Merge branch 'feature/20171123-4-user.login' of...

Merge branch 'feature/20171123-4-user.login' of http://git.quantgroup.cn/head_group/xyqb-user2 into feature/20171123-4-user.login

Merge branch 'feature/20171123-4-user.login' of...
Merge branch 'feature/20171123-4-user.login' of http://git.quantgroup.cn/head_group/xyqb-user2 into feature/20171123-4-user.login
48220509 · Java—红包—徐然 · 6d19673f · 523ce5b3 · 48220509 · 48220509
Commit 48220509 authored Nov 23, 2017 by Java—红包—徐然
4 changed files
--- a/src/main/java/cn/quantgroup/xyqb/Constants.java
+++ b/src/main/java/cn/quantgroup/xyqb/Constants.java
@@ -38,6 +38,12 @@ public interface Constants {
  final Long Image_Need_Count=3L;
  String REDIS_PASSWORD_ERROR_COUNT = "password_error_count:";
  String REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 = "password_error_count_4_ipv4:";
+  String IPV4_LOCK = "lock_ipv4:";
+  final Long IPV4_LOCK_MINUTES = 6 * 60L;
+  final Long IPV4_COUNT_MINUTES = 1L;
+  final Long IPV4_LOCK_ON_COUNTS = 60L;
+  final int DANGEROUS_TIME_START = 22;
+  final int DANGEROUS_TIME_END = 6;
  /**
   * redis中token的key值前缀
   */

--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java
@@ -46,7 +46,7 @@ public class PasswordErrorFiniteValidateAdvisor {
  }

  /**
-   * 在受保护的接口方法执行前, 执行密码错误限次校验
+   * 在受保护的接口方法执行前, 执行锁状态校验
   *
   * @param pjp
   * @return
@@ -54,32 +54,23 @@ public class PasswordErrorFiniteValidateAdvisor {
   */
  @Around("passwordErrorFiniteValidate()")
  private Object doFiniteValidate(ProceedingJoinPoint pjp) throws Throwable {
+    if(!ValidationUtil.isAtDangerousTime()){
+      return pjp.proceed();
+    }
    HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    // 客户端IP
    String clientIp = getIp(request);
-    Long countErrorByIp = getIpv4Count(clientIp);
-    // 5分钟内不超过3次
-    if(countErrorByIp > Constants.Image_Need_Count){
+    String lockIpv4Key = getLockIpv4Key(clientIp);
+    String lock = redisTemplate.opsForValue().get(lockIpv4Key);
+    if (Objects.equals(Boolean.TRUE.toString(), lock)){
+      LOGGER.info("Locked ip access:{}", clientIp);
      return JsonResult.buildErrorStateResult("登录失败", null);
    }
    return pjp.proceed();
  }

-  // 获取该ipv4密码错误计数器
-  private Long getIpv4Count(String ipv4) {
-    if (ValidationUtil.validateIpv4(ipv4) && ValidationUtil.validateLocalIpv4(ipv4)) {
-      return 0L;
-    }
-    String key = getIpKey(ipv4);
-    String countString = redisTemplate.opsForValue().get(key);
-    if (StringUtils.isBlank(countString)) {
-      return 0L;
-    }
-    return Long.valueOf(countString);
-  }
-
-  private final static String getIpKey(String ipv4){
-    return Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 + ipv4;
+  private final static String getLockIpv4Key(String ipv4){
+    return Constants.IPV4_LOCK + ipv4;
  }

  /**

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
@@ -515,12 +515,16 @@ public class UserController implements IBaseController {
    }
    String[] credentialArr = bufStr.split(":");
    if (credentialArr.length != 2) {
+      // 向该ipv4添加错误计数器
+      countErrorByIpv4();
      return null;
    }
    String userName = credentialArr[0];
    String pass = credentialArr[1];
    User user = userService.findByPhoneWithCache(userName);
    if (user == null || !user.getEnable()) {
+      // 向该ipv4添加错误计数器
+      countErrorByIpv4();
      return null;
    }
    //验证密码
@@ -536,14 +540,22 @@ public class UserController implements IBaseController {
   * 向该ipv4添加错误计数器
   */
  private void countErrorByIpv4() {
+    if(!ValidationUtil.isAtDangerousTime()){
+      return;
+    }
    String ipv4 = getIp();
    if (StringUtils.isNotBlank(ipv4) && !ValidationUtil.validateLocalIpv4(ipv4)) {
      String ipv4Key = getIpKey(getIp());
      if(!stringRedisTemplate.hasKey(getIpKey(getIp()))){
        // 计数周期5分钟
-        stringRedisTemplate.opsForValue().set(ipv4Key, String.valueOf(0), 5, TimeUnit.MINUTES);
+        stringRedisTemplate.opsForValue().set(ipv4Key, String.valueOf(0), Constants.IPV4_COUNT_MINUTES, TimeUnit.MINUTES);
+      }
+      Long count = stringRedisTemplate.opsForValue().increment(ipv4Key, 1L);
+      if (count >= Constants.IPV4_LOCK_ON_COUNTS){
+        String lockIpv4Key = getLockIpv4Key(ipv4);
+        stringRedisTemplate.opsForValue().set(lockIpv4Key, Boolean.TRUE.toString(), Constants.IPV4_LOCK_MINUTES, TimeUnit.MINUTES);
+        LOGGER.info("Locked ip access:{}, error overstep {} times in {} minutes, do lock {} minutes", ipv4, Constants.IPV4_LOCK_ON_COUNTS, Constants.IPV4_COUNT_MINUTES, Constants.IPV4_LOCK_MINUTES);
      }
-      stringRedisTemplate.opsForValue().increment(ipv4Key, 1L);
    }
  }

@@ -551,6 +563,10 @@ public class UserController implements IBaseController {
    return Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 + ipv4;
  }

+  private final static String getLockIpv4Key(String ipv4){
+    return Constants.IPV4_LOCK + ipv4;
+  }
+
  private boolean validatePassword(String paramPass, String targetPassword) {
    return StringUtils.defaultString(targetPassword, "").equals(PasswordUtil.MD5(paramPass.toLowerCase() + pwdSalt));
  }

--- a/src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java
 package cn.quantgroup.xyqb.util;

+import cn.quantgroup.xyqb.Constants;
 import org.apache.commons.lang.StringUtils;

+import java.util.Calendar;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

@@ -14,7 +16,7 @@ public class ValidationUtil {
  private static String phoneRegExp = "^((13[0-9])|(14[0-9])|(15[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$";
  private static String chineseNameRegExp = "^[\u4e00-\u9fa5]+(\\.|·)?[\u4e00-\u9fa5]+$";
  private static String ipv4RegExp = "^((2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)\\.){3}(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)$";
-  private static String localIpv4RegExp = "^172(\\.2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?){3}$";
+  private static String localIpv4RegExp = "^172\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?){3}$";

  private static Pattern phonePattern = Pattern.compile(phoneRegExp);
  private static Pattern chinesePattern = Pattern.compile(chineseNameRegExp);
@@ -54,6 +56,12 @@ public class ValidationUtil {
    return matcher.find();
  }

+  public static boolean isAtDangerousTime() {
+    Calendar now = Calendar.getInstance();
+    int hour = now.get(Calendar.HOUR_OF_DAY);
+    return Constants.DANGEROUS_TIME_START <= hour || hour < Constants.DANGEROUS_TIME_END;
+  }
+
  public static boolean validateChannelId(Long channelId) {
    return channelId == 0L ? false : true;
  }
@@ -65,4 +73,13 @@ public class ValidationUtil {
    return false;
  }

+
+  public static void main(String[] args){
+    System.out.println(ValidationUtil.validateIpv4("49.150.23.2"));
+    System.out.println(ValidationUtil.validateIpv4("172.16.4.3"));
+    System.out.println(ValidationUtil.validateIpv4("192.168.8.9"));
+    System.out.println(ValidationUtil.validateLocalIpv4("49.150.23.2"));
+    System.out.println(ValidationUtil.validateLocalIpv4("172.16.4.3"));
+    System.out.println(ValidationUtil.validateLocalIpv4("192.168.8.9"));
+  }
 }