魔法值修复---第一批

0cd1f18c · 技术部-任文超 · 01111283 · 0cd1f18c · 0cd1f18c · 0cd1f18c
Commit 0cd1f18c authored Oct 25, 2019 by 技术部-任文超
8 changed files
--- a/src/main/java/cn/quantgroup/xyqb/Constants.java
+++ b/src/main/java/cn/quantgroup/xyqb/Constants.java
@@ -25,6 +25,14 @@ public interface Constants {
    Long VERIFICATION_CODE_FINITE_COUNT = 3L;

    String X_AUTH_TOKEN = "x-auth-token";
+    int TOKEN_LENGTH = 36;
+    /** 垃圾，前辈竟然用这个办法来识别UUID */
+    int UUID_MIN_LENGTH = 10;
+    String CHECK_FAIL = "fail";
+    String SPLIT_CHAR = ":";
+    String TOKEN_MASTER = "*";
+    String PASSWORDD_HEADER = "Basic ";
+    int AUTHORIZE_HEADER_SIZE = 2;
    /**
     * 登录账号/手机号参数名
     */

--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
@@ -150,13 +150,12 @@ public class CaptchaFiniteValidateAdvisor {
     * @return 账密参数Map 或 null
     */
    private Map<String, String> getHeaderParam(HttpServletRequest request) {
-        String verificationHeader = "Basic ";
        String credential = request.getHeader("authorization");
-        if (StringUtils.isBlank(credential) || !credential.startsWith(verificationHeader)) {
+        if (StringUtils.isBlank(credential) || !credential.startsWith(Constants.PASSWORDD_HEADER)) {
            LOGGER.info("参数无效, credential:{}", credential);
            return null;
        }
-        credential = credential.substring(verificationHeader.length(), credential.length());
+        credential = credential.substring(Constants.PASSWORDD_HEADER.length());
        byte[] buf = Base64.decodeBase64(credential);
        credential = new String(buf, Charset.forName("UTF-8"));
        String[] credentialArr = credential.split(":");

--- a/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
@@ -80,7 +80,7 @@ public class PasswordFreeAccessValidateAdvisor {
        }
        // 当前请求的Token
        String token = request.getHeader(Constants.X_AUTH_TOKEN);
-        if (Objects.isNull(token) || token.length() != 36) {
+        if (StringUtils.length(token) != Constants.TOKEN_LENGTH) {
            LOGGER.info("非法请求 - 无效token, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
            return false;
        }

--- a/src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidateAdvisor.java
@@ -66,7 +66,7 @@ public class PasswordErrorFiniteValidateAdvisor {
            return pjp.proceed();
        }
        // 入口服务器IP
-        if (StringUtils.startsWith(clientIp, "139.198.")) {
+        if (StringUtils.startsWith(clientIp, IPUtil.IO_IP)) {
            return pjp.proceed();
        }
        // 黑名单

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
@@ -121,7 +121,7 @@ public class UserController implements IBaseController {
        if (merchant == null) {
            return JsonResult.buildErrorStateResult("未知的连接", null);
        }
-        if (!StringUtils.isEmpty(userId) && userId.length() > 10) {
+        if (StringUtils.length(userId) > Constants.UUID_MIN_LENGTH) {
            return loginWithUserId(channelId, appChannel, createdFrom, userId, merchant, dimension, request);
        } else {
            return loginWithHttpBasic(channelId, appChannel, createdFrom, merchant, dimension, request);
@@ -166,8 +166,8 @@ public class UserController implements IBaseController {
            HttpServletRequest request) {
        Map<String, JsonResult> validMap = getHeaderParam(request);
        log.info("login/fast -> channelId:{},appChannel:{},createdFrom:{},btRegisterChannelId:{},key:{},dimension:{},clickId:{}", channelId, appChannel, createdFrom, btRegisterChannelId, key, dimension, clickId);
-        if (null != validMap.get("fail")) {
-            return validMap.get("fail");
+        if (null != validMap.get(Constants.CHECK_FAIL)) {
+            return validMap.get(Constants.CHECK_FAIL);
        }
        Merchant merchant = merchantService.findMerchantByName(key);
        if (merchant == null) {
@@ -214,26 +214,26 @@ public class UserController implements IBaseController {
        String verificationHeader = "Verification ";
        String credential = request.getHeader("authorization");
        if (StringUtils.isBlank(credential)) {
-            result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
+            result.put(Constants.CHECK_FAIL, JsonResult.buildErrorStateResult("登录失败", null));
            return result;
        }
        if (!credential.startsWith(verificationHeader)) {
-            result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
+            result.put(Constants.CHECK_FAIL, JsonResult.buildErrorStateResult("登录失败", null));
            return result;
        }
        credential = credential.substring(verificationHeader.length(), credential.length());
        byte[] buf = Base64.decodeBase64(credential);
        credential = new String(buf, Charset.forName("UTF-8"));
-        String[] credentialArr = credential.split(":");
+        String[] credentialArr = credential.split(Constants.SPLIT_CHAR);
        if (credentialArr.length != 2) {
-            result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
+            result.put(Constants.CHECK_FAIL, JsonResult.buildErrorStateResult("登录失败", null));
            return result;
        }
        String phoneNo = credentialArr[0];
        String verificationCode = credentialArr[1];
        log.info("用户快速登录,phoneNo:{} , verificationCode:{}", phoneNo, verificationCode);
        if (!ValidationUtil.validatePhoneNo(phoneNo) || StringUtils.isBlank(verificationCode)) {
-            result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
+            result.put(Constants.CHECK_FAIL, JsonResult.buildErrorStateResult("登录失败", null));
            return result;
        }
        result.put("success", JsonResult.buildSuccessResult(verificationCode, phoneNo));
@@ -403,7 +403,7 @@ public class UserController implements IBaseController {
        if (StringUtils.isEmpty(token)) {
            return JsonResult.buildSuccessResult(null, false);
        }
-        if (token.contains("*")) {
+        if (token.contains(Constants.TOKEN_MASTER)) {
            return JsonResult.buildSuccessResult(null, false);
        }
        String tokenKey = Constants.SESSION_PREFIX + token;
@@ -463,10 +463,10 @@ public class UserController implements IBaseController {

    private User verificateUserNameAndPassword(HttpServletRequest request) {
        String credential = request.getHeader("authorization");
-        if (StringUtils.isBlank(credential) || !credential.startsWith("Basic ")) {
+        if (StringUtils.isBlank(credential) || !credential.startsWith(Constants.PASSWORDD_HEADER)) {
            return null;
        }
-        credential = credential.substring("Basic ".length(), credential.length());
+        credential = credential.substring(Constants.PASSWORDD_HEADER.length());
        byte[] buf = Base64.decodeBase64(credential);
        String bufStr = "";
        try {
@@ -476,7 +476,7 @@ public class UserController implements IBaseController {
        }
        String clientIp = getIp();
        String[] credentialArr = bufStr.split(":");
-        if (credentialArr.length != 2) {
+        if (credentialArr.length != Constants.AUTHORIZE_HEADER_SIZE) {
            log.info("用户登录失败：{}", bufStr);
            // 向该ipv4添加错误计数器
            lockIpv4Service.countErrorByIpv4(clientIp);

--- a/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
@@ -80,7 +80,7 @@ public class SessionServiceImpl implements ISessionService {
        SessionStruct sessionStruct;
        //获取sessionid
        String sessionId = findSessionIdByUserIdLoginProperties(user.getId(), properties);
-        if (StringUtils.length(sessionId) == 36) {
+        if (StringUtils.length(sessionId) == Constants.TOKEN_LENGTH) {
            sessionStruct = findSessionBySessionId(sessionId);
            if (sessionStruct == null) {
                sessionStruct = newSession(user, properties);

--- a/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
+++ b/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
@@ -40,7 +40,7 @@ public class XyqbSessionContextHolder {
    }

    public static SessionStruct getXSessionFromRedis(String token) {
-        if (Objects.isNull(token) || token.length() != 36 || Objects.isNull(redisTemplate)) {
+        if (StringUtils.length(token) != Constants.TOKEN_LENGTH || Objects.isNull(redisTemplate)) {
            return null;
        }
        String result = redisTemplate.opsForValue().get(Constants.Session.USER_SESSION_CACHE + token);

--- a/src/main/java/cn/quantgroup/xyqb/util/IPUtil.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/IPUtil.java
@@ -30,6 +30,8 @@ public class IPUtil {
     */
    private static final Set<String> WHITE_ADDRESS = Sets.newHashSet();
    private static final String LOCAL_ADDRESS = "127.0.0.1";
+    /** 入口服务器IP */
+    public static final String IO_IP = "139.198.";

    static {
        String[] ips = {"172.16.", "172.18.", "172.20.", "172.21.", "172.30.", "172.41.", "192.168.3.", "192.168.4."};