serv\web- 日志

schoolNewsServ/auth/src/main/java/org/xyzh/auth/service/LoginLogService.java

@@ -1,69 +0,0 @@
-package org.xyzh.auth.service;
-
-import org.springframework.stereotype.Service;
-import org.xyzh.common.dto.system.TbSysLoginLog;
-import org.xyzh.common.utils.IDUtils;
-
-/**
- * @description    LoginLogService.java文件描述 登录日志服务
- * @filename    LoginLogService.java
- * @author    yslg
- * @copyright xyzh
- * @since 2025-09-28
- */
-@Service
-public class LoginLogService {
-
-    /**
-     * @description    保存登录日志
-     * @param    loginLog 登录日志
-     * @author    yslg
-     * @since 2025-09-28
-     */
-    public void saveLoginLog(TbSysLoginLog loginLog) {
-        // 确保登录日志有ID，如果没有则生成一个
-        if (loginLog.getID() == null || loginLog.getID().isEmpty()) {
-            loginLog.setID(IDUtils.generateID());
-        }
-        
-        // TODO: 实现登录日志保存逻辑
-        // 这里应该调用数据层保存日志
-        System.out.println("保存登录日志: " + loginLog);
-    }
-
-    /**
-     * @description    根据用户ID查询登录日志
-     * @param    userId 用户ID
-     * @return    List<TbSysLoginLog> 登录日志列表
-     * @author    yslg
-     * @since 2025-09-28
-     */
-    public java.util.List<TbSysLoginLog> findLoginLogsByUserId(String userId) {
-        // TODO: 实现根据用户ID查询登录日志的逻辑
-        return new java.util.ArrayList<>();
-    }
-
-    /**
-     * @description    查询登录失败次数
-     * @param    userId 用户ID
-     * @param    timeRange 时间范围（分钟）
-     * @return    int 失败次数
-     * @author    yslg
-     * @since 2025-09-28
-     */
-    public int countFailedLoginAttempts(String userId, int timeRange) {
-        // TODO: 实现查询指定时间范围内的登录失败次数
-        return 0;
-    }
-
-    /**
-     * @description    清除登录失败记录
-     * @param    userId 用户ID
-     * @author    yslg
-     * @since 2025-09-28
-     */
-    public void clearFailedLoginAttempts(String userId) {
-        // TODO: 实现清除登录失败记录的逻辑
-        System.out.println("清除用户 " + userId + " 的登录失败记录");
-    }
-}

schoolNewsServ/auth/src/main/java/org/xyzh/auth/service/LoginServiceImpl.java

@@ -17,6 +17,7 @@ import org.xyzh.common.dto.user.TbSysUser;
 import org.xyzh.common.dto.menu.TbSysMenu;
 import org.xyzh.common.exception.auth.AuthException;
 import org.xyzh.common.utils.IDUtils;
+import org.xyzh.common.utils.ServletUtils;
 
 import jakarta.servlet.http.HttpServletRequest;
 
@@ -24,6 +25,7 @@ import org.xyzh.api.system.user.UserService;
 import org.xyzh.api.system.role.RoleService;
 import org.xyzh.api.system.permission.PermissionService;
 import org.xyzh.common.redis.service.RedisService;
+import org.xyzh.api.system.log.LoginLogService;
 import org.xyzh.api.system.menu.MenuService;
 import org.xyzh.common.vo.UserDeptRoleVO;
 
@@ -70,6 +72,21 @@ public class LoginServiceImpl implements LoginService {
     public ResultDomain<LoginDomain> login(LoginParam loginParam, HttpServletRequest request) {
         ResultDomain<LoginDomain> result = new ResultDomain<>();
         String ipAddress = request.getRemoteAddr();
+        
+        // Redis 自动递增（不存在则创建并返回1，存在则递增后返回）
+        String attemptKey = "login:attempt:" + loginParam.getUsername();
+        int loginAttempt = (int) redisService.incr(attemptKey, 1);
+        
+        // 如果是第一次尝试，设置10分钟过期时间
+        if (loginAttempt == 1) {
+            redisService.setExpire(attemptKey, 10, TimeUnit.MINUTES);
+        }
+        
+        // 检查是否超过最大尝试次数
+        if (loginAttempt > 3) {
+            result.fail("登录失败次数过多，请稍后再试");
+            return result;
+        }
         try {
             // 自动检测登录类型
             String loginType = detectLoginType(loginParam);
@@ -88,7 +105,7 @@ public class LoginServiceImpl implements LoginService {
             TbSysUser user = strategy.findUser(loginParam);
             if (user == null) {
                 result.fail("用户不存在");
-                logLoginAttempt(loginParam, null, false, "用户不存在");
+                logLoginAttempt(loginParam, null, false, loginAttempt, "用户不存在");
                 return result;
             }
 
@@ -96,7 +113,7 @@ public class LoginServiceImpl implements LoginService {
             UserStatus userStatus = UserStatus.fromCode(String.valueOf(user.getStatus()));
             if (userStatus != UserStatus.NORMAL) {
                 result.fail("用户状态异常: " + userStatus.getName());
-                logLoginAttempt(loginParam, user, false, "用户状态异常: " + userStatus.getName());
+                logLoginAttempt(loginParam, user, false, loginAttempt, "用户状态异常: " + userStatus.getName());
                 return result;
             }
 
@@ -104,7 +121,7 @@ public class LoginServiceImpl implements LoginService {
                 // 验证凭据（密码或验证码）
                 if (!strategy.verifyCredential(loginParam.getPassword(), user.getPassword())) {
                     result.fail("密码错误");
-                    logLoginAttempt(loginParam, user, false, "密码错误");
+                    logLoginAttempt(loginParam, user, false, loginAttempt, "密码错误");
                     return result;
                 }
             }
@@ -113,7 +130,7 @@ public class LoginServiceImpl implements LoginService {
                 String storedCaptcha = (String) redisService.get("captcha:" + loginParam.getPhone());
                 if (!strategy.verifyCredential(loginParam.getCaptcha(), storedCaptcha)) {
                     result.fail("验证码错误");
-                    logLoginAttempt(loginParam, user, false, "验证码错误");
+                    logLoginAttempt(loginParam, user, false, loginAttempt, "验证码错误");
                     return result;
                 }
                 // 验证码使用后删除
@@ -129,9 +146,10 @@ public class LoginServiceImpl implements LoginService {
             String redisKey = "login:token:" + user.getID();
             redisService.set(redisKey, loginDomain, 24 * 60 * 60, TimeUnit.SECONDS);
             
-            // 记录成功登录日志
-            logLoginAttempt(loginParam, user, true, "登录成功");
-
+            // 登录成功后清除失败次数并记录成功日志
+            redisService.delete(attemptKey);
+            logLoginAttempt(loginParam, user, true, 0, "登录成功");
+            
             result.success("登录成功", loginDomain);
             result.setData(loginDomain);
             
@@ -253,7 +271,7 @@ public class LoginServiceImpl implements LoginService {
      * @author    yslg
      * @since 2025-09-28
      */
-    private void logLoginAttempt(LoginParam loginParam, TbSysUser user, boolean success, String message) {
+    private void logLoginAttempt(LoginParam loginParam, TbSysUser user, boolean success, int errorCount, String message) {
         TbSysLoginLog loginLog = new TbSysLoginLog();
         
         // 使用IDUtils生成登录日志ID
@@ -266,9 +284,14 @@ public class LoginServiceImpl implements LoginService {
         // 注意：实际生产中不应记录密码
         // loginLog.setPassword(loginParam.getPassword()); 
         loginLog.setStatus(success ? 1 : 0);
+        loginLog.setErrorCount(errorCount);
         loginLog.setMessage(message);
-        loginLog.setLoginTime(new Date().toString());
-        
-        loginLogService.saveLoginLog(loginLog);
+        loginLog.setLoginTime(new Date());
+        loginLog.setIpAddress(ServletUtils.getClientIp());
+        loginLog.setIpSource(ServletUtils.getIpSource());
+        loginLog.setBrowser(ServletUtils.getBrowser());
+        loginLog.setOs(ServletUtils.getOs());
+
+        loginLogService.insertLoginLog(loginLog);
     }
 }

schoolNewsServ/auth/src/main/java/org/xyzh/auth/strategy/impl/PasswordLoginStrategy.java

@@ -62,11 +62,12 @@ public class PasswordLoginStrategy implements LoginStrategy {
         if (NonUtils.isNotEmpty(loginParam.getPhone())) {
             filter.setPhone(loginParam.getPhone());
         }
-        List<TbSysUser> users = userService.getUserByFilter(filter).getDataList();
-        if(users.isEmpty()) {
+        filter.setPassword(passwordEncoder.encode(loginParam.getPassword()));
+        TbSysUser user = userService.getLoginUser(filter).getData();
+        if(user == null) {
             return null;
         }
-        return users.get(0);
+        return user;
     }
 
     @Override