diff --git a/src/main/java/com/dispose/common/ConstValue.java b/src/main/java/com/dispose/common/ConstValue.java index cf4f4ede..bea76cba 100644 --- a/src/main/java/com/dispose/common/ConstValue.java +++ b/src/main/java/com/dispose/common/ConstValue.java @@ -29,6 +29,17 @@ public class ConstValue { * The constant TOKEN_EXPIRED_TIME_MS. */ public static final long TOKEN_EXPIRED_TIME_MS = TOKEN_TIMEOUT_MS; + + /** + * The constant MYSQL_REGEX. + */ + public static final String MYSQL_REGEX = "^((?!(and|exec|insert|select|drop|grant|alter" + + "|delete|update|count|chr|mid|master|truncate|char|declare|or|--|\\s|\\*|%|\\+|'|;])).)*$"; + + /** + * The constant MYSQL_REGEX_CHARS. + */ + public static final String MYSQL_REGEX_CHARS = "^((?!(--|\\s|\\*|%|\\+|'|;])).)*$"; } /** diff --git a/src/main/java/com/dispose/config/DisposeConfigure.java b/src/main/java/com/dispose/config/DisposeConfigure.java index de387571..20462916 100644 --- a/src/main/java/com/dispose/config/DisposeConfigure.java +++ b/src/main/java/com/dispose/config/DisposeConfigure.java @@ -27,4 +27,9 @@ public class DisposeConfigure { * The Split char. */ private String splitChar; + + /** + * The Token timout value. + */ + private String tokenTimoutValue; } diff --git a/src/main/java/com/dispose/controller/AuthController.java b/src/main/java/com/dispose/controller/AuthController.java index df0e4632..8ad9cf7c 100644 --- a/src/main/java/com/dispose/controller/AuthController.java +++ b/src/main/java/com/dispose/controller/AuthController.java @@ -1,12 +1,15 @@ package com.dispose.controller; +import com.dispose.common.ConstValue; import com.dispose.common.ErrorCode; +import com.dispose.config.DisposeConfigure; import com.dispose.pojo.dto.protocol.auth.LoginReq; import com.dispose.pojo.dto.protocol.auth.LoginRsp; +import com.dispose.pojo.dto.protocol.base.BaseRespStatus; import com.dispose.pojo.dto.protocol.base.ProtocolReqDTO; import com.dispose.pojo.dto.protocol.base.ProtocolRespDTO; +import com.dispose.pojo.po.MulReturnType; import com.dispose.service.UserAccountService; -import com.fasterxml.jackson.core.JsonProcessingException; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import lombok.extern.slf4j.Slf4j; @@ -20,6 +23,7 @@ import org.springframework.web.bind.annotation.ResponseBody; import javax.annotation.Resource; import javax.validation.Valid; +import java.security.NoSuchAlgorithmException; /** * The type Auth controller. @@ -36,13 +40,35 @@ public class AuthController { @Resource private UserAccountService userAccountService; + @Resource + private DisposeConfigure disposeConfigure; + @PostMapping("/login") @ResponseBody @ApiOperation("登录") - public ProtocolRespDTO userLogin(@RequestBody @Valid ProtocolReqDTO mr) throws JsonProcessingException { + public ProtocolRespDTO userLogin(@RequestBody @Valid ProtocolReqDTO mr) + throws NoSuchAlgorithmException { + + MulReturnType ret = userAccountService.loginService(mr.getMsgContent().getUserName(), + mr.getMsgContent().getPassword()); + + if(ret.getFirstParam() != ErrorCode.ERR_OK) { + log.error("User login failed, error:{}", ret.getFirstParam().getMsg()); + return ProtocolRespDTO.result(ret.getFirstParam()); + } + + long expTime = ConstValue.GlobalConfigure.TOKEN_EXPIRED_TIME_MS; + + if(disposeConfigure.getTokenTimoutValue() != null ){ + expTime = Long.parseLong(disposeConfigure.getTokenTimoutValue()); + } + return ProtocolRespDTO.result(ErrorCode.ERR_OK, LoginRsp.builder() - .token("1234576") - .build()); + .userName(mr.getMsgContent().getUserName()) + .token(ret.getSecondParam()) + .logTime(System.currentTimeMillis()) + .expireTime(System.currentTimeMillis() + expTime) + .build()); } } diff --git a/src/main/java/com/dispose/exception/GlobalExceptionHandler.java b/src/main/java/com/dispose/exception/GlobalExceptionHandler.java index 2f4b2f9d..2a9f13c2 100644 --- a/src/main/java/com/dispose/exception/GlobalExceptionHandler.java +++ b/src/main/java/com/dispose/exception/GlobalExceptionHandler.java @@ -32,7 +32,7 @@ public class GlobalExceptionHandler { @ExceptionHandler(MethodArgumentNotValidException.class) @ResponseBody public ProtocolRespDTO handleException(MethodArgumentNotValidException ex) { - log.error("Exception: {}", ex.getMessage()); + log.error("Argument Exception: {}", ex.getMessage()); List exMsg = new ArrayList<>(); AtomicInteger idx = new AtomicInteger(); diff --git a/src/main/java/com/dispose/pojo/dto/protocol/auth/LoginReq.java b/src/main/java/com/dispose/pojo/dto/protocol/auth/LoginReq.java index ce3bfb24..66024563 100644 --- a/src/main/java/com/dispose/pojo/dto/protocol/auth/LoginReq.java +++ b/src/main/java/com/dispose/pojo/dto/protocol/auth/LoginReq.java @@ -1,5 +1,6 @@ package com.dispose.pojo.dto.protocol.auth; +import com.dispose.common.ConstValue; import com.fasterxml.jackson.annotation.JsonInclude; import lombok.AllArgsConstructor; import lombok.Builder; @@ -8,9 +9,10 @@ import lombok.NoArgsConstructor; import org.hibernate.validator.constraints.Length; import javax.validation.constraints.NotBlank; +import javax.validation.constraints.Pattern; /** - * The type Login info. + * The type Login req. * * @author */ @@ -24,11 +26,18 @@ public class LoginReq { * The User name. */ @NotBlank(message = "userName 用户名不能为空") + @Pattern(regexp = ConstValue.GlobalConfigure.MYSQL_REGEX_CHARS, + flags = Pattern.Flag.CASE_INSENSITIVE, + message = "userName 用户名存在非法字符串") private String userName; + /** * The Password. */ @NotBlank(message = "password 密码不能为空") @Length(min = 64, max = 64, message = "password 密码长度必须为SHA256编码后的长度") + @Pattern(regexp = ConstValue.GlobalConfigure.MYSQL_REGEX_CHARS, + flags = Pattern.Flag.CASE_INSENSITIVE, + message = "password 密码存在非法字符串") private String password; } diff --git a/src/test/java/com/dispose/test/debug/demo.java b/src/test/java/com/dispose/test/debug/demo.java index 4f2b96cb..a9d0490b 100644 --- a/src/test/java/com/dispose/test/debug/demo.java +++ b/src/test/java/com/dispose/test/debug/demo.java @@ -6,6 +6,7 @@ import org.junit.Test; import java.text.SimpleDateFormat; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; +import java.util.Optional; /** * The type Demo. @@ -55,7 +56,13 @@ public class demo { @Test public void dateTimeDebug() { + Integer v1 = null; + Integer v2 = 1; + log.info("Current Datetime: {}", LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"))); //log.info("Current Datetime: {}", new SimpleDateFormat("yyyy-MM-dd :hh:mm:ss").format(LocalDateTime.now())); + + log.info("v1: {}", Optional.ofNullable(v1).orElse(0)); + log.info("v2: {}", Optional.ofNullable(v2).orElse(0)); } }