Skip to content

X
xyqb-user2
Commit a1f894a1 authored by 技术部-任文超's avatar 技术部-任文超
Browse files
Options

合并Master-20171123上线分支的代码

parent 6468f0ba
Hide whitespace changes
Inline Side-by-side
Showing with 266 additions and 56 deletions
src/main/java/cn/quantgroup/xyqb/Constants.java
View file @ a1f894a1
......@@ -14,7 +14,6 @@ public interface Constants {
String IMAGE_CAPTCHA_KEY = "img_captcha:";
String X_AUTH_TOKEN = "x-auth-token";
String ONE_TIME_TOKEN = "oneTimeToken";
String REDIS_PASSWORD_ERROR_COUNT = "password_error_4_phone:";
String REDIS_CAPTCHA_KEY = "auth:";
String CONFIG_CAPTCHA = "cfg_captcha_%";
......@@ -38,13 +37,22 @@ public interface Constants {
String REDIS_VOICE_DEVICE_COUNT = "Voice_Device_verification_code_count:";
String REDIS_VERIFICATION_COUNT = "verification_code_count:";
final Long Image_Need_Count = 3L;
final Long IMAGE_FINITE_COUNT = 3L;
Long Image_Need_Count = 3L;
Long IMAGE_FINITE_COUNT = 3L;
String REDIS_PASSWORD_ERROR_COUNT_FOR_PHONE = "password_error_4_phone:";
String REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 = "password_error_count_4_ipv4:";
String IPV4_LOCK = "lock_ipv4:";
Long IPV4_LOCK_MINUTES = 6 * 60L;//3L;//6 * 60L;
Long IPV4_COUNT_MINUTES = 1L;
Long IPV4_LOCK_ON_COUNTS = 60L;//5L;//60L;
int DANGEROUS_TIME_START = 23;//20;//22;
int DANGEROUS_TIME_END = 6;
/**
* redis中token的key值前缀
*/
String SESSION_PREFIX = "spring:session:sessions:";
Long ONE_DAY = 24 * 60 * 60L;
interface Channel {
long LKB = 1; // 量化派
......
src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java
View file @ a1f894a1
......@@ -145,7 +145,7 @@ public class CaptchaFiniteValidateAdvisor {
if(StringUtils.isBlank(phoneNo)){
return null;
}
return Constants.REDIS_PASSWORD_ERROR_COUNT + phoneNo;
return Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_PHONE + phoneNo;
}
/**
......
src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java 0 → 100644
View file @ a1f894a1
package cn.quantgroup.xyqb.aspect.captcha;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.model.JsonResult;
import cn.quantgroup.xyqb.util.ValidationUtil;
import com.google.common.collect.Lists;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
/**
* 密码错误限次的校验
* @author 任文超
* @version 1.0.0
* @since 2017-11-23
*/
@Aspect
@Component
public class PasswordErrorFiniteValidateAdvisor {
private static final Logger LOGGER = LoggerFactory.getLogger(PasswordErrorFiniteValidateAdvisor.class);
@Autowired
@Qualifier("stringRedisTemplate")
private RedisTemplate<String, String> redisTemplate;
/**
* 密码错误限次切面
*/
@Pointcut("@annotation(cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator)")
private void passwordErrorFiniteValidate() {
}
/**
* 在受保护的接口方法执行前, 执行锁状态校验
*
* @param pjp
* @return
* @throws Throwable
*/
@Around("passwordErrorFiniteValidate()")
private Object doFiniteValidate(ProceedingJoinPoint pjp) throws Throwable {
if(!ValidationUtil.isAtDangerousTime()){
return pjp.proceed();
}
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
// 客户端IP
String clientIp = getIp(request);
String lockIpv4Key = getLockIpv4Key(clientIp);
String lock = redisTemplate.opsForValue().get(lockIpv4Key);
if (Objects.equals(Boolean.TRUE.toString(), lock)){
LOGGER.info("Locked ip access:{}", clientIp);
return JsonResult.buildErrorStateResult("登录失败", null);
}
return pjp.proceed();
}
private final static String getLockIpv4Key(String ipv4){
return Constants.IPV4_LOCK + ipv4;
}
/**
* 客户端IP解析
*
* @param request 当前请求,其首部行必须包含形如【SingleToken 13461067662:0123456789abcdef】的UTF-8编码的Base64加密参数
* @return 客户端IP 或 null
*/
private String getIp(HttpServletRequest request) {
Objects.requireNonNull(request, "无效请求");
String ip = request.getHeader("x-real-ip");
if (StringUtils.isBlank(ip)) {
ip = request.getRemoteAddr();
}
//过滤反向代理的ip
String[] stemps = ip.split(",");
if (stemps.length >= 1) {
//得到第一个IP,即客户端真实IP
ip = stemps[0];
}
ip = ip.trim();
if (ip.length() > 23) {
ip = ip.substring(0, 23);
}
return ip;
}
}
src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordFineteValidator.java 0 → 100644
View file @ a1f894a1
package cn.quantgroup.xyqb.aspect.captcha;
import java.lang.annotation.*;
/**
* 密码错误限次的校验标记
* @author 任文超
* @version 1.0.0
* @since 2017-11-23
*/
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface PasswordFineteValidator {
}
src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java
View file @ a1f894a1
......@@ -2,8 +2,8 @@ package cn.quantgroup.xyqb.controller.internal.user;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.aspect.captcha.CaptchaFineteValidator;
import cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator;
import cn.quantgroup.xyqb.aspect.logcaller.LogHttpCaller;
import cn.quantgroup.xyqb.aspect.token.OneTimeTokenValidator;
import cn.quantgroup.xyqb.controller.IBaseController;
import cn.quantgroup.xyqb.entity.Merchant;
import cn.quantgroup.xyqb.entity.User;
......@@ -14,6 +14,7 @@ import cn.quantgroup.xyqb.exception.UserNotExistException;
import cn.quantgroup.xyqb.exception.VerificationCodeErrorException;
import cn.quantgroup.xyqb.model.JsonResult;
import cn.quantgroup.xyqb.model.UserModel;
import cn.quantgroup.xyqb.model.UserRegisterMqMessage;
import cn.quantgroup.xyqb.model.UserStatistics;
import cn.quantgroup.xyqb.service.merchant.IMerchantService;
import cn.quantgroup.xyqb.service.session.ISessionService;
......@@ -38,6 +39,7 @@ import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
......@@ -46,6 +48,7 @@ import java.util.concurrent.TimeUnit;
/**
* Http服务接口:用户注册、登录、重置密码
* Created by FrankChow on 15/7/5.
*/
@RestController
@RequestMapping("/user")
......@@ -76,9 +79,11 @@ public class UserController implements IBaseController {
@Autowired
private IWechatService wechatService;
private static final char[] PWD_BASE = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
private static final char[] PWD_BASE = {
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w',
'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9'
};
/**
......@@ -136,6 +141,7 @@ public class UserController implements IBaseController {
}
@LogHttpCaller
@PasswordFineteValidator
@RequestMapping("/login")
public JsonResult login(
@RequestParam(required = false, defaultValue = "1") Long channelId, String appChannel,
......@@ -156,20 +162,6 @@ public class UserController implements IBaseController {
return loginWithHttpBasic(channelId, appChannel, createdFrom, merchant, request, openId,dimension);
}
}
//@LogHttpCaller
//@RequestMapping("/login2")
//public JsonResult login2(
// @RequestParam(required = false, defaultValue = "1") Long channelId, String appChannel,
// @RequestParam(required = false, defaultValue = "1") Long createdFrom,
// @RequestParam(required = false, defaultValue = "") String userId, HttpServletRequest request, @RequestParam(required = false) String openId,@RequestParam(required = false) String dimension) {
//
// if (!StringUtils.isEmpty(userId) && userId.length() > 10) {
//
// return loginWithUserId(channelId, appChannel, createdFrom, userId, null, dimension);
// } else {
// return loginWithHttpBasic(channelId, appChannel, createdFrom, null, request, null,dimension);
// }
//}
@RequestMapping("/test")
public JsonResult test() {
......@@ -254,17 +246,7 @@ public class UserController implements IBaseController {
}
credential = credential.substring(verificationHeader.length(), credential.length());
byte[] buf = Base64.decodeBase64(credential);
boolean validCharset = true;
try {
credential = new String(buf, "UTF-8");
} catch (UnsupportedEncodingException e) {
LOGGER.error("不支持的编码.");
result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
}
if (!validCharset) {
result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
return result;
}
credential = new String(buf, Charset.forName("UTF-8"));
String[] credentialArr = credential.split(":");
if (credentialArr.length != 2) {
result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
......@@ -277,10 +259,54 @@ public class UserController implements IBaseController {
result.put("fail", JsonResult.buildErrorStateResult("登录失败", null));
return result;
}
// 校验短信密码
validateFastLoginVerificationCode(result, phoneNo, verificationCode);
result.put("success", JsonResult.buildSuccessResult(verificationCode, phoneNo));
return result;
}
/**
* 短信密码校验
* @param result - Map
* @param phoneNo - 登录手机号
* @param verificationCode - 短信密码
*/
private void validateFastLoginVerificationCode(Map<String, JsonResult> result, String phoneNo, String verificationCode) {
if (smsService.validateFastLoginVerificationCode(phoneNo, verificationCode)) {
return;
}
// 短信密码错误时,给该账号添加计数器
countErrorForPhoneNo(result, phoneNo, verificationCode);
}
/**
* 短信密码错误时,给该账号添加计数器
* @param result Map
* @param phoneNo 登录手机号
* @param verificationCode 短信密码
*/
private void countErrorForPhoneNo(Map<String, JsonResult> result, String phoneNo, String verificationCode) {
String passwordErrorCountKey = Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_PHONE + phoneNo;
if (!stringRedisTemplate.hasKey(passwordErrorCountKey)) {
stringRedisTemplate.opsForValue().set(passwordErrorCountKey, String.valueOf(0), Constants.ONE_DAY, TimeUnit.SECONDS);
}
LOGGER.info("用户快速登录,验证码校验失败,phoneNo:{} , verificationCode:{}", phoneNo, verificationCode);
// 密码错误计数
Long errorCount = stringRedisTemplate.opsForValue().increment(passwordErrorCountKey, 1L);
if(errorCount >= Constants.Image_Need_Count){
// 短信密码错误次数超过上限,执行销毁
String verificationCodeKey = Constants.REDIS_PREFIX_VERIFICATION_CODE + phoneNo;
stringRedisTemplate.delete(verificationCodeKey);
// 短信密码错误计数器归零
stringRedisTemplate.opsForValue().set(passwordErrorCountKey, String.valueOf(0));
stringRedisTemplate.expire(passwordErrorCountKey, Constants.ONE_DAY, TimeUnit.SECONDS);
result.put("fail", JsonResult.buildErrorStateResult("错误次数过多,请重新获取短信验证码", null));
}else{
result.put("fail", JsonResult.buildErrorStateResult("验证码不正确", null));
}
}
/**
* 用户快速注册
*
......@@ -320,9 +346,7 @@ public class UserController implements IBaseController {
LOGGER.info("用户快速注册失败,请稍后重试, registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
return JsonResult.buildErrorStateResult("注册失败,请稍后重试", null);
}
LOGGER.info("用户快速注册成功, registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
return JsonResult.buildSuccessResult(null, null);
}
......@@ -366,9 +390,7 @@ public class UserController implements IBaseController {
LOGGER.info("用户快速注册失败,请稍后重试, registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
return JsonResult.buildErrorStateResult("注册失败,请稍后重试", null);
}
LOGGER.info("用户注册成功, registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
return JsonResult.buildSuccessResult(null, null);
}
......@@ -489,7 +511,7 @@ public class UserController implements IBaseController {
private User registerFastWhenLogin(String phoneNo, Long channelId, Long registerFrom, String appChannel) {
String password = genRandomPwd();
LOGGER.info("用户快速注册, phoneNo:{}, channelId:{}, registerFrom:{},appChannel:{}", phoneNo, channelId, registerFrom, appChannel);
LOGGER.info("用户快速注册, phoneNo:{}, verificationCode:{}, channelId:{}, registerFrom:{},appChannel:{}", phoneNo, channelId, registerFrom, appChannel);
if (!ValidationUtil.validatePhoneNo(phoneNo)) {
LOGGER.info("用户快速注册失败,手机号错误, registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
throw new UserNotExistException("手机号错误");
......@@ -502,7 +524,6 @@ public class UserController implements IBaseController {
LOGGER.info("用户快速注册成功, registerFrom:{}, phoneNo:{}", registerFrom, phoneNo);
}
return newUser;
}
private JsonResult loginWithHttpBasic(Long channelId, String appChannel, Long createdFrom, Merchant merchant, HttpServletRequest request, String openId,String dimension) {
......@@ -518,7 +539,7 @@ public class UserController implements IBaseController {
private User verificateUserNameAndPassword(HttpServletRequest request, String openId) {
String credential = request.getHeader("authorization");
if (!credential.startsWith("Basic ")) {
if (StringUtils.isBlank(credential) || !credential.startsWith("Basic ")) {
return null;
}
credential = credential.substring("Basic ".length(), credential.length());
......@@ -532,6 +553,8 @@ public class UserController implements IBaseController {
String[] credentialArr = bufStr.split(":");
if (credentialArr.length != 2) {
LOGGER.info("用户登录失败:{}", bufStr);
// 向该ipv4添加错误计数器
countErrorByIpv4();
return null;
}
LOGGER.info("用户正在登录... [{}]", credentialArr);
......@@ -539,37 +562,75 @@ public class UserController implements IBaseController {
String pass = credentialArr[1];
User user = userService.findByPhoneWithCache(phoneNo);
if (user == null || !user.getEnable()) {
doErrorCount(phoneNo);
// 向该phoneNo添加错误计数器
countErrorByPhoneNo(phoneNo);
// 向该ipv4添加错误计数器
countErrorByIpv4();
return null;
}
//验证密码
if (!validatePassword(pass, user.getPassword())) {
doErrorCount(phoneNo);
// 向该phoneNo添加错误计数器
countErrorByPhoneNo(phoneNo);
// 向该ipv4添加错误计数器
countErrorByIpv4();
return null;
}
return user;
}
/**
* 执行账密登录错误计数
* 向该phoneNo添加错误计数器
* @param phoneNo
*/
private void doErrorCount(String phoneNo) {
private void countErrorByPhoneNo(String phoneNo) {
// 密码错误时,给该账号添加计数器
String key = Constants.REDIS_PASSWORD_ERROR_COUNT + phoneNo;
String key = Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_PHONE + phoneNo;
if (!stringRedisTemplate.hasKey(key)) {
LOGGER.info("添加错误计数器,key={}", key);
stringRedisTemplate.opsForValue().set(key, String.valueOf(0), DateUtils.getSeconds(), TimeUnit.SECONDS);
}
// 密码错误计数
Long errorCount = stringRedisTemplate.opsForValue().increment(key, 1L);
if(errorCount > Constants.Image_Need_Count){
if (errorCount > Constants.Image_Need_Count) {
throw new PasswordErrorLimitException("用户名或密码不正确");
}else if(Objects.equals(errorCount, Constants.Image_Need_Count)){
} else if (Objects.equals(errorCount, Constants.Image_Need_Count)) {
throw new PasswordErrorLimitException("请输入图形验证码");
}
}
/**
* 向该ipv4添加错误计数器
*/
private void countErrorByIpv4() {
// if(!ValidationUtil.isAtDangerousTime()){
// return;
// }
String ipv4 = getIp();
if (StringUtils.isNotBlank(ipv4) && !ValidationUtil.validateLocalIpv4(ipv4)) {
String ipv4Key = getIpKey(getIp());
if(!stringRedisTemplate.hasKey(getIpKey(getIp()))){
// 计数周期5分钟
stringRedisTemplate.opsForValue().set(ipv4Key, String.valueOf(0), Constants.IPV4_COUNT_MINUTES, TimeUnit.MINUTES);
}
Long count = stringRedisTemplate.opsForValue().increment(ipv4Key, 1L);
LOGGER.info("Count for Locked ip access:{}, count={}", ipv4, count);
if (count >= Constants.IPV4_LOCK_ON_COUNTS){
String lockIpv4Key = getLockIpv4Key(ipv4);
stringRedisTemplate.opsForValue().set(lockIpv4Key, Boolean.TRUE.toString(), Constants.IPV4_LOCK_MINUTES, TimeUnit.MINUTES);
LOGGER.info("Locked ip access:{}, error overstep {} times in {} minutes, do lock {} minutes", ipv4, Constants.IPV4_LOCK_ON_COUNTS, Constants.IPV4_COUNT_MINUTES, Constants.IPV4_LOCK_MINUTES);
}
}
}
private final static String getIpKey(String ipv4){
return Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 + ipv4;
}
private final static String getLockIpv4Key(String ipv4){
return Constants.IPV4_LOCK + ipv4;
}
private boolean validatePassword(String paramPass, String targetPassword) {
return StringUtils.defaultString(targetPassword, "").equals(PasswordUtil.MD5(paramPass.toLowerCase() + pwdSalt));
}
......
src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java
View file @ a1f894a1
package cn.quantgroup.xyqb.util;
import cn.quantgroup.xyqb.Constants;
import org.apache.commons.lang.StringUtils;
import java.util.Calendar;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
......@@ -11,33 +13,55 @@ import java.util.regex.Pattern;
*/
public class ValidationUtil {
private static String regExp = "^((13[0-9])|(14[0-9])|(15[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$";
private static String chineseExp = "^[\u4e00-\u9fa5]+(\\.|·)?[\u4e00-\u9fa5]+$";
private static String phoneRegExp = "^((13[0-9])|(14[0-9])|(15[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$";
private static String chineseNameRegExp = "^[\u4e00-\u9fa5]+(\\.|·)?[\u4e00-\u9fa5]+$";
private static String ipv4RegExp = "^((2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)\\.){3}(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)$";
private static String localIpv4RegExp = "^172(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){3}$";
private static Pattern phonePattern = Pattern.compile(regExp);
private static Pattern chinesePattern = Pattern.compile(chineseExp);
private static Pattern phonePattern = Pattern.compile(phoneRegExp);
private static Pattern chinesePattern = Pattern.compile(chineseNameRegExp);
private static Pattern ipv4Pattern = Pattern.compile(ipv4RegExp);
private static Pattern localIpv4Pattern = Pattern.compile(localIpv4RegExp);
public static boolean validatePhoneNo(String phoneNo) {
boolean lengthValid = StringUtils.isNotEmpty(phoneNo) && phoneNo.length() == 11 && StringUtils.isNumeric(phoneNo);
boolean lengthValid = StringUtils.isNotBlank(phoneNo) && phoneNo.length() == 11 && StringUtils.isNumeric(phoneNo);
if (!lengthValid) {
return false;
}
Matcher matcher = phonePattern.matcher(phoneNo);
return matcher.find();
}
public static boolean validateChinese(String chinese) {
if (StringUtils.isEmpty(chinese)) {
if (StringUtils.isBlank(chinese)) {
return false;
}
Matcher matcher = chinesePattern.matcher(chinese);
return matcher.find();
}
public static boolean validateIpv4(String ipv4) {
if (StringUtils.isBlank(ipv4)) {
return false;
}
Matcher matcher = ipv4Pattern.matcher(ipv4);
return matcher.find();
}
public static boolean validateLocalIpv4(String localIpv4) {
if (StringUtils.isBlank(localIpv4)) {
return false;
}
Matcher matcher = localIpv4Pattern.matcher(localIpv4);
return matcher.find();
}
public static boolean isAtDangerousTime() {
Calendar now = Calendar.getInstance();
int hour = now.get(Calendar.HOUR_OF_DAY);
return Constants.DANGEROUS_TIME_START <= hour || hour < Constants.DANGEROUS_TIME_END;
}
public static boolean validateChannelId(Long channelId) {
return channelId == 0L ? false : true;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment