using ERP.Core.Entity; using ERP.Core.Interface; using ERP.Core.Repository; using ERP.Core.Resource; using ERP.Framework.Cache; using ERP.Framework.Config; using ERP.Framework.Constants; using ERP.Framework.Enum; using ERP.Framework.Security.Core; using ERP.Framework.Utils; using Microsoft.Extensions.Localization; namespace ERP.Core.Service { public class AuthService : IAuthService { private readonly IStringLocalizer _localizer; private readonly SysUserRepository _sysUserRepository; private readonly SysRoleRepository _sysRoleRepository; private readonly SysMenuRepository _sysMenuRepository; public AuthService(IStringLocalizer localizer, SysUserRepository sysUserRepository, SysRoleRepository sysRoleRepository, SysMenuRepository sysMenuRepository) { _localizer = localizer; this._sysUserRepository = sysUserRepository; this._sysRoleRepository = sysRoleRepository; this._sysMenuRepository = sysMenuRepository; } /// /// 获取登录用户 /// /// 设置r /// 用户名 /// 密码 /// 设备唯一值 /// /// public LoginUser GetLoginUser( SecurityConfig securityConfig , string loginName , string password) { var user = _sysUserRepository.FirstOrDefault(t => t.UserName == loginName); if (user == null) { throw new Exception(string.Format(_localizer["User.NotExist"], loginName)); } CheckUserStatus(user); CheckLogin(securityConfig, password, user); var roleList = _sysRoleRepository.SelectRoleListByUserId(user.Id); var roleKeyList = roleList.Select(t => t.RoleKey).ToList(); var permissions = new List(); if (roleList.Any(t => t.RoleKey == FrameworkConstant.ADMIN)) { permissions.Add(FrameworkConstant.ADMIN_PERMISSION); } else { var roleIds = roleList.Select(t => t.Id).ToList(); permissions = _sysMenuRepository.SelectPermissionsByRoleIds(roleIds); } return new LoginUser() { UserId = user.Id, UserName = user.UserName, Avatar = user.Avatar, Email = user.Email, UserStatus = user.UserStatus, RoleKeys = roleKeyList, Permission = permissions }; } private void CheckUserStatus(SysUser user) { if (user.UserStatus == StatusEnum.Enable) { return; } else if (user.UserStatus == StatusEnum.Disable) { throw new Exception(string.Format(_localizer["User.Bloked"], user.UserName)); } } private void CheckLogin(SecurityConfig securityConfig, string password, SysUser loginUser) { var passwordErrorRedisKey = AuthConstant.PASSWORD_ERROR + IPUtil.GetClientIp(); var errorNumber = RedisHelper.Get(passwordErrorRedisKey); var hasErrorRedis = !errorNumber.IsNullOrEmpty(); if (hasErrorRedis && errorNumber.ToInt() >= securityConfig.MaxRetryCount) { // Todo 记录登录信息(超出限制期间登录) throw new Exception(string.Format(_localizer["User.Password.RetryLimitExceed"], errorNumber, securityConfig.LockTime)); } var isLogin = CryptoUtil.BCValify(password, loginUser.Password); if (!isLogin) { if (!hasErrorRedis) { RedisHelper.SaveExpire(passwordErrorRedisKey, AuthConstant.FIRST_PASSWORD_ERROR, securityConfig.LockTime); } else { var number = int.Parse(errorNumber) + 1; RedisHelper.Save(passwordErrorRedisKey, number.ToString()); } throw new Exception(_localizer["User.Password.Error"]); } if (hasErrorRedis) { RedisHelper.Delete(passwordErrorRedisKey); } } } }