扫码登录，限制code3分钟

6b12076f · 周海峰 · c2c567be · 6b12076f
Commit 6b12076f authored Jun 17, 2026 by 周海峰
--- a/src/main/java/com/metro/auth/platform/controller/AuthController.java
+++ b/src/main/java/com/metro/auth/platform/controller/AuthController.java
@@ -6,6 +6,7 @@ import com.metro.auth.platform.domain.auth.*;
 import com.metro.auth.platform.generallog.LogAnnotation;
 import com.metro.auth.platform.http.HttpAPIService;
 import com.metro.auth.platform.outlineapi.PlatformUrlManager;
+import com.metro.auth.platform.redis.RedisUtils;
 import com.metro.auth.platform.service.AuthService;
 import com.metro.auth.platform.utils.*;
 import com.metro.auth.platform.wxmessage.ApiConfig;
@@ -22,6 +23,7 @@ import javax.annotation.Resource;
 import javax.mail.MessagingException;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
+import java.util.concurrent.TimeUnit;
 /**
 * @author zhouy
@@ -32,6 +34,9 @@ import javax.validation.Valid;
 @Api(tags = "统一登录相关接口")
 @RequestMapping("/auth/v1")
 public class AuthController {
+    private static final String LOGIN_CODE_PRX = "sq_code_login_code_";
    @Value("${jwt.header}")
    private String tokenHeader;
@@ -43,6 +48,9 @@ public class AuthController {
    @Resource
    public HttpAPIService httpAPIService;
+    @Resource
+    private RedisUtils redisUtils;
    @Autowired
    public AuthController(AuthService authService) {
@@ -128,8 +136,12 @@ public class AuthController {
     */
    @LogAnnotation(operateContent = "用户内网扫码登录", operateType = "登录")
    @PostMapping(value = "/logincode")
-//    @ApiOperation(value = "登录", notes = "根据随机码登录")
    public ResultJson<ResponseUserToken> logincode(@Valid @RequestBody User user) {
+        boolean exists = redisUtils.exists(LOGIN_CODE_PRX + user.getCode());
+        if (!exists) {
+            log.warn("用户内网扫码登录code无效，code={}", user.getCode());
+            return ResultJson.ok(false);
+        }
        //根据code查用户账户和密码
        PlatformPersonnel platformPersonnel = authService.findUserInfoByCode(user.getCode());
        if (platformPersonnel != null) {
@@ -171,8 +183,23 @@ public class AuthController {
            return ResultJson.failure(ResultCode.UNAUTHORIZED);
        }
        String userId = (String) JSONUtil.getStringFromJSONObject(wxuserinfo, "UserId");
+        // 检查登录验证码是否已存在，如果存在则验证用户ID是否匹配
+        boolean exists = redisUtils.exists(LOGIN_CODE_PRX + saveSqCodeReq.getLoginCode());
+        if (exists) {
+            Object object = redisUtils.get(LOGIN_CODE_PRX + saveSqCodeReq.getLoginCode());
+            log.warn("登录验证码已存在，之前的用户ID为=={}", object);
+            if (!userId.equals(object.toString())) {
+                return ResultJson.failure(ResultCode.BUSINESS_ERROR);
+            } else {
+                return ResultJson.ok(ResultCode.SUCCESS);
+            }
+        }
        int flag = authService.updateCodeByUserid(userId, saveSqCodeReq.getLoginCode());
        if (flag > 0) {
+            // 将登录验证码和用户ID存入Redis，设置过期时间为3分钟
+            redisUtils.set(LOGIN_CODE_PRX + saveSqCodeReq.getLoginCode(), userId, 3L, TimeUnit.MINUTES);
            return ResultJson.ok(ResultCode.SUCCESS);
        } else {
            return ResultJson.failure(ResultCode.RESPONSE_ERROR);