guomao/adm/src/main/java/com/minpay/common/action/SystemAction.java

package com.minpay.common.action;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;

import com.min.sha1.SHA1;
import com.min.util.CommonUtil;
import com.min.util.DateUtil;
import com.minpay.common.bean.AuthRule;
import com.minpay.common.bean.User;
import com.minpay.common.constant.Constant;
import com.minpay.common.exception.BusinessCodeException;
import com.minpay.common.service.ICommonService;
import com.minpay.common.service.IPublicService;
import com.minpay.common.service.impl.PublicServiceImpl;
import com.minpay.db.table.mapper.ImEntryCtrlMapper;
import com.minpay.db.table.mapper.ImLogMapper;
import com.minpay.db.table.mapper.ImRoleMapper;
import com.minpay.db.table.mapper.ImUserMapper;
import com.minpay.db.table.mapper.PubSendDetailMapper;
import com.minpay.db.table.model.ImEntryCtrl;
import com.minpay.db.table.model.ImEntryCtrlExample;
import com.minpay.db.table.model.ImLog;
import com.minpay.db.table.model.ImRole;
import com.minpay.db.table.model.ImUser;
import com.minpay.db.table.model.ImUserExample;
import com.minpay.db.table.model.PubSendDetail;
import com.minpay.db.table.model.PubSendDetailExample;
import com.minpay.db.table.own.mapper.AuthMapper;
import com.minpay.db.table.own.mapper.ImPckgLogonMapper.ImPckgLogonUserLogonOut;
import com.minpay.db.table.own.mapper.SequenceMapper;
import com.minpay.db.table.procedure.ImPackLogon;
import com.rrtx.jedis.RedisUtil;
import com.startup.minpay.frame.business.IMINAction;
import com.startup.minpay.frame.business.MINHttpServletRequestContext;
import com.startup.minpay.frame.business.res.MINActionResult;
import com.startup.minpay.frame.constant.IMINBusinessConstant;
import com.startup.minpay.frame.constant.IMINTransactionEnum;
import com.startup.minpay.frame.exception.MINBusinessException;
import com.startup.minpay.frame.service.MINServiceLocator;
import com.startup.minpay.frame.service.base.IMINDataBaseService;
import com.startup.minpay.frame.service.base.IMINSessionService;
import com.startup.minpay.frame.service.base.Service;
import com.startup.minpay.frame.session.MINSession;
import com.startup.minpay.frame.target.MINAction;
import com.startup.minpay.frame.target.MINComponent;
import com.startup.minpay.frame.target.MINParam;
import com.startup.minpay.util.DateTime;
import com.startup.minpay.util.Env;
import com.startup.minpay.util.Log;
import com.startup.minpay.util.RandomUtil;


/**
 * 登录处理类
 * 
 * @author lixj
 */
@MINComponent
public class SystemAction implements IMINAction {
	
	private IMINDataBaseService	db;
	 
	private static String LAST_MOBILE_TIME = "LAST_MOBILE_TIME";
	private static String MOBILE_RANDOM = "MOBILE_RANDOM";
	private static String MOBILE_NO = "MOBILE_NO";
	
	@MINAction(value = "test", session = false)
	public MINActionResult login(
			HttpServletRequest request,
			HttpServletResponse response) {
		MINActionResult res = new MINActionResult();
		res.set("key", "vale11111");
		return res;
	}
	
	@MINAction(value = "isCheckSMS", session = false, transaction = IMINTransactionEnum.CMT)
	public MINActionResult isCheckSMS(
			MINHttpServletRequestContext request
			) throws MINBusinessException {
		MINActionResult res = new MINActionResult();
		// 判断是否验证短信验证码
		String regVal = Service.lookup(IPublicService.class).getSysParValue("CHECK_LOGIN_MOBILE");	
		res.set("isCheckSms", regVal);
		return res;
	}
	
	/**
	 * 发送手机短信
	 * @param userName
	 * @return
	 * @throws MINBusinessException
	 */
	@MINAction(value = "sendSMSMessage", session = false, transaction = IMINTransactionEnum.CMT)
	public MINActionResult sendSMSMessage(
			@MINParam(key = "userName") String userName,
			MINHttpServletRequestContext request
			) throws MINBusinessException {
		MINActionResult res = new MINActionResult();
		db = Service.lookup(IMINDataBaseService.class);
		// 判断是否验证短信验证码
		String regVal = Service.lookup(IPublicService.class).getSysParValue("CHECK_LOGIN_MOBILE");	
		// 不检查短信验证码
		if("false".equals(regVal))  {
			return res;
		}
		
		// 验证是否已经发送验证码
		HttpSession httpSession = request.getSession();
		String lastMobileTime = (String)httpSession.getAttribute(LAST_MOBILE_TIME);
		// 如果已经发送过短信验证码，并且在60S以内，稍后再发送
		if(StringUtils.isNotBlank(lastMobileTime) 
				&& DateUtil.getDifferentTimeByMinute(-1).compareTo(lastMobileTime) < 0) {
			throw new MINBusinessException("JA000035", "请勿频繁发送验证码！");
		}

		
		// 查询用户
		ImUserExample userExample = new ImUserExample();
		userExample.createCriteria().andLogonnameEqualTo(userName).andSttNotEqualTo("5");
		userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttNotEqualTo("5"));
		List<ImUser> delList = db.selectByExample(ImUserMapper.class, userExample);
		if(delList.size() == 0) {
			throw new MINBusinessException("请检查用户名输入的是否正确！");//用户名不存在
		}
		// 获取手机号
		String mobileNo = delList.get(0).getPhone();
		
		// 是否一分钟内已经有短信验证码
		PubSendDetailExample deExp = new PubSendDetailExample();
		deExp.createCriteria().andUseridEqualTo(mobileNo).andLasttimeGreaterThan(DateUtil.getDifferentTimeByMinute(-1));
		List<PubSendDetail> deList = Service.lookup(IMINDataBaseService.class).getMybatisMapper(PubSendDetailMapper.class).selectByExample(deExp);
		if(deList.size() > 0) {
			throw new MINBusinessException("发送验证码过于频繁，请稍后重试！");
		}
		
		// 获取随机数
		String random = PublicServiceImpl.generateNumber(6);
		// 获取验证码时间
		httpSession.setAttribute(LAST_MOBILE_TIME, DateUtil.getCurrentDateTimeString());
		// 验证码
		httpSession.setAttribute(MOBILE_RANDOM, random);
		// 手机号
		httpSession.setAttribute(MOBILE_NO, mobileNo);
		
		// 验证码：@，如非本人操作，请忽略本短信【国贸铝业】
		String msgVal = Service.lookup(IPublicService.class).getSysParValue("COMM_MOBILE_MODE");	
		
		res.set("mobileLastNum", mobileNo.substring(6));
		String msg = msgVal.replaceAll("@", random);
		// TODO
		// SmsSendUtil.sendSms(mobileNo, msg);
		
		PubSendDetail sendDetail = new PubSendDetail();
		sendDetail.setCode(random);
		sendDetail.setUserid(mobileNo); 
		sendDetail.setLasttime(DateUtil.getCurrentDateTimeString());
		sendDetail.setStatus("0");
		Service.lookup(IMINDataBaseService.class).getMybatisMapper(PubSendDetailMapper.class).insertSelective(sendDetail);
		
		return res;
	}
		
		
	
	@MINAction(value = "login", session = false, transaction = IMINTransactionEnum.CMT)
	public MINActionResult login(
			HttpServletRequest request,
			HttpServletResponse response,
			MINSession session,
			@MINParam(key = "userName") String userName,
			@MINParam(key = "userPwd") String userPwd,
			@MINParam(key = "mbCode") String mbCode
			) throws MINBusinessException {
		
		MINActionResult res = new MINActionResult();
		db = Service.lookup(IMINDataBaseService.class);
		
		// 判断是否验证短信验证码
		String regVal = Service.lookup(IPublicService.class).getSysParValue("CHECK_LOGIN_MOBILE");	
		if("true".equals(regVal)) {
			// 验证是否已经发送验证码
			HttpSession httpSession = request.getSession();
			// 验证码
			String sessionCode = (String)httpSession.getAttribute(MOBILE_RANDOM);
			// 手机号
			String sessionMobileNo = (String)httpSession.getAttribute(MOBILE_NO);
			
			// 非法数据
			if(CommonUtil.isEmpty(sessionCode) 
					|| CommonUtil.isEmpty(sessionMobileNo)) {
				throw new MINBusinessException("JA000035", "验证码异常！");
			}
						
			// 查询用户
			ImUserExample userExample = new ImUserExample();
			userExample.createCriteria().andLogonnameEqualTo(userName).andSttNotEqualTo("5");
			userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttNotEqualTo("5"));
			List<ImUser> delList = db.selectByExample(ImUserMapper.class, userExample);
			if(delList.size() == 0) {
				throw new BusinessCodeException("请检查用户名输入的是否正确！");//用户名不存在
			}
			// 获取手机号
			String mobileNo = delList.get(0).getPhone();
			
			// 非法数据
			if(CommonUtil.isEmpty(sessionCode) 
					|| CommonUtil.isEmpty(sessionMobileNo)
					|| !sessionMobileNo.equals(mobileNo) 
					|| !sessionCode.equals(mbCode)) {
				throw new MINBusinessException("JA000035", "验证码不正确！");
			}
			httpSession.setAttribute(MOBILE_RANDOM, "");
		}
				
		
		userName=userName.trim();
		//查看是否注销
		ImUserExample userExample = new ImUserExample();
		userExample.createCriteria().andLogonnameEqualTo(userName).andSttEqualTo("5");
		userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttEqualTo("5"));
		List delList = db.selectByExample(ImUserMapper.class, userExample);
		if (delList.size() ==1) {
			throw new BusinessCodeException("JINM0016");//用户已注销
		}
		// 查询操作员
		userExample = new ImUserExample();
		userExample.createCriteria().andLogonnameEqualTo(userName).andSttNotEqualTo("5").andProjectCodeEqualTo(Constant.PROJECT_CODE);
		userExample.or(userExample.createCriteria().andPhoneEqualTo(userName).andSttNotEqualTo("5").andProjectCodeEqualTo(Constant.PROJECT_CODE));
		List userList = db.selectByExample(ImUserMapper.class, userExample);
		if (userList.size() <= 0) {
			throw new BusinessCodeException("JINM0019");//用户名不存在
		}
		ImUser user = (ImUser) userList.get(0);
		String userId = user.getId();
		String companyId = user.getCompanyId();
		//add itemid
		
		// 柜员密码加密
		String encryedPwd = SHA1.enCoded(userId + userPwd);
		InetAddress inet = null;
		String serverIp = "";
		String serverPort = "";
		try {
			inet = InetAddress.getLocalHost();
			serverIp = inet.getHostAddress();
		} catch (UnknownHostException e) {
			serverIp = "127.0.0.1";
		}
		// 校验登录密码，获取用户信息
		ImPackLogon logon = new ImPackLogon();
		ImPckgLogonUserLogonOut logonOut = logon.userLogon(userId, encryedPwd);
		String retCode = logonOut.getOutRetcode();
		Log.info("checkLog  retCode:"+retCode);
		if (!"0".equals(retCode)) {
			String dateTime = (new DateTime()).toDateTimeString();
			String errorCode = "11111111";//密码输错，登陆失败标志
			String logNo = db.getMybatisMapper(SequenceMapper.class).getSequence("IM_LOG_NO");
			ImLog imLog = new ImLog();
			imLog.setLogno(logNo);
			imLog.setUserid(userId);
			imLog.setBsncode("00000000");
			imLog.setDatetime(dateTime);
			imLog.setResult(errorCode);
			imLog.setInfo("操作员姓名："+user.getName()+ " , 登录名："+user.getLogonname());
			imLog.setIp(Service.lookup(ICommonService.class).getIPAddress(request));
			db.insert(ImLogMapper.class, imLog);
			throw new BusinessCodeException(retCode);
		}
		
		//判断此用户上次修改密码的时间是否为空，为空说明此用户第一次登录，否则不是
		if(user.getLastmodpwdcgdate()!=null&&!"".equals(user.getLastmodpwdcgdate())){
			//确认登录成功后查看此用户上次修改密码的时间是否大于一个月
			if(DateUtil.getCurrentDate().getTime()-DateUtil.parseDate(user.getLastmodpwdcgdate(), "yyyyMMddhhmmss").getTime()>((long)3*30*24*60*60*1000)){
				//大于一个月的情况下设置用户需要强行修改密码
				user.setInitpwd("0");
				db.updateByPrimaryKeySelective(ImUserMapper.class, user);
			}
		}else{
			//上次修改密码时间为空的情况下强求要求用户修改密码
			user.setInitpwd("0");
			db.updateByPrimaryKeySelective(ImUserMapper.class, user);
		}
		
		String isSingleSignOn = Env.get(IMINBusinessConstant.F_SINGLESIGNON);
		if( isSingleSignOn.equals("true") ) {	//是否控制单点登录， 在config文件中配置
			//如果已经登录，则踢下线
			ImEntryCtrlExample example = new ImEntryCtrlExample();
			example.createCriteria().andUseridEqualTo(userId);
			List<ImEntryCtrl> records = Service.lookup(IMINDataBaseService.class).selectByExample(ImEntryCtrlMapper.class, example);
			if( records.size()>0 ) {
				Service.lookup(IMINDataBaseService.class).deleteByExample(ImEntryCtrlMapper.class,example );
				for(ImEntryCtrl record : records) {
					MINServiceLocator.getInstance().lookup(IMINSessionService.class).unRegisterSession(null, new MINSession(null, record.getSessionid()));
				}
			}
		}
		
		//session信息记录数据库
		String dateTime = new DateTime().toDateTimeString();
		String sessionId = request.getSession().getId();
		String serverAddress = serverIp+serverPort;
		
		//判断当前用户是否登录状态，登录则更新
		ImEntryCtrlExample example = new ImEntryCtrlExample();
		example.createCriteria().andUseridEqualTo(userId).andSessionidEqualTo(sessionId);
		List<ImEntryCtrl> records = Service.lookup(IMINDataBaseService.class).selectByExample(ImEntryCtrlMapper.class, example);
		if(records.size() == 0){//当前用户会话不存在，需要增加一条记录
			ImEntryCtrl imEntryCtrl = new ImEntryCtrl();
			imEntryCtrl.setUserid(userId);
			imEntryCtrl.setLogontime(dateTime);
			imEntryCtrl.setSessionid(sessionId);
			imEntryCtrl.setServer(serverAddress);
			Service.lookup(IMINDataBaseService.class).insert(ImEntryCtrlMapper.class, imEntryCtrl);
		}else{//更新当前数据
			ImEntryCtrl imEntryCtrl = records.get(0);
			imEntryCtrl.setSessionid(sessionId);
			imEntryCtrl.setUserid(userId);
			imEntryCtrl.setLogontime(dateTime);
			imEntryCtrl.setServer(serverAddress);
			Service.lookup(IMINDataBaseService.class).updateByPrimaryKeySelective(ImEntryCtrlMapper.class, imEntryCtrl);
		}
		
		String roleId = logonOut.getOutUserroleid();
		String name = logonOut.getOutName();
		String lastDate = logonOut.getOutLastlogon();
		String branchId = logonOut.getOutBranchid();
		String initPwd = logonOut.getOutInitpwd();
		String initAuthPwd = logonOut.getOutInitauthpwd();
		// 查询角色名称
		ImRole role = db.selectByPrimaryKey(ImRoleMapper.class, roleId);
		String roleName = role.getName();
		
		// 创建session
		String ip = Service.lookup(ICommonService.class).getIPAddress(request);
		User sessionUser = new User(db.selectByPrimaryKey(ImUserMapper.class, userId));
		sessionUser.setAuthpwd(userPwd);
		res.setSessionId(MINServiceLocator.getInstance().lookup(IMINSessionService.class).registerSession(request, sessionUser));
		sessionUser.setLastLoginTime(lastDate);
		sessionUser.setName(name);
		sessionUser.setRoleId(roleId);
		sessionUser.setRoleName(roleName);
		sessionUser.setBranchId(branchId);
		sessionUser.setBranchid(branchId);
		sessionUser.setIP(ip);
		sessionUser.setCompanyId(companyId);
		sessionUser.setInitPwd(initPwd);
		sessionUser.setInitAuthPwd(initAuthPwd);
		// 主页
		sessionUser.setIndexPage(logonOut.getIndexPage());
		
		sessionUser.getAuth().clear();
		List<Map<String, String>> ls = Service.lookup(IMINDataBaseService.class).getMybatisMapper(AuthMapper.class).roleAuth(roleId);
		for (Map<String, String> m : ls) {
			AuthRule rule = new AuthRule();
			rule.setUrl(m.get("url"));
			rule.setAuthType(m.get("authtype"));
			rule.setAuthShape(m.get("authshape"));
			rule.setItemId(m.get("itemid"));
			if (m.get("authrole") != null)
				rule.setAuthRole(Arrays.asList(m.get("authrole").split(",")));
			sessionUser.setAuth(m.get("url"), rule);
		}
		
//		// 如果是站长，需要获取站长的商户号
//		ZhMerchantExample mercherExp = new ZhMerchantExample();
//		mercherExp.createCriteria().andPhoneEqualTo(sessionUser.getMobile()).andStatusEqualTo("0");
//		
//		List<ZhMerchant> merList = Service.lookup(IMINDataBaseService.class)
//				.getMybatisMapper(ZhMerchantMapper.class).selectByExample(mercherExp);
//		// 如果存在站长
//		if(merList.size() > 0) {
//			sessionUser.setTuanzhangId(merList.get(0).getId());
//		}
		
		String logInfo = "登录系统:".concat(name);
		
		String logNo = db.getMybatisMapper(SequenceMapper.class).getSequence("IM_LOG_NO");
		ImLog imLog = new ImLog();
		imLog.setLogno(logNo);
		imLog.setUserid(userId);
		imLog.setBsncode("00000001");
		imLog.setDatetime(dateTime);
		imLog.setResult("00000000");
		imLog.setInfo(logInfo);
		imLog.setIp(ip);
		db.insert(ImLogMapper.class, imLog);
		
		//传递登录操作员IDs
		res.set("loginUserId", sessionUser.getId());
		res.set("logincompanyId", sessionUser.getCompanyId());
		res.set("branchId", sessionUser.getBranchId());
		res.set("roleId", sessionUser.getRoleId());
		// redis集成
		String token = RandomUtil.generateString(50);
		RedisUtil.setString(token, com.alibaba.fastjson.JSONArray.toJSON(sessionUser).toString(), 3600);
		sessionUser.setToken(token);
		
		res.set("token", sessionUser.getToken());
		return res;
	}
	
	/**
	 * 退出登录
	 * @param request
	 * @param response
	 * @param session
	 * @return
	 */
	@MINAction(value = "loginOut", session = false)
	public MINActionResult loginOut(HttpServletRequest request,
			HttpServletResponse response,
			MINSession session) {
		MINActionResult res = new MINActionResult();
		try {
			//处理正常状态
			if( session != null ){
				MINServiceLocator.getInstance()
				.lookup(IMINSessionService.class)
				.unRegisterSession(request, session);
			}
		} catch (Exception ex){
			
		}
		return res;
	}
	
	
	@MINAction(value = "checkPassword", session = false)
	public MINActionResult checkPassword(HttpServletRequest request,
			HttpServletResponse response,
			MINSession session) {
		MINActionResult res = new MINActionResult();
		res.set("MINStatus", 3);
		return res;
	}
}