// Admin.NET 项目的版权、商标、专利和其他相关权利均受相应法律法规的保护。使用本项目应遵守相关法律法规和许可证的要求。
//
// 本项目主要遵循 MIT 许可证和 Apache 许可证(版本 2.0)进行分发和使用。许可证位于源代码树根目录中的 LICENSE-MIT 和 LICENSE-APACHE 文件。
//
// 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动!任何基于本项目二次开发而产生的一切法律纠纷和责任,我们不承担任何责任!
using Furion.DataEncryption;
using Furion.DataValidation;
using Lazy.Captcha.Core;
using Microsoft.AspNetCore.Http;
using Yitter.IdGenerator;
namespace Admin.NET.Application.Service.App;
///
/// 移动应用服务
///
[ApiDescriptionSettings(ApplicationConst.GroupName, Order = 500, Description = "移动应用")]
public class AppAuthService : IDynamicApiController, ITransient
{
private readonly AppUserManager _appUserManager;
private readonly SqlSugarRepository _sysUserRep;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly SysRoleService _sysRoleService;
private readonly SysOnlineUserService _sysOnlineUserService;
private readonly SysConfigService _sysConfigService;
private readonly SysAuthService _sysAuthService;
private readonly ICaptcha _captcha;
private readonly SysCacheService _sysCacheService;
public AppAuthService(AppUserManager appUserManager,
SqlSugarRepository sysUserRep,
IHttpContextAccessor httpContextAccessor,
SysRoleService sysRoleService,
SysOnlineUserService sysOnlineUserService,
SysConfigService sysConfigService,
SysAuthService sysAuthService,
ICaptcha captcha,
SysCacheService sysCacheService)
{
_sysAuthService = sysAuthService;
_appUserManager = appUserManager;
_sysUserRep = sysUserRep;
_httpContextAccessor = httpContextAccessor;
_sysRoleService = sysRoleService;
_sysOnlineUserService = sysOnlineUserService;
_sysConfigService = sysConfigService;
_captcha = captcha;
_sysCacheService = sysCacheService;
}
///
/// 账号密码登录 🔖
///
///
///
[AllowAnonymous]
[DisplayName("账号密码登录")]
public virtual async Task Login([Required] LoginInput input)
{
// 判断密码错误次数(缓存30分钟)
var keyPasswordErrorTimes = $"{CacheConst.KeyPasswordErrorTimes}{input.Account}";
var passwordErrorTimes = _sysCacheService.Get(keyPasswordErrorTimes);
var passwdMaxErrorTimes = await _sysConfigService.GetConfigValueByCode(ConfigConst.SysPasswordMaxErrorTimes);
if (passwordErrorTimes >= passwdMaxErrorTimes)
throw Oops.Oh(ErrorCodeEnum.D1027);
// 判断是否开启验证码并校验
input.TenantId = input.TenantId <= 0 ? SqlSugarConst.DefaultTenantId : input.TenantId;
var tenant = _sysCacheService.Get>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == input.TenantId);
if (tenant == null)
{
await Furion.App.GetRequiredService().CacheTenant(); // 重新生成租户列表缓存
tenant = _sysCacheService.Get>(CacheConst.KeyTenant)?.FirstOrDefault(u => u.Id == input.TenantId);
if (tenant == null) throw Oops.Oh(ErrorCodeEnum.D0007);
}
if (tenant.Captcha == true && !_captcha.Validate(input.CodeId.ToString(), input.Code))
throw Oops.Oh(ErrorCodeEnum.D0008);
// 租户是否被禁用
if (tenant != null && tenant.Status == StatusEnum.Disable)
throw Oops.Oh(ErrorCodeEnum.Z1003);
// 账号是否存在
var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).IgnoreTenant().FirstAsync(u => u.Account.Equals(input.Account));
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
// 账号是否被冻结
if (user.Status == StatusEnum.Disable)
throw Oops.Oh(ErrorCodeEnum.D1017);
// 国密SM2解密(前端密码传输SM2加密后的)
try
{
input.Password = CryptogramHelper.SM2Decrypt(input.Password);
}
catch
{
throw Oops.Oh(ErrorCodeEnum.D0010);
}
VerifyPassword(input, keyPasswordErrorTimes, passwordErrorTimes, user);
// 登录成功则清空密码错误次数
_sysCacheService.Remove(keyPasswordErrorTimes);
return await _sysAuthService.CreateToken(user, LoginModeEnum.APP);
}
///
/// 验证用户密码
///
///
///
///
///
private void VerifyPassword(LoginInput input, string keyErrorPasswordCount, int errorPasswordCount, SysUser user)
{
if (CryptogramHelper.CryptoType == CryptogramEnum.MD5.ToString())
{
if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password)))
{
_sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000);
}
}
else
{
if (!CryptogramHelper.Decrypt(user.Password).Equals(input.Password))
{
_sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
throw Oops.Oh(ErrorCodeEnum.D1000);
}
}
}
///
/// 手机号登录 🔖
///
///
///
[AllowAnonymous]
[DisplayName("手机号登录")]
public virtual async Task LoginPhone([Required] LoginPhoneInput input)
{
var verifyCode = _sysCacheService.Get($"{CacheConst.KeyPhoneVerCode}{input.Phone}");
if (string.IsNullOrWhiteSpace(verifyCode))
throw Oops.Oh("验证码不存在或已失效,请重新获取!");
if (verifyCode != input.Code)
throw Oops.Oh("验证码错误!");
// 账号是否存在
var user = await _sysUserRep.AsQueryable().Includes(u => u.SysOrg).IgnoreTenant().FirstAsync(u => u.Phone.Equals(input.Phone));
_ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
return await _sysAuthService.CreateToken(user, LoginModeEnum.APP);
}
///
/// 获取当前登陆用户信息 🔖
///
///
[DisplayName("获取当前登陆用户信息")]
public virtual async Task GetUserInfo()
{
var user = await _sysUserRep.GetByIdAsync(_appUserManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D1011).StatusCode(401);
// 机构
var org = await _sysUserRep.ChangeRepository>().GetByIdAsync(user.OrgId);
// 职位
var pos = await _sysUserRep.ChangeRepository>().GetByIdAsync(user.PosId);
// 角色集合
var roles = await _sysUserRep.ChangeRepository>().AsQueryable()
.LeftJoin((u, a) => u.RoleId == a.Id)
.Where(u => u.UserId == user.Id)
.Select((u, a) => new RoleDto { Id = a.Id, Name = a.Name, Code = a.Code }).ToListAsync();
// 接口集合
var apis = (await _sysRoleService.GetUserApiList())[0];
return new LoginUserOutput
{
Id = user.Id,
Account = user.Account,
RealName = user.RealName,
Phone = user.Phone,
IdCardNum = user.IdCardNum,
Email = user.Email,
AccountType = user.AccountType,
Avatar = user.Avatar,
Address = user.Address,
Signature = user.Signature,
OrgId = user.OrgId,
OrgName = org?.Name,
OrgType = org?.Type,
PosName = pos?.Name,
Apis = apis,
Roles = roles
};
}
///
/// 获取刷新Token 🔖
///
///
///
[DisplayName("获取刷新Token")]
public virtual string GetRefreshToken([FromQuery] string accessToken)
{
var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult();
return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
}
///
/// 退出系统 🔖
///
[DisplayName("退出系统")]
public void Logout()
{
if (string.IsNullOrWhiteSpace(_appUserManager.Account))
throw Oops.Oh(ErrorCodeEnum.D1011);
_appUserManager.RemoveSession(_appUserManager.UserId);
_httpContextAccessor.HttpContext.SignoutToSwagger();
}
///
/// 获取验证码 🔖
///
///
[AllowAnonymous]
[SuppressMonitor]
[DisplayName("获取验证码")]
public dynamic GetCaptcha()
{
var codeId = YitIdHelper.NextId().ToString();
var captcha = _captcha.Generate(codeId);
return new { Id = codeId, Img = captcha.Base64 };
}
///
/// 修改用户密码
///
///
///
[DisplayName("修改用户密码")]
public async Task ChangePwd(ChangePwdInput input)
{
// 国密SM2解密(前端密码传输SM2加密后的)
input.PasswordOld = CryptogramHelper.SM2Decrypt(input.PasswordOld);
input.PasswordNew = CryptogramHelper.SM2Decrypt(input.PasswordNew);
var user = await _sysUserRep.GetByIdAsync(_appUserManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D0009);
if (CryptogramHelper.CryptoType == CryptogramEnum.MD5.ToString())
{
if (user.Password != MD5Encryption.Encrypt(input.PasswordOld))
throw Oops.Oh(ErrorCodeEnum.D1004);
}
else
{
if (CryptogramHelper.Decrypt(user.Password) != input.PasswordOld)
throw Oops.Oh(ErrorCodeEnum.D1004);
}
if (input.PasswordOld == input.PasswordNew)
throw Oops.Oh(ErrorCodeEnum.D1028);
// 验证密码强度
if (await _sysConfigService.GetConfigValueByCode(ConfigConst.SysPasswordStrength))
{
var sysConfig = await _sysConfigService.GetConfig(ConfigConst.SysPasswordStrengthExpression);
user.Password = input.PasswordNew.TryValidate(sysConfig.Value)
? CryptogramHelper.Encrypt(input.PasswordNew)
: throw Oops.Oh(sysConfig.Remark);
}
else
{
user.Password = CryptogramHelper.Encrypt(input.PasswordNew);
}
return await _sysUserRep.AsUpdateable(user).UpdateColumns(u => u.Password).ExecuteCommandAsync();
}
}