修复添加管理员密码是明文的问题, 修复登录后登录状态没有更新的问题,增加 ip 工具类

lmxdawn · lmxdawn · commit 59cac7ed26db · 2018-11-24T14:36:12.000+08:00
diff --git a/admin-api/src/main/java/com/lmxdawn/api/admin/controller/auth/AuthAdminController.java b/admin-api/src/main/java/com/lmxdawn/api/admin/controller/auth/AuthAdminController.java
@@ -135,6 +135,10 @@ public ResultVO save(@RequestBody @Valid AuthAdminSaveForm authAdminSaveForm,
 
         AuthAdmin authAdmin = new AuthAdmin();
         BeanUtils.copyProperties(authAdminSaveForm, authAdmin);
+        
+        if (authAdmin.getPassword() != null) {
+            authAdmin.setPassword(PasswordUtils.authAdminPwd(authAdmin.getPassword()));
+        }
 
         boolean b = authAdminService.insertAuthAdmin(authAdmin);
 
diff --git a/admin-api/src/main/java/com/lmxdawn/api/admin/controller/auth/LoginController.java b/admin-api/src/main/java/com/lmxdawn/api/admin/controller/auth/LoginController.java
@@ -12,6 +12,7 @@
 import com.lmxdawn.api.admin.vo.auth.LoginUserInfoVO;
 import com.lmxdawn.api.common.constant.RedisConstant;
 import com.lmxdawn.api.common.utils.CacheUtils;
+import com.lmxdawn.api.common.utils.IpUtils;
 import com.lmxdawn.api.common.utils.JwtUtils;
 import com.lmxdawn.api.common.utils.ResultVOUtils;
 import com.lmxdawn.api.admin.vo.ResultVO;
@@ -47,7 +48,8 @@ public class LoginController {
      */
     @PostMapping(value = "/admin/auth/login/index")
     public ResultVO index(@RequestBody @Valid LoginForm loginForm,
-                          BindingResult bindingResult) {
+                          BindingResult bindingResult,
+                          HttpServletRequest request) {
         if (bindingResult.hasErrors()) {
             return ResultVOUtils.error(ResultEnum.PARAM_VERIFY_FALL, bindingResult.getFieldError().getDefaultMessage());
         }
@@ -60,6 +62,13 @@ public ResultVO index(@RequestBody @Valid LoginForm loginForm,
         if (!PasswordUtils.authAdminPwd(loginForm.getPwd()).equals(authAdmin.getPassword())) {
             throw new JsonException(ResultEnum.DATA_NOT, "用户名或密码错误");
         }
+        
+        // 更新登录状态
+        AuthAdmin authAdminUp = new AuthAdmin();
+        authAdminUp.setId(authAdmin.getId());
+        authAdminUp.setLastLoginTime(new Date());
+        authAdminUp.setLastLoginIp(IpUtils.getIpAddr(request));
+        authAdminService.updateAuthAdmin(authAdminUp);
 
         // 登录成功后获取权限，这里面会设置到缓存
         authLoginService.listRuleByAdminId(authAdmin.getId());
@@ -100,7 +109,6 @@ public ResultVO userInfo(HttpServletRequest request) {
      * 登出
      * @return
      */
-    @AuthRuleAnnotation("")
     @PostMapping("/admin/auth/login/out")
     public ResultVO out(){
         return ResultVOUtils.success();
@@ -110,7 +118,7 @@ public ResultVO out(){
      * 修改密码
      * @return
      */
-    @AuthRuleAnnotation("")
+    @AuthRuleAnnotation("") // 需要登录验证,但是不需要权限验证时,value 值填空字符串
     @PostMapping("/admin/auth/login/password")
     public ResultVO password(@RequestBody @Valid UpdatePasswordForm updatePasswordForm,
                              BindingResult bindingResult) {
diff --git a/admin-api/src/main/java/com/lmxdawn/api/common/utils/IpUtils.java b/admin-api/src/main/java/com/lmxdawn/api/common/utils/IpUtils.java
@@ -0,0 +1,44 @@
+package com.lmxdawn.api.common.utils;
+
+import javax.servlet.http.HttpServletRequest;
+import java.net.InetAddress;
+
+public class IpUtils {
+    
+    /**
+     * 获取客户端IP地址
+     *
+     * @param request
+     * @return
+     */
+    public static String getIpAddr(HttpServletRequest request) {
+        String ip = request.getHeader("x-forwarded-for");
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("Proxy-Client-IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("WL-Proxy-Client-IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getRemoteAddr();
+            if (ip.equals("127.0.0.1")) {
+                //根据网卡取本机配置的IP
+                InetAddress inet = null;
+                try {
+                    inet = InetAddress.getLocalHost();
+                    ip = inet.getHostAddress();
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
+            }
+        }
+        // 多个代理的情况，第一个IP为客户端真实IP,多个IP按照','分割
+        if (ip != null && ip.length() > 15) {
+            if (ip.indexOf(",") > 0) {
+                ip = ip.substring(0, ip.indexOf(","));
+            }
+        }
+        return ip;
+    }
+    
+}
