提交逻辑查询更改

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/LogiticsCompanyController.java

@@ -41,9 +41,9 @@ public class LogiticsCompanyController {
     @Autowired
     private LogiticsCompanyService companyService;
 
-    @RequestMapping(value = "/getAll", method = RequestMethod.GET)
+    @RequestMapping(value = "/getAll", method = RequestMethod.POST)
     @ApiOperation(value = "获取全部数据")
-    public Result<List<LogiticsCompany>> getAll(LogiticsCompany company) {
+    public Result<List<LogiticsCompany>> getAll(@RequestBody LogiticsCompany company) {
         List<LogiticsCompany> list = companyService.findByCondition(company);
         return new ResultUtil<List<LogiticsCompany>>().setData(list);
     }

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerAuthController.java

@@ -5,22 +5,25 @@ import cc.hiver.core.common.annotation.SystemLog;
 import cc.hiver.core.common.constant.CommonConstant;
 import cc.hiver.core.common.constant.MessageConstant;
 import cc.hiver.core.common.constant.SettingConstant;
+import cc.hiver.core.common.constant.WorkerConstant;
 import cc.hiver.core.common.enums.LogType;
 import cc.hiver.core.common.exception.HiverException;
 import cc.hiver.core.common.redis.RedisTemplateHelper;
 import cc.hiver.core.common.sms.SmsUtil;
 import cc.hiver.core.common.utils.*;
 import cc.hiver.core.common.vo.Result;
+import cc.hiver.core.config.properties.HiverTokenProperties;
 import cc.hiver.core.entity.Worker;
 import cc.hiver.core.service.WorkerService;
 import cc.hiver.core.vo.WorkerDetailVO;
-import cc.hiver.mall.common.constant.WorkerConstant;
 import cn.hutool.core.util.StrUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheConfig;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
 
@@ -37,6 +40,7 @@ import java.util.concurrent.TimeUnit;
 @RestController
 @Api(tags = "订单工登录接口")
 @RequestMapping("/hiver/auth/worker")
+@CacheConfig(cacheNames = "worker")
 @Transactional
 public class WorkerAuthController {
 
@@ -55,6 +59,18 @@ public class WorkerAuthController {
     @Autowired
     private SmsUtil smsUtil;
 
+    @Autowired
+    private HiverTokenProperties tokenProperties;
+
+    public static final String LOGIN_FAIL_FLAG = "WORKER_LOGIN_FAIL_FLAG:";
+
+    public static final String LOGIN_TIME_LIMIT = "WORKER_LOGIN_TIME_LIMIT:";
+
+    public static final Integer LOGIN_FAIL_TIP_TIME = 3;
+
+
+    public static final String WORKER = "worker::";
+
     @RequestMapping(value = "/app/login/{workerId}", method = RequestMethod.POST)
     @ApiOperation(value = "app抢单登录接口")
     public Result login(@ApiParam("唯一id标识") @PathVariable String workerId, HttpSession httpSession) {
@@ -120,7 +136,82 @@ public class WorkerAuthController {
     }
 
 
-    @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.POST)
+    @RequestMapping(value = "/login", method = RequestMethod.POST)
+    @SystemLog(description = "账号登录", type = LogType.LOGIN)
+    @ApiOperation(value = "账号登录")
+    public Result login(@RequestParam String username,
+                        @RequestParam String password) {
+        boolean saveLogin = true;
+        String loginFailKey = LOGIN_FAIL_FLAG + username;
+        String loginTimeKey = LOGIN_TIME_LIMIT + username;
+
+        String valueFailFlag = redisTemplate.get(loginFailKey);
+        Long timeRest = redisTemplate.getExpire(loginFailKey, TimeUnit.MINUTES);
+        if (StrUtil.isNotBlank(valueFailFlag)) {
+            // 超过限制次数
+            return ResultUtil.error("登录错误次数超过限制，请" + timeRest + "分钟后再试");
+        }
+        Worker worker = securityUtil.checkWorkerPassword(username, password);
+        if (worker == null) {
+            // 记录密码错误次数
+            String valueTime = redisTemplate.get(loginTimeKey);
+            if (StrUtil.isBlank(valueTime)) {
+                valueTime = "0";
+            }
+            // 获取已登录错误次数
+            Integer loginFailTime = Integer.parseInt(valueTime) + 1;
+            redisTemplate.set(loginTimeKey, loginFailTime.toString(), tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES);
+            if (loginFailTime >= tokenProperties.getLoginTimeLimit()) {
+                redisTemplate.set(loginFailKey, "FAIL", tokenProperties.getLoginAfterTime(), TimeUnit.MINUTES);
+            }
+            int restLoginTime = tokenProperties.getLoginTimeLimit() - loginFailTime;
+            if (restLoginTime > 0 && restLoginTime <= LOGIN_FAIL_TIP_TIME) {
+                return ResultUtil.error("账号或密码错误，还有" + restLoginTime + "次尝试机会");
+            } else if (restLoginTime <= 0) {
+                return ResultUtil.error("登录错误次数超过限制，请" + tokenProperties.getLoginAfterTime() + "分钟后再试");
+            }
+            return ResultUtil.error("账号或密码错误");
+        }
+        String accessToken = securityUtil.getAppYSToken(worker, saveLogin);
+        return ResultUtil.data(accessToken);
+    }
+
+    /**
+     * 线上demo不允许测试账号改密码
+     *
+     * @param password
+     * @param newPass
+     * @return
+     */
+    @RequestMapping(value = "/modifyPass", method = RequestMethod.POST)
+    @ApiOperation(value = "修改密码")
+    public Result modifyPass(@ApiParam("旧密码") @RequestParam String password,
+                             @ApiParam("新密码") @RequestParam String newPass) {
+        Worker worker = securityUtil.getCurrWorker();
+        if (!new BCryptPasswordEncoder().matches(password, worker.getPassword())) {
+            return ResultUtil.error("旧密码不正确");
+        }
+        String newEncryptPass = new BCryptPasswordEncoder().encode(newPass);
+        worker.setPassword(newEncryptPass);
+        workerService.update(worker);
+        // 手动更新缓存
+        redisTemplate.delete(WORKER + worker.getUsername());
+        return ResultUtil.success("修改密码成功");
+    }
+
+    @RequestMapping(value = "/resetPass", method = RequestMethod.POST)
+    @ApiOperation(value = "重置密码")
+    public Result resetPass(@RequestParam String[] ids) {
+        for (String id : ids) {
+            Worker u = workerService.get(id);
+            u.setPassword(new BCryptPasswordEncoder().encode("123456"));
+            workerService.update(u);
+            redisTemplate.delete(WORKER + u.getUsername());
+        }
+        return ResultUtil.success("操作成功");
+    }
+
+    @RequestMapping(value = "/app/info/{workerId}", method = RequestMethod.GET)
     @ApiOperation(value = "app端查询订单工详情页")
     public Result disable(@ApiParam("用户唯一id标识") @PathVariable String workerId) {
         Worker worker = workerService.get(workerId);

hiver-modules/hiver-mall/src/main/java/cc/hiver/mall/controller/WorkerController.java

@@ -53,7 +53,7 @@ public class WorkerController {
     }
 
 
-    @RequestMapping(value = "/getWXByCondition", method = RequestMethod.GET)
+    @RequestMapping(value = "/getWXByCondition", method = RequestMethod.POST)
     @ApiOperation(value = "多条件获取订单列表-小程序")
     public Result<List<Worker>> getByCondition(@RequestBody WorkerQueryVO worker) {
         List<Worker> workerList = workerService.findByCondition(worker);