2 jaren geleden · eb396e3e85
--- a/Admin.NET/Admin.NET.Core/Admin.NET.Core.csproj
+++ b/Admin.NET/Admin.NET.Core/Admin.NET.Core.csproj
@@ -38,7 +38,7 @@
 
				     <PackageReference Include="SixLabors.ImageSharp.Web" Version="3.1.0" />
			
 
				     <PackageReference Include="SKIT.FlurlHttpClient.Wechat.Api" Version="2.37.0" />
			
 
				     <PackageReference Include="SKIT.FlurlHttpClient.Wechat.TenpayV3" Version="2.21.0" />
			
 
				-    <PackageReference Include="SqlSugarCore" Version="5.1.4.136" />
			
 
				+    <PackageReference Include="SqlSugarCore" Version="5.1.4.137" />
			
 
				     <PackageReference Include="System.Linq.Dynamic.Core" Version="1.3.8" />
			
 
				     <PackageReference Include="UAParser" Version="3.1.47" />
			
 
				     <PackageReference Include="Yitter.IdGenerator" Version="1.0.14" />
			
--- a/Admin.NET/Admin.NET.Core/Const/CacheConst.cs
+++ b/Admin.NET/Admin.NET.Core/Const/CacheConst.cs
@@ -52,6 +52,11 @@ public class CacheConst
 
				     // 手机验证码缓存
			
 
				     public const string KeyPhoneVerCode = "sys_phoneVerCode:";
			
 
				 
			
 
				+    /// <summary>
			
 
				+    /// 密码错误次数缓存
			
 
				+    /// </summary>
			
 
				+    public const string KeyErrorPasswordCount = "sys_errorPasswordCount:";
			
 
				+
			
 
				     /// <summary>
			
 
				     /// 租户缓存
			
 
				     /// </summary>
			
--- a/Admin.NET/Admin.NET.Core/Enum/ErrorCodeEnum.cs
+++ b/Admin.NET/Admin.NET.Core/Enum/ErrorCodeEnum.cs
@@ -190,6 +190,12 @@ public enum ErrorCodeEnum
 
				     [ErrorCodeItemMetadata("禁止修改本人账号状态")]
			
 
				     D1026,
			
 
				 
			
 
				+    /// <summary>
			
 
				+    /// 密码错误次数过多，账号已锁定，请半小时后重试！
			
 
				+    /// </summary>
			
 
				+    [ErrorCodeItemMetadata("密码错误次数过多，账号已锁定，请半小时后重试！")]
			
 
				+    D1027,
			
 
				+
			
 
				     /// <summary>
			
 
				     /// 父机构不存在
			
 
				     /// </summary>
			
--- a/Admin.NET/Admin.NET.Core/SeedData/SysConfigSeedData.cs
+++ b/Admin.NET/Admin.NET.Core/SeedData/SysConfigSeedData.cs
@@ -24,7 +24,7 @@ public class SysConfigSeedData : ISqlSugarEntitySeedData<SysConfig>
 
				         {
			
 
				             new SysConfig{ Id=1300000000101, Name="演示环境", Code="sys_demo", Value="False", SysFlag=YesNoEnum.Y, Remark="演示环境", OrderNo=1, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
 
				             new SysConfig{ Id=1300000000102, Name="默认密码", Code="sys_password", Value="123456", SysFlag=YesNoEnum.Y, Remark="默认密码", OrderNo=2, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
 
				-            new SysConfig{ Id=1300000000103, Name="Token过期时间", Code="sys_token_expire", Value="10080", SysFlag=YesNoEnum.Y, Remark="Token过期时间", OrderNo=3, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
 
				+            new SysConfig{ Id=1300000000103, Name="Token过期时间", Code="sys_token_expire", Value="10080", SysFlag=YesNoEnum.Y, Remark="Token过期时间（分钟）", OrderNo=3, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
 
				             new SysConfig{ Id=1300000000104, Name="操作日志", Code="sys_oplog", Value="True", SysFlag=YesNoEnum.Y, Remark="开启操作日志", OrderNo=4, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
 
				             new SysConfig{ Id=1300000000105, Name="单设备登录", Code="sys_single_login", Value="False", SysFlag=YesNoEnum.Y, Remark="开启单设备登录", OrderNo=5, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
 
				             new SysConfig{ Id=1300000000106, Name="登录二次验证", Code="sys_second_ver", Value="False", SysFlag=YesNoEnum.Y, Remark="登录二次验证", OrderNo=6, GroupCode="Default", CreateTime=DateTime.Parse("2022-02-10 00:00:00") },
			
--- a/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
+++ b/Admin.NET/Admin.NET.Core/Service/Auth/SysAuthService.cs
@@ -59,6 +59,12 @@ public class SysAuthService : IDynamicApiController, ITransient
 
				         //// 可以根据域名获取具体租户
			
 
				         //var host = _httpContextAccessor.HttpContext.Request.Host;
			
 
				 
			
 
				+        // 判断密码错误次数（默认5次，缓存30分钟）
			
 
				+        var keyErrorPasswordCount = $"{CacheConst.KeyErrorPasswordCount}{input.Account}";
			
 
				+        var errorPasswordCount = _sysCacheService.Get<int>(keyErrorPasswordCount);
			
 
				+        if (errorPasswordCount > 5)
			
 
				+            throw Oops.Oh(ErrorCodeEnum.D1027);
			
 
				+
			
 
				         // 是否开启验证码
			
 
				         if (await _sysConfigService.GetConfigValue<bool>(CommonConst.SysCaptcha))
			
 
				         {
			
@@ -87,12 +93,18 @@ public class SysAuthService : IDynamicApiController, ITransient
 
				         if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
			
 
				         {
			
 
				             if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password)))
			
 
				+            {
			
 
				+                _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
			
 
				                 throw Oops.Oh(ErrorCodeEnum.D1000);
			
 
				+            }
			
 
				         }
			
 
				         else
			
 
				         {
			
 
				             if (!CryptogramUtil.Decrypt(user.Password).Equals(input.Password))
			
 
				+            {
			
 
				+                _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
			
 
				                 throw Oops.Oh(ErrorCodeEnum.D1000);
			
 
				+            }
			
 
				         }
			
 
				 
			
 
				         return await CreateToken(user);