diff --git a/src/main/java/love/sola/netsupport/api/Authorize.java b/src/main/java/love/sola/netsupport/api/Authorize.java index 217eb7b..e4ebf66 100644 --- a/src/main/java/love/sola/netsupport/api/Authorize.java +++ b/src/main/java/love/sola/netsupport/api/Authorize.java @@ -5,6 +5,7 @@ import love.sola.netsupport.config.Settings; import love.sola.netsupport.pojo.User; import love.sola.netsupport.sql.SQLCore; import love.sola.netsupport.sql.TableUser; +import love.sola.netsupport.util.Checker; import love.sola.netsupport.util.ParseUtil; import love.sola.netsupport.wechat.Command; @@ -13,6 +14,7 @@ import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import java.io.IOException; import java.io.PrintWriter; import java.util.Map; @@ -60,14 +62,16 @@ public class Authorize extends HttpServlet { l = System.currentTimeMillis(); } - if (l == null || c == null) { + if (!Checker.nonNull(c, l)) { return new Response(Response.ResponseCode.AUTHORIZE_FAILED); } if (l < System.currentTimeMillis() - Settings.I.User_Command_Timeout * 1000) { return new Response(Response.ResponseCode.REQUEST_EXPIRED); } - request.getSession(true).setAttribute("authorized", c); - request.getSession(true).setAttribute("wechat", wechat); + + HttpSession httpSession = request.getSession(true); + httpSession.setAttribute("authorized", c); + httpSession.setAttribute("wechat", wechat); switch (c) { case REGISTER: break; @@ -75,7 +79,7 @@ public class Authorize extends HttpServlet { case SUBMIT: User u = TableUser.getUserByWechat(wechat); if (u == null) return new Response(Response.ResponseCode.AUTHORIZE_FAILED); - request.getSession(true).setAttribute("user", u); + httpSession.setAttribute("user", u); break; default: return new Response(Response.ResponseCode.AUTHORIZE_FAILED); diff --git a/src/main/java/love/sola/netsupport/api/Register.java b/src/main/java/love/sola/netsupport/api/Register.java index 0fb7755..0339972 100644 --- a/src/main/java/love/sola/netsupport/api/Register.java +++ b/src/main/java/love/sola/netsupport/api/Register.java @@ -3,13 +3,16 @@ package love.sola.netsupport.api; import love.sola.netsupport.enums.ISP; import love.sola.netsupport.pojo.User; import love.sola.netsupport.sql.TableUser; +import love.sola.netsupport.util.Checker; import love.sola.netsupport.util.Redirect; +import love.sola.netsupport.wechat.Command; import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; import java.io.IOException; /** @@ -30,7 +33,12 @@ public class Register extends HttpServlet { response.setCharacterEncoding("utf-8"); response.addHeader("Content-type", "text/plain;charset=utf-8"); - String wechat = checkWechat(request); + HttpSession httpSession = request.getSession(false); + if (Checker.authorized(httpSession, Command.REGISTER)) { + Redirect.message(response, 0, "Authorize_Failed"); + return; + } + String wechat = (String) httpSession.getAttribute("wechat"); if (wechat == null) { Redirect.message(response, 0, "Illegal_Request"); return; @@ -144,9 +152,4 @@ public class Register extends HttpServlet { return -1; } - private String checkWechat(HttpServletRequest request) { - if (request.getSession(false) == null) return null; - return (String) request.getSession(false).getAttribute("wechat"); - } - } diff --git a/src/main/java/love/sola/netsupport/api/Response.java b/src/main/java/love/sola/netsupport/api/Response.java index c9f8bd2..a415452 100644 --- a/src/main/java/love/sola/netsupport/api/Response.java +++ b/src/main/java/love/sola/netsupport/api/Response.java @@ -38,8 +38,11 @@ public class Response { AUTHORIZE_FAILED(-9), USER_NOT_FOUND(-11), TICKET_NOT_FOUND(-12), + OPERATOR_NOT_FOUND(-13), UNAUTHORIZED(-20), REQUEST_EXPIRED(-21), + WRONG_PASSWORD(-22), + INCORRECT_WECHAT(-23), INTERNAL_ERROR(-90), DATABASE_ERROR(-91), ; diff --git a/src/main/java/love/sola/netsupport/api/TicketQuery.java b/src/main/java/love/sola/netsupport/api/TicketQuery.java index be376d8..b023351 100644 --- a/src/main/java/love/sola/netsupport/api/TicketQuery.java +++ b/src/main/java/love/sola/netsupport/api/TicketQuery.java @@ -4,6 +4,7 @@ import com.google.gson.Gson; import love.sola.netsupport.pojo.Ticket; import love.sola.netsupport.pojo.User; import love.sola.netsupport.sql.SQLCore; +import love.sola.netsupport.util.Checker; import love.sola.netsupport.util.ParseUtil; import love.sola.netsupport.wechat.Command; import org.hibernate.Criteria; @@ -27,7 +28,7 @@ import java.io.PrintWriter; * Don't modify this source without my agreement * *********************************************** */ -@WebServlet(name = "QueryTicket", urlPatterns = "/api/ticketquery", loadOnStartup = 23) +@WebServlet(name = "QueryTicket", urlPatterns = "/api/ticketquery", loadOnStartup = 24) public class TicketQuery extends HttpServlet { private Gson gson = SQLCore.gson; @@ -51,7 +52,7 @@ public class TicketQuery extends HttpServlet { try (Session s = SQLCore.sf.openSession()) { HttpSession httpSession = request.getSession(false); - if (httpSession == null || httpSession.getAttribute("authorized") != Command.QUERY) { + if (Checker.authorized(httpSession, Command.QUERY)) { return new Response(Response.ResponseCode.UNAUTHORIZED); } User u = (User) httpSession.getAttribute("user"); diff --git a/src/main/java/love/sola/netsupport/api/TicketSubmit.java b/src/main/java/love/sola/netsupport/api/TicketSubmit.java index e22de9d..4983d9a 100644 --- a/src/main/java/love/sola/netsupport/api/TicketSubmit.java +++ b/src/main/java/love/sola/netsupport/api/TicketSubmit.java @@ -4,6 +4,7 @@ import com.google.gson.Gson; import love.sola.netsupport.pojo.Ticket; import love.sola.netsupport.pojo.User; import love.sola.netsupport.sql.SQLCore; +import love.sola.netsupport.util.Checker; import love.sola.netsupport.util.ParseUtil; import love.sola.netsupport.wechat.Command; import org.hibernate.HibernateException; @@ -54,7 +55,7 @@ public class TicketSubmit extends HttpServlet { try (Session s = SQLCore.sf.openSession()) { HttpSession httpSession = request.getSession(false); - if (httpSession == null || httpSession.getAttribute("authorized") != Command.SUBMIT) { + if (Checker.authorized(httpSession, Command.SUBMIT)) { return new Response(Response.ResponseCode.UNAUTHORIZED); } User u = (User) httpSession.getAttribute("user"); diff --git a/src/main/java/love/sola/netsupport/api/admin/Login.java b/src/main/java/love/sola/netsupport/api/admin/Login.java new file mode 100644 index 0000000..50161c1 --- /dev/null +++ b/src/main/java/love/sola/netsupport/api/admin/Login.java @@ -0,0 +1,75 @@ +package love.sola.netsupport.api.admin; + +import com.google.gson.Gson; +import love.sola.netsupport.api.Response; +import love.sola.netsupport.pojo.Operator; +import love.sola.netsupport.sql.SQLCore; +import love.sola.netsupport.util.Checker; +import love.sola.netsupport.util.Crypto; +import love.sola.netsupport.util.ParseUtil; +import org.hibernate.HibernateException; +import org.hibernate.Session; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.PrintWriter; + +/** + * *********************************************** + * Created by Sola on 2015/12/12. + * Don't modify this source without my agreement + * *********************************************** + */ +@WebServlet(name = "Login", urlPatterns = "/api/login", loadOnStartup = 31) +public class Login extends HttpServlet { + + private Gson gson = SQLCore.gson; + + protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + doGet(request, response); + } + + protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + request.setCharacterEncoding("utf-8"); + response.setCharacterEncoding("utf-8"); + response.addHeader("Content-type", "text/json;charset=utf-8"); + PrintWriter out = response.getWriter(); + String json = gson.toJson(login(request)); + out.println(ParseUtil.parseJsonP(request, json)); + out.close(); + } + + private Response login(HttpServletRequest request) { + String wechat = request.getParameter("wechat"); + String opId = request.getParameter("op"); + String password = request.getParameter("pass"); + if (Checker.nonNull(wechat, opId, password)) return new Response(Response.ResponseCode.PARAMETER_REQUIRED); + + try (Session s = SQLCore.sf.openSession()) { + Operator operator = s.get(Operator.class, Integer.parseInt(opId)); + if (operator == null) return new Response(Response.ResponseCode.OPERATOR_NOT_FOUND); + if (!wechat.equals(operator.getWechat())) + return new Response(Response.ResponseCode.INCORRECT_WECHAT); + if (!Crypto.check(password,operator.getPassword())) + return new Response(Response.ResponseCode.WRONG_PASSWORD); + + HttpSession httpSession = request.getSession(true); + httpSession.setAttribute("wechat", wechat); + httpSession.setAttribute("operator", operator); + return new Response(Response.ResponseCode.OK); + } catch (NumberFormatException e) { + return new Response(Response.ResponseCode.ILLEGAL_PARAMETER); + } catch (HibernateException e) { + e.printStackTrace(); + return new Response(Response.ResponseCode.DATABASE_ERROR, e); + } catch (Exception e) { + e.printStackTrace(); + return new Response(Response.ResponseCode.INTERNAL_ERROR, e); + } + } +} diff --git a/src/main/java/love/sola/netsupport/util/AESUtil.java b/src/main/java/love/sola/netsupport/util/AESUtil.java new file mode 100644 index 0000000..856e217 --- /dev/null +++ b/src/main/java/love/sola/netsupport/util/AESUtil.java @@ -0,0 +1,51 @@ +package love.sola.netsupport.util; + +import org.apache.commons.codec.binary.Base64; + +import javax.crypto.Cipher; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.nio.charset.StandardCharsets; + +public class AESUtil { + + public static final byte[] initVector = "RandomInitVector".getBytes(StandardCharsets.UTF_8); + public static final byte[] key = "$bitch@sola.love".getBytes(StandardCharsets.UTF_8); + + public static String encrypt(String value) { + try { + IvParameterSpec iv = new IvParameterSpec(initVector); + SecretKeySpec skeySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); + + byte[] encrypted = cipher.doFinal(value.getBytes()); + + return Base64.encodeBase64String(encrypted); + } catch (Exception ex) { + ex.printStackTrace(); + } + + return null; + } + + public static String decrypt(String encrypted) { + try { + IvParameterSpec iv = new IvParameterSpec(initVector); + SecretKeySpec skeySpec = new SecretKeySpec(key, "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); + cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv); + + byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted)); + + return new String(original); + } catch (Exception ex) { + ex.printStackTrace(); + } + + return null; + } + +} \ No newline at end of file diff --git a/src/main/java/love/sola/netsupport/util/Checker.java b/src/main/java/love/sola/netsupport/util/Checker.java new file mode 100644 index 0000000..1f6b4ad --- /dev/null +++ b/src/main/java/love/sola/netsupport/util/Checker.java @@ -0,0 +1,24 @@ +package love.sola.netsupport.util; + +import love.sola.netsupport.wechat.Command; + +import javax.servlet.http.HttpSession; + +/** + * *********************************************** + * Created by Sola on 2015/12/12. + * Don't modify this source without my agreement + * *********************************************** + */ +public class Checker { + + public static boolean nonNull(Object... v) { + for (Object o : v) if (o == null) return false; + return true; + } + + public static boolean authorized(HttpSession s, Command c) { + return s != null && s.getAttribute("authorized") == c; + } + +} diff --git a/src/main/java/love/sola/netsupport/util/Crypt.java b/src/main/java/love/sola/netsupport/util/Crypto.java similarity index 84% rename from src/main/java/love/sola/netsupport/util/Crypt.java rename to src/main/java/love/sola/netsupport/util/Crypto.java index 759fddc..024e8c4 100644 --- a/src/main/java/love/sola/netsupport/util/Crypt.java +++ b/src/main/java/love/sola/netsupport/util/Crypto.java @@ -8,14 +8,14 @@ import org.mindrot.jbcrypt.BCrypt; * Don't modify this source without my agreement * *********************************************** */ -public class Crypt { +public class Crypto { public static String hash(String pw) { return BCrypt.hashpw(pw, BCrypt.gensalt()); } public static boolean check(String plain, String hash) { - return BCrypt.checkpw(plain, hash); + return BCrypt.checkpw(AESUtil.decrypt(plain), hash); } } diff --git a/src/test/java/love/sola/netsupport/wechat/TestEncrypt.java b/src/test/java/love/sola/netsupport/wechat/TestEncrypt.java index 992a594..e2682b0 100644 --- a/src/test/java/love/sola/netsupport/wechat/TestEncrypt.java +++ b/src/test/java/love/sola/netsupport/wechat/TestEncrypt.java @@ -1,5 +1,6 @@ package love.sola.netsupport.wechat; +import love.sola.netsupport.util.AESUtil; import org.junit.Test; import org.mindrot.jbcrypt.BCrypt; @@ -12,9 +13,15 @@ import org.mindrot.jbcrypt.BCrypt; public class TestEncrypt { @Test - public void test() { + public void testBCrypt() { String hash = BCrypt.hashpw("mypasswordhere", BCrypt.gensalt()); assert BCrypt.checkpw("mypasswordhere", hash); } + @Test + public void testAES() { + assert "Hello World".equals(AESUtil.decrypt(AESUtil.encrypt("Hello World"))); + assert "Encrypt".equals(AESUtil.decrypt(AESUtil.encrypt("Encrypt"))); + } + }