@Transactional(rollbackFor = Exception.class)

63c9a97c · 技术部-任文超 · d9b999bb · 63c9a97c · 63c9a97c · 63c9a97c
Commit 63c9a97c authored Oct 29, 2019 by 技术部-任文超
28 changed files
--- a/src/main/java/cn/quantgroup/xyqb/Constants.java
+++ b/src/main/java/cn/quantgroup/xyqb/Constants.java
@@ -26,6 +26,9 @@ public interface Constants {

    String X_AUTH_TOKEN = "x-auth-token";
    int TOKEN_LENGTH = 36;
+    int THOUSAND_SECOND = 1000;
+    int MILLIS_PER_SECOND = 1000;
+    int MILLIS_OF_TEN_SECOND = 10000;
    /** 垃圾，前辈竟然用这个办法来识别UUID */
    int UUID_MIN_LENGTH = 10;
    String CHECK_FAIL = "fail";
@@ -42,6 +45,7 @@ public interface Constants {
     * 微信标识参数名
     */
    String WECHAT_OPEN_ID = "wechat_open_id";
+    String PASSWORD = "password";

    // -- Start -- IPV4安全策略常量组
    /**

--- a/src/main/java/cn/quantgroup/xyqb/aspect/accessable/IpValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/accessable/IpValidateAdvisor.java
 package cn.quantgroup.xyqb.aspect.accessable;

 import cn.quantgroup.xyqb.model.JsonResult;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
 import org.aspectj.lang.annotation.Aspect;
@@ -35,12 +35,12 @@ public class IpValidateAdvisor {
    private Object doWhiteIpMatch(ProceedingJoinPoint pjp) throws Throwable {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        // 客户端IP
-        String clientIp = IPUtil.getRemoteIP(request);
+        String clientIp = IpUtil.getRemoteIP(request);
        // 白名单
-        if (IPUtil.whiteOf(clientIp)) {
+        if (IpUtil.whiteOf(clientIp)) {
            return pjp.proceed();
        }
-        IPUtil.logIp(LOGGER, request);
+        IpUtil.logIp(LOGGER, request);
        LOGGER.error("Lock_ipv4: don't match white ip access:{}", clientIp);
        return JsonResult.buildErrorStateResult("非法访问", null);
    }

--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
@@ -4,7 +4,7 @@ package cn.quantgroup.xyqb.aspect.captcha;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
 import com.octo.captcha.service.CaptchaServiceException;
 import org.apache.commons.codec.binary.Base64;
@@ -84,7 +84,7 @@ public class CaptchaFiniteValidateAdvisor {
        String phoneNo = phonePasswordMap.get(Constants.PHONE_NO);
        Long countErrorByPhone = getCount(phoneNo);
        if (countErrorByPhone == null) {
-            LOGGER.info("用户名或密码不正确, phoneNo={}, countErrorByPhone={}, clientIp={}", phoneNo, countErrorByPhone, IPUtil.getRemoteIP(request));
+            LOGGER.info("用户名或密码不正确, phoneNo={}, countErrorByPhone={}, clientIp={}", phoneNo, countErrorByPhone, IpUtil.getRemoteIP(request));
            return JsonResult.buildErrorStateResult("用户名或密码不正确", null);
        }
        if (countErrorByPhone > Constants.Image_Need_Count) {
@@ -92,7 +92,7 @@ public class CaptchaFiniteValidateAdvisor {
            String captchaId = Optional.ofNullable(request.getParameter(Constants.QG_CAPTCHA_ID)).orElse("");
            String captchaValue = request.getParameter(Constants.QG_CAPTCHA_VALUE);
            if (shouldSkipCaptchaValidate(registerFrom, captchaId, captchaValue)) {
-                LOGGER.info("使用超级图形验证码校验, registerFrom={}, clientIp={}", registerFrom, IPUtil.getRemoteIP(request));
+                LOGGER.info("使用超级图形验证码校验, registerFrom={}, clientIp={}", registerFrom, IpUtil.getRemoteIP(request));
                return pjp.proceed();
            }
            if (StringUtils.isNotBlank(captchaValue)) {

--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaNewValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaNewValidateAdvisor.java
@@ -5,7 +5,7 @@ import cn.quantgroup.xyqb.model.ClientType;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.service.captcha.IGeetestCaptchaService;
 import cn.quantgroup.xyqb.service.captcha.IQuantgroupCaptchaService;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -84,8 +84,8 @@ public class CaptchaNewValidateAdvisor {
        String challenge = request.getParameter(Constants.FN_GEETEST_CHALLENGE);
        String validate = request.getParameter(Constants.FN_GEETEST_VALIDATE);
        String seccode = request.getParameter(Constants.FN_GEETEST_SECCODE);
-        log.info("Geetest - 极验二次校验, phoneNo:{}, uniqueKey:{}, clientType:{}, ip:{}, challenge:{}, validate:{}, seccode:{}", phoneNo, uniqueKey, clientType, IPUtil.getRemoteIP(request), challenge, validate, seccode);
-        return geetestCaptchaService.validGeetestCaptcha(uniqueKey, IPUtil.getRemoteIP(request), ClientType.valueByName(clientType), challenge, validate, seccode);
+        log.info("Geetest - 极验二次校验, phoneNo:{}, uniqueKey:{}, clientType:{}, ip:{}, challenge:{}, validate:{}, seccode:{}", phoneNo, uniqueKey, clientType, IpUtil.getRemoteIP(request), challenge, validate, seccode);
+        return geetestCaptchaService.validGeetestCaptcha(uniqueKey, IpUtil.getRemoteIP(request), ClientType.valueByName(clientType), challenge, validate, seccode);
    }

    /**
@@ -99,7 +99,7 @@ public class CaptchaNewValidateAdvisor {
        String phoneNo = request.getParameter(Constants.PHONE_NO);
        String captchaId = Optional.ofNullable(request.getParameter(Constants.QG_CAPTCHA_ID)).orElse("");
        String captchaValue = request.getParameter(Constants.QG_CAPTCHA_VALUE);
-        log.info("Quantgroup - 图形验证码校验, phoneNo:{}, ip:{}, captchaId:{}, captchaValue:{}", phoneNo, IPUtil.getRemoteIP(request), captchaId, captchaValue);
+        log.info("Quantgroup - 图形验证码校验, phoneNo:{}, ip:{}, captchaId:{}, captchaValue:{}", phoneNo, IpUtil.getRemoteIP(request), captchaId, captchaValue);
        return quantgroupCaptchaService.validQuantgroupCaptcha(captchaId, captchaValue);
    }


--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaValidateAdvisor.java
@@ -3,7 +3,7 @@ package cn.quantgroup.xyqb.aspect.captcha;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.thirdparty.jcaptcha.AbstractManageableImageCaptchaService;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import com.octo.captcha.service.CaptchaServiceException;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
@@ -79,7 +79,7 @@ public class CaptchaValidateAdvisor {
        String captchaId = Optional.ofNullable(request.getParameter(Constants.QG_CAPTCHA_ID)).orElse("");
        String captchaValue = request.getParameter(Constants.QG_CAPTCHA_VALUE);
        if (shouldSkipCaptchaValidate(registerFrom, captchaId, captchaValue)) {
-            LOGGER.info("使用超级图形验证码校验, registerFrom={}, clientIp={}", registerFrom, IPUtil.getRemoteIP(request));
+            LOGGER.info("使用超级图形验证码校验, registerFrom={}, clientIp={}", registerFrom, IpUtil.getRemoteIP(request));
            return pjp.proceed();
        }
        JsonResult result = JsonResult.buildSuccessResult("验证码不正确", "");

--- a/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java
@@ -5,7 +5,7 @@ import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -65,7 +65,7 @@ public class PasswordFreeAccessValidateAdvisor {
     */
    private boolean tokenValid(HttpServletRequest request) {
        Objects.requireNonNull(request, "无效请求");
-        String clientIp = IPUtil.getRemoteIP(request);
+        String clientIp = IpUtil.getRemoteIP(request);
        Set<String> paramKeys = request.getParameterMap().keySet();
        if (!paramKeys.contains(Constants.PHONE_NO) && !paramKeys.contains(USER_ID)) {
            LOGGER.info("非法请求 - 缺少参数, paramKeys={}, clientIp={}", paramKeys, clientIp);

--- a/src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidateAdvisor.java
@@ -3,7 +3,7 @@ package cn.quantgroup.xyqb.aspect.lock;

 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.model.JsonResult;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -56,9 +56,9 @@ public class PasswordErrorFiniteValidateAdvisor {
    private Object doFiniteValidate(ProceedingJoinPoint pjp) throws Throwable {
        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
        // 客户端IP
-        String clientIp = IPUtil.getRemoteIP(request);
+        String clientIp = IpUtil.getRemoteIP(request);
        // 白名单
-        if (IPUtil.whiteOf(clientIp)) {
+        if (IpUtil.whiteOf(clientIp)) {
            return pjp.proceed();
        }
        // 补充白名单
@@ -66,19 +66,19 @@ public class PasswordErrorFiniteValidateAdvisor {
            return pjp.proceed();
        }
        // 入口服务器IP
-        if (StringUtils.startsWith(clientIp, IPUtil.IO_IP)) {
+        if (StringUtils.startsWith(clientIp, IpUtil.IO_IP)) {
            return pjp.proceed();
        }
        // 黑名单
        if (redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_BLACK, clientIp)) {
-            IPUtil.logIp(LOGGER, request);
+            IpUtil.logIp(LOGGER, request);
            LOGGER.info("Lock_ipv4: black ip access:{}", clientIp);
            return JsonResult.buildErrorStateResult("登录失败", null);
        }
        String lockIpv4Key = getLockIpv4Key(clientIp);
        String lock = redisTemplate.opsForValue().get(lockIpv4Key);
        if (Objects.equals(Boolean.TRUE.toString(), lock)) {
-            IPUtil.logIp(LOGGER, request);
+            IpUtil.logIp(LOGGER, request);
            LOGGER.info("Lock_ipv4: locked ip access:{}", clientIp);
            return JsonResult.buildErrorStateResult("登录失败", null);
        }

--- a/src/main/java/cn/quantgroup/xyqb/aspect/logcaller/LogCallHttpAspect.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/logcaller/LogCallHttpAspect.java
 package cn.quantgroup.xyqb.aspect.logcaller;

-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import com.google.common.base.Stopwatch;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.annotation.Around;
@@ -38,7 +38,7 @@ public class LogCallHttpAspect {
        Stopwatch stopwatch = Stopwatch.createStarted();
        ServletRequestAttributes attrs = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
        HttpServletRequest request = attrs.getRequest();
-        String remoteIP = IPUtil.getRemoteIP(request);
+        String remoteIP = IpUtil.getRemoteIP(request);
        Object[] args = pjp.getArgs();
        boolean hasException = false;
        Object result;

--- a/src/main/java/cn/quantgroup/xyqb/controller/ExceptionHandlingController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/ExceptionHandlingController.java
@@ -5,7 +5,7 @@ import cn.quantgroup.xyqb.exception.UserNotExistException;
 import cn.quantgroup.xyqb.exception.VerificationCodeErrorException;
 import cn.quantgroup.xyqb.exception.WechatRelateUserException;
 import cn.quantgroup.xyqb.model.JsonResult;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
@@ -40,7 +40,7 @@ public class ExceptionHandlingController implements IBaseController {
     */
    @ExceptionHandler(PasswordErrorLimitException.class)
    public JsonResult passwordErrorLimitException(PasswordErrorLimitException vce) {
-        LOGGER.info("throw PasswordErrorLimitException,msg={},businessCode={}, clientIp={}", vce.getMessage(), 2L, IPUtil.getRemoteIP(getRequest()));
+        LOGGER.info("throw PasswordErrorLimitException,msg={},businessCode={}, clientIp={}", vce.getMessage(), 2L, IpUtil.getRemoteIP(getRequest()));
        return JsonResult.buildErrorStateResult(vce.getMessage(), null, 2L);
    }

@@ -52,7 +52,7 @@ public class ExceptionHandlingController implements IBaseController {
     */
    @ExceptionHandler(VerificationCodeErrorException.class)
    public JsonResult verificationCodeErrorException(VerificationCodeErrorException vce) {
-        LOGGER.info("throw VerificationCodeErrorException,msg={},businessCode={}, clientIp={}", vce.getMessage(), 1L, IPUtil.getRemoteIP(getRequest()));
+        LOGGER.info("throw VerificationCodeErrorException,msg={},businessCode={}, clientIp={}", vce.getMessage(), 1L, IpUtil.getRemoteIP(getRequest()));
        return JsonResult.buildErrorStateResult(vce.getMessage(), null, 1L);
    }


--- a/src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java
@@ -2,7 +2,7 @@ package cn.quantgroup.xyqb.controller;

 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -56,7 +56,7 @@ public interface IBaseController {

    default String getIp() {
        HttpServletRequest request = getRequest();
-        return IPUtil.getRemoteIP(request);
+        return IpUtil.getRemoteIP(request);
    }

    default String getProtocol() {

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/UserController.java
@@ -24,7 +24,7 @@ import cn.quantgroup.xyqb.service.user.IUserDetailService;
 import cn.quantgroup.xyqb.service.user.IUserService;
 import cn.quantgroup.xyqb.service.user.UserCenterService;
 import cn.quantgroup.xyqb.service.wechat.IWechatService;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import cn.quantgroup.xyqb.util.MqUtils;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
@@ -528,7 +528,7 @@ public class UserController implements IBaseController {
     */
    private boolean wechatRelateUserIfNecessary(User user, HttpServletRequest request) {
        Objects.requireNonNull(request, "无效请求");
-        String clientIp = IPUtil.getRemoteIP(request);
+        String clientIp = IpUtil.getRemoteIP(request);
        Set<String> paramKeys = request.getParameterMap().keySet();
        boolean ready = paramKeys.contains(Constants.WECHAT_OPEN_ID);
        if (!ready) {

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/captcha/NewCaptchaController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/captcha/NewCaptchaController.java
@@ -5,7 +5,7 @@ import cn.quantgroup.xyqb.model.ClientType;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.service.captcha.IGeetestCaptchaService;
 import cn.quantgroup.xyqb.service.captcha.IQuantgroupCaptchaService;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import cn.quantgroup.xyqb.util.PasswordUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
 import io.swagger.annotations.ApiOperation;
@@ -41,7 +41,7 @@ public class NewCaptchaController {
    @RequestMapping(value = "/captcha/new")
    @ApiOperation(value = "获取新图形验证码", notes = "获取新图形验证码", httpMethod = "POST")
    public JsonResult getCaptcha(String phoneNo, String clientType, HttpServletRequest request) {
-        String remoteIp = IPUtil.getRemoteIP(request);
+        String remoteIp = IpUtil.getRemoteIP(request);
        log.info("获取验证码, phoneNo:{}, clientType:{}, ip:{}, verifyType-qg:{}", phoneNo, clientType, remoteIp, geetestClose);
        if (StringUtils.isNotBlank(phoneNo) && !ValidationUtil.validatePhoneNo(phoneNo)) {
            return JsonResult.buildErrorStateResult("手机号格式错误", null);

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/sms/SmsController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/sms/SmsController.java
@@ -9,7 +9,7 @@ import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.sms.SmsMerchant;
 import cn.quantgroup.xyqb.service.sms.ISmsService;
 import cn.quantgroup.xyqb.util.DateUtils;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
@@ -384,7 +384,7 @@ public class SmsController implements IBaseController {
            return JsonResult.buildErrorStateResult("您设备已经达到获取今天验证码上限", null);
        }
        // IP上限检查
-        if (!IPUtil.whiteOf(clientIp) && getIPVerificationCount > IP_MAX_PER_DAY) {
+        if (!IpUtil.whiteOf(clientIp) && getIPVerificationCount > IP_MAX_PER_DAY) {
            LOGGER.info("您当前ip已经达到获取今天短信验证码上限:ip:{},count:{}", clientIp, getIPVerificationCount);
            return JsonResult.buildErrorStateResult("您当前ip已经达到获取今天短信验证码上限", null);
        }
@@ -465,7 +465,7 @@ public class SmsController implements IBaseController {
            return JsonResult.buildErrorStateResult("您设备已经达到获取今天语音验证码上限", null);
        }
        // IP上限检查
-        if (!IPUtil.whiteOf(clientIp) && getIPVerificationCount > IP_MAX_PER_DAY) {
+        if (!IpUtil.whiteOf(clientIp) && getIPVerificationCount > IP_MAX_PER_DAY) {
            LOGGER.info("您当前ip已经达到获取今天短信验证码上限:ip:{},count:{}", clientIp, getIPVerificationCount);
            return JsonResult.buildErrorStateResult("您当前ip已经达到获取今天语音验证码上限", null);
        }

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/AppController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/AppController.java
@@ -13,7 +13,7 @@ import cn.quantgroup.xyqb.service.merchant.IMerchantService;
 import cn.quantgroup.xyqb.service.register.IUserRegisterService;
 import cn.quantgroup.xyqb.service.session.ISessionService;
 import cn.quantgroup.xyqb.service.user.IUserService;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
 import io.swagger.annotations.ApiOperation;
 import org.slf4j.Logger;
@@ -77,7 +77,7 @@ public class AppController implements IBaseController {
        if (!ValidationUtil.validatePhoneNo(phoneNo)) {
            return JsonResult.buildErrorStateResult(USER_ERROR_OR_PASSWORD_ERROR, null);
        }
-        LOGGER.info("第三方用户登录 [AppController] login --> loginFrom:{},channelId：{},btRegisterChannelId:{} requestIp:{},idNo:{},name:{}", registerFrom, channelId, btRegisterChannelId, IPUtil.getRemoteIP(request), idNo, name);
+        LOGGER.info("第三方用户登录 [AppController] login --> loginFrom:{},channelId：{},btRegisterChannelId:{} requestIp:{},idNo:{},name:{}", registerFrom, channelId, btRegisterChannelId, IpUtil.getRemoteIP(request), idNo, name);
        User user = userService.findByPhoneInDb(phoneNo);
        if (user == null) {
            user = userRegisterService.register(registerFrom, phoneNo, idNo, name, channelId, btRegisterChannelId);
@@ -128,7 +128,7 @@ public class AppController implements IBaseController {
        if (!ValidationUtil.validatePhoneNo(phoneNo)) {
            return JsonResult.buildErrorStateResult(USER_ERROR_OR_PASSWORD_ERROR, null);
        }
-        LOGGER.info("第三方用户登录 [AppController] loginSuper --> loginFrom:{},phoneNo:{},appChannel:{},channelId：{},btRegisterChannelId:{} requestIp:{},idNo:{},name:{}", registerFrom, phoneNo, appChannel, channelId, btRegisterChannelId, IPUtil.getRemoteIP(request), idNo, name);
+        LOGGER.info("第三方用户登录 [AppController] loginSuper --> loginFrom:{},phoneNo:{},appChannel:{},channelId：{},btRegisterChannelId:{} requestIp:{},idNo:{},name:{}", registerFrom, phoneNo, appChannel, channelId, btRegisterChannelId, IpUtil.getRemoteIP(request), idNo, name);
        User user = userService.findByPhoneInDb(phoneNo);
        if (user == null) {
            try {
@@ -187,7 +187,7 @@ public class AppController implements IBaseController {
        if (!ValidationUtil.validatePhoneNo(phoneNo)) {
            return JsonResult.buildErrorStateResult(USER_ERROR_OR_PASSWORD_ERROR, null);
        }
-        LOGGER.info("第三方用户登录 [AppController] login2 --> loginFrom:{},channelId:{}, requestIp:{}", registerFrom, channelId, IPUtil.getRemoteIP(request));
+        LOGGER.info("第三方用户登录 [AppController] login2 --> loginFrom:{},channelId:{}, requestIp:{}", registerFrom, channelId, IpUtil.getRemoteIP(request));
        User user = userService.findByPhoneInDb(phoneNo);
        if (user == null) {
            return JsonResult.buildErrorStateResult(USER_ERROR_OR_PASSWORD_ERROR, null);

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/InnerController.java
@@ -411,7 +411,7 @@ public class InnerController implements IBaseController {
            return JsonResult.buildErrorStateResult("userId为空", null);
        }
        if (StringUtils.isNotBlank(qq)) {
-            userDetailService.updateUserQQ(userId, qq);
+            userDetailService.updateUserQq(userId, qq);
        }
        if (StringUtils.isNotBlank(email)) {
            userDetailService.updateUserEmail(userId, email);
@@ -425,7 +425,7 @@ public class InnerController implements IBaseController {
        if (StringUtils.isEmpty(qq) || userId == null || userId == 0L) {
            return JsonResult.buildErrorStateResult("参数校验失败,qq或用户id为空", null);
        }
-        userDetailService.updateUserQQ(userId, qq);
+        userDetailService.updateUserQq(userId, qq);
        return JsonResult.buildSuccessResult(null, null);
    }

@@ -495,7 +495,7 @@ public class InnerController implements IBaseController {
            return JsonResult.buildErrorStateResult("修改联系人不存在", null);
        }
        contact = contactService.saveContact(name, phoneNo, relation, contact);
-        log.info("修改后联系人信息:{},修改原因：{},操作ip:{}", contact, reason, IPUtil.getRemoteIP(request));
+        log.info("修改后联系人信息:{},修改原因：{},操作ip:{}", contact, reason, IpUtil.getRemoteIP(request));

        return JsonResult.buildSuccessResult("修改联系人成功", contact);
    }

--- a/src/main/java/cn/quantgroup/xyqb/repository/IUserDetailRepository.java
+++ b/src/main/java/cn/quantgroup/xyqb/repository/IUserDetailRepository.java
@@ -20,17 +20,17 @@ public interface IUserDetailRepository extends JpaRepository<UserDetail, Long>,

    UserDetail findByPhoneNo(String phone);

-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update user_detail set qq = ?1 where user_id = ?2", nativeQuery = true)
-    void updateUserQQ(String qq, Long userId);
+    void updateUserQq(String qq, Long userId);

-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update user_detail set email = ?1 where user_id = ?2", nativeQuery = true)
    void updateUserEmail(String email, Long userId);

-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update user_detail set gender = ?1 where user_id = ?2", nativeQuery = true)
    void updateGender(int gender, Long userId);
@@ -42,11 +42,10 @@ public interface IUserDetailRepository extends JpaRepository<UserDetail, Long>,
     *
     * @return
     */
-    @Modifying
    @Query(value = "select * from user_detail where gender!=1 and gender!=2 and id_no is not null", nativeQuery = true)
    List<UserDetail> selectUserDetailsBy();

-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update user_detail set name=?1,id_no=?2,gender=?3 where phone_no=?4", nativeQuery = true)
    int updateNameAndIdNoByPhoneNo(String name, String idNo, int gender, String phoneNo);

--- a/src/main/java/cn/quantgroup/xyqb/repository/IUserQueryLogRepository.java
+++ b/src/main/java/cn/quantgroup/xyqb/repository/IUserQueryLogRepository.java
@@ -14,7 +14,7 @@ import java.util.List;
 */
 public interface IUserQueryLogRepository extends JpaRepository<UserQueryLog, Long> {

-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(nativeQuery = true, value = "select * from user_query_log ul where created_At between ?1 and ?2  limit ?3 ,?4 ")
    List<UserQueryLog> findQueryLogCreatedAt(Date beginDate, Date endDate, Integer pageId, Integer pageSize);

--- a/src/main/java/cn/quantgroup/xyqb/repository/IUserRepository.java
+++ b/src/main/java/cn/quantgroup/xyqb/repository/IUserRepository.java
@@ -42,7 +42,7 @@ public interface IUserRepository extends JpaRepository<User, Long>, JpaSpecifica
    @Query(value = "select * from user where created_at>=?1 and created_at<?2 ", nativeQuery = true)
    List<User> findRegisterUserByTime(String beginTime, String endTime);

-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update user set enable=?1 where phone_no=?2", nativeQuery = true)
    int forbiddenUser(Boolean enable, String phoneNo);

--- a/src/main/java/cn/quantgroup/xyqb/repository/IWeChatUserRepository.java
+++ b/src/main/java/cn/quantgroup/xyqb/repository/IWeChatUserRepository.java
@@ -28,7 +28,7 @@ public interface IWeChatUserRepository extends JpaRepository<WechatUserInfo, Lon
     * @param userId
     * @return
     */
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update wechat_userinfo set user_id=null,phone_no='*' where user_id=?1", nativeQuery = true)
    int dissociateByUserId(Long userId);
@@ -41,7 +41,7 @@ public interface IWeChatUserRepository extends JpaRepository<WechatUserInfo, Lon
     * @param openId  - 微信标识
     * @return 记录更新行数
     */
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @Modifying
    @Query(value = "update wechat_userinfo set user_id=?1,phone_no=?2 where open_id=?3 and user_id is null", nativeQuery = true)
    int relateUser(Long userId, String phoneNo, String openId);

--- a/src/main/java/cn/quantgroup/xyqb/service/http/impl/HttpServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/http/impl/HttpServiceImpl.java
@@ -2,7 +2,7 @@ package cn.quantgroup.xyqb.service.http.impl;

 import cn.quantgroup.tech.brave.service.ITechHttpClient;
 import cn.quantgroup.xyqb.service.http.IHttpService;
-import cn.quantgroup.xyqb.util.Utils;
+import cn.quantgroup.xyqb.util.PasswordUtil;
 import com.google.common.collect.Maps;
 import org.apache.commons.codec.Charsets;
 import org.apache.commons.collections.MapUtils;
@@ -108,7 +108,7 @@ public class HttpServiceImpl implements IHttpService {
        }

        String method = requestBuilder.getMethod();
-        LOGGER.info("{}, uri:{}, headers:{}, parameters:{}", method, uri, headers, StringUtils.substring(Utils.safeMap2Str(parameters), 0, 200));
+        LOGGER.info("{}, uri:{}, headers:{}, parameters:{}", method, uri, headers, StringUtils.substring(PasswordUtil.filterPasswordToString(parameters), 0, 200));
        HttpEntity httpEntity = null;
        CloseableHttpResponse httpResponse = null;
        try {
@@ -133,7 +133,7 @@ public class HttpServiceImpl implements IHttpService {

            return response;
        } catch (Exception e) {
-            LOGGER.info("{}, uri:{}, headers:{}, parameters:{}", method, uri, headers, StringUtils.substring(Utils.safeMap2Str(parameters), 0, 200), e);
+            LOGGER.info("{}, uri:{}, headers:{}, parameters:{}", method, uri, headers, StringUtils.substring(PasswordUtil.filterPasswordToString(parameters), 0, 200), e);
            return null;
        } finally {
            EntityUtils.consumeQuietly(httpEntity);

--- a/src/main/java/cn/quantgroup/xyqb/service/user/IUserDetailService.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/IUserDetailService.java
@@ -17,7 +17,7 @@ public interface IUserDetailService {

    UserDetail findByPhoneNo(String phoneNo);

-    void updateUserQQ(Long userId, String qq);
+    void updateUserQq(Long userId, String qq);

    void updateUserEmail(Long userId, String email);


--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/LockIpv4ServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/LockIpv4ServiceImpl.java
@@ -5,7 +5,7 @@ import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.exception.PasswordErrorLimitException;
 import cn.quantgroup.xyqb.service.user.ILockIpv4Service;
 import cn.quantgroup.xyqb.util.DateUtils;
-import cn.quantgroup.xyqb.util.IPUtil;
+import cn.quantgroup.xyqb.util.IpUtil;
 import cn.quantgroup.xyqb.util.ValidationUtil;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
@@ -57,7 +57,7 @@ public class LockIpv4ServiceImpl implements ILockIpv4Service {
     */
    @Override
    public void countErrorByIpv4(String ipv4) {
-        if (ValidationUtil.validateIpv4(ipv4) && !IPUtil.whiteOf(ipv4)) {
+        if (ValidationUtil.validateIpv4(ipv4) && !IpUtil.whiteOf(ipv4)) {
            String ipv4Key = getErrorIpKey(ipv4);
            if (!stringRedisTemplate.hasKey(ipv4Key)) {
                // 计数周期1分钟
@@ -98,7 +98,7 @@ public class LockIpv4ServiceImpl implements ILockIpv4Service {
     */
    @Override
    public void countSuccessByIpv4(String ipv4) {
-        if (ValidationUtil.validateIpv4(ipv4) && !IPUtil.whiteOf(ipv4)) {
+        if (ValidationUtil.validateIpv4(ipv4) && !IpUtil.whiteOf(ipv4)) {
            String ipv4Key = getSuccessIpKey(ipv4);
            if (!stringRedisTemplate.hasKey(ipv4Key)) {
                // 计数周期1分钟

--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserDetailServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserDetailServiceImpl.java
@@ -68,8 +68,8 @@ public class UserDetailServiceImpl implements IUserDetailService {
    }

    @Override
-    public void updateUserQQ(Long userId, String qq) {
-        userDetailRepository.updateUserQQ(qq, userId);
+    public void updateUserQq(Long userId, String qq) {
+        userDetailRepository.updateUserQq(qq, userId);
    }

    @Override

--- a/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserExtInfoServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/user/impl/UserExtInfoServiceImpl.java
@@ -25,7 +25,7 @@ public class UserExtInfoServiceImpl implements IUserExtInfoService {
    }

    @Override
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    @CacheEvict(value = "userextinfocache", key = "'extinfo' + #info.userId", cacheManager = "cacheManager")
    public UserExtInfo save(UserExtInfo info) {
        return userExtInfoRepository.save(info);

--- a/src/main/java/cn/quantgroup/xyqb/service/wechat/impl/WechatServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/wechat/impl/WechatServiceImpl.java
 package cn.quantgroup.xyqb.service.wechat.impl;

+import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.entity.WechatUserInfo;
 import cn.quantgroup.xyqb.exception.WechatRelateUserException;
 import cn.quantgroup.xyqb.model.webchat.AccessTokenResponse;
@@ -32,7 +33,6 @@ import java.util.concurrent.TimeUnit;
 @Service
 public class WechatServiceImpl implements IWechatService {
    private static final String WECHAT_TOKEN_KEY_PREFIX = "wechat:token:";
-    private static final String WECHAT_USERINFO_KEY_PREFIX = "wechat:userinfo:";
    @Value("${wechat.appid}")
    private String appId;
    @Value("${wechat.secret}")
@@ -42,8 +42,6 @@ public class WechatServiceImpl implements IWechatService {
    @Resource
    private IHttpService httpService;
    @Resource
-    private ISessionService sessionService;
-    @Resource
    private IWeChatUserRepository weChatUserRepository;
    @Autowired
    @Qualifier("stringRedisTemplate")
@@ -75,8 +73,8 @@ public class WechatServiceImpl implements IWechatService {
                if (accessTokenResponse == null) {
                    return null;
                }
-                accessTokenResponse.setInitialTime(System.currentTimeMillis() - 10000);
-                redisTemplate.opsForValue().set(key, JSONObject.toJSONString(accessTokenResponse), accessTokenResponse.getExpiresIn() + 1000, TimeUnit.SECONDS);
+                accessTokenResponse.setInitialTime(System.currentTimeMillis() - Constants.MILLIS_OF_TEN_SECOND);
+                redisTemplate.opsForValue().set(key, JSONObject.toJSONString(accessTokenResponse), accessTokenResponse.getExpiresIn() + Constants.THOUSAND_SECOND, TimeUnit.SECONDS);
                return accessTokenResponse;
            } catch (Exception ex) {
                return null;
@@ -85,15 +83,15 @@ public class WechatServiceImpl implements IWechatService {
            try {
                AccessTokenResponse response = JSONObject.parseObject(resultStr, AccessTokenResponse.class);
                // 刷新
-                if (response.getInitialTime() + response.getExpiresIn() * 1000 > System.currentTimeMillis()) {
+                if (response.getInitialTime() + response.getExpiresIn() * Constants.MILLIS_PER_SECOND > System.currentTimeMillis()) {
                    String refreshTokenStr = refreshToken(response.getRefreshToken());
                    response = JSONObject.parseObject(refreshTokenStr, AccessTokenResponse.class);
                    if (response == null) {
                        return null;
                    }
-                    response.setInitialTime(System.currentTimeMillis() - 10000);
+                    response.setInitialTime(System.currentTimeMillis() - Constants.MILLIS_OF_TEN_SECOND);
                }
-                redisTemplate.opsForValue().set(key, JSONObject.toJSONString(response), response.getExpiresIn() + 1000, TimeUnit.SECONDS);
+                redisTemplate.opsForValue().set(key, JSONObject.toJSONString(response), response.getExpiresIn() + Constants.THOUSAND_SECOND, TimeUnit.SECONDS);
                return response;
            } catch (Exception ex) {
                return null;
@@ -118,7 +116,7 @@ public class WechatServiceImpl implements IWechatService {
    }

    @Override
-    @Transactional
+    @Transactional(rollbackFor = Exception.class)
    public WechatUserInfo saveWechatUserInfo(WechatUserInfo userInfo) {
        if (Objects.isNull(userInfo) || Objects.isNull(userInfo.getOpenId())) {
            return null;

--- a/src/main/java/cn/quantgroup/xyqb/util/IPUtil.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/IPUtil.java
@@ -16,7 +16,7 @@ import java.util.Set;
 * @author renwc
 * @date 2017-12-01
 */
-public class IPUtil {
+public class IpUtil {
    /**
     * IP白名单
     * <p>
@@ -98,13 +98,14 @@ public class IPUtil {
        }
        //过滤反向代理的ip
        String[] stemps = ip.split(",");
-        if (stemps != null && stemps.length >= 1) {
+        if (stemps != null && stemps.length > 0) {
            //得到第一个IP，即客户端真实IP
            ip = stemps[0];
        }
        ip = ip.trim();
-        if (ip.length() > 23) {
-            ip = ip.substring(0, 23);
+        int twentyThree = 23;
+        if (ip.length() > twentyThree) {
+            ip = ip.substring(0, twentyThree);
        }
        return ip;
    }

--- a/src/main/java/cn/quantgroup/xyqb/util/PasswordUtil.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/PasswordUtil.java
 package cn.quantgroup.xyqb.util;

+import cn.quantgroup.xyqb.Constants;
+import com.alibaba.fastjson.JSON;
 import com.google.common.base.Preconditions;
 import org.apache.commons.lang.StringUtils;

 import java.security.MessageDigest;
+import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ThreadLocalRandom;

@@ -89,4 +92,20 @@ public class PasswordUtil {
        return Objects.equals(thePassword, targetPassword);
    }

+    public static String filterPasswordToString(Map<String, String> info) {
+        if (null == info) {
+            return null;
+        }
+        if(!info.containsKey(Constants.PASSWORD)){
+            return JSON.toJSONString(info);
+        }
+        String password = info.get(Constants.PASSWORD);
+        // 先删掉
+        info.remove(Constants.PASSWORD);
+        String infoString = JSON.toJSONString(info);
+        // 再回填
+        info.put(Constants.PASSWORD, password);
+        return infoString;
+    }
+
 }
--- a/src/main/java/cn/quantgroup/xyqb/util/Utils.java
+++ b/src/main/java/cn/quantgroup/xyqb/util/Utils.java
-package cn.quantgroup.xyqb.util;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- * @author mengfan.feng
- */
-public class Utils {
-
-    private static Pattern pattern = Pattern.compile("(?<!\\d)(?:(?:1[34578]\\d{9})|(?:861[34578]\\d{9}))(?!\\d)");
-
-    public static String safeMap2Str(Map<String, String> info) {
-        if (null == info) {
-            return null;
-        }
-        StringBuilder builder = new StringBuilder();
-        builder.append("{");
-        info.forEach((key, value) -> {
-            if ("password".equals(key)) {
-                return;
-            }
-            builder.append(key);
-            builder.append("=");
-            builder.append(value);
-            builder.append(",");
-        });
-        builder.append("}");
-        return builder.toString();
-    }
-
-    public static String coverPhone(String str) {
-        if (str.length() <= 0) {
-            return "";
-        }
-        if (str.length() > 1024)  //长度超过1024的字符串不走正则匹配过滤手机号
-        {
-            return "";
-        }
-        Matcher matcher = pattern.matcher(str);
-        Map<String, String> replaceMap = new HashMap<>();
-        while (matcher.find()) {
-            String group = matcher.group();
-            String replace = group.substring(0, 3).concat("****").concat(group.substring(7)).concat(" [".concat(PasswordUtil.MD5(group)).concat("]"));
-            replaceMap.put(group, replace);
-        }
-        Set<Map.Entry<String, String>> entries = replaceMap.entrySet();
-        for (Map.Entry<String, String> entry : entries) {
-            str = str.replaceAll(entry.getKey(), entry.getValue());
-        }
-        return str;
-    }
-}