4dkankan-v4
/
4dkankan-center-scene


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222
							package com.fdkankan.scene.Interceptor;

import cn.hutool.core.util.StrUtil;
import cn.hutool.core.util.URLUtil;
import com.alibaba.fastjson.JSON;
import com.fdkankan.common.constant.CommonStatus;
import com.fdkankan.common.constant.ErrorCode;
import com.fdkankan.common.constant.SceneStatus;
import com.fdkankan.common.constant.ServerCode;
import com.fdkankan.common.exception.BusinessException;
import com.fdkankan.common.util.AesUtil;
import com.fdkankan.common.util.Base64Converter;
import com.fdkankan.common.util.PasswordUtils;
import com.fdkankan.common.util.SecurityUtil;
import com.fdkankan.redis.util.RedisUtil;
import com.fdkankan.scene.entity.*;
import com.fdkankan.scene.service.*;
import com.fdkankan.scene.util.JmgaSSOLoginHelper;
import com.fdkankan.web.response.ResultData;
import com.fdkankan.web.user.SSOLoginHelper;
import com.fdkankan.web.user.SSOUser;
import com.fdkankan.web.util.WebUtil;
import lombok.extern.log4j.Log4j2;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

import javax.annotation.Resource;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.util.*;

@Log4j2
@Aspect
@Component
@Order(101)
public class CheckViewBizAuthAspect {

	@Value("${scene.view.encrypt-key:3d8904474ebbdbbd81c5952524dad646}")
	private String ENCRYPT_KEY;

	@Resource
	private JmgaSSOLoginHelper jmgaSSOLoginHelper;
	@Autowired
	private RedisUtil redisUtil;
	@Autowired
	private IScenePlusService scenePlusService;
	@Autowired
	private ISceneCooperationService sceneCooperationService;
	@Autowired
	private IJySceneUserAuthService jySceneUserAuthService;
	@Autowired
	private IJySceneAuthService jySceneAuthService;
	@Autowired
	private IUserService userService;
	@Autowired
	private IJyUserService jyUserService;
	@Autowired
	private ISysLogService sysLogService;


	@Pointcut("@annotation(com.fdkankan.scene.annotation.CheckViewBizAuth)")
	public void checkViewBizAuth() {
	}

	/**
	 * 前置通知 用于判断用户协作场景是否有协作权限
	 *
	 * @param joinPoint
	 *            切点
	 * @throws IOException
	 */
	@Before("checkViewBizAuth()")
	public void doBefore(JoinPoint joinPoint) throws Exception {
		HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
		Map<String, Object> params = WebUtil.getParameter(joinPoint, request);

		String remoteIp = WebUtil.getIpAddress(request);

		String num = (String) params.get("num");
		String sign = (String) params.get("sign");

		SysLog sysLog = new SysLog();
		sysLog.setRequestPath("场景展示");
		sysLog.setUri(request.getRequestURI());
		sysLog.setMethod(request.getMethod());
		sysLog.setIp(remoteIp);
		sysLog.setBrowser(WebUtil.getBrowser(request));
		sysLog.setOperationType("scene-view");
		sysLog.setParams(JSON.toJSONString(params));

		boolean interruptCheck = false;
		String userName = null, ip = null, timestamp = null;
		try {
			if(StrUtil.isNotEmpty(sign)){
				interruptCheck = true;
				sign = sign.replaceAll("%2B", "+").replaceAll(" ", "+");
				String[] split = null;
				try {
					String decode = AesUtil.decryptECB(sign, ENCRYPT_KEY, "AES/ECB/PKCS5Padding");
					split = decode.split("@");

				}catch (Exception e){
					log.error("签名解密失败", e);
					throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "签名解密失败");
				}

				if(Objects.isNull(split) || split.length == 1){
					throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "签名参数错误");
				}else{
					for (int i = 0; i < split.length; i++){
						if(i == 0){
							userName = split[i];
						}
						if(i == 1){
							ip = split[i];
						}
						if(i == 2){
							timestamp = split[i];
						}
					}

					if(StrUtil.isNotEmpty(ip) && !ip.equals(remoteIp)){
						throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "ip不匹配");
					}

					if(StrUtil.isNotEmpty(timestamp) && Calendar.getInstance().getTime().after(new Date(Long.valueOf(timestamp) * 1000))){
						throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "超出访问截止时间");
					}
				}
			}

			//校验token
			if(!interruptCheck){
				log.info("num:{}", num);
				log.info("token：{}", request.getHeader("token"));
				String token = request.getHeader("token");
				if(StrUtil.isNotEmpty(token)){
					SSOUser user = jmgaSSOLoginHelper.getSsoUser(token);
					if(Objects.isNull(user)){
						throw new BusinessException(ErrorCode.AUTH_FAIL.code(), ErrorCode.TOKEN_NOT_FOUND.message());
					}
					JyUser jyUser = jyUserService.getBySysUserId(user.getId().intValue());
					log.info("user:{}", JSON.toJSONString(user));
					ScenePlus scenePlus = scenePlusService.getScenePlusByNum(num);
					if(Objects.isNull(scenePlus)){
						throw new BusinessException(ErrorCode.FAILURE_CODE_5005);
					}
					log.info("scenePlus:{}", scenePlus);
					if(Objects.isNull(scenePlus.getUserId()) || Objects.isNull(jyUser) || jyUser.getUserId() != scenePlus.getUserId().intValue()){
						throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "无权访问");
					}else{
						interruptCheck = true;
						userName = user.getUserName();
					}
				}

			}

			if(!interruptCheck){
				//查询场景是否业务授权
				JySceneAuth jySceneAuth = jySceneAuthService.getByNum(num);
				if(!Objects.isNull(jySceneAuth) && jySceneAuth.getAuthType() == 0){
					//业务授权校验用户名密码
					userName = (String) params.get("userName");
					String password = (String) params.get("password");
					if(StrUtil.isEmpty(userName) || StrUtil.isEmpty(password)){
						throw new BusinessException(ErrorCode.USERNAME_PASSWORD_REQUIRE);
					}
					//查询用户
					JyUser jyUser = jyUserService.getByJyNo(userName);
					if(Objects.isNull(jyUser)){
						throw new BusinessException(ErrorCode.PASSWORD_ERROR);
					}
					JySceneUserAuth jySceneUserAuth = jySceneUserAuthService.getSceneViewAuth(num, jyUser.getId());
					if(Objects.isNull(jySceneUserAuth)){
						throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "无权访问");
					}
					if (jySceneUserAuth.getLookAuth() == 2 && jySceneUserAuth.getLookEndTime().before(Calendar.getInstance().getTime())){
						throw new BusinessException(ErrorCode.AUTH_FAIL.code(), "超出访问截止时间");
					}

					//如果授权校验通过，校验密码是否正确
					User user = userService.findByUserName(userName);
					if(Objects.isNull(user)){
						throw new BusinessException(ErrorCode.PASSWORD_ERROR);
					}
					//模拟前端密码加密规则生成前端密码
					password = SecurityUtil.MD5(Base64Converter.decode(password));
					//数据库密码比对
					if(Objects.isNull(user) || !password.equals(user.getPassword())){
						throw new BusinessException(ErrorCode.PASSWORD_ERROR);
					}
				}
			}
		}catch (BusinessException e){
			//写入日志
			sysLog.setUserName(userName);
			sysLog.setResult(e.getMessage());
			sysLogService.save(sysLog);
			throw e;
		}
		//写入日志
		sysLog.setUserName(userName);
		sysLog.setResult(ServerCode.SUCCESS.message());
		sysLogService.save(sysLog);
	}

}