SysLoginService.java 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. package com.ruoyi.system.service;
  2. import cn.dev33.satoken.exception.NotLoginException;
  3. import cn.dev33.satoken.secure.BCrypt;
  4. import cn.dev33.satoken.stp.StpUtil;
  5. import cn.hutool.core.bean.BeanUtil;
  6. import cn.hutool.core.util.ObjectUtil;
  7. import com.ruoyi.common.constant.CacheConstants;
  8. import com.ruoyi.common.constant.Constants;
  9. import com.ruoyi.common.core.domain.dto.RoleDTO;
  10. import com.ruoyi.common.core.domain.entity.SysUser;
  11. import com.ruoyi.common.core.domain.model.LoginUser;
  12. import com.ruoyi.common.core.domain.model.XcxLoginUser;
  13. import com.ruoyi.common.core.service.LogininforService;
  14. import com.ruoyi.common.enums.DeviceType;
  15. import com.ruoyi.common.enums.LoginType;
  16. import com.ruoyi.common.enums.UserStatus;
  17. import com.ruoyi.common.exception.user.*;
  18. import com.ruoyi.common.helper.LoginHelper;
  19. import com.ruoyi.common.utils.DateUtils;
  20. import com.ruoyi.common.utils.MessageUtils;
  21. import com.ruoyi.common.utils.ServletUtils;
  22. import com.ruoyi.common.utils.StringUtils;
  23. import com.ruoyi.common.utils.redis.RedisUtils;
  24. import lombok.RequiredArgsConstructor;
  25. import lombok.extern.slf4j.Slf4j;
  26. import org.springframework.beans.factory.annotation.Value;
  27. import org.springframework.stereotype.Service;
  28. import javax.servlet.http.HttpServletRequest;
  29. import java.time.Duration;
  30. import java.util.List;
  31. import java.util.function.Supplier;
  32. /**
  33. * 登录校验方法
  34. *
  35. * @author Lion Li
  36. */
  37. @RequiredArgsConstructor
  38. @Slf4j
  39. @Service
  40. public class SysLoginService {
  41. private final ISysUserService userService;
  42. private final ISysConfigService configService;
  43. private final LogininforService asyncService;
  44. private final SysPermissionService permissionService;
  45. @Value("${user.password.maxRetryCount}")
  46. private Integer maxRetryCount;
  47. @Value("${user.password.lockTime}")
  48. private Integer lockTime;
  49. /**
  50. * 登录验证
  51. *
  52. * @param username 用户名
  53. * @param password 密码
  54. * @param code 验证码
  55. * @param uuid 唯一标识
  56. * @return 结果
  57. */
  58. public String login(String username, String password, String code, String uuid) {
  59. HttpServletRequest request = ServletUtils.getRequest();
  60. boolean captchaEnabled = configService.selectCaptchaEnabled();
  61. // 验证码开关
  62. if (captchaEnabled) {
  63. validateCaptcha(username, code, uuid, request);
  64. }
  65. SysUser user = loadUserByUsername(username);
  66. checkLogin(LoginType.PASSWORD, username, () -> !BCrypt.checkpw(password, user.getPassword()));
  67. // 此处可根据登录用户的数据不同 自行创建 loginUser
  68. LoginUser loginUser = buildLoginUser(user);
  69. // 生成token
  70. LoginHelper.loginByDevice(loginUser, DeviceType.PC);
  71. asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
  72. recordLoginInfo(user.getUserId(), username);
  73. return StpUtil.getTokenValue();
  74. }
  75. public String smsLogin(String phonenumber, String smsCode) {
  76. // 通过手机号查找用户
  77. SysUser user = loadUserByPhonenumber(phonenumber);
  78. HttpServletRequest request = ServletUtils.getRequest();
  79. checkLogin(LoginType.SMS, user.getUserName(), () -> !validateSmsCode(phonenumber, smsCode, request));
  80. // 此处可根据登录用户的数据不同 自行创建 loginUser
  81. LoginUser loginUser = buildLoginUser(user);
  82. // 生成token
  83. LoginHelper.loginByDevice(loginUser, DeviceType.APP);
  84. asyncService.recordLogininfor(user.getUserName(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
  85. recordLoginInfo(user.getUserId(), user.getUserName());
  86. return StpUtil.getTokenValue();
  87. }
  88. public String xcxLogin(String xcxCode) {
  89. HttpServletRequest request = ServletUtils.getRequest();
  90. // xcxCode 为 小程序调用 wx.login 授权后获取
  91. // todo 以下自行实现
  92. // 校验 appid + appsrcret + xcxCode 调用登录凭证校验接口 获取 session_key 与 openid
  93. String openid = "";
  94. SysUser user = loadUserByOpenid(openid);
  95. // 此处可根据登录用户的数据不同 自行创建 loginUser
  96. XcxLoginUser loginUser = new XcxLoginUser();
  97. loginUser.setUserId(user.getUserId());
  98. loginUser.setUsername(user.getUserName());
  99. loginUser.setUserType(user.getUserType());
  100. loginUser.setOpenid(openid);
  101. // 生成token
  102. LoginHelper.loginByDevice(loginUser, DeviceType.XCX);
  103. asyncService.recordLogininfor(user.getUserName(), Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
  104. recordLoginInfo(user.getUserId(), user.getUserName());
  105. return StpUtil.getTokenValue();
  106. }
  107. /**
  108. * 退出登录
  109. */
  110. public void logout() {
  111. try {
  112. LoginUser loginUser = LoginHelper.getLoginUser();
  113. StpUtil.logout();
  114. asyncService.recordLogininfor(loginUser.getUsername(), Constants.LOGOUT, MessageUtils.message("user.logout.success"), ServletUtils.getRequest());
  115. } catch (NotLoginException e) {
  116. }
  117. }
  118. /**
  119. * 校验短信验证码
  120. */
  121. private boolean validateSmsCode(String phonenumber, String smsCode, HttpServletRequest request) {
  122. String code = RedisUtils.getCacheObject(CacheConstants.CAPTCHA_CODE_KEY + phonenumber);
  123. if (StringUtils.isBlank(code)) {
  124. asyncService.recordLogininfor(phonenumber, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"), request);
  125. throw new CaptchaExpireException();
  126. }
  127. return code.equals(smsCode);
  128. }
  129. /**
  130. * 校验验证码
  131. *
  132. * @param username 用户名
  133. * @param code 验证码
  134. * @param uuid 唯一标识
  135. */
  136. public void validateCaptcha(String username, String code, String uuid, HttpServletRequest request) {
  137. String verifyKey = CacheConstants.CAPTCHA_CODE_KEY + StringUtils.defaultString(uuid, "");
  138. String captcha = RedisUtils.getCacheObject(verifyKey);
  139. RedisUtils.deleteObject(verifyKey);
  140. if (captcha == null) {
  141. asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"), request);
  142. throw new CaptchaExpireException();
  143. }
  144. if (!code.equalsIgnoreCase(captcha)) {
  145. asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.error"), request);
  146. throw new CaptchaException();
  147. }
  148. }
  149. private SysUser loadUserByUsername(String username) {
  150. SysUser user = userService.selectUserByUserName(username);
  151. if (ObjectUtil.isNull(user)) {
  152. log.info("登录用户:{} 不存在.", username);
  153. throw new UserException("user.not.exists", username);
  154. } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
  155. log.info("登录用户:{} 已被删除.", username);
  156. throw new UserException("user.password.delete", username);
  157. } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
  158. log.info("登录用户:{} 已被停用.", username);
  159. throw new UserException("user.blocked", username);
  160. }
  161. return user;
  162. }
  163. private SysUser loadUserByPhonenumber(String phonenumber) {
  164. SysUser user = userService.selectUserByPhonenumber(phonenumber);
  165. if (ObjectUtil.isNull(user)) {
  166. log.info("登录用户:{} 不存在.", phonenumber);
  167. throw new UserException("user.not.exists", phonenumber);
  168. } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
  169. log.info("登录用户:{} 已被删除.", phonenumber);
  170. throw new UserException("user.password.delete", phonenumber);
  171. } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
  172. log.info("登录用户:{} 已被停用.", phonenumber);
  173. throw new UserException("user.blocked", phonenumber);
  174. }
  175. return user;
  176. }
  177. private SysUser loadUserByOpenid(String openid) {
  178. // 使用 openid 查询绑定用户 如未绑定用户 则根据业务自行处理 例如 创建默认用户
  179. // todo 自行实现 userService.selectUserByOpenid(openid);
  180. SysUser user = new SysUser();
  181. if (ObjectUtil.isNull(user)) {
  182. log.info("登录用户:{} 不存在.", openid);
  183. // todo 用户不存在 业务逻辑自行实现
  184. } else if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
  185. log.info("登录用户:{} 已被删除.", openid);
  186. // todo 用户已被删除 业务逻辑自行实现
  187. } else if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
  188. log.info("登录用户:{} 已被停用.", openid);
  189. // todo 用户已被停用 业务逻辑自行实现
  190. }
  191. return user;
  192. }
  193. /**
  194. * 构建登录用户
  195. */
  196. private LoginUser buildLoginUser(SysUser user) {
  197. LoginUser loginUser = new LoginUser();
  198. loginUser.setUserId(user.getUserId());
  199. loginUser.setDeptId(user.getDeptId());
  200. loginUser.setUsername(user.getUserName());
  201. loginUser.setUserType(user.getUserType());
  202. loginUser.setMenuPermission(permissionService.getMenuPermission(user));
  203. loginUser.setRolePermission(permissionService.getRolePermission(user));
  204. loginUser.setDeptName(ObjectUtil.isNull(user.getDept()) ? "" : user.getDept().getDeptName());
  205. List<RoleDTO> roles = BeanUtil.copyToList(user.getRoles(), RoleDTO.class);
  206. loginUser.setRoles(roles);
  207. return loginUser;
  208. }
  209. /**
  210. * 记录登录信息
  211. *
  212. * @param userId 用户ID
  213. */
  214. public void recordLoginInfo(Long userId, String username) {
  215. SysUser sysUser = new SysUser();
  216. sysUser.setUserId(userId);
  217. sysUser.setLoginIp(ServletUtils.getClientIP());
  218. sysUser.setLoginDate(DateUtils.getNowDate());
  219. sysUser.setUpdateBy(username);
  220. userService.updateUserProfile(sysUser);
  221. }
  222. /**
  223. * 登录校验
  224. */
  225. private void checkLogin(LoginType loginType, String username, Supplier<Boolean> supplier) {
  226. HttpServletRequest request = ServletUtils.getRequest();
  227. String errorKey = CacheConstants.PWD_ERR_CNT_KEY + username;
  228. String loginFail = Constants.LOGIN_FAIL;
  229. // 获取用户登录错误次数(可自定义限制策略 例如: key + username + ip)
  230. Integer errorNumber = RedisUtils.getCacheObject(errorKey);
  231. // 锁定时间内登录 则踢出
  232. if (ObjectUtil.isNotNull(errorNumber) && errorNumber.equals(maxRetryCount)) {
  233. asyncService.recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime), request);
  234. throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime);
  235. }
  236. if (supplier.get()) {
  237. // 是否第一次
  238. errorNumber = ObjectUtil.isNull(errorNumber) ? 1 : errorNumber + 1;
  239. // 达到规定错误次数 则锁定登录
  240. if (errorNumber.equals(maxRetryCount)) {
  241. RedisUtils.setCacheObject(errorKey, errorNumber, Duration.ofMinutes(lockTime));
  242. asyncService.recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitExceed(), maxRetryCount, lockTime), request);
  243. throw new UserException(loginType.getRetryLimitExceed(), maxRetryCount, lockTime);
  244. } else {
  245. // 未达到规定错误次数 则递增
  246. RedisUtils.setCacheObject(errorKey, errorNumber);
  247. asyncService.recordLogininfor(username, loginFail, MessageUtils.message(loginType.getRetryLimitCount(), errorNumber), request);
  248. throw new UserException(loginType.getRetryLimitCount(), errorNumber);
  249. }
  250. }
  251. // 登录成功 清空错误次数
  252. RedisUtils.deleteObject(errorKey);
  253. }
  254. }