| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 |
- using ERP.Core.Entity;
- using ERP.Core.Interface;
- using ERP.Core.Repository;
- using ERP.Core.Resource;
- using ERP.Framework.Cache;
- using ERP.Framework.Config;
- using ERP.Framework.Constants;
- using ERP.Framework.Enum;
- using ERP.Framework.Security.Core;
- using ERP.Framework.Utils;
- using Microsoft.Extensions.Localization;
- namespace ERP.Core.Service
- {
- public class AuthService : IAuthService
- {
- private readonly IStringLocalizer<AuthI18N> _localizer;
- private readonly SysUserRepository _sysUserRepository;
- private readonly SysRoleRepository _sysRoleRepository;
- private readonly SysMenuRepository _sysMenuRepository;
- public AuthService(IStringLocalizer<AuthI18N> localizer, SysUserRepository sysUserRepository, SysRoleRepository sysRoleRepository, SysMenuRepository sysMenuRepository)
- {
- _localizer = localizer;
- this._sysUserRepository = sysUserRepository;
- this._sysRoleRepository = sysRoleRepository;
- this._sysMenuRepository = sysMenuRepository;
- }
- /// <summary>
- /// 获取登录用户
- /// </summary>
- /// <param name="securityConfig">设置</param>r
- /// <param name="loginName">用户名</param>
- /// <param name="password">密码</param>
- /// <param name="deviceKey">设备唯一值</param>
- /// <returns></returns>
- /// <exception cref="Exception"></exception>
- public LoginUser GetLoginUser(
- SecurityConfig securityConfig
- , string loginName
- , string password)
- {
- var user = _sysUserRepository.FirstOrDefault(t => t.UserName == loginName);
- if (user == null)
- {
- throw new Exception(string.Format(_localizer["User.NotExist"], loginName));
- }
- CheckUserStatus(user);
- CheckLogin(securityConfig, password, user);
- var roleList = _sysRoleRepository.SelectRoleListByUserId(user.Id);
- var roleKeyList = roleList.Select(t => t.RoleKey).ToList();
- var permissions = new List<string>();
- if (roleList.Any(t => t.RoleKey == FrameworkConstant.ADMIN))
- {
- permissions.Add(FrameworkConstant.ADMIN_PERMISSION);
- }
- else
- {
- var roleIds = roleList.Select(t => t.Id).ToList();
- permissions = _sysMenuRepository.SelectPermissionsByRoleIds(roleIds);
- }
- return new LoginUser()
- {
- UserId = user.Id,
- UserName = user.UserName,
- Avatar = user.Avatar,
- Email = user.Email,
- UserStatus = user.UserStatus,
- RoleKeys = roleKeyList,
- Permission = permissions
- };
- }
- private void CheckUserStatus(SysUser user)
- {
- if (user.UserStatus == StatusEnum.Enable)
- {
- return;
- }
- else if (user.UserStatus == StatusEnum.Disable)
- {
- throw new Exception(string.Format(_localizer["User.Bloked"], user.UserName));
- }
- }
- private void CheckLogin(SecurityConfig securityConfig, string password, SysUser loginUser)
- {
- var passwordErrorRedisKey = AuthConstant.PASSWORD_ERROR + IPUtil.GetClientIp();
- var errorNumber = RedisHelper.Get(passwordErrorRedisKey);
- var hasErrorRedis = !errorNumber.IsNullOrEmpty();
- if (hasErrorRedis && errorNumber.ToInt() >= securityConfig.MaxRetryCount)
- {
- // Todo 记录登录信息(超出限制期间登录)
- throw new Exception(string.Format(_localizer["User.Password.RetryLimitExceed"], errorNumber, securityConfig.LockTime));
- }
- var isLogin = CryptoUtil.BCValify(password, loginUser.Password);
- if (!isLogin)
- {
- if (!hasErrorRedis)
- {
- RedisHelper.SaveExpire(passwordErrorRedisKey, AuthConstant.FIRST_PASSWORD_ERROR, securityConfig.LockTime);
- }
- else
- {
- var number = int.Parse(errorNumber) + 1;
- RedisHelper.Save(passwordErrorRedisKey, number.ToString());
- }
- throw new Exception(_localizer["User.Password.Error"]);
- }
- if (hasErrorRedis)
- {
- RedisHelper.Delete(passwordErrorRedisKey);
- }
- }
- }
- }
|
