调整策略

a654d4b1 · 董建华 · 89d22a29 · a654d4b1 · a654d4b1 · a654d4b1
Commit a654d4b1 authored Nov 26, 2020 by 董建华
3 changed files
--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/LoginInterceptorAspect.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/LoginInterceptorAspect.java
@@ -101,6 +101,7 @@ public class LoginInterceptorAspect {
             */
            deviceId = DEFAULT_CODE;
        }
+        Device device = Device.valueOfCode(deviceCode);
        LoginRefuseResult result = verification(scDeviceId, phone);
@@ -118,7 +119,7 @@ public class LoginInterceptorAspect {
            /**
             * 保存登录信息
             */
-            saveLoginInfo(phone, deviceCode, deviceId, realIp, result, loginResult);
+            saveLoginInfo(phone, device, deviceId, realIp, result, loginResult);
        }
        return loginResult;
    }
@@ -128,7 +129,7 @@ public class LoginInterceptorAspect {
     * @param phone
     * @return
     */
-    private LoginRefuseResult verification(String deviceId, String phone) {
+    private LoginRefuseResult verification(String deviceId, String phone, Device device) {
        try {
            /**
             * 默认code不需要
@@ -149,61 +150,52 @@ public class LoginInterceptorAspect {
            Long deviceNum = loginInfoRepository.countByDeviceId(deviceId);
            if (DEVICE_REFUSE_COUNT.compareTo(deviceNum) <= 0) {
-                if (isWhite(deviceId, KeyType.DEVICEID)) {
+                if (!isWhite(deviceId, KeyType.DEVICEID)) {
-                    log.warn("此设备登录命中拒绝策略,但是在白名单deviceId:{}", deviceId, deviceNum);
+                    log.warn("此设备登录命中拒绝策略deviceId:{}超过{}个拒绝登录", deviceId, deviceNum);
                    return LoginRefuseResult.builder()
-                            .isPass(Boolean.TRUE)
+                            .isPass(Boolean.FALSE)
+                            .rule(RISK_STRATEGY[0])
+                            .threshold(DEVICE_REFUSE_COUNT.intValue())
+                            .value(deviceNum.intValue())
                            .build();
                }
-                log.warn("此设备登录命中拒绝策略deviceId:{}超过{}个拒绝登录", deviceId, deviceNum);
-                return LoginRefuseResult.builder()
-                        .isPass(Boolean.FALSE)
-                        .rule(RISK_STRATEGY[0])
-                        .threshold(DEVICE_REFUSE_COUNT.intValue())
-                        .value(deviceNum.intValue())
-                        .build();
            }
-            List<CountDevice> countDevices = loginInfoRepository.countByPhoneAndDevice(phone);
+            CountDevice countDevice = loginInfoRepository.countByPhoneAndDevice(phone, device.ordinal());
-            if (CollectionUtils.isEmpty(countDevices)) {
+            if (null == countDevice) {
                return LoginRefuseResult.builder()
                        .isPass(Boolean.TRUE)
                        .build();
            }
            /**
-             * 总数
+             * 阈值
             */
-//            long sum = countDevices.stream().mapToLong(CountDevice::getNum).sum();
+            Long threshold = DEVICE_REFUSE_STRATEGY.get(device);
-            Set<Map.Entry<Device, Long>> entries = DEVICE_REFUSE_STRATEGY.entrySet();
-            for (Map.Entry<Device, Long> entry : entries) {
+            if (null == threshold) {
+                log.warn("非安卓或者IOS设备登录没有策略就放过phone:{},device:{}", phone, device);
-                Long threshold = entry.getValue();
+                return LoginRefuseResult.builder()
+                        .isPass(Boolean.TRUE).build();
-                Optional<CountDevice> anyOp = countDevices.stream()
+            }
-                        .filter(d -> d.getDevice() == entry.getKey())
-                        .findAny();
-                Long num = 0L;
+            /**
+             * 实际的数量
+             */
+            Long val = countDevice.getNum();
-                if(anyOp.isPresent()){
+            if (threshold.compareTo(val) <= 0) {
-                    CountDevice countDevice = anyOp.get();
+                if (!isWhite(phone, KeyType.PHONE)) {
-                    num = countDevice.getNum();
+                    log.warn("此账户登录命中拒绝策略并且没有白名单phone:{},device:{}", phone, device);
-                }
+                    return LoginRefuseResult.builder()
-                if (threshold.compareTo(num) <= 0) {
+                            .isPass(Boolean.FALSE)
-                    if (!isWhite(phone, KeyType.PHONE)) {
+                            .rule(RISK_STRATEGY[1])
-                        log.warn("此账户登录命中拒绝策略并且没有白名单phone:{},device", phone);
+                            .threshold(threshold.intValue())
-                        return LoginRefuseResult.builder()
+                            .value(Long.valueOf(val).intValue())
-                                .isPass(Boolean.FALSE)
+                            .build();
-                                .rule(RISK_STRATEGY[1])
-                                .threshold(threshold.intValue())
-                                .value(Long.valueOf(num).intValue())
-                                .build();
-                    }
-                    log.warn("此账户登录命中拒绝策略存在白名单phone:{}", phone);
                }
+                log.warn("此账户登录命中拒绝策略存在白名单phone:{}", phone);
            }
        } catch (Exception e) {
            log.error("用户登录策略校验异常了", e);
@@ -217,11 +209,11 @@ public class LoginInterceptorAspect {
     * 保存信息
     *
     * @param phone
-     * @param deviceCode
+     * @param device
     * @param deviceId
     * @param ip
     */
-    private void saveLoginInfo(String phone, String deviceCode, String deviceId, String ip, LoginRefuseResult refuseResult, Object loginResult) {
+    private void saveLoginInfo(String phone, Device device, String deviceId, String ip, LoginRefuseResult refuseResult, Object loginResult) {
        try {
            /**
             * 默认code不需要
@@ -234,7 +226,6 @@ public class LoginInterceptorAspect {
                log.warn("没有手机号先不存了");
                return;
            }
-            Device device = Device.valueOfCode(deviceCode);
            LoginInfo info = new LoginInfo();
@@ -256,6 +247,7 @@ public class LoginInterceptorAspect {
            }
            if (null == loginResult) {
                info.setIsLogin(Boolean.FALSE);
+                info.setLoginFailMsg("系统异常");
            } else {
                if (loginResult instanceof JsonResult) {
                    if (((JsonResult) loginResult).isSuccess()) {

--- a/src/main/java/cn/quantgroup/xyqb/entity/CountDevice.java
+++ b/src/main/java/cn/quantgroup/xyqb/entity/CountDevice.java
@@ -17,7 +17,7 @@ import javax.persistence.*;
        {
                @NamedNativeQuery(
                        name = "LoginInfo.countByPhoneAndDevice",
-                        query = "select count(DISTINCT device_id) num ,device from  login_info where phone_no=?1 and  created_at > DATE_ADD(CURRENT_TIMESTAMP(),INTERVAL -90 DAY)  group by device",
+                        query = "select count(DISTINCT device_id) num ,device from  login_info where phone_no=?1 and device =?2 and  created_at > DATE_ADD(CURRENT_TIMESTAMP(),INTERVAL -90 DAY)  group by device",
                        resultClass = CountDevice.class
                )
        }

--- a/src/main/java/cn/quantgroup/xyqb/repository/LoginInfoRepository.java
+++ b/src/main/java/cn/quantgroup/xyqb/repository/LoginInfoRepository.java
@@ -27,7 +27,7 @@ public interface LoginInfoRepository extends JpaRepository<LoginInfo, Long> {
     * @return
     */
 //    @Query(value = "select count(1) ,device from  login_info where phone_no=?1 and  last_login_at> DATE_ADD(CURRENT_TIMESTAMP(),INTERVAL -90 DAY  group by device", nativeQuery = true)
-    List<CountDevice> countByPhoneAndDevice(String phone);
+     CountDevice countByPhoneAndDevice(String phone,int device);
    /**
     * 查询有没有(手机+设备唯一)