登录密码加密和登录日志

5 months ago · 5ebaee19a5
parent 8850edfb21
commit 5ebaee19a5
7 changed files with 225 additions and 7 deletions
--- a/ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java
+++ b/ruoyi-admin/src/main/java/com/ruoyi/web/controller/monitor/SysLogininforController.java
@ -5,6 +5,7 @@ import com.ruoyi.common.core.controller.BaseController;
 import com.ruoyi.common.core.domain.AjaxResult;
 import com.ruoyi.common.core.page.TableDataInfo;
 import com.ruoyi.common.enums.BusinessType;
+import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.poi.ExcelUtil;
 import com.ruoyi.framework.web.service.SysPasswordService;
 import com.ruoyi.system.domain.SysLogininfor;
@ -34,6 +35,21 @@ public class SysLogininforController extends BaseController {
    @Autowired
    private SysPasswordService passwordService;

+    /**
+     * 根据用户获取最新一条访问记录
+     */
+    @PreAuthorize("@ss.hasAnyRoles('admin,other-gov,gov,ent')")
+    @GetMapping("/getNewSysLogininfor")
+    public AjaxResult getNewSysLogininfor() {
+        String str = null;
+        try {
+            str = SecurityUtils.getUsername();
+        } catch (Exception ignored) {
+        }
+        return success(logininforService.getNewSysLogininfor(str));
+    }
+
+
    @PreAuthorize("@ss.hasPermi('monitor:logininfor:list')")
    @GetMapping("/list")
    public TableDataInfo list(SysLogininfor logininfor) {
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/RsaUtils.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/RsaUtils.java
@ -0,0 +1,152 @@
+package com.ruoyi.common.utils;
+
+import org.apache.commons.codec.binary.Base64;
+import javax.crypto.Cipher;
+import java.security.*;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+/**
+ * RSA加密解密
+ *
+ * @author ruoyi
+ **/
+public class RsaUtils
+{
+    // Rsa 私钥
+    public static String privateKey = "MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA4Qj9AvP1YzQ28Z5L\n" +
+            "jgqlHl1tWu8lNN8u7nHe7XQLAQ2qYcRp9g8zPhJ8Gf33/++QsrE7RxEozcxL6Vv/\n" +
+            "WhJWqwIDAQABAkAcTrklCfMwS30t36+5anVi4HXFHpgbkoegzwov7I0F0Kndk81M\n" +
+            "WRPzriIsMWSKPwF5eS+FbopM+9qh6W8WFCyBAiEA88tPNwHuJ/35Z40jqspVYiTf\n" +
+            "TLrzrVmgaXCMFG7UdvsCIQDsTT7UTL4JvH5BUX488uouyZt/DFyXCyVQOFglj9hQ\n" +
+            "EQIhAJgIw//D3mdmRTDEneeWgqTP5cmOFQSYDidzHohnjWwdAiB721U2U+88DTek\n" +
+            "JwHjEnQbCANgCWuyo93v+UiCj64S8QIhAJs6G4SSKS2hvYKYF+ERqkt0GTaDviSP\n" +
+            "wg+zTdAgRmjr";
+
+    /**
+     * 私钥解密
+     *
+     * @param text 待解密的文本
+     * @return 解密后的文本
+     */
+    public static String decryptByPrivateKey(String text) throws Exception
+    {
+        return decryptByPrivateKey(privateKey, text);
+    }
+
+    /**
+     * 公钥解密
+     *
+     * @param publicKeyString 公钥
+     * @param text 待解密的信息
+     * @return 解密后的文本
+     */
+    public static String decryptByPublicKey(String publicKeyString, String text) throws Exception
+    {
+        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyString));
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
+        Cipher cipher = Cipher.getInstance("RSA");
+        cipher.init(Cipher.DECRYPT_MODE, publicKey);
+        byte[] result = cipher.doFinal(Base64.decodeBase64(text));
+        return new String(result);
+    }
+
+    /**
+     * 私钥加密
+     *
+     * @param privateKeyString 私钥
+     * @param text 待加密的信息
+     * @return 加密后的文本
+     */
+    public static String encryptByPrivateKey(String privateKeyString, String text) throws Exception
+    {
+        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyString));
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
+        Cipher cipher = Cipher.getInstance("RSA");
+        cipher.init(Cipher.ENCRYPT_MODE, privateKey);
+        byte[] result = cipher.doFinal(text.getBytes());
+        return Base64.encodeBase64String(result);
+    }
+
+    /**
+     * 私钥解密
+     *
+     * @param privateKeyString 私钥
+     * @param text 待解密的文本
+     * @return 解密后的文本
+     */
+    public static String decryptByPrivateKey(String privateKeyString, String text) throws Exception
+    {
+        PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyString));
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec5);
+        Cipher cipher = Cipher.getInstance("RSA");
+        cipher.init(Cipher.DECRYPT_MODE, privateKey);
+        byte[] result = cipher.doFinal(Base64.decodeBase64(text));
+        return new String(result);
+    }
+
+    /**
+     * 公钥加密
+     *
+     * @param publicKeyString 公钥
+     * @param text 待加密的文本
+     * @return 加密后的文本
+     */
+    public static String encryptByPublicKey(String publicKeyString, String text) throws Exception
+    {
+        X509EncodedKeySpec x509EncodedKeySpec2 = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyString));
+        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec2);
+        Cipher cipher = Cipher.getInstance("RSA");
+        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
+        byte[] result = cipher.doFinal(text.getBytes());
+        return Base64.encodeBase64String(result);
+    }
+
+    /**
+     * 构建RSA密钥对
+     *
+     * @return 生成后的公私钥信息
+     */
+    public static RsaKeyPair generateKeyPair() throws NoSuchAlgorithmException
+    {
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+        keyPairGenerator.initialize(1024);
+        KeyPair keyPair = keyPairGenerator.generateKeyPair();
+        RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
+        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
+        String publicKeyString = Base64.encodeBase64String(rsaPublicKey.getEncoded());
+        String privateKeyString = Base64.encodeBase64String(rsaPrivateKey.getEncoded());
+        return new RsaKeyPair(publicKeyString, privateKeyString);
+    }
+
+    /**
+     * RSA密钥对对象
+     */
+    public static class RsaKeyPair
+    {
+        private final String publicKey;
+        private final String privateKey;
+
+        public RsaKeyPair(String publicKey, String privateKey)
+        {
+            this.publicKey = publicKey;
+            this.privateKey = privateKey;
+        }
+
+        public String getPublicKey()
+        {
+            return publicKey;
+        }
+
+        public String getPrivateKey()
+        {
+            return privateKey;
+        }
+    }
+}
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
@ -11,10 +11,7 @@ import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.exception.user.CaptchaException;
 import com.ruoyi.common.exception.user.CaptchaExpireException;
 import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
-import com.ruoyi.common.utils.DateUtils;
-import com.ruoyi.common.utils.MessageUtils;
-import com.ruoyi.common.utils.ServletUtils;
-import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.*;
 import com.ruoyi.common.utils.ip.IpUtils;
 import com.ruoyi.framework.manager.AsyncManager;
 import com.ruoyi.framework.manager.factory.AsyncFactory;
@ -75,14 +72,20 @@ public class SysLoginService {
     * @return 结果
     */
    public Map<String, Object> login(String username, String password, String code, String uuid, String userType) {
+        String strP = "";
+        try {
+            strP =  RsaUtils.decryptByPrivateKey(password);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
        // 验证码校验
-         validateCaptcha(username, code, uuid);
+//         validateCaptcha(username, code, uuid);
        // 登录前置校验
-        loginPreCheck(username, password);
+        loginPreCheck(username,strP);
        // 用户验证
        Authentication authentication = null;
        try {
-            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, strP);
            AuthenticationContextHolder.setContext(authenticationToken);
            // 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
            authentication = authenticationManager.authenticate(authenticationToken);
--- a/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysLogininforMapper.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/mapper/SysLogininforMapper.java
@ -1,6 +1,7 @@
 package com.ruoyi.system.mapper;

 import com.ruoyi.system.domain.SysLogininfor;
+import org.apache.ibatis.annotations.Param;

 import java.util.List;

@ -39,4 +40,8 @@ public interface SysLogininforMapper {
     * @return 结果
     */
    public int cleanLogininfor();
+    /**
+     * 根据用户获取最新一条访问记录
+     */
+    SysLogininfor getNewSysLogininfor(@Param("userName") String str);
 }
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysLogininforService.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/ISysLogininforService.java
@ -37,4 +37,9 @@ public interface ISysLogininforService {
     * 清空系统登录日志
     */
    public void cleanLogininfor();
+
+    /**
+     * 根据用户获取最新一条访问记录
+     */
+    SysLogininfor getNewSysLogininfor(String str);
 }
--- a/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysLogininforServiceImpl.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysLogininforServiceImpl.java
@ -6,6 +6,10 @@ import com.ruoyi.system.service.ISysLogininforService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;

+import java.time.LocalDateTime;
+import java.time.Period;
+import java.time.ZoneId;
+import java.util.Date;
 import java.util.List;

 /**
@ -58,4 +62,26 @@ public class SysLogininforServiceImpl implements ISysLogininforService {
    public void cleanLogininfor() {
        logininforMapper.cleanLogininfor();
    }
+
+    /**
+     * 根据用户获取最新一条访问记录
+     */
+    @Override
+    public SysLogininfor getNewSysLogininfor(String str) {
+        SysLogininfor ns = logininforMapper.getNewSysLogininfor(str);
+        if(ns!=null){
+            LocalDateTime ld = ns.getAccessTime().toInstant()
+                    .atZone(ZoneId.systemDefault())
+                    .toLocalDateTime();
+            Period period = Period.between(ld.toLocalDate(), LocalDateTime.now().toLocalDate());
+            int days = period.getDays() + (period.getMonths() * 30) + (period.getYears() * 365);
+            if(days>=90){
+                return ns;
+            }else {
+                return null;
+            }
+        }else {
+            return null;
+        }
+    }
 }
--- a/ruoyi-system/src/main/resources/mapper/system/SysLogininforMapper.xml
+++ b/ruoyi-system/src/main/resources/mapper/system/SysLogininforMapper.xml
@ -40,6 +40,17 @@
        </where>
        order by info_id desc
    </select>
+    <select id="getNewSysLogininfor" resultType="com.ruoyi.system.domain.SysLogininfor">
+        select info_id, user_name, ipaddr, status, msg, access_time from sys_logininfor
+        <where>
+            status = '0' and msg = '登录成功'
+            <if test="userName != null and userName != ''">
+                AND user_name = #{userName}
+            </if>
+        </where>
+        order by access_time desc
+        LIMIT 1 OFFSET 1
+    </select>

    <delete id="deleteLogininforByIds" parameterType="Long">
        delete from sys_logininfor where info_id in