operator login interface

src/main/java/love/sola/netsupport/api/Authorize.java

@@ -5,6 +5,7 @@ import love.sola.netsupport.config.Settings;
 import love.sola.netsupport.pojo.User;
 import love.sola.netsupport.sql.SQLCore;
 import love.sola.netsupport.sql.TableUser;
+import love.sola.netsupport.util.Checker;
 import love.sola.netsupport.util.ParseUtil;
 import love.sola.netsupport.wechat.Command;
 
@@ -13,6 +14,7 @@ import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.util.Map;
@@ -60,14 +62,16 @@ public class Authorize extends HttpServlet {
 			l = System.currentTimeMillis();
 		}
 
-		if (l == null || c == null) {
+		if (!Checker.nonNull(c, l)) {
 			return new Response(Response.ResponseCode.AUTHORIZE_FAILED);
 		}
 		if (l < System.currentTimeMillis() - Settings.I.User_Command_Timeout * 1000) {
 			return new Response(Response.ResponseCode.REQUEST_EXPIRED);
 		}
-		request.getSession(true).setAttribute("authorized", c);
+
-		request.getSession(true).setAttribute("wechat", wechat);
+		HttpSession httpSession = request.getSession(true);
+		httpSession.setAttribute("authorized", c);
+		httpSession.setAttribute("wechat", wechat);
 		switch (c) {
 			case REGISTER:
 				break;
@@ -75,7 +79,7 @@ public class Authorize extends HttpServlet {
 			case SUBMIT:
 				User u = TableUser.getUserByWechat(wechat);
 				if (u == null) return new Response(Response.ResponseCode.AUTHORIZE_FAILED);
-				request.getSession(true).setAttribute("user", u);
+				httpSession.setAttribute("user", u);
 				break;
 			default:
 				return new Response(Response.ResponseCode.AUTHORIZE_FAILED);

src/main/java/love/sola/netsupport/api/Register.java

@@ -3,13 +3,16 @@ package love.sola.netsupport.api;
 import love.sola.netsupport.enums.ISP;
 import love.sola.netsupport.pojo.User;
 import love.sola.netsupport.sql.TableUser;
+import love.sola.netsupport.util.Checker;
 import love.sola.netsupport.util.Redirect;
+import love.sola.netsupport.wechat.Command;
 
 import javax.servlet.ServletException;
 import javax.servlet.annotation.WebServlet;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 
 /**
@@ -30,7 +33,12 @@ public class Register extends HttpServlet {
 		response.setCharacterEncoding("utf-8");
 		response.addHeader("Content-type", "text/plain;charset=utf-8");
 
-		String wechat = checkWechat(request);
+		HttpSession httpSession = request.getSession(false);
+		if (Checker.authorized(httpSession, Command.REGISTER)) {
+			Redirect.message(response, 0, "Authorize_Failed");
+			return;
+		}
+		String wechat = (String) httpSession.getAttribute("wechat");
 		if (wechat == null) {
 			Redirect.message(response, 0, "Illegal_Request");
 			return;
@@ -144,9 +152,4 @@ public class Register extends HttpServlet {
 		return -1;
 	}
 
-	private String checkWechat(HttpServletRequest request) {
-		if (request.getSession(false) == null) return null;
-		return (String) request.getSession(false).getAttribute("wechat");
-	}
-
 }

src/main/java/love/sola/netsupport/api/Response.java

@@ -38,8 +38,11 @@ public class Response {
 		AUTHORIZE_FAILED(-9),
 		USER_NOT_FOUND(-11),
 		TICKET_NOT_FOUND(-12),
+		OPERATOR_NOT_FOUND(-13),
 		UNAUTHORIZED(-20),
 		REQUEST_EXPIRED(-21),
+		WRONG_PASSWORD(-22),
+		INCORRECT_WECHAT(-23),
 		INTERNAL_ERROR(-90),
 		DATABASE_ERROR(-91),
 		;

src/main/java/love/sola/netsupport/api/TicketQuery.java

@@ -4,6 +4,7 @@ import com.google.gson.Gson;
 import love.sola.netsupport.pojo.Ticket;
 import love.sola.netsupport.pojo.User;
 import love.sola.netsupport.sql.SQLCore;
+import love.sola.netsupport.util.Checker;
 import love.sola.netsupport.util.ParseUtil;
 import love.sola.netsupport.wechat.Command;
 import org.hibernate.Criteria;
@@ -27,7 +28,7 @@ import java.io.PrintWriter;
  * Don't modify this source without my agreement
  * ***********************************************
  */
-@WebServlet(name = "QueryTicket", urlPatterns = "/api/ticketquery", loadOnStartup = 23)
+@WebServlet(name = "QueryTicket", urlPatterns = "/api/ticketquery", loadOnStartup = 24)
 public class TicketQuery extends HttpServlet {
 
 	private Gson gson = SQLCore.gson;
@@ -51,7 +52,7 @@ public class TicketQuery extends HttpServlet {
 		try (Session s = SQLCore.sf.openSession()) {
 
 			HttpSession httpSession = request.getSession(false);
-			if (httpSession == null || httpSession.getAttribute("authorized") != Command.QUERY) {
+			if (Checker.authorized(httpSession, Command.QUERY)) {
 				return new Response(Response.ResponseCode.UNAUTHORIZED);
 			}
 			User u = (User) httpSession.getAttribute("user");

src/main/java/love/sola/netsupport/api/TicketSubmit.java

@@ -4,6 +4,7 @@ import com.google.gson.Gson;
 import love.sola.netsupport.pojo.Ticket;
 import love.sola.netsupport.pojo.User;
 import love.sola.netsupport.sql.SQLCore;
+import love.sola.netsupport.util.Checker;
 import love.sola.netsupport.util.ParseUtil;
 import love.sola.netsupport.wechat.Command;
 import org.hibernate.HibernateException;
@@ -54,7 +55,7 @@ public class TicketSubmit extends HttpServlet {
 		try (Session s = SQLCore.sf.openSession()) {
 
 			HttpSession httpSession = request.getSession(false);
-			if (httpSession == null || httpSession.getAttribute("authorized") != Command.SUBMIT) {
+			if (Checker.authorized(httpSession, Command.SUBMIT)) {
 				return new Response(Response.ResponseCode.UNAUTHORIZED);
 			}
 			User u = (User) httpSession.getAttribute("user");

src/main/java/love/sola/netsupport/api/admin/Login.java

@@ -0,0 +1,75 @@
+package love.sola.netsupport.api.admin;
+
+import com.google.gson.Gson;
+import love.sola.netsupport.api.Response;
+import love.sola.netsupport.pojo.Operator;
+import love.sola.netsupport.sql.SQLCore;
+import love.sola.netsupport.util.Checker;
+import love.sola.netsupport.util.Crypto;
+import love.sola.netsupport.util.ParseUtil;
+import org.hibernate.HibernateException;
+import org.hibernate.Session;
+
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebServlet;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * ***********************************************
+ * Created by Sola on 2015/12/12.
+ * Don't modify this source without my agreement
+ * ***********************************************
+ */
+@WebServlet(name = "Login", urlPatterns = "/api/login", loadOnStartup = 31)
+public class Login extends HttpServlet {
+
+	private Gson gson = SQLCore.gson;
+
+	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		doGet(request, response);
+	}
+
+	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+		request.setCharacterEncoding("utf-8");
+		response.setCharacterEncoding("utf-8");
+		response.addHeader("Content-type", "text/json;charset=utf-8");
+		PrintWriter out = response.getWriter();
+		String json = gson.toJson(login(request));
+		out.println(ParseUtil.parseJsonP(request, json));
+		out.close();
+	}
+
+	private Response login(HttpServletRequest request) {
+		String wechat = request.getParameter("wechat");
+		String opId = request.getParameter("op");
+		String password = request.getParameter("pass");
+		if (Checker.nonNull(wechat, opId, password)) return new Response(Response.ResponseCode.PARAMETER_REQUIRED);
+
+		try (Session s = SQLCore.sf.openSession()) {
+			Operator operator = s.get(Operator.class, Integer.parseInt(opId));
+			if (operator == null) return new Response(Response.ResponseCode.OPERATOR_NOT_FOUND);
+			if (!wechat.equals(operator.getWechat()))
+				return new Response(Response.ResponseCode.INCORRECT_WECHAT);
+			if (!Crypto.check(password,operator.getPassword()))
+				return new Response(Response.ResponseCode.WRONG_PASSWORD);
+
+			HttpSession httpSession = request.getSession(true);
+			httpSession.setAttribute("wechat", wechat);
+			httpSession.setAttribute("operator", operator);
+			return new Response(Response.ResponseCode.OK);
+		} catch (NumberFormatException e) {
+			return new Response(Response.ResponseCode.ILLEGAL_PARAMETER);
+		} catch (HibernateException e) {
+			e.printStackTrace();
+			return new Response(Response.ResponseCode.DATABASE_ERROR, e);
+		} catch (Exception e) {
+			e.printStackTrace();
+			return new Response(Response.ResponseCode.INTERNAL_ERROR, e);
+		}
+	}
+}

src/main/java/love/sola/netsupport/util/AESUtil.java

@@ -0,0 +1,51 @@
+package love.sola.netsupport.util;
+
+import org.apache.commons.codec.binary.Base64;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+
+public class AESUtil {
+
+	public static final byte[] initVector   =   "RandomInitVector".getBytes(StandardCharsets.UTF_8);
+	public static final byte[] key          =   "$bitch@sola.love".getBytes(StandardCharsets.UTF_8);
+
+	public static String encrypt(String value) {
+        try {
+            IvParameterSpec iv = new IvParameterSpec(initVector);
+            SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
+
+            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
+            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
+
+            byte[] encrypted = cipher.doFinal(value.getBytes());
+
+            return Base64.encodeBase64String(encrypted);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+
+        return null;
+    }
+
+    public static String decrypt(String encrypted) {
+        try {
+            IvParameterSpec iv = new IvParameterSpec(initVector);
+            SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
+
+            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
+            cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
+
+            byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));
+
+            return new String(original);
+        } catch (Exception ex) {
+            ex.printStackTrace();
+        }
+
+        return null;
+    }
+
+}

src/main/java/love/sola/netsupport/util/Checker.java

@@ -0,0 +1,24 @@
+package love.sola.netsupport.util;
+
+import love.sola.netsupport.wechat.Command;
+
+import javax.servlet.http.HttpSession;
+
+/**
+ * ***********************************************
+ * Created by Sola on 2015/12/12.
+ * Don't modify this source without my agreement
+ * ***********************************************
+ */
+public class Checker {
+
+	public static boolean nonNull(Object... v) {
+		for (Object o : v) if (o == null) return false;
+		return true;
+	}
+
+	public static boolean authorized(HttpSession s, Command c) {
+		return s != null && s.getAttribute("authorized") == c;
+	}
+
+}

src/main/java/love/sola/netsupport/util/Crypto.java

@@ -8,14 +8,14 @@ import org.mindrot.jbcrypt.BCrypt;
  * Don't modify this source without my agreement
  * ***********************************************
  */
-public class Crypt {
+public class Crypto {
 
 	public static String hash(String pw) {
 		return BCrypt.hashpw(pw, BCrypt.gensalt());
 	}
 
 	public static boolean check(String plain, String hash) {
-		return BCrypt.checkpw(plain, hash);
+		return BCrypt.checkpw(AESUtil.decrypt(plain), hash);
 	}
 
 }

src/test/java/love/sola/netsupport/wechat/TestEncrypt.java

@@ -1,5 +1,6 @@
 package love.sola.netsupport.wechat;
 
+import love.sola.netsupport.util.AESUtil;
 import org.junit.Test;
 import org.mindrot.jbcrypt.BCrypt;
 
@@ -12,9 +13,15 @@ import org.mindrot.jbcrypt.BCrypt;
 public class TestEncrypt {
 
 	@Test
-	public void test() {
+	public void testBCrypt() {
 		String hash = BCrypt.hashpw("mypasswordhere", BCrypt.gensalt());
 		assert BCrypt.checkpw("mypasswordhere", hash);
 	}
 
+	@Test
+	public void testAES() {
+		assert "Hello World".equals(AESUtil.decrypt(AESUtil.encrypt("Hello World")));
+		assert "Encrypt".equals(AESUtil.decrypt(AESUtil.encrypt("Encrypt")));
+	}
+
 }