Skip to content

A
api
Commit 8b98afac by zt
Options

修改

parent e4d56bbc
Showing with 133 additions and 46 deletions
resources/mapper/modules/user/UserDao.xml
...@@ -904,4 +904,12 @@ ...@@ -904,4 +904,12 @@
</if> </if>
ORDER BY r.login_date DESC ORDER BY r.login_date DESC
</select> </select>
<select id="findByIp" resultType="com.ejweb.modules.user.bean.LoginIpInfo">
select black_ip from sys_login_blacklist where black_ip = #{userIp}
</select>
<insert id="insertInfoByIp" parameterType="string">
insert into sys_login_blacklist(black_ip,create_time) values (#{userIp},DATE_FORMAT(now(),'%Y-%m-%d %k:%i:%s'))
</insert>
</mapper> </mapper>
\ No newline at end of file
src/com/ejweb/core/util/RedisUtils.java
...@@ -18,28 +18,21 @@ public class RedisUtils { ...@@ -18,28 +18,21 @@ public class RedisUtils {
private JedisPool jedisPool; private JedisPool jedisPool;
/** /**
* 通过key 对value进行加值+1操作,当value不是int类型时会返回错误,当key不存在是则value为1 * 判断key是否存在
* 自增不取消过期时间
* *
* @param key * @param key
* @return 加值后的结果 * @param indexDb
*/ * @return boolean
public Long incrNotResetExpireTime(String key, int indexDb) { **/
Jedis jedis = null; public boolean exists(String key,int indexDb) {
Long res = null; Jedis jedis = jedisPool.getResource();
try { jedis.select(indexDb);
jedis = jedisPool.getResource(); boolean exist = jedis.exists(key);
jedis.select(indexDb); if (null != jedis && null != jedisPool) {
Long expireTime = jedis.pttl(key); returnResource(jedisPool, jedis);
res = jedis.incr(key); }
jedis.expireAt(key, expireTime); return exist;
} catch (Exception e) { }
log.error(e.getMessage());
} finally {
returnResource(jedisPool, jedis);
}
return res;
}
/** /**
* 删除key * 删除key
......
src/com/ejweb/modules/user/api/UserController.java
...@@ -136,46 +136,38 @@ public class UserController { ...@@ -136,46 +136,38 @@ public class UserController {
public ResponseBean login(HttpServletRequest request, RequestBean requestBean,String userIp) { public ResponseBean login(HttpServletRequest request, RequestBean requestBean,String userIp) {
//获取redis的库 //获取redis的库
int indexDb = Integer.valueOf(PropertiesUtils.getProperties().get("redis.dbIndex").toString()); int indexDb = Integer.valueOf(PropertiesUtils.getProperties().get("redis.dbIndex").toString());
//ip受限时间与次数
int ipWithinSeconds = Integer.valueOf(PropertiesUtils.getProperties().get("ipWithinSeconds").toString());
int ipLimitTimes = Integer.valueOf(PropertiesUtils.getProperties().get("ipLimitTimes").toString());
long startTime = System.nanoTime(); long startTime = System.nanoTime();
ResponseBean responseBean = new ResponseBean(); ResponseBean responseBean = new ResponseBean();
String message = userService.validate(requestBean); String message = userService.validate(requestBean);
LoginBean loginBean = requestBean.getObjectBean(LoginBean.class); LoginBean loginBean = requestBean.getObjectBean(LoginBean.class);
message = userService.validate(loginBean); message = userService.validate(loginBean);
if (message == null) { if (message == null) {
//todo 在查用户名数据库之前先查一下数据库 ip限制,如果有ip限制,则直接返回 LoginIpInfo loginIpInfo = userService.findByIp(userIp);
if(true){ if(loginIpInfo != null){
responseBean.setStatus(ErrorCode.STATUS_CODE_4102); responseBean.setStatus(ErrorCode.STATUS_CODE_4102);
responseBean.setMessage("IP受限!"); responseBean.setMessage("IP受限!请联系管理员");
long endTime = System.nanoTime();
long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4102]总共用时:"+Util.getDurationTime(duration));
return responseBean;
} }
LoginUserEntity userEntity = userService.findUserByLoginName(loginBean); LoginUserEntity userEntity = userService.findUserByLoginName(loginBean);
// 查询不到用户信息 // 查询不到用户信息
if(userEntity == null){ if(userEntity == null){
if(redisUtils.get(userIp,indexDb) == null){
redisUtils.set(userIp,1,indexDb);
redisUtils.expire(userIp,ipWithinSeconds,indexDb);
}else {
redisUtils.incrNotResetExpireTime(userIp,indexDb);
if (Integer.valueOf(redisUtils.get(userIp,indexDb)) >= ipLimitTimes ){
//todo 存入数据库清除key
redisUtils.del(userIp,indexDb);
}
}
responseBean.setStatus(ErrorCode.STATUS_CODE_4102); responseBean.setStatus(ErrorCode.STATUS_CODE_4102);
responseBean.setMessage("用户名不存在"); responseBean.setMessage("用户名不存在");
//判断ip限制
checkIpLimit(redisUtils,userIp,indexDb,responseBean);
long endTime = System.nanoTime(); long endTime = System.nanoTime();
long duration = endTime - startTime; long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4102]总共用时:"+Util.getDurationTime(duration)); LOG.debug("[UserController login][STATUS_CODE_4102]总共用时:"+Util.getDurationTime(duration));
return responseBean; return responseBean;
} else if (GConstants.NO.equals(userEntity.getLoginFlag())) {// 用户被查封 } else if (GConstants.NO.equals(userEntity.getLoginFlag())) {// 用户被查封
responseBean.setStatus(ErrorCode.STATUS_CODE_4101); responseBean.setStatus(ErrorCode.STATUS_CODE_4101);
responseBean.setMessage("该帐号已禁止登录"); responseBean.setMessage("该帐号已禁止登录");
//判断ip限制
checkIpLimit(redisUtils,userIp,indexDb,responseBean);
long endTime = System.nanoTime(); long endTime = System.nanoTime();
long duration = endTime - startTime; long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4101]总共用时:"+Util.getDurationTime(duration)); LOG.debug("[UserController login][STATUS_CODE_4101]总共用时:"+Util.getDurationTime(duration));
...@@ -183,7 +175,8 @@ public class UserController { ...@@ -183,7 +175,8 @@ public class UserController {
} else if (!"2".equals(userEntity.getUserType()) && !"4".equals(userEntity.getUserType()) && !"6".equals(userEntity.getUserType())) { //不是内部联系人 通讯录联系人不允许登陆 } else if (!"2".equals(userEntity.getUserType()) && !"4".equals(userEntity.getUserType()) && !"6".equals(userEntity.getUserType())) { //不是内部联系人 通讯录联系人不允许登陆
responseBean.setStatus(ErrorCode.STATUS_CODE_4101); responseBean.setStatus(ErrorCode.STATUS_CODE_4101);
responseBean.setMessage("当前用户类型不允许登陆,请联系系统管理员"); responseBean.setMessage("当前用户类型不允许登陆,请联系系统管理员");
//判断ip限制
checkIpLimit(redisUtils,userIp,indexDb,responseBean);
long endTime = System.nanoTime(); long endTime = System.nanoTime();
long duration = endTime - startTime; long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4101]总共用时:"+Util.getDurationTime(duration)); LOG.debug("[UserController login][STATUS_CODE_4101]总共用时:"+Util.getDurationTime(duration));
...@@ -204,19 +197,23 @@ public class UserController { ...@@ -204,19 +197,23 @@ public class UserController {
if (passwordError){ if (passwordError){
responseBean.setStatus(ErrorCode.STATUS_CODE_4103); responseBean.setStatus(ErrorCode.STATUS_CODE_4103);
responseBean.setMessage("用户名密码不匹配!"); responseBean.setMessage("用户名密码不匹配!");
//判断ip限制
checkIpLimit(redisUtils,userIp,indexDb,responseBean);
long endTime = System.nanoTime(); long endTime = System.nanoTime();
long duration = endTime - startTime; long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4103]总共用时:"+Util.getDurationTime(duration)); LOG.debug("[UserController login][STATUS_CODE_4103]总共用时:"+Util.getDurationTime(duration));
return responseBean; return responseBean;
} else { } else {
if(StringUtils.isNotBlank(loginBean.getVerifyCode())){// 校验码登录 // 校验码登录
if(StringUtils.isNotBlank(loginBean.getVerifyCode())){
MobileVerifyEntity entity = mobileVerifyService.getVerifyCode(loginBean.getLoginName(), loginBean.getVerifyCode()); MobileVerifyEntity entity = mobileVerifyService.getVerifyCode(loginBean.getLoginName(), loginBean.getVerifyCode());
if(entity == null){// 校验码不存在 // 校验码不存在
if(entity == null){
responseBean.setStatus(ErrorCode.STATUS_CODE_4104); responseBean.setStatus(ErrorCode.STATUS_CODE_4104);
responseBean.setMessage("校验码错误"); responseBean.setMessage("校验码错误");
//判断ip限制
checkIpLimit(redisUtils,userIp,indexDb,responseBean);
long endTime = System.nanoTime(); long endTime = System.nanoTime();
long duration = endTime - startTime; long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4104]总共用时:"+Util.getDurationTime(duration)); LOG.debug("[UserController login][STATUS_CODE_4104]总共用时:"+Util.getDurationTime(duration));
...@@ -225,7 +222,8 @@ public class UserController { ...@@ -225,7 +222,8 @@ public class UserController {
responseBean.setStatus(ErrorCode.STATUS_CODE_4105); responseBean.setStatus(ErrorCode.STATUS_CODE_4105);
responseBean.setMessage("校验码已失效"); responseBean.setMessage("校验码已失效");
//判断ip限制
checkIpLimit(redisUtils,userIp,indexDb,responseBean);
long endTime = System.nanoTime(); long endTime = System.nanoTime();
long duration = endTime - startTime; long duration = endTime - startTime;
LOG.debug("[UserController login][STATUS_CODE_4105]总共用时:"+Util.getDurationTime(duration)); LOG.debug("[UserController login][STATUS_CODE_4105]总共用时:"+Util.getDurationTime(duration));
...@@ -355,6 +353,8 @@ public class UserController { ...@@ -355,6 +353,8 @@ public class UserController {
responseBean.setMessage(message); responseBean.setMessage(message);
return responseBean; return responseBean;
} }
public boolean sendVerifyCode(String telephone, String verifyCode) { public boolean sendVerifyCode(String telephone, String verifyCode) {
try { try {
HCFetcher fetcher = HCFetcher.getInstance(); HCFetcher fetcher = HCFetcher.getInstance();
...@@ -1023,4 +1023,29 @@ public class UserController { ...@@ -1023,4 +1023,29 @@ public class UserController {
responseBean.setStatus(ErrorCode.STATUS_CODE_4001); responseBean.setStatus(ErrorCode.STATUS_CODE_4001);
return responseBean; return responseBean;
} }
private void checkIpLimit(RedisUtils redisUtils, String userIp, int indexDb, ResponseBean responseBean) {
//ip受限时间与次数
int ipWithinSeconds = Integer.valueOf(PropertiesUtils.getProperties().get("ipWithinSeconds").toString());
int ipLimitTimes = Integer.valueOf(PropertiesUtils.getProperties().get("ipLimitTimes").toString());
//如果redis没有key
if(!redisUtils.exists(userIp,indexDb)){
redisUtils.set(userIp,1,indexDb);
//设置过期时间
redisUtils.expire(userIp,ipWithinSeconds,indexDb);
}else {
//如果存在key
redisUtils.incrNotResetExpireTime(userIp,indexDb);
if (Integer.valueOf(redisUtils.get(userIp,indexDb)) >= ipLimitTimes ){
redisUtils.del(userIp,indexDb);
userService.insertInfoByIp(userIp);
responseBean.setMessage("IP受限!请联系管理员");
}
}
}
} }
src/com/ejweb/modules/user/bean/LoginIpInfo.java 0 → 100644
package com.ejweb.modules.user.bean;
import java.util.Date;
/**
* 登录Ip信息
*
* @author zangtao
* @create 2019 - 09 -24 10:06
*/
public class LoginIpInfo {
private Integer id;
private String blackIp;
private Date createTime;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getBlackIp() {
return blackIp;
}
public void setBlackIp(String blackIp) {
this.blackIp = blackIp;
}
public Date getCreateTime() {
return createTime;
}
public void setCreateTime(Date createTime) {
this.createTime = createTime;
}
}
src/com/ejweb/modules/user/dao/UserDao.java
...@@ -101,4 +101,8 @@ public interface UserDao extends CurdDao<UserEntity> { ...@@ -101,4 +101,8 @@ public interface UserDao extends CurdDao<UserEntity> {
public void updateOuterUser(OuterUserBean bean); public void updateOuterUser(OuterUserBean bean);
List<UserLoginLogEntity> findUserLoginLogList(UserLoginLogEntity userLoginLogEntity); List<UserLoginLogEntity> findUserLoginLogList(UserLoginLogEntity userLoginLogEntity);
LoginIpInfo findByIp(@Param("userIp") String userIp);
void insertInfoByIp(@Param("userIp") String userIp);
} }
src/com/ejweb/modules/user/service/UserService.java
...@@ -658,4 +658,18 @@ public class UserService extends CurdService<UserDao, UserEntity> { ...@@ -658,4 +658,18 @@ public class UserService extends CurdService<UserDao, UserEntity> {
public List<UserLoginLogEntity> findUserLoginLogList(UserLoginLogEntity userLoginLogEntity) { public List<UserLoginLogEntity> findUserLoginLogList(UserLoginLogEntity userLoginLogEntity) {
return dao.findUserLoginLogList(userLoginLogEntity); return dao.findUserLoginLogList(userLoginLogEntity);
} }
/**
* 查找IP
*
* @param userIp
* @return
*/
public LoginIpInfo findByIp(String userIp) {
return dao.findByIp(userIp);
}
public void insertInfoByIp(String userIp) {
dao.insertInfoByIp(userIp);
}
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment