完成在原有锁定、解锁指定IP基础上，增加黑白名单、Redis可选lock参数（针对撞库攻击）可配置的功能

优化RequestFilter的公共资源地址空间配置，清除重复项

完成在原有锁定、解锁指定IP基础上，增加黑白名单、Redis可选lock参数（针对撞库攻击）可配置的功能
优化RequestFilter的公共资源地址空间配置，清除重复项
6b945e53 · 技术部-任文超 · 39b1973c · 6b945e53 · 6b945e53 · 6b945e53
Commit 6b945e53 authored Nov 28, 2017 by 技术部-任文超
6 changed files
--- a/src/main/java/cn/quantgroup/xyqb/Constants.java
+++ b/src/main/java/cn/quantgroup/xyqb/Constants.java
@@ -41,16 +41,22 @@ public interface Constants {
  String X_AUTH_TOKEN = "x-auth-token";
  String ONE_TIME_TOKEN = "oneTimeToken";
+  // -- Start -- IPV4安全策略常量组
  String REDIS_PASSWORD_ERROR_COUNT = "password_error_count:";
  String REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 = "password_error_count_4_ipv4:";
+  String IPV4_LOCK_WHITE = "lock_ipv4:white:";
+  String IPV4_LOCK_BLACK = "lock_ipv4:black:";
+  String IPV4_LOCK_MINUTES_REDIS = "lock_ipv4:minutes:";
+  String IPV4_LOCK_ON_COUNTS_REDIS = "lock_ipv4:on_counts:";
  String IPV4_LOCK = "lock_ipv4:";
-  Long IPV4_LOCK_MINUTES = 6 * 60L;
+  Long IPV4_LOCK_MINUTES = 3 * 60L;
  Long IPV4_COUNT_MINUTES = 1L;
-  Long IPV4_LOCK_ON_COUNTS = 200L;
+  Long IPV4_LOCK_ON_COUNTS = 60L;
  int DANGEROUS_TIME_START = 22;
  int DANGEROUS_TIME_END = 6;
  String CLEAR_LOCK_FOR_IPV4 = "x-clear-lock-11241842-y";
  String CLEAR_LOCK_FOR_IPV4_KEY = "lhp.family.dwy.sjs.yym.cxy.cpg";
+  // -- End -- IPV4安全策略常量组
  /**
   * redis中token的key值前缀
   */

--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java
-package cn.quantgroup.xyqb.aspect.captcha;
+package cn.quantgroup.xyqb.aspect.lock;
 import cn.quantgroup.xyqb.Constants;
@@ -39,7 +39,7 @@ public class PasswordErrorFiniteValidateAdvisor {
  /**
   * 密码错误限次切面
   */
-  @Pointcut("@annotation(cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator)")
+  @Pointcut("@annotation(cn.quantgroup.xyqb.aspect.lock.PasswordFineteValidator)")
  private void passwordErrorFiniteValidate() {
  }
@@ -59,9 +59,19 @@ public class PasswordErrorFiniteValidateAdvisor {
    HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
    // 客户端IP
    String clientIp = getIp(request);
-    if (StringUtils.startsWith(clientIp, "139.198.")){
+    // 入口服务器IP
+    if(StringUtils.startsWith(clientIp, "139.198.")){
      return pjp.proceed();
    }
+    // 白名单
+    if(redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_WHITE, clientIp)){
+      return pjp.proceed();
+    }
+    // 黑名单
+    if(redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_BLACK, clientIp)){
+      LOGGER.info("Locked ip access:{}", clientIp);
+      return JsonResult.buildErrorStateResult("登录失败", null);
+    }
    String lockIpv4Key = getLockIpv4Key(clientIp);
    String lock = redisTemplate.opsForValue().get(lockIpv4Key);
    if (Objects.equals(Boolean.TRUE.toString(), lock)){

--- a/src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordFineteValidator.java
+++ b/src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordFineteValidator.java
-package cn.quantgroup.xyqb.aspect.captcha;
+package cn.quantgroup.xyqb.aspect.lock;
 import java.lang.annotation.*;

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/lock/LockIpv4Controller.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/lock/LockIpv4Controller.java
--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
@@ -2,7 +2,7 @@ package cn.quantgroup.xyqb.controller.internal.user;
 import cn.quantgroup.xyqb.Constants;
 import cn.quantgroup.xyqb.aspect.captcha.CaptchaFineteValidator;
-import cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator;
+import cn.quantgroup.xyqb.aspect.lock.PasswordFineteValidator;
 import cn.quantgroup.xyqb.aspect.logcaller.LogHttpCaller;
 import cn.quantgroup.xyqb.controller.IBaseController;
 import cn.quantgroup.xyqb.entity.Merchant;

--- a/src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
+++ b/src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
@@ -26,12 +26,8 @@ import java.io.PrintWriter;
 public class RequestFilter implements Filter {
  private static final String[] ALLOWED_PATTERNS = {
-      "/user_detail/**","/hello/**","/innerapi/**", "/user/exist", "/motan/**", "/user/register", "/user/login", "/user/register/fast",
+      "/wechat/**", "/config/**", "/api/**", "/query/**", "/user_detail/**", "/hello/**", "/innerapi/**", "/motan/**", "/user/**", "/lock/**",
-      "/token/oneTime", "/user/loginV1", "/user/login/fastV1","/user/**","/api/sms/send_login_code_new_forH5","/user/lock_ipv4",
+      "/auth/info/login", "/app/login", "/app/login_super", "/app/login2", "/platform/api/page/return_url", "/MP_verify_AWiagUn4kZiwmTt0.txt"
-      "/auth/info/login","/user/login/fast","/user/reset_password", "/user/exist_check","/user/center/**",
-      "/jr58/**", "/app/login", "/app/login_super","/app/login2","/user/login2", "/wechat/**", "/config/**", "/api/**", "/user/exists_token","/query/**",
-      "/platform/api/page/return_url", "/MP_" +
-      "verify_AWiagUn4kZiwmTt0.txt"
  };
  private static final String UNAUTH_RESULT = JSONObject.toJSONString(JsonResult.buildErrorStateResult("登录失败", null));
  @Autowired