Skip to content

X
xyqb-user2
Commit b70f29d9 authored by 技术部-任文超's avatar 技术部-任文超
Browse files
Options

提交改名的类

parent cdb2fe25
Show whitespace changes
Inline Side-by-side
Showing with 168 additions and 0 deletions
src/main/java/cn/quantgroup/xyqb/aspect/captcha/CaptchaFiniteValidator.java 0 → 100644
View file @ b70f29d9
package cn.quantgroup.xyqb.aspect.captcha;
import java.lang.annotation.*;
/**
* 限次的图形验证码校验标记
* @author 任文超
* @version 1.0.0
* @since 2017-11-07
*/
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface CaptchaFiniteValidator {
}
src/main/java/cn/quantgroup/xyqb/aspect/limit/PasswordFreeAccessValidateAdvisor.java 0 → 100644
View file @ b70f29d9
package cn.quantgroup.xyqb.aspect.limit;
import cn.quantgroup.xyqb.Constants;
import cn.quantgroup.xyqb.entity.User;
import cn.quantgroup.xyqb.model.JsonResult;
import cn.quantgroup.xyqb.model.session.SessionStruct;
import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
import cn.quantgroup.xyqb.util.IPUtil;
import cn.quantgroup.xyqb.util.ValidationUtil;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
/**
* 免密访问校验切面
*
* @author 任文超
* @version 1.0.0
* @since 2017-11-21
*/
@Aspect
@Component
public class PasswordFreeAccessValidateAdvisor {
private static final Logger LOGGER = LoggerFactory.getLogger(PasswordFreeAccessValidateAdvisor.class);
private static final String PHONE_NO = "phoneNo";
private static final String USER_ID = "userId";
@Autowired
@Qualifier("stringRedisTemplate")
private RedisTemplate<String, String> redisTemplate;
/**
* 免密访问校验切面
*/
@Pointcut("@annotation(cn.quantgroup.xyqb.aspect.limit.PasswordFreeAccessValidator)")
private void passwordFreeAccess() {}
/**
* 执行免密访问校验
*
* @throws Throwable
*/
@Around("passwordFreeAccess()")
private Object checkToken(ProceedingJoinPoint pjp) throws Throwable {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
boolean valid = tokenValid(request) || ipValid(request);
if (valid) {
return pjp.proceed();
}
return JsonResult.buildErrorStateResult("拒绝访问", "");
}
/**
* 校验免密访问
* 规则:token 与 身份标记(phoneNo、userId匹配)
* @return True or False
*/
private boolean tokenValid(HttpServletRequest request) {
Objects.requireNonNull(request, "无效请求");
String clientIp = IPUtil.getRemoteIP(request);
Set<String> paramKeys = request.getParameterMap().keySet();
if(!paramKeys.contains(PHONE_NO) && !paramKeys.contains(USER_ID)){
LOGGER.info("非法请求 - 缺少参数, paramKeys={}, clientIp={}", paramKeys, clientIp);
return false;
}
// 当前请求的phoneNo/userId
String phoneNo = request.getParameter(PHONE_NO);
String userId = request.getParameter(USER_ID);
if(StringUtils.isBlank(phoneNo) && StringUtils.isBlank(userId)){
LOGGER.info("非法请求 - 缺少参数, phoneNo={}, userId={}, clientIp={}", phoneNo, userId, clientIp);
return false;
}
// 当前请求的Token
String token = request.getHeader(Constants.X_AUTH_TOKEN);
if (Objects.isNull(token) || token.length() != 36) {
LOGGER.info("非法请求 - 无效token, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
return false;
}
// 当前session
SessionStruct session = XyqbSessionContextHolder.getXSessionFromRedis(token);
if (Objects.isNull(session) || Objects.isNull(session.getValues()) || Objects.isNull(session.getValues().getUser())){
LOGGER.info("非法请求 - 未登录, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
return false;
}
// 当前用户
User user = session.getValues().getUser();
if(Objects.isNull(user.getId()) && StringUtils.isBlank(user.getPhoneNo())){
LOGGER.info("非法请求 - 未登录, token={}, phoneNo={}, userId={}, clientIp={}", token, phoneNo, userId, clientIp);
return false;
}
// 校对用户信息是否匹配
boolean valid = (Objects.nonNull(user.getId()) && Objects.equals(userId, user.getId().toString()));
valid = valid || (StringUtils.isNotBlank(phoneNo) && Objects.equals(phoneNo, user.getPhoneNo()));
if(!valid) {
LOGGER.info("非法请求 - 身份不匹配, token={}, phoneNo=({},{}), userId=({},{}), clientIp={}", token, phoneNo, user.getPhoneNo(), userId, user.getId(), clientIp);
}
return valid;
}
/**
* 校验免密访问
* 规则:来访IP与白名单匹配
* @return True or False
*/
private boolean ipValid(HttpServletRequest request) {
Objects.requireNonNull(request, "无效请求");
// 客户端IP
String clientIp = IPUtil.getRemoteIP(request);
// 校对来访IP是否与白名单匹配
boolean validIpv4 = ValidationUtil.validateIpv4(clientIp);
// 白名单
if(validIpv4 && IPUtil.whiteOf(clientIp)){
return true;
}
// 补充白名单
if(validIpv4 && redisTemplate.opsForSet().isMember(Constants.IPV4_LOCK_WHITE, clientIp)){
return true;
}
IPUtil.logIp(LOGGER, request);
LOGGER.info("非法请求 - 未授权访问, clientIp={}", clientIp);
return false;
}
}
src/main/java/cn/quantgroup/xyqb/aspect/lock/PasswordErrorFiniteValidator.java 0 → 100644
View file @ b70f29d9
package cn.quantgroup.xyqb.aspect.lock;
import java.lang.annotation.*;
/**
* 密码错误限次的校验标记
* @author 任文超
* @version 1.0.0
* @since 2017-11-23
*/
@Documented
@Target(ElementType.METHOD)
@Retention(RetentionPolicy.RUNTIME)
public @interface PasswordErrorFiniteValidator {
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment