dbs289
/
LifeCenter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168
							package com.lemon.lifecenter.controller;

import java.util.HashMap;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

import com.lemon.lifecenter.common.LifeCenterConfigVO;
import com.lemon.lifecenter.common.LifeCenterController;
import com.lemon.lifecenter.common.LifeCenterFunction;
import com.lemon.lifecenter.common.LifeCenterSessionController;
import com.lemon.lifecenter.dto.LoginDTO;
import com.lemon.lifecenter.service.LoginService;

@Controller
@RequestMapping("/login")
public class LoginController extends LifeCenterController {
    private final Logger logger = LoggerFactory.getLogger(this.getClass());
    
    @Autowired
    LifeCenterConfigVO config;
    
    @Autowired
    LoginService loginService;
    
    @RequestMapping("/admin")
    public ModelAndView adminLogin() {
        ModelAndView mv = setMV("login/admin");

        return mv;
    }

    @RequestMapping("/staff")
    public ModelAndView staffLogin() {
        ModelAndView mv = setMV("login/staff");

        return mv;
    }
    
    
    @RequestMapping( value="/check", method = RequestMethod.POST )
    @ResponseBody
    public String staffLoginCheck( 
            @ModelAttribute("dto") final LoginDTO dto, 
            HttpServletRequest request, HttpServletResponse response ) throws Exception {
        String remoteIp   = LifeCenterFunction.getRemoteAddr( request );
        String resultCode = "";
        String message    = "";
        String url        = "";
        
        HashMap<String, String> accessMap = new HashMap<String, String>();
        JSONObject json = new JSONObject();
        
//        dto.setPassword( LifeCenterFunction.aesEncrypt( config.aesKey, config.IV, dto.getPassword() ) );
        String passwordVal = dto.getPassword();
        dto.setPassword( LifeCenterFunction.sha256Encrypt( passwordVal ) );
        
        int total = loginService.selectMemberCount( dto );
        
        if( total == 0 ) { //로그인실패시 log 남긴 후 failCount 처리
            
            resultCode = "01";
            message    = "아이디 또는 비밀번호를 다시 확인하세요.<br/>등록되지 않은 사용자이거나, 잘못된 비밀번호입니다.";
            
            logger.info( "[LOGIN FAILED] RemoteIP : " + remoteIp + " ID : " + dto.getId() + "MESSAGE : " + LifeCenterFunction.removeTag( message ) );
            
            if( loginService.selectMemberIdCount( dto ) == 1 ) { //존재하는사용자일경우
                dto.setFailCount( loginService.selectMemberFailCount( dto ) + 1 ); //해당아이디의 failCount + 1
                dto.setResultCode( resultCode );
                
                accessMap.put( "id" , dto.getId() );
                accessMap.put( "ip" , remoteIp );
                accessMap.put( "successYn", "N" );
                accessMap.put( "logMessage" , LifeCenterFunction.removeTag( message ) );
                
                loginService.updateMemberLoginData( dto ); //해당 아이디의 failCount
                loginService.insertAccessHistory( accessMap );
            }
        } else { // 로그인 성공시 ( id, password 일치 )
            LoginDTO memberData = loginService.selectMemberData( dto );
            
            accessMap.put( "id" , dto.getId() );
            accessMap.put( "ip" , remoteIp );
            
            if( memberData.getUseYn().toUpperCase().equals( "N" ) ) { // 사용이 중지된 계정
                logger.info( "[LOGIN FAILED] RemoteIP : " + remoteIp + " ID : " + dto.getId() );
                
                resultCode = "02";
                message    = "사용이 중지된 계정입니다. 관리자에게 문의하세요.";
                
                accessMap.put( "successYn", "N" );
                accessMap.put( "logMessage" , message );
                
                logger.info( "[LOGIN FAILED] RemoteIP : " + remoteIp + " ID : " + dto.getId() + "MESSAGE : " + message );
                
                loginService.insertAccessHistory( accessMap );
                
            } else {
                // 로그인 성공
                // failCount 0 초기화
                // last login time NOW() update
                resultCode = "00";
                message    = "로그인 성공";
                
                dto.setFailCount( 0 );
                dto.setResultCode( resultCode );
                accessMap.put( "successYn", "Y" );
                accessMap.put( "logMessage" , message );
                
                logger.info( "[LOGIN SUCCESS] RemoteIP : " + remoteIp + " ID : " + dto.getId() + "MESSAGE : " + message );
                
                loginService.updateMemberLoginData( dto ); //failCount -> 0, lastLoginTime -> NOW()
                loginService.insertAccessHistory( accessMap ); //insert AccessHistory
                
                
                LifeCenterSessionController.sessionInvalidate( request );
                
                LifeCenterSessionController.setSession( request, "sesId",   memberData.getId() );
                LifeCenterSessionController.setSession( request, "sesName", memberData.getName() );
                LifeCenterSessionController.setSession( request, "sesCenterCode", memberData.getCenterCode() );
                LifeCenterSessionController.setSession( request, "sesCenterName", memberData.getCenterName() );
                LifeCenterSessionController.setSession( request, "sesGroupIdx", String.valueOf( memberData.getGroupIdx() ) );
                LifeCenterSessionController.setSession( request, "sesPhoneNumber", String.valueOf( memberData.getPhoneNumber() ) );
                
                
                url = "/patient/list";
                if( memberData.getGroupIdx() == 1 ) {
                    url = "/center/list";
                }
                
                // 로그인시 초기화 비밀번호일 경우 비밀번호 변경 페이지로 이동
                if( passwordVal.equals( config.staffResetPw ) || passwordVal.equals( config.centerResetPw ) ) {
                    LifeCenterSessionController.setSession( request, "sesPasswordChange", "true" );
                    url = "/staff/myinfo";
                }
            }
        }
        
        json.put( "code", resultCode );
        json.put( "message", message );
        json.put( "url", url );
        
        return json.toString();
    }
    
    @RequestMapping("/logout")
    public String staffLogout( HttpServletRequest request, HttpServletResponse response ) {
        String remoteIp  = LifeCenterFunction.getRemoteAddr( request );
        String sesId     = LifeCenterSessionController.getSession( request, "sesId" );
        
        LifeCenterSessionController.sessionInvalidate( request );
        
        logger.info( "[LOGOUT] RemoteIP : " + remoteIp + " UserId : " + sesId );
        
        return "redirect:/login/staff";
    }
}