合并Master-20171123上线分支的代码

src/main/java/cn/quantgroup/xyqb/Constants.java

@@ -14,7 +14,6 @@ public interface Constants {
   String IMAGE_CAPTCHA_KEY = "img_captcha:";
   String X_AUTH_TOKEN = "x-auth-token";
   String ONE_TIME_TOKEN = "oneTimeToken";
-  String REDIS_PASSWORD_ERROR_COUNT = "password_error_4_phone:";
   String REDIS_CAPTCHA_KEY = "auth:";
 
   String CONFIG_CAPTCHA = "cfg_captcha_%";
@@ -38,13 +37,22 @@ public interface Constants {
   String REDIS_VOICE_DEVICE_COUNT = "Voice_Device_verification_code_count:";
 
   String REDIS_VERIFICATION_COUNT = "verification_code_count:";
-  final Long Image_Need_Count = 3L;
-  final Long IMAGE_FINITE_COUNT = 3L;
+  Long Image_Need_Count = 3L;
+  Long IMAGE_FINITE_COUNT = 3L;
 
+  String REDIS_PASSWORD_ERROR_COUNT_FOR_PHONE = "password_error_4_phone:";
+  String REDIS_PASSWORD_ERROR_COUNT_FOR_IPV4 = "password_error_count_4_ipv4:";
+  String IPV4_LOCK = "lock_ipv4:";
+  Long IPV4_LOCK_MINUTES = 6 * 60L;//3L;//6 * 60L;
+  Long IPV4_COUNT_MINUTES = 1L;
+  Long IPV4_LOCK_ON_COUNTS = 60L;//5L;//60L;
+  int DANGEROUS_TIME_START = 23;//20;//22;
+  int DANGEROUS_TIME_END = 6;
   /**
    * redis中token的key值前缀
    */
   String SESSION_PREFIX = "spring:session:sessions:";
+  Long ONE_DAY = 24 * 60 * 60L;
 
   interface Channel {
     long LKB = 1;    // 量化派

src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidateAdvisor.java

@@ -145,7 +145,7 @@ public class CaptchaFiniteValidateAdvisor {
     if(StringUtils.isBlank(phoneNo)){
       return null;
     }
-    return Constants.REDIS_PASSWORD_ERROR_COUNT + phoneNo;
+    return Constants.REDIS_PASSWORD_ERROR_COUNT_FOR_PHONE + phoneNo;
   }
 
   /**

src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordErrorFiniteValidateAdvisor.java

+package cn.quantgroup.xyqb.aspect.captcha;
+
+
+import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.model.JsonResult;
+import cn.quantgroup.xyqb.util.ValidationUtil;
+import com.google.common.collect.Lists;
+import org.apache.commons.lang3.StringUtils;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Pointcut;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.*;
+
+/**
+ * 密码错误限次的校验
+ * @author 任文超
+ * @version 1.0.0
+ * @since 2017-11-23
+ */
+@Aspect
+@Component
+public class PasswordErrorFiniteValidateAdvisor {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(PasswordErrorFiniteValidateAdvisor.class);
+
+  @Autowired
+  @Qualifier("stringRedisTemplate")
+  private RedisTemplate<String, String> redisTemplate;
+
+  /**
+   * 密码错误限次切面
+   */
+  @Pointcut("@annotation(cn.quantgroup.xyqb.aspect.captcha.PasswordFineteValidator)")
+  private void passwordErrorFiniteValidate() {
+  }
+
+  /**
+   * 在受保护的接口方法执行前, 执行锁状态校验
+   *
+   * @param pjp
+   * @return
+   * @throws Throwable
+   */
+  @Around("passwordErrorFiniteValidate()")
+  private Object doFiniteValidate(ProceedingJoinPoint pjp) throws Throwable {
+    if(!ValidationUtil.isAtDangerousTime()){
+      return pjp.proceed();
+    }
+    HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+    // 客户端IP
+    String clientIp = getIp(request);
+    String lockIpv4Key = getLockIpv4Key(clientIp);
+    String lock = redisTemplate.opsForValue().get(lockIpv4Key);
+    if (Objects.equals(Boolean.TRUE.toString(), lock)){
+      LOGGER.info("Locked ip access:{}", clientIp);
+      return JsonResult.buildErrorStateResult("登录失败", null);
+    }
+    return pjp.proceed();
+  }
+
+  private final static String getLockIpv4Key(String ipv4){
+    return Constants.IPV4_LOCK + ipv4;
+  }
+
+  /**
+   * 客户端IP解析
+   *
+   * @param request 当前请求，其首部行必须包含形如【SingleToken 13461067662:0123456789abcdef】的UTF-8编码的Base64加密参数
+   * @return 客户端IP 或 null
+   */
+  private String getIp(HttpServletRequest request) {
+    Objects.requireNonNull(request, "无效请求");
+    String ip = request.getHeader("x-real-ip");
+    if (StringUtils.isBlank(ip)) {
+      ip = request.getRemoteAddr();
+    }
+    //过滤反向代理的ip
+    String[] stemps = ip.split(",");
+    if (stemps.length >= 1) {
+      //得到第一个IP，即客户端真实IP
+      ip = stemps[0];
+    }
+    ip = ip.trim();
+    if (ip.length() > 23) {
+      ip = ip.substring(0, 23);
+    }
+    return ip;
+  }
+
+
+}

src/main/java/cn/quantgroup/xyqb/aspect/captcha/PasswordFineteValidator.java

+package cn.quantgroup.xyqb.aspect.captcha;
+
+import java.lang.annotation.*;
+
+/**
+ * 密码错误限次的校验标记
+ * @author 任文超
+ * @version 1.0.0
+ * @since 2017-11-23
+ */
+@Documented
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+public @interface PasswordFineteValidator {
+}

src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java

 package cn.quantgroup.xyqb.util;
 
+import cn.quantgroup.xyqb.Constants;
 import org.apache.commons.lang.StringUtils;
 
+import java.util.Calendar;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -11,33 +13,55 @@ import java.util.regex.Pattern;
  */
 public class ValidationUtil {
 
-  private static String regExp = "^((13[0-9])|(14[0-9])|(15[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$";
-  private static String chineseExp = "^[\u4e00-\u9fa5]+(\\.|·)?[\u4e00-\u9fa5]+$";
+  private static String phoneRegExp = "^((13[0-9])|(14[0-9])|(15[0-9])|(17[0-9])|(18[0-9])|(19[0-9]))\\d{8}$";
+  private static String chineseNameRegExp = "^[\u4e00-\u9fa5]+(\\.|·)?[\u4e00-\u9fa5]+$";
+  private static String ipv4RegExp = "^((2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)\\.){3}(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)$";
+  private static String localIpv4RegExp = "^172(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){3}$";
 
-  private static Pattern phonePattern = Pattern.compile(regExp);
-  private static Pattern chinesePattern = Pattern.compile(chineseExp);
+  private static Pattern phonePattern = Pattern.compile(phoneRegExp);
+  private static Pattern chinesePattern = Pattern.compile(chineseNameRegExp);
+  private static Pattern ipv4Pattern = Pattern.compile(ipv4RegExp);
+  private static Pattern localIpv4Pattern = Pattern.compile(localIpv4RegExp);
 
   public static boolean validatePhoneNo(String phoneNo) {
-
-    boolean lengthValid = StringUtils.isNotEmpty(phoneNo) && phoneNo.length() == 11 && StringUtils.isNumeric(phoneNo);
-
+    boolean lengthValid = StringUtils.isNotBlank(phoneNo) && phoneNo.length() == 11 && StringUtils.isNumeric(phoneNo);
     if (!lengthValid) {
       return false;
     }
-
     Matcher matcher = phonePattern.matcher(phoneNo);
-
     return matcher.find();
   }
 
   public static boolean validateChinese(String chinese) {
-    if (StringUtils.isEmpty(chinese)) {
+    if (StringUtils.isBlank(chinese)) {
       return false;
     }
     Matcher matcher = chinesePattern.matcher(chinese);
     return matcher.find();
   }
 
+  public static boolean validateIpv4(String ipv4) {
+    if (StringUtils.isBlank(ipv4)) {
+      return false;
+    }
+    Matcher matcher = ipv4Pattern.matcher(ipv4);
+    return matcher.find();
+  }
+
+  public static boolean validateLocalIpv4(String localIpv4) {
+    if (StringUtils.isBlank(localIpv4)) {
+      return false;
+    }
+    Matcher matcher = localIpv4Pattern.matcher(localIpv4);
+    return matcher.find();
+  }
+
+  public static boolean isAtDangerousTime() {
+    Calendar now = Calendar.getInstance();
+    int hour = now.get(Calendar.HOUR_OF_DAY);
+    return Constants.DANGEROUS_TIME_START <= hour || hour < Constants.DANGEROUS_TIME_END;
+  }
+
   public static boolean validateChannelId(Long channelId) {
     return channelId == 0L ? false : true;
   }