将日志写入的用户超时逻辑改为限定为同一个账号

2022-05-21 22:29:01 +08:00
parent a2061b1a32
commit 8108d639e7
4 changed files with 14 additions and 16 deletions
--- a/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java
@@ -30,6 +30,7 @@ public interface LogMapperEx {
            @Param("content") String content);

    Long getCountByIpAndDate(
+            @Param("userId") Long userId,
            @Param("moduleName") String moduleName,
            @Param("clientIp") String clientIp,
            @Param("createTime") String createTime);
--- a/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
@@ -150,10 +150,10 @@ public class LogService {
            if(userId!=null) {
                String clientIp = getLocalIp(request);
                String createTime = Tools.getNow3();
-                Long count = logMapperEx.getCountByIpAndDate(moduleName, clientIp, createTime);
+                Long count = logMapperEx.getCountByIpAndDate(userId, moduleName, clientIp, createTime);
                if(count > 0) {
-                    //如果某1个IP在同1秒内连续操作两遍，此时需要删除该redis记录，使其退出，防止恶意攻击
-                    redisService.deleteObjectByKeyAndIp("clientIp", clientIp, "userId");
+                    //如果某个用户某个IP在同1秒内连续操作两遍，此时需要删除该redis记录，使其退出，防止恶意攻击
+                    redisService.deleteObjectByUserAndIp(userId, clientIp);
                } else {
                    Log log = new Log();
                    log.setUserId(userId);
--- a/jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java
@@ -99,21 +99,17 @@ public class RedisService {

    /**
     * @author jisheng hua
-     * description:
-     *  将信息从redis中移除，比对key和ip
-     *@date: 2021/08/21 22:10
-     * @Param: request
-     * @Param: key
-     * @Param: ip
-     * @Param: deleteKey
-     * @return Object
+     * 将信息从redis中移除，比对user和ip
+     * @param userId
+     * @param clientIp
     */
-    public void deleteObjectByKeyAndIp(String key, String ip, String deleteKey){
+    public void deleteObjectByUserAndIp(Long userId, String clientIp){
        Set<String> tokens = redisTemplate.keys("*");
        for(String token : tokens) {
-            Object value = redisTemplate.opsForHash().get(token, key);
-            if(value!=null && value.equals(ip)) {
-                redisTemplate.opsForHash().delete(token, deleteKey);
+            Object userIdValue = redisTemplate.opsForHash().get(token, "userId");
+            Object clientIpValue = redisTemplate.opsForHash().get(token, "clientIp");
+            if(userIdValue!=null && clientIpValue!=null && userIdValue.equals(userId.toString()) && clientIpValue.equals(clientIp)) {
+                redisTemplate.opsForHash().delete(token, "userId");
            }
        }
    }
--- a/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml
+++ b/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml
@@ -75,7 +75,8 @@
    </select>

    <select id="getCountByIpAndDate" resultType="java.lang.Long">
-        select count(1) from jsh_log where operation=#{moduleName} and client_ip=#{clientIp} and create_time=#{createTime}
+        select count(1) from jsh_log
+        where user_id=#{userId} and operation=#{moduleName} and client_ip=#{clientIp} and create_time=#{createTime}
    </select>

    <insert id="insertLogWithUserId" parameterType="com.jsh.erp.datasource.entities.Log">