登录优化

2025-09-17 10:56:25 +08:00
parent b463e97d28
commit aeea8f9072
7 changed files with 471 additions and 18 deletions
--- a/fys-admin/src/main/java/com/fuyuanshen/app/controller/AppAuthController.java
+++ b/fys-admin/src/main/java/com/fuyuanshen/app/controller/AppAuthController.java
@ -4,15 +4,24 @@ import cn.dev33.satoken.annotation.SaIgnore;
 import cn.dev33.satoken.exception.NotLoginException;
 import cn.hutool.core.collection.CollUtil;
 import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.RandomUtil;
+import com.fuyuanshen.app.model.AppRegisterBody;
 import com.fuyuanshen.app.model.AppSmsLoginBody;
 import com.fuyuanshen.app.service.AppLoginService;
+import com.fuyuanshen.app.service.AppRegisterService;
+import com.fuyuanshen.common.core.constant.Constants;
+import com.fuyuanshen.common.core.constant.GlobalConstants;
 import com.fuyuanshen.common.core.constant.SystemConstants;
 import com.fuyuanshen.common.core.domain.R;
+import com.fuyuanshen.common.core.domain.model.AppPasswordLoginBody;
 import com.fuyuanshen.common.core.domain.model.RegisterBody;
 import com.fuyuanshen.common.core.domain.model.SmsLoginBody;
+import com.fuyuanshen.common.core.enums.LoginType;
 import com.fuyuanshen.common.core.utils.*;
 import com.fuyuanshen.common.encrypt.annotation.ApiEncrypt;
 import com.fuyuanshen.common.json.utils.JsonUtils;
+import com.fuyuanshen.common.ratelimiter.annotation.RateLimiter;
+import com.fuyuanshen.common.redis.utils.RedisUtils;
 import com.fuyuanshen.common.satoken.utils.LoginHelper;
 import com.fuyuanshen.common.tenant.helper.TenantHelper;
 import com.fuyuanshen.system.domain.bo.SysTenantBo;
@ -27,6 +36,7 @@ import com.fuyuanshen.web.domain.vo.TenantListVo;
 import com.fuyuanshen.web.service.IAuthStrategy;
 import com.fuyuanshen.web.service.SysRegisterService;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.constraints.NotBlank;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.dromara.sms4j.api.SmsBlend;
@ -36,8 +46,12 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;

 import java.net.URL;
+import java.time.Duration;
+import java.util.LinkedHashMap;
 import java.util.List;

+import static com.fuyuanshen.common.core.constant.GlobalConstants.DEVICE_SHARE_CODES_KEY;
+
 /**
 * APP认证
 *
@ -51,7 +65,7 @@ import java.util.List;
 public class AppAuthController {

    private final AppLoginService loginService;
-    private final SysRegisterService registerService;
+    private final AppRegisterService registerService;
    private final ISysConfigService configService;
    private final ISysTenantService tenantService;
    private final ISysClientService clientService;
@ -66,16 +80,34 @@ public class AppAuthController {
    @PostMapping("/login")
    public R<LoginVo> login(@RequestBody AppSmsLoginBody appSmsLoginBody) {
 //        SmsLoginBody loginBody = JsonUtils.parseObject(body, SmsLoginBody.class);
-        ValidatorUtils.validate(appSmsLoginBody);
-        SmsLoginBody loginBody = new SmsLoginBody();
-        loginBody.setPhonenumber(appSmsLoginBody.getPhonenumber());
-        loginBody.setSmsCode(appSmsLoginBody.getSmsCode());
-        loginBody.setTenantId(appSmsLoginBody.getTenantId());
-        loginBody.setClientId("ca839698e245d60aa2f0e59bd52b34f8");
-        loginBody.setGrantType("appSms");
+        String loginType = appSmsLoginBody.getLoginType();
+        String body = "";
        // 授权类型和客户端id
-        String clientId = loginBody.getClientId();
-        String grantType = loginBody.getGrantType();
+        String clientId = "";
+        String grantType = "";
+        String tenantId = appSmsLoginBody.getTenantId();
+        ValidatorUtils.validate(appSmsLoginBody);
+        if("2".equals(loginType)){
+            AppPasswordLoginBody loginBody = new AppPasswordLoginBody();
+            loginBody.setUsername(appSmsLoginBody.getPhonenumber());
+            loginBody.setPassword(appSmsLoginBody.getLoginPassword());
+            loginBody.setClientId("835b15335d389c9fcfdf99421fa8019b");
+            loginBody.setGrantType("appPassword");
+            clientId = loginBody.getClientId();
+            grantType = loginBody.getGrantType();
+            body = JsonUtils.toJsonString(loginBody);
+        }else{
+            SmsLoginBody loginBody = new SmsLoginBody();
+            loginBody.setPhonenumber(appSmsLoginBody.getPhonenumber());
+            loginBody.setSmsCode(appSmsLoginBody.getSmsCode());
+            loginBody.setTenantId(appSmsLoginBody.getTenantId());
+            loginBody.setClientId("ca839698e245d60aa2f0e59bd52b34f8");
+            loginBody.setGrantType("appSms");
+            clientId = loginBody.getClientId();
+            grantType = loginBody.getGrantType();
+            body = JsonUtils.toJsonString(loginBody);
+        }
+
        SysClientVo client = clientService.queryByClientId(clientId);
        // 查询不到 client 或 client 内不包含 grantType
        if (ObjectUtil.isNull(client) || !StringUtils.contains(client.getGrantType(), grantType)) {
@ -85,9 +117,9 @@ public class AppAuthController {
            return R.fail(MessageUtils.message("auth.grant.type.blocked"));
        }
        // 校验租户
-        loginService.checkTenant(loginBody.getTenantId());
+//        loginService.checkTenant(loginBody.getTenantId());
+        loginService.checkTenant(tenantId);
        // 登录
-        String body = JsonUtils.toJsonString(loginBody);
        LoginVo loginVo = IAuthStrategy.login(body, client, grantType);
        return R.ok(loginVo);
    }
@ -113,16 +145,68 @@ public class AppAuthController {
        return R.ok("用户注销成功");
    }

+
    /**
     * 用户注册
     */
-    @ApiEncrypt
    @PostMapping("/register")
-    public R<Void> register(@Validated @RequestBody RegisterBody user) {
-        if (!configService.selectRegisterEnabled(user.getTenantId())) {
-            return R.fail("当前系统没有开启注册功能！");
+    public R<Void> register(@Validated @RequestBody AppRegisterBody body) {
+        registerService.register(body);
+        return R.ok();
+    }
+
+
+    /**
+     * 找回密码
+     */
+    @PostMapping("/forgetPassword")
+    public R<Void> forgetPassword(@Validated @RequestBody AppRegisterBody body) {
+        registerService.forgetPassword(body);
+        return R.ok();
+    }
+
+
+    /**
+     * 用户注册短信验证码
+     *
+     * @param phonenumber 用户手机号
+     */
+    @SaIgnore
+    @RateLimiter(key = "#phonenumber", time = 60, count = 1)
+    @GetMapping("/registerSmsCode")
+    public R<Void> registerSmsCode(@NotBlank(message = "{user.phonenumber.not.blank}") String phonenumber) {
+        String key = GlobalConstants.REGISTER_CODE_KEY + phonenumber;
+        String code = RandomUtil.randomNumbers(4);
+        RedisUtils.setCacheObject(key, code, Duration.ofMinutes(Constants.CAPTCHA_EXPIRATION));
+        LinkedHashMap<String, String> map = new LinkedHashMap<>(1);
+        map.put("code", code);
+        SmsBlend smsBlend = SmsFactory.getSmsBlend("config1");
+        SmsResponse smsResponse = smsBlend.sendMessage(phonenumber, map);
+        if (!smsResponse.isSuccess()) {
+            return R.fail(smsResponse.getData().toString());
+        }
+        return R.ok();
+    }
+
+    /**
+     * 找回密码短信验证码
+     *
+     * @param phonenumber 用户手机号
+     */
+    @SaIgnore
+    @RateLimiter(key = "#phonenumber", time = 60, count = 1)
+    @GetMapping("/forgetPasswordSmsCode")
+    public R<Void> forgetPasswordSmsCode(@NotBlank(message = "{user.phonenumber.not.blank}") String phonenumber) {
+        String key = GlobalConstants.FORGET_PASSWORD_CODE_KEY + phonenumber;
+        String code = RandomUtil.randomNumbers(4);
+        RedisUtils.setCacheObject(key, code, Duration.ofMinutes(Constants.CAPTCHA_EXPIRATION));
+        LinkedHashMap<String, String> map = new LinkedHashMap<>(1);
+        map.put("code", code);
+        SmsBlend smsBlend = SmsFactory.getSmsBlend("config1");
+        SmsResponse smsResponse = smsBlend.sendMessage(phonenumber, map);
+        if (!smsResponse.isSuccess()) {
+            return R.fail(smsResponse.getData().toString());
        }
-        registerService.register(user);
        return R.ok();
    }

--- a/fys-admin/src/main/java/com/fuyuanshen/app/model/AppRegisterBody.java
+++ b/fys-admin/src/main/java/com/fuyuanshen/app/model/AppRegisterBody.java
@ -0,0 +1,30 @@
+package com.fuyuanshen.app.model;
+
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+
+@Data
+public class AppRegisterBody {
+    /**
+     * 手机号
+     */
+    @NotBlank(message = "{user.phonenumber.not.blank}")
+    private String phonenumber;
+
+    /**
+     * 短信code
+     */
+    private String smsCode;
+
+    /**
+     * 租户ID
+     */
+    @NotBlank(message = "租户ID不能为空")
+    private String tenantId;
+
+
+    /**
+     * 登录密码
+     */
+    private String password;
+}
--- a/fys-admin/src/main/java/com/fuyuanshen/app/model/AppSmsLoginBody.java
+++ b/fys-admin/src/main/java/com/fuyuanshen/app/model/AppSmsLoginBody.java
@ -14,7 +14,6 @@ public class AppSmsLoginBody {
    /**
     * 短信code
     */
-    @NotBlank(message = "{sms.code.not.blank}")
    private String smsCode;

    /**
@ -23,4 +22,14 @@ public class AppSmsLoginBody {
    @NotBlank(message = "租户ID不能为空")
    private String tenantId;

+    /**
+     * 登录方式 1:手机验证码登录 2:密码登录
+     */
+    @NotBlank(message = "登录方式不能为空")
+    private String loginType;
+
+    /**
+     * 登录密码
+     */
+    private String loginPassword;
 }
--- a/fys-admin/src/main/java/com/fuyuanshen/app/service/AppRegisterService.java
+++ b/fys-admin/src/main/java/com/fuyuanshen/app/service/AppRegisterService.java
@ -0,0 +1,145 @@
+package com.fuyuanshen.app.service;
+
+import cn.hutool.crypto.digest.BCrypt;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
+import com.fuyuanshen.app.domain.AppUser;
+import com.fuyuanshen.app.mapper.AppUserMapper;
+import com.fuyuanshen.app.model.AppRegisterBody;
+import com.fuyuanshen.common.core.constant.Constants;
+import com.fuyuanshen.common.core.constant.GlobalConstants;
+import com.fuyuanshen.common.core.domain.model.RegisterBody;
+import com.fuyuanshen.common.core.enums.UserType;
+import com.fuyuanshen.common.core.exception.user.CaptchaException;
+import com.fuyuanshen.common.core.exception.user.CaptchaExpireException;
+import com.fuyuanshen.common.core.exception.user.UserException;
+import com.fuyuanshen.common.core.utils.MessageUtils;
+import com.fuyuanshen.common.core.utils.ServletUtils;
+import com.fuyuanshen.common.core.utils.SpringUtils;
+import com.fuyuanshen.common.core.utils.StringUtils;
+import com.fuyuanshen.common.log.event.LogininforEvent;
+import com.fuyuanshen.common.redis.utils.RedisUtils;
+import com.fuyuanshen.common.tenant.helper.TenantHelper;
+import com.fuyuanshen.common.web.config.properties.CaptchaProperties;
+import com.fuyuanshen.system.domain.SysUser;
+import com.fuyuanshen.system.domain.bo.SysUserBo;
+import com.fuyuanshen.system.mapper.SysUserMapper;
+import com.fuyuanshen.system.service.ISysUserService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+
+import java.util.Date;
+
+/**
+ * 注册校验方法
+ *
+ * @author Lion Li
+ */
+@RequiredArgsConstructor
+@Service
+public class AppRegisterService {
+
+    private final IAppUserService userService;
+    private final AppUserMapper userMapper;
+
+    /**
+     * 注册
+     */
+    public void register(AppRegisterBody registerBody) {
+        String tenantId = registerBody.getTenantId();
+        String username = registerBody.getPhonenumber();
+        String password = registerBody.getPassword();
+
+        boolean codeValidate = validateRegisterSmsCode(tenantId, username, registerBody.getSmsCode());
+        if (!codeValidate) {
+            throw new CaptchaException();
+        }
+
+        // 校验用户类型是否存在
+        String userType = UserType.APP_USER.getUserType();
+
+        boolean exist = TenantHelper.dynamic(tenantId, () -> {
+            return userMapper.exists(new LambdaQueryWrapper<AppUser>()
+                .eq(AppUser::getUserName, username));
+        });
+        if (exist) {
+            throw new UserException("user.register.save.error", username);
+        }
+        AppUser appUser = new AppUser();
+        appUser.setPhonenumber(username);
+        appUser.setUserName(username);
+        appUser.setStatus("0");
+        appUser.setLoginDate(new Date());
+        appUser.setLoginIp(ServletUtils.getClientIP());
+        appUser.setTenantId(tenantId);
+        appUser.setPassword(password);
+        appUser.setUserType(userType);
+        userMapper.insert(appUser);
+        recordLogininfor(tenantId, username, Constants.REGISTER, MessageUtils.message("user.register.success"));
+    }
+
+    /**
+     * 注册校验短信验证码
+     */
+    private boolean validateRegisterSmsCode(String tenantId, String phonenumber, String smsCode) {
+        String code = RedisUtils.getCacheObject(GlobalConstants.REGISTER_CODE_KEY + phonenumber);
+        if (StringUtils.isBlank(code)) {
+            recordLogininfor(tenantId, phonenumber, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"));
+            throw new CaptchaExpireException();
+        }
+        return code.equals(smsCode);
+    }
+
+    /**
+     * 忘记密码校验验证码
+     */
+    private boolean validateForgetPasswordCode(String tenantId, String phonenumber, String smsCode) {
+        String code = RedisUtils.getCacheObject(GlobalConstants.FORGET_PASSWORD_CODE_KEY + phonenumber);
+        if (StringUtils.isBlank(code)) {
+            recordLogininfor(tenantId, phonenumber, Constants.LOGIN_FAIL, MessageUtils.message("user.jcaptcha.expire"));
+            throw new CaptchaExpireException();
+        }
+        return code.equals(smsCode);
+    }
+
+    /**
+     * 记录登录信息
+     *
+     * @param tenantId 租户ID
+     * @param username 用户名
+     * @param status   状态
+     * @param message  消息内容
+     * @return
+     */
+    private void recordLogininfor(String tenantId, String username, String status, String message) {
+        LogininforEvent logininforEvent = new LogininforEvent();
+        logininforEvent.setTenantId(tenantId);
+        logininforEvent.setUsername(username);
+        logininforEvent.setStatus(status);
+        logininforEvent.setMessage(message);
+        logininforEvent.setRequest(ServletUtils.getRequest());
+        SpringUtils.context().publishEvent(logininforEvent);
+    }
+
+    public void forgetPassword(AppRegisterBody registerBody) {
+        String tenantId = registerBody.getTenantId();
+        String username = registerBody.getPhonenumber();
+        String password = registerBody.getPassword();
+        boolean codeValidate = validateForgetPasswordCode(tenantId, username, registerBody.getSmsCode());
+        if (!codeValidate) {
+            throw new CaptchaException();
+        }
+        boolean exist = TenantHelper.dynamic(tenantId, () -> {
+            return userMapper.exists(new LambdaQueryWrapper<AppUser>()
+                    .eq(AppUser::getUserName, username));
+        });
+        if (!exist) {
+            throw new UserException("用户不存在");
+        }
+
+        UpdateWrapper<AppUser> updateWrapper = new UpdateWrapper<>();
+        updateWrapper.eq("user_name", username)
+                .set("password", password);
+        userMapper.update(updateWrapper);
+    }
+}