Merge branch 'master' into xyqb-user2-userCenter

Conflicts:
	src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java

src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java

@@ -9,7 +9,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.servlet.http.HttpServletRequest;
 
 import static cn.quantgroup.xyqb.session.XyqbSessionContextHolder.getXSession;
-
+import static cn.quantgroup.xyqb.session.XyqbSessionContextHolder.getXSessionFromRedis;
 /**
  * Created by Miraculous on 15/7/5.
  */
@@ -27,6 +27,10 @@ public interface IBaseController {
     return getXSession();
   }
 
+  default SessionStruct getCurrentSessionFromRedis(){
+    return   getXSessionFromRedis();
+  }
+
 
   default HttpServletRequest getRequest() {
     ServletRequestAttributes attrs = (ServletRequestAttributes) RequestContextHolder

src/main/java/cn/quantgroup/xyqb/controller/external/user/WeChatController.java

@@ -314,6 +314,7 @@ public class WeChatController implements IBaseController {
         // 已经关联了用户
         // create session, 登进去，该怎么玩怎么玩。
         String redirectUrl = createUserSession(user, merchant, redirect, schema, registerFrom);
+        LOGGER.info("Location:[{}]",redirectUrl);
         response.setHeader("Location", redirectUrl);
         response.setStatus(301);
       }
@@ -373,7 +374,7 @@ public class WeChatController implements IBaseController {
     // 已经关联了用户
     // create session, 登进去，该怎么玩怎么玩。
     String redirectUrl = createUserSession(user, merchant, "", schema, Constants.Channel.WECHAT);
-    LOGGER.info("Location={}", redirectUrl);
+    LOGGER.info("Location=[{}]", redirectUrl);
     response.setHeader("Location", redirectUrl);
     response.setStatus(301);
   }
@@ -414,12 +415,14 @@ public class WeChatController implements IBaseController {
 
   private void redirectWechatLoginUrlWithoutLogin(HttpServletResponse response, Merchant merchant, WechatUserInfo userInfo, Long registerFrom) {
     String redirectUrl = assembleWechatRedirectUrl(merchant, userInfo, registerFrom);
+    LOGGER.info("redirectWechatLoginUrlWithoutLogin redirectUrl:[{}]",redirectUrl);
     response.setHeader("Location", redirectUrl);
     response.setStatus(301);
   }
 
   private void redirectNormalUrl(HttpServletResponse response, Merchant merchant, Long registerFrom) {
     String redirectUrl = assembleNormalRedirectUrl(merchant, registerFrom);
+    LOGGER.info("redirectNormalUrl redirectUrl:[{}]",redirectUrl);
     response.setHeader("Location", redirectUrl);
     response.setStatus(301);
   }

src/main/java/cn/quantgroup/xyqb/controller/internal/login/AuthInfoController.java

 package cn.quantgroup.xyqb.controller.internal.login;
 
 import cn.quantgroup.xyqb.controller.IBaseController;
+import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.UserRet;
 import cn.quantgroup.xyqb.model.session.LoginInfo;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
+import cn.quantgroup.xyqb.service.http.IHttpService;
+import cn.quantgroup.xyqb.service.user.IUserService;
+import com.alibaba.fastjson.JSONObject;
+import com.google.common.collect.ImmutableMap;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
 
 /**
  * Created by Miraculous on 2016/12/30.
  */
 @RestController
 @RequestMapping("/auth")
+@Slf4j
 public class AuthInfoController implements IBaseController {
 
+
+  @Value("${xyqb.auth.url}")
+  private String xyqbAuthUrl;
+
+  @Autowired
+  private IHttpService httpService;
+
+  @Autowired
+  private IUserService userService;
+
+
   @RequestMapping("/info/login")
   public JsonResult loginInfo() {
-    SessionStruct sessionStruct = getSessionStruct();
-    LoginInfo loginInfo = new LoginInfo();
-    loginInfo.setUser(UserRet.getUserRet(sessionStruct.getValues().getUser()));
-    loginInfo.setToken(sessionStruct.getSid());
-    LoginInfo.LoginContext context = new LoginInfo.LoginContext();
-    context.setChannelId(sessionStruct.getValues().getLoginProperties().getChannelId());
-    context.setCreatedFrom(sessionStruct.getValues().getLoginProperties().getCreatedFrom());
-    context.setAppChannel(sessionStruct.getValues().getLoginProperties().getAppChannel());
-    loginInfo.setLoginContext(context);
-    return JsonResult.buildSuccessResult("", loginInfo);
+    SessionStruct sessionStruct = getCurrentSessionFromRedis();
+    if(null != sessionStruct) {
+      log.info("从用户中心获取到了用户登录信息:phone:[{}]",sessionStruct.getValues().getUser().getPhoneNo());
+      LoginInfo loginInfo = new LoginInfo();
+      loginInfo.setUser(UserRet.getUserRet(sessionStruct.getValues().getUser()));
+      loginInfo.setToken(sessionStruct.getSid());
+      LoginInfo.LoginContext context = new LoginInfo.LoginContext();
+      context.setChannelId(sessionStruct.getValues().getLoginProperties().getChannelId());
+      context.setCreatedFrom(sessionStruct.getValues().getLoginProperties().getCreatedFrom());
+      context.setAppChannel(sessionStruct.getValues().getLoginProperties().getAppChannel());
+      loginInfo.setLoginContext(context);
+      return JsonResult.buildSuccessResult("", loginInfo);  //有ThreadLocal不释放的问题，不可再使用原来方式了
+    }else {
+      // 函谷关去查token 返回值高仿
+      log.info("去向函谷关查询用户信息");
+      HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+      String token = request.getHeader("x-auth-token");
+      if(StringUtils.isBlank(token) ||token.length() != 36){
+        return JsonResult.buildErrorStateResult("用户未登录",null);
+      }
+      String checkUrl = xyqbAuthUrl+"/innerapi/is_login";
+      ImmutableMap<String, String> headMap = ImmutableMap.of("x-auth-token", token);
+      String response = httpService.get(checkUrl, headMap, null);
+      log.info("去向函谷关查询用户信息,response:[{}]",response);
+      JsonResult result = JSONObject.parseObject(response, JsonResult.class);
+      if (result == null || !"0000".equals(result.getCode()) || !"0000".equals(result.getBusinessCode())) {
+        return JsonResult.buildErrorStateResult("用户未登录",null);
+      }
+      String phoneNo = ((Map<String, String>) result.getData()).get("phoneNo");
+      User user = userService.findByPhoneWithCache(phoneNo);
+      LoginInfo loginInfo = new LoginInfo();
+      loginInfo.setUser(UserRet.getUserRet(user));
+      loginInfo.setToken(token);
+      LoginInfo.LoginContext context = new LoginInfo.LoginContext();
+      context.setChannelId(null);
+      context.setCreatedFrom(user.getRegisteredFrom());
+      context.setAppChannel("");
+      loginInfo.setLoginContext(context);
+      return JsonResult.buildSuccessResult("", loginInfo);
+    }
   }
 
 }

src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java

@@ -26,7 +26,7 @@ import java.io.PrintWriter;
 public class RequestFilter implements Filter {
 
   private static final String[] ALLOWED_PATTERNS = {
-      "/innerapi/**", "/user/exist", "/motan/**", "/user/register", "/user/login", "/user/register/fast",
+      "/innerapi/**", "/user/exist", "/motan/**", "/user/register", "/user/login", "/user/register/fast","/auth/info/login",
       "/user/login/fast", "/user/reset_password", "/user/exist_check","/user/center/**",
       "/jr58/**", "/app/login", "/app/login_super", "/wechat/**", "/config/**", "/api/**", "/user/exists_token",
       "/platform/api/page/return_url", "/MP_" +

src/main/java/cn/quantgroup/xyqb/interceptors/IPWhiteListInterceptor.java

 package cn.quantgroup.xyqb.interceptors;
 
 import cn.quantgroup.xyqb.util.IPUtil;
+import com.google.common.collect.Sets;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -9,6 +10,8 @@ import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.regex.Pattern;
 
 /**
@@ -21,6 +24,8 @@ public class IPWhiteListInterceptor implements HandlerInterceptor {
     private static final Logger LOGGER = LoggerFactory.getLogger(IPWhiteListInterceptor.class);
 
     private static final String patternStr = "172.*";
+    private static final String [] allowIPs = {"139.198.7.123"};
+    private static Set<String> allowIPSet = Sets.newHashSet(allowIPs);
     private static final Pattern pattern = Pattern.compile(patternStr);
 
     public IPWhiteListInterceptor(Integer isDebug) {
@@ -32,15 +37,16 @@ public class IPWhiteListInterceptor implements HandlerInterceptor {
         if(isDebug !=0) return true;
         String remoteIP = IPUtil.getRemoteIP(request);
         if(StringUtils.isNoneBlank(remoteIP)){
-            /*boolean isMatch = pattern.matcher(remoteIP).matches();
+            remoteIP = remoteIP.trim();
+            boolean isMatch = pattern.matcher(remoteIP).matches();
+            isMatch = Boolean.logicalOr(isMatch,allowIPSet.contains(remoteIP));
             if(!isMatch){
                 LOGGER.info("非法IP尝试访问,ip:[{}]",remoteIP);
             }
-            return isMatch;*/
-            LOGGER.info("来源IP:[{}]",remoteIP);
+            return isMatch;
         }
-//        LOGGER.info("未能获取remoteIP");
-        return true;
+        LOGGER.info("未能获取remoteIP");
+        return false;
     }
 
     @Override

src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java

@@ -52,6 +52,32 @@ public class XyqbSessionContextHolder {
     }
   }
 
+  public static SessionStruct getXSessionFromRedis(){
+    HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+    String token = request.getHeader("x-auth-token");
+    if (token == null || token.length() != 36) {
+      return null;
+    }
+    String result = redisTemplate.opsForValue().get(Constants.Session.USER_SESSION_CACHE + token);
+    if (StringUtils.isEmpty(result)) {
+      return null;
+    }
+    try {
+      SessionValue values = JSON.parseObject(result, SessionValue.class);
+
+      if (values == null) {
+        return null;
+      }
+      SessionStruct sessionStruct = new SessionStruct();
+      sessionStruct.setSid(token);
+      sessionStruct.setValues(values);
+      return sessionStruct;
+    }catch (Exception ex){
+      LOGGER.error("序列化session出错", ex);
+      return null;
+    }
+  }
+
   public static void releaseSession() {
     threadSession.remove();
   }

src/main/resources/config/dev/xyqb.properties

@@ -78,8 +78,8 @@ protocol.contentLength=1048576
 protocol.isDefault=true
 #motan registry center
 registry.protocol=zookeeper
-registry.address=172.16.1.63:2181,172.16.1.64:2181,172.16.1.65:2181
-motan.port=8082
+registry.address=192.168.4.163:2181
+motan.port=8086
 motan.user.group=userGroup
 motan.user.module=user-motan-rpc
 motan.application=xyqbUserMotan