From f066abcff17307733b3b0e42382ef5657f59c749 Mon Sep 17 00:00:00 2001 From: yangjun <1173114630@qq.com> Date: Wed, 28 May 2025 15:34:26 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=BB=91=E5=9D=97=E9=AA=8C?= =?UTF-8?q?=E8=AF=81=E7=A0=81=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../mapper/NuBizAdvisoryInfoMapper.java | 1 + .../mapper/xml/NuBizAdvisoryInfoMapper.xml | 3 + .../service/INuBizAdvisoryInfoService.java | 2 + .../impl/NuBizAdvisoryInfoServiceImpl.java | 5 + .../org/jeecg/config/shiro/ShiroConfig.java | 1 + nursing-unit-system/nu-system-biz/pom.xml | 8 +- .../system/controller/LoginController.java | 307 ++++++++++-------- .../src/main/resources/application-uat.yml | 8 +- 8 files changed, 193 insertions(+), 142 deletions(-) diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java index 6ec3aa2..5e252d8 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/NuBizAdvisoryInfoMapper.java @@ -14,4 +14,5 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper; */ public interface NuBizAdvisoryInfoMapper extends BaseMapper { + NuBizAdvisoryInfo getUserByTel(@Param("mobile") String mobile); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml index d4b1d8c..81d12c2 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/mapper/xml/NuBizAdvisoryInfoMapper.xml @@ -2,4 +2,7 @@ + \ No newline at end of file diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java index f3bf965..40a682b 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/INuBizAdvisoryInfoService.java @@ -12,4 +12,6 @@ import com.baomidou.mybatisplus.extension.service.IService; public interface INuBizAdvisoryInfoService extends IService { NuBizAdvisoryInfo queryWeixinInfo(String openId, String wechatName); + + NuBizAdvisoryInfo getUserByTel(String mobile); } diff --git a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java index e6a443a..db03f27 100644 --- a/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java +++ b/nursing-unit-admin/nu-admin-biz/src/main/java/com/nu/modules/NuBizAdvisoryInfo/service/impl/NuBizAdvisoryInfoServiceImpl.java @@ -32,4 +32,9 @@ public class NuBizAdvisoryInfoServiceImpl extends ServiceImplorg.jeecgframework weixin4j + + com.nursingunit.boot + nu-admin-biz + 2.0.0 + compile + - + diff --git a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java index 0a58ff8..8b030a2 100644 --- a/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java +++ b/nursing-unit-system/nu-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java @@ -5,6 +5,8 @@ import com.alibaba.fastjson.JSONObject; import com.aliyuncs.exceptions.ClientException; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.toolkit.IdWorker; +import com.nu.modules.NuBizAdvisoryInfo.entity.NuBizAdvisoryInfo; +import com.nu.modules.NuBizAdvisoryInfo.service.INuBizAdvisoryInfoService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; @@ -66,6 +68,8 @@ public class LoginController { private BaseCommonService baseCommonService; @Autowired private JeecgBaseConfig jeecgBaseConfig; + @Autowired + private INuBizAdvisoryInfoService nuBizAdvisoryInfoService; private final String BASE_CHECK_CODES = "qwertyuiplkjhgfdsazxcvbnmQWERTYUPLKJHGFDSAZXCVBNM1234567890"; @@ -395,143 +399,8 @@ public class LoginController { } - /** - * 短信验证码 - * @return - */ - @PostMapping(value = "/smsCode") - public Result smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,HttpServletRequest request) { - Result result = new Result(); - String clientIp = IpUtils.getIpAddr(request); -// //手机号模式 登录模式: "2" 注册模式: "1" - log.info("-------- IP:{}, 手机号:{},获取绑定验证码", clientIp, mobile); - - if(oConvertUtils.isEmpty(mobile)){ - result.setMessage("手机号不允许为空!"); - result.setSuccess(false); - return result; - } - - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; - Object object = redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - if (object != null) { - result.setMessage("验证码10分钟内,仍然有效!"); - result.setSuccess(false); - return result; - } - - //------------------------------------------------------------------------------------- - //增加 check防止恶意刷短信接口 - if(!DySmsLimit.canSendSms(clientIp)){ - log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp); - result.setMessage("短信接口请求太多,请稍后再试!"); - result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE); - result.setSuccess(false); - return result; - } - //------------------------------------------------------------------------------------- - - //随机数 - String captcha = RandomUtil.randomNumbers(6); - JSONObject obj = new JSONObject(); - obj.put("code", captcha); - try { - boolean b = false; - //注册模板 - if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) { - SysUser sysUser = sysUserService.getUserByPhone(mobile); - if(sysUser!=null) { - result.error500(" 手机号已经注册,请直接登录!"); - baseCommonService.addLog("手机号已经注册,请直接登录!", CommonConstant.LOG_TYPE_1, null); - return result; - } - b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE); - }else { - //登录模式,校验用户有效性 - SysUser sysUser = sysUserService.getUserByPhone(mobile); - result = sysUserService.checkUserIsEffective(sysUser); - if(!result.isSuccess()) { - String message = result.getMessage(); - String userNotExist="该用户不存在,请注册"; - if(userNotExist.equals(message)){ - result.error500("该用户不存在或未绑定手机号"); - } - return result; - } - - /** - * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 - */ - if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) { - //登录模板 - b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE); - } else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) { - //忘记密码模板 - b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE); - } - } - - if (b == false) { - result.setMessage("短信验证码发送失败,请稍后重试"); - result.setSuccess(false); - return result; - } - - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - //验证码10分钟内有效 - redisUtil.set(redisKey, captcha, 600); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - //update-begin--Author:scott Date:20190812 for:issues#391 - //result.setResult(captcha); - //update-end--Author:scott Date:20190812 for:issues#391 - result.setSuccess(true); - - } catch (ClientException e) { - e.printStackTrace(); - result.error500(" 短信接口未配置,请联系管理员!"); - return result; - } - return result; - } - @PostMapping("/checkPhoneCode") - public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { - Result result = new Result(); - String phone = mobile; - //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - if(isLoginFailOvertimes(phone)){ - return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); - } - //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - //校验用户有效性 -// SysUser sysUser = sysUserService.getUserByPhone(phone); -// result = sysUserService.checkUserIsEffective(sysUser); -// if(!result.isSuccess()) { -// return result; -// } - //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; - Object code = redisUtil.get(redisKey); - //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 - - if (!smscode.equals(code)) { - //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - addLoginFailOvertimes(phone); - //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 - return Result.error("手机验证码错误"); - } - //用户信息 -// userInfo(sysUser, result, request); - //添加日志 -// baseCommonService.addLog("用户名: " + sysUser.getUsername() + ",登录成功!", CommonConstant.LOG_TYPE_1, null); - - return result; - } @@ -937,8 +806,6 @@ public class LoginController { } return result; } - - /** * 图形验证码 * @param sysLoginModel @@ -964,4 +831,170 @@ public class LoginController { return Result.ok(); } + /** + * 短信验证码 + * @return + */ + @PostMapping(value = "/smsCode") + public Result smsCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smsmode",required=true) String smsmode,@RequestParam(name="hkcode",required=true) String hkcode,HttpServletRequest request) { + Result result = new Result(); + String clientIp = IpUtils.getIpAddr(request); +// //手机号模式 登录模式: "2" 注册模式: "1" + log.info("-------- IP:{}, 手机号:{},获取绑定验证码", clientIp, mobile); + + if(oConvertUtils.isEmpty(mobile)){ + result.setMessage("手机号不允许为空!"); + result.setSuccess(false); + return result; + } + + + String redisHKKey = CommonConstant.PHONE_REDIS_KEY_PRE+"HK"+mobile; + Object hkcoderED = redisUtil.get(redisHKKey); + if(!hkcoderED.equals(hkcode)){ + result.setMessage("非法操作,不能获取验证码!"); + result.setSuccess(false); + return result; + }else{ + + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+mobile; + Object object = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (object != null) { + result.setMessage("验证码10分钟内,仍然有效!"); + result.setSuccess(false); + return result; + } + + //------------------------------------------------------------------------------------- + //增加 check防止恶意刷短信接口 + if(!DySmsLimit.canSendSms(clientIp)){ + log.warn("--------[警告] IP地址:{}, 短信接口请求太多-------", clientIp); + result.setMessage("短信接口请求太多,请稍后再试!"); + result.setCode(CommonConstant.PHONE_SMS_FAIL_CODE); + result.setSuccess(false); + return result; + } + //------------------------------------------------------------------------------------- + + //随机数 + String captcha = RandomUtil.randomNumbers(6); + JSONObject obj = new JSONObject(); + obj.put("code", captcha); + try { + boolean b = false; + //注册模板 + if (CommonConstant.SMS_TPL_TYPE_1.equals(smsmode)) { + SysUser sysUser = sysUserService.getUserByPhone(mobile); + if(sysUser!=null) { + result.error500(" 手机号已经注册,请直接登录!"); + baseCommonService.addLog("手机号已经注册,请直接登录!", CommonConstant.LOG_TYPE_1, null); + return result; + } + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.REGISTER_TEMPLATE_CODE); + }else { + //登录模式,校验用户有效性 + NuBizAdvisoryInfo nuBizAdvisoryInfo = nuBizAdvisoryInfoService.getUserByTel(mobile); + +// SysUser sysUser = sysUserService.getUserByPhone(mobile); +// result = sysUserService.checkUserIsEffective(sysUser); + if(nuBizAdvisoryInfo == null) { + result.error500("该用户不存在或未绑定手机号"); + return result; + } + + /** + * smsmode 短信模板方式 0 .登录模板、1.注册模板、2.忘记密码模板 + */ + if (CommonConstant.SMS_TPL_TYPE_0.equals(smsmode)) { + //登录模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.LOGIN_TEMPLATE_CODE); + } else if(CommonConstant.SMS_TPL_TYPE_2.equals(smsmode)) { + //忘记密码模板 + b = DySmsHelper.sendSms(mobile, obj, DySmsEnum.FORGET_PASSWORD_TEMPLATE_CODE); + } + } + + if (b == false) { + result.setMessage("短信验证码发送失败,请稍后重试"); + result.setSuccess(false); + return result; + } + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + //验证码10分钟内有效 + redisUtil.set(redisKey, captcha, 600); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + //update-begin--Author:scott Date:20190812 for:issues#391 + //result.setResult(captcha); + //update-end--Author:scott Date:20190812 for:issues#391 + result.setSuccess(true); + + } catch (ClientException e) { + e.printStackTrace(); + result.error500(" 短信接口未配置,请联系管理员!"); + return result; + } + return result; + } + @PostMapping("/checkPhoneCode") + public Result checkPhoneCode(@RequestParam(name="mobile",required=true) String mobile,@RequestParam(name="smscode",required=true) String smscode, HttpServletRequest request) { + Result result = new Result(); + String phone = mobile; + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + if(isLoginFailOvertimes(phone)){ + return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); + } + //update-end-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + //校验用户有效性 +// SysUser sysUser = sysUserService.getUserByPhone(phone); +// result = sysUserService.checkUserIsEffective(sysUser); +// if(!result.isSuccess()) { +// return result; +// } + + + //update-begin-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone; + Object code = redisUtil.get(redisKey); + //update-end-author:taoyan date:2022-9-13 for: VUEN-2245 【漏洞】发现新漏洞待处理20220906 + + if (!smscode.equals(code)) { + addLoginFailOvertimes(phone); + return Result.error("手机验证码错误"); + } + + return result; + } + + /** + * 获取滑块code + * @param mobile + * @param request + * @return + */ + @PostMapping("/getHkCode") + public Result getHkCode(@RequestParam(name="mobile",required=true) String mobile, HttpServletRequest request) { + Result result = new Result(); + String phone = mobile; + //update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户 + if(isLoginFailOvertimes(phone)){ + return result.error500("该用户登录失败次数过多,请于10分钟后再次登录!"); + } + + String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+"HK"+phone; + //随机数 + String captcha = RandomUtil.randomNumbers(6); + redisUtil.set(redisKey, captcha, 600); + result.setMessage(captcha); + + return result; + } + + } diff --git a/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml b/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml index 3fb93f8..82eba25 100644 --- a/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml +++ b/nursing-unit-system/nu-system-start/src/main/resources/application-uat.yml @@ -255,14 +255,14 @@ jeecg: excludeUrls: /test/jeecgDemo/demo3,/test/jeecgDemo/redisDemo/**,/bigscreen/category/**,/bigscreen/visual/**,/bigscreen/map/**,/jmreport/bigscreen2/** #阿里云oss存储和大鱼短信秘钥配置 oss: - accessKey: ?? - secretKey: ?? + accessKey: LTAI5tB9WHDf3BZsTcQ64Knc + secretKey: QWwOazCWWZxV7ovqgGGfSCpQcUevUZ endpoint: oss-cn-beijing.aliyuncs.com bucketName: jeecgdev # 短信模板 sms-template: # 签名 - signature: + signature: 吉林省捌零信创科技 # 模板code templateCode: # 登录短信、忘记密码模板编码 @@ -270,7 +270,7 @@ jeecg: # 修改密码短信模板编码 SMS_465391221: # 注册账号短信模板编码 - SMS_175430166: + SMS_175430166: SMS_319245237 # 在线预览文件服务器地址配置 file-view-domain: http://fileview.jeecg.com # minio文件上传