123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296 |
- package com.chinacreator.videoalliance.order.service;
- import java.util.Arrays;
- import java.util.HashMap;
- import java.util.List;
- import java.util.Map;
- import javax.servlet.http.HttpServletRequest;
- import org.apache.commons.lang.StringUtils;
- import org.apache.log4j.Logger;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.stereotype.Component;
- import org.springframework.web.context.request.RequestContextHolder;
- import org.springframework.web.context.request.ServletRequestAttributes;
- import com.chinacreator.common.exception.BusinessException;
- import com.chinacreator.common.util.RequestUtil;
- import com.chinacreator.videoalliance.common.dao.DictionaryDao;
- import com.chinacreator.videoalliance.order.bean.OrderInfo;
- import com.chinacreator.videoalliance.order.dao.BackBusiOrderDao;
- import com.chinacreator.videoalliance.order.dao.BusiOperlimitConfDao;
- import com.chinacreator.videoalliance.order.dao.SPDao;
- import com.chinacreator.videoalliance.order.util.IpAddrUtil;
- import com.chinacreator.videoalliance.order.util.JsonUtil;
- @Component
- public class OrderValiService {
-
- private static Logger errorlog = Logger.getLogger("orderError");
-
- private static Logger iplog = Logger.getLogger("iplog");
-
- @Autowired
- private SPDao sPDao;
-
- @Autowired
- private BackBusiOrderDao backBusiOrderDao;
-
- @Autowired
- private BusiOperlimitConfDao busiOperlimitConfDao;
-
- @Autowired
- private DictionaryDao dictionaryDao;
-
- public void vali(HttpServletRequest request,OrderInfo orderInfo) throws Exception{
- //IP验证
- if(!StringUtils.isEmpty(orderInfo.getInvokeface()) && !ipVali(orderInfo)){
- throw new BusinessException("9002", "IP验证未通过", new String[0]);
- }
- String ip = RequestUtil.getIpAddr(request);
- if("183.3.234.51".equals(ip) //|| "47.93.215.93".equals(ip)
- ){
- throw new BusinessException("9002", "非法访问", new String[0]);
- }
- //非后向接口请求要验证办理的是否后向产品
- if(!"backorder".equals(orderInfo.getInvokeface())){
-
- //验证CPID、SPID是否合法
- HashMap spInfo = backBusiOrderDao.getCpSp(orderInfo.getCpid(),orderInfo.getSpid());
- if(spInfo == null || spInfo.size() == 0){
- throw new BusinessException("9002", "非法访问", new String[0]);
- }
-
- //验证是否为后台产品
- List<HashMap> confList = backBusiOrderDao.getBackBusiConf(orderInfo.getCpid(),orderInfo.getSpid());
- if(confList != null && confList.size()>0){
- throw new BusinessException("9002", "非法访问", new String[0]);
- }
- }
-
- //验证业务办理是否限制
- this.valiOperLimit(request, orderInfo);
-
- //验证省份办理限制
- this.valiProvinceLimit(orderInfo);
- }
-
- /**
- * 验证业务操作限制(是否能订购,是否能退订)
- * @param request
- * @param orderInfo
- * @throws Exception
- */
- public void valiOperLimit(HttpServletRequest request,OrderInfo orderInfo) throws Exception {
- //请求IP
- String ip = RequestUtil.getIpAddr(request);
- //办理渠道
- String channel = "";
- //0订购,1退订
- String opertype = orderInfo.getStatus()+"";
- if("0".equals(opertype)){
- channel = orderInfo.getOrderchannel();
- }else{
- channel = orderInfo.getCancelchannel();
- }
-
- errorlog.info("userid=>"+orderInfo.getUserid()+"#cpid=>"+orderInfo.getCpid()+"#spid=>"+orderInfo.getSpid()+"#channel=>"+channel+"#type=>"+orderInfo.getStatus()+"#ip=>"+ip);
-
- //OPERTYPE和SPID如配置了多条数据,经过排序,如果配置了多条数据,为空的会在最后一条
- List<HashMap> dataList = busiOperlimitConfDao.valiOperLimit(orderInfo.getSpid(),opertype);
- //是否限制办理
- boolean haslimit = false;
- if(dataList != null && dataList.size()>0){
- for(HashMap tm : dataList){
- //能查到数据代表有限制,先设置为受限制
- haslimit = true;
- //配置了指定渠道不受限制,且渠道相同
- if(!StringUtils.isEmpty(channel) && channel.equals(tm.get("CHANNEL"))){
- //设置为不受限制
- haslimit = false;
- //配置了IP白名单,调用的IP必须在名单内
- if(!StringUtils.isEmpty((String)tm.get("IP"))){
- //先设置为受限制
- haslimit = true;
- //把IP转为LIST
- List<String> ipList = Arrays.asList(tm.get("IP").toString().split(","));
- //请求IP包含在白名单内
- if(ipList.contains(ip)){
- haslimit = false;
- }
- }
- }
- //如果不受限制,说明有匹配到了不受限制的配置数据,不再循环下一条
- if(!haslimit){
- break;
- }
- }
-
- //被限制抛异常
- if(haslimit){
- throw new BusinessException("7020", "该产品已下线,暂停办理");
- }
- }
- }
-
- /**
- * IP验证
- * @param invokeface 接口名称
- * @return
- */
- public boolean ipVali(OrderInfo orderInfo) {
- boolean result = false;
- //接口标识为空,不验证
- if(orderInfo == null || StringUtils.isEmpty(orderInfo.getInvokeface())){
- return true;
- }
- //访问IP列表
- List<String> ipList = null;
- Map<String,String> confdata = null;
- try {
- ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
- HttpServletRequest request = attributes.getRequest();
- //获取IP列表
- ipList = IpAddrUtil.getIpAddrList(request, orderInfo.getChannel());
- //获取IP白名单
- List<HashMap> ipconfList = busiOperlimitConfDao.valiIpLimit(orderInfo.getInvokeface());
- if(ipconfList != null && ipconfList.size()>0){
- confdata = ipconfList.get(0);
- }
- if(confdata != null && confdata.size()>0){
- String configIp = confdata.get("IP");
- if(StringUtils.isNotEmpty(configIp)) {
- //配置为*,无权限配置
- if(configIp.equals("*")){
- result = true;
- }else{
- //匹配白名单
- List<String> list = Arrays.asList(configIp.split("\\|"));
- for(String tmpip : list){
- //如果全包含
- if(ipList.contains(tmpip)){
- result = true;
- break;
- }
- //如果有部分配置*
- if(!result && tmpip.indexOf("*") != -1 && hasStartsWith(ipList, tmpip)){
- result = true;
- break;
- }
- }
- }
- }
- }else{
- result = true; //没配置白名单,不验证
- }
- } catch (Exception e) {
- e.printStackTrace();
- iplog.error(orderInfo.getInvokeface()+",IP验证出现异常,"+e.getMessage());
- } finally {
- iplog.info("invokeface=>"+orderInfo.getInvokeface()+", ipList=>"+ipList+",result=>"+result+",confdata=>"+confdata);
- }
- return result;
- }
-
- /**
- * 判断是否模糊匹配
- * @param ipList
- * @param confip
- * @return
- */
- private boolean hasStartsWith(List<String> ipList, String confip){
- boolean res = false;
- for(String ip : ipList){
- if(ip.startsWith(confip.split("[*]")[0])){
- res = true;
- break;
- }
- }
- return res;
- }
-
- /**
- * 验证省份限制
- * @param orderInfo
- * @throws Exception
- */
- public void valiProvinceLimit(OrderInfo orderInfo) throws Exception {
- String notProvinceLimitcpid = dictionaryDao.getValue("notProvinceLimitcpid");
- if(!StringUtils.isEmpty(notProvinceLimitcpid)){
- List<String> cpids = Arrays.asList(notProvinceLimitcpid.split(","));
- if(cpids != null && cpids.contains(orderInfo.getCpid())){
- return;
- }
- }
- if(!StringUtils.isEmpty(notProvinceLimitcpid)){
- List<String> cpids = Arrays.asList(notProvinceLimitcpid.split(","));
- if(cpids != null && cpids.contains(orderInfo.getCpid())){
- return;
- }
- }
-
- //0订购,1退订
- String opertype = orderInfo.getStatus()+"";
- //如果省份为空,设置为*
- String province = orderInfo.getProvince();
- if(StringUtils.isEmpty(province)) {
- province = "*";
- }
-
- List<HashMap> confList = busiOperlimitConfDao.valiProvinceLimit(orderInfo.getInvokeface(), province, opertype);
- if(confList != null && confList.size() > 0){
- //渠道是否不要验证
- if(this.valiNoprovinceLimitChannel(orderInfo)){
- return;
- }
- if("广东".equals(orderInfo.getProvince()) && "0".equals(opertype)){
- throw new BusinessException("9003", "业务平台满载,正在升级中,暂时无法受理新用户订购,敬请谅解");
- }else if("*".equals(province)){
- throw new BusinessException("9003", "您号码的归属地暂未开放该业务,敬请期待");
- }else{
- throw new BusinessException("9003", "您号码的归属地{0}暂未开放该业务,敬请期待", new String[]{orderInfo.getProvince()});
- }
- }
- }
-
- /**
- * 渠道是否放开了限制
- * @param orderInfo
- * @return true是,false否
- */
- private boolean valiNoprovinceLimitChannel(OrderInfo orderInfo){
- boolean res = false;
- try {
- //不要限制 渠道配置
- String notProvinceLimitchannel = dictionaryDao.getValue("notProvinceLimitchannel");
- String channel = orderInfo.getChannel();
- String subchannel = orderInfo.getSubchannel();
- //如果省份为空,设置为*
- String province = orderInfo.getProvince();
- if(StringUtils.isEmpty(province)) {
- province = "*";
- }
- //不要限制的渠道
- String nolimitchannel = "";
- if(!StringUtils.isEmpty(channel)){
- nolimitchannel += channel;
- }
- if(!StringUtils.isEmpty(channel) && !StringUtils.isEmpty(subchannel)){
- nolimitchannel += subchannel;
- }
- if(!StringUtils.isEmpty(nolimitchannel) && !StringUtils.isEmpty(notProvinceLimitchannel)){
- Map tmpMap = JsonUtil.jsonToMap(notProvinceLimitchannel);
- if(tmpMap != null && tmpMap.get(province) != null && !StringUtils.isEmpty(tmpMap.get(province).toString())){
- List<String> channels = Arrays.asList(tmpMap.get(province).toString().split(","));
- if(channels != null && channels.contains(nolimitchannel)){
- res = true;
- }
- }
- }
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- return res;
- }
- }
|