Merge branch 'master' into xyqb-user2-userCenter

Conflicts: src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java

Merge branch 'master' into xyqb-user2-userCenter
Conflicts: src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
e8ce2034 · Java-刘彧阳 · 1a28f17e · 0ccb8739 · e8ce2034 · e8ce2034
Commit e8ce2034 authored May 12, 2017 by Java-刘彧阳
7 changed files
--- a/src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/IBaseController.java
@@ -9,7 +9,7 @@ import org.springframework.web.context.request.ServletRequestAttributes;
 import javax.servlet.http.HttpServletRequest;
 import static cn.quantgroup.xyqb.session.XyqbSessionContextHolder.getXSession;
+import static cn.quantgroup.xyqb.session.XyqbSessionContextHolder.getXSessionFromRedis;
 /**
 * Created by Miraculous on 15/7/5.
 */
@@ -27,6 +27,10 @@ public interface IBaseController {
    return getXSession();
  }
+  default SessionStruct getCurrentSessionFromRedis(){
+    return   getXSessionFromRedis();
+  }
  default HttpServletRequest getRequest() {
    ServletRequestAttributes attrs = (ServletRequestAttributes) RequestContextHolder

--- a/src/main/java/cn/quantgroup/xyqb/controller/external/user/WeChatController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/external/user/WeChatController.java
@@ -314,6 +314,7 @@ public class WeChatController implements IBaseController {
        // 已经关联了用户
        // create session, 登进去，该怎么玩怎么玩。
        String redirectUrl = createUserSession(user, merchant, redirect, schema, registerFrom);
+        LOGGER.info("Location:[{}]",redirectUrl);
        response.setHeader("Location", redirectUrl);
        response.setStatus(301);
      }
@@ -373,7 +374,7 @@ public class WeChatController implements IBaseController {
    // 已经关联了用户
    // create session, 登进去，该怎么玩怎么玩。
    String redirectUrl = createUserSession(user, merchant, "", schema, Constants.Channel.WECHAT);
-    LOGGER.info("Location={}", redirectUrl);
+    LOGGER.info("Location=[{}]", redirectUrl);
    response.setHeader("Location", redirectUrl);
    response.setStatus(301);
  }
@@ -414,12 +415,14 @@ public class WeChatController implements IBaseController {
  private void redirectWechatLoginUrlWithoutLogin(HttpServletResponse response, Merchant merchant, WechatUserInfo userInfo, Long registerFrom) {
    String redirectUrl = assembleWechatRedirectUrl(merchant, userInfo, registerFrom);
+    LOGGER.info("redirectWechatLoginUrlWithoutLogin redirectUrl:[{}]",redirectUrl);
    response.setHeader("Location", redirectUrl);
    response.setStatus(301);
  }
  private void redirectNormalUrl(HttpServletResponse response, Merchant merchant, Long registerFrom) {
    String redirectUrl = assembleNormalRedirectUrl(merchant, registerFrom);
+    LOGGER.info("redirectNormalUrl redirectUrl:[{}]",redirectUrl);
    response.setHeader("Location", redirectUrl);
    response.setStatus(301);
  }

--- a/src/main/java/cn/quantgroup/xyqb/controller/internal/login/AuthInfoController.java
+++ b/src/main/java/cn/quantgroup/xyqb/controller/internal/login/AuthInfoController.java
 package cn.quantgroup.xyqb.controller.internal.login;
 import cn.quantgroup.xyqb.controller.IBaseController;
+import cn.quantgroup.xyqb.entity.User;
 import cn.quantgroup.xyqb.model.JsonResult;
 import cn.quantgroup.xyqb.model.UserRet;
 import cn.quantgroup.xyqb.model.session.LoginInfo;
 import cn.quantgroup.xyqb.model.session.SessionStruct;
+import cn.quantgroup.xyqb.service.http.IHttpService;
+import cn.quantgroup.xyqb.service.user.IUserService;
+import com.alibaba.fastjson.JSONObject;
+import com.google.common.collect.ImmutableMap;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
 /**
 * Created by Miraculous on 2016/12/30.
 */
 @RestController
 @RequestMapping("/auth")
+@Slf4j
 public class AuthInfoController implements IBaseController {
+  @Value("${xyqb.auth.url}")
+  private String xyqbAuthUrl;
+  @Autowired
+  private IHttpService httpService;
+  @Autowired
+  private IUserService userService;
  @RequestMapping("/info/login")
  public JsonResult loginInfo() {
-    SessionStruct sessionStruct = getSessionStruct();
+    SessionStruct sessionStruct = getCurrentSessionFromRedis();
-    LoginInfo loginInfo = new LoginInfo();
+    if(null != sessionStruct) {
-    loginInfo.setUser(UserRet.getUserRet(sessionStruct.getValues().getUser()));
+      log.info("从用户中心获取到了用户登录信息:phone:[{}]",sessionStruct.getValues().getUser().getPhoneNo());
-    loginInfo.setToken(sessionStruct.getSid());
+      LoginInfo loginInfo = new LoginInfo();
-    LoginInfo.LoginContext context = new LoginInfo.LoginContext();
+      loginInfo.setUser(UserRet.getUserRet(sessionStruct.getValues().getUser()));
-    context.setChannelId(sessionStruct.getValues().getLoginProperties().getChannelId());
+      loginInfo.setToken(sessionStruct.getSid());
-    context.setCreatedFrom(sessionStruct.getValues().getLoginProperties().getCreatedFrom());
+      LoginInfo.LoginContext context = new LoginInfo.LoginContext();
-    context.setAppChannel(sessionStruct.getValues().getLoginProperties().getAppChannel());
+      context.setChannelId(sessionStruct.getValues().getLoginProperties().getChannelId());
-    loginInfo.setLoginContext(context);
+      context.setCreatedFrom(sessionStruct.getValues().getLoginProperties().getCreatedFrom());
-    return JsonResult.buildSuccessResult("", loginInfo);
+      context.setAppChannel(sessionStruct.getValues().getLoginProperties().getAppChannel());
+      loginInfo.setLoginContext(context);
+      return JsonResult.buildSuccessResult("", loginInfo);  //有ThreadLocal不释放的问题，不可再使用原来方式了
+    }else {
+      // 函谷关去查token 返回值高仿
+      log.info("去向函谷关查询用户信息");
+      HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+      String token = request.getHeader("x-auth-token");
+      if(StringUtils.isBlank(token) ||token.length() != 36){
+        return JsonResult.buildErrorStateResult("用户未登录",null);
+      }
+      String checkUrl = xyqbAuthUrl+"/innerapi/is_login";
+      ImmutableMap<String, String> headMap = ImmutableMap.of("x-auth-token", token);
+      String response = httpService.get(checkUrl, headMap, null);
+      log.info("去向函谷关查询用户信息,response:[{}]",response);
+      JsonResult result = JSONObject.parseObject(response, JsonResult.class);
+      if (result == null || !"0000".equals(result.getCode()) || !"0000".equals(result.getBusinessCode())) {
+        return JsonResult.buildErrorStateResult("用户未登录",null);
+      }
+      String phoneNo = ((Map<String, String>) result.getData()).get("phoneNo");
+      User user = userService.findByPhoneWithCache(phoneNo);
+      LoginInfo loginInfo = new LoginInfo();
+      loginInfo.setUser(UserRet.getUserRet(user));
+      loginInfo.setToken(token);
+      LoginInfo.LoginContext context = new LoginInfo.LoginContext();
+      context.setChannelId(null);
+      context.setCreatedFrom(user.getRegisteredFrom());
+      context.setAppChannel("");
+      loginInfo.setLoginContext(context);
+      return JsonResult.buildSuccessResult("", loginInfo);
+    }
  }
 }
--- a/src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
+++ b/src/main/java/cn/quantgroup/xyqb/filter/RequestFilter.java
@@ -26,7 +26,7 @@ import java.io.PrintWriter;
 public class RequestFilter implements Filter {
  private static final String[] ALLOWED_PATTERNS = {
-      "/innerapi/**", "/user/exist", "/motan/**", "/user/register", "/user/login", "/user/register/fast",
+      "/innerapi/**", "/user/exist", "/motan/**", "/user/register", "/user/login", "/user/register/fast","/auth/info/login",
      "/user/login/fast", "/user/reset_password", "/user/exist_check","/user/center/**",
      "/jr58/**", "/app/login", "/app/login_super", "/wechat/**", "/config/**", "/api/**", "/user/exists_token",
      "/platform/api/page/return_url", "/MP_" +

--- a/src/main/java/cn/quantgroup/xyqb/interceptors/IPWhiteListInterceptor.java
+++ b/src/main/java/cn/quantgroup/xyqb/interceptors/IPWhiteListInterceptor.java
 package cn.quantgroup.xyqb.interceptors;
 import cn.quantgroup.xyqb.util.IPUtil;
+import com.google.common.collect.Sets;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -9,6 +10,8 @@ import org.springframework.web.servlet.ModelAndView;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.HashSet;
+import java.util.Set;
 import java.util.regex.Pattern;
 /**
@@ -21,6 +24,8 @@ public class IPWhiteListInterceptor implements HandlerInterceptor {
    private static final Logger LOGGER = LoggerFactory.getLogger(IPWhiteListInterceptor.class);
    private static final String patternStr = "172.*";
+    private static final String [] allowIPs = {"139.198.7.123"};
+    private static Set<String> allowIPSet = Sets.newHashSet(allowIPs);
    private static final Pattern pattern = Pattern.compile(patternStr);
    public IPWhiteListInterceptor(Integer isDebug) {
@@ -32,15 +37,16 @@ public class IPWhiteListInterceptor implements HandlerInterceptor {
        if(isDebug !=0) return true;
        String remoteIP = IPUtil.getRemoteIP(request);
        if(StringUtils.isNoneBlank(remoteIP)){
-            /*boolean isMatch = pattern.matcher(remoteIP).matches();
+            remoteIP = remoteIP.trim();
+            boolean isMatch = pattern.matcher(remoteIP).matches();
+            isMatch = Boolean.logicalOr(isMatch,allowIPSet.contains(remoteIP));
            if(!isMatch){
                LOGGER.info("非法IP尝试访问,ip:[{}]",remoteIP);
            }
-            return isMatch;*/
+            return isMatch;
-            LOGGER.info("来源IP:[{}]",remoteIP);
        }
-//        LOGGER.info("未能获取remoteIP");
+        LOGGER.info("未能获取remoteIP");
-        return true;
+        return false;
    }
    @Override

--- a/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
+++ b/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
@@ -52,6 +52,32 @@ public class XyqbSessionContextHolder {
    }
  }
+  public static SessionStruct getXSessionFromRedis(){
+    HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
+    String token = request.getHeader("x-auth-token");
+    if (token == null || token.length() != 36) {
+      return null;
+    }
+    String result = redisTemplate.opsForValue().get(Constants.Session.USER_SESSION_CACHE + token);
+    if (StringUtils.isEmpty(result)) {
+      return null;
+    }
+    try {
+      SessionValue values = JSON.parseObject(result, SessionValue.class);
+      if (values == null) {
+        return null;
+      }
+      SessionStruct sessionStruct = new SessionStruct();
+      sessionStruct.setSid(token);
+      sessionStruct.setValues(values);
+      return sessionStruct;
+    }catch (Exception ex){
+      LOGGER.error("序列化session出错", ex);
+      return null;
+    }
+  }
  public static void releaseSession() {
    threadSession.remove();
  }

--- a/src/main/resources/config/dev/xyqb.properties
+++ b/src/main/resources/config/dev/xyqb.properties
@@ -78,8 +78,8 @@ protocol.contentLength=1048576
 protocol.isDefault=true
 #motan registry center
 registry.protocol=zookeeper
-registry.address=172.16.1.63:2181,172.16.1.64:2181,172.16.1.65:2181
+registry.address=192.168.4.163:2181
-motan.port=8082
+motan.port=8086
 motan.user.group=userGroup
 motan.user.module=user-motan-rpc
 motan.application=xyqbUserMotan