完成token有效性判定和session延续生命期接口，待自测盒接入swagger

src/main/java/cn/quantgroup/xyqb/controller/external/user/UserApiController.java

 package cn.quantgroup.xyqb.controller.external.user;
 
+import cn.quantgroup.xyqb.Constants;
+import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
+import cn.quantgroup.xyqb.aspect.logcaller.LogHttpCaller;
 import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.JsonResult;
+import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.service.api.IUserApiService;
+import cn.quantgroup.xyqb.service.session.ISessionService;
 import cn.quantgroup.xyqb.service.user.IUserService;
+import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
+import cn.quantgroup.xyqb.util.ValidationUtil;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+import java.util.Objects;
 
 /**
  * Created by FrankChow on 15/12/16.
  */
+@Slf4j
 @RestController
 @RequestMapping("/api")
 public class UserApiController {
 
-  private static final Logger LOGGER = LoggerFactory.getLogger(UserApiController.class);
-
-  @Autowired
-  private IUserApiService userApiService;
-  @Autowired
+  @Resource
   private IUserService userService;
+  @Resource
+  private IUserApiService userApiService;
+  @Resource
+  private ISessionService sessionService;
+  @Resource
+  @Qualifier("stringRedisTemplate")
+  private RedisTemplate<String, String> stringRedisTemplate;
 
   @RequestMapping("/user/check")
   public JsonResult userImportCheck(String phoneNo, String registerFrom) {
     if ("244".equals(registerFrom)) {
-      LOGGER.info("[user_import_check]用户导入检查拒绝。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
+      log.info("[user_import_check]用户导入检查拒绝。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
       return JsonResult.buildErrorStateResult("用户导入检查拒绝", false);
     }
     if (StringUtils.isEmpty(phoneNo) || StringUtils.isEmpty(registerFrom)) {
-      LOGGER.error("[user_import_check]检查传入的参数，参数不全。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
+      log.error("[user_import_check]检查传入的参数，参数不全。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
       return JsonResult.buildErrorStateResult("检查传入的参数，参数不全。", null);
     }
     boolean checkPassed = userApiService.userImportCheck(phoneNo);
     if (checkPassed) {
-      LOGGER.info("[user_import_check]用户可以导入。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
+      log.info("[user_import_check]用户可以导入。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
       return JsonResult.buildSuccessResult("用户可以导入", checkPassed);
     }
-    LOGGER.info("[user_import_check]用户导入检查拒绝。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
+    log.info("[user_import_check]用户导入检查拒绝。phoneNo=[{}], registerFrom=[{}]", phoneNo, registerFrom);
     return JsonResult.buildErrorStateResult("用户导入检查拒绝", checkPassed);
   }
 
@@ -59,4 +72,42 @@ public class UserApiController {
     return JsonResult.buildErrorStateResult(null, null, 2L);
   }
 
+  /**
+   * 检查token是否有效
+   * 如果有效，可选择是否延续生命期（延续后有效期24Hour）
+   *
+   * @param token - sid,session的id
+   * @param prolong - 是否延续生命期，可选参数，默认为: false - 不延续
+   * @return
+   */
+  @LogHttpCaller
+  @IpValidator
+  @RequestMapping(value = "/valid/{token}", method = RequestMethod.POST)
+  public JsonResult checkToken(@PathVariable("token") String token, @RequestParam(name = "prolong", required = false, defaultValue = "false") Boolean prolong) {
+    if(Objects.isNull(token) || !ValidationUtil.validateToken(token)){
+      return JsonResult.buildErrorStateResult("token invalid", token);
+    }
+    String tokenKey = Constants.SESSION_PREFIX + token;
+    String tokenKey2 = Constants.Session.USER_SESSION_CACHE + token;
+    // 判断token是否存在
+    boolean exist = stringRedisTemplate.hasKey(tokenKey)||stringRedisTemplate.hasKey(tokenKey2);
+    /* token存在且需要延续时，进一步判断session是否有效，有效时，自动续期 */
+    if(Boolean.logicalAnd(exist, prolong)){
+      // 获取session信息
+      SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(token);
+      if(Objects.isNull(sessionStruct)) {
+        /* 如果没有获取到session信息则返回错误信息 */
+        return JsonResult.buildErrorStateResult("session invalid", token);
+      }else{
+        /* 延续session生命期 */
+        try {
+          sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues());
+        } finally {
+          XyqbSessionContextHolder.releaseSession();
+        }
+      }
+    }
+    return JsonResult.buildSuccessResult("token valid", token);
+  }
+
 }

src/main/java/cn/quantgroup/xyqb/controller/internal/user/UserController.java

@@ -2,7 +2,6 @@ package cn.quantgroup.xyqb.controller.internal.user;
 
 import cn.quantgroup.tech.util.TechEnvironment;
 import cn.quantgroup.xyqb.Constants;
-import cn.quantgroup.xyqb.aspect.accessable.IpValidator;
 import cn.quantgroup.xyqb.aspect.captcha.CaptchaFiniteValidator;
 import cn.quantgroup.xyqb.aspect.lock.PasswordErrorFiniteValidator;
 import cn.quantgroup.xyqb.aspect.logcaller.LogHttpCaller;
@@ -15,7 +14,6 @@ import cn.quantgroup.xyqb.exception.VerificationCodeErrorException;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.UserModel;
 import cn.quantgroup.xyqb.model.UserStatistics;
-import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.service.merchant.IMerchantService;
 import cn.quantgroup.xyqb.service.register.IUserRegisterService;
 import cn.quantgroup.xyqb.service.session.ISessionService;
@@ -24,7 +22,6 @@ import cn.quantgroup.xyqb.service.user.ILockIpv4Service;
 import cn.quantgroup.xyqb.service.user.IUserDetailService;
 import cn.quantgroup.xyqb.service.user.IUserService;
 import cn.quantgroup.xyqb.service.wechat.IWechatService;
-import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
 import cn.quantgroup.xyqb.util.IPUtil;
 import cn.quantgroup.xyqb.util.MqUtils;
 import cn.quantgroup.xyqb.util.PasswordUtil;
@@ -357,46 +354,6 @@ public class UserController implements IBaseController {
     return JsonResult.buildSuccessResult(null, null);
   }
 
-  /**
-   * 检查token是否有效
-   * 如果有效，延续生命期（延续后有效期24Hour）
-   *
-   * @param token - sid,session的id
-   * @return
-   */
-  @LogHttpCaller
-  @IpValidator
-  @RequestMapping("/exists_token")
-  public JsonResult checkToken(@RequestParam String token) {
-    if(StringUtils.isEmpty(token)){
-      return JsonResult.buildSuccessResult(null,false);
-    }
-    if(token.contains("*")){
-      return JsonResult.buildSuccessResult(null,false);
-    }
-    String tokenKey = Constants.SESSION_PREFIX + token;
-    String tokenKey2 = Constants.Session.USER_SESSION_CACHE + token;
-    // 判断token是否存在
-    boolean exist = stringRedisTemplate.hasKey(tokenKey)||stringRedisTemplate.hasKey(tokenKey2);
-    /* 进一步判断session是否有效，有效时，自动续期 */
-    if(exist){
-      // 获取session信息
-      SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(token);
-      if(Objects.isNull(sessionStruct)) {
-        /* 如果没有获取到session信息则返回错误信息 */
-        return JsonResult.buildErrorStateResult("登录失败", null);
-      }else{
-        /* 延续session生命期 */
-        try {
-          sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues());
-        } finally {
-          XyqbSessionContextHolder.releaseSession();
-        }
-      }
-    }
-    return JsonResult.buildSuccessResult(null, exist);
-  }
-
   @RequestMapping("/syncUserInfo")
   public JsonResult syncUserInfo(HttpServletRequest request) {
     log.error("[监控][UserController][syncUserInfo] request-Header:{}", JSON.toJSONString(getRequestHeaderMap(request)));

src/main/java/cn/quantgroup/xyqb/util/ValidationUtil.java

@@ -22,13 +22,20 @@ public class ValidationUtil {
   private static final String chineseNameExtendRegExp = "^[\u4dae\u4e00-\u9fff]+(\\.|·)?[\u4dae\u4e00-\u9fff]+$";
   private static final String ipv4RegExp = "^((2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)\\.){3}(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)$";
   private static final String localIpv4RegExp = "^((172\\.(1[0-6]|2[0-9]|3[01]))|(192\\.168|169\\.254)|((127|10)\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)))(\\.(2[0-4][0-9]|25[0-5]|[01]?[0-9][0-9]?)){2}$";
+  private static final String tokenRegExp = "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$";
 
   private static final Pattern phonePattern = Pattern.compile(phoneRegExp);
   private static final Pattern chinesePattern = Pattern.compile(chineseNameRegExp);
   private static final Pattern chineseExtendPattern = Pattern.compile(chineseNameExtendRegExp);
   private static final Pattern ipv4Pattern = Pattern.compile(ipv4RegExp);
   private static final Pattern localIpv4Pattern = Pattern.compile(localIpv4RegExp);
+  private static final Pattern tokenPattern = Pattern.compile(tokenRegExp);
 
+  /**
+   * 是否是合法的中国大陆手机号
+   * @param phoneNo
+   * @return
+   */
   public static boolean validatePhoneNo(String phoneNo) {
     boolean lengthValid = StringUtils.isNotBlank(phoneNo) && phoneNo.length() == 11 && StringUtils.isNumeric(phoneNo);
     if (!lengthValid) {
@@ -38,6 +45,11 @@ public class ValidationUtil {
     return matcher.find();
   }
 
+  /**
+   * 是否是合法的中文姓名
+   * @param chinese
+   * @return
+   */
   public static boolean validateChinese(String chinese) {
     if (StringUtils.isBlank(chinese)) {
       return false;
@@ -81,6 +93,19 @@ public class ValidationUtil {
     return matcher.find();
   }
 
+  /**
+   * 是否是合法的用户中心token
+   * @param token
+   * @return
+   */
+  public static boolean validateToken(String token) {
+    if (StringUtils.isBlank(token)) {
+      return false;
+    }
+    Matcher matcher = tokenPattern.matcher(token);
+    return matcher.find();
+  }
+
   /**
    * 验证密令
    * 私钥 + 操作 + 时