId);
  76. SysUserVo user = loadUserByUsername(tenantId, username);
  77. checkLogin(LoginType.PASSWORD, tenantId, username, () -> !BCrypt.checkpw(password, user.getPassword()));
  78. // 此处可根据登录用户的数据不同 自行创建 loginUser
  79. LoginUser loginUser = buildLoginUser(user);
  80. // 生成token
  81. LoginHelper.loginByDevice(loginUser, DeviceType.PC);
  82. recordLogininfor(loginUser.getTenantId(), username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"));
  83. recordLoginInfo(user.getUserId());
  84. return StpUtil.getTokenValue();
  85. }
  86. public String smsLogin(String tenantId, String phonenumber, String smsCode) {
  87. // 校验租户
  88. checkTenant(tenantId);
  89. // 通过手机号查找用户
  90. SysUserVo user = loadUserByPhonenumber(tenantId, phonenumber);
  91. checkLogin(LoginType.SMS, tenantId, user.getUserName(), () -> !validateSmsCode(tenantId, phonenumber, smsCode));
  92. // 此处可根据登录用户的数据不同 自行创建 loginUser
  93. LoginUser loginUser = buildLoginUser(user);
  94. // 生成token
  95. LoginHelper.loginByDevice(loginUser, DeviceType.APP);
  96. recordLogininfor(loginUser.getTenantId(), user.getUserName(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"));
  97. recordLoginInfo(user.getUserId());
  98. return StpUtil.getTokenValue();
  99. }
  100. public String xcxLogin(String xcxCode) {
  101. // xcxCode 为 小程序调用 wx.login 授权后获取
  102. // todo 以下自行实现
  103. // 校验 appid + appsrcret + xcxCode 调用登录凭证校验接口 获取 session_key 与 openid
  104. String openid = "";
  105. SysUserVo user = loadUserByOpenid(openid);
  106. // 校验租户
  107. checkTenant(user.getTenantId());
  108. // 此处可根据登录用户的数据不同 自行创建 loginUser
  109. XcxLoginUser loginUser = new XcxLoginUser();
  110. loginUser.setTenantId(user.getTenantId());
  111. loginUser.setUserId(user.getUserId());
  112. loginUser.setUsername(user.getUserName());
  113. loginUser.setUserType(user.getUserType());
  114. loginUser.setOpenid(openid);
  115. // 生成token
  116. LoginHelper.loginByDevice(loginUser, DeviceType.XCX);
  117. recordLogininfor(loginUser.getTenantId(), user.getUserName(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"));
  118. recordLoginInfo(user.getUserId());
  119. return StpUtil.getTokenValue();
  120. }
  121. /**
  122. * 退出登录
  123. */
  124. public void logout() {
  125. try {
  126. LoginUser loginUser = LoginHelper.getLoginUser();
  127. if (TenantHelper.isEnable() && LoginHelper.isSuperAdmin()) {
  128. // 超级管理员 登出清除动态租户
  129. TenantHelper.clearDynamic();
  130. }
  131. StpUtil.logout();
  132. recordLogininfor(loginUser.getTenantId(), loginUser.getUsername(), Constants.LOGOUT, MessageUtils.message("user.logout.success"));
  133. } catch (NotLoginException ignored) {
  134. }
  135. }
  136. /**
  137. * 记录登录信息
  138. *
  139. * @param tenantId 租户ID
  140. * @param username 用户名
  141. * @param status 状态
  142. * @param message 消息内容
  143. * @return
  144. */
  145. private void recordLogininfor(String tenantId, String username, String status, String message) {
  146. LogininforEvent logininforEvent = new LogininforEvent();
  147. logininforEvent.setTenantId(tenantId);
  148. logininforEvent.setUsername(username);
  149. logininforEvent.setStatus(status);
  150. logininforEvent.setMessage(message);
  151. logininforEvent.setRequest(ServletUtils.getRequest());
  152. SpringUtils.context().publishEvent(logininforEvent);
  153. }
  154. /**
  155. * 校验短信验证码
  156. */
  157. private boolean validateSmsCode(String tenantId, String phonenumber, String smsCode) {
  158. String code = RedisUtils.getCacheObject(GlobalConstants.CAPTCHA_CODE_KEY + phonenumber);
  159. if (StringUtils.isBlank(code)) {
  160. recordLogininfor(tenantId, phonenumber, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"));
  161. throw new CaptchaExpireException();
  162. }
  163. return code.equals(smsCode);
  164. }
  165. /**
  166. * 校验验证码
  167. *
  168. * @param username 用户名
  169. * @param code 验证码
  170. * @param uuid 唯一标识
  171. */
  172. public void validateCaptcha(String tenantId, String username, String code, String uuid, HttpServletRequest request) {
  173. String verifyKey = GlobalConstants.CAPTCHA_CODE_KEY + StringUtils.defaultString(uuid, "");
  174. String captcha = RedisUtils.getCacheObject(verifyKey);
  175. RedisUtils.deleteObject(verifyKey);
  176. if (captcha == null) {
  177. recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"));
  178. throw new CaptchaExpireException();
  179. }
  180. if (!code.equalsIgnoreCase(captcha)) {
  181. recordLogininfor(tenantId, username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"));
  182. throw new CaptchaException();
  183. }
  184. }
  185. private SysUserVo loadUserByUsername(String tenantId, String username) {
  186. SysUser user = userMapper.selectOne(new LambdaQueryWrapper<SysUser>()
  187. .select(SysUser::getUserName, SysUser::getStatus)
  188. .eq(TenantHelper.isEnable(), SysUser::getTenantId, tenantId)
  189. .eq(SysUser::getUserName, username));
  190. if (ObjectUtil.isNull(user)) {
  191. log.info("登录用户:{} 不存在.", username);
  192. throw new UserException("user.not.exists", username);
  193. } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
  194. log.info("登录用户:{} 已被停用.", username);
  195. throw new UserException("user.blocked", username);
  196. }
  197. if (TenantHelper.isEnable()) {
  198. return userMapper.selectTenantUserByUserName(username, tenantId);
  199. }
  200. return userMapper.selectUserByUserName(username);
  201. }
  202. private SysUserVo loadUserByPhonenumber(String tenantId, String phonenumber) {
  203. SysUser user = userMapper.selectOne(new LambdaQueryWrapper<SysUser>()
  204. .select(SysUser::getPhonenumber, SysUser::getStatus)
  205. .eq(TenantHelper.isEnable(), SysUser::getTenantId, tenantId)
  206. .eq(SysUser::getPhonenumber, phonenumber));
  207. if (ObjectUtil.isNull(user)) {
  208. log.info("登录用户:{} 不存在.", phonenumber);
  209. throw new UserException("user.not.exists", phonenumber);
  210. } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
  211. log.info("登录用户:{} 已被停用.", phonenumber);
  212. throw new UserException("user.blocked", phonenumber);
  213. }
  214. if (TenantHelper.isEnable()) {
  215. return userMapper.selectTenantUserByPhonenumber(phonenumber, tenantId);
  216. }
  217. return userMapper.selectUserByPhonenumber(phonenumber);
  218. }
  219. private SysUserVo loadUserByOpenid(String openid) {
  220. // 使用 openid 查询绑定用户 如未绑定用户 则根据业务自行处理 例如 创建默认用户
  221. // todo 自行实现 userService.selectUserByOpenid(openid);
  222. SysUserVo user = new SysUserVo();
  223. if (ObjectUtil.isNull(user)) {
  224. log.info("登录用户:{} 不存在.", openid);
  225. // todo 用户不存在 业务逻辑自行实现
  226. } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
  227. log.info("登录用户:{} 已被停用.", openid);
  228. // todo 用户已被停用 业务逻辑自行实现
  229. }
  230. return user;
  231. }
  232. /**
  233. * 构建登录用户
  234. */
  235. private LoginUser buildLoginUser(SysUserVo user) {
  236. LoginUser loginUser = new LoginUser();
  237. loginUser.setTenantId(user.getTenantId());
  238. loginUser.setUserId(user.getUserId());
  239. loginUser.setDeptId(user.getDeptId());
  240. loginUser.setUsername(user.getUserName());
  241. loginUser.setUserType(user.getUserType());
  242. loginUser.setMenuPermission(permissionService.getMenuPermission(user.getUserId()));
  243. loginUser.setRolePermission(permissionService.getRolePermission(user.getUserId()));
  244. loginUser.setDeptName(ObjectUtil.isNull(user.getDept()) ? "" : user.getDept().getDeptName());
  245. List<RoleDTO> roles = MapstructUtils.convert(user.getRoles(), RoleDTO.class);
  246. loginUser.setRoles(roles);
  247. return loginUser;
  248. }
  249. /**
  250. * 记录登录信息
  251. *
  252. * @param userId 用户ID
  253. */
  254. public void recordLoginInfo(Long userId) {
  255. SysUser sysUser = new SysUser();
  256. sysUser.setUserId(userId);
  257. sysUser.setLoginIp(ServletUtils.getClientIP());
  258. sysUser.setLoginDate(DateUtils.getNowDate());
  259. sysUser.setUpdateBy(userId);
  260. userMapper.updateById(sysUser);
  261. }
  262. /**
  263. * 登录校验
  264. */
  265. private void checkLogin(LoginType loginType, String tenantId, String username, Supplier<Boolean> supplier) {
  266. String errorKey = GlobalConstants.PWD_ERR_CNT_KEY + username;
  267. String loginFail = Constants.LOGIN_FAIL;
  268. // 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip)
  269. Integer errorNumber = RedisUtils.getCacheObject(errorKey);
  270. // 锁定时间内登录 则踢出
  271. if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(maxRetryCount)) {
  272. recordLogininfor(tenantId, username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime));
  273. throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime);
  274. }
  275. if (supplier.get()) {
  276. // 是否第一次
  277. errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
  278. // 达到规定错误次数 则锁定登录
  279. if (errorNumber.equals(maxRetryCount)) {
  280. RedisUtils.setCacheObject(errorKey, errorNumber, Duration.ofMinutes(lockTime));
  281. recordLogininfor(tenantId, username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime));
  282. throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime);
  283. } else {
  284. // 未达到规定错误次数 则递增
  285. RedisUtils.setCacheObject(errorKey, errorNumber);
  286. recordLogininfor(tenantId, username, loginFail, MessageUtils.message(loginType.getRetryLimitCount(), errorNumber));
  287. throw new UserException(loginType.getRetryLimitCount(), errorNumber);
  288. }
  289. }
  290. // 登录成功 清空错误次数
  291. RedisUtils.deleteObject(errorKey);
  292. }
  293. private void checkTenant(String tenantId) {
  294. if (!TenantHelper.isEnable()) {
  295. return;
  296. }
  297. SysTenantVo tenant = tenantService.queryByTenantId(tenantId);
  298. if (ObjectUtil.isNull(tenant)) {
  299. log.info("登录租户:{} 不存在.", tenantId);
  300. throw new TenantException("tenant.not.exists");
  301. } else if (TenantStatus.DISABLE.getCode().equals(tenant.getStatus())) {
  302. log.info("登录租户:{} 已被停用.", tenantId);
  303. throw new TenantException("tenant.blocked");
  304. } else if (ObjectUtil.isNotNull(tenant.getExpireTime())
  305. && new Date().after(tenant.getExpireTime())) {
  306. log.info("登录租户:{} 已超过有效期.", tenantId);
  307. throw new TenantException("tenant.expired");
  308. }
  309. }
  310. }