From 0623ce539afcfeae7486881baee19544dd4d5b54 Mon Sep 17 00:00:00 2001
From: igor <irigm@mail.ru>
Date: Thu, 19 Dec 2024 07:59:13 +0600
Subject: [PATCH] =?UTF-8?q?+=D1=84=D1=83=D0=BD=D0=BA=D1=86=D0=B8=D1=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../java/org/ccalm/jwt/MainController.java    | 84 ++++++++++++++++---
 1 file changed, 73 insertions(+), 11 deletions(-)

diff --git a/src/main/java/org/ccalm/jwt/MainController.java b/src/main/java/org/ccalm/jwt/MainController.java
index b9cfe30..b325f6c 100644
--- a/src/main/java/org/ccalm/jwt/MainController.java
+++ b/src/main/java/org/ccalm/jwt/MainController.java
@@ -730,7 +730,12 @@ public class MainController implements ServletContextAware {
             }
 
             //I check that there are no more than 5 failed authorization errors in 5 minutes
-            String sql = "";
+            Map<String, Integer> bResult = userIsBlocked(trt, loginModel.getLogin(), ipAddress);
+            int attempt_count = bResult.get("attempt_count");
+            int attempt_limit = bResult.get("attempt_limit");
+            //attempt_duration=0;
+
+            /*String sql = "";
             int attempt_count=0, attempt_limit=0, attempt_duration=0;
             MapSqlParameterSource parameters = null;
             List<String> ret = null;
@@ -760,7 +765,12 @@ public class MainController implements ServletContextAware {
                 String uuid = UUID.randomUUID().toString();
                 logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
                 throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
-            }
+            }*/
+
+
+            MapSqlParameterSource parameters = null;
+            String sql = "";
+            List<String> ret = null;
 
             //I'm trying to log in
             json = null;
@@ -969,6 +979,44 @@ public class MainController implements ServletContextAware {
         return json.toString();
     }
 
+    Map<String, Integer> userIsBlocked(Translation trt, String login,String ip) throws CustomException {
+        int attempt_count=0, attempt_limit=0;//, attempt_duration=0;
+        MapSqlParameterSource parameters = null;
+        List<java.lang.String> ret = null;
+        try {
+            java.lang.String sql = "select * from main.user_is_blocked(:login,:ip)";
+            parameters = new MapSqlParameterSource();
+            parameters.addValue("login", login);
+            parameters.addValue("ip", ip);
+            ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
+            for (int i = 0; i < ret.size(); i++) {
+                JSONObject json = new JSONObject(ret.get(i));
+                if (!json.has("result") || json.getBoolean("result")) {
+                    if(json.getInt("count")==0)
+                    {
+                        throw new CustomException(10000, trt.trt("The_user_account_is_blocked"),null);
+                    }else{
+                        throw new CustomException(10000, java.lang.String.format(trt.trt("The_limit_of_authorization_attempts_has_been_exceeded_please_wait_s_minutes"), json.getInt("limit_duration")),null);
+                    }
+                }
+                if(json.has("count") && json.has("limit_count") && json.has("limit_duration")) {
+                    attempt_count = json.getInt("count");
+                    attempt_limit = json.getInt("limit_count");
+                    //attempt_duration = json.getInt("limit_duration");
+                }
+            }
+        }catch (DataAccessException ex){
+            java.lang.String uuid = UUID.randomUUID().toString();
+            logger.error("Error executing SQL query", uuid, ex);
+            throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
+        }
+
+        Map<String, Integer> result = new HashMap<>();
+        result.put("attempt_count", attempt_count);
+        result.put("attempt_limit", attempt_limit);
+        return result;
+    }
+
     //Функция для генерации нового TOTP ключа (немного похожа на логин, но не логин).
     //Если это первое получение TOTP, то старый TOTP не нужен если последующее, то нужен!
     @RequestMapping(value = "/newtotp",method = {RequestMethod.POST},produces = "application/json;charset=utf-8")
@@ -996,7 +1044,12 @@ public class MainController implements ServletContextAware {
             }
 
             //I check that there are no more than 5 failed authorization errors in 5 minutes
-            String sql = "";
+            Map<String, Integer> bResult = userIsBlocked(trt, loginModel.getLogin(), ipAddress);
+            int attempt_count = bResult.get("attempt_count");
+            int attempt_limit = bResult.get("attempt_limit");
+            //attempt_duration=0;
+
+            /*String sql = "";
             int attempt_count=0, attempt_limit=0, attempt_duration=0;
             MapSqlParameterSource parameters = null;
             List<String> ret = null;
@@ -1024,10 +1077,13 @@ public class MainController implements ServletContextAware {
                 }
             }catch (DataAccessException ex){
                 String uuid = UUID.randomUUID().toString();
-                logger.error("Функция main.user_is_blocked не вернула результата!", uuid, ex);
+                logger.error("Error executing SQL query", uuid, ex);
                 throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),uuid);
-            }
+            }*/
 
+            String sql = "";
+            MapSqlParameterSource parameters = null;
+            List<String> ret = null;
             //I'm trying to log in
             json = null;
             try {
@@ -1415,8 +1471,14 @@ public class MainController implements ServletContextAware {
             if (ipAddress == null) {
                 ipAddress = request.getRemoteAddr();
             }
+
+            Map<String, Integer> bResult = userIsBlocked(trt, update.getLogin(), ipAddress);
+            int attempt_count = bResult.get("attempt_count");
+            int attempt_limit = bResult.get("attempt_limit");
+            //attempt_duration=0;
+
             //String sql = "select main.user_is_blocked(:login,:ip) as block";
-            String sql = "select * from main.user_is_blocked(:login,:ip)";
+            /*String sql = "select * from main.user_is_blocked(:login,:ip)";
             MapSqlParameterSource parameters = new MapSqlParameterSource();
             parameters.addValue("login", update.getLogin());
             parameters.addValue("ip", ipAddress);
@@ -1431,15 +1493,15 @@ public class MainController implements ServletContextAware {
             if(rows==null) {
                 logger.error("Функция main.user_is_blocked не вернула результата!");
                 throw new CustomException(10000, trt.trt("Error_executing_SQL_query"),null);
-            }
+            }*/
 
             //Получаю id пользователя
-            sql="select id from main._users where del=false and password=crypt(:password, password) and email=:email";
-            parameters = new MapSqlParameterSource();
+            String sql = "select id from main._users where del=false and password=crypt(:password, password) and email=:email";
+            MapSqlParameterSource parameters = new MapSqlParameterSource();
             parameters.addValue("email", update.getLogin());
             parameters.addValue("password", update.getPassword());
-            ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
-            rows = null;
+            List<String> ret = jdbcTemplate.query(sql, parameters, new DBTools.JsonRowMapper());
+            JSONObject rows=null;
             for (int i = 0; i < ret.size(); i++) {
                 rows = new JSONObject(ret.get(i));
             }