sourcecode/server/gateway-api/src/main/java/com/qxgmat/controller/api/AuthController.java

package com.qxgmat.controller.api;

import com.github.pagehelper.Page;
import com.nuliji.tools.Response;
import com.nuliji.tools.ResponseHelp;
import com.nuliji.tools.Tools;
import com.nuliji.tools.Transform;
import com.nuliji.tools.exception.AuthException;
import com.nuliji.tools.exception.ParameterException;
import com.nuliji.tools.exception.SystemException;
import com.qxgmat.data.constants.enums.ServiceKey;
import com.qxgmat.data.dao.entity.TextbookLibrary;
import com.qxgmat.data.dao.entity.User;
import com.qxgmat.data.dao.entity.UserMessage;
import com.qxgmat.data.dao.entity.UserOrderRecord;
import com.qxgmat.data.relation.entity.UserPreviewPaperRelation;
import com.qxgmat.dto.request.*;
import com.qxgmat.dto.response.MyDto;
import com.qxgmat.help.AiHelp;
import com.qxgmat.help.CaptchaHelp;
import com.qxgmat.help.ShiroHelp;
import com.qxgmat.help.SmsHelp;
import com.qxgmat.service.UsersService;
import com.qxgmat.service.UserServiceService;
import com.qxgmat.service.extend.MessageExtendService;
import com.qxgmat.service.extend.PreviewService;
import com.qxgmat.service.inline.TextbookLibraryService;
import com.qxgmat.service.inline.UserAbnormalService;
import com.qxgmat.service.inline.UserMessageService;
import com.qxgmat.service.inline.UserOrderRecordService;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.validation.Validator;
import java.util.Collection;
import java.util.Date;
import java.util.List;

/**
 * Created by GaoJie on 2017/10/31.
 */
@RestController
@RequestMapping("/api/auth")
@Api(tags = "用户验证", description = "登录注册找回密码", produces = MediaType.APPLICATION_JSON_VALUE)
public class AuthController {

    @Autowired
    private CaptchaHelp captchaHelp;

    @Autowired
    private SmsHelp smsHelp;

    @Autowired
    private AiHelp aiHelp;

    @Autowired
    private ShiroHelp shiroHelp;

    @Autowired
    private UsersService usersService;

    @Autowired
    private UserServiceService userServiceService;

    @Autowired
    private UserAbnormalService userAbnormalService;

    // 初始化用户信息

    @Autowired
    private TextbookLibraryService textbookLibraryService;

    @Autowired
    private UserMessageService userMessageService;

    @Autowired
    private UserOrderRecordService userOrderRecordService;

    @Autowired
    private PreviewService previewService;

    @Autowired
    private MessageExtendService messageExtendService;


    @RequestMapping(value = "/token", method = RequestMethod.POST)
    @ApiOperation(value = "验证token", httpMethod = "POST")
    public Response<MyDto> token(@RequestHeader(value = "token", required = false) String token, HttpSession session, HttpServletRequest request) {
        User user;
        if (token == null || token.isEmpty()){
            user = shiroHelp.getLoginUser();
            if (user == null) {
                throw new AuthException("未登录");
            }
        }else{
            user = usersService.getUserByToken(token);
            // 用该token登录
            shiroHelp.getSession().login(shiroHelp.user(user.getArea()+":"+user.getMobile(), ""));
        }

        User entity = usersService.get(user.getId());
        MyDto dto = processUser(entity, request);
        return ResponseHelp.success(dto);
    }

    @RequestMapping(value = "/login", method = RequestMethod.POST)
    @ApiOperation(value = "登录/注册", httpMethod = "POST")
    public Response<MyDto> login(@RequestBody @Validated UserLoginDto userLoginDto, HttpSession session, HttpServletRequest request) {
        if (!smsHelp.verifyCode(userLoginDto.getArea(), userLoginDto.getMobile(), userLoginDto.getMobileVerifyCode(), session)) {
            throw new ParameterException("手机验证码错误！");
        }
        try {
            String ip = Tools.getClientIp(request);
            usersService.register(userLoginDto.getArea(), userLoginDto.getMobile(), userLoginDto.getInviteCode(), userLoginDto.getEmail(), null, ip, aiHelp.parseIp(ip));
        }catch (ParameterException e){
            // 忽略已注册信息
        }
        shiroHelp.getSession().login(shiroHelp.user(userLoginDto.getArea()+":"+userLoginDto.getMobile(), ""));

        User user = shiroHelp.getLoginUser();
        User entity = usersService.get(user.getId());
        MyDto dto = processUser(entity, request);
        return ResponseHelp.success(dto);
    }


    @RequestMapping(value = "/wechat_pc", method = RequestMethod.GET)
    @ApiOperation(value = "直接微信二维码登录", httpMethod = "GET")
    public Response<MyDto> directWechatPc(
            @RequestParam(required = false, defaultValue = "") String code,
            HttpSession session, HttpServletRequest request) {
        User user = (User) shiroHelp.getLoginUser();
        user = usersService.Oauth(user, code, "wechat_pc", true);
        if (user.getId() != null && user.getId() > 0){
            user = usersService.get(user.getId());
            shiroHelp.getSession().login(shiroHelp.user(user.getArea()+":"+user.getMobile(), ""));
        }
        user = shiroHelp.getLoginUser();

        MyDto dto = processUser(user, request);
        return ResponseHelp.success(dto);
    }

    // 公众号登录注册：wechat(false) -> wechat(true) -> bind
    // pc登录注册：wechat_pc(true) -> bind
    //           login -> wechat_pc(true)
    @RequestMapping(value = "/wechat", method = RequestMethod.GET)
    @ApiOperation(value = "直接微信公众号登录", httpMethod = "GET")
    public Response<MyDto> directWechat(
            @RequestParam(required = false, defaultValue = "") String code,
            @RequestParam(required = false, defaultValue = "") boolean userInfo,
            HttpSession session, HttpServletRequest request) {
        User user = (User) shiroHelp.getLoginUser();
        user = usersService.Oauth(user, code, "wechat_native", userInfo);
        if (user.getId() != null && user.getId() > 0){
            user = usersService.get(user.getId());
            shiroHelp.getSession().login(shiroHelp.user(user.getArea()+":"+user.getMobile(), ""));
        }
        MyDto dto = processUser(user, request);
        return ResponseHelp.success(dto);
    }

    @RequestMapping(value = "/logout", method = RequestMethod.POST)
    @ApiOperation(value = "登出", httpMethod = "POST")
    public Response<Boolean> logout(HttpSession session, HttpServletRequest request) {
        shiroHelp.logout();
        return ResponseHelp.success(true);
    }

    @RequestMapping(value = "/bind", method = RequestMethod.POST)
    @ApiOperation(value = "绑定手机号", notes="第三方登录后可执行", httpMethod = "POST")
    public Response<MyDto> bind(@RequestBody @Validated UserValidMobileDto userValidMobileDto, HttpSession session, HttpServletRequest request) {
        if (!smsHelp.verifyCode(userValidMobileDto.getArea(), userValidMobileDto.getMobile(), userValidMobileDto.getMobileVerifyCode(), session)) {
            throw new ParameterException("验证码有误，请重新获取！");
        }
        User openUser = (User) shiroHelp.getLoginUser();
        if(openUser == null)
            throw new SystemException("第三方登录错误");
        if(openUser.getMobile() != null && openUser.getMobile().length() > 0)
            throw new SystemException("手机号已绑定");

        try{
            // 创建新的账号，设定手机号，绑定第三方登录
            String ip = Tools.getClientIp(request);
            User user = usersService.register(userValidMobileDto.getArea(), userValidMobileDto.getMobile(), userValidMobileDto.getInviteCode(), userValidMobileDto.getEmail(), openUser, ip, aiHelp.parseIp(ip));
        }catch (ParameterException e){
            throw new ParameterException("该手机号绑定其他账号，请更换手机号码！");
        }
        shiroHelp.getSession().login(shiroHelp.user(userValidMobileDto.getArea()+":"+userValidMobileDto.getMobile(), ""));

        User user = shiroHelp.getLoginUser();
        User entity = usersService.get(user.getId());
        MyDto dto = processUser(entity, request);
        return ResponseHelp.success(dto);
    }

    @RequestMapping(value = "/valid/invite_code", method = RequestMethod.GET)
    @ApiOperation(value = "验证邀请码", notes="查询邀请码对应账号", httpMethod = "GET")
    public Response<String> validInviteCode(
            @RequestParam(required = true) String inviteCode
    ){
        User user = usersService.getByInviteCode(inviteCode);
        if(user == null){
            return ResponseHelp.success(null);
        }else{
            return ResponseHelp.success(user.getNickname());
        }
    }

    @RequestMapping(value = "/valid/mobile", method = RequestMethod.GET)
    @ApiOperation(value = "验证手机号", notes="查询手机对应账号", httpMethod = "GET")
    public Response<Boolean> validMobile(
            @RequestParam(required = true) String area,
            @RequestParam(required = true) String mobile
    ){
        User user = usersService.getByMobile(area, mobile);
        if(user != null){
            return ResponseHelp.success(false);
        }
        return ResponseHelp.success(true);
    }

    @RequestMapping(value = "/valid/wechat", method = RequestMethod.GET)
    @ApiOperation(value = "验证手机号是否绑定微信", notes="查询手机对应账号", httpMethod = "GET")
    public Response<Boolean> validWechat(
            @RequestParam(required = true) String area,
            @RequestParam(required = true) String mobile
    ){
        User user = usersService.getByMobile(area, mobile);
        if (user != null && user.getWechatUnionid() != null && !user.getWechatUnionid().equals("")){
            return ResponseHelp.success(false);
        }
        return ResponseHelp.success(true);
    }

    private MyDto processUser(User user, HttpServletRequest request){
        MyDto dto = Transform.convert(user, MyDto.class);
        if (user.getId() == null || user.getId() == 0) return dto;
        String ip = Tools.getClientIp(request);
        User entity = User.builder().id(user.getId()).build();
        entity.setLatestLoginTime(new Date());
        if (!user.getRegisterIp().equals(ip) && !user.getLatestLoginIp().equals(ip)){
            entity.setLatestLoginIp(ip);
            // 登录异常处理
            if(!aiHelp.compareIp(user.getRegisterIp(), ip)){
                String[] info = aiHelp.parseIp(ip);
                userAbnormalService.push(user.getId(), ip, info);
            }
        }
        // 更新登录信息
        usersService.edit(entity);
        if (!user.getMobile().isEmpty()){
            dto.setBindMobile(true);
        }
        if (!user.getWechatUnionid().isEmpty()){
            dto.setBindWechat(true);
        }
        if (user.getRealStatus() > 0){
            dto.setBindReal(true);
        }
        if(!user.getPrepareStatus().isEmpty()){
            dto.setBindPrepare(true);
        }
        // vip
        dto.setVip(userServiceService.timeService(user.getId(), ServiceKey.VIP));
        // 最新机经
        if (userServiceService.hasService(user.getId(), ServiceKey.TEXTBOOK)){
            TextbookLibrary latest = textbookLibraryService.getLatest();
            dto.setTextbook(latest.getUpdateTime());
        }
        // 未读消息
        Page<UserMessage> messageList = userMessageService.list(1, 4, user.getId(), null, 0);
        dto.setMessageNumber((int)messageList.getTotal());
        messageExtendService.refreshMessage(messageList);
        dto.setMessages(messageList);
        // 未完成作业
        List<UserOrderRecord> recordList = userOrderRecordService.listWithCourse(1, 1000, null, null, true, false, null, null);
        Collection recordIds = Transform.getIds(recordList, UserOrderRecord.class, "id");
        List<UserPreviewPaperRelation> relationList = previewService.listByRecordId(user.getId(), recordIds, 2);
        dto.setPreviewNumber(relationList.size());
        return dto;
    }
}