package com.example.demo.serviceImpl; import com.example.demo.domain.entity.Admin; import com.example.demo.domain.vo.Password; import com.example.demo.domain.vo.Result; import com.example.demo.mapper.AdminMapper; import com.example.demo.service.AdminService; import lombok.RequiredArgsConstructor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.time.LocalDateTime; import java.util.Date; import java.util.regex.Pattern; @Service @RequiredArgsConstructor public class AdminServiceImpl implements AdminService { @Autowired private AuthenticationManager authenticationManager; private final AdminMapper adminMapper; @Override public Admin login(Admin admin) throws Exception { String account = admin.getAccount(); String inputMachineId = admin.getMachineId(); if (StringUtils.isBlank(account)) { throw new IllegalArgumentException("账号不能为空"); } Admin adminInDB = adminMapper.getAdmin(account); System.out.println("adminInDB:" + adminInDB); if (adminInDB == null) { throw new RuntimeException("无此精网号"); } // 校验机器权限 if (!hasPermissionToMachine(adminInDB, inputMachineId)) { throw new RuntimeException("你没有使用该机器的权限!"); } try { System.out.println("admin:" + account); System.out.println("admin:" + admin.getPassword()); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(account, admin.getPassword()); Authentication authentication = authenticationManager.authenticate(token); return (Admin) authentication.getPrincipal(); } catch (Exception e) { System.out.println("密码错误" + e.getMessage()); throw new RuntimeException("登录失败,请稍后再试", e); } } @Override public String getId(String account) { return adminMapper.getAdmin(account).getId().toString(); } private boolean hasPermissionToMachine(Admin admin, String targetMachineId) { if (targetMachineId == null || admin.getMachineId() == null) { return false; } String[] machineIds = admin.getMachineId().split(","); for (String id : machineIds) { if (targetMachineId.equals(id)) { return true; } } return false; } private static final String PASSWORD_REGEX = "^(?![0-9]+$)(?![a-zA-Z]+$)(?!\\W+$).{8,16}$"; private static final Pattern PASSWORD_PATTERN = Pattern.compile(PASSWORD_REGEX); @Override public Result updatePassword(Password password) { String oldPassword = password.getOldPassword(); String newPassword = password.getNewPassword(); String againPassword = password.getAgainPassword(); if(oldPassword == null || newPassword == null || againPassword == null ||password.getAccount() == null) { return Result.error("输入不能为空"); } if (oldPassword.equals(newPassword)) { return Result.error("新密码不能与旧密码相同"); } // 检查两次输入的新密码是否一致 if (!newPassword.equals(againPassword)) { return Result.error("两次输入的新密码不一致"); } // 检查新密码是否符合复杂度要求 if (!PASSWORD_PATTERN.matcher(newPassword).matches()) { return Result.error("新密码必须为8-16位数字、字母或符号组成,且至少包含其中两种"); } if(adminMapper.getAdmin(password.getAccount())==null) { return Result.error("用户不存在"); } try { // 创建认证令牌并验证旧密码 UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(password.getAccount(), oldPassword); Authentication authentication = authenticationManager.authenticate(token); // 获取认证后的用户信息 Admin admin = (Admin) authentication.getPrincipal(); BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); // 使用Spring管理的密码编码器(不要手动new) String encodedPassword = passwordEncoder.encode(newPassword); // 更新数据库中的密码 admin.setPassword(encodedPassword); admin.setUpdateTime(new Date()); // 更新修改时间 adminMapper.updatePassword(admin); return Result.success("密码修改成功"); } catch (BadCredentialsException e) { // 旧密码验证失败 return Result.error("原密码错误"); } catch (Exception e) { return Result.error("密码更新失败"); } } @Override public Integer resetPassword(Password password) { String newPassword = password.getNewPassword(); if(newPassword == null ||password.getAccount() == null) { return 0; } // 检查新密码是否符合复杂度要求 if (!PASSWORD_PATTERN.matcher(newPassword).matches()) { return 0; } if(adminMapper.getAdmin(password.getAccount())==null) { return 0; } try { // 获取认证后的用户信息 Admin admin = adminMapper.getAdmin(password.getAccount()); BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); // 使用Spring管理的密码编码器(不要手动new) String encodedPassword = passwordEncoder.encode(newPassword); // 更新数据库中的密码 admin.setPassword(encodedPassword); admin.setUpdateTime(new Date()); // 更新修改时间 adminMapper.updatePassword(admin); return 1; } catch (Exception e) { return 0; } } }