package com.yami.trading.api.controller; import cn.hutool.core.collection.CollectionUtil; import com.yami.trading.api.model.RegisterMobile; import com.yami.trading.api.model.RegisterModel; import com.yami.trading.api.model.UserLoginModel; import com.yami.trading.bean.constans.UserConstants; import com.yami.trading.bean.model.RiskClient; import com.yami.trading.bean.model.User; import com.yami.trading.common.domain.Result; import com.yami.trading.common.exception.BusinessException; import com.yami.trading.common.exception.YamiShopBindException; import com.yami.trading.common.util.IPHelper; import com.yami.trading.common.util.LockFilter; import com.yami.trading.common.util.StringUtils; import com.yami.trading.common.web.ResultObject; import com.yami.trading.security.common.bo.UserInfoInTokenBO; import com.yami.trading.security.common.enums.SysTypeEnum; import com.yami.trading.security.common.manager.PasswordCheckManager; import com.yami.trading.security.common.manager.TokenStore; import com.yami.trading.security.common.util.RiskClientUtil; import com.yami.trading.security.common.util.SecurityUtils; import com.yami.trading.security.common.vo.TokenInfoVO; import com.yami.trading.service.IdentifyingCodeTimeWindowService; import com.yami.trading.service.syspara.SysparaService; import com.yami.trading.service.user.UserService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.web.bind.annotation.CrossOrigin; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.validation.Valid; import java.io.IOException; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @RestController @CrossOrigin @RequestMapping("api/") @Api(tags = "非登录接口") public class ApiIndexController { private Logger logger = LoggerFactory.getLogger(ApiIndexController.class); @Autowired private TokenStore tokenStore; @Autowired private PasswordCheckManager passwordCheckManager; @Autowired UserService userService; @Autowired private PasswordEncoder passwordEncoder; @Autowired SysparaService sysparaService; @Autowired private IdentifyingCodeTimeWindowService identifyingCodeTimeWindowService; @PostMapping("/login") @ApiOperation(value = "账号密码(用于前端登录)", notes = "通过账号/手机号/用户名密码登录,还要携带用户的类型,也就是用户所在的系统") public Result login(@Valid UserLoginModel model, HttpServletResponse httpResponse) { String mobileOrUserName = model.getUserName(); User user = null; if (model.getType() == 1) { user = userService.findByUserName(mobileOrUserName); } if (model.getType() == 2) { user = userService.findByUserName(mobileOrUserName); } if (model.getType() == 3) { user = userService.findByUserName(mobileOrUserName); } if (user == null) { if(model.getLanguage().equals("en")){ throw new YamiShopBindException("Incorrect account or password"); } throw new YamiShopBindException("账号或密码不正确"); } if (!user.isLoginAuthority()) { if(model.getLanguage().equals("en")){ throw new YamiShopBindException("login fail"); } throw new YamiShopBindException("登录失败"); } // 半小时内密码输入错误十次,已限制登录30分钟 passwordCheckManager.checkPassword(SysTypeEnum.ORDINARY, model.getUserName(), model.getPassWord(), user.getLoginPassword(),model.getLanguage()); UserInfoInTokenBO userInfoInToken = new UserInfoInTokenBO(); userInfoInToken.setUserId(user.getUserId()); userInfoInToken.setSysType(SysTypeEnum.ORDINARY.value()); userInfoInToken.setEnabled(user.getStatus() == 1); user.setUserLastip(IPHelper.getIpAddr()); user.setUserLasttime(new Date()); userService.online(user.getUserId()); userService.updateById(user); tokenStore.deleteAllToken(String.valueOf(SysTypeEnum.ORDINARY.value()), String.valueOf(user.getUserId())); // 存储token返回vo TokenInfoVO tokenInfoVO = tokenStore.storeAndGetVo(userInfoInToken); tokenInfoVO.setToken(tokenInfoVO.getAccessToken()); List riskList = RiskClientUtil.getRiskInfoByUserCode(user.getUserCode(), "badnetwork"); if (CollectionUtil.isNotEmpty(riskList)) { logger.info("uid:{} Network Unavailable", user.getUserId()); // 断网效果 return null; } riskList = RiskClientUtil.getRiskInfoByUserCode(user.getUserCode(), "black"); if (CollectionUtil.isNotEmpty(riskList)) { // 黑名单禁止登录效果 Result result = Result.failed("Forbidden"); result.setCode(1); return result; } return Result.succeed(tokenInfoVO); } @PostMapping("/registerNoVerifcode") @ApiOperation(value = "手机/邮箱/用户名注册(无验证码)") public Result register(@Valid RegisterModel model) { String username = model.getUserName(); String password = model.getPassword(); String usercode = model.getUserCode(); // 注册类型:1/手机;2/邮箱;3/用户名; int type = model.getType(); User user = userService.register(model.getUserName(), passwordEncoder.encode(password) , model.getUserCode(), model.getType(), false); UserInfoInTokenBO userInfoInToken = new UserInfoInTokenBO(); userInfoInToken.setUserId(user.getUserId()); userService.online(user.getUserId()); userInfoInToken.setSysType(SysTypeEnum.ORDINARY.value()); userInfoInToken.setEnabled(user.getStatus() == 1); // userDataService.saveRegister(user.getUserId()); tokenStore.deleteAllToken(String.valueOf(SysTypeEnum.ORDINARY.value()), String.valueOf(user.getUserId())); // 存储token返回vo TokenInfoVO tokenInfoVO = tokenStore.storeAndGetVo(userInfoInToken); tokenInfoVO.setToken(tokenInfoVO.getAccessToken()); user.setUserLastip(IPHelper.getIpAddr()); user.setUserLasttime(new Date()); user.setUserMobile(username); user.setUserMobileBind(Boolean.TRUE); userService.updateById(user); return Result.succeed(tokenInfoVO); } @PostMapping("/registerVerifcode") @ApiOperation(value = "手机(有验证码)") public Result registerVerifcode(@Valid RegisterMobile model) { String username = model.getUserName(); String password = model.getPassword(); String authCode = identifyingCodeTimeWindowService.getAuthCode(username); if (!model.getVerifcode().equalsIgnoreCase(authCode)) { throw new YamiShopBindException("无效验证码"); } User user = userService.register(username, passwordEncoder.encode(password) , model.getUserCode(), model.getType(), false); UserInfoInTokenBO userInfoInToken = new UserInfoInTokenBO(); userInfoInToken.setUserId(user.getUserId()); userService.online(user.getUserId()); userInfoInToken.setSysType(SysTypeEnum.ORDINARY.value()); userInfoInToken.setEnabled(user.getStatus() == 1); // userDataService.saveRegister(user.getUserId()); tokenStore.deleteAllToken(String.valueOf(SysTypeEnum.ORDINARY.value()), String.valueOf(user.getUserId())); // 存储token返回vo TokenInfoVO tokenInfoVO = tokenStore.storeAndGetVo(userInfoInToken); tokenInfoVO.setToken(tokenInfoVO.getAccessToken()); user.setUserLastip(IPHelper.getIpAddr()); user.setUserLasttime(new Date()); userService.updateById(user); return Result.succeed(tokenInfoVO); } /** * 创建虚拟账户信息 */ @RequestMapping("/addVirtualAccount.action") public Object addVirtualAccount(HttpServletRequest request) { String loginPartyId = SecurityUtils.getCurrentUserId(); if (loginPartyId == null) { throw new BusinessException("重复提交"); } String username = loginPartyId; ResultObject resultObject = new ResultObject(); boolean lock = false; try { if (!LockFilter.add(username)) { throw new BusinessException("重复提交"); } lock = true; RegisterModel reg = new RegisterModel(); reg.setUserName(username); reg.setPassword("8973At456"); reg.setType(4); User user = userService.findByUserName(reg.getUserName()); if (user == null) { user = userService.register(reg.getUserName(), passwordEncoder.encode(reg.getPassword()) , reg.getUserCode(), reg.getType(), false); user.setWithdrawAuthority(false); user.setRoleName(UserConstants.SECURITY_ROLE_TEST); } Date now = new Date(); UserInfoInTokenBO userInfoInToken = new UserInfoInTokenBO(); userInfoInToken.setUserId(user.getUserId()); userService.online(user.getUserId()); userInfoInToken.setSysType(SysTypeEnum.ORDINARY.value()); userInfoInToken.setEnabled(user.getStatus() == 1); // userDataService.saveRegister(user.getUserId()); tokenStore.deleteAllToken(String.valueOf(SysTypeEnum.ORDINARY.value()), String.valueOf(user.getUserId())); // 存储token返回vo TokenInfoVO tokenInfoVO = tokenStore.storeAndGetVo(userInfoInToken); tokenInfoVO.setToken(tokenInfoVO.getAccessToken()); user.setUserLastip(IPHelper.getIpAddr()); user.setUserLasttime(now); user.setUpdateTime(now); user.setRoleName(UserConstants.SECURITY_ROLE_TEST); userService.updateById(user); String realUserName = userService.findByUserId(username).getUserName(); Map map = new HashMap<>(); map.put("userCode",user.getUserCode()); map.put("userName",realUserName+"-virtual"); tokenInfoVO.setInfo(map); return Result.succeed(tokenInfoVO); } catch (BusinessException e) { resultObject.setCode("1"); resultObject.setMsg(e.getMessage()); } catch (Throwable t) { logger.error("UserAction.register error ", t); resultObject.setCode("1"); resultObject.setMsg("[ERROR] " + t.getMessage()); } finally { if (lock) { LockFilter.remove(username); } } return resultObject; } /** * 重置虚拟账号信息 */ @RequestMapping("/recharge.action") public Object recharge(HttpServletRequest request) { ResultObject resultObject = new ResultObject(); resultObject = this.readSecurityContextFromSession(resultObject); if (!"0".equals(resultObject.getCode())) { return resultObject; } String loginPartyId = SecurityUtils.getCurrentUserId(); if (loginPartyId == null) { throw new BusinessException("重复提交"); } boolean lock = false; try { if (!LockFilter.add(loginPartyId)) { throw new BusinessException("重复提交"); } lock = true; User user = userService.findByUserId(loginPartyId); double money_wallet = 0; if(user!=null && user.getUserName().length() > 8){ money_wallet = this.userService.recharge(loginPartyId); }else{ logger.error("error:虚拟账号重置失败,UserName:"+user.getUserName()); } Map data = new HashMap(); data.put("money_wallet", money_wallet); resultObject.setData(data); } catch (BusinessException e) { resultObject.setCode("1"); resultObject.setMsg(e.getMessage()); } catch (Throwable t) { resultObject.setCode("1"); resultObject.setMsg("Program Error"); logger.error("error:", t); } finally { if (lock) { LockFilter.remove(loginPartyId); } } return resultObject; } public ResultObject readSecurityContextFromSession(ResultObject resultObject) { String partyId = SecurityUtils.getCurrentUserId(); if (StringUtils.isNullOrEmpty(partyId)) { resultObject.setCode("403"); resultObject.setMsg("请重新登录"); return resultObject; } return resultObject; } }