添加发送短信验证码功能

2025-05-28 10:23:53 +08:00 · 2025-05-28 10:23:53 +08:00 · 46b9d9e98e
parent 3877354f31
commit 46b9d9e98e
4 changed files with 148 additions and 6 deletions
--- a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
+++ b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
@ -93,6 +93,8 @@ public class ShiroConfig {
        filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //第三方登录
        filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串
        filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码
+        filterChainDefinitionMap.put("/sys/smsCode", "anon");//短信验证码
+        filterChainDefinitionMap.put("/sys/checkPhoneCode", "anon");//短信验证码
        filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//手机登录
        filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//校验用户是否存在
        filterChainDefinitionMap.put("/sys/user/register", "anon");//用户注册
--- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
+++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
@ -395,6 +395,146 @@ public class LoginController {
 	}


+	/**
+	 * 短信验证码
+	 * @return
+	 */
+	@PostMapping(value = "/smsCode")
+	public Result<String> smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,HttpServletRequest request) {
+		Result<String> result = new Result<String>();
+		String clientIp = IpUtils.getIpAddr(request);
+//		//手机号模式 登录模式: "2"  注册模式: "1"
+		log.info("-------- IP:{}, 手机号：{}，获取绑定验证码", clientIp, mobile);
+
+		if(oConvertUtils.isEmpty(mobile)){
+			result.setMessage("手机号不允许为空！");
+			result.setSuccess(false);
+			return result;
+		}
+
+		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+		String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile;
+		Object object = redisUtil.get(redisKey);
+		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+
+		if (object != null) {
+			result.setMessage("验证码10分钟内，仍然有效！");
+			result.setSuccess(false);
+			return result;
+		}
+
+		//-------------------------------------------------------------------------------------
+		//增加 check防止恶意刷短信接口
+		if(!DySmsLimit.canSendSms(clientIp)){
+			log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp);
+			result.setMessage("短信接口请求太多，请稍后再试！");
+			result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE);
+			result.setSuccess(false);
+			return result;
+		}
+		//-------------------------------------------------------------------------------------
+
+		//随机数
+		String captcha = RandomUtil.randomNumbers(6);
+		JSONObject obj = new JSONObject();
+		obj.put("code", captcha);
+		try {
+			boolean b = false;
+			//注册模板
+			if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) {
+				SysUser sysUser = sysUserService.getUserByPhone(mobile);
+				if(sysUser!=null) {
+					result.error500(" 手机号已经注册，请直接登录！");
+					baseCommonService.addLog("手机号已经注册，请直接登录！", CommonConstant.LOG_TYPE_1, null);
+					return result;
+				}
+				b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE);
+			}else {
+				//登录模式，校验用户有效性
+				SysUser sysUser = sysUserService.getUserByPhone(mobile);
+				result = sysUserService.checkUserIsEffective(sysUser);
+				if(!result.isSuccess()) {
+					String message = result.getMessage();
+					String userNotExist="该用户不存在，请注册";
+					if(userNotExist.equals(message)){
+						result.error500("该用户不存在或未绑定手机号");
+					}
+					return result;
+				}
+
+				/**
+				 * smsmode 短信模板方式  0 .登录模板、1.注册模板、2.忘记密码模板
+				 */
+				if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) {
+					//登录模板
+					b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE);
+				} else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) {
+					//忘记密码模板
+					b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE);
+				}
+			}
+
+			if (b == false) {
+				result.setMessage("短信验证码发送失败,请稍后重试");
+				result.setSuccess(false);
+				return result;
+			}
+
+			//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+			//验证码10分钟内有效
+			redisUtil.set(redisKey, captcha, 600);
+			//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+
+			//update-begin--Author:scott  Date:20190812 for：issues#391
+			//result.setResult(captcha);
+			//update-end--Author:scott  Date:20190812 for：issues#391
+			result.setSuccess(true);
+
+		} catch (ClientException e) {
+			e.printStackTrace();
+			result.error500(" 短信接口未配置，请联系管理员！");
+			return result;
+		}
+		return result;
+	}
+	@PostMapping("/checkPhoneCode")
+	public Result<JSONObject> checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) {
+		Result<JSONObject> result = new Result<JSONObject>();
+		String phone = mobile;
+		//update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
+		if(isLoginFailOvertimes(phone)){
+			return result.error500("该用户登录失败次数过多，请于10分钟后再次登录！");
+		}
+		//update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
+		//校验用户有效性
+//		SysUser sysUser = sysUserService.getUserByPhone(phone);
+//		result = sysUserService.checkUserIsEffective(sysUser);
+//		if(!result.isSuccess()) {
+//			return result;
+//		}
+
+
+		//update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+		String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone;
+		Object code = redisUtil.get(redisKey);
+		//update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906
+
+		if (!smscode.equals(code)) {
+			//update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
+			addLoginFailOvertimes(phone);
+			//update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
+			return Result.error("手机验证码错误");
+		}
+		//用户信息
+//		userInfo(sysUser, result, request);
+		//添加日志
+//		baseCommonService.addLog("用户名: " + sysUser.getUsername() + ",登录成功！", CommonConstant.LOG_TYPE_1, null);
+
+		return result;
+	}
+
+
+
 	/**
 	 * 手机号登录接口
 	 *
--- a/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml
+++ b/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml
@ -256,14 +256,14 @@ jeecg:
    excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/**
  #阿里云oss存储和大鱼短信秘钥配置
  oss:
-    accessKey: ??
-    secretKey: ??
+    accessKey: LTAI5tB9WHDf3BZsTcQ64Knc
+    secretKey: QWwOazCWWZxV7ovqgGGfSCpQcUevUZ
    endpoint: oss-cn-beijing.aliyuncs.com
    bucketName: jeecgdev
    # 短信模板
    sms-template:
      # 签名
-      signature:
+      signature: 吉林省捌零信创科技
      # 模板code
      templateCode:
        # 登录短信、忘记密码模板编码
@ -271,7 +271,7 @@ jeecg:
        # 修改密码短信模板编码
        SMS_465391221:
        # 注册账号短信模板编码
-        SMS_175430166:
+        SMS_175430166: SMS_319245237
  # 在线预览文件服务器地址配置
  file-view-domain: http://fileview.jeecg.com
  # minio文件上传
--- a/pom.xml
+++ b/pom.xml
@ -454,7 +454,7 @@
            <id>dev</id>
            <activation>
                <!--默认激活配置-->
-                <activeByDefault>false</activeByDefault>
+                <activeByDefault>true</activeByDefault>
            </activation>
            <properties>
                <!--当前环境-->
@ -466,7 +466,7 @@
            <id>uat</id>
            <activation>
                <!--默认激活配置-->
-                <activeByDefault>true</activeByDefault>
+                <activeByDefault>false</activeByDefault>
            </activation>
            <properties>
                <!--当前环境-->