SysAuthService.cs 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389
  1. // 大名科技(天津)有限公司 版权所有
  2. //
  3. // 此源代码遵循位于源代码树根目录中的 LICENSE 文件的许可证
  4. //
  5. // 不得利用本项目从事危害国家安全、扰乱社会秩序、侵犯他人合法权益等法律法规禁止的活动
  6. //
  7. // 任何基于本项目二次开发而产生的一切法律纠纷和责任,均与作者无关
  8. using Furion.SpecificationDocument;
  9. using Lazy.Captcha.Core;
  10. namespace Admin.NET.Core.Service;
  11. /// <summary>
  12. /// 系统登录授权服务 💥
  13. /// </summary>
  14. [ApiDescriptionSettings(Order = 500)]
  15. public class SysAuthService : IDynamicApiController, ITransient
  16. {
  17. private readonly UserManager _userManager;
  18. private readonly SqlSugarRepository<SysUser> _sysUserRep;
  19. private readonly SqlSugarRepository<SysUserLdap> _sysUserLdap;
  20. private readonly IHttpContextAccessor _httpContextAccessor;
  21. private readonly SysMenuService _sysMenuService;
  22. private readonly SysOnlineUserService _sysOnlineUserService;
  23. private readonly SysConfigService _sysConfigService;
  24. private readonly ICaptcha _captcha;
  25. private readonly SysCacheService _sysCacheService;
  26. private readonly SysLdapService _sysLdapService;
  27. public SysAuthService(UserManager userManager,
  28. SqlSugarRepository<SysUser> sysUserRep,
  29. SqlSugarRepository<SysUserLdap> sysUserLdapRep,
  30. IHttpContextAccessor httpContextAccessor,
  31. SysMenuService sysMenuService,
  32. SysOnlineUserService sysOnlineUserService,
  33. SysConfigService sysConfigService,
  34. ICaptcha captcha,
  35. SysCacheService sysCacheService,
  36. SysLdapService sysLdapService)
  37. {
  38. _userManager = userManager;
  39. _sysUserRep = sysUserRep;
  40. _sysUserLdap = sysUserLdapRep;
  41. _httpContextAccessor = httpContextAccessor;
  42. _sysMenuService = sysMenuService;
  43. _sysOnlineUserService = sysOnlineUserService;
  44. _sysConfigService = sysConfigService;
  45. _captcha = captcha;
  46. _sysCacheService = sysCacheService;
  47. _sysLdapService = sysLdapService;
  48. }
  49. /// <summary>
  50. /// 账号密码登录 🔖
  51. /// </summary>
  52. /// <param name="input"></param>
  53. /// <remarks>用户名/密码:superadmin/123456</remarks>
  54. /// <returns></returns>
  55. [AllowAnonymous]
  56. [DisplayName("账号密码登录")]
  57. public virtual async Task<LoginOutput> Login([Required] LoginInput input)
  58. {
  59. //// 可以根据域名获取具体租户
  60. //var host = _httpContextAccessor.HttpContext.Request.Host;
  61. // 判断密码错误次数(默认5次,缓存30分钟)
  62. var keyErrorPasswordCount = $"{CacheConst.KeyErrorPasswordCount}{input.Account}";
  63. var errorPasswordCount = _sysCacheService.Get<int>(keyErrorPasswordCount);
  64. if (errorPasswordCount >= 5)
  65. throw Oops.Oh(ErrorCodeEnum.D1027);
  66. // 是否开启验证码
  67. if (await _sysConfigService.GetConfigValue<bool>(CommonConst.SysCaptcha))
  68. {
  69. // 判断验证码
  70. if (!_captcha.Validate(input.CodeId.ToString(), input.Code))
  71. throw Oops.Oh(ErrorCodeEnum.D0008);
  72. }
  73. // 账号是否存在
  74. var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Account.Equals(input.Account));
  75. _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
  76. // 账号是否被冻结
  77. if (user.Status == StatusEnum.Disable)
  78. throw Oops.Oh(ErrorCodeEnum.D1017);
  79. // 租户是否被禁用
  80. var tenant = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysTenant>>().GetFirstAsync(u => u.Id == user.TenantId);
  81. if (tenant != null && tenant.Status == StatusEnum.Disable)
  82. throw Oops.Oh(ErrorCodeEnum.Z1003);
  83. // 国密SM2解密(前端密码传输SM2加密后的)
  84. input.Password = CryptogramUtil.SM2Decrypt(input.Password);
  85. // 是否开启域登录验证
  86. if (await _sysConfigService.GetConfigValue<bool>(CommonConst.SysDomainLogin))
  87. {
  88. var userLdap = await _sysUserLdap.GetFirstAsync(u => u.UserId == user.Id && u.TenantId == tenant.Id);
  89. if (userLdap == null)
  90. {
  91. //不存在用户信息则采用原本密码验证规则
  92. UserPasswordValid(input, keyErrorPasswordCount, errorPasswordCount, user);
  93. }
  94. // 域验证
  95. else if (!await _sysLdapService.Auth(tenant.Id, userLdap.Account, input.Password))
  96. {
  97. _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
  98. throw Oops.Oh(ErrorCodeEnum.D1000);
  99. }
  100. }
  101. // 密码是否正确
  102. else
  103. UserPasswordValid(input, keyErrorPasswordCount, errorPasswordCount, user);
  104. // 登录成功则清空密码错误次数
  105. _sysCacheService.Remove(keyErrorPasswordCount);
  106. return await CreateToken(user);
  107. }
  108. /// <summary>
  109. /// 用户密码验证
  110. /// </summary>
  111. /// <param name="input"></param>
  112. /// <param name="keyErrorPasswordCount"></param>
  113. /// <param name="errorPasswordCount"></param>
  114. /// <param name="user"></param>
  115. private void UserPasswordValid(LoginInput input, string keyErrorPasswordCount, int errorPasswordCount, SysUser user)
  116. {
  117. if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
  118. {
  119. if (!user.Password.Equals(MD5Encryption.Encrypt(input.Password)))
  120. {
  121. _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
  122. throw Oops.Oh(ErrorCodeEnum.D1000);
  123. }
  124. }
  125. else
  126. {
  127. if (!CryptogramUtil.Decrypt(user.Password).Equals(input.Password))
  128. {
  129. _sysCacheService.Set(keyErrorPasswordCount, ++errorPasswordCount, TimeSpan.FromMinutes(30));
  130. throw Oops.Oh(ErrorCodeEnum.D1000);
  131. }
  132. }
  133. }
  134. /// <summary>
  135. /// 验证锁屏密码 🔖
  136. /// </summary>
  137. /// <param name="password"></param>
  138. /// <returns></returns>
  139. [DisplayName("验证锁屏密码")]
  140. public virtual async Task<bool> UnLockScreen([Required, FromQuery] string password)
  141. {
  142. // 账号是否存在
  143. var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId);
  144. _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
  145. // 国密SM2解密(前端密码传输SM2加密后的)
  146. password = CryptogramUtil.SM2Decrypt(password);
  147. // 密码是否正确
  148. if (CryptogramUtil.CryptoType == CryptogramEnum.MD5.ToString())
  149. {
  150. if (!user.Password.Equals(MD5Encryption.Encrypt(password)))
  151. throw Oops.Oh(ErrorCodeEnum.D1000);
  152. }
  153. else
  154. {
  155. if (!CryptogramUtil.Decrypt(user.Password).Equals(password))
  156. throw Oops.Oh(ErrorCodeEnum.D1000);
  157. }
  158. return true;
  159. }
  160. /// <summary>
  161. /// 手机号登录 🔖
  162. /// </summary>
  163. /// <param name="input"></param>
  164. /// <returns></returns>
  165. [AllowAnonymous]
  166. [DisplayName("手机号登录")]
  167. public virtual async Task<LoginOutput> LoginPhone([Required] LoginPhoneInput input)
  168. {
  169. var verifyCode = _sysCacheService.Get<string>($"{CacheConst.KeyPhoneVerCode}{input.Phone}");
  170. if (string.IsNullOrWhiteSpace(verifyCode))
  171. throw Oops.Oh("验证码不存在或已失效,请重新获取!");
  172. if (verifyCode != input.Code)
  173. throw Oops.Oh("验证码错误!");
  174. // 账号是否存在
  175. var user = await _sysUserRep.AsQueryable().Includes(t => t.SysOrg).ClearFilter().FirstAsync(u => u.Phone.Equals(input.Phone));
  176. _ = user ?? throw Oops.Oh(ErrorCodeEnum.D0009);
  177. return await CreateToken(user);
  178. }
  179. /// <summary>
  180. /// 生成Token令牌 🔖
  181. /// </summary>
  182. /// <param name="user"></param>
  183. /// <returns></returns>
  184. [NonAction]
  185. public virtual async Task<LoginOutput> CreateToken(SysUser user)
  186. {
  187. // 单用户登录
  188. await _sysOnlineUserService.SingleLogin(user.Id);
  189. // 生成Token令牌
  190. var tokenExpire = await _sysConfigService.GetTokenExpire();
  191. var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object>
  192. {
  193. { ClaimConst.UserId, user.Id },
  194. { ClaimConst.TenantId, user.TenantId },
  195. { ClaimConst.Account, user.Account },
  196. { ClaimConst.RealName, user.RealName },
  197. { ClaimConst.AccountType, user.AccountType },
  198. { ClaimConst.OrgId, user.OrgId },
  199. { ClaimConst.OrgName, user.SysOrg?.Name },
  200. { ClaimConst.OrgType, user.SysOrg?.Type },
  201. }, tokenExpire);
  202. // 生成刷新Token令牌
  203. var refreshTokenExpire = await _sysConfigService.GetRefreshTokenExpire();
  204. var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
  205. // 设置响应报文头
  206. _httpContextAccessor.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken);
  207. // Swagger Knife4UI-AfterScript登录脚本
  208. // ke.global.setAllHeader('Authorization', 'Bearer ' + ke.response.headers['access-token']);
  209. return new LoginOutput
  210. {
  211. AccessToken = accessToken,
  212. RefreshToken = refreshToken
  213. };
  214. }
  215. /// <summary>
  216. /// 获取登录账号 🔖
  217. /// </summary>
  218. /// <returns></returns>
  219. [DisplayName("获取登录账号")]
  220. public virtual async Task<LoginUserOutput> GetUserInfo()
  221. {
  222. var user = await _sysUserRep.GetFirstAsync(u => u.Id == _userManager.UserId) ?? throw Oops.Oh(ErrorCodeEnum.D1011).StatusCode(401);
  223. // 获取机构
  224. var org = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysOrg>>().GetFirstAsync(u => u.Id == user.OrgId);
  225. // 获取职位
  226. var pos = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysPos>>().GetFirstAsync(u => u.Id == user.PosId);
  227. // 获取拥有按钮权限集合
  228. var buttons = await _sysMenuService.GetOwnBtnPermList();
  229. // 获取权限集合
  230. var roleIds = await _sysUserRep.ChangeRepository<SqlSugarRepository<SysUserRole>>().AsQueryable()
  231. .Where(u => u.UserId == user.Id).Select(u => u.RoleId).ToListAsync();
  232. return new LoginUserOutput
  233. {
  234. Id = user.Id,
  235. Account = user.Account,
  236. RealName = user.RealName,
  237. Phone = user.Phone,
  238. IdCardNum = user.IdCardNum,
  239. Email = user.Email,
  240. AccountType = user.AccountType,
  241. Avatar = user.Avatar,
  242. Address = user.Address,
  243. Signature = user.Signature,
  244. OrgId = user.OrgId,
  245. OrgName = org?.Name,
  246. OrgType = org?.Type,
  247. PosName = pos?.Name,
  248. Buttons = buttons,
  249. RoleIds = roleIds
  250. };
  251. }
  252. /// <summary>
  253. /// 获取刷新Token 🔖
  254. /// </summary>
  255. /// <param name="accessToken"></param>
  256. /// <returns></returns>
  257. [DisplayName("获取刷新Token")]
  258. public virtual string GetRefreshToken([FromQuery] string accessToken)
  259. {
  260. var refreshTokenExpire = _sysConfigService.GetRefreshTokenExpire().GetAwaiter().GetResult();
  261. return JWTEncryption.GenerateRefreshToken(accessToken, refreshTokenExpire);
  262. }
  263. /// <summary>
  264. /// 退出系统 🔖
  265. /// </summary>
  266. [DisplayName("退出系统")]
  267. public void Logout()
  268. {
  269. if (string.IsNullOrWhiteSpace(_userManager.Account))
  270. throw Oops.Oh(ErrorCodeEnum.D1011);
  271. _httpContextAccessor.HttpContext.SignoutToSwagger();
  272. }
  273. /// <summary>
  274. /// 获取登录配置 🔖
  275. /// </summary>
  276. /// <returns></returns>
  277. [AllowAnonymous]
  278. [SuppressMonitor]
  279. [DisplayName("获取登录配置")]
  280. public async Task<dynamic> GetLoginConfig()
  281. {
  282. var secondVerEnabled = await _sysConfigService.GetConfigValue<bool>(CommonConst.SysSecondVer);
  283. var captchaEnabled = await _sysConfigService.GetConfigValue<bool>(CommonConst.SysCaptcha);
  284. return new { SecondVerEnabled = secondVerEnabled, CaptchaEnabled = captchaEnabled };
  285. }
  286. /// <summary>
  287. /// 获取水印配置 🔖
  288. /// </summary>
  289. /// <returns></returns>
  290. [SuppressMonitor]
  291. [DisplayName("获取水印配置")]
  292. public async Task<dynamic> GetWatermarkConfig()
  293. {
  294. var watermarkEnabled = await _sysConfigService.GetConfigValue<bool>(CommonConst.SysWatermark);
  295. return new { WatermarkEnabled = watermarkEnabled };
  296. }
  297. /// <summary>
  298. /// 获取验证码 🔖
  299. /// </summary>
  300. /// <returns></returns>
  301. [AllowAnonymous]
  302. [SuppressMonitor]
  303. [DisplayName("获取验证码")]
  304. public dynamic GetCaptcha()
  305. {
  306. var codeId = YitIdHelper.NextId().ToString();
  307. var captcha = _captcha.Generate(codeId);
  308. return new { Id = codeId, Img = captcha.Base64 };
  309. }
  310. /// <summary>
  311. /// Swagger登录检查 🔖
  312. /// </summary>
  313. /// <returns></returns>
  314. [AllowAnonymous]
  315. [HttpPost("/api/swagger/checkUrl"), NonUnify]
  316. [DisplayName("Swagger登录检查")]
  317. public int SwaggerCheckUrl()
  318. {
  319. return _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? 200 : 401;
  320. }
  321. /// <summary>
  322. /// Swagger登录提交 🔖
  323. /// </summary>
  324. /// <param name="auth"></param>
  325. /// <returns></returns>
  326. [AllowAnonymous]
  327. [HttpPost("/api/swagger/submitUrl"), NonUnify]
  328. [DisplayName("Swagger登录提交")]
  329. public async Task<int> SwaggerSubmitUrl([FromForm] SpecificationAuth auth)
  330. {
  331. try
  332. {
  333. _sysCacheService.Set(CommonConst.SysCaptcha, false);
  334. await Login(new LoginInput
  335. {
  336. Account = auth.UserName,
  337. Password = CryptogramUtil.SM2Encrypt(auth.Password),
  338. });
  339. _sysCacheService.Remove(CommonConst.SysCaptcha);
  340. return 200;
  341. }
  342. catch (Exception)
  343. {
  344. return 401;
  345. }
  346. }
  347. }