用户登录问题修改
This commit is contained in:
jiang
parent
d57ab0ea5c
commit
4311a41e50
|
|
@ -1,6 +1,7 @@
|
|||
package com.bonus.auth.service;
|
||||
|
||||
import com.bonus.common.core.constant.CacheConstants;
|
||||
import com.bonus.common.core.constant.SecurityConstants;
|
||||
import com.bonus.common.core.constant.UserConstants;
|
||||
import com.bonus.common.core.domain.R;
|
||||
import com.bonus.common.core.enums.UserStatus;
|
||||
|
|
@ -12,6 +13,7 @@ import com.bonus.common.core.utils.ip.IpUtils;
|
|||
import com.bonus.common.core.web.domain.AjaxResult;
|
||||
import com.bonus.common.redis.service.RedisService;
|
||||
import com.bonus.config.SystemConfig;
|
||||
import com.bonus.system.api.RemoteUserService;
|
||||
import com.bonus.system.api.domain.SysUser;
|
||||
import com.bonus.system.api.model.LoginUser;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
|
@ -31,6 +33,9 @@ public class PasswordValidatorService {
|
|||
@Resource
|
||||
private SysRecordLogService recordLogService;
|
||||
|
||||
@Resource
|
||||
private RemoteUserService remoteUserService;
|
||||
|
||||
/**
|
||||
* 对新密码进行校验,返回布尔值表示密码是否符合要求。
|
||||
*
|
||||
|
|
@ -259,8 +264,11 @@ public class PasswordValidatorService {
|
|||
public void handleIpValidation(String username, SysUser user) {
|
||||
try {
|
||||
String nowIp = IpUtils.getIpAddr();
|
||||
String hisIp = redisService.getCacheObject("IP:" + user.getUserId());
|
||||
AjaxResult ajaxResult = remoteUserService.selectSysIpWhitelist(SecurityConstants.INNER);
|
||||
if (ajaxResult.isSuccess()){
|
||||
|
||||
}
|
||||
String hisIp = redisService.getCacheObject("IP:" + user.getUserId());
|
||||
if (!nowIp.equals(hisIp)) {
|
||||
recordLogService.saveErrorLogs(username, System.currentTimeMillis(), user.getUserId().toString());
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,18 +2,23 @@ package com.bonus.auth.service;
|
|||
|
||||
import com.bonus.common.core.constant.CacheConstants;
|
||||
import com.bonus.common.core.constant.Constants;
|
||||
import com.bonus.common.core.constant.SecurityConstants;
|
||||
import com.bonus.common.core.domain.R;
|
||||
import com.bonus.common.core.exception.CaptchaException;
|
||||
import com.bonus.common.core.exception.ServiceException;
|
||||
import com.bonus.common.core.utils.StringUtils;
|
||||
import com.bonus.common.core.utils.VerificationCodeUtils;
|
||||
import com.bonus.common.core.utils.sms.SmsUtils;
|
||||
import com.bonus.common.core.web.domain.AjaxResult;
|
||||
import com.bonus.common.redis.service.RedisService;
|
||||
import com.bonus.common.security.utils.SecurityUtils;
|
||||
import com.bonus.system.api.RemoteConfigService;
|
||||
import com.bonus.system.api.domain.SysUser;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.io.IOException;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
|
|
@ -34,6 +39,9 @@ public class SysPasswordService {
|
|||
@Autowired
|
||||
private SysRecordLogService recordLogService;
|
||||
|
||||
@Resource
|
||||
private RemoteConfigService configService;
|
||||
|
||||
/**
|
||||
* 登录账户密码错误次数缓存键名
|
||||
*
|
||||
|
|
@ -46,26 +54,31 @@ public class SysPasswordService {
|
|||
|
||||
public void validate(SysUser user, String password, long startTime) {
|
||||
String username = user.getUserName();
|
||||
int retryCount = redisService.getCacheObject(getCacheKey(username));
|
||||
|
||||
// 基本锁定时间为 lockTime
|
||||
long dynamicLockTime = lockTime;
|
||||
|
||||
if (retryCount > 0 && retryCount % 5 == 0) {
|
||||
dynamicLockTime += (retryCount / 5) * lockTime; // 每5次增加一个基本锁定时间
|
||||
Integer retryCount = redisService.getCacheObject(getCacheKey(username));
|
||||
Integer times = 5;
|
||||
Integer lockTime = 20;
|
||||
AjaxResult timesAjaxResult = configService.getConfigKey("sys.login.failed.times", SecurityConstants.INNER);
|
||||
AjaxResult lockTimeAjaxResult = configService.getConfigKey("sys.login.failed.locktime", SecurityConstants.INNER);
|
||||
if (timesAjaxResult.isSuccess()){
|
||||
times = Integer.parseInt(timesAjaxResult.get("msg").toString());
|
||||
}
|
||||
if (lockTimeAjaxResult.isSuccess()){
|
||||
lockTime = Integer.parseInt(lockTimeAjaxResult.get("msg").toString());
|
||||
}
|
||||
|
||||
if (retryCount >= Integer.valueOf(maxRetryCount).intValue()) {
|
||||
if (ObjectUtils.isEmpty(retryCount)){
|
||||
retryCount = 0;
|
||||
}
|
||||
if (retryCount >= times) {
|
||||
long time = redisService.getExpire(getCacheKey(username));
|
||||
long times = time / 60 + 1;
|
||||
String errMsg = String.format("密码输入错误%s次,帐户锁定,请%s分钟后重试", maxRetryCount, times);
|
||||
String errMsg = String.format("密码输入错误%s次,帐户锁定,请%s分钟后重试", maxRetryCount, time / 60 + 1);
|
||||
recordLogService.saveLogs(username, startTime, "用户账号锁定", "用户账号已锁定,请" + times + "后重试", null, null);
|
||||
throw new ServiceException(errMsg);
|
||||
}
|
||||
if (!matches(user, password)) {
|
||||
retryCount = retryCount + 1;
|
||||
recordLogService.saveLogs(username, startTime, "密码输入错误", "用户不存在/密码错误", null, null);
|
||||
redisService.setCacheObject(getCacheKey(username), retryCount, dynamicLockTime, TimeUnit.MINUTES);
|
||||
redisService.setCacheObject(getCacheKey(username), retryCount, (long)lockTime, TimeUnit.MINUTES);
|
||||
throw new ServiceException("用户不存在/密码错误");
|
||||
} else {
|
||||
clearLoginRecordCache(username);
|
||||
|
|
|
|||
|
|
@ -39,11 +39,10 @@ public class UsernamePasswordLoginStrategy implements LoginStrategy {
|
|||
passwordValidatorService.validateIpBlacklist(username);
|
||||
//通过用户名获取人员信息
|
||||
R<LoginUser> userResult = remoteUserService.getUserInfo(username, SecurityConstants.INNER);
|
||||
passwordValidatorService.validateUserResult(username, userResult);
|
||||
//获取用户信息
|
||||
LoginUser userInfo = userResult.getData();
|
||||
SysUser user = userInfo.getSysUser();
|
||||
// 验证用户查询结果
|
||||
passwordValidatorService.validateUserResult(username, userResult);
|
||||
passwordValidatorService.validateApprovalStatus(username, user);
|
||||
// 验证用户状态
|
||||
passwordValidatorService.validateUserStatus(username, user);
|
||||
|
|
|
|||
|
|
@ -66,5 +66,5 @@ public class CacheConstants {
|
|||
/**
|
||||
* 登录IP黑名单 cache key
|
||||
*/
|
||||
public static final String SYS_LOGIN_BLACKIPLIST = SYS_CONFIG_KEY + "sys.login.blackIPList";
|
||||
public static final String SYS_LOGIN_BLACKIPLIST ="blackIPList";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,12 @@
|
|||
package com.bonus.common.redis.service;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.data.redis.core.BoundSetOperations;
|
||||
import org.springframework.data.redis.core.HashOperations;
|
||||
import org.springframework.data.redis.core.RedisTemplate;
|
||||
import org.springframework.data.redis.core.ValueOperations;
|
||||
import org.springframework.data.redis.core.*;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
* spring redis 工具类
|
||||
*
|
||||
|
|
@ -24,7 +18,8 @@ public class RedisService
|
|||
{
|
||||
@Autowired
|
||||
public RedisTemplate redisTemplate;
|
||||
|
||||
@Autowired
|
||||
private StringRedisTemplate stringRedisTemplate;
|
||||
/**
|
||||
* 缓存基本的对象,Integer、String、实体类等
|
||||
*
|
||||
|
|
@ -273,4 +268,16 @@ public class RedisService
|
|||
{
|
||||
return redisTemplate.opsForValue().setIfAbsent(key,value,lt,tu);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 根据固定前缀获取 Redis 中符合条件的哈希字段
|
||||
*
|
||||
* @param prefix 需要匹配的前缀
|
||||
* @return 符合前缀的哈希字段值列表
|
||||
*/
|
||||
public Set<String> getKeysByPrefix(String prefix) {
|
||||
return stringRedisTemplate.keys(prefix + "*");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,154 @@
|
|||
package com.bonus.gateway.filter;
|
||||
|
||||
import com.bonus.common.core.constant.CacheConstants;
|
||||
import com.bonus.common.redis.service.RedisService;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.springframework.cloud.gateway.filter.GatewayFilterChain;
|
||||
import org.springframework.cloud.gateway.filter.GlobalFilter;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.net.InetAddress;
|
||||
import java.net.UnknownHostException;
|
||||
import java.time.LocalTime;
|
||||
import java.time.format.DateTimeFormatter;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author bonus
|
||||
*/
|
||||
@Component
|
||||
@Slf4j
|
||||
public class IpFilter implements GlobalFilter, Ordered {
|
||||
@Resource
|
||||
private RedisService redisService;
|
||||
/**
|
||||
* Process the Web request and (optionally) delegate to the next {@code GatewayFilter}
|
||||
* through the given {@link GatewayFilterChain}.
|
||||
*
|
||||
* @param exchange the current server exchange
|
||||
* @param chain provides a way to delegate to the next filter
|
||||
* @return {@code Mono<Void>} to indicate when request processing is complete
|
||||
*/
|
||||
@Override
|
||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
||||
List<Map<String,Object>> cacheList = redisService.getCacheObject(CacheConstants.SYS_LOGIN_BLACKIPLIST);
|
||||
|
||||
// 获取客户端的 IP 地址
|
||||
String ip = exchange.getRequest().getHeaders().getFirst("X-Forwarded-For");
|
||||
for (Map<String,Object> map : cacheList) {
|
||||
String ipAddress = map.containsKey("ipAddress") ? map.get("ipAddress").toString() : null;
|
||||
String ipRangeEnd = map.containsKey("ipRangeEnd") ?map.get("ipRangeEnd").toString(): null;
|
||||
String ipRangeStart = map.containsKey("ipRangeStart")?map.get("ipRangeStart").toString():null;
|
||||
String accessStartTime =map.containsKey("accessStartTime")? map.get("accessStartTime").toString():null;
|
||||
String accessEndTime = map.containsKey("accessEndTime")?map.get("accessEndTime").toString():null;
|
||||
if (ObjectUtils.isEmpty(ipAddress)){
|
||||
if (isIpInRange(ip, ipRangeStart, ipRangeEnd)){
|
||||
if (ObjectUtils.isNotEmpty(accessStartTime)){
|
||||
boolean currentTimeInRange = isCurrentTimeInRange(accessStartTime, accessEndTime);
|
||||
if (!currentTimeInRange){
|
||||
// 完成响应
|
||||
exchange.getResponse().setStatusCode(org.springframework.http.HttpStatus.FORBIDDEN);
|
||||
return exchange.getResponse().setComplete();
|
||||
}else {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
}else {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
|
||||
}
|
||||
}else {
|
||||
if (ipAddress.equals(ip)){
|
||||
if (ObjectUtils.isNotEmpty(accessStartTime)){
|
||||
boolean currentTimeInRange = isCurrentTimeInRange(accessStartTime, accessEndTime);
|
||||
if (!currentTimeInRange){
|
||||
// 完成响应
|
||||
exchange.getResponse().setStatusCode(org.springframework.http.HttpStatus.FORBIDDEN);
|
||||
return exchange.getResponse().setComplete();
|
||||
}else {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
}else {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
exchange.getResponse().setStatusCode(org.springframework.http.HttpStatus.FORBIDDEN);
|
||||
return exchange.getResponse().setComplete();
|
||||
}
|
||||
/**
|
||||
* 检查给定的IP地址是否在指定的网段区间内
|
||||
*
|
||||
* @param ip 要检查的IP地址,例如 "192.168.1.10"
|
||||
* @param startIp 区间开始的IP地址,例如 "192.168.1.0"
|
||||
* @param endIp 区间结束的IP地址,例如 "192.168.1.255"
|
||||
* @return true 如果IP在区间内;否则返回 false
|
||||
*/
|
||||
public static boolean isIpInRange(String ip, String startIp, String endIp) {
|
||||
try {
|
||||
// 将 IP 地址、起始 IP 和结束 IP 转换为整数
|
||||
long ipToCheck = ipToLong(InetAddress.getByName(ip));
|
||||
long start = ipToLong(InetAddress.getByName(startIp));
|
||||
long end = ipToLong(InetAddress.getByName(endIp));
|
||||
|
||||
// 检查 IP 是否在区间内
|
||||
return ipToCheck >= start && ipToCheck <= end;
|
||||
} catch (UnknownHostException e) {
|
||||
e.printStackTrace();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 将IP地址转换为整数
|
||||
*
|
||||
* @param inetAddress IP地址对象
|
||||
* @return 转换后的长整数
|
||||
*/
|
||||
private static long ipToLong(InetAddress inetAddress) {
|
||||
byte[] octets = inetAddress.getAddress();
|
||||
long result = 0;
|
||||
for (byte octet : octets) {
|
||||
result = (result << 8) | (octet & 0xFF);
|
||||
}
|
||||
return result;
|
||||
}
|
||||
public static boolean isCurrentTimeInRange(String start, String end) {
|
||||
// 定义时间格式
|
||||
DateTimeFormatter formatter = DateTimeFormatter.ofPattern("HH:mm:ss");
|
||||
|
||||
// 将字符串转换为 LocalTime
|
||||
LocalTime startTime = LocalTime.parse(start, formatter);
|
||||
LocalTime endTime = LocalTime.parse(end, formatter);
|
||||
|
||||
// 获取当前时间
|
||||
LocalTime currentTime = LocalTime.now();
|
||||
|
||||
// 检查当前时间是否在指定的时间范围内
|
||||
return !currentTime.isBefore(startTime) && !currentTime.isAfter(endTime);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the order value of this object.
|
||||
* <p>Higher values are interpreted as lower priority. As a consequence,
|
||||
* the object with the lowest value has the highest priority (somewhat
|
||||
* analogous to Servlet {@code load-on-startup} values).
|
||||
* <p>Same order values will result in arbitrary sort positions for the
|
||||
* affected objects.
|
||||
*
|
||||
* @return the order value
|
||||
* @see #HIGHEST_PRECEDENCE
|
||||
* @see #LOWEST_PRECEDENCE
|
||||
*/
|
||||
@Override
|
||||
public int getOrder() {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
|
@ -148,7 +148,7 @@ public class RequestCoverFilter implements GlobalFilter, Ordered {
|
|||
return exchange.getResponse().setComplete();
|
||||
}
|
||||
// 解密请求体
|
||||
if ( encrypt) {
|
||||
if (encrypt) {
|
||||
try {
|
||||
requestBody = Sm4Utils.decrypt(requestBody);
|
||||
} catch (Exception e) {
|
||||
|
|
@ -160,11 +160,11 @@ public class RequestCoverFilter implements GlobalFilter, Ordered {
|
|||
if (ObjectUtils.isEmpty(requestBody)) {
|
||||
return exchange.getResponse().setComplete();
|
||||
}
|
||||
|
||||
String providedHmac = requestBody.split("\\|")[1];
|
||||
requestBody = requestBody.split("\\|")[0];
|
||||
// 校验数据完整性
|
||||
if (integrality) {
|
||||
String providedHmac = requestBody.split("\\|")[1];
|
||||
|
||||
integrityVerification(providedHmac, requestBody);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ public class GatewayExceptionHandler implements ErrorWebExceptionHandler
|
|||
{
|
||||
msg = "内部服务器错误";
|
||||
}
|
||||
System.err.println(ex.getMessage());
|
||||
ex.printStackTrace();
|
||||
log.error("[网关异常处理]请求路径:{},异常信息:{}", exchange.getRequest().getPath(), ex.getMessage());
|
||||
|
||||
return ServletUtils.webFluxResponseWriter(response, msg);
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ public interface SysJobMapper
|
|||
*/
|
||||
public int insertJob(SysJob job);
|
||||
|
||||
List<SysUser> selectUserList();
|
||||
List<SysUser> selectUserList(SysUser user);
|
||||
|
||||
/**
|
||||
* 修改用户状态
|
||||
|
|
|
|||
|
|
@ -28,10 +28,11 @@ public class SysTask
|
|||
@Resource
|
||||
private SysJobMapper mapper;
|
||||
|
||||
|
||||
public void checkUserLastLoginTime(){
|
||||
try{
|
||||
List<SysUser> sysUsers = mapper.selectUserList();
|
||||
SysUser user = new SysUser();
|
||||
user.setStatus("0");
|
||||
List<SysUser> sysUsers = mapper.selectUserList(user);
|
||||
sysUsers.forEach(item -> {
|
||||
Date loginDate = item.getLoginDate();
|
||||
if (ObjectUtils.isEmpty(item.getLoginDate())){
|
||||
|
|
@ -52,4 +53,29 @@ public class SysTask
|
|||
logger.error("修改用户状态异常,{}",e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
public void checkUserPermanent(){
|
||||
try{
|
||||
SysUser user = new SysUser();
|
||||
user.setIsPermanent("0");
|
||||
List<SysUser> sysUsers = mapper.selectUserList(user);
|
||||
sysUsers.forEach(item -> {
|
||||
long minutes = DateUtils.minutesBetween(item.getCreateTime(), DateUtils.getNowDate());
|
||||
if (minutes >= LAST_LOGIN_TIME_INTERVAL*3){
|
||||
int i = mapper.updateUser(item.getUserId());
|
||||
if (i>0){
|
||||
logger.error("修改用户状态,用户id为:{},用户名为:{}",item.getUserId(),item.getUserName());
|
||||
}else {
|
||||
logger.error("修改用户状态失败,用户id为:{},用户名为:{}",item.getUserId(),item.getUserName());
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
catch (Exception e){
|
||||
logger.error("修改用户状态异常,{}",e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
<include refid="selectJobVo"/>
|
||||
where job_id = #{jobId}
|
||||
</select>
|
||||
|
||||
|
||||
<delete id="deleteJobById" parameterType="Long">
|
||||
delete from sys_job where job_id = #{jobId}
|
||||
</delete>
|
||||
|
|
@ -112,7 +112,9 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
|
|||
<select id="selectUserList" resultType="com.bonus.system.api.domain.SysUser">
|
||||
select user_id AS userId, login_date AS loginDate ,user_name AS userName,create_time AS createTime
|
||||
from sys_user
|
||||
where del_flag = '0' AND status='0'
|
||||
where del_flag = '0'
|
||||
<if test="status != null and status != ''">AND status='0'</if>
|
||||
<if test="isPermanent != null and isPermanent != ''">AND is_permanent='0'</if>
|
||||
</select>
|
||||
|
||||
<update id="updateUser">
|
||||
|
|
|
|||
Loading…
Reference in New Issue