用户账户审计

src/bean/entity/system_user.go

@@ -5,29 +5,38 @@ import (
 )
 
 type SystemUser struct {
-	Id             int       `json:"id" xorm:"pk autoincr" `                 // id
-	Name           string    `json:"name"  `                                 // 名称
-	SystemAccount  string    `json:"system_account"  `                       // 账号
-	OrganizationId string    `json:"organization_id" xorm:"organization_id"` // 所属组织
-	Password       string    `json:"password"`                               // 密码
-	State          int       `json:"state" xorm:"state"`                     // 状态0禁用1启用
-	Logo           string    `json:"logo" xorm:"logo"`                       // 头像logo
-	CreatedBy      int       `json:"created_by"  `                           // 创建者
-	CreatedTime    time.Time `json:"created_time" xorm:"created" `           // 创建时间
-	UpdatedBy      int       `json:"updated_by"  `                           // 更新者
-	UpdatedTime    time.Time `json:"updated_time" xorm:"updated" `           // 更新时间
-	IsDeleted      int       `json:"is_deleted" xorm:"is_deleted"`           // 是否删除
-	Phone          string    `json:"phone" xorm:"phone"`                     // 手机号
+	Id             int       `json:"id" xorm:"pk autoincr" `                   // id
+	Name           string    `json:"name"  `                                   // 名称
+	SystemAccount  string    `json:"system_account"  `                         // 账号
+	OrganizationId string    `json:"organization_id" xorm:"organization_id"`   // 所属组织
+	Password       string    `json:"password"`                                 // 密码
+	State          int       `json:"state" xorm:"state"`                       // 状态0禁用1启用
+	Logo           string    `json:"logo" xorm:"logo"`                         // 头像logo
+	CreatedBy      int       `json:"created_by"  `                             // 创建者
+	CreatedTime    time.Time `json:"created_time" xorm:"created" `             // 创建时间
+	UpdatedBy      int       `json:"updated_by"  `                             // 更新者
+	UpdatedTime    time.Time `json:"updated_time" xorm:"updated" `             // 更新时间
+	IsDeleted      int       `json:"is_deleted" xorm:"is_deleted"`             // 是否删除
+	Phone          string    `json:"phone" xorm:"phone"`                       // 手机号
+	PwdLevel       int       `json:"pwd_level"`                                // 密码强度1低2中3高
+	PwdForceStatus int       `json:"pwd_force_status"`                         // 密码强制修改状态0否1是
+	LastAccessTime time.Time `json:"last_access_time" xorm:"last_access_time"` // 用户最后访问时间
+	PwdUpdatedTime time.Time `json:"pwd_updated_time"`                         // 密码修改时间
 }
 
 type SystemUserInfo struct {
-	Id             int    `json:"id" xorm:"pk autoincr" `                 // id
-	Name           string `json:"name"  `                                 // 名称
-	SystemAccount  string `json:"system_account"  `                       // 账号
-	OrganizationId string `json:"organization_id" xorm:"organization_id"` // 所属组织
-	Password       string `json:"password,omitempty"`                     // 密码
-	State          int    `json:"state" xorm:"state"`                     // 状态0禁用1启用
-	Logo           string `json:"logo" xorm:"logo"`                       // 头像logo
-	IsDeleted      int    `json:"is_deleted" xorm:"is_deleted"`           // 是否删除
-	Phone          string `json:"phone" xorm:"phone"`                     // 手机号
+	Id             int       `json:"id" xorm:"pk autoincr" `                   // id
+	Name           string    `json:"name"  `                                   // 名称
+	SystemAccount  string    `json:"system_account"  `                         // 账号
+	OrganizationId string    `json:"organization_id" xorm:"organization_id"`   // 所属组织
+	Password       string    `json:"password,omitempty"`                       // 密码
+	State          int       `json:"state" xorm:"state"`                       // 状态0禁用1启用
+	Logo           string    `json:"logo" xorm:"logo"`                         // 头像logo
+	IsDeleted      int       `json:"is_deleted" xorm:"is_deleted"`             // 是否删除
+	Phone          string    `json:"phone" xorm:"phone"`                       // 手机号
+	PwdLevel       int       `json:"pwd_level"`                                // 密码强度1低2中3高
+	PwdForceStatus int       `json:"pwd_force_status"`                         // 密码强制修改状态0否1是
+	LastAccessTime time.Time `json:"last_access_time" xorm:"last_access_time"` // 用户最后访问时间
+	PwdUpdatedTime time.Time `json:"pwd_updated_time"`                         // 密码修改时间
+	OrgName        string    `json:"org_name"`                                 // 组织机构名称
 }

src/bean/vo/request/system_user.go

@@ -18,6 +18,7 @@ type CreateSystemUserReq struct {
 	CreatedBy      string `json:"created_by"`     // 用户创建人
 	UpdatedBy      string `json:"updated_by"`     // 用户更新人
 	IsAdmin        int    `json:"is_admin"`       // 用户类型
+
 }
 
 type UpdateSystemUserReq struct {

src/bean/vo/response/log_management.go

@@ -9,7 +9,7 @@ type LogManagementRep struct {
 	OrganizationId string `json:"organization_id" xorm:"organization_id"` // 所属组织
 	Name           string `json:"name"`                                   // 所属组织名称
 	SystemAccount  string `json:"system_account" xorm:"system_account"`   // 系统账号
-	ContactPhone   string `json:"contact_phone" xorm:"contact_phone"`     // 联系人电话
+	Phone          string `json:"phone" xorm:"phone"`                     // 联系人电话
 	//IsAdmin         string            `json:"is_admin" xorm:"is_admin"`               // 用户类型  (1.业务系统账号 2.组织管理员账号 3.平台用户账号 4.超级管理员)
 	LastAccessTimes jsontime.Time `json:"-" xorm:"last_access_time"`         // 用户最后访问时间
 	LastAccessTime  jsontime.Time `json:"last_access_time" xorm:"-"`         // 用户最后访问时间

src/bean/vo/response/system_menu.go

@@ -40,5 +40,6 @@ type SystemMenuTreePer struct {
 	MenuId      string              `json:"menu_id" xorm:"menu_id"`     //菜单id
 	PMenuId     string              `json:"p_menu_id" xorm:"p_menu_id"` //上级菜单id
 	SystemType  string              `json:"system_type"`                //系统类型
+	Source      string              `json:"source" xorm:"source"`       //源
 	Children    []SystemMenuTreePer `json:"children" xorm:"-"`
 }

src/common/client/redis.go

@@ -121,3 +121,20 @@ func (r Redis) DelList(keys []string) error {
 	bmd := r.Conn.Del(keys...)
 	return bmd.Err()
 }
+
+func (r Redis) LPush(key string, value interface{}) error {
+	key = fmt.Sprintf("%s-%s", strings.ToUpper(r.Prefix), strings.ToUpper(key))
+	bmd := r.Conn.LPush(strings.ToUpper(key), value)
+	return bmd.Err()
+}
+
+func (r Redis) LRange(key string) (str []string, err error) {
+	key = fmt.Sprintf("%s-%s", strings.ToUpper(r.Prefix), strings.ToUpper(key))
+	return r.Conn.LRange(key, 0, -1).Result()
+}
+
+func (r Redis) LRem(key string, value interface{}) error {
+	key = fmt.Sprintf("%s-%s", strings.ToUpper(r.Prefix), strings.ToUpper(key))
+	bmd := r.Conn.LRem(key, 0, value)
+	return bmd.Err()
+}

src/controller/log_management.go

@@ -111,44 +111,41 @@ func LogUserBehaviorDelete(c *gin.Context) {
 	SendJsonResponse(c, nil, "删除成功")
 }
 
-//用户账户审计列表
-//func LogUserAccountAuditList(c *gin.Context) {
-//	params := request.LogManagementListReq{}
-//	// 绑定分页数据
-//	if err := c.ShouldBindQuery(&params); err != nil {
-//		SendJsonResponse(c, res.ParamsParserError.ErrorDetail(err), nil)
-//		return
-//	}
-//	// 分页数据初始化 limit page  Offset
-//	params.PageInfo = params.PageInfo.InitPage()
-//	svc := service.LogManagement{User: util.GetContextUser(c)}
-//	list, count, err := svc.LogUserAccountAuditList(&params)
-//	if err != nil {
-//		SendJsonResponse(c, err, nil)
-//		return
-//	}
-//	SendJsonPageResponse(c, err, list, count)
-//}
-//
-//// 用户账户审计列表导出LogUserAccountAuditExport
-//func LogUserAccountAuditExport(c *gin.Context) {
-//	params := request.LogManagementListReq{}
-//	// 绑定分页数据
-//	if err := c.ShouldBindQuery(&params); err != nil {
-//		SendJsonResponse(c, res.ParamsParserError.ErrorDetail(err), nil)
-//		return
-//	}
-//	// 分页数据初始化 limit page  Offset
-//	params.PageInfo = params.PageInfo.InitPage()
-//	svc := service.LogManagement{User: util.GetContextUser(c)}
-//	file, fileName, err := svc.LogUserAccountAuditExport(&params)
-//	if err != nil {
-//		SendJsonResponse(c, err, nil)
-//		return
-//	}
-//	c.Writer.Header().Add("Content-Disposition", fmt.Sprintf("attachment; filename=%s", fileName)) //fmt.Sprintf("attachment; filename=%s", filename)对下载的文件重命名
-//	c.Writer.Header().Add("Content-Type", "application/octet-stream")
-//	c.Writer.Header().Add("Content-Transfer-Encoding", "binary")
-//	_ = file.Write(c.Writer)
-//
-//}
+// 用户账户审计列表
+func LogUserAccountAuditList(c *gin.Context) {
+	params := request.LogManagementListReq{}
+	// 绑定分页数据
+	if err := c.ShouldBindQuery(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), nil)
+		return
+	}
+	svc := service.LogManagement{User: header.GetUser(c)}
+	list, count, err := svc.LogUserAccountAuditList(&params)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	SendJsonPageResponse(c, err, list, count)
+}
+
+// 用户账户审计列表导出LogUserAccountAuditExport
+func LogUserAccountAuditExport(c *gin.Context) {
+	params := request.LogManagementListReq{}
+	// 绑定分页数据
+	if err := c.ShouldBindQuery(&params); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), nil)
+		return
+	}
+	// 分页数据初始化 limit page  Offset
+	svc := service.LogManagement{User: header.GetUser(c)}
+	file, fileName, err := svc.LogUserAccountAuditExport(&params)
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	c.Writer.Header().Add("Content-Disposition", fmt.Sprintf("attachment; filename=%s", fileName)) //fmt.Sprintf("attachment; filename=%s", filename)对下载的文件重命名
+	c.Writer.Header().Add("Content-Type", "application/octet-stream")
+	c.Writer.Header().Add("Content-Transfer-Encoding", "binary")
+	_ = file.Write(c.Writer)
+
+}

src/controller/login.go

 package controller
 
 import (
+	"errors"
 	vd "github.com/bytedance/go-tagexpr/validator"
 	"github.com/gin-gonic/gin"
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/vo/request"
@@ -8,9 +9,9 @@ import (
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/resp"
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/service"
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/util"
-
 	"go.uber.org/zap"
 	"strconv"
+	"time"
 )
 
 func UserLogin(c *gin.Context) {
@@ -48,7 +49,88 @@ func UserLogin(c *gin.Context) {
 	SendJsonResponse(c, resp.OK, msg)
 }
 
+func UserLoginV2(c *gin.Context) {
+	userReq := request.UserReq{}
+	err := c.BindJSON(&userReq)
+	if err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), nil)
+		return
+	}
+	// 参数检测
+	if err = vd.Validate(userReq); err != nil {
+		SendJsonResponse(c, resp.InvalidParam.WithError(err), nil)
+		return
+	}
+
+	loginInf := service.UserSvc{SystemAccount: userReq.SystemAccount}
+	userInfo, err := loginInf.GetUserInfo("")
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+
+	// 获取系统配置信息
+	op := service.SystemOptionsSvc{}
+	config, err := op.GetSystemOptions()
+	if err != nil {
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	// 未开启是否启用登录配置时 只进行密码正确性校验 (admin 始终只进行密码校验)
+
+	upperMd5Pass, err := service.SolvePassword(userInfo.Id, userReq.Password)
+	if err != nil {
+		conf.Logger.Error("加密错误", zap.Error(err))
+		SendJsonResponse(c, err, nil)
+		return
+	}
+	if upperMd5Pass != userInfo.Password {
+		if config.LoginConfigState == 1 {
+			err := loginInf.UserLock(userInfo.Id, userInfo.Password, config)
+			if err != nil {
+				SendJsonResponse(c, err, nil)
+				return
+			}
+			err = errors.New("密码错误")
+			SendJsonResponse(c, err, nil)
+			return
+		}
+		loginInf.UserUnLock(userInfo.Id)
+
+		// TODO STEP2 用户和ip没有加入到访问规则登录不上提醒
+		if config.AccessRuleState == 1 {
+			ip := util.RemoteIp(c.Request)
+			svc := service.AccessRuleSvc{}
+			if errCode := svc.CheckIp(ip, userInfo.Id); errCode != nil {
+				SendJsonResponse(c, errCode, nil)
+				return
+			}
+		}
+		//  密码失效提醒
+		subDays := util.SubDays(time.Now(), userInfo.PwdUpdatedTime)
+		if config.PwdValidity-subDays <= 0 && config.PwdValidity != 0 && userInfo.PwdUpdatedTime.String()[:10] != "0001-01-01" {
+			SendJsonResponse(c, resp.FAIL.ErrorDetail(errors.New("密码已失效，请联系管理员修改密码！")), nil)
+			return
+		}
+		//  密码强弱提醒
+		if config.ForceUpdateState == 1 && config.MinPwdLevel > userInfo.PwdLevel {
+			SendJsonResponse(c, resp.FAIL.ErrorDetail(errors.New("密码强度弱，请联系管理员修改密码！")), nil)
+			return
+		}
+
+		lastLogin, msg, uuidStr, err := loginInf.LoginV2(userInfo)
+		if err != nil {
+			SendJsonResponse(c, err, "")
+			return
+		}
+		c.SetCookie(conf.CookieName, uuidStr, 1*60*60*24, "/", "", false, false)
+		c.SetCookie(conf.CookieNameLastLogin, lastLogin, 1*60*60*24, "/", "", false, false)
+
+		SendJsonResponse(c, resp.OK, msg)
+	}
+}
 func GetUserInfo(c *gin.Context) {
+
 	token, _ := c.Cookie(conf.CookieName)
 	conf.Logger.Info("当前token信息为", zap.String("bgToken", token))
 	header := c.GetHeader(conf.CookieName)

src/router/logmanagementrouter.go

@@ -31,12 +31,13 @@ func InitLogManagementRouter(e *gin.Engine) {
 		}
 
 		//userAccountAudit := logger.Group("/userAccountAudit", header.SetContext)
-		//{
-		//	//用户账户审计:
-		//	userAccountAudit.GET("list", controller.LogUserAccountAuditList, header.AddLogMiddleware("用户账户审计", "/list", constant.OpTypeIntMap[constant.Find]))              //用户账户审计列表
-		//	userAccountAudit.GET("list/export", controller.LogUserAccountAuditExport, header.AddLogMiddleware("用户账户审计", "/export", constant.OpTypeIntMap[constant.Export])) //用户账户审计列表导出
-		//
-		//}
+		userAccountAudit := logger.Group("/userAccountAudit")
+		{
+			//用户账户审计:
+			userAccountAudit.GET("list", controller.LogUserAccountAuditList, header.AddLogMiddleware("用户账户审计", "/list", constant.OpTypeIntMap[constant.Find]))              //用户账户审计列表
+			userAccountAudit.GET("list/export", controller.LogUserAccountAuditExport, header.AddLogMiddleware("用户账户审计", "/export", constant.OpTypeIntMap[constant.Export])) //用户账户审计列表导出
+
+		}
 
 	}
 }

src/service/access_rule.go

+package service
+
+import (
+	"fmt"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/bean/entity"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/client"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/conf"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/resp"
+	"net"
+	"strings"
+	"time"
+
+	"github.com/go-redis/redis"
+	"github.com/spf13/cast"
+
+	"go.uber.org/zap"
+)
+
+type AccessRuleSvc struct {
+}
+
+// 校验用户访问的ip是否合法
+func (r *AccessRuleSvc) CheckIp(ip string, userId int) error {
+	rcon, err := client.GetRedisClient()
+	if err != nil {
+		conf.Logger.Error("redis err", zap.Error(err))
+		return resp.RedisConnectError.ErrorDetail(err)
+	}
+	mode := 0
+	modeVal, err := rcon.Get(conf.Options.AccessRuleModeKey)
+	if err != nil {
+		if err == redis.Nil {
+			// 查询数据库
+			accessRuleMode, errCode := r.GetAccessRuleMode()
+			if errCode != nil {
+				conf.Logger.Error("db err", zap.Error(err))
+				return resp.DbSelectError.ErrorDetail(err)
+			}
+			mode = accessRuleMode
+			err = rcon.Set(conf.Options.AccessRuleModeKey, accessRuleMode, 60*time.Second)
+			if err != nil {
+				return err
+			}
+		} else {
+			conf.Logger.Error("redis err", zap.Error(err))
+			return resp.RedisExecError.ErrorDetail(err)
+		}
+	} else {
+		mode = cast.ToInt(modeVal)
+	}
+	switch mode {
+	case 0: // 访问规则模式关闭
+		return nil
+	case 1: // 黑名单模式
+		accessRules, errCode := r.GetAllAccessRules(1)
+		if errCode != nil {
+			conf.Logger.Error("db err", zap.Error(err))
+			return resp.DbSelectError.ErrorDetail(err)
+		}
+		//查询登录用户是否加入访问规则
+		ruleUserInfo, err := r.GetSystemRuleUser(userId)
+		if err != nil {
+			return resp.DbSelectError.ErrorDetail(err)
+		}
+		for i := range accessRules {
+			// 判断ip 是否合法
+			fmt.Println(accessRules[i].RuleDetail)
+			ruleArr := strings.Split(accessRules[i].RuleDetail, "\n")
+			for _, rule := range ruleArr {
+				//IP校验+用户是否加入访问规则
+				if r.checkIp(ip, strings.Trim(rule, " ")) == false && len(ruleUserInfo) > 0 {
+					conf.Logger.Error("访问规则error", zap.Error(err))
+					return resp.FAIL.ErrorDetail(fmt.Errorf("您的IP:%s不在访问白名单内，禁止访问，请联系管理员。", ip))
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func (r *AccessRuleSvc) checkIp(targetIp, ipRule string) bool {
+	parseIP := net.ParseIP(ipRule)
+	if parseIP != nil {
+		return parseIP.String() == targetIp
+	} else {
+		_, ipNet, _ := net.ParseCIDR(ipRule)
+		if ipNet != nil {
+			return ipNet.Contains(net.ParseIP(targetIp))
+		}
+	}
+	return false
+}
+
+// 获取访问规则模式
+func (r *AccessRuleSvc) GetAccessRuleMode() (int, error) {
+	db, err := client.GetDbClient()
+	if err != nil {
+		return 0, resp.DbConnectError.ErrorDetail(err)
+	}
+	var accessRuleMode int
+	_, err = db.Table("system_preference_config").Select("access_rule_state").Get(&accessRuleMode)
+	if err != nil {
+		return 0, resp.DbSelectError.ErrorDetail(err)
+	}
+	return accessRuleMode, nil
+}
+
+// 查询所有的访问规则
+func (r *AccessRuleSvc) GetAllAccessRules(state int) ([]entity.SystemAccessRule, error) {
+	db, err := client.GetDbClient()
+	if err != nil {
+		return nil, resp.DbConnectError.ErrorDetail(err)
+	}
+	var ls []entity.SystemAccessRule
+	session := db.Table("system_access_rule").Where("rule_type = 1")
+	if state != 0 {
+		session.Where("state = ?", state)
+	}
+	if err := session.Find(&ls); err != nil {
+		return nil, resp.DbSelectError.ErrorDetail(err)
+	}
+	return ls, nil
+}
+
+// 查询用户维护访问规则
+func (r *AccessRuleSvc) GetSystemRuleUser(userId int) ([]entity.SystemRuleUser, error) {
+	db, err := client.GetDbClient()
+	if err != nil {
+		return nil, resp.DbConnectError.ErrorDetail(err)
+	}
+	var ls []entity.SystemRuleUser
+	modelObj := db.Table("system_rule_user").Alias("sru")
+	modelObj.Join("INNER", []string{"system_access_rule", "sar"}, "sar.rule_id = sru.rule_id")
+	modelObj.Where("sru.user_id = ?", userId).And("sar.state = 1")
+	if err := modelObj.Find(&ls); err != nil {
+		return nil, resp.DbSelectError.ErrorDetail(err)
+	}
+	return ls, nil
+}

src/service/login.go

@@ -11,6 +11,7 @@ import (
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/conf"
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/tools"
 	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/pkg/beagle/resp"
+	"strconv"
 
 	"image/color"
 	"strings"
@@ -30,6 +31,36 @@ type UserSvc struct {
 	PassWord      string
 }
 
+// 获取用户信息（登录前）
+func (u *UserSvc) GetUserInfo(phone string) (userInfo entity.SystemUserInfo, err error) {
+	db, err := client.GetDbClient()
+	if err != nil {
+		return userInfo, resp.DbConnectError.ErrorDetail(err)
+	}
+	var userRole []entity.SystemUserInfo
+	//   查询用户
+	userModel := db.Table("system_user")
+	userModel.Join("LEFT", []string{"system_user_role", "sur"}, "sur.user_id = system_user.id")
+	userModel.Join("LEFT", []string{"system_role", "sr"}, "sur.role_id = sr.role_id")
+	userModel.Join("LEFT", []string{"system_organization", "so"}, "so.organization_id = system_user.organization_id")
+	userModel.Select("system_user.*,so.name as org_name")
+	if phone == "" {
+		userModel.Where("system_account = ?", u.SystemAccount)
+	} else {
+		userModel.Where("system_user.phone = ?", phone)
+	}
+	err = userModel.Where("system_user.state = 1").Find(&userRole)
+	if err != nil {
+		return userInfo, resp.DbSelectError.ErrorDetail(err)
+	}
+	if len(userRole) == 0 && phone == "" {
+		return userInfo, resp.FAIL.WithError(errors.New("该账户未启用,不能登录"))
+	} else if len(userRole) == 0 && phone != "" {
+		return userInfo, resp.FAIL.WithError(errors.New("手机号未注册！"))
+	}
+	return userInfo, nil
+}
+
 func (u *UserSvc) Login() (msg string, uuidStr string, last_login string, err error) {
 	db, err := client.GetDbClient()
 	if err != nil {
@@ -241,13 +272,13 @@ func (u *UserSvc) VerifyCaptcha(id, value string) (err error) {
 }
 
 // 用户锁定（此逻辑包含锁定规则以及锁定key）
-func (u *UserSvc) UserLock(systemId, pwd string, config *entity.SystemPreferenceConfig) (err error) {
+func (u *UserSvc) UserLock(userId int, pwd string, config *entity.SystemPreferenceConfig) (err error) {
 	r, err := client.GetRedisClient()
 	if err != nil {
 		return resp.RedisConnectError.ErrorDetail(err)
 	}
-	startLockKey := fmt.Sprintf("%s-%s", client.RULEKEY, systemId)
-	lockSystemKey := fmt.Sprintf("%s-%s", client.LOCKKEY, systemId)
+	startLockKey := fmt.Sprintf("%s-%v", client.RULEKEY, userId)
+	lockSystemKey := fmt.Sprintf("%s-%v", client.LOCKKEY, userId)
 	errorNum, err := r.Get(startLockKey)
 	if err != nil && err != redis.Nil {
 		conf.Logger.Error("获取密码插入次数失败", zap.Error(err))
@@ -280,27 +311,28 @@ func (u *UserSvc) UserLock(systemId, pwd string, config *entity.SystemPreference
 		}
 	}
 	// 判断是否输错密码
-	h := md5.New()
-	_, err = h.Write([]byte(strings.ToUpper(systemId + "-" + u.PassWord)))
+
+	incr, err := r.Incr(startLockKey)
 	if err != nil {
-		conf.Logger.Error("加密错误", zap.Error(err))
+		conf.Logger.Error("写入错误次数失败", zap.Error(err))
 		return err
 	}
-	upperMd5Pass := strings.ToUpper(hex.EncodeToString(h.Sum(nil)))
-	if upperMd5Pass != pwd {
-		incr, err := r.Incr(startLockKey)
+	conf.Logger.Info("当前错误次数为", zap.Int64("incr", incr))
+	if int(incr) >= config.LoginPwdError {
+		err = r.Set(lockSystemKey, 0, time.Duration(config.LoginLockTime)*time.Minute)
 		if err != nil {
-			conf.Logger.Error("写入错误次数失败", zap.Error(err))
 			return err
 		}
-		conf.Logger.Info("当前错误次数为", zap.Int64("incr", incr))
-		if int(incr) >= config.LoginPwdError {
-			err = r.Set(lockSystemKey, 0, time.Duration(config.LoginLockTime)*time.Minute)
-			if err != nil {
-				return err
-			}
-		}
-		return fmt.Errorf("请正确输入密码，连续%d次输错密码，账号将被锁定，还可重试%d次", incr, config.LoginPwdError-cast.ToInt(incr))
+	}
+	return fmt.Errorf("请正确输入密码，连续%d次输错密码，账号将被锁定，还可重试%d次", incr, config.LoginPwdError-cast.ToInt(incr))
+
+}
+
+func (u *UserSvc) UserUnLock(userId int) error {
+	startLockKey := fmt.Sprintf("%s-%v", client.RULEKEY, userId)
+	r, err := client.GetRedisClient()
+	if err != nil {
+		return resp.RedisConnectError.ErrorDetail(err)
 	}
 	// 密码正确 删除 锁定文件
 	if err := r.Del(startLockKey); err != nil {
@@ -309,3 +341,81 @@ func (u *UserSvc) UserLock(systemId, pwd string, config *entity.SystemPreference
 	}
 	return nil
 }
+
+// 登录
+func (u *UserSvc) LoginV2(userInfo entity.SystemUserInfo) (last_login_time, msg string, uuidStr string, err error) {
+	redisCli, err := client.GetRedisClient()
+	if err != nil {
+		return "", "", "", resp.RedisConnectError.ErrorDetail(err)
+	}
+	// TODO 用户数据、登录时间存入redis
+	last_login_time, uuidStr, err = u.SaveUserInfo(userInfo, redisCli)
+	if err != nil {
+		conf.Logger.Error("保存用户数据失败", zap.Error(err))
+		return "", "", "", resp.RedisExecError.ErrorDetail(err)
+	}
+	msg = "登录成功"
+	conf.Logger.Info("登录成功", zap.String("msg", msg))
+	//go func() {
+	//	// 最后心跳时间
+	//	finalHeartBeatMap := map[string]interface{}{
+	//		"final_heartbeat_unix": time.Now().UnixNano() / 1e6,
+	//		"final_heartbeat_flag": false,
+	//	}
+	//	finalHeartBeatByte, _ := json.Marshal(finalHeartBeatMap)
+	//	redisCli.HSet(conf.FinalHeartBeatUnixKey, userInfo.Id, string(finalHeartBeatByte))
+	//}()
+	return
+}
+
+// 保存用户信息
+func (u *UserSvc) SaveUserInfo(userInfo entity.SystemUserInfo, r client.Redis) (last_login, uuidStr string, err error) {
+	uu := uuid.NewV4()
+	uuidStr = uu.String()
+	//   存入redis
+	b, err := json.Marshal(userInfo)
+	op := SystemOptionsSvc{}
+	config, err := op.GetSystemOptions()
+	expireTime := time.Duration(config.SessionValidity)
+	if err != nil {
+		return "", "", err
+	}
+	err = r.Set(uuidStr, string(b), time.Minute*expireTime)
+	if err != nil {
+		conf.Logger.Error("保存用户数据失败", zap.Error(err))
+		return "", "", err
+	}
+
+	// 登录时间计录在map
+	loginMap := make(map[string]string, 0)
+	cont, _ := r.Get("LOGIN-TIME")
+	if cont != "" {
+		err = json.Unmarshal([]byte(cont), &loginMap)
+		if err != nil {
+			return "", "", err
+		}
+	}
+	now := time.Now().Format(conf.LocalDateTimeFormat)
+	if _, ok := loginMap[u.SystemAccount]; ok {
+		last_login = loginMap[u.SystemAccount]
+	} else {
+		last_login = now
+	}
+	loginMap[u.SystemAccount] = now
+	a, err := json.Marshal(loginMap)
+	if err != nil {
+		return "", "", err
+	}
+	err = r.Set("LOGIN-TIME", string(a), -1)
+	if err != nil {
+		conf.Logger.Error("登录失败", zap.Error(err))
+		return "", "", err
+	}
+	// 保存用户id以及token信息
+	err = r.LPush(strconv.Itoa(userInfo.Id), uuidStr)
+	if err != nil {
+		conf.Logger.Error("保存用户信息失败", zap.Error(err))
+		return "", "", err
+	}
+	return last_login, uuidStr, nil
+}

src/service/system_user.go

@@ -140,8 +140,16 @@ func (o *User) OrgAddUser(input request.OrgUserInput) error {
 			conf.Logger.Error("密码处理出错", zap.Error(err))
 			return nil, resp.DbInsertError.ErrorDetail(err)
 		}
-		_, err = s.Table("system_user").Where("id = ?", userModel.Id).Update(map[string]string{
-			"password": upperMd5Pass,
+		pwdLevel, err := util.GetPwdLevel(input.Password)
+		if err != nil {
+			conf.Logger.Error("密码处理出错", zap.Error(err))
+			return nil, resp.DbInsertError.ErrorDetail(err)
+		}
+		_, err = s.Table("system_user").Where("id = ?", userModel.Id).Update(map[string]interface{}{
+			"password":         upperMd5Pass,
+			"pwd_level":        pwdLevel,
+			"pwd_updated_time": jsontime.Time(time.Now()),
+			"pwd_force_status": 0,
 		})
 		if err != nil {
 			conf.Logger.Error("密码处理出错", zap.Error(err))
@@ -346,10 +354,18 @@ func SystemUserEditPassword(params request.SystemUserEditPasswordReq) (err error
 	if err != nil {
 		return
 	}
+	pwdLevel, err := util.GetPwdLevel(params.Password)
+	if err != nil {
+		return
+	}
 	SystemUser := entity.SystemUser{}
 	SystemUser.Password = password
+	SystemUser.PwdLevel = pwdLevel
+	SystemUser.PwdForceStatus = 0
+	SystemUser.PwdUpdatedTime = time.Now()
 
-	_, err = db.Where("id=?", oldSystemUser.Id).Where("is_deleted = 0").Update(&SystemUser)
+	_, err = db.Where("id=?", oldSystemUser.Id).Where("is_deleted = 0").Cols("password,pwd_level,pwd_force_status,pwd_updated_time").
+		Update(&SystemUser)
 	if err != nil {
 		conf.Logger.Error("修改系统账户失败", zap.Error(err))
 		err = resp.DbUpdateError.ErrorDetail(errors.New("修改系统账户失败"))
@@ -359,32 +375,40 @@ func SystemUserEditPassword(params request.SystemUserEditPasswordReq) (err error
 }
 
 // ResetSystemUserPassword 批量重置密码
-func ResetSystemUserPassword(params request.ResetSystemUserPasswordReq) (err error) {
+func ResetSystemUserPassword(params request.ResetSystemUserPasswordReq) error {
 	db, err := client.GetDbClient()
 	if err != nil {
 		err = resp.DbConnectError.ErrorDetail(err)
-		return
+		return err
 	}
 
 	str, EncryptErr := util.EncryptPwd(defaultPassword)
 	if EncryptErr != nil {
 		err = resp.DbUpdateError.ErrorDetail(err)
+		return err
 	}
 	for _, v := range params.Ids {
 		password, SolvePwdErr := SolvePassword(v, str)
 		if SolvePwdErr != nil {
 			return SolvePwdErr
 		}
-		updateData := entity.SystemUser{}
-		updateData.Password = password
-		_, err = db.Where("id=?", v).Update(&updateData)
+		pwdLevel, err := util.GetPwdLevel(password)
+		if err != nil {
+			return err
+		}
+		SystemUser := entity.SystemUser{}
+		SystemUser.Password = password
+		SystemUser.PwdLevel = pwdLevel
+		SystemUser.PwdForceStatus = 0
+		SystemUser.PwdUpdatedTime = time.Now()
+		_, err = db.Where("id=?", v).Cols("password,pwd_level,pwd_force_status,pwd_updated_time").Update(&SystemUser)
 		if err != nil {
 			conf.Logger.Error("重置账户密码失败", zap.Error(err))
 			err = resp.DbUpdateError.ErrorDetail(errors.New("重置账户密码失败"))
-			return
+			return err
 		}
 	}
-	return
+	return nil
 }
 
 // SolvePassword 密码处理

src/util/common.go

@@ -9,9 +9,13 @@
 package util
 
 import (
+	"errors"
+	"fmt"
+	"gitlab.wodcloud.com/smart-operation/so-operation-api/src/common/conf"
 	"net/http"
 	"regexp"
 	"strings"
+	"time"
 	"unsafe"
 
 	"github.com/Luzifer/go-openssl/v4"
@@ -41,6 +45,58 @@ func DecryptPwd(pwd string) (str string, err error) {
 	return string(dec), err
 }
 
+type StrReplaceStruct struct {
+	CapitalLetter    int `json:"capital_letter"`
+	LowercaseLetters int `json:"lowercase_letters"`
+	Number           int `json:"number"`
+	OtherString      int `json:"other_string"`
+}
+
+// 获取密码强度
+func GetPwdLevel(pwd string) (level int, err error) {
+	password, err := DecryptPwd(pwd)
+	if err != nil {
+		return 0, err
+	}
+	conf.Logger.Info(fmt.Sprintf("解析密码为: %s", password))
+	var (
+		groupCount int
+		arrayGroup []int
+	)
+	arrayGroup = append(arrayGroup, StrReplaceAllString(password).CapitalLetter, StrReplaceAllString(password).LowercaseLetters, StrReplaceAllString(password).Number, StrReplaceAllString(password).OtherString)
+	for _, v := range arrayGroup {
+		if v > 0 {
+			groupCount += 1
+		}
+	}
+	if groupCount == 0 {
+		return 0, errors.New("密码非法！")
+	} else if groupCount == 1 {
+		level = 1
+	} else if groupCount == 2 {
+		level = 2
+	} else if groupCount >= 3 {
+		level = 3
+	}
+	return level, nil
+}
+
+func StrReplaceAllString(s2 string) (strReplace StrReplaceStruct) {
+	for i := strReplace.OtherString; i < len(s2); i++ {
+		switch {
+		case 64 < s2[i] && s2[i] < 91:
+			strReplace.CapitalLetter += 1
+		case 96 < s2[i] && s2[i] < 123:
+			strReplace.LowercaseLetters += 1
+		case 47 < s2[i] && s2[i] < 58:
+			strReplace.Number += 1
+		default:
+			strReplace.OtherString += 1
+		}
+	}
+	return strReplace
+}
+
 func EncryptPwd(password string) (pwd string, err error) {
 	passphrase := "swuE9cmCZQwrkYRV"
 	ecs, err := OpenSslManager.EncryptBytes(passphrase, []byte(password), openssl.BytesToKeyMD5)
@@ -72,3 +128,26 @@ func SpecialEscape(keyword string) string {
 func Bytes2Str(b []byte) string {
 	return *(*string)(unsafe.Pointer(&b))
 }
+
+// 计算日期差(t1>t2)
+func SubDays(t1, t2 time.Time) (day int) {
+	swap := false
+	if t1.Unix() < t2.Unix() {
+		t_ := t1
+		t1 = t2
+		t2 = t_
+		swap = true
+	}
+	day = int(t1.Sub(t2).Hours() / 24)
+	// 计算在被24整除外的时间是否存在跨自然日
+	if int(t1.Sub(t2).Milliseconds())%86400000 > int(86400000-t2.Unix()%86400000) {
+		day += 1
+	}
+	if swap {
+		day = -day
+	}
+	if day < 0 {
+		day = 0
+	}
+	return
+}