From 46b9d9e98e50374fbbecb32f084365001d149e5c Mon Sep 17 00:00:00 2001 From: yangjun <1173114630@qq.com> Date: Wed, 28 May 2025 10:23:53 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=8F=91=E9=80=81?= =?UTF-8?q?=E7=9F=AD=E4=BF=A1=E9=AA=8C=E8=AF=81=E7=A0=81=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/jeecg/config/shiro/ShiroConfig.java | 2 + .../system/controller/LoginController.java | 140 ++++++++++++++++++ .../src/main/resources/application-dev.yml | 8 +- pom.xml | 4 +- 4 files changed, 148 insertions(+), 6 deletions(-) diff --git a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java index 511fb82..a20d4d0 100644 --- a/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java +++ b/nursing-unit-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java @@ -93,6 +93,8 @@ public class ShiroConfig { filterChainDefinitionMap.put("/sys/thirdLogin/**", "anon"); //第三方登录 filterChainDefinitionMap.put("/sys/getEncryptedString", "anon"); //获取加密串 filterChainDefinitionMap.put("/sys/sms", "anon");//短信验证码 + filterChainDefinitionMap.put("/sys/smsCode", "anon");//短信验证码 + filterChainDefinitionMap.put("/sys/checkPhoneCode", "anon");//短信验证码 filterChainDefinitionMap.put("/sys/phoneLogin", "anon");//手机登录 filterChainDefinitionMap.put("/sys/user/checkOnlyUser", "anon");//校验用户是否存在 filterChainDefinitionMap.put("/sys/user/register", "anon");//用户注册 diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java index d52c0db..0a58ff8 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java @@ -395,6 +395,146 @@ public class LoginController { } + /** + * 短信验证码 + * @return + */ + @PostMapping(value = "/smsCode") + public Result smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,HttpServletRequest request) { + Result result = new Result(); + String clientIp = IpUtils.getIpAddr(request); +// //手机号模式 登录模式: "2" 注册模式: "1" + log.info("-------- IP:{}, 手机号:{},获取绑定验证码", clientIp, mobile); + + if(oConvertUtils.isEmpty(mobile)){ + result.setMessage("手机号不允许为空!"); + result.setSuccess(false); + return result; + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; + Object object = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (object != null) { + result.setMessage("验证码10分钟内,仍然有效!"); + result.setSuccess(false); + return result; + } + + //------------------------------------------------------------------------------------- + //增加 check防止恶意刷短信接口 + if(!DySmsLimit.canSendSms(clientIp)){ + log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp); + result.setMessage("短信接口请求太多,请稍后再试!"); + result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE); + result.setSuccess(false); + return result; + } + //------------------------------------------------------------------------------------- + + //随机数 + String captcha = RandomUtil.randomNumbers(6); + JSONObject obj = new JSONObject(); + obj.put("code", captcha); + try { + boolean b = false; + //注册模板 + if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) { + SysUser sysUser = sysUserService.getUserByPhone(mobile); + if(sysUser!=null) { + result.error500(" 手机号已经注册,请直接登录!"); + baseCommonService.addLog("手机号已经注册,请直接登录!", CommonConstant.LOG_TYPE_1, null); + return result; + } + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE); + }else { + //登录模式,校验用户有效性 + SysUser sysUser = sysUserService.getUserByPhone(mobile); + result = sysUserService.checkUserIsEffective(sysUser); + if(!result.isSuccess()) { + String message = result.getMessage(); + String userNotExist="该用户不存在,请注册"; + if(userNotExist.equals(message)){ + result.error500("该用户不存在或未绑定手机号"); + } + return result; + } + + /** + * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 + */ + if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) { + //登录模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE); + } else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) { + //忘记密码模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE); + } + } + + if (b == false) { + result.setMessage("短信验证码发送失败,请稍后重试"); + result.setSuccess(false); + return result; + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + //验证码10分钟内有效 + redisUtil.set(redisKey, captcha, 600); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + //update-begin--Author:scott Date:20190812 for:issues#391 + //result.setResult(captcha); + //update-end--Author:scott Date:20190812 for:issues#391 + result.setSuccess(true); + + } catch (ClientException e) { + e.printStackTrace(); + result.error500(" 短信接口未配置,请联系管理员!"); + return result; + } + return result; + } + @PostMapping("/checkPhoneCode") + public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { + Result result = new Result(); + String phone = mobile; + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + if(isLoginFailOvertimes(phone)){ + return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); + } + //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + //校验用户有效性 +// SysUser sysUser = sysUserService.getUserByPhone(phone); +// result = sysUserService.checkUserIsEffective(sysUser); +// if(!result.isSuccess()) { +// return result; +// } + + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; + Object code = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (!smscode.equals(code)) { + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + addLoginFailOvertimes(phone); + //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + return Result.error("手机验证码错误"); + } + //用户信息 +// userInfo(sysUser, result, request); + //添加日志 +// baseCommonService.addLog("用户名: " + sysUser.getUsername() + ",登录成功!", CommonConstant.LOG_TYPE_1, null); + + return result; + } + + + /** * 手机号登录接口 * diff --git a/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml b/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml index d87d442..cd04e2a 100644 --- a/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml +++ b/nursing-unit-system/nu-system-start/src/main/resources/application-dev.yml @@ -256,14 +256,14 @@ jeecg: excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/** #阿里云oss存储和大鱼短信秘钥配置 oss: - accessKey: ?? - secretKey: ?? + accessKey: LTAI5tB9WHDf3BZsTcQ64Knc + secretKey: QWwOazCWWZxV7ovqgGGfSCpQcUevUZ endpoint: oss-cn-beijing.aliyuncs.com bucketName: jeecgdev # 短信模板 sms-template: # 签名 - signature: + signature: 吉林省捌零信创科技 # 模板code templateCode: # 登录短信、忘记密码模板编码 @@ -271,7 +271,7 @@ jeecg: # 修改密码短信模板编码 SMS_465391221: # 注册账号短信模板编码 - SMS_175430166: + SMS_175430166: SMS_319245237 # 在线预览文件服务器地址配置 file-view-domain: http://fileview.jeecg.com # minio文件上传 diff --git a/pom.xml b/pom.xml index b5ccfb5..8d18ae5 100644 --- a/pom.xml +++ b/pom.xml @@ -454,7 +454,7 @@ dev - false + true @@ -466,7 +466,7 @@ uat - true + false From f066abcff17307733b3b0e42382ef5657f59c749 Mon Sep 17 00:00:00 2001 From: yangjun <1173114630@qq.com> Date: Wed, 28 May 2025 15:34:26 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=BB=91=E5=9D=97?= =?UTF-8?q?=E9=AA=8C=E8=AF=81=E7=A0=81=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mapper/NuBizAdvisoryInfoMapper.java | 1 + .../mapper/xml/NuBizAdvisoryInfoMapper.xml | 3 + .../service/INuBizAdvisoryInfoService.java | 2 + .../impl/NuBizAdvisoryInfoServiceImpl.java | 5 + .../org/jeecg/config/shiro/ShiroConfig.java | 1 + nursing-unit-system/nu-system-biz/pom.xml | 8 +- .../system/controller/LoginController.java | 307 ++++++++++-------- .../src/main/resources/application-uat.yml | 8 +- 8 files changed, 193 insertions(+), 142 deletions(-) diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java index 6ec3aa2..5e252d8 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java @@ -14,4 +14,5 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper; */ public interface NuBizAdvisoryInfoMapper extends BaseMapper { + NuBizAdvisoryInfo getUserByTel(@Param("mobile") String mobile); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml index d4b1d8c..81d12c2 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml @@ -2,4 +2,7 @@ + \ No newline at end of file diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java index f3bf965..40a682b 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java @@ -12,4 +12,6 @@ import com.baomidou.mybatisplus.extension.service.IService; public interface INuBizAdvisoryInfoService extends IService { NuBizAdvisoryInfo queryWeixinInfo(String openId, String wechatName); + + NuBizAdvisoryInfo getUserByTel(String mobile); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java index e6a443a..db03f27 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java @@ -32,4 +32,9 @@ public class NuBizAdvisoryInfoServiceImpl extends ServiceImplorg.jeecgframework weixin4j + + com.nursingunit.boot + nu-admin-biz + 2.0.0 + compile + - + diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java index 0a58ff8..8b030a2 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java @@ -5,6 +5,8 @@ import com.alibaba.fastjson.JSONObject; import com.aliyuncs.exceptions.ClientException; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.toolkit.IdWorker; +import com.nu.modules.NuBizAdvisoryInfo.entity.NuBizAdvisoryInfo; +import com.nu.modules.NuBizAdvisoryInfo.service.INuBizAdvisoryInfoService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; @@ -66,6 +68,8 @@ public class LoginController { private BaseCommonService baseCommonService; @Autowired private JeecgBaseConfig jeecgBaseConfig; + @Autowired + private INuBizAdvisoryInfoService nuBizAdvisoryInfoService; private final String BASE_CHECK_CODES = "qwertyuiplkjhgfdsazxcvbnmQWERTYUPLKJHGFDSAZXCVBNM1234567890"; @@ -395,143 +399,8 @@ public class LoginController { } - /** - * 短信验证码 - * @return - */ - @PostMapping(value = "/smsCode") - public Result smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,HttpServletRequest request) { - Result result = new Result(); - String clientIp = IpUtils.getIpAddr(request); -// //手机号模式 登录模式: "2" 注册模式: "1" - log.info("-------- IP:{}, 手机号:{},获取绑定验证码", clientIp, mobile); - - if(oConvertUtils.isEmpty(mobile)){ - result.setMessage("手机号不允许为空!"); - result.setSuccess(false); - return result; - } - - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; - Object object = redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - if (object != null) { - result.setMessage("验证码10分钟内,仍然有效!"); - result.setSuccess(false); - return result; - } - - //------------------------------------------------------------------------------------- - //增加 check防止恶意刷短信接口 - if(!DySmsLimit.canSendSms(clientIp)){ - log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp); - result.setMessage("短信接口请求太多,请稍后再试!"); - result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE); - result.setSuccess(false); - return result; - } - //------------------------------------------------------------------------------------- - - //随机数 - String captcha = RandomUtil.randomNumbers(6); - JSONObject obj = new JSONObject(); - obj.put("code", captcha); - try { - boolean b = false; - //注册模板 - if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) { - SysUser sysUser = sysUserService.getUserByPhone(mobile); - if(sysUser!=null) { - result.error500(" 手机号已经注册,请直接登录!"); - baseCommonService.addLog("手机号已经注册,请直接登录!", CommonConstant.LOG_TYPE_1, null); - return result; - } - b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE); - }else { - //登录模式,校验用户有效性 - SysUser sysUser = sysUserService.getUserByPhone(mobile); - result = sysUserService.checkUserIsEffective(sysUser); - if(!result.isSuccess()) { - String message = result.getMessage(); - String userNotExist="该用户不存在,请注册"; - if(userNotExist.equals(message)){ - result.error500("该用户不存在或未绑定手机号"); - } - return result; - } - - /** - * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 - */ - if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) { - //登录模板 - b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE); - } else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) { - //忘记密码模板 - b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE); - } - } - - if (b == false) { - result.setMessage("短信验证码发送失败,请稍后重试"); - result.setSuccess(false); - return result; - } - - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - //验证码10分钟内有效 - redisUtil.set(redisKey, captcha, 600); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - //update-begin--Author:scott Date:20190812 for:issues#391 - //result.setResult(captcha); - //update-end--Author:scott Date:20190812 for:issues#391 - result.setSuccess(true); - - } catch (ClientException e) { - e.printStackTrace(); - result.error500(" 短信接口未配置,请联系管理员!"); - return result; - } - return result; - } - @PostMapping("/checkPhoneCode") - public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { - Result result = new Result(); - String phone = mobile; - //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - if(isLoginFailOvertimes(phone)){ - return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); - } - //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - //校验用户有效性 -// SysUser sysUser = sysUserService.getUserByPhone(phone); -// result = sysUserService.checkUserIsEffective(sysUser); -// if(!result.isSuccess()) { -// return result; -// } - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - if (!smscode.equals(code)) { - //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - addLoginFailOvertimes(phone); - //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - return Result.error("手机验证码错误"); - } - //用户信息 -// userInfo(sysUser, result, request); - //添加日志 -// baseCommonService.addLog("用户名: " + sysUser.getUsername() + ",登录成功!", CommonConstant.LOG_TYPE_1, null); - - return result; - } @@ -937,8 +806,6 @@ public class LoginController { } return result; } - - /** * 图形验证码 * @param sysLoginModel @@ -964,4 +831,170 @@ public class LoginController { return Result.ok(); } + /** + * 短信验证码 + * @return + */ + @PostMapping(value = "/smsCode") + public Result smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,@RequestParam(name="hkcode",required=true) String hkcode,HttpServletRequest request) { + Result result = new Result(); + String clientIp = IpUtils.getIpAddr(request); +// //手机号模式 登录模式: "2" 注册模式: "1" + log.info("-------- IP:{}, 手机号:{},获取绑定验证码", clientIp, mobile); + + if(oConvertUtils.isEmpty(mobile)){ + result.setMessage("手机号不允许为空!"); + result.setSuccess(false); + return result; + } + + + String redisHKKey = CommonConstant.PHONE_REDIS_KEY_PRE+"HK"+mobile; + Object hkcoderED = redisUtil.get(redisHKKey); + if(!hkcoderED.equals(hkcode)){ + result.setMessage("非法操作,不能获取验证码!"); + result.setSuccess(false); + return result; + }else{ + + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; + Object object = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (object != null) { + result.setMessage("验证码10分钟内,仍然有效!"); + result.setSuccess(false); + return result; + } + + //------------------------------------------------------------------------------------- + //增加 check防止恶意刷短信接口 + if(!DySmsLimit.canSendSms(clientIp)){ + log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp); + result.setMessage("短信接口请求太多,请稍后再试!"); + result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE); + result.setSuccess(false); + return result; + } + //------------------------------------------------------------------------------------- + + //随机数 + String captcha = RandomUtil.randomNumbers(6); + JSONObject obj = new JSONObject(); + obj.put("code", captcha); + try { + boolean b = false; + //注册模板 + if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) { + SysUser sysUser = sysUserService.getUserByPhone(mobile); + if(sysUser!=null) { + result.error500(" 手机号已经注册,请直接登录!"); + baseCommonService.addLog("手机号已经注册,请直接登录!", CommonConstant.LOG_TYPE_1, null); + return result; + } + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE); + }else { + //登录模式,校验用户有效性 + NuBizAdvisoryInfo nuBizAdvisoryInfo = nuBizAdvisoryInfoService.getUserByTel(mobile); + +// SysUser sysUser = sysUserService.getUserByPhone(mobile); +// result = sysUserService.checkUserIsEffective(sysUser); + if(nuBizAdvisoryInfo == null) { + result.error500("该用户不存在或未绑定手机号"); + return result; + } + + /** + * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 + */ + if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) { + //登录模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE); + } else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) { + //忘记密码模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE); + } + } + + if (b == false) { + result.setMessage("短信验证码发送失败,请稍后重试"); + result.setSuccess(false); + return result; + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + //验证码10分钟内有效 + redisUtil.set(redisKey, captcha, 600); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + //update-begin--Author:scott Date:20190812 for:issues#391 + //result.setResult(captcha); + //update-end--Author:scott Date:20190812 for:issues#391 + result.setSuccess(true); + + } catch (ClientException e) { + e.printStackTrace(); + result.error500(" 短信接口未配置,请联系管理员!"); + return result; + } + return result; + } + @PostMapping("/checkPhoneCode") + public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { + Result result = new Result(); + String phone = mobile; + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + if(isLoginFailOvertimes(phone)){ + return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); + } + //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + //校验用户有效性 +// SysUser sysUser = sysUserService.getUserByPhone(phone); +// result = sysUserService.checkUserIsEffective(sysUser); +// if(!result.isSuccess()) { +// return result; +// } + + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; + Object code = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (!smscode.equals(code)) { + addLoginFailOvertimes(phone); + return Result.error("手机验证码错误"); + } + + return result; + } + + /** + * 获取滑块code + * @param mobile + * @param request + * @return + */ + @PostMapping("/getHkCode") + public Result getHkCode(@RequestParam(name="mobile",required=true) String mobile, HttpServletRequest request) { + Result result = new Result(); + String phone = mobile; + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + if(isLoginFailOvertimes(phone)){ + return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); + } + + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+"HK"+phone; + //随机数 + String captcha = RandomUtil.randomNumbers(6); + redisUtil.set(redisKey, captcha, 600); + result.setMessage(captcha); + + return result; + } + + } diff --git a/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml b/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml index 3fb93f8..82eba25 100644 --- a/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml +++ b/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml @@ -255,14 +255,14 @@ jeecg: excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/** #阿里云oss存储和大鱼短信秘钥配置 oss: - accessKey: ?? - secretKey: ?? + accessKey: LTAI5tB9WHDf3BZsTcQ64Knc + secretKey: QWwOazCWWZxV7ovqgGGfSCpQcUevUZ endpoint: oss-cn-beijing.aliyuncs.com bucketName: jeecgdev # 短信模板 sms-template: # 签名 - signature: + signature: 吉林省捌零信创科技 # 模板code templateCode: # 登录短信、忘记密码模板编码 @@ -270,7 +270,7 @@ jeecg: # 修改密码短信模板编码 SMS_465391221: # 注册账号短信模板编码 - SMS_175430166: + SMS_175430166: SMS_319245237 # 在线预览文件服务器地址配置 file-view-domain: http://fileview.jeecg.com # minio文件上传 From 5d60bc7772b414bd23c28dae3136bcc91ac2756a Mon Sep 17 00:00:00 2001 From: yangjun <1173114630@qq.com> Date: Thu, 29 May 2025 18:32:18 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E8=B0=83=E6=95=B4=E9=89=B4=E6=9D=83?= =?UTF-8?q?=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../H5ApiAdvisoryInfoController.java | 2 +- .../entity/NuBizAdvisoryInfo.java | 60 ++++++++++--------- .../mapper/NuBizAdvisoryInfoMapper.java | 2 + .../mapper/xml/NuBizAdvisoryInfoMapper.xml | 3 + .../service/INuBizAdvisoryInfoService.java | 2 + .../impl/NuBizAdvisoryInfoServiceImpl.java | 43 ++++++++++++- .../org/jeecg/common/system/util/JwtUtil.java | 9 +++ .../jeecg/config/shiro/filters/JwtFilter.java | 9 ++- .../system/controller/LoginController.java | 31 ++++++++-- 9 files changed, 125 insertions(+), 36 deletions(-) diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/controller/H5ApiAdvisoryInfoController.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/controller/H5ApiAdvisoryInfoController.java index 483cef3..b2b0c93 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/controller/H5ApiAdvisoryInfoController.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/controller/H5ApiAdvisoryInfoController.java @@ -112,7 +112,7 @@ public class H5ApiAdvisoryInfoController extends JeecgController queryByOpenId(@RequestParam(name="openId",required=true) String openId,@RequestParam(name="wechatName",required=true) String wechatName) { + public Result queryByOpenId(@RequestParam(name="openId",required=true) String openId,@RequestParam(name="wechatName",required=false) String wechatName) { NuBizAdvisoryInfo nuBizAdvisoryInfo = nuBizAdvisoryInfoService.queryWeixinInfo(openId,wechatName); return Result.OK(nuBizAdvisoryInfo); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/entity/NuBizAdvisoryInfo.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/entity/NuBizAdvisoryInfo.java index 130cb1e..157e591 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/entity/NuBizAdvisoryInfo.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/entity/NuBizAdvisoryInfo.java @@ -5,7 +5,9 @@ import java.io.UnsupportedEncodingException; import java.util.Date; import java.math.BigDecimal; +import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.annotation.*; +import org.jeecg.common.api.vo.Result; import org.jeecg.common.constant.ProvinceCityArea; import org.jeecg.common.util.SpringContextUtils; import lombok.Data; @@ -35,97 +37,99 @@ public class NuBizAdvisoryInfo implements Serializable { /**id*/ @TableId(type = IdType.ASSIGN_ID) @ApiModelProperty(value = "id") - private java.lang.String id; + private String id; /**微信id*/ @Excel(name = "微信id", width = 15) @ApiModelProperty(value = "微信id") - private java.lang.String openId; + private String openId; /**微信名称*/ @Excel(name = "微信名称", width = 15) @ApiModelProperty(value = "微信名称") - private java.lang.String wechatName; + private String wechatName; /**咨询人姓名*/ @Excel(name = "咨询人姓名", width = 15) @ApiModelProperty(value = "咨询人姓名") - private java.lang.String name; + private String name; /**性别*/ @Excel(name = "性别", width = 15, dicCode = "sex") @Dict(dicCode = "sex") @ApiModelProperty(value = "性别") - private java.lang.String sex; + private String sex; /**联系电话*/ @Excel(name = "联系电话", width = 15) @ApiModelProperty(value = "联系电话") - private java.lang.String tel; + private String tel; /**咨询类型 1入住nu 2入驻机构 3我要加盟*/ @Excel(name = "咨询类型", width = 15, dicCode = "advisory_type") @Dict(dicCode = "advisory_type") @ApiModelProperty(value = "咨询类型") - private java.lang.String advisoryType; + private String advisoryType; /**状态 1审核中 2审核完成 3驳回*/ @Excel(name = "状态", width = 15, dicCode = "advisory_approval") @Dict(dicCode = "advisory_approval") @ApiModelProperty(value = "状态") - private java.lang.String status; + private String status; /**审核备注*/ @Excel(name = "审核备注", width = 15) @ApiModelProperty(value = "审核备注") - private java.lang.String content; + private String content; /**机构访问地址*/ @Excel(name = "机构访问地址", width = 15) @ApiModelProperty(value = "机构访问地址") - private java.lang.String serverUrl; + private String serverUrl; /**创建人*/ @ApiModelProperty(value = "创建人") - private java.lang.String createBy; + private String createBy; /**创建日期*/ @JsonFormat(timezone = "GMT+8",pattern = "yyyy-MM-dd HH:mm:ss") @DateTimeFormat(pattern="yyyy-MM-dd HH:mm:ss") @ApiModelProperty(value = "创建日期") - private java.util.Date createTime; + private Date createTime; /**更新人*/ @ApiModelProperty(value = "更新人") - private java.lang.String updateBy; + private String updateBy; /**更新日期*/ @JsonFormat(timezone = "GMT+8",pattern = "yyyy-MM-dd HH:mm:ss") @DateTimeFormat(pattern="yyyy-MM-dd HH:mm:ss") @ApiModelProperty(value = "更新日期") - private java.util.Date updateTime; + private Date updateTime; /**所属部门*/ @ApiModelProperty(value = "所属部门") - private java.lang.String sysOrgCode; + private String sysOrgCode; /**老人姓名*/ - private java.lang.String oldManName; + private String oldManName; /**老人年龄*/ - private java.lang.String oldManAge; + private String oldManAge; /**医保类型*/ @Dict(dicCode = "medical_insurance_type") - private java.lang.String medicalInsuranceType; + private String medicalInsuranceType; /**老人性别*/ @Dict(dicCode = "sex") - private java.lang.String oldManSex; + private String oldManSex; /**报销类型*/ @Dict(dicCode = "reimb_type") - private java.lang.String reimbType; + private String reimbType; /**护理单元*/ - private java.lang.String nuId; + private String nuId; @TableField(exist = false) - private java.lang.String advisoryTypeName; + private String advisoryTypeName; @TableField(exist = false) - private java.lang.String sexName; + private String sexName; @TableField(exist = false) - private java.lang.String sysOrgCodeName; + private String sysOrgCodeName; @TableField(exist = false) - private java.lang.String statusName; + private String statusName; @TableField(exist = false) - private java.lang.String oldManSexName; + private String oldManSexName; @TableField(exist = false) - private java.lang.String medicalInsuranceTypeName; + private String medicalInsuranceTypeName; @TableField(exist = false) - private java.lang.String reimbTypeName; + private String reimbTypeName; + @TableField(exist = false) + private String token; } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java index 5e252d8..ea5fed0 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java @@ -15,4 +15,6 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper; public interface NuBizAdvisoryInfoMapper extends BaseMapper { NuBizAdvisoryInfo getUserByTel(@Param("mobile") String mobile); + + NuBizAdvisoryInfo findByOpenId(@Param("openId")String openId); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml index 81d12c2..fd4d5e9 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml @@ -5,4 +5,7 @@ + \ No newline at end of file diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java index 40a682b..f7876e8 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java @@ -14,4 +14,6 @@ public interface INuBizAdvisoryInfoService extends IService { NuBizAdvisoryInfo queryWeixinInfo(String openId, String wechatName); NuBizAdvisoryInfo getUserByTel(String mobile); + + NuBizAdvisoryInfo findByOpenId(String openId); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java index db03f27..5cb4501 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java @@ -1,13 +1,25 @@ package com.nu.modules.NuBizAdvisoryInfo.service.impl; +import com.alibaba.fastjson.JSONObject; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.nu.modules.NuBizAdvisoryInfo.entity.NuBizAdvisoryInfo; import com.nu.modules.NuBizAdvisoryInfo.mapper.NuBizAdvisoryInfoMapper; import com.nu.modules.NuBizAdvisoryInfo.service.INuBizAdvisoryInfoService; +import org.apache.commons.lang.StringUtils; +import org.jeecg.common.api.vo.Result; +import org.jeecg.common.constant.CommonConstant; +import org.jeecg.common.system.util.JwtUtil; +import org.jeecg.common.util.RedisUtil; +import org.jeecg.common.util.oConvertUtils; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import javax.servlet.http.HttpServletRequest; +import java.util.LinkedHashMap; +import java.util.List; + /** * @Description: 咨询信息 * @Author: 张明远 @@ -17,11 +29,14 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; @Service public class NuBizAdvisoryInfoServiceImpl extends ServiceImpl implements INuBizAdvisoryInfoService { + @Autowired + private RedisUtil redisUtil; + @Override public NuBizAdvisoryInfo queryWeixinInfo(String openId, String wechatName) { QueryWrapper queryWrapper = new QueryWrapper<>(); queryWrapper.eq("open_id",openId); - queryWrapper.eq("wechat_name",wechatName); + queryWrapper.eq(StringUtils.isNotBlank(wechatName),"wechat_name",wechatName); NuBizAdvisoryInfo nuBizAdvisoryInfo = baseMapper.selectOne(queryWrapper); //查询是否有微信注册信息,没有则创建 if(nuBizAdvisoryInfo==null) { @@ -30,11 +45,37 @@ public class NuBizAdvisoryInfoServiceImpl extends ServiceImpl smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,@RequestParam(name="hkcode",required=true) String hkcode,HttpServletRequest request) { + public Result smsCode(@RequestBody Map map,HttpServletRequest request) { + String mobile = map.get("mobile"); + String smsmode = map.get("smsmode"); + String hkcode = map.get("hkcode"); +// @RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,@RequestParam(name="hkcode",required=true) String hkcode Result result = new Result(); String clientIp = IpUtils.getIpAddr(request); // //手机号模式 登录模式: "2" 注册模式: "1" @@ -882,7 +887,7 @@ public class LoginController { //------------------------------------------------------------------------------------- //随机数 - String captcha = RandomUtil.randomNumbers(6); + String captcha = RandomUtil.randomNumbers(4); JSONObject obj = new JSONObject(); obj.put("code", captcha); try { @@ -942,8 +947,17 @@ public class LoginController { } return result; } + /** + * 手机号验证码验证接口 + * @param request + * @return + */ @PostMapping("/checkPhoneCode") - public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { + public Result checkPhoneCode(@RequestBody Map map, HttpServletRequest request) { + String mobile = map.get("mobile"); + String smscode = map.get("smscode"); + String openId = map.get("openId"); +// @RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode,@RequestParam(name="openId",required=false) String openId, Result result = new Result(); String phone = mobile; //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 @@ -968,18 +982,25 @@ public class LoginController { addLoginFailOvertimes(phone); return Result.error("手机验证码错误"); } + QueryWrapper queryWrapper = new QueryWrapper<>(); + System.out.println("openId = " + openId); + queryWrapper.eq("open_id", openId); + NuBizAdvisoryInfo nuBizAdvisoryInfo = nuBizAdvisoryInfoService.getOne(queryWrapper); + nuBizAdvisoryInfo.setTel(phone); + nuBizAdvisoryInfoService.updateById(nuBizAdvisoryInfo); return result; } /** * 获取滑块code - * @param mobile * @param request * @return */ @PostMapping("/getHkCode") - public Result getHkCode(@RequestParam(name="mobile",required=true) String mobile, HttpServletRequest request) { + public Result getHkCode(@RequestBody Map map, HttpServletRequest request) { +// @RequestParam(name="mobile",required=true) String mobile + String mobile = map.get("mobile"); Result result = new Result(); String phone = mobile; //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户