feat(system): 添加商户端登录接口

- 新增 loginApp 方法实现商户端登录功能
- 包括用户名和密码验证、用户状态检查、登录失败次数限制等功能- 登录成功后返回用户信息并记录登录日志

national-motion-module-system/national-motion-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java

@@ -5,8 +5,8 @@ import com.alibaba.fastjson.JSONObject;
 import com.aliyuncs.exceptions.ClientException;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.IdWorker;
-import io.swagger.v3.oas.annotations.tags.Tag;
 import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authz.annotation.RequiresRoles;
@@ -23,7 +23,6 @@ import org.jeecg.config.JeecgBaseConfig;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.SysDepart;
 import org.jeecg.modules.system.entity.SysRoleIndex;
-import org.jeecg.modules.system.entity.SysTenant;
 import org.jeecg.modules.system.entity.SysUser;
 import org.jeecg.modules.system.model.SysLoginModel;
 import org.jeecg.modules.system.service.*;
@@ -38,7 +37,6 @@ import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.*;
-import java.util.stream.Collectors;
 
 /**
  * @Author scott
@@ -70,6 +68,50 @@ public class LoginController {
 
 	private final String BASE_CHECK_CODES = "qwertyuiplkjhgfdsazxcvbnmQWERTYUPLKJHGFDSAZXCVBNM1234567890";
 
+	@Operation(summary="商户端登录接口")
+	@RequestMapping(value = "/loginApp", method = RequestMethod.POST)
+	public Result<JSONObject> loginApp(@RequestBody SysLoginModel sysLoginModel, HttpServletRequest request){
+		Result<JSONObject> result = new Result<JSONObject>();
+		String username = sysLoginModel.getUsername();
+		String password = sysLoginModel.getPassword();
+//		if(isLoginFailOvertimes(username)){
+//			return result.error500("该用户登录失败次数过多，请于10分钟后再次登录！");
+//		}
+
+		// 加入密钥作为混淆，避免简单的拼接，被外部利用，用户自定义该密钥即可
+		String origin = "lowerCaseCaptcha"+sysLoginModel.getCheckKey()+jeecgBaseConfig.getSignatureSecret();
+		String realKey = Md5Util.md5Encode(origin, "utf-8");
+		Object checkCode = redisUtil.get(realKey);
+
+		// step.2 校验用户是否存在且有效
+		LambdaQueryWrapper<SysUser> queryWrapper = new LambdaQueryWrapper<>();
+		queryWrapper.eq(SysUser::getUsername,username);
+		SysUser sysUser = sysUserService.getOne(queryWrapper);
+		result = sysUserService.checkUserIsEffective(sysUser);
+		if(!result.isSuccess()) {
+			return result;
+		}
+
+		// step.3 校验用户名或密码是否正确
+		String userpassword = PasswordUtil.encrypt(username, password, sysUser.getSalt());
+		String syspassword = sysUser.getPassword();
+		if (!syspassword.equals(userpassword)) {
+			addLoginFailOvertimes(username);
+			result.error500("用户名或密码错误");
+			return result;
+		}
+
+		// step.4  登录成功获取用户信息
+		userInfo(sysUser, result, request);
+
+
+		// step.6  记录用户登录日志
+		LoginUser loginUser = new LoginUser();
+		BeanUtils.copyProperties(sysUser, loginUser);
+		baseCommonService.addLog("用户名: " + username + ",登录成功！", CommonConstant.LOG_TYPE_1, null,loginUser);
+		return result;
+	}
+
 	@Operation(summary="登录接口")
 	@RequestMapping(value = "/login", method = RequestMethod.POST)
 	public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel, HttpServletRequest request){