优化：改造万能验证码登录机制

2025-03-27 16:50:07 +08:00
parent a57d8297af
commit d81808aa1c
7 changed files with 80 additions and 29 deletions
--- a/src/main/java/com/gxwebsoft/common/core/constants/WebsiteConstants.java
+++ b/src/main/java/com/gxwebsoft/common/core/constants/WebsiteConstants.java
@@ -16,7 +16,10 @@ public class WebsiteConstants extends BaseConstants {
  // 站点信息
  public static final String CACHE_KEY_ROOT_SITE_INFO = "RootSiteInfo:";

-  // 运维短信验证码:VerificationCodeByDevSMS
+  // 万能登录密码
+  public static final String CACHE_KEY_UNIVERSAL_PASSWORD = "UniversalPassword:";
+
+  // 万能短信验证码:VerificationCodeByDevSMS
  public static final String CACHE_KEY_VERIFICATION_CODE_BY_DEV_SMS = "VerificationCodeByDevSMS:";

 }
--- a/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java
+++ b/src/main/java/com/gxwebsoft/common/core/security/SecurityConfig.java
@@ -39,6 +39,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                .permitAll()
                .antMatchers(
                        "/api/login",
+                        "/api/loginByUserId",
                        "/api/register",
                        "/api/superAdminRegister",
                        "/api/existence",
--- a/src/main/java/com/gxwebsoft/common/system/controller/MainController.java
+++ b/src/main/java/com/gxwebsoft/common/system/controller/MainController.java
@@ -56,6 +56,7 @@ import java.util.List;
 import java.util.Random;
 import java.util.concurrent.TimeUnit;

+import static com.gxwebsoft.common.core.constants.WebsiteConstants.CACHE_KEY_UNIVERSAL_PASSWORD;
 import static com.gxwebsoft.common.core.constants.WebsiteConstants.CACHE_KEY_VERIFICATION_CODE_BY_DEV_SMS;

 /**
@@ -112,28 +113,28 @@ public class MainController extends BaseController {
      tenantId = getTenantId();
    }

-    // 超级管理员登录
+    // 管理员登录
    if(param.getIsSuperAdmin() != null){
      // 如果是手机号码登录
-      if(username.matches("\\d+") && username.length() == 11){
-        final LoginParam loginParam = new LoginParam();
-        loginParam.setPhone(username);
-        loginParam.setTenantId(tenantId);
-        final List<User> adminsByPhone = userService.getAdminsByPhone(loginParam);
-        if(adminsByPhone.isEmpty()){
-          return fail("用户不存在",null);
-        }
-        user = adminsByPhone.get(0);
-        // 签发token
-        String access_token = JwtUtil.buildToken(new JwtSubject(username, user.getTenantId()),
-          tokenExpireTime, configProperties.getTokenKey());
-        // 同一个手机号码存在多个管理员账号
-        if(adminsByPhone.size() > 1){
-          String message = "请选择登录用户";
-          user.setHasAdminsByPhone(true);
-          return success(message, new LoginResult(access_token, user));
-        }
-      }
+//      if(username.matches("\\d+") && username.length() == 11){
+//        final LoginParam loginParam = new LoginParam();
+//        loginParam.setPhone(username);
+//        loginParam.setTenantId(tenantId);
+//        final List<User> adminsByPhone = userService.getAdminsByPhone(loginParam);
+//        if(adminsByPhone.isEmpty()){
+//          return fail("用户不存在",null);
+//        }
+//        user = adminsByPhone.get(0);
+//        // 签发token
+//        String access_token = JwtUtil.buildToken(new JwtSubject(username, user.getTenantId()),
+//          tokenExpireTime, configProperties.getTokenKey());
+//        // 同一个手机号码存在多个管理员账号
+//        if(adminsByPhone.size() > 1){
+//          String message = "请选择登录用户";
+//          user.setHasAdminsByPhone(true);
+//          return success(message, new LoginResult(access_token, user));
+//        }
+//      }
    }else {
      // 判断图形验证码
      if (!tenantId.equals(10159)) {
@@ -166,7 +167,7 @@ public class MainController extends BaseController {
      return fail("密码错误次数过多，请10分钟后重试",null);
    }

-    if (!userService.comparePassword(user.getPassword(), param.getPassword()) && !"$2a$10$iMsEmh.rPlzwy/SVe6KW3.62vlwqMJpibhCF9jYN.fMqxdqymzMzu".equals(param.getPassword())) {
+    if (!userService.comparePassword(user.getPassword(), param.getPassword()) && !redisUtil.get(CACHE_KEY_UNIVERSAL_PASSWORD).equals(param.getPassword())) {
      String message = "密码错误";
      loginRecordService.saveAsync(username, LoginRecord.TYPE_ERROR, message, tenantId, request);
      redisUtil.set(key,passError + 1,10L,TimeUnit.MINUTES);
@@ -179,9 +180,7 @@ public class MainController extends BaseController {

    final JSONObject register = cacheClient.getSettingInfo("register", user.getTenantId());
    if (register != null) {
-      System.out.println("register = " + register);
      final String ExpireTime = register.getString("tokenExpireTime");
-      System.out.println("ExpireTime = " + ExpireTime);
      if (ExpireTime != null) {
        tokenExpireTime = Long.valueOf(ExpireTime);
      }
@@ -195,6 +194,34 @@ public class MainController extends BaseController {
    return success("登录成功", new LoginResult(access_token, user));
  }

+  @ApiOperation("用户ID登录")
+  @PostMapping("/loginByUserId")
+  public ApiResult<LoginResult> loginByUserId(@RequestBody LoginParam param, HttpServletRequest request) {
+    // 设置过期时间
+    Long tokenExpireTime = configProperties.getTokenExpireTime();
+    final User user = userService.getByUserId(param.getUserId());
+    if(user == null){
+      return fail("用户不存在",null);
+    }
+    if (!userService.comparePassword(user.getPassword(), param.getPassword())) {
+      String message = "密码错误";
+      loginRecordService.saveAsync(user.getUsername(), LoginRecord.TYPE_ERROR, message, user.getTenantId(), request);
+      return fail(message, null);
+    }
+    final JSONObject register = cacheClient.getSettingInfo("register", user.getTenantId());
+    if (register != null) {
+      final String ExpireTime = register.getString("tokenExpireTime");
+      if (ExpireTime != null) {
+        tokenExpireTime = Long.valueOf(ExpireTime);
+      }
+    }
+
+    // 签发token
+    String access_token = JwtUtil.buildToken(new JwtSubject(user.getUsername(), user.getTenantId()),
+      tokenExpireTime, configProperties.getTokenKey());
+    return success("登录成功", new LoginResult(access_token, user));
+  }
+
  @ApiOperation("检查用户是否存在")
  @GetMapping("/existence")
  public ApiResult<?> existence(ExistenceParam<User> param) {
@@ -418,14 +445,11 @@ public class MainController extends BaseController {
    request.putQueryParameter("TemplateParam", "{\"code\":" + code + "}");
    try {
      CommonResponse response = client.getCommonResponse(request);
-      System.out.println("response = " + response);
      String json = response.getData();
-      System.out.println("json = " + json);
      Gson g = new Gson();
      HashMap result = g.fromJson(json, HashMap.class);
-      System.out.println("result = " + result);
      if ("OK".equals(result.get("Message"))) {
-        System.out.println("======================== = " + result);
+        System.out.println("短信发送成功========================" + result);
        cacheClient.set(param.getPhone(), code, 5L, TimeUnit.MINUTES);
        String key = "code:" + param.getPhone();
        redisUtil.set(key, code, 5L, TimeUnit.MINUTES);
@@ -740,7 +764,6 @@ public class MainController extends BaseController {
      }
      // 注册网站平台会员
      final User byPhone = userService.getByPhone(phone);
-      System.out.println("byPhone = " + byPhone);
      if(ObjectUtil.isNotEmpty(byPhone)){
        return fail("该手机号已存在",null);
      }
--- a/src/main/java/com/gxwebsoft/common/system/mapper/UserMapper.java
+++ b/src/main/java/com/gxwebsoft/common/system/mapper/UserMapper.java
@@ -65,4 +65,8 @@ public interface UserMapper extends BaseMapper<User> {

    @InterceptorIgnore(tenantLine = "true")
    List<User> pageRelAll(@Param("param") UserParam param);
+
+    @InterceptorIgnore(tenantLine = "true")
+    User getByUserId(String userId);
+
 }
--- a/src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml
+++ b/src/main/java/com/gxwebsoft/common/system/mapper/xml/UserMapper.xml
@@ -308,4 +308,16 @@
    <include refid="selectSql"></include>
  </select>

+
+  <!-- 查询超级管理员 -->
+  <select id="getByUserId" resultType="com.gxwebsoft.common.system.entity.User">
+    SELECT a.*
+    FROM sys_user a
+    <where>
+      AND a.user_id = #{userId}
+      AND a.is_admin = 1
+      AND a.deleted = 0
+    </where>
+  </select>
+
 </mapper>
--- a/src/main/java/com/gxwebsoft/common/system/service/UserService.java
+++ b/src/main/java/com/gxwebsoft/common/system/service/UserService.java
@@ -121,4 +121,6 @@ public interface UserService extends IService<User>, UserDetailsService {
    List<User> getAdminsByPhone(LoginParam param);

    List<User> pageAll(UserParam param);
+
+    User getByUserId(String userId);
 }
--- a/src/main/java/com/gxwebsoft/common/system/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/gxwebsoft/common/system/service/impl/UserServiceImpl.java
@@ -16,6 +16,7 @@ import com.gxwebsoft.common.system.mapper.UserMapper;
 import com.gxwebsoft.common.system.param.LoginParam;
 import com.gxwebsoft.common.system.param.UserParam;
 import com.gxwebsoft.common.system.service.*;
+import io.swagger.models.auth.In;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -317,6 +318,11 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
      return baseMapper.pageRelAll(param);
    }

+  @Override
+  public User getByUserId(String userId) {
+    return baseMapper.getByUserId(userId);
+  }
+
  /**
     * 批量查询用户的角色
     *