// Admin.NET 项目的版æƒã€å•†æ ‡ã€ä¸“利和其他相关æƒåˆ©å‡å—相应法律法规的ä¿æŠ¤ã€‚使用本项目应éµå®ˆç›¸å…³æ³•å¾‹æ³•è§„和许å¯è¯çš„è¦æ±‚。
//
// 本项目主è¦éµå¾ª MIT 许å¯è¯å’Œ Apache 许å¯è¯ï¼ˆç‰ˆæœ¬ 2.0)进行分å‘和使用。许å¯è¯ä½äºŽæºä»£ç æ ‘æ ¹ç›®å½•ä¸çš„ LICENSE-MIT å’Œ LICENSE-APACHE 文件。
//
// ä¸å¾—利用本项目从事å±å®³å›½å®¶å®‰å…¨ã€æ‰°ä¹±ç¤¾ä¼šç§©åºã€ä¾µçŠ¯ä»–人åˆæ³•æƒç›Šç‰æ³•å¾‹æ³•è§„ç¦æ¢çš„活动ï¼ä»»ä½•åŸºäºŽæœ¬é¡¹ç›®äºŒæ¬¡å¼€å‘è€Œäº§ç”Ÿçš„ä¸€åˆ‡æ³•å¾‹çº çº·å’Œè´£ä»»ï¼Œæˆ‘ä»¬ä¸æ‰¿æ‹…任何责任ï¼
using Furion.SpecificationDocument;
using Lazy.Captcha.Core;
namespace Admin.NET.Core.Service;
/// <summary>
/// 系统登录授æƒæœåŠ¡ 🧩
/// </summary>
[ApiDescriptionSettings(Order = 500)]
public class SysAuthService : IDynamicApiController, ITransient
{
private readonly UserManager _userManager;
private readonly SqlSugarRepository<SysUser> _sysUserRep;
private readonly SqlSugarRepository<SysUserLdap> _sysUserLdap;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly SysMenuService _sysMenuService;
private readonly SysOnlineUserService _sysOnlineUserService;
private readonly SysConfigService _sysConfigService;
private readonly ICaptcha _captcha;
private readonly SysCacheService _sysCacheService;
private readonly SysLdapService _sysLdapService;
public SysAuthService(UserManager userManager,
SqlSugarRepository<SysUser> sysUserRep,
SqlSugarRepository<SysUserLdap> sysUserLdapRep,
IHttpContextAccessor httpContextAccessor,
SysMenuService sysMenuService,
SysOnlineUserService sysOnlineUserService,
SysConfigService sysConfigService,
ICaptcha captcha,
SysCacheService sysCacheService,
SysLdapService sysLdapService)
{
_userManager = userManager;
_sysUserRep = sysUserRep;
_sysUserLdap = sysUserLdapRep;
_httpContextAccessor = httpContextAccessor;
_sysMenuService = sysMenuService;
_sysOnlineUserService = sysOnlineUserService;
_sysConfigService = sysConfigService;
_captcha = captcha;
_sysCacheService = sysCacheService;
_sysLdapService = sysLdapService;
}
/// <summary>
/// è´¦å·å¯†ç 登录 🔖
/// </summary>
/// <param name="input"></param>
/// <remarks>用户å/密ç :superadmin/123456</remarks>
/// <returns></returns>
[AllowAnonymous]
[DisplayName("è´¦å·å¯†ç 登录")]
public virtual async Task<LoginOutput> Login([Required] LoginInput input)
{
//// å¯ä»¥æ ¹æ®åŸŸå获å–具体租户
//var host = _httpContextAccessor.HttpContext.Request.Host;
// 判æ–密ç 错误次数(缓å˜30分钟)
var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{input.Account}";
var passwordErrorTimes = _sysCacheService.Get<int>(keyPasswordErrorTimes);
var passwordMaxErrorTimes = await _sysConfigService.GetConfigValue<int>(ConfigConst.SysPasswordMaxErrorTimes);
// 若未é…置或误é…置为0ã€è´Ÿæ•°, 则默认密ç 错误次数最大为10次
if (passwordMaxErrorTimes < 1)
passwordMaxErrorTimes = 10;
if (passwordErrorTimes > passwordMaxErrorTimes)
throw Oops.Oh(ErrorCodeEnum.D1027);
// 是å¦å¼€å¯éªŒè¯ç
if (await _sysConfigService.GetConfigValue<bool>(ConfigConst.SysCaptcha))
{
// 判æ–验è¯ç
if (!_captcha.Validate(input.CodeId.ToString(), input.Code))
throw Oops.Oh(ErrorCodeEnum.D0008);
}
// è´¦å·æ˜¯å¦å˜åœ¨
var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Account.Equals(input.Account));
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
// è´¦å·æ˜¯å¦è¢«å†»ç»“
if (user.Status == StatusEnum.Disable)
throw Oops.Oh(ErrorCodeEnum.D1017);
// 租户是å¦è¢«ç¦ç”¨
var tenant = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().GetFirstAsync(u => u.Id == user.TenantId);
if (tenant != null && tenant.Status == StatusEnum.Disable)
throw Oops.Oh(ErrorCodeEnum.Z1003);
// 国密SM2解密(å‰ç«¯å¯†ç ä¼ è¾“SM2åŠ å¯†åŽçš„)
try
{
input.Password = CryptogramUtil.SM2Decrypt(input.Password);
}
catch
{
throw Oops.Oh(ErrorCodeEnum.D0010);
}
// 是å¦å¼€å¯åŸŸç™»å½•éªŒè¯
if (await _sysConfigService.GetConfigValue<bool>(ConfigConst.SysDomainLogin))
{
var userLdap = await _sysUserLdap.GetFirstAsync(u => u.UserId == user.Id && u.TenantId == tenant.Id);
if (userLdap == null)
{
VerifyPassword(input, keyPasswordErrorTimes, passwordErrorTimes, user);
}
else if (!await _sysLdapService.AuthAccount(tenant.Id, userLdap.Account, input.Password))
{
_sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000);
}
}
else
VerifyPassword(input, keyPasswordErrorTimes, passwordErrorTimes, user);
// 登录æˆåŠŸåˆ™æ¸…空密ç 错误次数
_sysCacheService.Remove(keyPasswordErrorTimes);
return await CreateToken(user);
}
/// <summary>
/// 验è¯ç”¨æˆ·å¯†ç
/// </summary>
/// <param name="input"></param>
/// <param name="keyPasswordErrorTimes"></param>
/// <param name="passwordErrorTimes"></param>
/// <param name="user"></param>
private void VerifyPassword(LoginInput input, string keyPasswordErrorTimes, int passwordErrorTimes, SysUser user)
{
if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
{
if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password)))
{
_sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000);
}
}
else
{
if (!CryptogramUtil.Decrypt(user.Password).Equals(input.Password))
{
_sysCacheService.Set(keyPasswordErrorTimes, ++passwordErrorTimes, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000);
}
}
}
/// <summary>
/// 验è¯é”å±å¯†ç 🔖
/// </summary>
/// <param name="password"></param>
/// <returns></returns>
[DisplayName("验è¯é”å±å¯†ç ")]
public virtual async Task<bool> UnLockScreen([Required, FromQuery] string password)
{
// è´¦å·æ˜¯å¦å˜åœ¨
var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId);
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
// 国密SM2解密(å‰ç«¯å¯†ç ä¼ è¾“SM2åŠ å¯†åŽçš„)
password = CryptogramUtil.SM2Decrypt(password);
// 密ç 是å¦æ£ç¡®
if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
{
if (!user.Password.Equals(MD5Encryption.Encrypt(password)))
throw Oops.Oh(ErrorCodeEnum.D1000);
}
else
{
if (!CryptogramUtil.Decrypt(user.Password).Equals(password))
throw Oops.Oh(ErrorCodeEnum.D1000);
}
return true;
}
/// <summary>
/// 手机å·ç™»å½• 🔖
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
[AllowAnonymous]
[DisplayName("手机å·ç™»å½•")]
public virtual async Task<LoginOutput> LoginPhone([Required] LoginPhoneInput input)
{
var verifyCode = _sysCacheService.Get<string>($"{CacheConst.KeyPhoneVerCode}{input.Phone}");
if (string.IsNullOrWhiteSpace(verifyCode))
throw Oops.Oh("验è¯ç ä¸å˜åœ¨æˆ–已失效,请é‡æ–°èŽ·å–ï¼");
if (verifyCode != input.Code)
throw Oops.Oh("验è¯ç 错误ï¼");
// è´¦å·æ˜¯å¦å˜åœ¨
var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Phone.Equals(input.Phone));
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
return await CreateToken(user);
}
/// <summary>
/// 生æˆToken令牌 🔖
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
[NonAction]
internal virtual async Task<LoginOutput> CreateToken(SysUser user)
{
// å•ç”¨æˆ·ç™»å½•
await _sysOnlineUserService.SingleLogin(user.Id);
// 生æˆToken令牌
var tokenExpire = await _sysConfigService.GetTokenExpire();
var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object>
{
{ ClaimConst.UserId, user.Id },
{ ClaimConst.TenantId, user.TenantId },
{ ClaimConst.Account, user.Account },
{ ClaimConst.RealName, user.RealName },
{ ClaimConst.AccountType, user.AccountType },
{ ClaimConst.OrgId, user.OrgId },
{ ClaimConst.OrgName, user.SysOrg?.Name },
{ ClaimConst.OrgType, user.SysOrg?.Type },
}, tokenExpire);
// 生æˆåˆ·æ–°Token令牌
var refreshTokenExpire = await _sysConfigService.GetRefreshTokenExpire();
var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
// 设置å“应报文头
_httpContextAccessor.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken);
// Swagger Knife4UI-AfterScript登录脚本
// ke.global.setAllHeader('Authorization', 'Bearer ' + ke.response.headers['access-token']);
// 更新用户登录信æ¯
user.LastLoginIp = _httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true);
(user.LastLoginAddress, double? longitude, double? latitude) = CommonUtil.GetIpAddress(user.LastLoginIp);
user.LastLoginTime = DateTime.Now;
user.LastLoginDevice = CommonUtil.GetClientDeviceInfo(_httpContextAccessor.HttpContext?.Request?.Headers?.UserAgent);
await _sysUserRep.AsUpdateable(user).UpdateColumns(u => new
{
u.LastLoginIp,
u.LastLoginAddress,
u.LastLoginTime,
u.LastLoginDevice,
}).ExecuteCommandAsync();
return new LoginOutput
{
AccessToken = accessToken,
RefreshToken = refreshToken
};
}
/// <summary>
/// 获å–ç™»å½•è´¦å· ðŸ”–
/// </summary>
/// <returns></returns>
[DisplayName("获å–登录账å·")]
public virtual async Task<LoginUserOutput> GetUserInfo()
{
var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D1011).StatusCode(401);
// 获å–机构
var org = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysOrg>>().GetFirstAsync(u => u.Id == user.OrgId);
// 获å–èŒä½
var pos = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysPos>>().GetFirstAsync(u => u.Id == user.PosId);
// 获å–按钮集åˆ
var buttons = await _sysMenuService.GetOwnBtnPermList();
// 获å–角色集åˆ
var roleIds = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserRole>>().AsQueryable()
.Where(u => u.UserId == user.Id).Select(u => u.RoleId).ToListAsync();
// 获å–æ°´å°æ–‡å—(若系统水å°ä¸ºç©ºåˆ™å…¨å±€ä¸ºç©ºï¼‰
var watermarkText = await _sysConfigService.GetConfigValue<string>(ConfigConst.SysWebWatermark);
if (!string.IsNullOrWhiteSpace(watermarkText))
watermarkText += $"-{user.RealName}"; // $"-{user.RealName}-{_httpContextAccessor.HttpContext.GetRemoteIpAddressToIPv4(true)}-{DateTime.Now}";
return new LoginUserOutput
{
Id = user.Id,
Account = user.Account,
RealName = user.RealName,
Phone = user.Phone,
IdCardNum = user.IdCardNum,
Email = user.Email,
AccountType = user.AccountType,
Avatar = user.Avatar,
Address = user.Address,
Signature = user.Signature,
OrgId = user.OrgId,
OrgName = org?.Name,
OrgType = org?.Type,
PosName = pos?.Name,
Buttons = buttons,
RoleIds = roleIds,
WatermarkText = watermarkText
};
}
/// <summary>
/// 获å–刷新Token 🔖
/// </summary>
/// <param name="accessToken"></param>
/// <returns></returns>
[DisplayName("获å–刷新Token")]
public virtual string GetRefreshToken([FromQuery] string accessToken)
{
var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult();
return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
}
/// <summary>
/// 退出系统 🔖
/// </summary>
[DisplayName("退出系统")]
public void Logout()
{
if (string.IsNullOrWhiteSpace(_userManager.Account))
throw Oops.Oh(ErrorCodeEnum.D1011);
_httpContextAccessor.HttpContext.SignoutToSwagger();
}
/// <summary>
/// 获å–验è¯ç 🔖
/// </summary>
/// <returns></returns>
[AllowAnonymous]
[SuppressMonitor]
[DisplayName("获å–验è¯ç ")]
public dynamic GetCaptcha()
{
var codeId = YitIdHelper.NextId().ToString();
var captcha = _captcha.Generate(codeId);
var expirySeconds = App.GetOptions<CaptchaOptions>()?.ExpirySeconds ?? 60;
return new { Id = codeId, Img = captcha.Base64, ExpirySeconds = expirySeconds };
}
/// <summary>
/// Swagger登录检查 🔖
/// </summary>
/// <returns></returns>
[AllowAnonymous]
[HttpPost("/api/swagger/checkUrl"), NonUnify]
[DisplayName("Swagger登录检查")]
public int SwaggerCheckUrl()
{
return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? 200 : 401;
}
/// <summary>
/// Swagger登录æ交 🔖
/// </summary>
/// <param name="auth"></param>
/// <returns></returns>
[AllowAnonymous]
[HttpPost("/api/swagger/submitUrl"), NonUnify]
[DisplayName("Swagger登录æ交")]
public async Task<int> SwaggerSubmitUrl([FromForm] SpecificationAuth auth)
{
try
{
_sysCacheService.Set($"{CacheConst.KeyConfig}{ConfigConst.SysCaptcha}", false);
await Login(new LoginInput
{
Account = auth.UserName,
Password = CryptogramUtil.SM2Encrypt(auth.Password),
});
_sysCacheService.Remove($"{CacheConst.KeyConfig}{ConfigConst.SysCaptcha}");
return 200;
}
catch (Exception)
{
return 401;
}
}
}