增加登录限制

2025-12-11 20:06:51 +08:00 · 2022-11-29 16:35:30 +08:00
parent fb91e871d4
commit dd1a36a8dc
1 changed files with 18 additions and 1 deletions
--- a/servers/boe-server-all/src/main/java/com/xboe/system/api/SysLoginApi.java
+++ b/servers/boe-server-all/src/main/java/com/xboe/system/api/SysLoginApi.java
@@ -99,6 +99,14 @@ public class SysLoginApi extends ApiBaseController {
            if (!code.toLowerCase().equals(verCode)) {
                return error("验证码错误");
            }
+
+            // 从redis缓存中获取5分钟内登陆错误的次数
+            String loginErrorNum = redisTemplate.opsForValue().get(CacheName.NAME_USER_LOGIN_ERROR_NUM);
+            Integer loginErrorCount = 0;
+            if(loginErrorNum != null || !loginErrorNum.equals("")){
+                loginErrorCount = Integer.parseInt(loginErrorNum);
+            }
+
            // 检查系统用户是否存在
            Account account = accountService.check(loginName,null);
            String passStr = "";
@@ -106,8 +114,17 @@ public class SysLoginApi extends ApiBaseController {
                passStr = MD5Util.MD5Encode(password + account.getPassKey());
            }

+
            if (account == null || StringUtil.isBlank(passStr) || !passStr.equals(account.getPassValue())) {
-                return error("用户名或密码错误");
+                if(loginErrorCount >=5){
+                    redisTemplate.opsForValue().set(CacheName.NAME_USER_LOGIN_ERROR_NUM, "5", 5, TimeUnit.MINUTES);
+                    return error("由于您登录失败次数过多，账号已被锁定！");
+                }else{
+                    loginErrorCount = loginErrorCount + 1;
+                    redisTemplate.opsForValue().set(CacheName.NAME_USER_LOGIN_ERROR_NUM, loginErrorCount+"", 5, TimeUnit.MINUTES);
+                    return error("用户名或密码错误，您还有"+(5-loginErrorCount)+"次登录机会");
+                }
+//                return error("用户名或密码错误");
            }

            if (account.getStatus().equals(Constants.ACCOUNT_STATUS_DEACTIVATE)) {