// Admin.NET 项目的版æƒã€å•†æ ‡ã€ä¸“利和其他相关æƒåˆ©å‡å—ç›¸åº”æ³•å¾‹æ³•è§„çš„ä¿æŠ¤ã€‚ä½¿ç”¨æœ¬é¡¹ç›®åº”éµå®ˆç›¸å…³æ³•律法规和许å¯è¯çš„è¦æ±‚。 // // 本项目主è¦éµå¾ª MIT 许å¯è¯å’Œ Apache 许å¯è¯ï¼ˆç‰ˆæœ¬ 2.0)进行分å‘和使用。许å¯è¯ä½äºŽæºä»£ç æ ‘æ ¹ç›®å½•ä¸çš„ LICENSE-MIT å’Œ LICENSE-APACHE 文件。 // // ä¸å¾—利用本项目从事å±å®³å›½å®¶å®‰å…¨ã€æ‰°ä¹±ç¤¾ä¼šç§©åºã€ä¾µçŠ¯ä»–äººåˆæ³•æƒç›Šç‰æ³•å¾‹æ³•è§„ç¦æ¢çš„æ´»åЍï¼ä»»ä½•基于本项目二次开å‘è€Œäº§ç”Ÿçš„ä¸€åˆ‡æ³•å¾‹çº çº·å’Œè´£ä»»ï¼Œæˆ‘ä»¬ä¸æ‰¿æ‹…ä»»ä½•è´£ä»»ï¼ using Furion.SpecificationDocument; using Lazy.Captcha.Core; namespace Admin.NET.Core.Service; /// <summary> /// ç³»ç»Ÿç™»å½•æŽˆæƒæœåŠ¡ 🧩 /// </summary> [ApiDescriptionSettings(Order = 500)] public class SysAuthService : IDynamicApiController, ITransient { private readonly UserManager _userManager; private readonly SqlSugarRepository<SysUser> _sysUserRep; private readonly SqlSugarRepository<SysUserLdap> _sysUserLdap; private readonly IHttpContextAccessor _httpContextAccessor; private readonly SysMenuService _sysMenuService; private readonly SysOnlineUserService _sysOnlineUserService; private readonly SysConfigService _sysConfigService; private readonly ICaptcha _captcha; private readonly SysCacheService _sysCacheService; private readonly SysLdapService _sysLdapService; public SysAuthService(UserManager userManager, SqlSugarRepository<SysUser> sysUserRep, SqlSugarRepository<SysUserLdap> sysUserLdapRep, IHttpContextAccessor httpContextAccessor, SysMenuService sysMenuService, SysOnlineUserService sysOnlineUserService, SysConfigService sysConfigService, ICaptcha captcha, SysCacheService sysCacheService, SysLdapService sysLdapService) { _userManager = userManager; _sysUserRep = sysUserRep; _sysUserLdap = sysUserLdapRep; _httpContextAccessor = httpContextAccessor; _sysMenuService = sysMenuService; _sysOnlineUserService = sysOnlineUserService; _sysConfigService = sysConfigService; _captcha = captcha; _sysCacheService = sysCacheService; _sysLdapService = sysLdapService; } /// <summary> /// è´¦å·å¯†ç 登录 🔖 /// </summary> /// <param name="input"></param> /// <remarks>用户å/密ç :superadmin/123456</remarks> /// <returns></returns> [AllowAnonymous] [DisplayName("è´¦å·å¯†ç 登录")] public virtual async Task<LoginOutput> Login([Required] LoginInput input) { //// å¯ä»¥æ ¹æ®åŸŸå获å–具体租户 //var host = _httpContextAccessor.HttpContext.Request.Host; // 判æ–密ç 错误次数(缓å˜30分钟) var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{input.Account}"; var passwordErrorTimes = _sysCacheService.Get<int>(keyPasswordErrorTimes); var passwordMaxErrorTimes = await _sysConfigService.GetConfigValue<int>(ConfigConst.SysPasswordMaxErrorTimes); // 若未é…置或误é…置为0ã€è´Ÿæ•°, 则默认密ç 错误次数最大为10次 if (passwordMaxErrorTimes < 1) passwordMaxErrorTimes = 10; if (passwordErrorTimes > passwordMaxErrorTimes) throw Oops.Oh(ErrorCodeEnum.D1027); // 是å¦å¼€å¯éªŒè¯ç if (await _sysConfigService.GetConfigValue<bool>(ConfigConst.SysCaptcha)) { // 判æ–验è¯ç if (!_captcha.Validate(input.CodeId.ToString(), input.Code)) throw Oops.Oh(ErrorCodeEnum.D0008); } // è´¦å·æ˜¯å¦å˜åœ¨ var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Account.Equals(input.Account)); _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009); // è´¦å·æ˜¯å¦è¢«å†»ç»“ if (user.Status == StatusEnum.Disable) throw Oops.Oh(ErrorCodeEnum.D1017); // 租户是å¦è¢«ç¦ç”¨ var tenant = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().GetFirstAsync(u => u.Id == user.TenantId); if (tenant != null && tenant.Status == StatusEnum.Disable) throw Oops.Oh(ErrorCodeEnum.Z1003); // 国密SM2解密(å‰ç«¯å¯†ç ä¼ è¾“SM2åŠ å¯†åŽçš„) try { input.Password = CryptogramUtil.SM2Decrypt(input.Password); } catch { throw Oops.Oh(ErrorCodeEnum.D0010); } // 是å¦å¼€å¯åŸŸç™»å½•éªŒè¯ if (await _sysConfigService.GetConfigValue<bool>(ConfigConst.SysDomainLogin)) { var userLdap = await _sysUserLdap.GetFirstAsync(u => u.UserId == user.Id && u.TenantId == tenant.Id); if (userLdap == null) { VerifyPassword(input, keyPasswordErrorTimes, passwordErrorTimes, user); } else if (!await _sysLdapService.AuthAccount(tenant.Id, userLdap.Account, input.Password)) { _sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30)); throw Oops.Oh(ErrorCodeEnum.D1000); } } else VerifyPassword(input, keyPasswordErrorTimes, passwordErrorTimes, user); // 登录æˆåŠŸåˆ™æ¸…ç©ºå¯†ç 错误次数 _sysCacheService.Remove(keyPasswordErrorTimes); return await CreateToken(user); } /// <summary> /// 验è¯ç”¨æˆ·å¯†ç /// </summary> /// <param name="input"></param> /// <param name="keyPasswordErrorTimes"></param> /// <param name="passwordErrorTimes"></param> /// <param name="user"></param> private void VerifyPassword(LoginInput input, string keyPasswordErrorTimes, int passwordErrorTimes, SysUser user) { if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString()) { if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password))) { _sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30)); throw Oops.Oh(ErrorCodeEnum.D1000); } } else { if (!CryptogramUtil.Decrypt(user.Password).Equals(input.Password)) { _sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30)); throw Oops.Oh(ErrorCodeEnum.D1000); } } } /// <summary> /// 验è¯é”å±å¯†ç 🔖 /// </summary> /// <param name="password"></param> /// <returns></returns> [DisplayName("验è¯é”å±å¯†ç ")] public virtual async Task<bool> UnLockScreen([Required, FromQuery] string password) { // è´¦å·æ˜¯å¦å˜åœ¨ var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId); _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009); // 国密SM2解密(å‰ç«¯å¯†ç ä¼ è¾“SM2åŠ å¯†åŽçš„) password = CryptogramUtil.SM2Decrypt(password); // å¯†ç æ˜¯å¦æ£ç¡® if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString()) { if (!user.Password.Equals(MD5Encryption.Encrypt(password))) throw Oops.Oh(ErrorCodeEnum.D1000); } else { if (!CryptogramUtil.Decrypt(user.Password).Equals(password)) throw Oops.Oh(ErrorCodeEnum.D1000); } return true; } /// <summary> /// 手机å·ç™»å½• 🔖 /// </summary> /// <param name="input"></param> /// <returns></returns> [AllowAnonymous] [DisplayName("手机å·ç™»å½•")] public virtual async Task<LoginOutput> LoginPhone([Required] LoginPhoneInput input) { var verifyCode = _sysCacheService.Get<string>($"{CacheConst.KeyPhoneVerCode}{input.Phone}"); if (string.IsNullOrWhiteSpace(verifyCode)) throw Oops.Oh("验è¯ç ä¸å˜åœ¨æˆ–å·²å¤±æ•ˆï¼Œè¯·é‡æ–°èŽ·å–ï¼"); if (verifyCode != input.Code) throw Oops.Oh("验è¯ç 错误ï¼"); // è´¦å·æ˜¯å¦å˜åœ¨ var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Phone.Equals(input.Phone)); _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009); return await CreateToken(user); } /// <summary> /// 生æˆToken令牌 🔖 /// </summary> /// <param name="user"></param> /// <returns></returns> [NonAction] internal virtual async Task<LoginOutput> CreateToken(SysUser user) { // å•用户登录 await _sysOnlineUserService.SingleLogin(user.Id); // 生æˆToken令牌 var tokenExpire = await _sysConfigService.GetTokenExpire(); var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object> { { ClaimConst.UserId, user.Id }, { ClaimConst.TenantId, user.TenantId }, { ClaimConst.Account, user.Account }, { ClaimConst.RealName, user.RealName }, { ClaimConst.AccountType, user.AccountType }, { ClaimConst.OrgId, user.OrgId }, { ClaimConst.OrgName, user.SysOrg?.Name }, { ClaimConst.OrgType, user.SysOrg?.Type }, }, tokenExpire); // 生æˆåˆ·æ–°Token令牌 var refreshTokenExpire = await _sysConfigService.GetRefreshTokenExpire(); var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire); // 设置å“应报文头 _httpContextAccessor.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken); // Swagger Knife4UI-AfterScript登录脚本 // ke.global.setAllHeader('Authorization', 'Bearer ' + ke.response.headers['access-token']); // æ›´æ–°ç”¨æˆ·ç™»å½•ä¿¡æ¯ user.LastLoginIp = _httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true); (user.LastLoginAddress, double? longitude, double? latitude) = CommonUtil.GetIpAddress(user.LastLoginIp); user.LastLoginTime = DateTime.Now; user.LastLoginDevice = CommonUtil.GetClientDeviceInfo(_httpContextAccessor.HttpContext?.Request?.Headers?.UserAgent); await _sysUserRep.AsUpdateable(user).UpdateColumns(u => new { u.LastLoginIp, u.LastLoginAddress, u.LastLoginTime, u.LastLoginDevice, }).ExecuteCommandAsync(); return new LoginOutput { AccessToken = accessToken, RefreshToken = refreshToken }; } /// <summary> /// 获å–ç™»å½•è´¦å· ðŸ”– /// </summary> /// <returns></returns> [DisplayName("获å–登录账å·")] public virtual async Task<LoginUserOutput> GetUserInfo() { var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D1011).StatusCode(401); // èŽ·å–æœºæž„ var org = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysOrg>>().GetFirstAsync(u => u.Id == user.OrgId); // 获å–èŒä½ var pos = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysPos>>().GetFirstAsync(u => u.Id == user.PosId); // èŽ·å–æŒ‰é’®é›†åˆ var buttons = await _sysMenuService.GetOwnBtnPermList(); // 获å–è§’è‰²é›†åˆ var roleIds = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserRole>>().AsQueryable() .Where(u => u.UserId == user.Id).Select(u => u.RoleId).ToListAsync(); // èŽ·å–æ°´å°æ–‡å—(若系统水å°ä¸ºç©ºåˆ™å…¨å±€ä¸ºç©ºï¼‰ var watermarkText = await _sysConfigService.GetConfigValue<string>(ConfigConst.SysWebWatermark); if (!string.IsNullOrWhiteSpace(watermarkText)) watermarkText += $"-{user.RealName}"; // $"-{user.RealName}-{_httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true)}-{DateTime.Now}"; return new LoginUserOutput { Id = user.Id, Account = user.Account, RealName = user.RealName, Phone = user.Phone, IdCardNum = user.IdCardNum, Email = user.Email, AccountType = user.AccountType, Avatar = user.Avatar, Address = user.Address, Signature = user.Signature, OrgId = user.OrgId, OrgName = org?.Name, OrgType = org?.Type, PosName = pos?.Name, Buttons = buttons, RoleIds = roleIds, WatermarkText = watermarkText }; } /// <summary> /// 获å–刷新Token 🔖 /// </summary> /// <param name="accessToken"></param> /// <returns></returns> [DisplayName("获å–刷新Token")] public virtual string GetRefreshToken([FromQuery] string accessToken) { var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult(); return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire); } /// <summary> /// 退出系统 🔖 /// </summary> [DisplayName("退出系统")] public void Logout() { if (string.IsNullOrWhiteSpace(_userManager.Account)) throw Oops.Oh(ErrorCodeEnum.D1011); _httpContextAccessor.HttpContext.SignoutToSwagger(); } /// <summary> /// 获å–验è¯ç 🔖 /// </summary> /// <returns></returns> [AllowAnonymous] [SuppressMonitor] [DisplayName("获å–验è¯ç ")] public dynamic GetCaptcha() { var codeId = YitIdHelper.NextId().ToString(); var captcha = _captcha.Generate(codeId); var expirySeconds = App.GetOptions<CaptchaOptions>()?.ExpirySeconds ?? 60; return new { Id = codeId, Img = captcha.Base64, ExpirySeconds = expirySeconds }; } /// <summary> /// Swagger登录检查 🔖 /// </summary> /// <returns></returns> [AllowAnonymous] [HttpPost("/api/swagger/checkUrl"), NonUnify] [DisplayName("Swagger登录检查")] public int SwaggerCheckUrl() { return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? 200 : 401; } /// <summary> /// Swagger登录æäº¤ 🔖 /// </summary> /// <param name="auth"></param> /// <returns></returns> [AllowAnonymous] [HttpPost("/api/swagger/submitUrl"), NonUnify] [DisplayName("Swagger登录æäº¤")] public async Task<int> SwaggerSubmitUrl([FromForm] SpecificationAuth auth) { try { _sysCacheService.Set($"{CacheConst.KeyConfig}{ConfigConst.SysCaptcha}", false); await Login(new LoginInput { Account = auth.UserName, Password = CryptogramUtil.SM2Encrypt(auth.Password), }); _sysCacheService.Remove($"{CacheConst.KeyConfig}{ConfigConst.SysCaptcha}"); return 200; } catch (Exception) { return 401; } } }