From efb07bcec37c49228d9760794f215c8549243ad2 Mon Sep 17 00:00:00 2001
From: zj <1772600164@qq.com>
Date: Mon, 23 Mar 2026 18:52:21 +0800
Subject: [PATCH] 1
---
src/main/java/com/nq/common/interceptor/ApiUserAuthorityInterceptor.java | 82 ++++++++++++++++++++++++++++++++--------
1 files changed, 65 insertions(+), 17 deletions(-)
diff --git a/src/main/java/com/nq/common/interceptor/ApiUserAuthorityInterceptor.java b/src/main/java/com/nq/common/interceptor/ApiUserAuthorityInterceptor.java
index 38d883d..8ec8a65 100644
--- a/src/main/java/com/nq/common/interceptor/ApiUserAuthorityInterceptor.java
+++ b/src/main/java/com/nq/common/interceptor/ApiUserAuthorityInterceptor.java
@@ -1,15 +1,15 @@
package com.nq.common.interceptor;
-import com.alibaba.druid.util.StringUtils;
import com.alibaba.fastjson.JSON;
-import com.google.common.collect.Maps;
+import com.google.gson.Gson;
import com.nq.annotation.SameUrlData;
import com.nq.common.ServerResponse;
import com.nq.pojo.User;
import com.nq.utils.PropertiesUtil;
import com.nq.utils.redis.JsonUtil;
import com.nq.utils.redis.RedisShardedPoolUtils;
+import com.nq.utils.translate.GoogleTranslateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.core.RedisTemplate;
@@ -22,15 +22,19 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
import java.io.PrintWriter;
import java.lang.annotation.Annotation;
-import java.util.Map;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
import java.util.concurrent.TimeUnit;
@Component
public class ApiUserAuthorityInterceptor implements HandlerInterceptor {
private static final Logger log = LoggerFactory.getLogger(ApiUserAuthorityInterceptor.class);
+ private static final Set<String> PAY_CALLBACK_ALLOW_IPS = new HashSet<>(
+ Arrays.asList("3.111.236.70", "13.233.3.123")
+ );
private RedisTemplate<String,String> redisTemplate;
@@ -52,7 +56,11 @@
}
String url = httpServletRequest.getRequestURI();
- log.info("拦截的url是{}",url);
+ if (isPayCallbackUrl(url) && !isAllowedPayCallbackIp(httpServletRequest)) {
+ log.warn("拦截非白名单回调IP, url={}, ip={}", url, extractClientIp(httpServletRequest));
+ httpServletResponse.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ return false;
+ }
if ("/user/upload.do".equals(url)) {
return true;
}
@@ -71,23 +79,43 @@
if ("/user/pay/flyPay.do".equals(url)) {
return true;
}
+ if ("/user/rechargeCallback.do".equals(url)) {//支付回调
+ return true;
+ }
+ if ("/user/rechargeCallbackTwo.do".equals(url)) {//支付回调
+ return true;
+ }
+ if ("/user/rechargeCallbackZero.do".equals(url)) {//支付回调
+ return true;
+ }
+ if ("/user/rechargeCallbackThree.do".equals(url)) {//支付回调
+ return true;
+ }
+ if ("/user/rechargeCallbackFour.do".equals(url)) {//支付4回调
+ return true;
+ }
+ if ("/user/payoutCallback.do".equals(url)) {//代付回调
+ return true;
+ }
+ if ("/user/payoutCallbackTwo.do".equals(url)) {//代付回调
+ return true;
+ }
+ if ("/user/payoutCallbackThree.do".equals(url)) {//代付v2回调
+ return true;
+ }
User currentUser = getCurrentUser(httpServletRequest);
+ GoogleTranslateUtil googleTranslateUtil = new GoogleTranslateUtil();
+ String lang = httpServletRequest.getHeader("lang");
if (null == currentUser) {
-// httpServletResponse.reset();
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setContentType("application/json;charset=UTF-8");
PrintWriter writer = httpServletResponse.getWriter();
- Map map = Maps.newHashMap();
- map.put("success", Boolean.valueOf(false));
- map.put("msg", "Please Login");
- writer.print(JsonUtil.obj2String(map));
+ writer.print( new Gson().toJson(ServerResponse.createByErrorCodeMsg(401,googleTranslateUtil.translate("请登录",lang ))));
writer.flush();
writer.close();
return false;
}
String uri = httpServletRequest.getRequestURI();
-
-
//验证重复点击与接口权限等
Boolean checkFlag = checkUri(httpServletResponse, handler, uri,currentUser);
if (!checkFlag) {
@@ -95,6 +123,31 @@
}
//判断请求头
return true;
+ }
+
+ private boolean isPayCallbackUrl(String url) {
+ return "/user/rechargeCallbackFour.do".equals(url)
+ || "/user/payoutCallbackThree.do".equals(url);
+ }
+
+ private boolean isAllowedPayCallbackIp(HttpServletRequest request) {
+ String ip = extractClientIp(request);
+ return PAY_CALLBACK_ALLOW_IPS.contains(ip);
+ }
+
+ private String extractClientIp(HttpServletRequest request) {
+ String forwarded = request.getHeader("X-Forwarded-For");
+ if (forwarded != null && !forwarded.trim().isEmpty()) {
+ String first = forwarded.split(",")[0].trim();
+ if (!first.isEmpty()) {
+ return first;
+ }
+ }
+ String realIp = request.getHeader("X-Real-IP");
+ if (realIp != null && !realIp.trim().isEmpty()) {
+ return realIp.trim();
+ }
+ return request.getRemoteAddr();
}
@Override
public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object handler, ModelAndView modelAndView) throws Exception {
@@ -187,20 +240,15 @@
public User getCurrentUser(HttpServletRequest request) {
String property = PropertiesUtil.getProperty("user.cookie.name");
- System.out.println(property);
String loginToken = request.getHeader(property);
if (loginToken == null) {
- System.out.println("loginToken is null");
return null;
}
- System.out.println(loginToken);
String userJson = RedisShardedPoolUtils.get(loginToken);
if (userJson == null||"".equals(userJson)){
- System.out.println("userJson is null");
return null;
}
-// System.out.println(userJson);
return (User) JsonUtil.string2Obj(userJson, User.class);
}
}
--
Gitblit v1.9.3