From 13fb43f8d3b0a21d0f8fc62cbdbdb258dbabe195 Mon Sep 17 00:00:00 2001 From: Sola Date: Tue, 15 Dec 2015 15:10:42 +0800 Subject: [PATCH] add bypass parameter to login --- .../love/sola/netsupport/api/Response.java | 1 + .../sola/netsupport/api/admin/GetUser.java | 17 +++- .../love/sola/netsupport/api/admin/Login.java | 89 +++++++++++++++++++ .../netsupport/api/admin/TicketUpdate.java | 2 +- .../love/sola/netsupport/util/Crypto.java | 2 +- .../sola/netsupport/wechat/WechatSession.java | 6 ++ 6 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 src/main/java/love/sola/netsupport/api/admin/Login.java diff --git a/src/main/java/love/sola/netsupport/api/Response.java b/src/main/java/love/sola/netsupport/api/Response.java index a2154fa..7210f70 100644 --- a/src/main/java/love/sola/netsupport/api/Response.java +++ b/src/main/java/love/sola/netsupport/api/Response.java @@ -44,6 +44,7 @@ public class Response { REQUEST_EXPIRED(-21), WRONG_PASSWORD(-22), INCORRECT_WECHAT(-23), + PERMISSION_DENIED(-24), INTERNAL_ERROR(-90), DATABASE_ERROR(-91), ; diff --git a/src/main/java/love/sola/netsupport/api/admin/GetUser.java b/src/main/java/love/sola/netsupport/api/admin/GetUser.java index 2cf0076..1483dec 100644 --- a/src/main/java/love/sola/netsupport/api/admin/GetUser.java +++ b/src/main/java/love/sola/netsupport/api/admin/GetUser.java @@ -2,10 +2,16 @@ package love.sola.netsupport.api.admin; import com.google.gson.Gson; import love.sola.netsupport.api.Response; +import love.sola.netsupport.enums.Access; +import love.sola.netsupport.enums.Attribute; +import love.sola.netsupport.pojo.Operator; import love.sola.netsupport.pojo.User; import love.sola.netsupport.sql.SQLCore; import love.sola.netsupport.sql.TableUser; +import love.sola.netsupport.util.Checker; import love.sola.netsupport.util.ParseUtil; +import love.sola.netsupport.wechat.Command; +import me.chanjar.weixin.common.session.WxSession; import javax.servlet.ServletConfig; import javax.servlet.ServletException; @@ -22,7 +28,7 @@ import java.io.PrintWriter; * Don't modify this source without my agreement * *********************************************** */ -@WebServlet(name = "GetUser",urlPatterns = "/api/getuser",loadOnStartup = 1) +@WebServlet(name = "GetUser",urlPatterns = "/api/admin/getuser",loadOnStartup = 42) public class GetUser extends HttpServlet { private Gson gson = SQLCore.gson; @@ -48,6 +54,15 @@ public class GetUser extends HttpServlet { } private Response query(HttpServletRequest request) { + WxSession session = Checker.isAuthorized(request, Command.LOGIN); + if (session == null) { + return new Response(Response.ResponseCode.UNAUTHORIZED); + } + Operator op = (Operator) session.getAttribute(Attribute.OPERATOR); + if (op.getAccess() != Access.ROOT) { + return new Response(Response.ResponseCode.PERMISSION_DENIED); + } + String id = request.getParameter("id"); String name = request.getParameter("name"); if ((id == null || id.isEmpty()) && (name == null || name.isEmpty())) { diff --git a/src/main/java/love/sola/netsupport/api/admin/Login.java b/src/main/java/love/sola/netsupport/api/admin/Login.java new file mode 100644 index 0000000..d9ac941 --- /dev/null +++ b/src/main/java/love/sola/netsupport/api/admin/Login.java @@ -0,0 +1,89 @@ +package love.sola.netsupport.api.admin; + +import com.google.gson.Gson; +import love.sola.netsupport.api.Response; +import love.sola.netsupport.enums.Access; +import love.sola.netsupport.enums.Attribute; +import love.sola.netsupport.pojo.Operator; +import love.sola.netsupport.pojo.User; +import love.sola.netsupport.sql.SQLCore; +import love.sola.netsupport.sql.TableOperator; +import love.sola.netsupport.sql.TableUser; +import love.sola.netsupport.util.Crypto; +import love.sola.netsupport.util.ParseUtil; +import love.sola.netsupport.util.RSAUtil; +import love.sola.netsupport.wechat.Command; +import love.sola.netsupport.wechat.WechatSession; +import me.chanjar.weixin.common.session.WxSession; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; + +/** + * *********************************************** + * Created by Sola on 2015/12/12. + * Don't modify this source without my agreement + * *********************************************** + */ + +@WebServlet(name = "Login", urlPatterns = "/api/admin/login", loadOnStartup = 31) +public class Login extends HttpServlet { + + private Gson gson = SQLCore.gson; + + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doGet(request, response); + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + request.setCharacterEncoding("utf-8"); + response.setCharacterEncoding("utf-8"); + response.addHeader("Content-type", "text/json;charset=utf-8"); + PrintWriter out = response.getWriter(); + String json = gson.toJson(login(request)); + out.println(ParseUtil.parseJsonP(request, json)); + out.close(); + } + + private Response login(HttpServletRequest request) { + try { + int oid = Integer.parseInt(request.getParameter("id")); + String password = request.getParameter("pass"); + boolean bypass = request.getParameter("bypass") != null; + Operator op = TableOperator.get(oid); + if (op == null) + return new Response(Response.ResponseCode.OPERATOR_NOT_FOUND); + else if (op.getAccess() == Access.NOLOGIN) + return new Response(Response.ResponseCode.PERMISSION_DENIED); + + if (!Crypto.check(bypass ? password : RSAUtil.decrypt(password), op.getPassword())) { + return new Response(Response.ResponseCode.WRONG_PASSWORD); + } + + String sid = WechatSession.genId(); + WxSession session = WechatSession.get(sid, true); + if (bypass) { + session.setAttribute(Attribute.AUTHORIZED, Command.fromId(Integer.parseInt(request.getParameter("bypass")))); + } else { + session.setAttribute(Attribute.AUTHORIZED, Command.LOGIN); + } + + session.setAttribute(Attribute.WECHAT, op.getWechat()); + session.setAttribute(Attribute.OPERATOR, op); + + if (request.getParameter("bypassuser") != null) { + User u = TableUser.getById(Long.parseLong(request.getParameter("bypassuser"))); + session.setAttribute(Attribute.USER, u); + } + + return new Response(Response.ResponseCode.OK, sid); + } catch (Exception e) { + return new Response(Response.ResponseCode.REQUEST_FAILED, e); + } + } +} \ No newline at end of file diff --git a/src/main/java/love/sola/netsupport/api/admin/TicketUpdate.java b/src/main/java/love/sola/netsupport/api/admin/TicketUpdate.java index bc5c8f7..a69ed42 100644 --- a/src/main/java/love/sola/netsupport/api/admin/TicketUpdate.java +++ b/src/main/java/love/sola/netsupport/api/admin/TicketUpdate.java @@ -27,7 +27,7 @@ import java.io.PrintWriter; * Don't modify this source without my agreement * *********************************************** */ -@WebServlet(name = "TicketUpdate", urlPatterns = "/api/ticketupdate", loadOnStartup = 32) +@WebServlet(name = "TicketUpdate", urlPatterns = "/api/admin/ticketupdate", loadOnStartup = 32) public class TicketUpdate extends HttpServlet { private Gson gson = SQLCore.gson; diff --git a/src/main/java/love/sola/netsupport/util/Crypto.java b/src/main/java/love/sola/netsupport/util/Crypto.java index 6a5fc13..636de95 100644 --- a/src/main/java/love/sola/netsupport/util/Crypto.java +++ b/src/main/java/love/sola/netsupport/util/Crypto.java @@ -15,7 +15,7 @@ public class Crypto { } public static boolean check(String plain, String hash) { - return BCrypt.checkpw(RSAUtil.decrypt(plain), hash); + return BCrypt.checkpw(plain, hash); } } diff --git a/src/main/java/love/sola/netsupport/wechat/WechatSession.java b/src/main/java/love/sola/netsupport/wechat/WechatSession.java index f5aa3c8..7effa4d 100644 --- a/src/main/java/love/sola/netsupport/wechat/WechatSession.java +++ b/src/main/java/love/sola/netsupport/wechat/WechatSession.java @@ -1,6 +1,7 @@ package love.sola.netsupport.wechat; import love.sola.netsupport.config.Settings; +import me.chanjar.weixin.common.session.InternalSession; import me.chanjar.weixin.common.session.StandardSessionManager; import me.chanjar.weixin.common.session.WxSession; @@ -32,4 +33,9 @@ public class WechatSession { public static String genId() { return UUID.randomUUID().toString(); } + + public static InternalSession[] list() { + return manager.findSessions(); + } + }