add

2023-06-13 09:41:20 +08:00
parent 95bae3f9b3
commit 42781d03c8
6 changed files with 29 additions and 19 deletions
--- a/qiaoba-modules/qiaoba-module-system/src/main/java/com/qiaoba/module/system/service/impl/SysLoginServiceImpl.java
+++ b/qiaoba-modules/qiaoba-module-system/src/main/java/com/qiaoba/module/system/service/impl/SysLoginServiceImpl.java
@ -3,7 +3,6 @@ package com.qiaoba.module.system.service.impl;
 import cn.hutool.captcha.CaptchaUtil;
 import cn.hutool.captcha.LineCaptcha;
 import cn.hutool.core.lang.UUID;
-import cn.hutool.core.thread.ThreadUtil;
 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.http.useragent.UserAgent;
@ -31,6 +30,7 @@ import javax.servlet.http.HttpServletRequest;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Objects;

 /**
 * 登录 服务层实现
@ -120,20 +120,26 @@ public class SysLoginServiceImpl implements SysLoginService {
        // 开启->继续
        // 错误次数是否到达允许最大错误次数
        Integer maxAllowCount = authConfigApiService.getAllowMaxErrorCount();
-        Integer ipErrorCount = redisService.getObject(SecurityConstant.LOGIN_ERROR_COUNT + ip, Integer.class);
+        Integer ipErrorCount = getIpErrorCount(ip);
        if (ipErrorCount >= maxAllowCount) {
            // 是-> 进入黑名单库 && 返回"IP已被拉黑"
-            redisService.set(SecurityConstant.BLACKLIST_KEY + ip, username, authConfigApiService.getBlacklistExpireTime());
+            redisService.set(SecurityConstant.BLACKLIST_KEY + ip, username, 60 * authConfigApiService.getBlacklistExpireTime());
+            redisService.del(SecurityConstant.LOGIN_ERROR_COUNT + ip);
            return SecurityConstant.HAS_BEEN_PULLED_BLACK;
        } else {
            //  否-> 错误次数+1 && 返回"你还剩xx次错误机会"
            ipErrorCount++;
-            redisService.set(SecurityConstant.LOGIN_ERROR_COUNT + ip, ipErrorCount);
-            return StrUtil.format("密码错误, 还有[{}]次错误机会", ipErrorCount);
+            redisService.set(SecurityConstant.LOGIN_ERROR_COUNT + ip, ipErrorCount, 600);
+            return StrUtil.format("密码错误, 还有[{}]次错误机会", (maxAllowCount - ipErrorCount));
        }

    }

+    private Integer getIpErrorCount(String ip) {
+        Object ipErrorCount = redisService.get(SecurityConstant.LOGIN_ERROR_COUNT + ip);
+        return Objects.isNull(ipErrorCount) ? 0 : Integer.parseInt(ipErrorCount.toString());
+    }
+
    private void validateUser(String username, SysUser user) {
        if (ObjectUtil.isNull(user)) {
            throw new ServiceException(StrUtil.format("登录用户：{} 不存在", username));