web_toolset/src/main/java/com/yutou/tools/web/userController.java

package com.yutou.tools.web;

import com.alibaba.fastjson2.JSONArray;
import com.alibaba.fastjson2.JSONObject;
import com.yutou.tools.Tools.GoogleAccount;
import com.yutou.tools.utils.ConfigTools;
import com.yutou.tools.utils.RedisTools;
import com.yutou.tools.utils.Tools;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.FilterInvocation;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Map;
import java.util.UUID;

@Controller
public class userController {

    @RequestMapping("/login/check.do")
    @ResponseBody
    public String getLoginState(HttpServletRequest request) {
        String share=request.getParameter("share");
        JSONObject json = new JSONObject();
        json.put("code", -1);
        json.put("msg", "未登录");
        if (Tools.isAdminLogin()) {
            json.put("code", 0);
            json.put("msg", "登录成功");
            return json.toJSONString();
        }

        String redis=RedisTools.get(share);
        if(redis!=null&&!"-999".equals(redis)){
            json.put("code", -2);
            json.put("msg", "临时账号");
        }else {
            json.put("code", -1);
            json.put("msg", "未登录");
        }
        return json.toJSONString();
    }

    @RequestMapping("/login/sendCaptcha.do")
    @ResponseBody
    public String captcha(HttpServletRequest request) {
        JSONArray array = new JSONArray();
        JSONObject json = new JSONObject();
        if (RedisTools.get("ban") != null) {
            array = JSONArray.parseArray(RedisTools.get("ban"));
        }
        if (array.contains(Tools.getRemoteAddress(request))) {
            System.out.println("IP已被封禁");
            json.put("msg", "IP已被封禁");
            json.put("code", -1);
            return json.toJSONString();
        }
       /* //原验证码方案
       int[] captcha = Tools.randomCommon(0, 9, 6);
        String cc = "";
        for (int value : captcha) {
            cc += value;
        }
        RedisTools.set("login", cc, 5 * 60 * 1000);
        String token = UUID.randomUUID().toString().replace("-", "");
        RedisTools.set(token, Tools.getRemoteAddress(request), 10 * 60 * 1000);
        String url = "https://tools.yutou233.cn/login/ban.do?token=" + token;
        Tools.sendServer("管理后台登录验证码", "本次登录验证码为:" + cc
                + ",登录IP:" + Tools.getRemoteAddress(request)
                + ",非正常登录，封禁IP:" + url);*/
        String secret = (String) ConfigTools.load(ConfigTools.DATA, "secret");
        if (StringUtils.isEmpty(secret)) {
            secret = GoogleAccount.generateSecretKey();
            String uname=GoogleAccount.isDev?"yutou(dev)":"yutou";
            String code = GoogleAccount.getQRBarcode(uname, secret);
            ConfigTools.save(ConfigTools.DATA,"secret_tmp",secret);
            json.put("msg", "绑定连接");
            json.put("code", 1);
            json.put("data", code);
            return json.toJSONString();
        }
        json.put("msg", "ok");
        json.put("code", 0);
        return json.toJSONString();
    }

    @RequestMapping("/login/ban.do")
    public void banIp(HttpServletResponse response, String token, String model) throws IOException {
        String ip = RedisTools.get(token);
        PrintWriter writer = response.getWriter();
        if (ip != null && model != null && model.equals("yes")) {
            JSONArray array = null;
            if (RedisTools.get("ban") != null) {
                array = JSONArray.parseArray(RedisTools.get("bean"));
            }
            if (array == null) {
                array = new JSONArray();
            }
            array.add(ip);
            RedisTools.set("ban", array.toJSONString());
            writer.write("已封禁");
        } else {
            String url = "https://tools.yutou233.cn/login/ban.do?token=" + token + "&model=yes";
            String html = "<div><a href=" + url + ">click my is ban this IP :" + ip + "</a></div>";
            writer.write(html);
        }
        writer.flush();
        writer.close();
    }

    @RequestMapping(value = "/login/login.do", method = RequestMethod.POST)
    @ResponseBody
    public String login(HttpServletRequest request,HttpServletResponse response, String code) {
        JSONObject json = new JSONObject();
        String ip=Tools.getRemoteAddress(request);
        if(RedisTools.get(ip)==null||"-999".equals(ip)){
            RedisTools.set(ip,"1",60);
        }else{
            int i=Integer.parseInt(RedisTools.get(ip));
            if(i!=3){
                i++;
                RedisTools.set(ip,i+"",60);
            }else{
                json.put("code", -2);
                json.put("msg", "请求频繁,请稍后再试");
                return json.toJSONString();
            }
        }
        String secret= (String) ConfigTools.load(ConfigTools.DATA,"secret");
        if(StringUtils.isEmpty(secret)){
            secret= (String) ConfigTools.load(ConfigTools.DATA,"secret_tmp");
            if(StringUtils.isEmpty(secret)){
                json.put("code",-2);
                json.put("msg","未绑定");
                return json.toJSONString();
            }
            if(new GoogleAccount().check_code(secret,Long.parseLong(code),System.currentTimeMillis())){
                json.put("code", 0);
                json.put("msg", "登录成功");
                ConfigTools.save(ConfigTools.DATA,"secret",secret);
                ConfigTools.save(ConfigTools.DATA,"secret_tmp","");
            }else {
                json.put("code", -2);
                json.put("msg", "登录失败");
                return json.toJSONString();
            }
        }else{
            if(new GoogleAccount().check_code(secret,Long.parseLong(code),System.currentTimeMillis())){
                json.put("code", 0);
                json.put("msg", "登录成功");
            }else {
                json.put("code", -2);
                json.put("msg", "登录失败");
                return json.toJSONString();
            }
        }
        String uuid = UUID.randomUUID().toString();
        Tools.setCookie(response, "user", uuid.replace("-", ""), 30 * 24 * 60 * 60);
        RedisTools.set(uuid.replace("-", ""), "ok", 30 * 24 * 60 * 60);
        json.put("code", 0);
        json.put("msg", "登录成功");
        return json.toJSONString();
    }

    @RequestMapping(value = "/login/logout.do", method = RequestMethod.POST)
    @ResponseBody
    public String logout(HttpServletRequest request, HttpServletResponse response) {
        JSONObject json = new JSONObject();
        Cookie cookie = Tools.getCookie(request, "user");
        json.put("code", -1);
        json.put("msg", "退出失败");
        if (cookie != null) {
            if ("ok".equals(RedisTools.get(cookie.getValue()))) {
                RedisTools.set(cookie.getValue(), "ok", 1);
                Tools.deleteCookie(request, response, "user");
                json.put("code", 0);
                json.put("msg", "退出成功");
            }
        }
        return json.toJSONString();

    }
}