用户登陆检测

yudao-module-system/src/main/java/cn/iocoder/yudao/module/system/dal/redis/RedisKeyConstants.java

@@ -107,4 +107,9 @@ public interface RedisKeyConstants {
      */
     String WXA_SUBSCRIBE_TEMPLATE = "wxa_subscribe_template";
 
+    /**
+     * ISCS缓存数据头
+     */
+    public static final String ISCS_ATTR = "iscs_attr:";
+
 }

yudao-module-system/src/main/java/cn/iocoder/yudao/module/system/dal/vo/UserBlackVo.java

@@ -0,0 +1,25 @@
+package cn.iocoder.yudao.module.system.dal.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+/**
+ * 用户黑名单信息
+ *
+ * @author guoruan
+ */
+@Data
+public class UserBlackVo {
+    @Schema(description = "记录ID")
+    public Long recordId;
+
+    @Schema(description = "用户ID")
+    public Long userId;
+
+    @Schema(description = "模块")
+    public String module;
+
+    @Schema(description = "物资柜ID")
+    public Long cabinetId;
+
+}

yudao-module-system/src/main/java/cn/iocoder/yudao/module/system/enums/ErrorCodeConstants.java

@@ -16,6 +16,8 @@ public interface ErrorCodeConstants {
     ErrorCode AUTH_THIRD_LOGIN_NOT_BIND = new ErrorCode(1_002_000_005, "未绑定账号，需要进行绑定");
     ErrorCode AUTH_MOBILE_NOT_EXISTS = new ErrorCode(1_002_000_007, "手机号不存在");
     ErrorCode AUTH_REGISTER_CAPTCHA_CODE_ERROR = new ErrorCode(1_002_000_008, "验证码不正确，原因：{}");
+    ErrorCode AUTH_USER_BLACK = new ErrorCode(1_002_000_009, "对不起，您的账号：{} 已被拉入 {} 模块黑名单，暂时无法登录！");
+    ErrorCode AUTH_USER_LACK_ROLE = new ErrorCode(1_002_000_010, "对不起，您的账号：{} 缺失角色权限，暂时无法登录。请前往角色或基础数据配置！");
 
     // ========== 菜单模块 1-002-001-000 ==========
     ErrorCode MENU_NAME_DUPLICATE = new ErrorCode(1_002_001_000, "已经存在该名字的菜单");

yudao-module-system/src/main/java/cn/iocoder/yudao/module/system/service/auth/AdminAuthServiceImpl.java

@@ -22,6 +22,7 @@ import cn.iocoder.yudao.module.system.enums.sms.SmsSceneEnum;
 import cn.iocoder.yudao.module.system.service.logger.LoginLogService;
 import cn.iocoder.yudao.module.system.service.member.MemberService;
 import cn.iocoder.yudao.module.system.service.oauth2.OAuth2TokenService;
+import cn.iocoder.yudao.module.system.service.permission.RoleService;
 import cn.iocoder.yudao.module.system.service.social.SocialUserService;
 import cn.iocoder.yudao.module.system.service.user.AdminUserService;
 import com.anji.captcha.model.common.ResponseModel;
@@ -33,6 +34,7 @@ import jakarta.validation.Validator;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -67,6 +69,10 @@ public class AdminAuthServiceImpl implements AdminAuthService {
     private CaptchaService captchaService;
     @Resource
     private SmsCodeApi smsCodeApi;
+    @Resource
+    private RoleService roleService;
+    @Resource
+    private StringRedisTemplate stringRedisTemplate;
 
     /**
      * 验证码的开关，默认为 true
@@ -84,6 +90,7 @@ public class AdminAuthServiceImpl implements AdminAuthService {
             createLoginLog(null, username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
         }
+        // 登录失败，账号密码不正确
         if (!userService.isPasswordMatch(password, user.getPassword())) {
             createLoginLog(user.getId(), username, logTypeEnum, LoginResultEnum.BAD_CREDENTIALS);
             throw exception(AUTH_LOGIN_BAD_CREDENTIALS);
@@ -93,9 +100,60 @@ public class AdminAuthServiceImpl implements AdminAuthService {
             createLoginLog(user.getId(), username, logTypeEnum, LoginResultEnum.USER_DISABLED);
             throw exception(AUTH_LOGIN_USER_DISABLED);
         }
+        // 新增登录校验规则
+        // addAuthenticate(user, username);
         return user;
     }
 
+    /*public void addAuthenticate(AdminUserDO user, String username) {
+        // 检查用户在该模块是否是黑名单
+        String headerModule = ServletUtils.getRequest().getHeader("Module");
+        // 1.获取用户黑名单
+        List<UserBlackVo> userBlackList = userService.getUserBlackList(user.getId());
+        if (!userBlackList.isEmpty()) {
+            for (UserBlackVo userBlackVo : userBlackList) {
+                String module = DictUtils.getDictLabel("module", userBlackVo.getModule());
+                if (StringUtils.isNotBlank(headerModule) && headerModule.equals(module)) {
+                    log.info("登录用户：{} 已被拉入 {} 模块黑名单.", username, module);
+                    throw exception(AUTH_USER_BLACK, username, module);
+                }
+            }
+        }
+        // 2.检查安卓的登录，根据登录模块和角色决定
+        if (!"admin".equals(username) && StringUtils.isNotBlank(headerModule) && "Android_Normal".equals(headerModule)) {
+            Boolean b = checkLoginByAttrModule(headerModule, user.getId());
+            if (!b) {
+                log.info("登录用户：{} 正在登录 {} 模块，由于您无相关角色，无法登录.", username, headerModule);
+                throw exception(AUTH_USER_LACK_ROLE, username);
+            }
+        }
+    }*/
+
+    // 检测用户的角色能否在该模块登录
+   /* private Boolean checkLoginByAttrModule(String headerModule, Long userId) {
+        if (userId != null) {
+            // 1.获取用户的角色
+            List<RoleDO> roles = roleService.getRoleList(userId);
+            if (!roles.isEmpty()) {
+                if ("Android_Normal".equals(headerModule)) {
+                    // 机柜
+                    IsSystemAttributeVO cacheObject = JsonUtils.parseObject(stringRedisTemplate.opsForValue().get(RedisKeyConstants.ISCS_ATTR + "sys.loto_cabinet.role"), IsSystemAttributeVO.class);
+                    if (cacheObject != null && StringUtils.isNotBlank(cacheObject.getSysAttrValue())) {
+                        String[] strArray = Convert.toStrArray(cacheObject.getSysAttrValue());
+                        for (RoleDO role : roles) {
+                            for (String s : strArray) {
+                                if (role.getCode().equals(s)) {
+                                    return true;
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+        return false;
+    }*/
+
     @Override
     public AuthLoginRespVO login(AuthLoginReqVO reqVO) {
         // 校验验证码