“20200109 校验验证码的原子操作

b17bb585 · rushui.chen · f7935d22 · b17bb585 · b17bb585 · b17bb585
--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/AccountController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/AccountController.java
@@ -9,6 +9,7 @@ import com.pica.cloud.account.account.server.req.AccountReq;
 import com.pica.cloud.account.account.server.req.BaseRequest;
 import com.pica.cloud.account.account.server.service.AccountService;
 import com.pica.cloud.account.account.server.service.CaptchaService;
+import com.pica.cloud.account.account.server.util.AccountUtils;
 import com.pica.cloud.account.account.server.util.CryptoUtil;
 import com.pica.cloud.foundation.encryption.common.constants.EncryptConstants;
 import com.pica.cloud.foundation.encryption.util.EncryptUtils;
@@ -53,8 +54,9 @@ public class AccountController extends AccountBaseController {
    @Autowired
    private CaptchaService captchaService;
    @Autowired
-
    private ICacheClient redisClient;
+    @Autowired
+    private AccountUtils accountUtils;

    @GetMapping("/test")
    public String test() {
@@ -159,7 +161,7 @@ public class AccountController extends AccountBaseController {
 //    @PostMapping("/register")
    public PicaResponse<LoginResult> register(@RequestBody AccountReq req) {
        this.checkMobilePhone(req.getMobilePhone());
-        this.checkAuthCode(req);
+        accountUtils.checkRegisterMobilePhoneAndAuthCode(req.getMobilePhone(),req.getFlag(),req.getAuthCode());
        String deviceType = super.getDeviceInfo("device_type");  //1:pc 2:android 3:ios
        Account account = new Account();
        account.setMobilePhone(EncryptUtils.encryptContent(req.getMobilePhone(), EncryptConstants.ENCRYPT_TYPE_MOBILE));

--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/AutoCodeController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/AutoCodeController.java
@@ -15,6 +15,7 @@ import com.pica.cloud.account.account.server.service.CaptchaService;
 import com.pica.cloud.account.account.server.util.AESUtil;
 import com.pica.cloud.account.account.server.util.AccountUtils;
 import com.pica.cloud.account.account.server.util.CryptoUtil;
+import com.pica.cloud.account.account.server.util.RegisterCodeKeyUtils;
 import com.pica.cloud.foundation.entity.PicaException;
 import com.pica.cloud.foundation.entity.PicaResponse;
 import com.pica.cloud.foundation.entity.PicaResultCode;
@@ -150,9 +151,13 @@ public class AutoCodeController extends AccountBaseController {
        String message = "您的验证码是" + authCode + ",在10分钟内有效。如非本人操作，请忽略本短信！";
        Integer accountIdByMobilePhone = accountService.getAccountIdByMobilePhone(mobilePhone);
        long senderId = accountIdByMobilePhone == null ? 0L : accountIdByMobilePhone;
-        cacheClient.set(this.getAuthCodeKey(mobilePhone, flag.toString()), authCode, 600);
-        logger.info("验证码缓存信息----->："+this.getAuthCodeKey(mobilePhone, flag.toString()));
-        cacheClient.set(authCodeKeySecure, System.currentTimeMillis(), 60);
+        if(flag==1){
+            cacheClient.set(RegisterCodeKeyUtils.getRegisterKey(mobilePhone, flag.toString(),authCode), mobilePhone, 600);
+        }else{
+            cacheClient.set(this.getAuthCodeKey(mobilePhone, flag.toString()), authCode, 600);
+            logger.info("验证码缓存信息----->："+this.getAuthCodeKey(mobilePhone, flag.toString()));
+            cacheClient.set(authCodeKeySecure, System.currentTimeMillis(), 60);
+        }
        super.sendMobileMessage(mobilePhone, message, senderId);
    }


--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/LoginController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/LoginController.java
@@ -84,7 +84,6 @@ public class LoginController extends AccountBaseController {
    @PostMapping(value = "/login-register")
    public PicaResponse<LoginResult> loginAndRegister(@RequestBody EncryptEntity entity) throws Exception {
        BaseRequest request = CryptoUtil.decrypt(entity, BaseRequest.class);
-        accountUtils.checkMobilePhoneAndAuthCode(request.getMobile(), AccountTypeEnum.SYSCODE_TYPE_LOGIN.getCode() + "", request.getAuthCode());
        request.setProductType(super.getProductType());
        Integer sourceType = super.getSourceType();
        request.setSourceType(sourceType);

--- a/server/src/main/java/com/pica/cloud/account/account/server/controller/RegisterController.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/controller/RegisterController.java
@@ -41,7 +41,8 @@ public class RegisterController extends AccountBaseController {
        //接口幂等性处理(redis中没有就进行注册逻辑，如果已经存在，就不处理)
        String authCode = request.getAuthCode();
        String flag = AccountTypeEnum.SYSCODE_TYPE_REGISTER.getCode() + "";
-        accountUtils.checkMobilePhoneAndAuthCode(mobile, flag, authCode);
+        //验证码验证的原子操作
+        accountUtils.checkRegisterMobilePhoneAndAuthCode(mobile, flag, authCode);
        accountUtils.checkPassword(request.getPassword());
        LoginResult result = null;
        request.setFlag(AccountTypeEnum.SYSCODE_TYPE_REGISTER.getCode());

--- a/server/src/main/java/com/pica/cloud/account/account/server/service/impl/LoginServiceImpl.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/service/impl/LoginServiceImpl.java
@@ -151,8 +151,11 @@ public class LoginServiceImpl implements LoginService {
        String mobile = baseRequest.getMobile();
        AccountInfoEntity accountInfoEntity = accountInfoDetailMapper.selectByMobile(AESUtil.encryptV0(mobile));
        if (accountInfoEntity == null) {
+            //一键注册和登录验证码的逻辑不同
+            accountUtils.checkRegisterMobilePhoneAndAuthCode(baseRequest.getMobile(),baseRequest.getFlag()+"",baseRequest.getAuthCode());
            return registerService.register(baseRequest);
        } else {
+            accountUtils.checkMobilePhoneAndAuthCode(baseRequest.getMobile(), AccountTypeEnum.SYSCODE_TYPE_LOGIN.getCode() + "", baseRequest.getAuthCode());
            return processLogin(baseRequest, accountInfoEntity.getId(), AccountTypeEnum.LOGIN_CODE.getCode());
        }
    }

--- a/server/src/main/java/com/pica/cloud/account/account/server/util/AccountUtils.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/util/AccountUtils.java
@@ -89,7 +89,7 @@ public class AccountUtils {
        //验证码3次校验测试不通过，直接删除
        String authCodeCount = AUTH_CODE_COUNT_PREFIX + flag + "-" + AESUtil.encryptV0(mobile);

-        logger.info("验证码缓存信息----->："+this.getAuthCodeKey(mobile, flag));
+        logger.info("验证码缓存信息----->：" + this.getAuthCodeKey(mobile, flag));

        if (cacheClient.exists(authCodeCount) && Integer.parseInt(cacheClient.get(authCodeCount)) > 2) {
            cacheClient.del(authCodeKey);
@@ -108,6 +108,25 @@ public class AccountUtils {
        cacheClient.del(authCodeKey);
    }

+
+    public void checkRegisterMobilePhoneAndAuthCode(String mobile, String type, String sysCode) {
+        if (StringUtils.isBlank(mobile) || !ValidateUtils.isMobile(mobile)) {
+            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "请输入正确的手机号");
+        }
+        String flag = org.apache.commons.lang.StringUtils.isBlank(type) ? "0" : type;
+        if (org.apache.commons.lang.StringUtils.isBlank(sysCode)) {
+            throw new PicaException(PicaResultCode.PARAM_IS_INVALID.code(), "短信验证码错误");
+        }
+        String authCodeKey = RegisterCodeKeyUtils.getRegisterKey(mobile, flag, sysCode);
+        //从redis中删除短信验证码，如果能够删除成功，说明验证码正确
+        Long num = cacheClient.del(authCodeKey);
+        logger.info("key"+authCodeKey);
+        logger.info("success"+num);
+        if (num != 1) {
+            throw new PicaException(PicaResultCode.RESULE_DATA_NONE.code(), "短信验证码错误");
+        }
+    }
+
    /**
     * 请求参数解密、反序列化
     *

--- a/server/src/main/java/com/pica/cloud/account/account/server/util/RegisterCodeKeyUtils.java
+++ b/server/src/main/java/com/pica/cloud/account/account/server/util/RegisterCodeKeyUtils.java
+package com.pica.cloud.account.account.server.util;
+
+/**
+ * Created on 2020/1/9 16:18
+ * author:crs
+ * Description:注册验证码的key规则
+ */
+public class RegisterCodeKeyUtils {
+
+    private static final String AUTH_CODE_PREFIX = "authCode-";
+
+    /**
+     * 获取注册验证码的key
+     *
+     * @param mobilePhone
+     * @param flag
+     * @param authCode
+     * @return
+     */
+    public static String getRegisterKey(String mobilePhone, String flag, String authCode) {
+        return AUTH_CODE_PREFIX + flag + "-" + AESUtil.encryptV0(mobilePhone) + authCode;
+    }
+
+
+
+
+
+}