111

2b46aee1 · huangZW · bb0fd6b5 · 2b46aee1 · 2b46aee1 · 2b46aee1
Commit 2b46aee1 authored Apr 08, 2020 by huangZW
4 changed files
--- a/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/anno/HttpLimit.java
+++ b/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/anno/HttpLimit.java
+package com.gic.haoban.manage.web.anno;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.util.concurrent.TimeUnit;
+/**
+ * 访问限制
+ * 默认1秒
+ * @author hzw
+ *
+ */
+@Target({ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+public @interface HttpLimit {
+     long time() default 1L;
+     TimeUnit unit() default TimeUnit.SECONDS;
+     int times() default 2;
+}
\ No newline at end of file
--- a/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/controller/ClerkController.java
+++ b/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/controller/ClerkController.java
@@ -30,6 +30,7 @@ import com.gic.haoban.manage.api.service.BindApiService;
 import com.gic.haoban.manage.api.service.DepartmentApiService;
 import com.gic.haoban.manage.api.service.StaffApiService;
 import com.gic.haoban.manage.api.service.StaffDepartmentRelatedApiService;
+import com.gic.haoban.manage.web.anno.HttpLimit;
 import com.gic.haoban.manage.web.errCode.HaoBanErrCode;
 import com.gic.haoban.manage.web.interceptor.WebInterceptor;
 import com.gic.haoban.manage.web.vo.ClerkVo;
@@ -166,6 +167,7 @@ public class ClerkController extends WebBaseController{
 	}
 	//成员绑定
+	@HttpLimit
 	@RequestMapping("/staff-bind")
 	public HaobanResponse staffBind(String departmentId,String fromClerkCode,String fromStaffDepartmentRelatedId) {
 		if(StringUtils.isAnyBlank(departmentId,fromClerkCode,fromStaffDepartmentRelatedId)){
@@ -175,6 +177,7 @@ public class ClerkController extends WebBaseController{
 		return resultResponse(HaoBanErrCode.ERR_1);
 	}
 	//成员解除绑定
+	@HttpLimit
 	@RequestMapping("/clerk-single-unbind")
 	public HaobanResponse clerkSingleUnbind(String fromClerkCode,String departmentId) {
 		if(StringUtils.isAnyBlank(fromClerkCode)){
@@ -184,6 +187,7 @@ public class ClerkController extends WebBaseController{
 		return resultResponse(HaoBanErrCode.ERR_1);
 	}
 	//成员换绑定
+	@HttpLimit
 	@RequestMapping("/clerk-unbind")
 	public HaobanResponse clerkUnbind(String departmentId,String fromClerkCode,String toStaffId,String manager) {
 		if(StringUtils.isAnyBlank(fromClerkCode,toStaffId)){
@@ -197,6 +201,7 @@ public class ClerkController extends WebBaseController{
 		return resultResponse(HaoBanErrCode.ERR_1);
 	}
 	//店长转让
+	@HttpLimit
 	@RequestMapping("/clerk-manager-tranfer")
 	public HaobanResponse clerkManagerTranfer(String departmentId,String fromClerkCode,String toStaffDepartmentRelatedId) {
 		logger.info("===========================》111111111111111");

--- a/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/errCode/HaoBanErrCode.java
+++ b/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/errCode/HaoBanErrCode.java
@@ -68,6 +68,8 @@ public enum HaoBanErrCode {
    ERR_21(21, "验证码已过期或者错误"),
    ERR_22(22, "验证码一分钟只能请求一次"),
+    ERR_10008(10008,"请不要过于频繁点击"),
    /**
     * 员工档案模块

--- a/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/interceptor/HttpLimitInterceptor.java
+++ b/haoban-manage3-wx/src/main/java/com/gic/haoban/manage/web/interceptor/HttpLimitInterceptor.java
+package com.gic.haoban.manage.web.interceptor;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Map;
+import com.alibaba.fastjson.JSONObject;
+import com.gic.haoban.common.utils.HaobanResponse;
+import com.gic.haoban.manage.web.anno.HttpLimit;
+import com.gic.haoban.manage.web.errCode.HaoBanErrCode;
+import com.gic.redis.data.util.RedisUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+/**
+ * 测试登录拦截器
+ *
+ * @author zhurz
+ */
+public class HttpLimitInterceptor extends HandlerInterceptorAdapter {
+    private static Logger logger = LoggerFactory.getLogger(HttpLimitInterceptor.class);
+    private void errorResult(HttpServletResponse httpServletResponse, HaoBanErrCode errCode) {
+        HaobanResponse response = new HaobanResponse();
+        response.setErrorCode(errCode.getCode());
+        response.setMessage(errCode.getMsg());
+        PrintWriter writer = null;
+        try {
+            httpServletResponse.setHeader("Content-type", "application/json;charset=UTF-8");
+            writer = httpServletResponse.getWriter();
+            writer.append(JSONObject.toJSONString(response));
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+    @Override
+    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o) throws Exception {
+        String requestURI = httpServletRequest.getRequestURI();
+        logger.info("post-url:{}", requestURI);
+        Map<String, String[]> parameterMap = httpServletRequest.getParameterMap();
+        logger.info("post-params:{}", JSONObject.toJSONString(parameterMap));
+        if (!(o instanceof HandlerMethod)) {
+            return true;
+        }
+        HandlerMethod handler = (HandlerMethod) o;
+        HttpLimit httpLimit = handler.getMethodAnnotation(HttpLimit.class);
+        if (httpLimit != null) {
+            String ip = getIpAddress(httpServletRequest);
+            String url = httpServletRequest.getRequestURL().toString();
+            String key = "http_limit_".concat(url);
+            key = key + ip;
+            if(RedisUtil.getCache(key)!=null){
+                this.errorResult(httpServletResponse, HaoBanErrCode.ERR_10008);
+                logger.info("过于频繁点击");
+            	return false;
+            }else{
+            	RedisUtil.setCache(key, 1, httpLimit.time());
+            }
+        }
+        return true;
+    }
+    private String getIpAddress(HttpServletRequest request) {
+        String ip = request.getHeader("x-forwarded-for");
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("Proxy-Client-IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("WL-Proxy-Client-IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("HTTP_CLIENT_IP");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getHeader("HTTP_X_FORWARDED_FOR");
+        }
+        if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
+            ip = request.getRemoteAddr();
+        }
+        return ip;
+    }
+}