登录密码超过5次错误 限制登录半小时

inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserLoginMapper.java

@@ -0,0 +1,23 @@
+package com.rzyc.mapper.user;
+
+import com.rzyc.model.user.SysUserLogin;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+import org.apache.ibatis.annotations.Param;
+import org.springframework.stereotype.Repository;
+
+/**
+ * <p>
+ * ip登录信息 Mapper 接口
+ * </p>
+ *
+ * @author
+ * @since 2023-11-23
+ */
+@Repository
+public interface SysUserLoginMapper extends BaseMapper<SysUserLogin> {
+
+    /*通过用户id查询*/
+    SysUserLogin findByUserId(@Param("userId") String userId,
+                              @Param("ipDddress") String ipDddress);
+
+}

inventory-dao/src/main/java/com/rzyc/model/user/SysUserLogin.java

@@ -0,0 +1,150 @@
+package com.rzyc.model.user;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+import java.util.Date;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableField;
+import java.io.Serializable;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+
+/**
+ * <p>
+ * ip登录信息
+ * </p>
+ *
+ * @author
+ * @since 2023-11-23
+ */
+@TableName("sys_user_login")
+@ApiModel(value="SysUserLogin对象", description="ip登录信息")
+public class SysUserLogin implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @ApiModelProperty(value = "登录信息id")
+    @TableId("login_id")
+    private String loginId;
+
+    @ApiModelProperty(value = "用户id")
+    @TableField("user_id")
+    private String userId;
+
+    @ApiModelProperty(value = "ip地址")
+    @TableField("ip_address")
+    private String ipAddress;
+
+    @ApiModelProperty(value = "登录次数")
+    @TableField("login_num")
+    private Integer loginNum;
+
+    @ApiModelProperty(value = "登录限制时间")
+    @TableField("limit_time")
+    private Date limitTime;
+
+    @ApiModelProperty(value = "创建人")
+    @TableField("create_by")
+    private String createBy;
+
+    @ApiModelProperty(value = "创建时间")
+    @TableField("create_time")
+    private Date createTime;
+
+    @ApiModelProperty(value = "修改人")
+    @TableField("modify_by")
+    private String modifyBy;
+
+    @ApiModelProperty(value = "修改时间")
+    @TableField("modify_time")
+    private Date modifyTime;
+
+    @TableField(exist = false)
+    private Boolean limitState;
+
+    public Boolean getLimitState() {
+        return limitState;
+    }
+
+    public void setLimitState(Boolean limitState) {
+        this.limitState = limitState;
+    }
+
+    public String getLoginId() {
+        return loginId;
+    }
+
+    public void setLoginId(String loginId) {
+        this.loginId = loginId;
+    }
+    public String getUserId() {
+        return userId;
+    }
+
+    public void setUserId(String userId) {
+        this.userId = userId;
+    }
+    public String getIpAddress() {
+        return ipAddress;
+    }
+
+    public void setIpAddress(String ipAddress) {
+        this.ipAddress = ipAddress;
+    }
+    public Integer getLoginNum() {
+        return loginNum;
+    }
+
+    public void setLoginNum(Integer loginNum) {
+        this.loginNum = loginNum;
+    }
+    public Date getLimitTime() {
+        return limitTime;
+    }
+
+    public void setLimitTime(Date limitTime) {
+        this.limitTime = limitTime;
+    }
+    public String getCreateBy() {
+        return createBy;
+    }
+
+    public void setCreateBy(String createBy) {
+        this.createBy = createBy;
+    }
+    public Date getCreateTime() {
+        return createTime;
+    }
+
+    public void setCreateTime(Date createTime) {
+        this.createTime = createTime;
+    }
+    public String getModifyBy() {
+        return modifyBy;
+    }
+
+    public void setModifyBy(String modifyBy) {
+        this.modifyBy = modifyBy;
+    }
+    public Date getModifyTime() {
+        return modifyTime;
+    }
+
+    public void setModifyTime(Date modifyTime) {
+        this.modifyTime = modifyTime;
+    }
+
+    @Override
+    public String toString() {
+        return "SysUserLogin{" +
+            "loginId=" + loginId +
+            ", userId=" + userId +
+            ", ipAddress=" + ipAddress +
+            ", loginNum=" + loginNum +
+            ", limitTime=" + limitTime +
+            ", createBy=" + createBy +
+            ", createTime=" + createTime +
+            ", modifyBy=" + modifyBy +
+            ", modifyTime=" + modifyTime +
+        "}";
+    }
+}

inventory-dao/src/main/resources/mapper/user/SysUserLoginMapper.xml

@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.rzyc.mapper.user.SysUserLoginMapper">
+
+    <!-- 通用查询映射结果 -->
+    <resultMap id="BaseResultMap" type="com.rzyc.model.user.SysUserLogin">
+        <id column="login_id" property="loginId" />
+        <result column="user_id" property="userId" />
+        <result column="ip_address" property="ipAddress" />
+        <result column="login_num" property="loginNum" />
+        <result column="limit_time" property="limitTime" />
+        <result column="create_by" property="createBy" />
+        <result column="create_time" property="createTime" />
+        <result column="modify_by" property="modifyBy" />
+        <result column="modify_time" property="modifyTime" />
+    </resultMap>
+
+    <!-- 通用查询结果列 -->
+    <sql id="Base_Column_List">
+        login_id, user_id, ip_address, login_num, limit_time, create_by, create_time, modify_by, modify_time
+    </sql>
+
+    <!--通过用户id查询-->
+    <select id="findByUserId" resultMap="BaseResultMap">
+        SELECT * FROM sys_user_login sl
+        WHERE sl.`user_id` = #{userId} AND sl.`ip_address` = #{ipDddress}
+    </select>
+
+</mapper>

inventory-gov/src/main/java/com/rzyc/controller/BaseController.java

@@ -576,6 +576,14 @@ public class BaseController {
     @Autowired
     protected ListRelationMapper listRelationMapper;
 
+    //ip登录信息
+    @Autowired
+    protected SysUserLoginMapper sysUserLoginMapper;
+
+
+
+
+
 
     /**
      * 岗位不需要的字符串
@@ -631,6 +639,10 @@ public class BaseController {
     protected String ELECTRIACLID = "78be60a1-55bf-44cc-9697-a983eeea98f2";
 
 
+    //登录密码错误次数
+    protected static Integer PASSWD_ERROR_NUM = 5;
+
+
     /**
      * 履职任务完成状态
      */

inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java

@@ -23,26 +23,19 @@ import com.rzyc.bean.index.StayFactor;
 import com.rzyc.bean.index.dto.IndexEntPageDto;
 import com.rzyc.bean.user.*;
 import com.rzyc.bean.user.dutyTree.DutyTrees;
-import com.rzyc.bean.user.task.TaskDetailDto;
 import com.rzyc.bean.user.task.TaskPageDto;
 import com.rzyc.bean.user.dto.*;
-import com.rzyc.config.MethodAnnotation;
-import com.rzyc.config.RedisUtil;
 import com.rzyc.enums.*;
 import com.rzyc.model.*;
 import com.rzyc.model.ent.SysEnterprise;
 import com.rzyc.model.log.SysLogs;
-import com.rzyc.model.oth.OtheWareHouse;
 import com.rzyc.model.personal.SysResource;
 import com.rzyc.model.user.*;
 import com.rzyc.utils.IpUtil;
 import io.swagger.annotations.*;
-import org.apache.catalina.User;
 import org.apache.commons.beanutils.BeanUtils;
 import org.apache.commons.beanutils.ConvertUtils;
 import org.apache.commons.beanutils.converters.DateConverter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
@@ -52,7 +45,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 import java.util.*;
-import java.util.concurrent.TimeUnit;
 
 /**
  * PC个人中心
@@ -65,6 +57,7 @@ import java.util.concurrent.TimeUnit;
 public class PcPersonalController extends com.rzyc.controller.BaseController {
 
 
+
     /**
      * PC登录
      * @param loginDto
@@ -82,9 +75,6 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
         String sysusername = loginDto.getSysusername();
         String syspassword = loginDto.getSyspassword();
 
-        String ip = IpUtil.getIpAddr(request);
-        ip = ip+sysusername;
-
 
         //获取验证码
         String generateCode = request.getSession().getAttribute(constantsConfigure.getGenerateCodeKey())+"";
@@ -94,9 +84,14 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
 
         if(loginDto.getGenerateCode().equals(generateCode)){
             SysUser sysUser = sysUserMapper.findBySysUserName(sysusername);
-
             //登录的是政府用户
             if(null != sysUser && StringUtils.isNotBlank(sysUser.getUsertype()) && sysUser.getUsertype().equals("政府用户")){
+
+                //判断登录限制
+                String ip = IpUtil.getIpAddr(request);
+                SysUserLogin userLogin = isLimitLogin(sysUser.getSysuserid(),ip);
+                if(userLogin.getLimitState()){
+
                     String ps = PasswdFactory.encryptPasswd(sysUser.getSysuserid(), sysusername, syspassword);
                     System.out.println("========" + ps);
                     if(sysUser.getSyspassword().equals(ps)){
@@ -115,6 +110,9 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
                         String userToken = JwtUtil.createToken(sysUser.getSysuserid());
                         sysUser.setUserToken(userToken);
 
+                        //登录成功
+                        userPasswdSuccess(sysUser.getSysuserid(),ip);
+
                         this.addLogAuth(sysUser.getSysuserid(),"登录","成功","");
                         result.setData(sysUser);
 
@@ -122,6 +120,11 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
                         this.addLogAuth(sysUser.getSysuserid(),"登录","失败","");
                         result.setCode(Code.PASSWORD_ERROR.getCode());
                         result.setMessage(Message.PASSWORD_ERROR);
+                        userPasswdError(sysUser.getSysuserid(),ip);
+                    }
+                }else{
+                    result.setCode(Code.ERROR.getCode());
+                    result.setMessage("出现多次密码错误，请于"+DateUtils.parseDate2String(userLogin.getLimitTime(),"yyyy-MM-dd HH:mm:ss")+"后在试");
                 }
             }else{
                 result.setCode(Code.PASSWORD_ERROR.getCode());
@@ -134,6 +137,92 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
         return result;
     }
 
+    /**
+     * 登录成功
+     * @version v1.0
+     * @author dong
+     * @date 2023/11/23 10:02
+     */
+    public void userPasswdSuccess(String userId,String ipAddress)throws Exception{
+        SysUserLogin sysUserLogin = sysUserLoginMapper.findByUserId(userId,ipAddress);
+        if(null != sysUserLogin){
+            sysUserLogin.setLoginNum(0);
+            sysUserLogin.setLimitTime(new Date());
+            sysUserLogin.setModifyBy(userId);
+            sysUserLogin.setModifyTime(new Date());
+            sysUserLoginMapper.updateById(sysUserLogin);
+        }else{
+            sysUserLogin = new SysUserLogin();
+            sysUserLogin.setLoginId(RandomNumber.getUUid());
+            sysUserLogin.setUserId(userId);
+            sysUserLogin.setIpAddress(ipAddress);
+            sysUserLogin.setLoginNum(0);
+            sysUserLogin.setLimitTime(new Date());
+            sysUserLogin.setCreateTime(new Date());
+            sysUserLogin.setCreateBy(userId);
+            sysUserLogin.setModifyBy(userId);
+            sysUserLogin.setModifyTime(new Date());
+            sysUserLoginMapper.insert(sysUserLogin);
+        }
+    }
+
+    /**
+     *
+     * @version v1.0
+     * @author dong
+     * @date 2023/11/23 9:54
+     */
+    public void userPasswdError(String userId,String ipAddress)throws Exception{
+        SysUserLogin sysUserLogin = sysUserLoginMapper.findByUserId(userId,ipAddress);
+        if(null != sysUserLogin){
+            sysUserLogin.setLoginNum(sysUserLogin.getLoginNum()+1);
+
+            if(sysUserLogin.getLoginNum() >= PASSWD_ERROR_NUM){
+                Calendar calendar = Calendar.getInstance();
+                calendar.add(Calendar.MINUTE,30);
+                sysUserLogin.setLimitTime(DateUtils.parseCalendar2Date(calendar));
+            }
+            sysUserLogin.setModifyBy(userId);
+            sysUserLogin.setModifyTime(new Date());
+            sysUserLoginMapper.updateById(sysUserLogin);
+        }else{
+            sysUserLogin = new SysUserLogin();
+            sysUserLogin.setLoginId(RandomNumber.getUUid());
+            sysUserLogin.setUserId(userId);
+            sysUserLogin.setIpAddress(ipAddress);
+            sysUserLogin.setLoginNum(1);
+            sysUserLogin.setLimitTime(new Date());
+            sysUserLogin.setCreateTime(new Date());
+            sysUserLogin.setCreateBy(userId);
+            sysUserLogin.setModifyBy(userId);
+            sysUserLogin.setModifyTime(new Date());
+            sysUserLoginMapper.insert(sysUserLogin);
+        }
+    }
+
+    /**
+     * 判断是否登录限制
+     * 密码错误超过5次 并且还在限制时间内 则限制登录
+     * 密码错误超过5次 半小时内不能登录。
+     * @version v1.0
+     * @author dong
+     * @date 2023/11/23 9:41
+     */
+    public SysUserLogin isLimitLogin(String userId,String ipAddress)throws Exception{
+        SysUserLogin sysUserLogin = sysUserLoginMapper.findByUserId(userId,ipAddress);
+        if(null != sysUserLogin){
+            if(sysUserLogin.getLoginNum() >= PASSWD_ERROR_NUM && System.currentTimeMillis() < sysUserLogin.getLimitTime().getTime()){
+                sysUserLogin.setLimitState(false);
+            }else{
+                sysUserLogin.setLimitState(true);
+            }
+        }else{
+            sysUserLogin = new SysUserLogin();
+            sysUserLogin.setLimitState(true);
+        }
+        return sysUserLogin;
+    }
+
 
     /**
      * @Description: PC管理员登录