XCKJ
/
510k
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

添加登录时间验证

master
he 2024-12-06 10:01:11 +08:00
parent 80cc05ebac
commit 1e2fa384ca
1 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
IRaCIS.Core.Application/Service/Management/UserService.cs
View File

@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Options;
using Microsoft.Extensions.Caching.Memory;
using Microsoft.Extensions.Logging;
using static IRaCIS.Core.Domain.Share.StaticData;
namespace IRaCIS.Application.Services
{
@ -614,11 +615,41 @@ namespace IRaCIS.Application.Services
{
var userLoginReturnModel = new LoginReturnDTO();
#region 错误验证
// 生成缓存键
string cacheKey = userName+"LoginError";
int lockoutMinutes = 30;
int maxFailures = 5;
// 从缓存中获取登录失败次数
int? failCount = (int?)_cache.Get(cacheKey);
if (failCount == null)
{
failCount = 0;
}
//每次登录 都重置缓存时间
_cache.Set(cacheKey, failCount, TimeSpan.FromMinutes(lockoutMinutes));
if (failCount >= maxFailures)
{
string error = $"The password has been entered incorrectly {maxFailures} times consecutively. Your account has been locked and you are required to wait for {lockoutMinutes} minutes before attempting to log in again.";
//$"密码连续错误{maxFailures}次,当前账号已被限制登录,请等待 {lockoutMinutes} 分钟后再试。"
throw new BusinessValidationFailedException(error);
}
#endregion
var loginUser = await _userRepository.Where(u => EF.Functions.Collate(u.UserName, "SQL_Latin1_General_CP1_CS_AS") == userName && u.Password == password).ProjectTo<UserBasicInfo>(_mapper.ConfigurationProvider).FirstOrDefaultAsync();
if (loginUser == null)
{
failCount++;
_cache.Set(cacheKey, failCount, TimeSpan.FromMinutes(lockoutMinutes));
//此处下面 代码 为了支持医生也能登录 而且前端不加选择到底是管理用户 还是医生用户 奇怪的需求 无法理解
var loginDoctor = await _doctorRepository.Where(u => u.Phone == userName && u.Password == password).ProjectTo<UserBasicInfo>(_mapper.ConfigurationProvider).FirstOrDefaultAsync();