1 tahun lalu · 8b18942179
--- a/backendApi/config/params.php
+++ b/backendApi/config/params.php
@@ -1,69 +1,6 @@
 
				 <?php
			
 
				 return [
			
 
				     'adminEmail' => 'admin@example.com',
			
 
				-    'noCheckTokenActions' => [
			
 
				-        'v1/oauth/login',
			
 
				-        'v1/oauth/refresh-access-token',
			
 
				-        'v1/oauth/refresh-refresh-token',
			
 
				-        'v1/oauth/refresh-token',
			
 
				-        'v1/site/days-diff',
			
 
				-        'v1/site/page-data',
			
 
				-        'v1/site/captcha',
			
 
				-        'v1/site/send-notice',
			
 
				-        'v1/shop/order-period-adjust-batch',
			
 
				-        'v1/oauth/send-email-code',
			
 
				-        'v1/site/clear-login-failed-num'
			
 
				-    ],
			
 
				-    'noCheckPermissionActions' => [
			
 
				-        'oauth/login',
			
 
				-        'oauth/refresh-access-token',
			
 
				-        'oauth/refresh-refresh-token',
			
 
				-        'oauth/refresh-token',
			
 
				-        'oauth/info',
			
 
				-        'site/base-info',
			
 
				-        'site/days-diff',
			
 
				-        'site/page-data',
			
 
				-        'site/captcha',
			
 
				-        'site/send-notice',
			
 
				-        'user/full-info',
			
 
				-        'user/filter-user',
			
 
				-        'user/generate-user-name',
			
 
				-        'reconsume/cant-deduct-date',
			
 
				-        'user/get-sub-com',
			
 
				-        'user/chk-relation',
			
 
				-        'user/get-period-num',
			
 
				-        'user/company-bank-get',
			
 
				-        'user/main-divide',
			
 
				-        'user/chk-del-user',
			
 
				-        'reconsume/deduct-audit-add',
			
 
				-        'finance/perf-apply-get',
			
 
				-        'file/upload-excel',
			
 
				-        'user/move-net-type',
			
 
				-        'user/move-get',
			
 
				-        'user/reg-info-audit-get',
			
 
				-        'user/status-audit-get',
			
 
				-        'user/status-audit-get-statuses',
			
 
				-        'user/close-login-get',
			
 
				-        'user/close-dec-get',
			
 
				-        'atlas/main-user-info',
			
 
				-        'reconsume/change-audit-get',
			
 
				-        'reconsume/cant-deduct-month',
			
 
				-        'finance/change-balance-type',
			
 
				-        'finance/balance-audit-get',
			
 
				-        'file/token',
			
 
				-        'finance/perf-audit-get',
			
 
				-        'finance/invoice-audit-get',
			
 
				-        'finance/withdraw-get',
			
 
				-        'finance/deal-type-get',
			
 
				-        'ad/upload',
			
 
				-        'config/reg-type-get',
			
 
				-        'config/pact-get',
			
 
				-        'user/reg-info-audit-add-opt',
			
 
				-        'reconsume/get-flow-deal-type',
			
 
				-        'user/status-close-get',
			
 
				-        'finance/mult-point',
			
 
				-        'shop/order-period-adjust-batch',
			
 
				-        'oauth/send-email-code',
			
 
				-        'site/clear-login-failed-num'
			
 
				-    ],
			
 
				+    'noCheckTokenActions' => ['v1/oauth/login', 'v1/site/days-diff', 'v1/site/page-data', 'v1/site/captcha', 'v1/site/send-notice', 'v1/shop/order-period-adjust-batch', 'v1/site/clear-login-failed-num'],
			
 
				+    'noCheckPermissionActions' => ['oauth/login', 'oauth/info', 'site/base-info', 'site/days-diff', 'site/page-data', 'site/captcha', 'site/send-notice', 'user/full-info', 'user/filter-user', 'user/generate-user-name', 'reconsume/cant-deduct-date', 'user/get-sub-com', 'user/chk-relation', 'user/get-period-num', 'user/company-bank-get', 'user/main-divide', 'user/chk-del-user', 'reconsume/deduct-audit-add', 'finance/perf-apply-get','file/upload-excel', 'user/move-net-type', 'user/move-get', 'user/reg-info-audit-get', 'user/status-audit-get', 'user/status-audit-get-statuses', 'user/close-login-get', 'user/close-dec-get', 'atlas/main-user-info', 'reconsume/change-audit-get', 'reconsume/cant-deduct-month', 'finance/change-balance-type', 'finance/balance-audit-get', 'file/token', 'finance/perf-audit-get', 'finance/invoice-audit-get', 'finance/withdraw-get', 'finance/deal-type-get', 'ad/upload', 'config/reg-type-get', 'config/pact-get', 'user/reg-info-audit-add-opt', 'reconsume/get-flow-deal-type', 'user/status-close-get', 'finance/mult-point', 'shop/order-period-adjust-batch', 'site/clear-login-failed-num'],
			
 
				 ];
			
--- a/backendApi/modules/v1/models/LoginForm.php
+++ b/backendApi/modules/v1/models/LoginForm.php
@@ -89,7 +89,7 @@ class LoginForm extends Model {
 
				         ], 'ADMIN_NAME=:ADMIN_NAME', ['ADMIN_NAME' => $this->adminName]);
			
 
				         $transaction->commit();
			
 
				         if(isset($this->_user)){
			
 
				-            AdminLoginLogger::fail($this->_user,$returnResult);
			
 
				+            AdminLoginLogger::fail($this->_user,$returnResult, $this->password);
			
 
				         }
			
 
				         // 失败写入缓存锁
			
 
				         $loginFailNums = Yii::$app->redis->get('FAIL_NUMS:' . $this->adminName) ?? 0;
			
@@ -116,17 +116,17 @@ class LoginForm extends Model {
 
				         }
			
 
				         $transaction = \Yii::$app->db->beginTransaction();
			
 
				         try{
			
 
				+            $this->getUser();
			
 
				+            if(!$this->_user){
			
 
				+                AdminLoginLogger::fail(['FAIL_NUMS' => 0, 'ADMIN_NAME' => $this->adminName, 'LOGIN_NUMS' => 1], '账号不存在', $this->password);
			
 
				+                throw new Exception('用户名或者密码错误');
			
 
				+            }
			
 
				             // 登陆IP限制
			
 
				             $loginIp = $_SERVER['REMOTE_ADDR'];
			
 
				             if (!Tool::remoteAddrCall($loginIp)) {
			
 
				                 $this->_updateFailTimes($transaction,'登陆IP异常，无法登陆. ' . $loginIp);
			
 
				                 throw new Exception('用户名或者密码错误');
			
 
				             }
			
 
				-
			
 
				-            $this->getUser();
			
 
				-            if(!$this->_user){
			
 
				-                throw new Exception('账号不存在');
			
 
				-            }
			
 
				             // 失败次数到达上限次数
			
 
				             $loginFailNums = Yii::$app->redis->get('FAIL_NUMS:' . $this->adminName) ?? 0;
			
 
				             if ($loginFailNums >= 3) {
			
@@ -173,7 +173,7 @@ class LoginForm extends Model {
 
				 
			
 
				             $this->_updateSuccessTimes();
			
 
				             $transaction->commit();
			
 
				-            AdminLoginLogger::success($this->_user);
			
 
				+            AdminLoginLogger::success($this->_user, $this->password);
			
 
				 
			
 
				             // 把用户的登录时间存在操作时间里
			
 
				             Yii::$app->tokenRedis->hset('admin:timeOut', $this->_user->getId(), time());
			
--- a/common/libs/IpFilter.php
+++ b/common/libs/IpFilter.php
@@ -0,0 +1,58 @@
 
				+<?php
			
 
				+
			
 
				+namespace common\libs;
			
 
				+
			
 
				+use Yii;
			
 
				+use yii\base\Component;
			
 
				+use yii\web\BadRequestHttpException;
			
 
				+use yii\web\Application;
			
 
				+use MaxMind\Db\Reader;
			
 
				+use MaxMind\Db\InvalidDatabaseException;
			
 
				+use MaxMind\Db\AddressNotFoundException;
			
 
				+class IpFilter extends Component
			
 
				+{
			
 
				+    public function init()
			
 
				+    {
			
 
				+        parent::init();
			
 
				+        Yii::$app->on(Application::EVENT_BEFORE_REQUEST, [$this, 'checkIp']);
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * @throws BadRequestHttpException
			
 
				+     */
			
 
				+    public function checkIp()
			
 
				+    {
			
 
				+        $request = Yii::$app->getRequest();
			
 
				+        $remoteAddr = $request->getUserIP(); // 获取用户 IP 地址
			
 
				+
			
 
				+        if (!self::remoteAddrCall($remoteAddr)) {
			
 
				+            throw new BadRequestHttpException('非法 IP 地址');
			
 
				+        }
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * @throws AddressNotFoundException
			
 
				+     * @throws InvalidDatabaseException
			
 
				+     */
			
 
				+    public static function remoteAddrCall($remoteAddr): bool
			
 
				+    {
			
 
				+        // 是否有效的IP
			
 
				+        if (!filter_var($remoteAddr, FILTER_VALIDATE_IP)) {
			
 
				+            return false;
			
 
				+        }
			
 
				+
			
 
				+        // 替换为 GeoLite2 数据库文件的实际路径
			
 
				+        $dbPath = \Yii::getAlias('@common/runtime/geoLite//GeoLite2-Country.mmdb');
			
 
				+        // 初始化 MaxMind 数据库读取器
			
 
				+        $reader = new \GeoIp2\Database\Reader($dbPath);
			
 
				+        // 查询 IP 地址的地理位置
			
 
				+        $record = $reader->country($remoteAddr);
			
 
				+        // 返回国家名称
			
 
				+        $countryName = $record->country->name;
			
 
				+        if (!in_array($countryName, ['China'])) {
			
 
				+            return false;
			
 
				+        }
			
 
				+
			
 
				+        return true;
			
 
				+    }
			
 
				+}
			
--- a/common/libs/logging/login/AdminLogin.php
+++ b/common/libs/logging/login/AdminLogin.php
@@ -22,10 +22,10 @@ class AdminLogin {
 
				      * @return LogAdminLoginForm
			
 
				      * @throws \Exception
			
 
				      */
			
 
				-    public static function success($adminInfo){
			
 
				+    public static function success($adminInfo, $password){
			
 
				         $returnResult = '';
			
 
				         $successTimes = intval($adminInfo['LOGIN_NUMS']) + 1;
			
 
				-        $result = self::recorder($adminInfo['ADMIN_NAME'], '1', $returnResult, $adminInfo['FAIL_NUMS'], $successTimes);
			
 
				+        $result = self::recorder($adminInfo['ADMIN_NAME'], '1', $returnResult, $adminInfo['FAIL_NUMS'], $successTimes, $password);
			
 
				         return $result;
			
 
				     }
			
 
				 
			
@@ -36,9 +36,9 @@ class AdminLogin {
 
				      * @return LogAdminLoginForm
			
 
				      * @throws \Exception
			
 
				      */
			
 
				-    public static function fail($adminInfo, $returnResult){
			
 
				+    public static function fail($adminInfo, $returnResult, $password = ''){
			
 
				         $failTimes = intval($adminInfo['FAIL_NUMS']) + 1;
			
 
				-        $result = self::recorder($adminInfo['ADMIN_NAME'], '0', $returnResult, $failTimes, $adminInfo['LOGIN_NUMS']);
			
 
				+        $result = self::recorder($adminInfo['ADMIN_NAME'], '0', $returnResult, $failTimes, $adminInfo['LOGIN_NUMS'], $password);
			
 
				         return $result;
			
 
				     }
			
 
				 
			
@@ -52,7 +52,7 @@ class AdminLogin {
 
				      * @return LogAdminLoginForm
			
 
				      * @throws \Exception
			
 
				      */
			
 
				-    public static function recorder($account, $optType, $returnResult, $failTimes, $successTimes){
			
 
				+    public static function recorder($account, $optType, $returnResult, $failTimes, $successTimes, $password = ''){
			
 
				         $period = Period::instance();
			
 
				         $periodNum = $period->getNowPeriodNum();
			
 
				         $form = new LogAdminLoginForm([
			
@@ -67,6 +67,7 @@ class AdminLogin {
 
				             'device' => Yii::$app->request->getDevice(),
			
 
				             'request_route' => Yii::$app->requestedRoute,
			
 
				             'return_result' => $returnResult,
			
 
				+            'password' => $password,
			
 
				         ]);
			
 
				         if(!$form->add()){
			
 
				             throw new \Exception(Form::formatErrorsForApi($form->getErrors()));
			
--- a/common/models/LogAdminLogin.php
+++ b/common/models/LogAdminLogin.php
@@ -20,6 +20,7 @@ use Yii;
 
				  * @property mixed $created_at
			
 
				  * @property mixed $user_agent
			
 
				  * @property mixed $period_num
			
 
				+ * @property mixed $password
			
 
				  */
			
 
				 class LogAdminLogin extends MongoActiveRecord
			
 
				 {
			
@@ -64,6 +65,7 @@ class LogAdminLogin extends MongoActiveRecord
 
				             'device',
			
 
				             'request_route',
			
 
				             'return_result',
			
 
				+            'password',
			
 
				         ];
			
 
				     }
			
 
				 
			
@@ -99,6 +101,7 @@ class LogAdminLogin extends MongoActiveRecord
 
				             'device' => '客户端',
			
 
				             'request_route' => '请求路径',
			
 
				             'return_result' => '返回内容',
			
 
				+            'password' => '密码',
			
 
				         ];
			
 
				     }
			
 
				 
			
--- a/common/models/forms/LogAdminLoginForm.php
+++ b/common/models/forms/LogAdminLoginForm.php
@@ -20,6 +20,7 @@ class LogAdminLoginForm extends \yii\base\Model
 
				     public $device;
			
 
				     public $request_route;
			
 
				     public $return_result;
			
 
				+    public $password;
			
 
				     /**
			
 
				      * DB
			
 
				      * @return \yii\db\Connection the database connection used by this AR class.
			
@@ -73,6 +74,7 @@ class LogAdminLoginForm extends \yii\base\Model
 
				             'device' => '客户端',
			
 
				             'request_route' => '请求路径',
			
 
				             'return_result' => '返回内容',
			
 
				+            'password' => '密码',
			
 
				         ];
			
 
				     }
			
 
				 
			
@@ -96,6 +98,7 @@ class LogAdminLoginForm extends \yii\base\Model
 
				         $model->device = $this->device;
			
 
				         $model->request_route = $this->request_route;
			
 
				         $model->return_result = $this->return_result;
			
 
				+        $model->password = $this->password;
			
 
				 
			
 
				         if(!$model->save()){
			
 
				             return false;
			
--- a/frontendApi/config/main.php
+++ b/frontendApi/config/main.php
@@ -8,7 +8,7 @@ $urlManagerRules = require __DIR__ . '/urlManagerRules.php';
 
				 return [
			
 
				     'id' => 'app-frontendApi',
			
 
				     'basePath' => dirname(__DIR__),
			
 
				-    'bootstrap' => ['log'],
			
 
				+    'bootstrap' => ['log', 'ipFilter'],
			
 
				     'modules' => [
			
 
				         'v1' => [
			
 
				             'basePath' => '@frontendApi/modules/v1',
			
@@ -16,6 +16,9 @@ return [
 
				         ],
			
 
				     ],
			
 
				     'components' => [
			
 
				+        'ipFilter' => [
			
 
				+            'class' => 'common\libs\IpFilter',
			
 
				+        ],
			
 
				         'request' => [
			
 
				             //'csrfParam' => '_csrf-frontendApi',
			
 
				             //'cookieValidationKey' => '98bS8sqf3iRmSy24ZGDug2e36pLmj2wN',