ganzi/ganzi-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

登录密码超过5次错误 限制登录半小时

Browse Source
This commit is contained in:
mythxb 2023-11-24 15:41:24 +08:00
parent 744fb80719
commit 4cc1c64d27
5 changed files with 336 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
inventory-dao/src/main/java/com/rzyc/mapper/user/SysUserLoginMapper.java Normal file
View File

@ -0,0 +1,23 @@
package com.rzyc.mapper.user;
import com.rzyc.model.user.SysUserLogin;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import org.apache.ibatis.annotations.Param;
import org.springframework.stereotype.Repository;
/**
* <p>
* ip登录信息 Mapper 接口
* </p>
*
* @author
* @since 2023-11-23
*/
@Repository
public interface SysUserLoginMapper extends BaseMapper<SysUserLogin> {
/*通过用户id查询*/
SysUserLogin findByUserId(@Param("userId") String userId,
@Param("ipDddress") String ipDddress);
}

150
inventory-dao/src/main/java/com/rzyc/model/user/SysUserLogin.java Normal file
View File

@ -0,0 +1,150 @@
package com.rzyc.model.user;
import com.baomidou.mybatisplus.annotation.TableName;
import java.util.Date;
import com.baomidou.mybatisplus.annotation.TableId;
import com.baomidou.mybatisplus.annotation.TableField;
import java.io.Serializable;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
/**
* <p>
* ip登录信息
* </p>
*
* @author
* @since 2023-11-23
*/
@TableName("sys_user_login")
@ApiModel(value="SysUserLogin对象", description="ip登录信息")
public class SysUserLogin implements Serializable {
private static final long serialVersionUID = 1L;
@ApiModelProperty(value = "登录信息id")
@TableId("login_id")
private String loginId;
@ApiModelProperty(value = "用户id")
@TableField("user_id")
private String userId;
@ApiModelProperty(value = "ip地址")
@TableField("ip_address")
private String ipAddress;
@ApiModelProperty(value = "登录次数")
@TableField("login_num")
private Integer loginNum;
@ApiModelProperty(value = "登录限制时间")
@TableField("limit_time")
private Date limitTime;
@ApiModelProperty(value = "创建人")
@TableField("create_by")
private String createBy;
@ApiModelProperty(value = "创建时间")
@TableField("create_time")
private Date createTime;
@ApiModelProperty(value = "修改人")
@TableField("modify_by")
private String modifyBy;
@ApiModelProperty(value = "修改时间")
@TableField("modify_time")
private Date modifyTime;
@TableField(exist = false)
private Boolean limitState;
public Boolean getLimitState() {
return limitState;
}
public void setLimitState(Boolean limitState) {
this.limitState = limitState;
}
public String getLoginId() {
return loginId;
}
public void setLoginId(String loginId) {
this.loginId = loginId;
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public String getIpAddress() {
return ipAddress;
}
public void setIpAddress(String ipAddress) {
this.ipAddress = ipAddress;
}
public Integer getLoginNum() {
return loginNum;
}
public void setLoginNum(Integer loginNum) {
this.loginNum = loginNum;
}
public Date getLimitTime() {
return limitTime;
}
public void setLimitTime(Date limitTime) {
this.limitTime = limitTime;
}
public String getCreateBy() {
return createBy;
}
public void setCreateBy(String createBy) {
this.createBy = createBy;
}
public Date getCreateTime() {
return createTime;
}
public void setCreateTime(Date createTime) {
this.createTime = createTime;
}
public String getModifyBy() {
return modifyBy;
}
public void setModifyBy(String modifyBy) {
this.modifyBy = modifyBy;
}
public Date getModifyTime() {
return modifyTime;
}
public void setModifyTime(Date modifyTime) {
this.modifyTime = modifyTime;
}
@Override
public String toString() {
return "SysUserLogin{" +
"loginId=" + loginId +
", userId=" + userId +
", ipAddress=" + ipAddress +
", loginNum=" + loginNum +
", limitTime=" + limitTime +
", createBy=" + createBy +
", createTime=" + createTime +
", modifyBy=" + modifyBy +
", modifyTime=" + modifyTime +
"}";
}
}

29
inventory-dao/src/main/resources/mapper/user/SysUserLoginMapper.xml Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.rzyc.mapper.user.SysUserLoginMapper">
<!-- 通用查询映射结果 -->
<resultMap id="BaseResultMap" type="com.rzyc.model.user.SysUserLogin">
<id column="login_id" property="loginId" />
<result column="user_id" property="userId" />
<result column="ip_address" property="ipAddress" />
<result column="login_num" property="loginNum" />
<result column="limit_time" property="limitTime" />
<result column="create_by" property="createBy" />
<result column="create_time" property="createTime" />
<result column="modify_by" property="modifyBy" />
<result column="modify_time" property="modifyTime" />
</resultMap>
<!-- 通用查询结果列 -->
<sql id="Base_Column_List">
login_id, user_id, ip_address, login_num, limit_time, create_by, create_time, modify_by, modify_time
</sql>
<!--通过用户id查询-->
<select id="findByUserId" resultMap="BaseResultMap">
SELECT * FROM sys_user_login sl
WHERE sl.`user_id` = #{userId} AND sl.`ip_address` = #{ipDddress}
</select>
</mapper>

12
inventory-gov/src/main/java/com/rzyc/controller/BaseController.java
View File

@ -576,6 +576,14 @@ public class BaseController {
@Autowired @Autowired
protected ListRelationMapper listRelationMapper; protected ListRelationMapper listRelationMapper;
//ip登录信息
@Autowired
protected SysUserLoginMapper sysUserLoginMapper;
/** /**
* 岗位不需要的字符串 * 岗位不需要的字符串
@ -631,6 +639,10 @@ public class BaseController {
protected String ELECTRIACLID = "78be60a1-55bf-44cc-9697-a983eeea98f2"; protected String ELECTRIACLID = "78be60a1-55bf-44cc-9697-a983eeea98f2";
//登录密码错误次数
protected static Integer PASSWD_ERROR_NUM = 5;
/** /**
* 履职任务完成状态 * 履职任务完成状态
*/ */

155
inventory-gov/src/main/java/com/rzyc/controller/PcPersonalController.java
View File

@ -23,26 +23,19 @@ import com.rzyc.bean.index.StayFactor;
import com.rzyc.bean.index.dto.IndexEntPageDto; import com.rzyc.bean.index.dto.IndexEntPageDto;
import com.rzyc.bean.user.*; import com.rzyc.bean.user.*;
import com.rzyc.bean.user.dutyTree.DutyTrees; import com.rzyc.bean.user.dutyTree.DutyTrees;
import com.rzyc.bean.user.task.TaskDetailDto;
import com.rzyc.bean.user.task.TaskPageDto; import com.rzyc.bean.user.task.TaskPageDto;
import com.rzyc.bean.user.dto.*; import com.rzyc.bean.user.dto.*;
import com.rzyc.config.MethodAnnotation;
import com.rzyc.config.RedisUtil;
import com.rzyc.enums.*; import com.rzyc.enums.*;
import com.rzyc.model.*; import com.rzyc.model.*;
import com.rzyc.model.ent.SysEnterprise; import com.rzyc.model.ent.SysEnterprise;
import com.rzyc.model.log.SysLogs; import com.rzyc.model.log.SysLogs;
import com.rzyc.model.oth.OtheWareHouse;
import com.rzyc.model.personal.SysResource; import com.rzyc.model.personal.SysResource;
import com.rzyc.model.user.*; import com.rzyc.model.user.*;
import com.rzyc.utils.IpUtil; import com.rzyc.utils.IpUtil;
import io.swagger.annotations.*; import io.swagger.annotations.*;
import org.apache.catalina.User;
import org.apache.commons.beanutils.BeanUtils; import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.beanutils.ConvertUtils; import org.apache.commons.beanutils.ConvertUtils;
import org.apache.commons.beanutils.converters.DateConverter; import org.apache.commons.beanutils.converters.DateConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional; import org.springframework.transaction.annotation.Transactional;
import org.springframework.validation.annotation.Validated; import org.springframework.validation.annotation.Validated;
@ -52,7 +45,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.validation.Valid; import javax.validation.Valid;
import java.util.*; import java.util.*;
import java.util.concurrent.TimeUnit;
/** /**
* PC个人中心 * PC个人中心
@ -65,6 +57,7 @@ import java.util.concurrent.TimeUnit;
public class PcPersonalController extends com.rzyc.controller.BaseController { public class PcPersonalController extends com.rzyc.controller.BaseController {
/** /**
* PC登录 * PC登录
* @param loginDto * @param loginDto
@ -82,9 +75,6 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
String sysusername = loginDto.getSysusername(); String sysusername = loginDto.getSysusername();
String syspassword = loginDto.getSyspassword(); String syspassword = loginDto.getSyspassword();
String ip = IpUtil.getIpAddr(request);
ip = ip+sysusername;
//获取验证码 //获取验证码
String generateCode = request.getSession().getAttribute(constantsConfigure.getGenerateCodeKey())+""; String generateCode = request.getSession().getAttribute(constantsConfigure.getGenerateCodeKey())+"";
@ -94,34 +84,47 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
if(loginDto.getGenerateCode().equals(generateCode)){ if(loginDto.getGenerateCode().equals(generateCode)){
SysUser sysUser = sysUserMapper.findBySysUserName(sysusername); SysUser sysUser = sysUserMapper.findBySysUserName(sysusername);
//登录的是政府用户 //登录的是政府用户
if(null != sysUser && StringUtils.isNotBlank(sysUser.getUsertype()) && sysUser.getUsertype().equals("政府用户")){ if(null != sysUser && StringUtils.isNotBlank(sysUser.getUsertype()) && sysUser.getUsertype().equals("政府用户")){
String ps = PasswdFactory.encryptPasswd(sysUser.getSysuserid(), sysusername, syspassword);
System.out.println("========" + ps);
if(sysUser.getSyspassword().equals(ps)){
sysUser.setSyspassword("");
//获取职务 //判断登录限制
sysUser = getUserDuty(sysUser); String ip = IpUtil.getIpAddr(request);
SysUserLogin userLogin = isLimitLogin(sysUser.getSysuserid(),ip);
if(userLogin.getLimitState()){
//通过角色判断是否为安办 或者 部门管理员 String ps = PasswdFactory.encryptPasswd(sysUser.getSysuserid(), sysusername, syspassword);
if(StringUtils.isNotBlank(sysUser.getUserroles())){ System.out.println("========" + ps);
Integer userRole = this.getUserRole(sysUser.getUserroles()); if(sysUser.getSyspassword().equals(ps)){
sysUser.setUserRole(userRole); sysUser.setSyspassword("");
//获取职务
sysUser = getUserDuty(sysUser);
//通过角色判断是否为安办 或者 部门管理员
if(StringUtils.isNotBlank(sysUser.getUserroles())){
Integer userRole = this.getUserRole(sysUser.getUserroles());
sysUser.setUserRole(userRole);
}
//获取用户令牌
String userToken = JwtUtil.createToken(sysUser.getSysuserid());
sysUser.setUserToken(userToken);
//登录成功
userPasswdSuccess(sysUser.getSysuserid(),ip);
this.addLogAuth(sysUser.getSysuserid(),"登录","成功","");
result.setData(sysUser);
}else{
this.addLogAuth(sysUser.getSysuserid(),"登录","失败","");
result.setCode(Code.PASSWORD_ERROR.getCode());
result.setMessage(Message.PASSWORD_ERROR);
userPasswdError(sysUser.getSysuserid(),ip);
} }
//获取用户令牌
String userToken = JwtUtil.createToken(sysUser.getSysuserid());
sysUser.setUserToken(userToken);
this.addLogAuth(sysUser.getSysuserid(),"登录","成功","");
result.setData(sysUser);
}else{ }else{
this.addLogAuth(sysUser.getSysuserid(),"登录","失败",""); result.setCode(Code.ERROR.getCode());
result.setCode(Code.PASSWORD_ERROR.getCode()); result.setMessage("出现多次密码错误,请于"+DateUtils.parseDate2String(userLogin.getLimitTime(),"yyyy-MM-dd HH:mm:ss")+"后在试");
result.setMessage(Message.PASSWORD_ERROR);
} }
}else{ }else{
result.setCode(Code.PASSWORD_ERROR.getCode()); result.setCode(Code.PASSWORD_ERROR.getCode());
@ -134,6 +137,92 @@ public class PcPersonalController extends com.rzyc.controller.BaseController {
return result; return result;
} }
/**
* 登录成功
* @version v1.0
* @author dong
* @date 2023/11/23 10:02
*/
public void userPasswdSuccess(String userId,String ipAddress)throws Exception{
SysUserLogin sysUserLogin = sysUserLoginMapper.findByUserId(userId,ipAddress);
if(null != sysUserLogin){
sysUserLogin.setLoginNum(0);
sysUserLogin.setLimitTime(new Date());
sysUserLogin.setModifyBy(userId);
sysUserLogin.setModifyTime(new Date());
sysUserLoginMapper.updateById(sysUserLogin);
}else{
sysUserLogin = new SysUserLogin();
sysUserLogin.setLoginId(RandomNumber.getUUid());
sysUserLogin.setUserId(userId);
sysUserLogin.setIpAddress(ipAddress);
sysUserLogin.setLoginNum(0);
sysUserLogin.setLimitTime(new Date());
sysUserLogin.setCreateTime(new Date());
sysUserLogin.setCreateBy(userId);
sysUserLogin.setModifyBy(userId);
sysUserLogin.setModifyTime(new Date());
sysUserLoginMapper.insert(sysUserLogin);
}
}
/**
*
* @version v1.0
* @author dong
* @date 2023/11/23 9:54
*/
public void userPasswdError(String userId,String ipAddress)throws Exception{
SysUserLogin sysUserLogin = sysUserLoginMapper.findByUserId(userId,ipAddress);
if(null != sysUserLogin){
sysUserLogin.setLoginNum(sysUserLogin.getLoginNum()+1);
if(sysUserLogin.getLoginNum() >= PASSWD_ERROR_NUM){
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.MINUTE,30);
sysUserLogin.setLimitTime(DateUtils.parseCalendar2Date(calendar));
}
sysUserLogin.setModifyBy(userId);
sysUserLogin.setModifyTime(new Date());
sysUserLoginMapper.updateById(sysUserLogin);
}else{
sysUserLogin = new SysUserLogin();
sysUserLogin.setLoginId(RandomNumber.getUUid());
sysUserLogin.setUserId(userId);
sysUserLogin.setIpAddress(ipAddress);
sysUserLogin.setLoginNum(1);
sysUserLogin.setLimitTime(new Date());
sysUserLogin.setCreateTime(new Date());
sysUserLogin.setCreateBy(userId);
sysUserLogin.setModifyBy(userId);
sysUserLogin.setModifyTime(new Date());
sysUserLoginMapper.insert(sysUserLogin);
}
}
/**
* 判断是否登录限制
* 密码错误超过5次 并且还在限制时间内 则限制登录
* 密码错误超过5次 半小时内不能登录
* @version v1.0
* @author dong
* @date 2023/11/23 9:41
*/
public SysUserLogin isLimitLogin(String userId,String ipAddress)throws Exception{
SysUserLogin sysUserLogin = sysUserLoginMapper.findByUserId(userId,ipAddress);
if(null != sysUserLogin){
if(sysUserLogin.getLoginNum() >= PASSWD_ERROR_NUM && System.currentTimeMillis() < sysUserLogin.getLimitTime().getTime()){
sysUserLogin.setLimitState(false);
}else{
sysUserLogin.setLimitState(true);
}
}else{
sysUserLogin = new SysUserLogin();
sysUserLogin.setLimitState(true);
}
return sysUserLogin;
}
/** /**
* @Description: PC管理员登录 * @Description: PC管理员登录