👍 优化后台登录逻辑

src/main/java/cc/ryanc/halo/repository/UserRepository.java

@@ -3,8 +3,6 @@ package cc.ryanc.halo.repository;
 import cc.ryanc.halo.model.domain.User;
 import org.springframework.data.jpa.repository.JpaRepository;
 
-import java.util.List;
-
 /**
  * @author : RYAN0UP
  * @date : 2017/11/14
@@ -19,7 +17,7 @@ public interface UserRepository extends JpaRepository<User,Long>{
      * @param userPass userPass
      * @return list
      */
-    List<User> findByUserNameAndUserPass(String userName, String userPass);
+    User findByUserNameAndUserPass(String userName, String userPass);
 
     /**
      * 根据邮箱和密码查询
@@ -28,7 +26,7 @@ public interface UserRepository extends JpaRepository<User,Long>{
      * @param userPass userPass
      * @return list
      */
-    List<User> findByUserEmailAndUserPass(String userEmail,String userPass);
+    User findByUserEmailAndUserPass(String userEmail,String userPass);
 
     /**
      * 根据用户编号和密码查询

src/main/java/cc/ryanc/halo/service/UserService.java

@@ -3,7 +3,6 @@ package cc.ryanc.halo.service;
 import cc.ryanc.halo.model.domain.User;
 
 import java.util.Date;
-import java.util.List;
 
 /**
  * @author : RYAN0UP
@@ -26,7 +25,7 @@ public interface UserService {
      * @param userPass userPass
      * @return User
      */
-    List<User> userLoginByName(String userName, String userPass);
+    User userLoginByName(String userName, String userPass);
 
     /**
      * 根据邮箱和密码查询，用户登录
@@ -35,7 +34,7 @@ public interface UserService {
      * @param userPass  userPass
      * @return list
      */
-    List<User> userLoginByEmail(String userEmail, String userPass);
+    User userLoginByEmail(String userEmail, String userPass);
 
     /**
      * 查询所有用户
@@ -63,19 +62,22 @@ public interface UserService {
     /**
      * 修改最后登录时间
      *
-     * @param lastDate lastDate
+     * @param lastDate 最后登录时间
+     * @return User
      */
     User updateUserLoginLast(Date lastDate);
 
     /**
      * 增加登录错误次数
      *
-     * @param error error
+     * @return 登录错误次数
      */
     Integer updateUserLoginError();
 
     /**
      * 修改用户的状态为正常
+     *
+     * @return User
      */
     User updateUserNormal();
 }

src/main/java/cc/ryanc/halo/service/impl/UserServiceImpl.java

@@ -38,7 +38,7 @@ public class UserServiceImpl implements UserService {
      * @return user
      */
     @Override
-    public List<User> userLoginByName(String userName, String userPass) {
+    public User userLoginByName(String userName, String userPass) {
         return userRepository.findByUserNameAndUserPass(userName, userPass);
     }
 
@@ -50,7 +50,7 @@ public class UserServiceImpl implements UserService {
      * @return list
      */
     @Override
-    public List<User> userLoginByEmail(String userEmail, String userPass) {
+    public User userLoginByEmail(String userEmail, String userPass) {
         return userRepository.findByUserEmailAndUserPass(userEmail, userPass);
     }
 
@@ -96,7 +96,8 @@ public class UserServiceImpl implements UserService {
     /**
      * 修改最后登录时间
      *
-     * @param lastDate lastDate
+     * @param lastDate 最后登录时间
+     * @return User
      */
     @Override
     public User updateUserLoginLast(Date lastDate) {
@@ -107,9 +108,9 @@ public class UserServiceImpl implements UserService {
     }
 
     /**
-     * 修改登录错误次数
+     * 增加登录错误次数
      *
-     * @param error error
+     * @return 登录错误次数
      */
     @Override
     public Integer updateUserLoginError() {
@@ -121,6 +122,8 @@ public class UserServiceImpl implements UserService {
 
     /**
      * 修改用户的状态为正常
+     *
+     * @return User
      */
     @Override
     public User updateUserNormal() {

src/main/java/cc/ryanc/halo/web/controller/admin/AdminController.java

@@ -5,6 +5,7 @@ import cc.ryanc.halo.model.domain.Logs;
 import cc.ryanc.halo.model.domain.Post;
 import cc.ryanc.halo.model.domain.User;
 import cc.ryanc.halo.model.dto.HaloConst;
+import cc.ryanc.halo.model.dto.JsonResult;
 import cc.ryanc.halo.model.dto.LogsRecord;
 import cc.ryanc.halo.service.CommentService;
 import cc.ryanc.halo.service.LogsService;
@@ -12,7 +13,10 @@ import cc.ryanc.halo.service.PostService;
 import cc.ryanc.halo.service.UserService;
 import cc.ryanc.halo.utils.HaloUtils;
 import cc.ryanc.halo.web.controller.core.BaseController;
+import cn.hutool.core.date.DateUnit;
+import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.lang.Validator;
+import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.crypto.SecureUtil;
 import cn.hutool.http.HtmlUtil;
 import lombok.extern.slf4j.Slf4j;
@@ -116,40 +120,49 @@ public class AdminController extends BaseController {
      */
     @PostMapping(value = "/getLogin")
     @ResponseBody
-    public String getLogin(@ModelAttribute("loginName") String loginName,
+    public JsonResult getLogin(@ModelAttribute("loginName") String loginName,
                                @ModelAttribute("loginPwd") String loginPwd,
                                HttpSession session) {
-        String status = "false";
-        try {
+        //已注册账号，单用户，只有一个
         User aUser = userService.findUser();
-            User user = null;
-            if (StringUtils.equals(aUser.getLoginEnable(), "false")) {
-                status = "disable";
-            } else {
-                if (Validator.isEmail(loginName)) {
-                    user = userService.userLoginByEmail(loginName, SecureUtil.md5(loginPwd)).get(0);
-                } else {
-                    user = userService.userLoginByName(loginName, SecureUtil.md5(loginPwd)).get(0);
+        //首先判断是否已经被禁用已经是否已经过了10分钟
+        Date loginLast = aUser.getLoginLast();
+        Long between = DateUtil.between(loginLast, new Date(), DateUnit.MINUTE);
+        if (StringUtils.equals(aUser.getLoginEnable(), "false") && (between < 10)) {
+            return new JsonResult(0, "已禁止登录，请10分钟后再试");
         }
-                if (aUser == user) {
-                    session.setAttribute(HaloConst.USER_SESSION_KEY, user);
+        //验证用户名和密码
+        User user = null;
+        if (Validator.isEmail(loginName)) {
+            user = userService.userLoginByEmail(loginName, SecureUtil.md5(loginPwd));
+        } else {
+            user = userService.userLoginByName(loginName, SecureUtil.md5(loginPwd));
+        }
+        userService.updateUserLoginLast(new Date());
+        //判断User对象是否相等
+        if (ObjectUtil.equal(aUser, user)) {
+            session.setAttribute(HaloConst.USER_SESSION_KEY, aUser);
             //重置用户的登录状态为正常
             userService.updateUserNormal();
-                    userService.updateUserLoginLast(new Date());
             logsService.saveByLogs(new Logs(LogsRecord.LOGIN, LogsRecord.LOGIN_SUCCESS, HaloUtils.getIpAddr(request), new Date()));
-                    status = "true";
-                }
-            }
-        } catch (Exception e) {
+            return new JsonResult(1, "登录成功！");
+        } else {
+            //更新失败次数
             Integer errorCount = userService.updateUserLoginError();
+            //超过五次禁用账户
             if (errorCount >= 5) {
                 userService.updateUserLoginEnable("false");
             }
-            userService.updateUserLoginLast(new Date());
-            logsService.saveByLogs(new Logs(LogsRecord.LOGIN, LogsRecord.LOGIN_ERROR + "[" + HtmlUtil.encode(loginName) + "," + HtmlUtil.encode(loginPwd) + "]", HaloUtils.getIpAddr(request), new Date()));
-            log.error("登录失败！：{0}", e.getMessage());
+            logsService.saveByLogs(
+                    new Logs(
+                            LogsRecord.LOGIN,
+                            LogsRecord.LOGIN_ERROR + "[" + HtmlUtil.encode(loginName) + "," + HtmlUtil.encode(loginPwd) + "]",
+                            HaloUtils.getIpAddr(request),
+                            new Date()
+                    )
+            );
+            return new JsonResult(0, "登录失败，你还有" + (5 - errorCount) + "次机会。");
         }
-        return status;
     }
 
     /**

src/main/resources/static/js/login.js

@@ -14,10 +14,10 @@ function btn_login() {
                 'loginName': name,
                 'loginPwd': pwd
             },
-            success: function (status) {
-                if(status=="true"){
+            success: function (data) {
+                if(data.code==1){
                     $.toast({
-                        text: "登录成功！",
+                        text: data.msg,
                         heading: '提示',
                         icon: 'success',
                         showHideTransition: 'fade',
@@ -32,29 +32,10 @@ function btn_login() {
                             window.location.href="/admin";
                         }
                     });
-                }else if(status=="disable"){
-                    $('.login-body').addClass('animate shake');
-                    $.toast({
-                        text: "密码错误已达到5次，请10分钟后再试！",
-                        heading: '提示',
-                        icon: 'error',
-                        showHideTransition: 'fade',
-                        allowToastClose: true,
-                        hideAfter: 2000,
-                        stack: 1,
-                        position: 'top-center',
-                        textAlign: 'left',
-                        loader: true,
-                        loaderBg: '#ffffff',
-                        afterHidden: function () {
-                            $('.login-body').removeClass('animate shake');
-                        }
-                    });
-                    $('#btn-login').button('reset');
                 }else{
                     $('.login-body').addClass('animate shake');
                     $.toast({
-                        text: "用户名或者密码错误！",
+                        text: data.msg,
                         heading: '提示',
                         icon: 'error',
                         showHideTransition: 'fade',