pinganxiaoyuan/SafeCampus.API/SafeCampus.System/Services/Auth/Auth/AuthService.cs

// 








namespace SafeCampus.System.Services.Auth;

/// <inheritdoc cref="IAuthService"/>
public class AuthService : IAuthService
{
    private readonly ISimpleCacheService _simpleCacheService;
    private readonly IEventPublisher _eventPublisher;
    private readonly IConfigService _configService;
    private readonly ISysUserService _userService;
    private readonly ISysOrgService _sysOrgService;

    public AuthService(ISimpleCacheService simpleCacheService, IEventPublisher eventPublisher, IConfigService configService,
        ISysUserService userService, ISysOrgService sysOrgService)
    {
        _simpleCacheService = simpleCacheService;
        _eventPublisher = eventPublisher;
        _configService = configService;
        _userService = userService;
        _sysOrgService = sysOrgService;
    }

    /// <inheritdoc/>
    public async Task<PicValidCodeOutPut> GetCaptchaInfo()
    {
        var config = await _configService.GetByConfigKey(CateGoryConst.CONFIG_LOGIN_POLICY, SysConfigConst.LOGIN_CAPTCHA_TYPE);
        var captchaType = (CaptchaType)Enum.Parse(typeof(CaptchaType), config.ConfigValue);
        //生成验证码
        var captchaInfo = CaptchaUtil.CreateCaptcha(captchaType, 4, 100, 38);
        //生成请求号，并将验证码放入缓存
        var reqNo = AddValidCodeToRedis(captchaInfo.Code);
        //返回验证码和请求号
        return new PicValidCodeOutPut
        {
            ValidCodeBase64 = captchaInfo.Base64Str,
            ValidCodeReqNo = reqNo
        };
    }

    /// <inheritdoc/>
    public async Task<string> GetPhoneValidCode(GetPhoneValidCodeInput input, LoginClientTypeEnum loginClientType)
    {
        await ValidPhoneValidCode(input, loginClientType);//校验手机号验证码
        var phoneValidCode = RandomHelper.CreateNum(6);//生产随机数字;


        #region 发送短信和记录数据库等操作

        //这里为什么不封装阿里云或者腾讯云短信接口，是因为短信发送是一个通用功能，一般每个公司都有自己封装好的短信组件来适配各种项目,这里再封装一次显得多余了。
        //这里不建议在该系统中封装短信发送接口，当然后续如果确实有需要也会增加
        //这里执行发送短信验证码代码，这里先默认就是年月日
        phoneValidCode = DateTime.Now.ToString("yyMMdd");

        #endregion 发送短信和记录数据库等操作

        //生成请求号，并将验证码放入缓存
        var reqNo = AddValidCodeToRedis(phoneValidCode);
        return reqNo;
    }

    /// <inheritdoc/>
    public async Task<LoginOutPut> Login(LoginInput input, LoginClientTypeEnum loginClientType)
    {
        await CheckCaptcha(input);//检查验证码
        await CheckWebOpen(input);//检查网站是否开启
        var password = CryptogramUtil.Sm2Decrypt(input.Password);//SM2解密
        //获取多租户配置
        var isTenant = await _configService.IsTenant();
        //获取登录策略
        var loginPolicy = await _configService.GetConfigsByCategory(CateGoryConst.CONFIG_LOGIN_POLICY);
        await BeforeLogin(loginPolicy, input, isTenant);//登录前校验
        // 根据账号获取用户信息，根据B端或C端判断
        if (loginClientType == LoginClientTypeEnum.B)//如果是B端
        {
            var userInfo = await _userService.GetUserByAccount(input.Account, input.TenantId);//获取用户信息
            if (userInfo == null) throw Oops.Bah("用户不存在");//用户不存在
            if (userInfo.Password != password)
            {
                LoginError(loginPolicy, input, isTenant);//登录错误操作
                throw Oops.Bah("账号密码错误");//账号密码错误
            }
            var result = await ExecLoginB(userInfo, input.Device, loginClientType, input.TenantId);// 执行B端登录
            return result;
        }
        //执行c端登录
        return null;
    }

    /// <inheritdoc/>
    public async Task<LoginOutPut> LoginByPhone(LoginByPhoneInput input, LoginClientTypeEnum loginClientType)
    {
        await ValidPhoneValidCode(input, loginClientType, false);//校验手机号和验证码，这里不删除Redis，防止输入错误又要重新输入验证码
        // 根据手机号获取用户信息，根据B端或C端判断
        if (loginClientType == LoginClientTypeEnum.B)//如果是B端
        {
            var userInfo = await _userService.GetUserByPhone(input.Phone);//获取信息
            if (userInfo == null) throw Oops.Bah("用户不存在");//用户不存在
            var result = await ExecLoginB(userInfo, input.Device, loginClientType, input.TenantId);// 执行B端登录
            RemoveValidCodeFromRedis(input.ValidCodeReqNo);//删除验证码
            return result;
        }
        //执行c端登录
        return null;
    }

    /// <inheritdoc/>
    public async Task LoginOut(string token, LoginClientTypeEnum loginClientType)
    {
        //获取用户信息
        var userinfo = await _userService.GetUserByAccount(UserManager.UserAccount, UserManager.TenantId);
        if (userinfo != null)
        {
            var loginEvent = new LoginEvent
            {
                Ip = App.HttpContext.GetRemoteIpAddressToIPv4(),
                SysUser = userinfo,
                Token = token
            };
            RemoveTokenFromRedis(loginEvent, loginClientType);//移除token
            //发布登出事件总线
            await _eventPublisher.PublishAsync(EventSubscriberConst.LOGIN_OUT_B, loginEvent);
        }
    }

    /// <inheritdoc/>
    public async Task<LoginUserOutput> GetLoginUser()
    {
        var userInfo = await _userService.GetUserByAccount(UserManager.UserAccount, UserManager.TenantId);//根据账号获取用户信息
        if (userInfo != null)
        {
            userInfo.Avatar = await _userService.GetUserAvatar(userInfo.Id);//获取头像
            return userInfo.Adapt<LoginUserOutput>();
        }
        return null;
    }

    #region 方法

    /// <summary>
    /// 检查验证码
    /// </summary>
    /// <param name="input"></param>
    /// <exception cref="AppFriendlyException"></exception>
    public async Task CheckCaptcha(LoginInput input)
    {
        //判断是否有验证码
        var sysBase = await _configService.GetByConfigKey(CateGoryConst.CONFIG_LOGIN_POLICY, SysConfigConst.LOGIN_CAPTCHA_OPEN);
        if (sysBase != null)//如果有这个配置项
        {
            if (sysBase.ConfigValue.ToBoolean())//如果需要验证码
            {
                //如果没填验证码，提示验证码不能为空
                if (string.IsNullOrEmpty(input.ValidCode) || string.IsNullOrEmpty(input.ValidCodeReqNo))
                    throw Oops.Bah("验证码不能为空").StatusCode(410);
                ValidValidCode(input.ValidCode, input.ValidCodeReqNo);//校验验证码
            }
        }
    }

    /// <summary>
    /// 检查网站是否开启
    /// </summary>
    /// <param name="input"></param>
    /// <exception cref="AppFriendlyException"></exception>
    public async Task CheckWebOpen(LoginInput input)
    {
        //判断是否开启web访问
        var webStatus = await _configService.GetByConfigKey(CateGoryConst.CONFIG_SYS_BASE, SysConfigConst.SYS_WEB_STATUS);
        if (webStatus != null && webStatus.ConfigValue == CommonStatusConst.DISABLED
            && input.Account.ToLower() != SysRoleConst.SUPER_ADMIN.ToLower())//如果禁用了网站并且不是超级管理员
        {
            var closePrompt = await _configService.GetByConfigKey(CateGoryConst.CONFIG_SYS_BASE, SysConfigConst.SYS_WEB_CLOSE_PROMPT);
            throw Oops.Bah(closePrompt.ConfigValue);
        }
    }

    /// <summary>
    /// 登录之前执行的方法
    /// </summary>
    /// <param name="loginPolicy"></param>
    /// <param name="input"></param>
    /// <param name="isTenant"></param>
    public async Task BeforeLogin(List<SysConfig> loginPolicy, LoginInput input, bool isTenant)
    {
        var lockTime = loginPolicy.First(x => x.ConfigKey == SysConfigConst.LOGIN_ERROR_LOCK).ConfigValue.ToInt();//获取锁定时间
        var errorCount = loginPolicy.First(x => x.ConfigKey == SysConfigConst.LOGIN_ERROR_COUNT).ConfigValue.ToInt();//获取错误次数
        var key = SystemConst.CACHE_LOGIN_ERROR_COUNT;//获取登录错误次数Key值
        //如果是关闭多租户则直接用账号
        if (!isTenant)
            key += input.Account;
        else
        {
            //如果租户ID为空表示用域名登录
            if (input.TenantId == null)
            {
                //获取域名
                var origin = App.HttpContext.Request.Headers["Origin"].ToString();
                // 如果Origin头不存在，可以尝试使用Referer头作为备选
                if (string.IsNullOrEmpty(origin))
                    origin = App.HttpContext.Request.Headers["Referer"].ToString();
                //根据域名获取二级域名
                var domain = origin.Split("//")[1].Split(".")[0];
                //根据二级域名获取租户
                var tenantList = await _sysOrgService.GetTenantList();
                var tenant = tenantList.FirstOrDefault(x => x.Code.ToLower() == domain);//获取租户默认是机构编码
                if (tenant != null)
                    input.TenantId = tenant.Id;
                else
                    throw Oops.Bah("租户不存在");
            }
            //如果是手动选择多租户则用账号+租户
            key += $"{input.TenantId}:{input.Account}";
        }
        var errorCountCache = _simpleCacheService.Get<int>(key);//获取登录错误次数
        if (errorCountCache >= errorCount)
        {
            _simpleCacheService.SetExpire(key, TimeSpan.FromMinutes(lockTime));//设置缓存
            throw Oops.Bah($"密码错误次数过多，请{lockTime}分钟后再试");
        }
    }

    /// <summary>
    /// 登录错误操作
    /// </summary>
    /// <param name="loginPolicy"></param>
    /// <param name="input"></param>
    /// <param name="isTenant"></param>
    public void LoginError(List<SysConfig> loginPolicy, LoginInput input, bool isTenant)
    {
        var resetTime = loginPolicy.First(x => x.ConfigKey == SysConfigConst.LOGIN_ERROR_RESET_TIME).ConfigValue.ToInt();//获取重置时间
        var key = SystemConst.CACHE_LOGIN_ERROR_COUNT;//获取登录错误次数Key值
        //如果是关闭多租户则直接用账号
        if (!isTenant)
            key += input.Account;
        else
        {
            //如果是手动选择多租户则用账号+租户
            key += $"{input.TenantId}:{input.Account}";
        }
        _simpleCacheService.Increment(key, 1);// 登录错误次数+1
        _simpleCacheService.SetExpire(key, TimeSpan.FromMinutes(resetTime));//设置过期时间
    }

    /// <summary>
    /// 校验验证码方法
    /// </summary>
    /// <param name="validCode">验证码</param>
    /// <param name="validCodeReqNo">请求号</param>
    /// <param name="isDelete">是否从Redis删除</param>
    public void ValidValidCode(string validCode, string validCodeReqNo, bool isDelete = true)
    {
        var key = SystemConst.CACHE_CAPTCHA + validCodeReqNo;//获取验证码Key值
        var code = _simpleCacheService.Get<string>(key);//从缓存拿数据
        if (isDelete) RemoveValidCodeFromRedis(validCodeReqNo);//如果需要删除验证码
        if (code != null && validCode != null)//如果有
        {
            //验证码如果不匹配直接抛错误，这里忽略大小写
            if (validCode.ToLower() != code.ToLower()) throw Oops.Bah("验证码错误");
        }
        else
        {
            throw Oops.Bah("验证码不能为空");//抛出验证码不能为空
        }
    }

    /// <summary>
    /// 从Redis中删除验证码
    /// </summary>
    /// <param name="validCodeReqNo"></param>
    public void RemoveValidCodeFromRedis(string validCodeReqNo)
    {
        var key = SystemConst.CACHE_CAPTCHA + validCodeReqNo;//获取验证码Key值
        _simpleCacheService.Remove(key);//删除验证码
    }

    /// <summary>
    /// 校验手机验证码
    /// </summary>
    /// <param name="input">输入参数</param>
    /// <param name="loginClientType">登录端类型</param>
    /// <param name="isDelete">是否删除</param>
    /// <returns></returns>
    public async Task ValidPhoneValidCode(GetPhoneValidCodeInput input, LoginClientTypeEnum loginClientType, bool isDelete = true)
    {
        ValidValidCode(input.ValidCode, input.ValidCodeReqNo, isDelete);//校验验证码
        if (loginClientType == LoginClientTypeEnum.B)//B端登录
        {
            var userId = await _userService.GetIdByPhone(input.Phone);//获取用户名
            if (userId == 0)
            {
                throw Oops.Bah("手机号不存在");//手机号不存在
            }
        }
        else
        {
            //校验C段用户手机号
            throw Oops.Bah("手机号不存在");//抛出验证码不能为空
        }
    }

    /// <summary>
    /// 添加验证码到缓存
    /// </summary>
    /// <param name="code">验证码</param>
    /// <param name="expire">过期时间</param>
    /// <returns>验证码请求号</returns>
    public string AddValidCodeToRedis(string code, int expire = 5)
    {
        //生成请求号
        var reqNo = CommonUtils.GetSingleId().ToString();
        //插入缓存
        _simpleCacheService.Set(SystemConst.CACHE_CAPTCHA + reqNo, code, TimeSpan.FromMinutes(expire));
        return reqNo;
    }

    /// <summary>
    /// 执行B端登录
    /// </summary>
    /// <param name="sysUser">用户信息</param>
    /// <param name="device">登录设备</param>
    /// <param name="loginClientType">登录类型</param>
    /// <param name="tenantId">租户id</param>
    /// <returns></returns>
    public async Task<LoginOutPut> ExecLoginB(SysUser sysUser, AuthDeviceTypeEnum device, LoginClientTypeEnum loginClientType,
        long? tenantId)
    {
        if (sysUser.Status == CommonStatusConst.DISABLED)
            throw Oops.Bah("账号已停用");//账号冻结
        if (sysUser.ModuleList.Count == 0) throw Oops.Bah("该账号未分配模块,请联系管理员");//没有分配菜单权限
        var org = await _sysOrgService.GetSysOrgById(sysUser.OrgId);//获取机构
        if (org.Status == CommonStatusConst.DISABLED) throw Oops.Bah("所属公司/部门已停用,请联系管理员");//机构冻结
        //生成Token
        var accessToken = JWTEncryption.Encrypt(new Dictionary<string, object>
        {
            {
                ClaimConst.USER_ID, sysUser.Id
            },
            {
                ClaimConst.ACCOUNT, sysUser.Account
            },
            {
                ClaimConst.NAME, sysUser.Name
            },
            {
                ClaimConst.IS_SUPER_ADMIN, sysUser.RoleCodeList.Contains(SysRoleConst.SUPER_ADMIN)
            },
            {
                ClaimConst.ORG_ID, sysUser.OrgId
            },
            {
                ClaimConst.TENANT_ID, tenantId
            }
        });
        var expire = App.GetConfig<int>("JWTSettings:ExpiredTime");//获取过期时间(分钟)
        // 生成刷新Token令牌
        var refreshToken = JWTEncryption.GenerateRefreshToken(accessToken, expire * 2);
        // 设置Swagger自动登录
        App.HttpContext.SigninToSwagger(accessToken);
        // 设置响应报文头
        App.HttpContext.SetTokensOfResponseHeaders(accessToken, refreshToken);
        //登录事件参数
        var loginEvent = new LoginEvent
        {
            Ip = App.HttpContext.GetRemoteIpAddressToIPv4(),
            Device = device,
            Expire = expire,
            SysUser = sysUser,
            Token = accessToken
        };
        await WriteTokenToRedis(loginEvent, loginClientType);//写入token到缓存
        await _eventPublisher.PublishAsync(EventSubscriberConst.LOGIN_B, loginEvent);//发布登录事件总线
        //返回结果
        return new LoginOutPut
        {
            Token = accessToken,
            Account = sysUser.Account,
            Name = sysUser.Name,
            DefaultModule = sysUser.DefaultModule,
            ModuleList = sysUser.ModuleList
        };
    }

    /// <summary>
    /// 写入用户token到缓存
    /// </summary>
    /// <param name="loginEvent">登录事件参数</param>
    /// <param name="loginClientType">登录类型</param>
    private async Task WriteTokenToRedis(LoginEvent loginEvent, LoginClientTypeEnum loginClientType)
    {
        //获取token列表
        var tokenInfos = GetTokenInfos(loginEvent.SysUser.Id);
        var tokenTimeout = loginEvent.DateTime.AddMinutes(loginEvent.Expire);
        //生成token信息
        var tokenInfo = new TokenInfo
        {
            Device = loginEvent.Device.ToString(),
            Expire = loginEvent.Expire,
            TokenTimeout = tokenTimeout,
            LoginClientType = loginClientType,
            Token = loginEvent.Token
        };
        //如果缓存有数据
        if (tokenInfos != null)
        {
            var isSingle = false;//默认不开启单用户登录
            var singleConfig = await _configService.GetByConfigKey(CateGoryConst.CONFIG_LOGIN_POLICY, SysConfigConst.LOGIN_SINGLE_OPEN);//获取系统单用户登录选项
            if (singleConfig != null)
                isSingle = singleConfig.ConfigValue.ToBoolean();//如果配置不为空则设置单用户登录选项为系统配置的值
            //判断是否单用户登录
            if (isSingle)
            {
                await SingleLogin(loginEvent.SysUser.Id.ToString(), tokenInfos.Where(it => it.LoginClientType == loginClientType).ToList());//单用户登录方法
                tokenInfos = tokenInfos.Where(it => it.LoginClientType != loginClientType).ToList();//去掉当前登录类型的token
                tokenInfos.Add(tokenInfo);//添加到列表
            }
            else
            {
                tokenInfos.Add(tokenInfo);
            }
        }
        else
        {
            tokenInfos = new List<TokenInfo>
            {
                tokenInfo
            };//直接就一个
        }

        //添加到token列表
        _simpleCacheService.HashAdd(CacheConst.CACHE_USER_TOKEN, loginEvent.SysUser.Id.ToString(), tokenInfos);
    }

    /// <summary>
    /// 缓存删除用户token
    /// </summary>
    /// <param name="loginEvent">登录事件参数</param>
    /// <param name="loginClientType">登录类型</param>
    private void RemoveTokenFromRedis(LoginEvent loginEvent, LoginClientTypeEnum loginClientType)
    {
        //获取token列表
        var tokenInfos = GetTokenInfos(loginEvent.SysUser.Id);
        if (tokenInfos != null)
        {
            //获取当前用户的token
            var token = tokenInfos.Where(it => it.Token == loginEvent.Token && it.LoginClientType == loginClientType).FirstOrDefault();
            if (token != null)
                tokenInfos.Remove(token);
            if (tokenInfos.Count > 0)
            {
                //更新token列表
                _simpleCacheService.HashAdd(CacheConst.CACHE_USER_TOKEN, loginEvent.SysUser.Id.ToString(), tokenInfos);
            }
            else
            {
                //从列表中删除
                _simpleCacheService.HashDel<List<TokenInfo>>(CacheConst.CACHE_USER_TOKEN, loginEvent.SysUser.Id.ToString());
            }
        }
    }

    /// <summary>
    /// 获取用户token列表
    /// </summary>
    /// <param name="userId">用户ID</param>
    /// <returns>token列表</returns>
    private List<TokenInfo> GetTokenInfos(long userId)
    {
        //缓存获取用户token列表
        var tokenInfos = _simpleCacheService.HashGetOne<List<TokenInfo>>(CacheConst.CACHE_USER_TOKEN, userId.ToString());
        if (tokenInfos != null)
        {
            tokenInfos = tokenInfos.Where(it => it.TokenTimeout > DateTime.Now).ToList();//去掉登录超时的
        }
        return tokenInfos;
    }

    /// <summary>
    /// 单用户登录通知用户下线
    /// </summary>
    /// <param name="userId">用户ID</param>
    /// <param name="tokenInfos">Token列表</param>
    private async Task SingleLogin(string userId, List<TokenInfo> tokenInfos)
    {
        await _eventPublisher.PublishAsync(EventSubscriberConst.USER_LOGIN_OUT, new UserLoginOutEvent
        {
            Message = "您的账号已在别处登录!",
            TokenInfos = tokenInfos,
            UserId = userId
        });//通知用户下线
    }

    #endregion 方法
}