feat:新增登录密码错误次数限制及账号解锁功能

fix:修复已知bug

Author: insistence

dash-fastapi-backend/module_admin/controller/log_controller.py

@@ -134,6 +134,22 @@ async def clear_system_login_log(request: Request, clear_login_log: ClearLoginLo
         return response_500(data="", message=str(e))
 
 
+@logController.post("/login/unlock", response_model=CrudLogResponse, dependencies=[Depends(CheckUserInterfaceAuth('monitor:logininfor:remove'))])
+@log_decorator(title='登录日志管理', business_type=9)
+async def clear_system_login_log(request: Request, unlock_user: UnlockUser, query_db: Session = Depends(get_db)):
+    try:
+        unlock_user_result = await LoginLogService.unlock_user_services(request, unlock_user)
+        if unlock_user_result.is_success:
+            logger.info(unlock_user_result.message)
+            return response_200(data=unlock_user_result, message=unlock_user_result.message)
+        else:
+            logger.warning(unlock_user_result.message)
+            return response_400(data="", message=unlock_user_result.message)
+    except Exception as e:
+        logger.exception(e)
+        return response_500(data="", message=str(e))
+
+
 @logController.post("/login/export", dependencies=[Depends(CheckUserInterfaceAuth('monitor:logininfor:export'))])
 @log_decorator(title='登录日志管理', business_type=5)
 async def export_system_login_log_list(request: Request, login_log_query: LoginLogQueryModel, query_db: Session = Depends(get_db)):

dash-fastapi-backend/module_admin/controller/login_controller.py

@@ -19,7 +19,7 @@
 async def login(request: Request, user: UserLogin, query_db: Session = Depends(get_db)):
     try:
         result = await authenticate_user(request, query_db, user)
-        if result in ['用户不存在', '密码错误', '用户已停用', '验证码已失效', '验证码错误']:
+        if result in ['用户不存在', '密码错误', '用户已停用', '验证码已失效', '验证码错误', '账号已锁定，请稍后再试', '10分钟内密码已输错超过5次，账号已锁定，请10分钟后再试']:
             logger.warning(result)
             return response_400(data="", message=result)
 

dash-fastapi-backend/module_admin/entity/vo/log_vo.py

@@ -128,6 +128,13 @@ class ClearLoginLogModel(BaseModel):
     oper_type: str
 
 
+class UnlockUser(BaseModel):
+    """
+    解锁用户模型
+    """
+    user_name: str
+
+
 class CrudLogResponse(BaseModel):
     """
     操作各类日志响应模型

dash-fastapi-backend/module_admin/service/log_service.py

@@ -221,6 +221,16 @@ def clear_login_log_services(cls, result_db: Session, page_object: ClearLoginLog
 
         return CrudLogResponse(**result)
 
+    @classmethod
+    async def unlock_user_services(cls, request: Request, unlock_user: UnlockUser):
+        locked_user = await request.app.state.redis.get(f"account_lock:{unlock_user.user_name}")
+        if locked_user:
+            await request.app.state.redis.delete(f"account_lock:{unlock_user.user_name}")
+            result = dict(is_success=True, message='解锁成功')
+        else:
+            result = dict(is_success=False, message='该用户未锁定')
+        return CrudLogResponse(**result)
+
     @staticmethod
     def export_login_log_list_services(login_log_list: List):
         """

dash-fastapi-backend/module_admin/service/login_service.py

@@ -107,18 +107,32 @@ async def authenticate_user(request: Request, query_db: Session, login_user: Use
     :param login_user: 登录用户对象
     :return: 校验结果
     """
-    user = login_by_account(query_db, login_user.user_name)
+    account_lock = await request.app.state.redis.get(f"account_lock:{login_user.user_name}")
+    if login_user.user_name == account_lock:
+        return '账号已锁定，请稍后再试'
     captcha_value = await request.app.state.redis.get(f'captcha_codes:{login_user.session_id}')
     if not captcha_value:
         return '验证码已失效'
     if login_user.captcha != str(captcha_value):
         return '验证码错误'
+    user = login_by_account(query_db, login_user.user_name)
     if not user[0]:
         return '用户不存在'
     if not verify_password(login_user.password, user[0].password):
+        cache_password_error_count = await request.app.state.redis.get(f"password_error_count:{login_user.user_name}")
+        password_error_counted = 0
+        if cache_password_error_count:
+            password_error_counted = cache_password_error_count
+        password_error_count = int(password_error_counted) + 1
+        await request.app.state.redis.set(f"password_error_count:{login_user.user_name}", password_error_count, ex=timedelta(minutes=10))
+        if password_error_count > 5:
+            await request.app.state.redis.delete(f"password_error_count:{login_user.user_name}")
+            await request.app.state.redis.set(f"account_lock:{login_user.user_name}", login_user.user_name, ex=timedelta(minutes=10))
+            return '10分钟内密码已输错超过5次，账号已锁定，请10分钟后再试'
         return '密码错误'
     if user[0].status == '1':
         return '用户已停用'
+    await request.app.state.redis.delete(f"password_error_count:{login_user.user_name}")
     return user
 
 

dash-fastapi-frontend/api/log.py

@@ -41,6 +41,11 @@ def clear_login_log_api(page_obj: dict):
     return api_request(method='post', url='/system/log/login/clear', is_headers=True, json=page_obj)
 
 
+def unlock_user_api(page_obj: dict):
+
+    return api_request(method='post', url='/system/log/login/unlock', is_headers=True, json=page_obj)
+
+
 def export_login_log_list_api(page_obj: dict):
 
     return api_request(method='post', url='/system/log/login/export', is_headers=True, json=page_obj, stream=True)

dash-fastapi-frontend/callbacks/monitor_c/logininfor_c.py

@@ -7,7 +7,7 @@
 import feffery_utils_components as fuc
 
 from server import app
-from api.log import get_login_log_list_api, delete_login_log_api, clear_login_log_api, export_login_log_list_api
+from api.log import get_login_log_list_api, delete_login_log_api, clear_login_log_api, unlock_user_api, export_login_log_list_api
 
 
 @app.callback(
@@ -246,3 +246,29 @@ def reset_login_log_export_status(data):
         return None
 
     return dash.no_update
+
+
+@app.callback(
+    [Output('api-check-token', 'data', allow_duplicate=True),
+     Output('global-message-container', 'children', allow_duplicate=True)],
+    Input('login_log-unlock', 'nClicks'),
+    State('login_log-list-table', 'selectedRows'),
+    prevent_initial_call=True
+)
+def unlock_user(unlock_click, selected_rows):
+    if unlock_click:
+        user_name = selected_rows[0].get('user_name')
+        unlock_info_res = unlock_user_api(dict(user_name=user_name))
+        if unlock_info_res.get('code') == 200:
+
+            return [
+                {'timestamp': time.time()},
+                fuc.FefferyFancyMessage('解锁成功', type='success')
+            ]
+
+        return [
+            {'timestamp': time.time()},
+            fuc.FefferyFancyMessage('解锁失败', type='error')
+        ]
+
+    return [dash.no_update] * 2

dash-fastapi-frontend/config/global_config.py

@@ -15,7 +15,7 @@ class RouterConfig:
     ]
 
     # 静态路由列表
-    STATIC_VALID_PATHNAME = ['/', '/user/profile']
+    STATIC_VALID_PATHNAME = ['/', '/login', '/forget', '/user/profile']
 
 
 class ApiBaseUrlConfig: