diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java index 017a9b7a..6557ce61 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java @@ -41,9 +41,9 @@ public class LogiticsCompanyController { @Autowired private LogiticsCompanyService companyService; - @RequestMapping(value = "/getAll", method = RequestMethod.GET) + @RequestMapping(value = "/getAll", method = RequestMethod.POST) @ApiOperation(value = "获取全部数据") - public Result> getAll(LogiticsCompany company) { + public Result> getAll(@RequestBody LogiticsCompany company) { List list = companyService.findByCondition(company); return new ResultUtil>().setData(list); } diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java index 296cd5f5..c8604c6f 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java @@ -5,22 +5,25 @@ import cc.hiver.core.common.annotation.SystemLog; import cc.hiver.core.common.constant.CommonConstant; import cc.hiver.core.common.constant.MessageConstant; import cc.hiver.core.common.constant.SettingConstant; +import cc.hiver.core.common.constant.WorkerConstant; import cc.hiver.core.common.enums.LogType; import cc.hiver.core.common.exception.HiverException; import cc.hiver.core.common.redis.RedisTemplateHelper; import cc.hiver.core.common.sms.SmsUtil; import cc.hiver.core.common.utils.*; import cc.hiver.core.common.vo.Result; +import cc.hiver.core.config.properties.HiverTokenProperties; import cc.hiver.core.entity.Worker; import cc.hiver.core.service.WorkerService; import cc.hiver.core.vo.WorkerDetailVO; -import cc.hiver.mall.common.constant.WorkerConstant; import cn.hutool.core.util.StrUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.cache.annotation.CacheConfig; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; @@ -37,6 +40,7 @@ import java.util.concurrent.TimeUnit; @RestController @Api(tags = "订单工登录接口") @RequestMapping("/hiver/auth/worker") +@CacheConfig(cacheNames = "worker") @Transactional public class WorkerAuthController { @@ -55,6 +59,18 @@ public class WorkerAuthController { @Autowired private SmsUtil smsUtil; + @Autowired + private HiverTokenProperties tokenProperties; + + public static final String LOGIN_FAIL_FLAG = "WORKER_LOGIN_FAIL_FLAG:"; + + public static final String LOGIN_TIME_LIMIT = "WORKER_LOGIN_TIME_LIMIT:"; + + public static final Integer LOGIN_FAIL_TIP_TIME = 3; + + + public static final String WORKER = "worker::"; + @RequestMapping(value = "/app/login/{workerId}", method = RequestMethod.POST) @ApiOperation(value = "app抢单登录接口") public Result login(@ApiParam("唯一id标识") @PathVariable String workerId, HttpSession httpSession) { @@ -120,7 +136,82 @@ public class WorkerAuthController { } - @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.POST) + @RequestMapping(value = "/login", method = RequestMethod.POST) + @SystemLog(description = "账号登录", type = LogType.LOGIN) + @ApiOperation(value = "账号登录") + public Result login(@RequestParam String username, + @RequestParam String password) { + boolean saveLogin = true; + String loginFailKey = LOGIN_FAIL_FLAG + username; + String loginTimeKey = LOGIN_TIME_LIMIT + username; + + String valueFailFlag = redisTemplate.get(loginFailKey); + Long timeRest = redisTemplate.getExpire(loginFailKey, TimeUnit.MINUTES); + if (StrUtil.isNotBlank(valueFailFlag)) { + // 超过限制次数 + return ResultUtil.error("登录错误次数超过限制,请" + timeRest + "分钟后再试"); + } + Worker worker = securityUtil.checkWorkerPassword(username, password); + if (worker == null) { + // 记录密码错误次数 + String valueTime = redisTemplate.get(loginTimeKey); + if (StrUtil.isBlank(valueTime)) { + valueTime = "0"; + } + // 获取已登录错误次数 + Integer loginFailTime = Integer.parseInt(valueTime) + 1; + redisTemplate.set(loginTimeKey, loginFailTime.toString(), tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES); + if (loginFailTime >= tokenProperties.getLoginTimeLimit()) { + redisTemplate.set(loginFailKey, "FAIL", tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES); + } + int restLoginTime = tokenProperties.getLoginTimeLimit() - loginFailTime; + if (restLoginTime > 0 && restLoginTime <= LOGIN_FAIL_TIP_TIME) { + return ResultUtil.error("账号或密码错误,还有" + restLoginTime + "次尝试机会"); + } else if (restLoginTime <= 0) { + return ResultUtil.error("登录错误次数超过限制,请" + tokenProperties.getLoginAfterTime() + "分钟后再试"); + } + return ResultUtil.error("账号或密码错误"); + } + String accessToken = securityUtil.getAppYSToken(worker, saveLogin); + return ResultUtil.data(accessToken); + } + + /** + * 线上demo不允许测试账号改密码 + * + * @param password + * @param newPass + * @return + */ + @RequestMapping(value = "/modifyPass", method = RequestMethod.POST) + @ApiOperation(value = "修改密码") + public Result modifyPass(@ApiParam("旧密码") @RequestParam String password, + @ApiParam("新密码") @RequestParam String newPass) { + Worker worker = securityUtil.getCurrWorker(); + if (!new BCryptPasswordEncoder().matches(password, worker.getPassword())) { + return ResultUtil.error("旧密码不正确"); + } + String newEncryptPass = new BCryptPasswordEncoder().encode(newPass); + worker.setPassword(newEncryptPass); + workerService.update(worker); + // 手动更新缓存 + redisTemplate.delete(WORKER + worker.getUsername()); + return ResultUtil.success("修改密码成功"); + } + + @RequestMapping(value = "/resetPass", method = RequestMethod.POST) + @ApiOperation(value = "重置密码") + public Result resetPass(@RequestParam String[] ids) { + for (String id : ids) { + Worker u = workerService.get(id); + u.setPassword(new BCryptPasswordEncoder().encode("123456")); + workerService.update(u); + redisTemplate.delete(WORKER + u.getUsername()); + } + return ResultUtil.success("操作成功"); + } + + @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.GET) @ApiOperation(value = "app端查询订单工详情页") public Result disable(@ApiParam("用户唯一id标识") @PathVariable String workerId) { Worker worker = workerService.get(workerId); diff --git a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java index 19cdcf35..b6265d17 100644 --- a/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java +++ b/hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java @@ -53,7 +53,7 @@ public class WorkerController { } - @RequestMapping(value = "/getWXByCondition", method = RequestMethod.GET) + @RequestMapping(value = "/getWXByCondition", method = RequestMethod.POST) @ApiOperation(value = "多条件获取订单列表-小程序") public Result> getByCondition(@RequestBody WorkerQueryVO worker) { List workerList = workerService.findByCondition(worker);