修复下单流程中的漏洞

da8c0894 · 伍思炜 · 2688fde6 · da8c0894 · da8c0894 · da8c0894
Commit da8c0894 authored May 30, 2022 by 伍思炜
3 changed files
--- a/apply-net/src/main/java/com/winsun/controller/SingleBroadToIntegrateController.java
+++ b/apply-net/src/main/java/com/winsun/controller/SingleBroadToIntegrateController.java
@@ -118,6 +118,15 @@ public class SingleBroadToIntegrateController {
            orderWrapper.eq("order_status", "已完成");
            orderWrapper.eq("business_number", phone);
            List<Order> orders = orderMapper.selectList(orderWrapper);
+            if (redisTemplate.hasKey(phone + ":num")) {
+                redisTemplate.opsForValue().increment(phone + ":num", 1L);
+            } else {
+                redisTemplate.opsForValue().set(phone + ":num", 1L, 10, TimeUnit.MINUTES);
+            }
+            int phoneCodeNum = (int) redisTemplate.opsForValue().get(phone + ":num");
+            if (phoneCodeNum > 5) {
+                return ResponseData.error("验证码获取次数过多，请稍后再试。");
+            }
            if ((kdPhones != null && kdPhones.size() > 0) || (orders != null && orders.size() > 0)) {
                String random = String.valueOf((int) ((RandomUtil.getSecrityRandom() * 9 + 1) * 100000));
                redisTemplate.opsForValue().set(SingleBroadToIntegrateController.TOINTEGRATE + phone, random, 30, TimeUnit.MINUTES);
@@ -150,8 +159,9 @@ public class SingleBroadToIntegrateController {
            return ResponseData.error("验证码错误");
        }
        redisTemplate.delete(SingleBroadToIntegrateController.TOINTEGRATE + phone);
+        Map<String, Object> map = new HashMap<>();
-        return ResponseData.success("校验成功");
+        map.put("path", "kdyFirstPage");
+        return ResponseData.success(map);
    }
    /**

--- a/apply-net/src/main/java/com/winsun/controller/codeManagerController.java
+++ b/apply-net/src/main/java/com/winsun/controller/codeManagerController.java
@@ -176,33 +176,32 @@ public class codeManagerController extends BaseController {
    @RequestMapping(value = "checkCodes", method = RequestMethod.GET)
    @ResponseBody
-    public ResponseData<Map<String, Object>> checkCodes(HttpServletRequest request, HttpServletResponse httpServletResponse/*String phone, String codes*/) throws IOException {
+    public ResponseData<Map<String, Object>> checkCodes(String phone, String codes) throws IOException {
-        if (!StringUtils.isNotEmpty(request.getParameter("phone"))) {
+        if (!StringUtils.isNotEmpty(phone)) {
            return ResponseData.error("手机号不正确！");
        }
-        if (!StringUtils.isNotEmpty(request.getParameter("codes"))) {
+        if (!StringUtils.isNotEmpty(codes)) {
            return ResponseData.error("验证码不能为空！");
        }
        String ver = null;
-//        try {
+        try {
-//            ver = redisTemplate.opsForValue().get(request.getParameter("phone")).toString();
+            ver = redisTemplate.opsForValue().get(phone).toString();
-//        } catch (NullPointerException n) {
+        } catch (NullPointerException n) {
-//            return ResponseData.error("验证码已失效，请发送验证码！");
+            return ResponseData.error("验证码已失效，请发送验证码！");
-//        }
+        }
-        if (/*ver.equals(request.getParameter("codes"))*/true) {
+        if (ver.equals(codes)) {
            Map<String, Object> map = new HashMap<>();
            Wrapper<KdPhone> kdPhoneWrapper = new EntityWrapper<>();
            kdPhoneWrapper.setSqlSelect("id,phone,tcName");
-            kdPhoneWrapper.eq("phone", request.getParameter("phone"));
+            kdPhoneWrapper.eq("phone", codes);
            List<KdPhone> list = kdPhoneMapper.selectList(kdPhoneWrapper);
-//            if (list.size() > 0) {
+            if (list.size() > 0) {
-//                KdPhone kdPhone = list.get(0);
+                KdPhone kdPhone = list.get(0);
-//                map.put("tcName", kdPhone.getTcName());
+                map.put("tcName", kdPhone.getTcName());
-//            }
+            }
-            String type = request.getParameter("type");
+            map.put("path", "rongHe");
-            String id = request.getParameter("id");
+            redisTemplate.delete(phone);
-            httpServletResponse.sendRedirect("https://dx.dianyuanjiangli.com/mobile/#/hhr/" + type + "?id=" + id + "&phone=" + request.getParameter("phone"));
+            return ResponseData.success(map);
-            return ResponseData.success();
        }
        return ResponseData.error("验证码错误");
    }

--- a/core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java
+++ b/core-service/src/main/java/com/winsun/item/modular/system/controller/LoginPwdController.java
@@ -27,9 +27,11 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
+import org.springframework.web.client.RestTemplate;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
@@ -39,7 +41,6 @@ import java.util.*;
 import java.util.concurrent.TimeUnit;
 /**
- *
 * @Date: 2020/3/27 16:14
 */
 @Slf4j
@@ -53,6 +54,9 @@ public class LoginPwdController extends BaseController {
    private static StringRedisTemplate stringRedisTemplate;
+    @Autowired
+    private RedisTemplate redisTemplate;
    private static HhrUserMapper hhrUserMapper;
    private static SchoolMapper schoolMapper;
@@ -74,6 +78,10 @@ public class LoginPwdController extends BaseController {
    private String APPSECRET = "";
    //登录验证码标识
    private static String GETPHONECODE = "getPhoneCode";
+    // 验证码尝试被使用的次数标识
+    private static String USEPHONECODE = "usePhoneCode";
+    // 账号冻结标识
+    private static String FREEZE = "freeze";
    @Autowired
@@ -112,7 +120,7 @@ public class LoginPwdController extends BaseController {
        }
        /*jsonObject = HttpHelper.doGet(url);*/
        Map<String, Object> hashMap = new HashMap<>();
-        log.info("defaultLogin:"+jsonObject);
+        log.info("defaultLogin:" + jsonObject);
        hashMap.put("info", JSONObject.parseObject(jsonObject));
        /*  Map<String,Object> map = JSON.toJavaObject(jsonObject,Map.class);*/
        Map<String, Object> map = JSON.parseObject(jsonObject, Map.class);
@@ -126,11 +134,11 @@ public class LoginPwdController extends BaseController {
        }
        SysUser sysUser = new SysUser();
-        for(HhrUser hhrUser : hhrUsers) {
+        for (HhrUser hhrUser : hhrUsers) {
            sysUser = sysUserMapper.selectById(hhrUser.getId());
-            if(sysUser.getStatus().equals("1")) {
+            if (sysUser.getStatus().equals("1")) {
                break;
-            }else {
+            } else {
                sysUser = new SysUser();
            }
        }
@@ -237,7 +245,8 @@ public class LoginPwdController extends BaseController {
            return ResponseData.error("验证码错误！");
        }
        Wrapper<SysUser> wrapperU = new EntityWrapper<>();
-        wrapperU.eq("account", username).eq("status", "1");;
+        wrapperU.eq("account", username).eq("status", "1");
+        ;
        List<SysUser> users = sysUserMapper.selectList(wrapperU);
        if (users.size() == 0) {
            return ResponseData.error("当前账号不存在！");
@@ -275,7 +284,21 @@ public class LoginPwdController extends BaseController {
        if (StringUtils.isBlank(username) || StringUtils.isBlank(verificationCode)) {
            return ResponseData.error("绑定失败，授权失效或账号验证码为空！");
        }
+        if (redisTemplate.hasKey(username + FREEZE)) {
+            return ResponseData.error("账号已冻结！请联系管理员");
+        }
        String str = stringRedisTemplate.opsForValue().get(username + GETPHONECODE);
+        if (redisTemplate.hasKey(username + USEPHONECODE)) {
+            int i = (int) redisTemplate.opsForValue().get(username + USEPHONECODE);
+            if (i > 5) {
+                redisTemplate.opsForValue().set(username + FREEZE, 0, 5, TimeUnit.MINUTES);
+                return ResponseData.error("账号已冻结！");
+            }
+            redisTemplate.opsForValue().increment(username + USEPHONECODE, 1L);
+        } else {
+            redisTemplate.opsForValue().set(username + USEPHONECODE, 0, 5, TimeUnit.MINUTES);
+        }
        if (StringUtils.isBlank(str)) {
            return ResponseData.error("验证码已失效！");
        }
@@ -284,7 +307,7 @@ public class LoginPwdController extends BaseController {
        }
        Wrapper<SysUser> wrapperU = new EntityWrapper<>();
        wrapperU.eq("account", username);
-        wrapperU.eq("status",1);
+        wrapperU.eq("status", 1);
        List<SysUser> users = sysUserMapper.selectList(wrapperU);
        if (users.size() == 0) {
            return ResponseData.error("当前账号有误！");
@@ -727,10 +750,10 @@ public class LoginPwdController extends BaseController {
        Wrapper<HhrUser> hhrWrapper = new EntityWrapper<HhrUser>();
        hhrWrapper.eq("id_card", idCard);
        List<HhrUser> hhrList = hhrUserMapper.selectList(hhrWrapper);
-        if(hhrList.size() > 0) {
+        if (hhrList.size() > 0) {
-            for(HhrUser hhrUser : hhrList) {
+            for (HhrUser hhrUser : hhrList) {
                SysUser sysUser = sysUserMapper.selectById(hhrUser.getId());
-                if(!sysUser.getStatus().equals("3")) {
+                if (!sysUser.getStatus().equals("3")) {
                    // 判断剔除已删除的用户
                    return ResponseData.error("身份证已存在");
                }