mirror of
https://github.com/ZSCNetSupportDept/WechatTicketSystem.git
synced 2025-11-01 02:46:19 +08:00
token session
This commit is contained in:
Sola
@@ -1,90 +0,0 @@
|
||||
package love.sola.netsupport.api;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import love.sola.netsupport.config.Settings;
|
||||
import love.sola.netsupport.pojo.User;
|
||||
import love.sola.netsupport.sql.SQLCore;
|
||||
import love.sola.netsupport.sql.TableUser;
|
||||
import love.sola.netsupport.util.Checker;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import love.sola.netsupport.wechat.Command;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
/**
|
||||
* ***********************************************
|
||||
* Created by Sola on 2015/12/2.
|
||||
* Don't modify this source without my agreement
|
||||
* ***********************************************
|
||||
*/
|
||||
@WebServlet(name = "Authorize", urlPatterns = "/api/authorize", loadOnStartup = 21)
|
||||
public class Authorize extends HttpServlet {
|
||||
|
||||
private Gson gson = SQLCore.gson;
|
||||
|
||||
public static Map<String, Long> fetchedTime = new ConcurrentHashMap<>();
|
||||
public static Map<String, Command> fetchedCommand = new ConcurrentHashMap<>();
|
||||
|
||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
doGet(request, response);
|
||||
}
|
||||
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
request.setCharacterEncoding("utf-8");
|
||||
response.setCharacterEncoding("utf-8");
|
||||
response.addHeader("Content-type", "text/json;charset=utf-8");
|
||||
PrintWriter out = response.getWriter();
|
||||
String json = gson.toJson(authorize(request));
|
||||
out.println(ParseUtil.parseJsonP(request, json));
|
||||
out.close();
|
||||
}
|
||||
|
||||
private Response authorize(HttpServletRequest request) {
|
||||
String wechat = request.getParameter("wechat");
|
||||
if (wechat == null) {
|
||||
return new Response(Response.ResponseCode.PARAMETER_REQUIRED);
|
||||
}
|
||||
Long l = fetchedTime.remove(wechat);
|
||||
Command c = fetchedCommand.remove(wechat);
|
||||
|
||||
// FIXME: 2015/12/10 FOR TEST ONLY
|
||||
if (request.getParameter("bypass") != null) {
|
||||
c = Command.fromId(Integer.parseInt(request.getParameter("bypass")));
|
||||
l = System.currentTimeMillis();
|
||||
}
|
||||
|
||||
if (Checker.hasNull(c, l)) {
|
||||
return new Response(Response.ResponseCode.AUTHORIZE_FAILED);
|
||||
}
|
||||
if (l < System.currentTimeMillis() - Settings.I.User_Command_Timeout * 1000) {
|
||||
return new Response(Response.ResponseCode.REQUEST_EXPIRED);
|
||||
}
|
||||
|
||||
HttpSession httpSession = request.getSession(true);
|
||||
httpSession.setAttribute("authorized", c);
|
||||
httpSession.setAttribute("wechat", wechat);
|
||||
switch (c) {
|
||||
case REGISTER:
|
||||
break;
|
||||
case QUERY:
|
||||
case SUBMIT:
|
||||
User u = TableUser.getByWechat(wechat);
|
||||
if (u == null) return new Response(Response.ResponseCode.AUTHORIZE_FAILED);
|
||||
httpSession.setAttribute("user", u);
|
||||
break;
|
||||
default:
|
||||
return new Response(Response.ResponseCode.AUTHORIZE_FAILED);
|
||||
}
|
||||
return new Response(Response.ResponseCode.OK);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -8,6 +8,7 @@ import love.sola.netsupport.sql.TableUser;
|
||||
import love.sola.netsupport.util.Checker;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import love.sola.netsupport.wechat.Command;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
import org.hibernate.exception.ConstraintViolationException;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
@@ -15,7 +16,6 @@ import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
@@ -38,19 +38,15 @@ public class Register extends HttpServlet {
|
||||
response.setCharacterEncoding("utf-8");
|
||||
response.addHeader("Content-type", "text/json;charset=utf-8");
|
||||
PrintWriter out = response.getWriter();
|
||||
String json;
|
||||
HttpSession httpSession = request.getSession(false);
|
||||
if (!Checker.authorized(httpSession, Command.REGISTER)) {
|
||||
json = gson.toJson(new Response(Response.ResponseCode.AUTHORIZE_FAILED));
|
||||
out.println(ParseUtil.parseJsonP(request, json));
|
||||
out.close();
|
||||
|
||||
WxSession session = Checker.isAuthorized(request, Command.REGISTER);
|
||||
if (session == null) {
|
||||
printAuthorizeFailed(request, out);
|
||||
return;
|
||||
}
|
||||
String wechat = (String) httpSession.getAttribute("wechat");
|
||||
String wechat = (String) session.getAttribute("wechat");
|
||||
if (wechat == null) {
|
||||
json = gson.toJson(new Response(Response.ResponseCode.AUTHORIZE_FAILED));
|
||||
out.println(ParseUtil.parseJsonP(request, json));
|
||||
out.close();
|
||||
printAuthorizeFailed(request, out);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -69,11 +65,9 @@ public class Register extends HttpServlet {
|
||||
boolean isSuccess = result.equals("Register_Success");
|
||||
if (isSuccess) {
|
||||
request.getSession().invalidate();
|
||||
json = gson.toJson(new Response(Response.ResponseCode.OK, result));
|
||||
out.println(ParseUtil.parseJsonP(request, json));
|
||||
out.println(ParseUtil.parseJsonP(request, gson.toJson(new Response(Response.ResponseCode.OK, result))));
|
||||
} else {
|
||||
json = gson.toJson(new Response(Response.ResponseCode.REQUEST_FAILED, result));
|
||||
out.println(ParseUtil.parseJsonP(request, json));
|
||||
out.println(ParseUtil.parseJsonP(request, gson.toJson(new Response(Response.ResponseCode.REQUEST_FAILED, result))));
|
||||
}
|
||||
out.close();
|
||||
}
|
||||
@@ -171,4 +165,10 @@ public class Register extends HttpServlet {
|
||||
return -1;
|
||||
}
|
||||
|
||||
private void printAuthorizeFailed(HttpServletRequest request, PrintWriter out) {
|
||||
out.println(ParseUtil.parseJsonP(request, gson.toJson(new Response(Response.ResponseCode.AUTHORIZE_FAILED))));
|
||||
out.close();
|
||||
return;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import love.sola.netsupport.sql.SQLCore;
|
||||
import love.sola.netsupport.util.Checker;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import love.sola.netsupport.wechat.Command;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
import org.hibernate.Criteria;
|
||||
import org.hibernate.HibernateException;
|
||||
import org.hibernate.Session;
|
||||
@@ -18,7 +19,6 @@ import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
@@ -51,11 +51,11 @@ public class TicketQuery extends HttpServlet {
|
||||
private Response query(HttpServletRequest request) {
|
||||
try (Session s = SQLCore.sf.openSession()) {
|
||||
|
||||
HttpSession httpSession = request.getSession(false);
|
||||
if (!Checker.authorized(httpSession, Command.QUERY)) {
|
||||
WxSession session = Checker.isAuthorized(request, Command.QUERY);
|
||||
if (session == null) {
|
||||
return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
}
|
||||
User u = (User) httpSession.getAttribute("user");
|
||||
User u = (User) session.getAttribute("user");
|
||||
if (u == null) return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
|
||||
Criteria c = s.createCriteria(Ticket.class);
|
||||
|
||||
@@ -8,6 +8,7 @@ import love.sola.netsupport.sql.TableTicket;
|
||||
import love.sola.netsupport.util.Checker;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import love.sola.netsupport.wechat.Command;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
import org.hibernate.HibernateException;
|
||||
import org.hibernate.Session;
|
||||
|
||||
@@ -16,7 +17,6 @@ import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
@@ -53,11 +53,11 @@ public class TicketSubmit extends HttpServlet {
|
||||
|
||||
try (Session s = SQLCore.sf.openSession()) {
|
||||
|
||||
HttpSession httpSession = request.getSession(false);
|
||||
if (!Checker.authorized(httpSession, Command.SUBMIT)) {
|
||||
WxSession session = Checker.isAuthorized(request, Command.SUBMIT);
|
||||
if (session == null) {
|
||||
return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
}
|
||||
User u = (User) httpSession.getAttribute("user");
|
||||
User u = (User) session.getAttribute("user");
|
||||
if (u == null) return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
|
||||
if (TableTicket.hasOpen(u)) {
|
||||
|
||||
@@ -2,21 +2,19 @@ package love.sola.netsupport.api.admin;
|
||||
|
||||
import com.google.gson.Gson;
|
||||
import love.sola.netsupport.api.Response;
|
||||
import love.sola.netsupport.enums.Access;
|
||||
import love.sola.netsupport.enums.Attribute;
|
||||
import love.sola.netsupport.pojo.Operator;
|
||||
import love.sola.netsupport.sql.SQLCore;
|
||||
import love.sola.netsupport.util.Checker;
|
||||
import love.sola.netsupport.util.Crypto;
|
||||
import love.sola.netsupport.util.ParseUtil;
|
||||
import org.hibernate.HibernateException;
|
||||
import org.hibernate.Session;
|
||||
import me.chanjar.weixin.common.session.WxSession;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
@@ -46,32 +44,18 @@ public class Login extends HttpServlet {
|
||||
}
|
||||
|
||||
private Response login(HttpServletRequest request) {
|
||||
String wechat = request.getParameter("wechat");
|
||||
String opId = request.getParameter("op");
|
||||
String password = request.getParameter("pass");
|
||||
if (Checker.hasNull(wechat, opId, password)) return new Response(Response.ResponseCode.PARAMETER_REQUIRED);
|
||||
if (Checker.hasNull(password)) return new Response(Response.ResponseCode.PARAMETER_REQUIRED);
|
||||
|
||||
try (Session s = SQLCore.sf.openSession()) {
|
||||
Operator operator = s.get(Operator.class, Integer.parseInt(opId));
|
||||
if (operator == null || operator.getAccess() == Access.NOLOGIN)
|
||||
return new Response(Response.ResponseCode.OPERATOR_NOT_FOUND);
|
||||
if (!wechat.equals(operator.getWechat()))
|
||||
return new Response(Response.ResponseCode.INCORRECT_WECHAT);
|
||||
if (!Crypto.check(password,operator.getPassword()))
|
||||
return new Response(Response.ResponseCode.WRONG_PASSWORD);
|
||||
|
||||
HttpSession httpSession = request.getSession(true);
|
||||
httpSession.setAttribute("wechat", wechat);
|
||||
httpSession.setAttribute("operator", operator);
|
||||
return new Response(Response.ResponseCode.OK, operator);
|
||||
} catch (NumberFormatException e) {
|
||||
return new Response(Response.ResponseCode.ILLEGAL_PARAMETER);
|
||||
} catch (HibernateException e) {
|
||||
e.printStackTrace();
|
||||
return new Response(Response.ResponseCode.DATABASE_ERROR, e);
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
return new Response(Response.ResponseCode.INTERNAL_ERROR, e);
|
||||
WxSession session = Checker.isOperator(request);
|
||||
if (session == null) {
|
||||
return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
}
|
||||
Operator operator = (Operator) session.getAttribute(Attribute.OPERATOR);
|
||||
|
||||
if (!Crypto.check(password,operator.getPassword()))
|
||||
return new Response(Response.ResponseCode.WRONG_PASSWORD);
|
||||
else
|
||||
return new Response(Response.ResponseCode.OK, operator);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -53,7 +53,7 @@ public class TicketUpdate extends HttpServlet {
|
||||
|
||||
try (Session s = SQLCore.sf.openSession()) {
|
||||
HttpSession httpSession = request.getSession(false);
|
||||
if (!Checker.operator(httpSession)) {
|
||||
if (!Checker.isOperator(httpSession)) {
|
||||
return new Response(Response.ResponseCode.UNAUTHORIZED);
|
||||
}
|
||||
Operator op = (Operator) httpSession.getAttribute("operator");
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
package love.sola.netsupport.api.test;
|
||||
|
||||
import javax.servlet.ServletConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.util.Arrays;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* ***********************************************
|
||||
* Created by Sola on 2014/8/20.
|
||||
* Don't modify this source without my agreement
|
||||
* ***********************************************
|
||||
*/
|
||||
@WebServlet(name = "TestPost",urlPatterns = "/api/testpost",loadOnStartup = 10)
|
||||
public class TestPost extends HttpServlet {
|
||||
|
||||
@Override
|
||||
public void init(ServletConfig config) throws ServletException {
|
||||
super.init(config);
|
||||
}
|
||||
|
||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
doGet(request, response);
|
||||
}
|
||||
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
request.setCharacterEncoding("utf-8");
|
||||
response.setCharacterEncoding("utf-8");
|
||||
response.addHeader("Content-type", "text/plain;charset=utf-8");
|
||||
PrintWriter out = response.getWriter();
|
||||
out.println("Parameters:");
|
||||
for (Map.Entry<String, String[]> entry : request.getParameterMap().entrySet()) {
|
||||
out.println(entry.getKey() + ": " + Arrays.toString(entry.getValue()));
|
||||
}
|
||||
Integer i = (Integer) request.getSession().getAttribute("ReqCount");
|
||||
i = i == null ? 0 : i;
|
||||
request.getSession().setAttribute("ReqCount", i + 1);
|
||||
out.println("ReqCount = " + i);
|
||||
out.close();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,45 +0,0 @@
|
||||
package love.sola.netsupport.api.test;
|
||||
|
||||
import javax.servlet.ServletConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.annotation.WebServlet;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import javax.servlet.http.HttpSession;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
|
||||
/**
|
||||
* ***********************************************
|
||||
* Created by Sola on 2014/8/20.
|
||||
* Don't modify this source without my agreement
|
||||
* ***********************************************
|
||||
*/
|
||||
@WebServlet(name = "TestSession", urlPatterns = "/api/testsession", loadOnStartup = 11)
|
||||
public class TestSession extends HttpServlet {
|
||||
|
||||
@Override
|
||||
public void init(ServletConfig config) throws ServletException {
|
||||
super.init(config);
|
||||
}
|
||||
|
||||
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
doGet(request, response);
|
||||
}
|
||||
|
||||
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
request.setCharacterEncoding("utf-8");
|
||||
response.setCharacterEncoding("utf-8");
|
||||
response.addHeader("Content-type", "text/plain;charset=utf-8");
|
||||
PrintWriter out = response.getWriter();
|
||||
HttpSession httpSession = request.getSession(false);
|
||||
if (httpSession == null) {
|
||||
out.println(httpSession);
|
||||
} else {
|
||||
out.println(httpSession.getId());
|
||||
}
|
||||
out.close();
|
||||
}
|
||||
|
||||
}
|
||||
Reference in New Issue
Block a user