Merge branch 'master' into feature/20171121

src/main/java/cn/quantgroup/xyqb/Constants.java

@@ -41,16 +41,22 @@ public interface Constants {
   String X_AUTH_TOKEN = "x-auth-token";
   String ONE_TIME_TOKEN = "oneTimeToken";
 
+  // -- Start -- IPV4安全策略常量组
   String REDIS_PASSWORD_ERROR_COUNT = "password_error_count:";
   String REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 = "password_error_count_4_ipv4:";
+  String IPV4_LOCK_WHITE = "lock_ipv4:white:";
+  String IPV4_LOCK_BLACK = "lock_ipv4:black:";
+  String IPV4_LOCK_MINUTES_REDIS = "lock_ipv4:minutes:";
+  String IPV4_LOCK_ON_COUNTS_REDIS = "lock_ipv4:on_counts:";
   String IPV4_LOCK = "lock_ipv4:";
-  Long IPV4_LOCK_MINUTES = 6 * 60L;
+  Long IPV4_LOCK_MINUTES = 3 * 60L;
   Long IPV4_COUNT_MINUTES = 1L;
-  Long IPV4_LOCK_ON_COUNTS = 200L;
+  Long IPV4_LOCK_ON_COUNTS = 60L;
   int DANGEROUS_TIME_START = 22;
   int DANGEROUS_TIME_END = 6;
   String CLEAR_LOCK_FOR_IPV4 = "x-clear-lock-11241842-y";
   String CLEAR_LOCK_FOR_IPV4_KEY = "lhp.family.dwy.sjs.yym.cxy.cpg";
+  // -- End -- IPV4安全策略常量组
   /**
    * redis中token的key值前缀
    */

src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java → src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidateAdvisor.java

-package cn.quantgroup.xyqb.aspect.captcha;
+package cn.quantgroup.xyqb.aspect.lock;
 
 
 import cn.quantgroup.xyqb.Constants;
@@ -39,7 +39,7 @@ public class PasswordErrorFiniteValidateAdvisor {
   /**
    * 密码错误限次切面
    */
-  @Pointcut("@annotation(cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator)")
+  @Pointcut("@annotation(cn.quantgroup.xyqb.aspect.lock.PasswordFineteValidator)")
   private void passwordErrorFiniteValidate() {
   }
 
@@ -59,9 +59,19 @@ public class PasswordErrorFiniteValidateAdvisor {
     HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
     // 客户端IP
     String clientIp = getIp(request);
-    if (StringUtils.startsWith(clientIp, "139.198.")){
+    // 入口服务器IP
+    if(StringUtils.startsWith(clientIp, "139.198.")){
       return pjp.proceed();
     }
+    // 白名单
+    if(redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_WHITE, clientIp)){
+      return pjp.proceed();
+    }
+    // 黑名单
+    if(redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_BLACK, clientIp)){
+      LOGGER.info("Locked ip access:{}", clientIp);
+      return JsonResult.buildErrorStateResult("登录失败", null);
+    }
     String lockIpv4Key = getLockIpv4Key(clientIp);
     String lock = redisTemplate.opsForValue().get(lockIpv4Key);
     if (Objects.equals(Boolean.TRUE.toString(), lock)){

src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordFineteValidator.java → src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordFineteValidator.java

-package cn.quantgroup.xyqb.aspect.captcha;
+package cn.quantgroup.xyqb.aspect.lock;
 
 import java.lang.annotation.*;
 

src/main/java/cn/quantgroup/xyqb/config/web/InterceptorConfig.java

 package cn.quantgroup.xyqb.config.web;
 
-import cn.quantgroup.xyqb.interceptors.ChannelIdInterceptor;
 import cn.quantgroup.xyqb.interceptors.IPWhiteListInterceptor;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
@@ -13,12 +12,11 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
 @Configuration
 public class InterceptorConfig extends WebMvcConfigurerAdapter {
 
-  @Value("${configserver.disable}")
-  private Integer isDebug;
+    @Value("${configserver.disable}")
+    private Integer isDebug;
 
-  public void addInterceptors(InterceptorRegistry registry) {
-    registry.addInterceptor(new IPWhiteListInterceptor(isDebug)).addPathPatterns("/innerapi/**");
-    registry.addInterceptor(new ChannelIdInterceptor()).addPathPatterns("/**");
-  }
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(new IPWhiteListInterceptor(isDebug)).addPathPatterns("/innerapi/**");
+    }
 
 }

src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java

@@ -2,7 +2,7 @@ package cn.quantgroup.xyqb.controller.internal.user;
 
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.captcha.CaptchaFineteValidator;
-import cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator;
+import cn.quantgroup.xyqb.aspect.lock.PasswordFineteValidator;
 import cn.quantgroup.xyqb.aspect.logcaller.LogHttpCaller;
 import cn.quantgroup.xyqb.controller.IBaseController;
 import cn.quantgroup.xyqb.entity.Merchant;

src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java

@@ -26,12 +26,8 @@ import java.io.PrintWriter;
 public class RequestFilter implements Filter {
 
   private static final String[] ALLOWED_PATTERNS = {
-      "/user_detail/**","/hello/**","/innerapi/**", "/user/exist", "/motan/**", "/user/register", "/user/login", "/user/register/fast",
-      "/token/oneTime", "/user/loginV1", "/user/login/fastV1","/user/**","/api/sms/send_login_code_new_forH5","/user/lock_ipv4",
-      "/auth/info/login","/user/login/fast","/user/reset_password", "/user/exist_check","/user/center/**",
-      "/jr58/**", "/app/login", "/app/login_super","/app/login2","/user/login2", "/wechat/**", "/config/**", "/api/**", "/user/exists_token","/query/**",
-      "/platform/api/page/return_url", "/MP_" +
-      "verify_AWiagUn4kZiwmTt0.txt"
+      "/wechat/**", "/config/**", "/api/**", "/query/**", "/user_detail/**", "/hello/**", "/innerapi/**", "/motan/**", "/user/**", "/lock/**",
+      "/auth/info/login", "/app/login", "/app/login_super", "/app/login2", "/platform/api/page/return_url", "/MP_verify_AWiagUn4kZiwmTt0.txt"
   };
   private static final String UNAUTH_RESULT = JSONObject.toJSONString(JsonResult.buildErrorStateResult("登录失败", null));
   @Autowired

src/main/java/cn/quantgroup/xyqb/interceptors/ChannelIdInterceptor.java

-package cn.quantgroup.xyqb.interceptors;
-
-import org.springframework.web.servlet.HandlerInterceptor;
-import org.springframework.web.servlet.ModelAndView;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * Created by Miraculous on 15/7/10.
- */
-public class ChannelIdInterceptor implements HandlerInterceptor {
-
-  private static final String CHANNEL_ID = "channelId";
-  private static final String CREATED_FROM = "createdFrom";
-  private static final String APP_CHANNEL = "appChannel";
-
-  @Override
-  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
-    String channelId = request.getParameter(CHANNEL_ID);
-    if (channelId == null) {
-      channelId = (String) request.getAttribute(CHANNEL_ID);
-    }
-    if (channelId != null) {
-      request.getSession().setAttribute(CHANNEL_ID, channelId);
-    }
-
-    String createdFrom = request.getParameter(CREATED_FROM);
-    if (createdFrom == null) {
-      createdFrom = (String) request.getAttribute(CREATED_FROM);
-    }
-    if (createdFrom != null) {
-      request.getSession().setAttribute(CREATED_FROM, createdFrom);
-    }
-
-    String appChannel = request.getParameter(APP_CHANNEL);
-    if (appChannel == null) {
-      appChannel = (String) request.getAttribute(APP_CHANNEL);
-    }
-    if (appChannel != null) {
-      request.getSession().setAttribute(APP_CHANNEL, appChannel);
-    }
-    return true;
-  }
-
-  @Override
-  public void postHandle(HttpServletRequest request, HttpServletResponse response, Object o, ModelAndView modelAndView) throws Exception {
-
-  }
-
-  @Override
-  public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object o, Exception e) throws Exception {
-
-  }
-}