wangrui
/
videoalliance


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296
							package com.chinacreator.videoalliance.order.service;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import com.chinacreator.common.exception.BusinessException;
import com.chinacreator.common.util.RequestUtil;
import com.chinacreator.videoalliance.common.dao.DictionaryDao;
import com.chinacreator.videoalliance.order.bean.OrderInfo;
import com.chinacreator.videoalliance.order.dao.BackBusiOrderDao;
import com.chinacreator.videoalliance.order.dao.BusiOperlimitConfDao;
import com.chinacreator.videoalliance.order.dao.SPDao;
import com.chinacreator.videoalliance.order.util.IpAddrUtil;
import com.chinacreator.videoalliance.order.util.JsonUtil;

@Component
public class OrderValiService {
	
	private static Logger errorlog = Logger.getLogger("orderError");
	
	private static Logger iplog = Logger.getLogger("iplog");
	
	@Autowired
	private SPDao sPDao;
	
	@Autowired
	private BackBusiOrderDao backBusiOrderDao;
	
	@Autowired
	private BusiOperlimitConfDao busiOperlimitConfDao;
	
    @Autowired
    private DictionaryDao dictionaryDao;
	
	public void vali(HttpServletRequest request,OrderInfo orderInfo) throws Exception{
	    //IP验证
	    if(!StringUtils.isEmpty(orderInfo.getInvokeface()) && !ipVali(orderInfo)){
	    	throw new BusinessException("9002", "IP验证未通过", new String[0]);
	    }
	    String ip = RequestUtil.getIpAddr(request);
	    if("183.3.234.51".equals(ip) //|| "47.93.215.93".equals(ip)
	    		){
	    	throw new BusinessException("9002", "非法访问", new String[0]);
	    }

		//非后向接口请求要验证办理的是否后向产品
		if(!"backorder".equals(orderInfo.getInvokeface())){	
			
		    //验证CPID、SPID是否合法
			HashMap spInfo =  backBusiOrderDao.getCpSp(orderInfo.getCpid(),orderInfo.getSpid());
			if(spInfo == null || spInfo.size() == 0){
				throw new BusinessException("9002", "非法访问", new String[0]);
			}
			
			//验证是否为后台产品
			List<HashMap> confList = backBusiOrderDao.getBackBusiConf(orderInfo.getCpid(),orderInfo.getSpid());
			if(confList != null && confList.size()>0){
				throw new BusinessException("9002", "非法访问", new String[0]);
			}
		}
		
		//验证业务办理是否限制
		this.valiOperLimit(request, orderInfo);
		
		//验证省份办理限制
		this.valiProvinceLimit(orderInfo);
	}
	
	/**
	 * 验证业务操作限制（是否能订购，是否能退订）
	 * @param request
	 * @param orderInfo
	 * @throws Exception
	 */
	public void valiOperLimit(HttpServletRequest request,OrderInfo orderInfo) throws Exception {
		//请求IP
		String ip = RequestUtil.getIpAddr(request);
		//办理渠道
		String channel = "";
		//0订购，1退订
		String opertype = orderInfo.getStatus()+"";
		if("0".equals(opertype)){
			channel = orderInfo.getOrderchannel();
		}else{
			channel = orderInfo.getCancelchannel();
		}
		
		errorlog.info("userid=>"+orderInfo.getUserid()+"#cpid=>"+orderInfo.getCpid()+"#spid=>"+orderInfo.getSpid()+"#channel=>"+channel+"#type=>"+orderInfo.getStatus()+"#ip=>"+ip);
		
		//OPERTYPE和SPID如配置了多条数据，经过排序，如果配置了多条数据，为空的会在最后一条
    	List<HashMap> dataList = busiOperlimitConfDao.valiOperLimit(orderInfo.getSpid(),opertype);
    	//是否限制办理
		boolean haslimit = false;
        if(dataList != null && dataList.size()>0){ 
        	for(HashMap tm : dataList){
        		//能查到数据代表有限制，先设置为受限制
            	haslimit = true;
            	//配置了指定渠道不受限制，且渠道相同
        		if(!StringUtils.isEmpty(channel) &&  channel.equals(tm.get("CHANNEL"))){
        			//设置为不受限制
    				haslimit = false;
    				//配置了IP白名单，调用的IP必须在名单内
    				if(!StringUtils.isEmpty((String)tm.get("IP"))){
    					//先设置为受限制
    					haslimit = true;
    					//把IP转为LIST
    					List<String> ipList = Arrays.asList(tm.get("IP").toString().split(","));
    					//请求IP包含在白名单内
    					if(ipList.contains(ip)){
    						haslimit = false;
    					}
    				}
    			}
        		//如果不受限制，说明有匹配到了不受限制的配置数据，不再循环下一条
        		if(!haslimit){
        			break;
        		}
        	}
   		    	   
        	//被限制抛异常
        	if(haslimit){
        		throw new BusinessException("7020", "该产品已下线，暂停办理");
        	}
        }
	}
	
	/**
	 * IP验证
	 * @param invokeface  接口名称
	 * @return
	 */
	public boolean ipVali(OrderInfo orderInfo) {
		boolean result = false;
		//接口标识为空，不验证
		if(orderInfo == null || StringUtils.isEmpty(orderInfo.getInvokeface())){
			return true;
		}
		//访问IP列表
		List<String> ipList = null;
		Map<String,String> confdata = null;
		try {
			ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
			HttpServletRequest request = attributes.getRequest();
			//获取IP列表
			ipList = IpAddrUtil.getIpAddrList(request, orderInfo.getChannel());
			//获取IP白名单
			List<HashMap>  ipconfList = busiOperlimitConfDao.valiIpLimit(orderInfo.getInvokeface());
			if(ipconfList != null && ipconfList.size()>0){
				confdata = ipconfList.get(0);
			}
			if(confdata != null && confdata.size()>0){
				String configIp = confdata.get("IP");
				if(StringUtils.isNotEmpty(configIp)) {
					//配置为*，无权限配置
				    if(configIp.equals("*")){
				    	result = true;
		            }else{
		            	//匹配白名单
						List<String> list = Arrays.asList(configIp.split("\\|"));
						for(String tmpip : list){
							//如果全包含
							if(ipList.contains(tmpip)){
								result = true;
								break;
							}
							//如果有部分配置*
							if(!result && tmpip.indexOf("*") != -1 && hasStartsWith(ipList, tmpip)){
								result = true;
								break;
							}
						}
		            }
				}
			}else{
				result = true; //没配置白名单，不验证
			}
		} catch (Exception e) {
			e.printStackTrace();
			iplog.error(orderInfo.getInvokeface()+"，IP验证出现异常，"+e.getMessage());
		} finally {
			iplog.info("invokeface=>"+orderInfo.getInvokeface()+", ipList=>"+ipList+"，result=>"+result+"，confdata=>"+confdata);
		}
		return result;
	}
	
	/**
	 * 判断是否模糊匹配
	 * @param ipList
	 * @param confip
	 * @return
	 */
	private boolean hasStartsWith(List<String> ipList, String confip){
		boolean res = false;
		for(String ip : ipList){
			if(ip.startsWith(confip.split("[*]")[0])){
				res = true;
				break;
			}
		}
		return res;
	}
	
	/**
	 * 验证省份限制
	 * @param orderInfo
	 * @throws Exception
	 */
	public void valiProvinceLimit(OrderInfo orderInfo) throws Exception {
			String notProvinceLimitcpid = dictionaryDao.getValue("notProvinceLimitcpid");
			if(!StringUtils.isEmpty(notProvinceLimitcpid)){ 
				List<String> cpids = Arrays.asList(notProvinceLimitcpid.split(","));
				if(cpids != null && cpids.contains(orderInfo.getCpid())){
					return;
				}
			}

			if(!StringUtils.isEmpty(notProvinceLimitcpid)){ 
				List<String> cpids = Arrays.asList(notProvinceLimitcpid.split(","));
				if(cpids != null && cpids.contains(orderInfo.getCpid())){
					return;
				}
			}
			
			//0订购，1退订
			String opertype = orderInfo.getStatus()+"";
			//如果省份为空，设置为*
			String province = orderInfo.getProvince();
			if(StringUtils.isEmpty(province)) {
				province = "*";
			}
			
			List<HashMap> confList = busiOperlimitConfDao.valiProvinceLimit(orderInfo.getInvokeface(), province, opertype);
			if(confList != null && confList.size() > 0){
				//渠道是否不要验证
				if(this.valiNoprovinceLimitChannel(orderInfo)){
					return;
				}
				if("广东".equals(orderInfo.getProvince()) && "0".equals(opertype)){
					throw new BusinessException("9003", "业务平台满载，正在升级中，暂时无法受理新用户订购，敬请谅解");	
				}else if("*".equals(province)){
					throw new BusinessException("9003", "您号码的归属地暂未开放该业务，敬请期待");
				}else{
					throw new BusinessException("9003", "您号码的归属地{0}暂未开放该业务，敬请期待", new String[]{orderInfo.getProvince()});
				}		
			}
	}
	
	/**
	 * 渠道是否放开了限制
	 * @param orderInfo
	 * @return true是，false否
	 */
	private boolean valiNoprovinceLimitChannel(OrderInfo orderInfo){
		boolean res = false;
		try {
			//不要限制 渠道配置
			String notProvinceLimitchannel = dictionaryDao.getValue("notProvinceLimitchannel");
			String channel = orderInfo.getChannel();
			String subchannel = orderInfo.getSubchannel();
			//如果省份为空，设置为*
			String province = orderInfo.getProvince();
			if(StringUtils.isEmpty(province)) {
				province = "*";
			}
			//不要限制的渠道
			String nolimitchannel = "";
			if(!StringUtils.isEmpty(channel)){
				nolimitchannel += channel;
			}
			if(!StringUtils.isEmpty(channel) && !StringUtils.isEmpty(subchannel)){
				nolimitchannel += subchannel;
			}
			if(!StringUtils.isEmpty(nolimitchannel) && !StringUtils.isEmpty(notProvinceLimitchannel)){
				Map tmpMap = JsonUtil.jsonToMap(notProvinceLimitchannel);
				if(tmpMap != null && tmpMap.get(province) != null && !StringUtils.isEmpty(tmpMap.get(province).toString())){
					List<String> channels = Arrays.asList(tmpMap.get(province).toString().split(","));
					if(channels != null && channels.contains(nolimitchannel)){
						res = true;
					}
				}
			}
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
		return res;
	}
}