package com.dderp.common.base; import com.dderp.common.api.NoSqlKeysService; import com.dderp.common.api.StoreService; import com.dderp.common.datas.ERPHeader; import com.dderp.common.datas.HttpCode; import com.dderp.common.datas.RedisKeys; import com.dderp.common.entity.site.ERPTokenUser; import com.dderp.common.entity.store.StoreInfo; import com.dderp.common.tool.ERPUtils; import com.dySweetFishPlugin.redis.RedisService; import com.dySweetFishPlugin.sql.RMapUtils; import com.sweetfish.convert.json.JsonConvert; import com.sweetfish.net.http.*; import com.sweetfish.util.AnyValue; import com.sweetfish.util.AutoLoad; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import javax.annotation.Resource; import java.io.File; import java.io.IOException; import static com.sweetfish.net.Server.RESNAME_SERVER_ROOT; @AutoLoad(false) @HttpUserType(ERPTokenUser.class) public class ERPStoreAppHttpServlet extends HttpServlet { protected final Logger logger = LogManager.getLogger(this.getClass().getSimpleName()); @Resource protected NoSqlKeysService keysService; @Resource protected RedisService redisService; @Resource protected StoreService storeService; @Resource(name = RESNAME_SERVER_ROOT) File webRoot; @Resource(name = "property.deliver.Store.commonkey") private String ssoStoreTokenCommonKey; @Resource JsonConvert jsonConvert; @Override public void init(HttpContext context, AnyValue config) { super.init(context, config); } /** * 获取当前用户 * * @param request http请求 * @return 当前用户信息 */ public ERPTokenUser currentUser(HttpRequest request) { //先判断请求中是否有 ERPTokenUser user = request.currentUser(); if (user != null) { return user; } //没有则判断token String token = ERPUtils.parseHttpToken(request); return ERPUtils.parseERPUserFromToken(token, ssoStoreTokenCommonKey, jsonConvert); } @Override protected void preExecute(HttpRequest request, HttpResponse response) throws IOException { //注册一个监听器 response.recycleListener((req, resp) -> { //记录超过5秒的请求 long e = System.currentTimeMillis() - req.getCreatetime(); if (e > 50000) { logger.info("http-execute-cost-time: " + e + " ms. request = " + req); } }); //设置当前用户 ERPTokenUser userInfo = currentUser(request); request.setCurrentUser(userInfo); response.nextEvent(); } @Override protected void authenticate(HttpRequest request, HttpResponse response) throws IOException { ERPTokenUser info = request.currentUser(); long supplierCode = request.getLongHeader(ERPHeader.HTTPHEADER_SUPPLIER, 0); if (info == null) { //判断是否登录 if ("/xdoc/index".equalsIgnoreCase(request.getRequestURI())) { File api = new File(webRoot, "apilogin.html"); response.finishFile(api, null); } else { response.finishJson(RMapUtils.error(HttpCode.UNAUTHORIZED.value(), "未登录")); } return; } else { //判断门店是否作废 StoreInfo storeInfo = storeService.getStoreInfo(info.getIdBindOrg(), supplierCode, false, false, false); if (storeInfo == null) { response.finishJson(RMapUtils.error(HttpCode.UNAUTHORIZED.value(), "未登录")); return; } if (storeInfo.getVoidFlag() == 1) { response.finishJson(RMapUtils.error(HttpCode.UNAUTHORIZED.value(), "未登录")); return; } } //验证通过调用执行方法 response.nextEvent(); } @Override public boolean checkRequestCount(HttpRequest request, HttpResponse response, int limitCount, long limitTime) { String ip = request.getRemoteAddr(); String url = request.getRequestURI(); String key = keysService.getRedisKey(RedisKeys.KEY_REQUESTLIMIT, 0L, true).concat(url).concat(ip); long count = redisService.incrby(key, 1); if (count == 1) { redisService.pexpire(key, limitTime); } if (count > limitCount) { logger.info("用户IP[" + ip + "]访问地址[" + url + "]超过了限定的次数[" + limitCount + "]"); response.finishJson(RMapUtils.error(HttpCode.MULTI_STATUS.value(), "请求超过了限定的次数")); return false; } return true; } @Override public void responseMethodReturn(HttpRequest request, HttpResponse response, String requestMethod, String actMethod) { response.finishJson(RMapUtils.error(HttpCode.BAD_REQUEST.value(), request.getRequestURI() + "Method(" + requestMethod + ") Error (" + actMethod + ")")); } }