hhyykk/ipms-sjy
1
1
Fork 0
mirror of https://gitee.com/hhyykk/ipms-sjy.git synced 2025-07-24 16:05:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

1. code review 后台的短信验证码登陆

Browse Source 
2. 解决 SQL Server LIMIT 1 存在报错的问题
This commit is contained in:
YunaiV
2022-05-02 22:57:45 +08:00
parent 4453ac27ff
commit 7753bd4c44
18 changed files with 1100 additions and 1032 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/auth/AuthController.java
View File

@ -1,7 +1,6 @@
package cn.iocoder.yudao.module.system.controller.admin.auth;
import cn.iocoder.yudao.framework.common.enums.CommonStatusEnum;
import cn.iocoder.yudao.framework.common.enums.UserTypeEnum;
import cn.iocoder.yudao.framework.common.pojo.CommonResult;
import cn.iocoder.yudao.framework.common.util.collection.SetUtils;
import cn.iocoder.yudao.framework.operatelog.core.annotations.OperateLog;
@ -61,26 +60,6 @@ public class AuthController {
return success(AuthLoginRespVO.builder().token(token).build());
}
@PostMapping("/sms-login")
@ApiOperation("使用短信验证码登录")
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
public CommonResult<AuthLoginRespVO> smsLogin(@RequestBody @Valid AuthSmsLoginReqVO reqVO) {
String token = authService.smsLogin(reqVO, getClientIP(), getUserAgent());
// 返回结果
return success(AuthLoginRespVO.builder().token(token).build());
}
@PostMapping("/send-login-sms-code")
@ApiOperation(value = "发送手机验证码")
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
public CommonResult<Boolean> sendLoginSmsCode(@RequestBody @Valid AuthSmsSendReqVO reqVO) {
authService.sendSmsCode(getLoginUserId(), reqVO);
return success(true);
}
@GetMapping("/get-permission-info")
@ApiOperation("获取登录用户的权限信息")
public CommonResult<AuthPermissionInfoRespVO> getPermissionInfo() {
@ -112,6 +91,25 @@ public class AuthController {
return success(AuthConvert.INSTANCE.buildMenuTree(menuList));
}
// ========== 短信登录相关 ==========
@PostMapping("/sms-login")
@ApiOperation("使用短信验证码登录")
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
public CommonResult<AuthLoginRespVO> smsLogin(@RequestBody @Valid AuthSmsLoginReqVO reqVO) {
String token = authService.smsLogin(reqVO, getClientIP(), getUserAgent());
// 返回结果
return success(AuthLoginRespVO.builder().token(token).build());
}
@PostMapping("/send-sms-code")
@ApiOperation(value = "发送手机验证码")
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
public CommonResult<Boolean> sendLoginSmsCode(@RequestBody @Valid AuthSmsSendReqVO reqVO) {
authService.sendSmsCode(reqVO);
return success(true);
}
// ========== 社交登录相关 ==========
@GetMapping("/social-auth-redirect")
@ -129,7 +127,7 @@ public class AuthController {
@ApiOperation("社交快捷登录,使用 code 授权码")
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
public CommonResult<AuthLoginRespVO> socialQuickLogin(@RequestBody @Valid AuthSocialQuickLoginReqVO reqVO) {
String token = authService.socialLogin(reqVO, getClientIP(), getUserAgent());
String token = authService.socialQuickLogin(reqVO, getClientIP(), getUserAgent());
// 返回结果
return success(AuthLoginRespVO.builder().token(token).build());
}

29
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/controller/admin/auth/vo/auth/AuthSmsSendReqVO.java
View File

@ -1,17 +1,19 @@
package cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth;
import cn.iocoder.yudao.framework.common.validation.InEnum;
import cn.iocoder.yudao.framework.common.validation.Mobile;
import cn.iocoder.yudao.module.system.enums.sms.SmsSceneEnum;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.hibernate.validator.constraints.Length;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.NotNull;
@ApiModel("管理后台 - 短信验证码的呢老姑 Request VO")
@ApiModel("管理后台 - 发送手机验证码 Request VO")
@Data
@NoArgsConstructor
@AllArgsConstructor
@ -20,27 +22,12 @@ public class AuthSmsSendReqVO {
@ApiModelProperty(value = "手机号", required = true, example = "yudaoyuanma")
@NotEmpty(message = "手机号不能为空")
@Length(min = 11, max = 11, message = "手机号格式错误,仅支持大陆手机号")
@Pattern(regexp = "^[1](([3][0-9])|([4][5-9])|([5][0-3,5-9])|([6][5,6])|([7][0-8])|([8][0-9])|([9][1,8,9]))[0-9]{8}$", message = "账号格式为数字以及字母")
@Mobile
private String mobile;
@ApiModelProperty(value = "短信验证码", required = true, example = "1024", notes = "验证码开启时,需要传递")
@NotEmpty(message = "验证码不能为空", groups = CodeEnableGroup.class)
private String code;
@ApiModelProperty(value = "短信场景", required = true, example = "1")
@NotEmpty(message = "短信场景", groups = CodeEnableGroup.class)
@NotNull(message = "发送场景不能为空")
@InEnum(SmsSceneEnum.class)
private Integer scene;
@ApiModelProperty(value = "验证码的唯一标识", required = true, example = "9b2ffbc1-7425-4155-9894-9d5c08541d62", notes = "验证码开启时,需要传递")
@NotEmpty(message = "唯一标识不能为空", groups = AuthLoginReqVO.CodeEnableGroup.class)
private String uuid;
/**
* 开启验证码的 Group
*/
public interface CodeEnableGroup {}
}

4
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/convert/auth/AuthConvert.java
View File

@ -5,6 +5,7 @@ import cn.iocoder.yudao.framework.common.util.collection.CollectionUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeSendReqDTO;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeSendReqDTO;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeUseReqDTO;
import cn.iocoder.yudao.module.system.api.social.dto.SocialUserBindReqDTO;
import cn.iocoder.yudao.module.system.api.social.dto.SocialUserUnbindReqDTO;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.*;
@ -75,9 +76,10 @@ public interface AuthConvert {
}
SocialUserBindReqDTO convert(Long userId, Integer userType, AuthSocialBindLoginReqVO reqVO);
SocialUserBindReqDTO convert(Long userId, Integer userType, AuthSocialQuickLoginReqVO reqVO);
SmsCodeSendReqDTO convert(AuthSmsSendReqVO reqVO);
SmsCodeUseReqDTO convert(AuthSmsLoginReqVO reqVO, Integer scene, String usedIp);
}

2
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/framework/security/config/SecurityConfiguration.java
View File

@ -26,7 +26,7 @@ public class SecurityConfiguration {
registry.antMatchers(buildAdminApi("/system/auth/social-bind-login")).permitAll();
// 登录登录的接口
registry.antMatchers(buildAdminApi("/system/auth/sms-login")).permitAll();
registry.antMatchers(buildAdminApi("/system/auth/send-login-sms-code")).permitAll();
registry.antMatchers(buildAdminApi("/system/auth/send-sms-code")).permitAll();
// 验证码的接口
registry.antMatchers(buildAdminApi("/system/captcha/**")).permitAll();
// 获得租户编号的接口

8
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthService.java
View File

@ -26,10 +26,10 @@ public interface AdminAuthService extends SecurityAuthFrameworkService {
/**
* 短信验证码发送
* @param userId
* @param reqVO
*
* @param reqVO 发送请求
*/
void sendSmsCode(Long userId, AuthSmsSendReqVO reqVO);
void sendSmsCode(AuthSmsSendReqVO reqVO);
/**
* 短信登录
@ -49,7 +49,7 @@ public interface AdminAuthService extends SecurityAuthFrameworkService {
* @param userAgent 用户 UA
* @return 身份令牌,使用 JWT 方式
*/
String socialLogin(@Valid AuthSocialQuickLoginReqVO reqVO, String userIp, String userAgent);
String socialQuickLogin(@Valid AuthSocialQuickLoginReqVO reqVO, String userIp, String userAgent);
/**
* 社交绑定登录,使用 code 授权码 + 账号密码

77
yudao-module-system/yudao-module-system-biz/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java
View File

@ -8,11 +8,7 @@ import cn.iocoder.yudao.framework.common.util.validation.ValidationUtils;
import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.authentication.MultiUsernamePasswordAuthenticationToken;
import cn.iocoder.yudao.module.system.api.logger.dto.LoginLogCreateReqDTO;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.AuthLoginReqVO;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.AuthSocialBindLoginReqVO;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.AuthSocialQuickLoginReqVO;
import cn.iocoder.yudao.module.system.api.sms.SmsCodeApi;
import cn.iocoder.yudao.module.system.api.sms.dto.code.SmsCodeUseReqDTO;
import cn.iocoder.yudao.module.system.controller.admin.auth.vo.auth.*;
import cn.iocoder.yudao.module.system.convert.auth.AuthConvert;
import cn.iocoder.yudao.module.system.dal.dataobject.user.AdminUserDO;
@ -117,51 +113,27 @@ public class AdminAuthServiceImpl implements AdminAuthService {
}
@Override
public void sendSmsCode(Long userId, AuthSmsSendReqVO reqVO) {
this.verifyCaptchaSmsSend(reqVO);
//登录场景,验证是否存在
if(reqVO.getScene().compareTo(SmsSceneEnum.ADMIN_MEMBER_LOGIN.getScene())==0) {
if (userService.getUserByMobile(reqVO.getMobile()) == null) {
throw exception(USER_NOT_EXISTS);
}
public void sendSmsCode(AuthSmsSendReqVO reqVO) {
// 登录场景,验证是否存在
if (userService.getUserByMobile(reqVO.getMobile()) == null) {
throw exception(AUTH_MOBILE_NOT_EXISTS);
}
// TODO 要根据不同的场景,校验是否有用户
// 发送验证码
smsCodeApi.sendSmsCode(AuthConvert.INSTANCE.convert(reqVO).setCreateIp(getClientIP()));
}
/**
* 短信登录
*/
@Override
public String smsLogin(AuthSmsLoginReqVO reqVO, String userIp, String userAgent) {
/* 从 Member的AuhtConvert中拷贝出来的没单独写类 */
if ( reqVO == null) {
return null;
}
SmsCodeUseReqDTO smsCodeUseReqDTO = new SmsCodeUseReqDTO();
smsCodeUseReqDTO.setMobile( reqVO.getMobile() );
smsCodeUseReqDTO.setCode( reqVO.getCode() );
smsCodeUseReqDTO.setScene( SmsSceneEnum.ADMIN_MEMBER_LOGIN.getScene() );
smsCodeUseReqDTO.setUsedIp(userIp);
smsCodeApi.useSmsCode(smsCodeUseReqDTO);
// 校验验证码
smsCodeApi.useSmsCode(AuthConvert.INSTANCE.convert(reqVO, SmsSceneEnum.ADMIN_MEMBER_LOGIN.getScene(), userIp));
// 获得用户信息
AdminUserDO user = userService.getUserByMobile(reqVO.getMobile());
if(user==null)
{
throw exception(USER_NOT_EXISTS);
if (user == null) {
throw exception(USER_NOT_EXISTS);
}
cn.hutool.core.lang.Assert.notNull(user, "获取用户失败,结果为空");
// 执行登陆
this.createLoginLog(user.getMobile(),LoginLogTypeEnum.LOGIN_MOBILE, LoginResultEnum.SUCCESS);
// 创建 LoginUser 对象
LoginUser loginUser = buildLoginUser(user);
// 缓存登陆用户到 Redis 中,返回 sessionId 编号
@ -217,33 +189,6 @@ public class AdminAuthServiceImpl implements AdminAuthService {
return (LoginUser) authentication.getPrincipal();
}
/**
* 验证验证码并发送短信
* @param reqVO
*/
private void verifyCaptchaSmsSend(AuthSmsSendReqVO reqVO) {
// 如果验证码关闭,则不进行校验
if (!captchaService.isCaptchaEnable()) {
return;
}
// 校验验证码
ValidationUtils.validate(validator, reqVO, AuthLoginReqVO.CodeEnableGroup.class);
// 验证码不存在
final LoginLogTypeEnum logTypeEnum = LoginLogTypeEnum.LOGIN_USERNAME;
String code = captchaService.getCaptchaCode(reqVO.getUuid());
if (code == null) {
throw exception(AUTH_LOGIN_CAPTCHA_NOT_FOUND);
}
// 验证码不正确
if (!code.equals(reqVO.getCode())) {
// 创建登录失败日志(验证码不正确)
throw exception(AUTH_LOGIN_CAPTCHA_CODE_ERROR);
}
// 正确,所以要删除下验证码
captchaService.deleteCaptchaCode(reqVO.getUuid());
}
private void createLoginLog(String username, LoginLogTypeEnum logTypeEnum, LoginResultEnum loginResult) {
// 获得用户
AdminUserDO user = userService.getUserByUsername(username);
@ -277,7 +222,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
}
@Override
public String socialLogin(AuthSocialQuickLoginReqVO reqVO, String userIp, String userAgent) {
public String socialQuickLogin(AuthSocialQuickLoginReqVO reqVO, String userIp, String userAgent) {
// 使用 code 授权码,进行登录。然后,获得到绑定的用户编号
Long userId = socialUserService.getBindUserId(UserTypeEnum.ADMIN.getValue(), reqVO.getType(),
reqVO.getCode(), reqVO.getState());