diff --git a/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java b/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java index 7c4d7669..1cb25f04 100644 --- a/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java +++ b/jshERP-boot/src/main/java/com/jsh/erp/datasource/mappers/LogMapperEx.java @@ -30,6 +30,7 @@ public interface LogMapperEx { @Param("content") String content); Long getCountByIpAndDate( + @Param("userId") Long userId, @Param("moduleName") String moduleName, @Param("clientIp") String clientIp, @Param("createTime") String createTime); diff --git a/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java b/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java index fdba2a25..34ebcc09 100644 --- a/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java +++ b/jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java @@ -150,10 +150,10 @@ public class LogService { if(userId!=null) { String clientIp = getLocalIp(request); String createTime = Tools.getNow3(); - Long count = logMapperEx.getCountByIpAndDate(moduleName, clientIp, createTime); + Long count = logMapperEx.getCountByIpAndDate(userId, moduleName, clientIp, createTime); if(count > 0) { - //如果某1个IP在同1秒内连续操作两遍,此时需要删除该redis记录,使其退出,防止恶意攻击 - redisService.deleteObjectByKeyAndIp("clientIp", clientIp, "userId"); + //如果某个用户某个IP在同1秒内连续操作两遍,此时需要删除该redis记录,使其退出,防止恶意攻击 + redisService.deleteObjectByUserAndIp(userId, clientIp); } else { Log log = new Log(); log.setUserId(userId); diff --git a/jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java b/jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java index 9793c511..0e30980e 100644 --- a/jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java +++ b/jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java @@ -99,21 +99,17 @@ public class RedisService { /** * @author jisheng hua - * description: - * 将信息从redis中移除,比对key和ip - *@date: 2021/08/21 22:10 - * @Param: request - * @Param: key - * @Param: ip - * @Param: deleteKey - * @return Object + * 将信息从redis中移除,比对user和ip + * @param userId + * @param clientIp */ - public void deleteObjectByKeyAndIp(String key, String ip, String deleteKey){ + public void deleteObjectByUserAndIp(Long userId, String clientIp){ Set tokens = redisTemplate.keys("*"); for(String token : tokens) { - Object value = redisTemplate.opsForHash().get(token, key); - if(value!=null && value.equals(ip)) { - redisTemplate.opsForHash().delete(token, deleteKey); + Object userIdValue = redisTemplate.opsForHash().get(token, "userId"); + Object clientIpValue = redisTemplate.opsForHash().get(token, "clientIp"); + if(userIdValue!=null && clientIpValue!=null && userIdValue.equals(userId.toString()) && clientIpValue.equals(clientIp)) { + redisTemplate.opsForHash().delete(token, "userId"); } } } diff --git a/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml b/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml index 6ff4bb4f..dc19af92 100644 --- a/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml +++ b/jshERP-boot/src/main/resources/mapper_xml/LogMapperEx.xml @@ -75,7 +75,8 @@