ok

routers/prod_api/auth.py

@@ -135,6 +135,10 @@ async def login(
             redis_set_with_time(redis_login_key, str(login_error_times), 300)
 
             raise AppException(500, "帐号或者密码错误")
+        
+        # 校验账号是否停用
+        if row.status != "0":
+            raise AppException(500, "帐号已停用")
 
         # 校验长期（超过1个月）未使用的账号和及开通后未及时（如72小时）修改初始密码的账号做清除
         login_date = row.login_date
@@ -408,6 +412,26 @@ def login_with_usbkey(
     if sys_user_data.sign_valid_row(row) == False:
         raise AppException(500, "系统用户表验证异常，已被非法篡改")
 
+    # 校验账号是否停用
+    if row.status != "0":
+        raise AppException(500, "帐号已停用")
+    
+    # 校验长期（超过1个月）未使用的账号和及开通后未及时（如72小时）修改初始密码的账号做清除
+    login_date = row.login_date
+    if row.login == 0:
+        # 计算初始化的时间和当前时间相差的小时数
+        diff_hour = (datetime.now() - login_date).seconds/3600
+        if diff_hour > 72:
+            raise AppException(500, "你的账号在开通后（72小时）内未登录及修改初始密码，账号已被锁定，请联系管理员处理，否则将被清除。")
+        
+    else:
+        # 计算上次登录到当前时间的相差天数
+        diff_day = (datetime.now() - login_date).days
+        if diff_day > 30:
+            raise AppException(500, "你的账号在超过30天未登录使用，账号已被锁定，请联系管理员处理，否则将被清除。")
+
+    redis_set_with_time(redis_login_key, str(0), 1)
+    
     user_id = str(row.user_id)
 
     auth = {

routers/prod_api/system/menu/__init__.py

@@ -5,6 +5,7 @@ from fastapi import APIRouter, Request, Depends, Query, HTTPException, status
 from common.security import valid_access_token
 from pydantic import BaseModel
 from database import get_db
+from sqlalchemy import text
 from sqlalchemy.orm import Session
 from typing import List
 from models import *
@@ -129,6 +130,10 @@ async def getRouters(request: Request, db: Session = Depends(get_db),
             menu_tree = []  # 初始化一个列表来存储菜单树结构
             for menu in menus:
 
+                # 是否我所在角色的菜单
+                if is_role_menu(menu.menu_id, user_id, db) != True:
+                    continue
+                
                 if sys_menu_data.sign_valid_row(menu) == False:
                     raise HmacException(500, "系统菜单表验证异常，已被非法篡改")
 
@@ -173,6 +178,19 @@ async def getRouters(request: Request, db: Session = Depends(get_db),
                     menu_data['path'] = menu_data['path'][1:]
                 menu_tree.append(menu_data)  # 将当前菜单数据添加到菜单树列表
             return menu_tree
+        
+        # 是否我所在角色的菜单
+        def is_role_menu(menu_id: int, user_id: int, db: Session):
+            
+            # 是否超级管理员
+            sql = text("select * from sys_user_role where user_id = :user_id and role_id = 1")
+            rows = db.execute(sql, {"user_id": user_id}).fetchall()
+            if len(rows) > 0:
+                return True 
+                
+            sql = text("select menu_id from sys_role_menu inner join sys_user_role on sys_role_menu.role_id = sys_user_role.role_id where sys_role_menu.menu_id = :menu_id and sys_user_role.user_id = :user_id")
+            rows = db.execute(sql, {"menu_id": menu_id, "user_id": user_id}).fetchall()
+            return len(rows) > 0
 
         # 构建顶级菜单的树形结构
         routers = build_menu_tree(menus, None)
@@ -311,6 +329,8 @@ async def getRouters(request: Request, db: Session = Depends(get_db),
                     menu_data['path'] = menu_data['path'][1:]
                 menu_tree.append(menu_data)  # 将当前菜单数据添加到菜单树列表
             return menu_tree
+        
+        
 
         # 构建顶级菜单的树形结构
         routers = build_menu_tree(menus, None)

routers/prod_api/system/user/__init__.py

@@ -15,6 +15,7 @@ from common.enc import mpfun, sys_user_data, sys_user_role_data, sys_user_post_d
 from common.db import db_czrz
 from common.auth_user import *
 import traceback
+import re
 
 router = APIRouter()
 
@@ -891,6 +892,55 @@ async def userlist(
     db: Session = Depends(get_db),
     body = Depends(remove_xss_json),
     user_id: int = Depends(valid_access_token)):
+
+    # 判断是否密码是否至少12位且必须包含大小写字母和数字
+    def check_password_base(pwd):
+        zz_str = '^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{12,}$'
+        re1 = re.search(zz_str, pwd)
+        if not re1:
+            raise Exception('密码至少12位且必须包含大小写字母和数字')
+        else:
+            check_password_special(pwd)
+
+    # 判断是否密码包含易猜解字符
+    def check_password_special(pwd):
+        list_special = ['admin', 'root', 'crld', 'crland', 'test', 'hello', '147258', '147369', '258369']
+        x=len(list_special)-1
+        for pwd_special in list_special:
+            if pwd_special in pwd.lower():
+                raise Exception('密码不能包含易猜解字符：'+str(pwd_special))
+            else:
+                if pwd_special==list_special[x]:
+                    check_password_adv(pwd)
+
+    # 判断是否是连续、重复以及易猜解
+    def check_password_adv(pwd):
+        str_all = '1234567890-=' \
+                '=-0987654321' \
+                '!@#$%^&*()_+' \
+                '+_)(*&^%$#@!' \
+                'abcdefghijklmnopqrstuvwxyz' \
+                'zyxwvutsrqponmlkjihgfedcba' \
+                'qwertyuiopasdfghjklzxcvbnm' \
+                'mnbvcxzlkjhgfdsapoiuytrewq' \
+                '1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/'
+        pwd_len=len(pwd)
+        x = -1
+        y = x+3
+        while y < pwd_len:
+            x+=1
+            y+=1
+            pwd_cut = pwd[x:y]
+            #print(pwd_cut)
+            if pwd_cut.lower() in str_all and len(pwd_cut) == 3:  # 无论是大写还是小写都统统转换为小写，为了匹配大写
+                raise Exception('密码不能包含3位以上连续字符：'+str(pwd_cut))
+
+            elif len(pwd_cut) == 3 and pwd_cut[0].lower() == pwd_cut[1].lower() == pwd_cut[2].lower():
+                raise Exception('密码不能包含3位以上重复字符：'+str(pwd_cut))
+                
+            else:
+                if y==pwd_len:
+                    print('密码复杂度合格')
     try:
 
         user = user_id_get_user_info(db,user_id)
@@ -898,6 +948,14 @@ async def userlist(
             return {"code": 500, "msg":"旧密码错误"}
         
         if "newPassword" in body:
+            try:
+                check_password_base(body['newPassword'])
+            except Exception as e:
+                return {
+                    'code': 500,
+                    'msg': str(e)
+                }
+            
             user.password = mpfun.enc_data(body['newPassword'])
             user.sign = sys_user_data.get_sign_hmac(user)
             user.update_by = user_id