package net.tooan.ynpay.api.webapp.controller.rest;
import com.google.gson.Gson;
import net.tooan.ynpay.commons.YnpayJndiConstants;
import net.tooan.ynpay.commons.helper.Encrypt;
import net.tooan.ynpay.third.jfinal.aop.Before;
import net.tooan.ynpay.third.jfinal.core.Controller;
import net.tooan.ynpay.third.jfinal.ext.interceptor.Restful;
import net.tooan.ynpay.third.jfinal.ext.interceptor.ejb.RemoteEJB;
import net.tooan.ynpay.third.jfinal.log.Logger;
import net.tooan.ynpay.user.agent.bean.User;
import net.tooan.ynpay.user.agent.facade.SessionFacade;
import net.tooan.ynpay.user.agent.facade.UserFacade;
import net.tooan.ynpay.user.agent.model.Session;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
/**
* Created with IntelliJ IDEA.
* User: Jing
* Date: 13-11-21
* Time: 下午3:11
*/
@Before(Restful.class)
public class SessionController extends Controller {
private static final Logger logger = Logger.getLogger(SessionController.class);
@RemoteEJB(mappedName = YnpayJndiConstants.User_Facade_Remote)
private UserFacade userFacade;
@RemoteEJB(mappedName = YnpayJndiConstants.Mongo_Session_Facade_Remote)
private SessionFacade sessionFacade;
private static final Gson gson = new Gson();
public void index() {
renderError(HttpStatus.SC_NOT_FOUND);
}
public void save() {
try {
// 从输入流中获取内容,并转换为 json 格式
Map info = gson.fromJson(IOUtils.toString(getRequest().getInputStream()), HashMap.class);
String username = (String) info.get("username");
String signature = (String) info.get("signature");
String timestamp = (String) info.get("timestamp");
// 通过用户名查询用户信息
User user = userFacade.findOneBy("username", username);
if (user == null) {
// 用户不存在,抛出未授权【401】错误
renderError(HttpStatus.SC_UNAUTHORIZED);
} else {
// 对请求参数进行校验
String[] pars = new String[]{username, timestamp, user.getKey()};
Arrays.sort(pars);
if (signature.equals(Encrypt.sha1(StringUtils.join(pars, "")))) {
// 验证通过
if (user.getStatus() == 1) {
// 用户状态正常
// 保存用户 Session,默认保存 24 小时
Session session = sessionFacade.save(user, -1, true);
session.setUser(null);
session.setId(null);
// 返回授权 token
renderJson(session);
} else {
// 用户状态异常(停用或未激活),抛出禁止访问【403】错误
renderError(HttpStatus.SC_FORBIDDEN);
}
} else {
// 验证失败,抛出未授权【401】错误
renderError(HttpStatus.SC_UNAUTHORIZED);
}
}
} catch (Exception e) {
if (logger.isErrorEnabled()) {
logger.error(e.getMessage(), e);
}
renderError(HttpStatus.SC_BAD_REQUEST);
}
}
}