ok

routers/prod_api/auth.py

@@ -389,90 +389,104 @@ def login_with_usbkey(
     logger.info('keyID: {}', keyID)    
     logger.info('verifyP7Sign: {}', result)
     
-    # 对用户账号进行密码机接口加密处理
-    username = mpfun.enc_data(username)
-    
-    redis_login_key = "login_user_" + username
-    login_error_times = redis_get(redis_login_key)
-    if login_error_times is None:
-        login_error_times = 0
-    else:
-        login_error_times = int(login_error_times)
-
-    if login_error_times >= 5:
-        raise AppException(500, "登录错误多，请5分钟后再尝试！")
+    try:
+        # 对用户账号进行密码机接口加密处理
+        username = mpfun.enc_data(username)
+        
+        redis_login_key = "login_user_" + username
+        login_error_times = redis_get(redis_login_key)
+        if login_error_times is None:
+            login_error_times = 0
+        else:
+            login_error_times = int(login_error_times)
 
-    row = db.query(SysUser).filter(SysUser.user_name == username).first()
-    if row is None:
-        login_error_times = login_error_times + 1
-        redis_set_with_time(redis_login_key, str(login_error_times), 300)
+        if login_error_times >= 5:
+            raise AppException(500, "登录错误多，请5分钟后再尝试！")
 
-        raise AppException(500, "帐号或者密码错误")
-    
-    if sys_user_data.sign_valid_row(row) == False:
-        raise AppException(500, "系统用户表验证异常，已被非法篡改")
+        row = db.query(SysUser).filter(SysUser.user_name == username).first()
+        if row is None:
+            login_error_times = login_error_times + 1
+            redis_set_with_time(redis_login_key, str(login_error_times), 300)
 
-    # 校验账号是否停用
-    if row.status != "0":
-        raise AppException(500, "帐号已停用")
-    
-    # 校验长期（超过1个月）未使用的账号和及开通后未及时（如72小时）修改初始密码的账号做清除
-    login_date = row.login_date
-    if row.login == 0:
-        # 计算初始化的时间和当前时间相差的小时数
-        diff_hour = (datetime.now() - login_date).seconds/3600
-        if diff_hour > 72:
-            raise AppException(500, "你的账号在开通后（72小时）内未登录及修改初始密码，账号已被锁定，请联系管理员处理，否则将被清除。")
+            raise AppException(500, "帐号或者密码错误")
         
-    else:
-        # 计算上次登录到当前时间的相差天数
-        diff_day = (datetime.now() - login_date).days
-        if diff_day > 30:
-            raise AppException(500, "你的账号在超过30天未登录使用，账号已被锁定，请联系管理员处理，否则将被清除。")
+        if sys_user_data.sign_valid_row(row) == False:
+            raise AppException(500, "系统用户表验证异常，已被非法篡改")
 
-    redis_set_with_time(redis_login_key, str(0), 1)
-    
-    user_id = str(row.user_id)
+        # 校验账号是否停用
+        if row.status != "0":
+            raise AppException(500, "帐号已停用")
+        
+        # 校验长期（超过1个月）未使用的账号和及开通后未及时（如72小时）修改初始密码的账号做清除
+        login_date = row.login_date
+        if row.login == 0:
+            # 计算初始化的时间和当前时间相差的小时数
+            diff_hour = (datetime.now() - login_date).seconds/3600
+            if diff_hour > 72:
+                raise AppException(500, "你的账号在开通后（72小时）内未登录及修改初始密码，账号已被锁定，请联系管理员处理，否则将被清除。")
+            
+        else:
+            # 计算上次登录到当前时间的相差天数
+            diff_day = (datetime.now() - login_date).days
+            if diff_day > 30:
+                raise AppException(500, "你的账号在超过30天未登录使用，账号已被锁定，请联系管理员处理，否则将被清除。")
 
-    auth = {
-        "user_id": user_id,
-        "user_name": mpfun.dec_data(row.user_name), 
-        "nick_name": row.nick_name,
-        "is_yzy_user": "0"
-    }
+        redis_set_with_time(redis_login_key, str(0), 1)
+        
+        user_id = str(row.user_id)
 
-    logger.info('auth {}', auth)
+        auth = {
+            "user_id": user_id,
+            "user_name": mpfun.dec_data(row.user_name), 
+            "nick_name": row.nick_name,
+            "is_yzy_user": "0"
+        }
 
-    request.session['user_auth'] = auth
-    request.session['user_auth_sign'] = data_auth_sign(auth)
-    request.session['username'] = username
+        logger.info('auth {}', auth)
 
-    db_czrz.log_username(db, row.user_id, auth['user_name'], row.nick_name, "登录", "后台USBKEY登录成功", request.client.host)
-    row.login_date = datetime.now()
-    row.login_ip = request.client.host
-    row.login = row.login + 1
-    db.commit()
+        request.session['user_auth'] = auth
+        request.session['user_auth_sign'] = data_auth_sign(auth)
+        request.session['username'] = username
 
-    access_token_expires = timedelta(days = 5)
-    access_token = security.create_access_token(
-        data={"sub": user_id}, expires_delta = access_token_expires
-    )
+        db_czrz.log_username(db, row.user_id, auth['user_name'], row.nick_name, "登录", "后台USBKEY登录成功", request.client.host)
+        row.login_date = datetime.now()
+        row.login_ip = request.client.host
+        row.login = row.login + 1
+        db.commit()
 
-    refresh_token_expires = timedelta(days = 10)
-    refresh_token = security.create_access_token(
-        data={"sub": user_id}, expires_delta = refresh_token_expires
-    )
+        access_token_expires = timedelta(days = 5)
+        access_token = security.create_access_token(
+            data={"sub": user_id}, expires_delta = access_token_expires
+        )
 
-    return {
-        "code": 200,
-        "msg": "操作成功",
-        "data": {
-            "access_token": access_token,
-            "refresh_token": refresh_token,
-            "expire_in": 7200,
-            "refresh_expire_in": 7200,
-            "client_id": "e5cd7e4891bf95d1d19206ce24a7b32e",
-            "scope": "",
-            "openid": ""
+        refresh_token_expires = timedelta(days = 10)
+        refresh_token = security.create_access_token(
+            data={"sub": user_id}, expires_delta = refresh_token_expires
+        )
+    
+        return {
+            "code": 200,
+            "msg": "操作成功",
+            "data": {
+                "access_token": access_token,
+                "refresh_token": refresh_token,
+                "expire_in": 7200,
+                "refresh_expire_in": 7200,
+                "client_id": "e5cd7e4891bf95d1d19206ce24a7b32e",
+                "scope": "",
+                "openid": ""
+            }
+        }
+    
+    except AppException as e:
+        return {
+            "code": e.code,
+            "msg": e.msg
         }
-    }
+    
+    except Exception as e:
+        traceback.print_exc()
+        return {
+            "code": 500,
+            "msg": "帐号或者密码错误"
+        }

routers/prod_api/system/role/__init__.py

@@ -14,6 +14,7 @@ import traceback
 from common.enc import mpfun, sys_user_role_data, sys_role_data, sys_role_dept_data, sys_role_menu_data
 from common.auth_user import *
 from common.db import db_czrz
+from exceptions import AppException, HmacException
 
 router = APIRouter()
 
@@ -522,6 +523,10 @@ async def rolelist( roleName: int = Query(None ,description='角色名称'),
         # 执行分页查询
         roles = query.offset((page - 1) * pageSize).limit(pageSize).all()
 
+        for info in roles:
+            if sys_role_data.sign_valid_row(info) == False:
+                raise HmacException(500, "系统角色表验证异常，已被非法篡改")
+
         # 将查询结果转换为列表形式的字典
         role_list = role_list_to_dict(roles,[])
 
@@ -536,6 +541,12 @@ async def rolelist( roleName: int = Query(None ,description='角色名称'),
             "pageSize": pageSize,
             "totalPages": (total_items + pageSize - 1) // pageSize
         }
+    
+    except HmacException as e:
+        return {
+            "code": e.code,
+            "msg": e.msg
+        }
 
     except Exception as e:
         traceback.print_exc()