diff --git a/dsBase/src/main/java/com/dsideal/dsBase/LoginPerson/Controller/LoginPersonController.java b/dsBase/src/main/java/com/dsideal/dsBase/LoginPerson/Controller/LoginPersonController.java index 12161379..585c128a 100644 --- a/dsBase/src/main/java/com/dsideal/dsBase/LoginPerson/Controller/LoginPersonController.java +++ b/dsBase/src/main/java/com/dsideal/dsBase/LoginPerson/Controller/LoginPersonController.java @@ -39,12 +39,6 @@ public class LoginPersonController extends Controller { @EmptyInterface({"username", "password", "captcha"}) public void doLogin(String username, String password, String captcha) { JSONObject resultJson = new JSONObject(); - if (StrKit.isBlank(captcha)) { - resultJson.put("success", false); - resultJson.put("msg", "验证码不能为空!"); - renderJson(resultJson); - return; - } String checkCodeKey = ""; //万能验证码:dsideal if (!captcha.equals("dsideal")) { @@ -95,19 +89,6 @@ public class LoginPersonController extends Controller { } } - if (StrKit.isBlank(username)) { - resultJson.put("success", false); - resultJson.put("msg", "用户名不允许为空!"); - renderJson(resultJson); - return; - } - if (StrKit.isBlank(password)) { - resultJson.put("success", false); - resultJson.put("msg", "密码不允许为空!"); - renderJson(resultJson); - return; - } - //检查缓存中此账号错误了几次 String PassWordKey = "WrongPassWord_" + username; int ErrCnt = 4; //最多允许错几次 4+1 @@ -195,6 +176,106 @@ public class LoginPersonController extends Controller { renderJson(resultJson); } + /** + * 登录【内部调用】 + * + * @param username 用户名 + * @param password 密码 + * @param platform 哪个平台,WEB,MOBILE + */ + @Before(POST.class) + @EmptyInterface({"username", "password", "captcha"}) + public void doLogin_Internal(String username, String password,String platform) { + JSONObject resultJson = new JSONObject(); + + //检查缓存中此账号错误了几次 + String PassWordKey = "WrongPassWord_" + username; + int ErrCnt = 4; //最多允许错几次 4+1 + int cntNum = 0; //错几次了 + + if (RedisKit.Exists(PassWordKey)) + cntNum = Integer.parseInt(RedisKit.Get(PassWordKey)); + if (cntNum > ErrCnt) { + resultJson.put("success", false); + resultJson.put("msg", "账号被停用5分钟,请稍后再试!"); + renderJson(resultJson); + return; + } + //与前端配合RSA通用加密解密 + try { + password = RsaUtils.decryptDataOnJava(password, RsaUtils.PRIVATEKEY); + } catch (Exception err) { + password = "!@#$%^&&*^*&(*)(*_)^%^$%$^%$^%"; + } + String passwordEncode = CommonUtil.getLdapPassword(password); + BaseModel bm = new BaseModel(); + Map loginMap = bm.getLoginInfoByUserName(username); + if (passwordEncode != null && (loginMap == null || !passwordEncode.equals(loginMap.get("password").toString()))) { + //扩展支持连续输入用户名密码错误,停用账号5分钟功能 2022.06.07 + cntNum = 1; + if (RedisKit.Exists(PassWordKey)) + cntNum = Integer.parseInt(RedisKit.Get(PassWordKey)) + cntNum; + + int finalCntNum = cntNum; + RedisKit.incrBy(PassWordKey, finalCntNum); + RedisKit.Expire(PassWordKey, 60 * 5); + if (cntNum > ErrCnt) { + resultJson.put("success", false); + resultJson.put("msg", "密码连续输入" + (ErrCnt + 1) + "次全部错误,账号将被停用5分钟!"); + renderJson(resultJson); + return; + } + if (cntNum == ErrCnt) { + resultJson.put("success", false); + resultJson.put("msg", "用户名或密码连续错误,你还有1次机会,再次错误后账号将被封掉5分钟!"); + renderJson(resultJson); + return; + } + resultJson.put("success", false); + resultJson.put("msg", "用户名或密码错误!"); + renderJson(resultJson); + return; + } + //去掉限制 + RedisKit.Del(PassWordKey); + + //检查当前人员是不是存在合理身份 + int identity_id = Integer.parseInt(loginMap.get("identity_id").toString()); + String person_id = loginMap.get("person_id").toString(); + if (identity_id < 5) { + List list = lm.getPersonDuty(person_id); + if (list.isEmpty()) { + resultJson.put("success", false); + resultJson.put("redirect", true); + resultJson.put("msg", "后台管理人员无法在前端页面登录!"); + renderJson(resultJson); + return; + } + } + + //返回相关信息 + resultJson.put("success", true); + resultJson.put("identity_id", loginMap.get("identity_id").toString()); + resultJson.put("person_id", loginMap.get("person_id").toString()); + resultJson.put("bureau_id", loginMap.get("bureau_id").toString()); + resultJson.put("person_name", loginMap.get("person_name").toString()); + resultJson.put("org_code", loginMap.get("org_code").toString()); + //添加返回的JWT + String jwtToken = JwtUtil.generateToken(Integer.parseInt(loginMap.get("identity_id").toString()), + loginMap.get("person_id").toString(), loginMap.get("bureau_id").toString()); + resultJson.put("success", true); + resultJson.put("identity_id", loginMap.get("identity_id").toString()); + resultJson.put("person_id", loginMap.get("person_id").toString()); + resultJson.put("bureau_id", loginMap.get("bureau_id").toString()); + resultJson.put("person_name", loginMap.get("person_name").toString()); + resultJson.put("jwt", jwtToken); + + //根据人员id,获取所在单位信息 + Record r = bm.getBureauInfoByPersonId(loginMap.get("person_id").toString()); + if (r != null) resultJson.put("bureau_name", r.getStr("bureau_name")); + renderJson(resultJson); + } + /** * 登出功能 */ diff --git a/dsBase/src/main/java/com/dsideal/dsBase/Util/JwtUtil.java b/dsBase/src/main/java/com/dsideal/dsBase/Util/JwtUtil.java new file mode 100644 index 00000000..15b01b68 --- /dev/null +++ b/dsBase/src/main/java/com/dsideal/dsBase/Util/JwtUtil.java @@ -0,0 +1,72 @@ +package com.dsideal.dsBase.Util; + +import com.jfinal.kit.PropKit; +import io.jsonwebtoken.Claims; +import io.jsonwebtoken.Jwts; +import io.jsonwebtoken.SignatureAlgorithm; + +import java.nio.charset.StandardCharsets; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + +public class JwtUtil { + public static final String AUTHORIZATION_STARTER = "Bearer "; + public static final String SECRET = PropKit.get("SECRET"); + + /** + * 功能:黄海开发的生成JWT函数 + * + * @param identity_id 身份ID + * @param person_id 人员ID + * @param bureau_id 机构ID + * @return JWT签名 + */ + public static String generateToken(int identity_id, String person_id, String bureau_id) { + // 获取当前日期和时间 + Date now = new Date(); + // 格式化日期 + Map claims = new HashMap<>(); + claims.put("create_time", now.toString()); + claims.put("identity_id", identity_id); + claims.put("person_id", person_id); + claims.put("bureau_id", bureau_id); + return AUTHORIZATION_STARTER + Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS256, SECRET).compact(); + } + + public static Claims getClaims(String token) { + if (token.contains(AUTHORIZATION_STARTER)) { + token = token.replace(AUTHORIZATION_STARTER, ""); + } + Claims claims; + try { + claims = Jwts.parser() + .setSigningKey(SECRET) + .parseClaimsJws(token) + .getBody(); + } catch (Exception e) { + try { + claims = Jwts.parser() + .setSigningKey(SECRET.getBytes(StandardCharsets.UTF_8)) + .parseClaimsJws(token) + .getBody(); + } catch (Exception err) { + claims = null; + } + } + return claims; + } + + public static void main(String[] args) { + //GwApplication gw = new GwApplication(); + String token = generateToken(4, "0b64e31e-a85e-43eb-ba5f-3088d986a8da", "3f7f4c90-645a-4fb9-9902-447846cf1dcc"); + /** + 结论: + 1、JWT的里面有三个关键信息,一个是identity_id,另一个是person_id,还有一个bureau_id + */ + Claims claims = getClaims(token); + System.out.println(claims.get("identity_id")); + System.out.println(claims.get("person_id")); + System.out.println(claims.get("bureau_id")); + } +} diff --git a/dsBase/src/main/resources/application.properties b/dsBase/src/main/resources/application.properties index f617dce2..645021ca 100644 --- a/dsBase/src/main/resources/application.properties +++ b/dsBase/src/main/resources/application.properties @@ -8,6 +8,9 @@ jdbcUrl=jdbc:postgresql://10.10.14.71:5432/dsBase_db?reWriteBatchedInserts=true redis_ip=10.10.14.14 redis_port=18890 +# JWT +SECRET: ZXZnZWVr5b+r5LmQ5L2g55qE5Ye66KGM + # 首页 first_page=/login.html