增加局域网访问限制和用户token安全认证

src/main/java/cn/quantgroup/xyqb/aspect/accessable/IpValidatorAdvisor.java

@@ -36,6 +36,12 @@ public class IpValidatorAdvisor {
         HttpServletRequest request = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getRequest();
         String ip = IPUtil.getRemoteIP(request);
         LOGGER.info("获取ip地址:" + ip);
+        if(ip.startsWith("172")||ip.startsWith("192")){
+            return pjp.proceed();
+        } else {
+            LOGGER.error("非法ip:{}", ip);
+            return JsonResult.buildErrorStateResult("非法ip", null);
+        }
         /*HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
         String ip = IPUtil.getRemoteIP(request);
         if(accessable) {
@@ -48,6 +54,6 @@ public class IpValidatorAdvisor {
                 return JsonResult.buildErrorStateResult("非法ip", null);
             }
         }*/
-        return pjp.proceed();
+        //return pjp.proceed();
     }
 }

src/main/java/cn/quantgroup/xyqb/controller/external/queryLog/UserQueryLogController.java

@@ -67,11 +67,13 @@ public class UserQueryLogController {
 
   private static final String privateKey="MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJiLDU8pacJuQrLMcr5uUekpNH+q07c6rue+NJ1yikJKY4mqOLcH6okyt/TfbjaZgkhB4XdhJNBlN+uLkSQ2CiqfRj8piksAq6rz2M90iQHeW+Ku97D22l9sBPgHXhaChZ0wfmiioG3SXLd/4mOgEzl0oVM6uFySEUOhoHdQBpqJAgMBAAECgYA3DfCWwoaWEr9l0p4TFrPfZ+y3qwrQVZCsuRw6Ow2lUT3NgK8JeATw0WpNKZqYgBziQUzDjj8AK5fcHjobDJnsKGqC2VQ+j05hQZztoHTrYxOx6xrGxIzqmbt/dPsw779xXSRJu3DuUeCm6CrGZpVpPX/NtXBxIhXRY2KRNa1SZQJBAPMboc+M6/OeGPQqFvXg9jgEWcosBpy6HtukfjONQAVuM5e0pZa8SQCLhcoHgbbqcEhbDAJEqr9x9eZjjFPSt08CQQCgoe/hOVf0s5oo1IM1TVEUkGOIzVVlyTMwu0p4jwt3987D7BKZe7mCl41quWDwL4JIQ0GcivVMpJzYsDBZHRqnAkBMgCKAHHlXdSWnF+OXxg3U/NGAhDAke5EgTvgDouxFiTMlBwygjWlviXg1Zf1UoRtqOXRi9lbA3cyijirnacSTAkBmve0ug30MmOvbfcHGkANyQcBIOf2LMxu46bKCVgwh2bC4hACJhydqrgDX6GZmehy8l7gZpo+rTAa+WkMyXHk1AkEArt6ElkyNI7TDu0By59Zin05tuZJr6QoMXs9bVH+xP3OBG1KfPYTBc9yb5MOjXIxAjyGGeDpUfhuUDBe56GTOBA==";
   @RequestMapping("/queryLog")
-  public JsonResult queryLog(@RequestParam(required=false) String beginDate,@RequestParam(required=false) String endDate, Integer pageId, Integer pageSize) {
+  public JsonResult queryLog(@RequestParam(required=false) String beginDate,@RequestParam(required=false) String endDate, Integer pageId, Integer pageSize,String token) {
 
+    if(!checkUserToken(token)){
+      return JsonResult.buildErrorStateResult("未授权查询",null);
+    }
       try{
         SimpleDateFormat sf=new SimpleDateFormat("yyyy-MM-dd");
-
         SimpleDateFormat sfs=new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
         Date date1=null,date2=null;
         if(beginDate!=null&& StringUtils.hasLength(beginDate)){
@@ -79,7 +81,6 @@ public class UserQueryLogController {
         }else{
           String nowStr=sf.format(new Date());
           date1=sfs.parse(nowStr+" 00:00:00");
-          //date1=new Date();
         }
         if(endDate!=null&& StringUtils.hasLength(endDate)){
           date2=sfs.parse(endDate+" 23:59:59");
@@ -92,6 +93,9 @@ public class UserQueryLogController {
         Long total=userQueryLogService.findByTimestampCount(date1,date2);
         PageModel<UserQueryLog> uqp=new PageModel<UserQueryLog>();
         uqp.setTotal(total);
+        if(pageSize==0||pageSize<0){
+          pageSize=30;
+        }
         uqp.setPageSize(pageSize);
         uqp.setPageId(pageId);
         uqp.setPageList(userQueryLogs);
@@ -107,12 +111,16 @@ public class UserQueryLogController {
   }
 
   @RequestMapping("/queryUserInfo")
-  public JsonResult queryForResult(String key,String keyValues,String userName, String columns,Integer pageId,Integer pageSize) {
+  public JsonResult queryForResult(String key,String keyValues,String userName, String columns,Integer pageId,Integer pageSize,String token) {
 
     //columns=>  userId,phoneNo,idNo,bankCard,address
     //key=>phoneNo、idNo、userId
     //checkKeysType;
     //后台参数校验
+    //校验用户权限
+    if(!checkUserToken(token)){
+      return JsonResult.buildErrorStateResult("未授权查询",null);
+    }
     String[] values=keyValues.split(";");
     List<String> queryV= Arrays.asList(values);
     List<UserQueryInfo> userQueryInfos=new ArrayList<UserQueryInfo>();
@@ -220,11 +228,6 @@ public class UserQueryLogController {
     log.setQueryDetail(keyValues);
     log.setLoginUserName(userName);
     log.setQueryDetail(keyValues);
-//    if(keyValues!=null&&keyValues.length()<=2048){
-//      log.setQueryDetail(keyValues);
-//    }else{
-//      log.setQueryDetail(keyValues.substring(0,2048));
-//    }
     userQueryLogService.save(log);
 
     PageModel<UserQueryInfo> uqi=new PageModel<UserQueryInfo>();
@@ -285,7 +288,12 @@ public class UserQueryLogController {
   }
 
   @RequestMapping("/exportUserInfo")
-  public JsonResult exportExcel(final HttpServletResponse response,String key,String keyValues,String userName, String columns){
+  public JsonResult exportExcel(final HttpServletResponse response,String key,String keyValues,String userName, String columns,String token){
+
+    if(!checkUserToken(token)){
+      return JsonResult.buildErrorStateResult("未授权查询",null);
+    }
+
     List<UserQueryInfo> uqls=new ArrayList<UserQueryInfo>();
 
     String[] values=keyValues.split(";");
@@ -389,20 +397,20 @@ public class UserQueryLogController {
     HSSFCellStyle style = wb.createCellStyle();
     style.setAlignment(HSSFCellStyle.ALIGN_CENTER); // 创建一个居中格式
 
-    HSSFCell cell = row.createCell((short) 0);
+    HSSFCell cell = row.createCell(0);
     cell.setCellValue("userId");
     cell.setCellStyle(style);
-    cell = row.createCell((short) 1);
+    cell = row.createCell( 1);
     cell.setCellValue("手机号");
     cell.setCellStyle(style);
-    cell = row.createCell((short) 2);
+    cell = row.createCell( 2);
     cell.setCellValue("身份证号");
     cell.setCellStyle(style);
-    cell = row.createCell((short) 3);
+    cell = row.createCell( 3);
     cell.setCellValue("银行卡号");
     cell.setCellStyle(style);
 
-    cell = row.createCell((short) 4);
+    cell = row.createCell( 4);
     cell.setCellValue("地址");
     cell.setCellStyle(style);
 
@@ -414,11 +422,11 @@ public class UserQueryLogController {
       row = sheet.createRow((int) i + 1);
       UserQueryInfo user = (UserQueryInfo) uqls.get(i);
       // 第四步，创建单元格，并设置值
-      row.createCell((short) 0).setCellValue( user.getUserId());
-      row.createCell((short) 1).setCellValue(user.getPhoneNo());
-      row.createCell((short) 2).setCellValue(user.getIdNo());
-      row.createCell((short) 3).setCellValue(user.getBankCards());
-      row.createCell((short) 4).setCellValue(user.getAddress());
+      row.createCell(0).setCellValue( user.getUserId());
+      row.createCell(1).setCellValue(user.getPhoneNo());
+      row.createCell(2).setCellValue(user.getIdNo());
+      row.createCell(3).setCellValue(user.getBankCards());
+      row.createCell(4).setCellValue(user.getAddress());
 
     }
     // 第六步，将文件存到指定位置
@@ -439,4 +447,21 @@ public class UserQueryLogController {
     return JsonResult.buildSuccessResult("导出成功",null);
   }
 
+  private boolean checkUserToken(String token){
+
+    HashMap<String, String> parameters = new HashMap<>();
+    parameters.put("token", token);
+    String url="http://192.168.4.50:7047";
+    //访问用户中心查询用户银行卡接口
+    String resultStr = httpService.post(url + "/user/info", parameters);
+    try{
+      JsonObject resultUser = new JsonParser().parse(resultStr).getAsJsonObject();
+      if(resultUser.get("code").getAsString().equals("0000")&&resultUser.get("data").getAsJsonObject()!=null){
+        return true;
+      }
+    }catch(Exception e){
+
+    }
+    return false;
+  }
 }