Banninger/src/rest/openapi/base/restful/WebClientRest.java

package openapi.base.restful;

import baseclass.tools.MessageDigestCust;
import net.sf.json.JSONObject;
import openapi.base.data.Row;
import openapi.base.data.Rows;
import openapi.base.data.db.DBConnect;
import openapi.base.data.db.DataPool;
import openapi.base.data.db.SQLiteJDBC;
import openapi.base.parameter.ErrCode;
import openapi.base.parameter.ErrModel;
import openapi.base.parameter.parameter;
import openapi.restcontroller.wechatapp.system.docManage;
import openapi.tools.kuaidi100;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.glassfish.jersey.media.multipart.FormDataParam;
import p2.application.signature.P2User;
import p2.p2server.P2Server;
import p2.pao.PaoRemote;
import p2.pao.PaoSetRemote;
import p2.util.P2Exception;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import java.io.*;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.math.BigInteger;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*;

@Path("webclientrest")
public class WebClientRest {


    @POST
    public String method(String RequestContent) {
        if (parameter.isdebug) {
            new SQLiteJDBC().InsertLogMsg("请求内容", RequestContent, "info", true);

        }
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"accesstoken", "classname", "method", "content"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        /**
         * 验证请求正文中的content是否为规范的SONObject格式
         */
        JSONObject content = new JSONObject();
        try {
            content = JSONObject.fromObject(requestcontent.getJSONObject("content"));
        } catch (Exception e) {
            return ErrModel.request_ContentJsonFormat().toString();
        }

        /**
         * 验证正文中的token是否有效
         */
        String accesstoken = requestcontent.getString("accesstoken");
        if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) {
            return ErrModel.token_Validate().toString();
        }

        String result;
        String className = requestcontent.getString("classname");
        String methodName = requestcontent.getString("method");

        if (content.isNullObject()) {
            content = new JSONObject();
        }
        content.put("$classname", className);
        content.put("$method", methodName);
        content.put("$accesstoken", accesstoken);

        String key = className + "." + methodName;

        //


        try {
            boolean getdatafromdbanyway = content.containsKey("getdatafromdbanyway")
                    && content.getBoolean("getdatafromdbanyway");
            content.remove("getdatafromdbanyway");
            Object data = null;
            if (!getdatafromdbanyway) {
                data = DataPool.get(content.toString());
            }
            if (data != null) {
                result = data.toString();
                saveCallMethodMsg(key, false, 0L);
            } else {
                Long starttimes = Calendar.getInstance().getTimeInMillis();
                /**
                 * 执行请求方法
                 */
                Class clz = Class.forName("openapi.restcontroller." + className);
                Constructor cla = clz.getDeclaredConstructor(JSONObject.class);
                Object obj = cla.newInstance(content);
                Method method = obj.getClass().getDeclaredMethod(methodName);
                result = (String) method.invoke(obj);

                Long endtimes = Calendar.getInstance().getTimeInMillis();
                saveCallMethodMsg(key, true, endtimes - starttimes);
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("找不到指定的类" + className).toString();
        } catch (InstantiationException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("类" + className + "实例化异常").toString();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("类" + className + "安全权限异常，可能该类为非public类").toString();
        } catch (NoSuchMethodException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("找不到指定的类" + className + "的" + methodName + "方法").toString();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("类" + className + "的" + methodName + "方法参数不合法").toString();
        } catch (InvocationTargetException e) {
            e.printStackTrace();
            Throwable targetException = e.getTargetException();
            result = ErrModel.request_GetClass(targetException.getMessage()).toString();
        } catch (Exception e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("发生未知异常" + e.getMessage()).toString();
        }
        return result;
    }

    /**
     * 记录请求数
     *
     * @param key
     * @param fromdb
     * @param time
     */
    private void saveCallMethodMsg(String key, boolean fromdb, Long time) {
        Long callmethodTimes = parameter.callmethodTimes.containsKey(key) ? parameter.callmethodTimes.get(key) : 0L;

        //更新请求总数
        parameter.callmethodTimes.put(key, callmethodTimes + 1L);

        //最新请求时间
        parameter.lastcallmethodtime.put(key, Calendar.getInstance().getTime());

        //从缓存获取的次数
        Long callmethod_fromcacheTimes = parameter.callmethod_fromcacheTimes.containsKey(key) ? parameter.callmethod_fromcacheTimes.get(key) : 0L;
        if (!fromdb) {
            /**
             * 方法请求从缓存获取次数
             */
            parameter.callmethod_fromcacheTimes.put(key, callmethod_fromcacheTimes + 1L);
        } else {
            /**
             * 方法请求查询最新耗时
             */
            parameter.callmethodLastTimeLong.put(key, time);


            Long totaltimes = callmethodTimes - callmethod_fromcacheTimes;

            /**
             * 方法请求查询平均时间
             */
            Long callmethodTimeLong = parameter.callmethodTimeLong.containsKey(key) ? parameter.callmethodTimeLong.get(key) : 0L;

            parameter.callmethodTimeLong.put(key, (callmethodTimeLong * totaltimes + time) / (totaltimes + 1));
        }


    }

    @Path("getToken")
    @POST
    public String getToken(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"from_account"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        String token = requestcontent.getString("from_account");
        parameter.tokenlist.add(token);
        JSONObject jsonObject = new JSONObject();
        jsonObject.put("token", token);
        return jsonObject.toString();
    }

    @Path("login")
    @POST
    public String login(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"username", "password", "from_account"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        String username = requestcontent.getString("username");
        String password = requestcontent.getString("password");

        // 请求来源
        String from_account = requestcontent.getString("from_account");

        boolean result = true;
        PaoSetRemote userSet = null;
        try {
            userSet = P2Server.getP2Server().getPaoSet("pp_users",
                    P2Server.getP2Server().getSystemUserInfo());
            userSet.setWhere("hrid='" + username + "'");
            userSet.reset();
            if (userSet.isEmpty()) {
                result = false;
            } else {
                byte[] bytes = userSet.getPao(0).getBytes("password");
                result = password
                        .equals(new MessageDigestCust().Digest(P2Server.getP2Server().getP2Cipher().decData(bytes)));
            }
        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            try {
                if (userSet != null) {
                    userSet.clear();
                    userSet.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        String token = "";
        if (result) {
            byte[] secretBytes = null;
            try {
                secretBytes = MessageDigest.getInstance("md5")
                        .digest((username + password + Calendar.getInstance().getTimeInMillis()).getBytes());
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException("没有这个md5算法！");
            }
            token = new BigInteger(1, secretBytes).toString(16);

            parameter.tokenlist.add(token);

        } else {
            return ErrModel.getToken().toString();
        }

        DBConnect connect = new DBConnect();
        // DBConnect connect = new DBConnect("DRP");
//        Rows rows = connect.runSqlQuery(
//                "select t1.fusertype,t2.fagentnum,t1.defsite as siteid,t1.fcansubmitagentorder,t1.fcanmodifyorderprice from pp_users t1 left join tagents_users t2 on t1.hrid=t2.hrid where t1.hrid='"
//                        + username + "' and t1.status='ACTIVE'");
        Rows rows = connect.runSqlQuery(
                "select t1.fusertype,t2.fagentnum,t1.defsite as siteid,t1.fcansubmitagentorder,t1.fcanmodifyorderprice,isnull(t3.fisservice,0)as fisservice,isnull(t3.fisusestatementconfirm,0)as fisusestatementconfirm from pp_users t1 " +
                        "left join tagents_users t2 on t1.hrid=t2.hrid " +
                        "left join tagents t3 on t2.siteid=t3.siteid and t2.fagentnum=t3.fagentnum " +
                        "where t1.hrid='" + username + "' and t1.status='ACTIVE'");
        if (rows.isEmpty()) {
            JSONObject object = new JSONObject();
            object.put("status", "error");
            object.put("errcode", ErrCode.gettokenfail[0]);
            object.put("msg", "账号已失效");
            return object.toString();
        }
        String fusertype = rows.get(0).getString("fusertype");
        String fisservice = rows.get(0).getString("fisservice");
        String fagentnum = rows.get(0).getString("fagentnum");
        String siteid = rows.get(0).getString("siteid");
        String fcansubmitagentorder = rows.get(0).getString("fcansubmitagentorder");
        String fcanmodifyorderprice = rows.get(0).getString("fcanmodifyorderprice");
        String fisusestatementconfirm = rows.get(0).getString("fisusestatementconfirm");

        parameter.siteidList.put(username.toUpperCase(), siteid.toUpperCase());
        parameter.usertypeList.put(username.toUpperCase(), fusertype.toUpperCase());

        Rows rows_moduleid = connect.runSqlQuery(
                "select distinct moduleid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='"
                        + username + "' and systemid='" + from_account + "'");

        JSONObject mobject = new JSONObject();

        for (Row row : rows_moduleid) {
            String moduleid = row.getString("moduleid");
            Rows rows_appid = connect.runSqlQuery(
                    "select appid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='"
                            + username + "' and systemid='" + from_account + "' and moduleid='" + moduleid + "' order by t1.sequence");

            mobject.put(moduleid, rows_appid.toJsonArray("appid"));
        }

        JSONObject object = new JSONObject();
        object.put("status", "ok");
        object.put("token", token);
        JSONObject dataobject = new JSONObject();
        dataobject.put("fusertype", fusertype);
        dataobject.put("fisservice", fisservice);
        dataobject.put("fagentnum", fagentnum);
        dataobject.put("siteid", siteid);
        dataobject.put("fcansubmitagentorder", fcansubmitagentorder);
        dataobject.put("fcanmodifyorderprice", fcanmodifyorderprice);
        dataobject.put("fisusestatementconfirm", fisusestatementconfirm);
        dataobject.put("hrid", username.toUpperCase());
        dataobject.put("appids", mobject);
        object.put("data", dataobject);
        return object.toString();
    }


    @Path("method")
    @SuppressWarnings({"rawtypes", "unchecked"})
    @POST
    public String method2(String RequestContent) {
        if (parameter.isdebug) {
            new SQLiteJDBC().InsertLogMsg("请求内容", RequestContent, "info", true);
        }
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = { "classname", "method", "content"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        /**
         * 验证请求正文中的content是否为规范的SONObject格式
         */
        JSONObject content = new JSONObject();
        try {
            content = JSONObject.fromObject(requestcontent.getJSONObject("content"));
        } catch (Exception e) {
            return ErrModel.request_ContentJsonFormat().toString();
        }



        String result;
        String className = requestcontent.getString("classname");
        String methodName = requestcontent.getString("method");

        if (content.isNullObject()) {
            content = new JSONObject();
        }
        content.put("$classname", className);
        content.put("$method", methodName);


        String key = className + "." + methodName;

        //


        try {
            boolean getdatafromdbanyway = content.containsKey("getdatafromdbanyway")
                    && content.getBoolean("getdatafromdbanyway");
            content.remove("getdatafromdbanyway");
            Object data = null;
            if (!getdatafromdbanyway) {
                data = DataPool.get(content.toString());
            }
            if (data != null) {
                result = data.toString();
                saveCallMethodMsg(key, false, 0L);
            } else {
                Long starttimes = Calendar.getInstance().getTimeInMillis();
                /**
                 * 执行请求方法
                 */
                Class clz = Class.forName("openapi.restcontroller." + className);
                Constructor cla = clz.getDeclaredConstructor(JSONObject.class);
                Object obj = cla.newInstance(content);
                Method method = obj.getClass().getDeclaredMethod(methodName);
                result = (String) method.invoke(obj);

                Long endtimes = Calendar.getInstance().getTimeInMillis();
                saveCallMethodMsg(key, true, endtimes - starttimes);
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("找不到指定的类" + className).toString();
        } catch (InstantiationException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("类" + className + "实例化异常").toString();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("类" + className + "安全权限异常，可能该类为非public类").toString();
        } catch (NoSuchMethodException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("找不到指定的类" + className + "的" + methodName + "方法").toString();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("类" + className + "的" + methodName + "方法参数不合法").toString();
        } catch (InvocationTargetException e) {
            e.printStackTrace();
            Throwable targetException = e.getTargetException();
            result = ErrModel.request_GetClass(targetException.getMessage()).toString();
        } catch (Exception e) {
            e.printStackTrace();
            result = ErrModel.request_GetClass("发生未知异常" + e.getMessage()).toString();
        }
        return result;
    }


    @Path("logout")
    @POST
    public String logout(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"accesstoken"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        /**
         * 验证正文中的token是否有效
         */
        String accesstoken = requestcontent.getString("accesstoken");
        parameter.tokenlist.remove(accesstoken);

        JSONObject object = new JSONObject();
        object.put("status", "ok");
        return object.toString();
    }

    @Path("login_jump")
    @POST
    public String login_jump(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"from_account", "accesstoken", "username"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        /**
         * 验证正文中的token是否有效
         */
        String accesstoken = requestcontent.getString("accesstoken");
        if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) {
            return ErrModel.token_Validate().toString();
        }

        // 请求来源
        String from_account = requestcontent.getString("from_account");
        String username = requestcontent.getString("username");


        DBConnect connect = new DBConnect();
        Rows rows = connect.runSqlQuery(
                "select t1.fusertype,t2.fagentnum,t1.defsite as siteid from pp_users t1 left join tagents_users t2 on t1.hrid=t2.hrid where t1.hrid='"
                        + username + "' and t1.status='ACTIVE'");
        if (rows.isEmpty()) {
            JSONObject object = new JSONObject();
            object.put("status", "error");
            object.put("errcode", ErrCode.gettokenfail[0]);
            object.put("msg", "账号已失效");
            return object.toString();
        }
        String fusertype = rows.get(0).getString("fusertype");
        String fagentnum = rows.get(0).getString("fagentnum");
        String siteid = rows.get(0).getString("siteid");

        parameter.siteidList.put(username.toUpperCase(), siteid.toUpperCase());
        parameter.usertypeList.put(username.toUpperCase(), fusertype.toUpperCase());

        Rows rows_moduleid = connect.runSqlQuery(
                "select distinct moduleid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='"
                        + username + "' and systemid='" + from_account + "'");

        JSONObject mobject = new JSONObject();

        for (Row row : rows_moduleid) {
            String moduleid = row.getString("moduleid");
            Rows rows_appid = connect.runSqlQuery(
                    "select appid from twebclientappidauth t1 inner join pp_grpuser t2 on t1.groupname=t2.groupname where t2.hrid='"
                            + username + "' and systemid='" + from_account + "' and moduleid='" + moduleid + "' order by t1.sequence");

            mobject.put(moduleid, rows_appid.toJsonArray("appid"));
        }
        String token = "";
        byte[] secretBytes = null;
        try {
            secretBytes = MessageDigest.getInstance("md5")
                    .digest((username + accesstoken + Calendar.getInstance().getTimeInMillis()).getBytes());
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("没有这个md5算法！");
        }
        token = new BigInteger(1, secretBytes).toString(16);
        parameter.tokenlist.add(token);


        JSONObject object = new JSONObject();
        object.put("status", "ok");
        object.put("token", token);
        JSONObject dataobject = new JSONObject();
        dataobject.put("fusertype", fusertype);
        dataobject.put("fagentnum", fagentnum);
        dataobject.put("siteid", siteid);
        dataobject.put("hrid", username.toUpperCase());
        dataobject.put("appids", mobject);
        object.put("data", dataobject);
        return object.toString();
    }
    public static boolean FISUPLOADFOROBS=true;
    @Path("uploaddoc")
    @POST
    @Consumes({"multipart/form-data"})
    @Produces({"application/json"})
    public String upLoadDoc(@FormDataParam("uploadfile") InputStream uploadfileInputStream,
                            @FormDataParam("uploadfile") FormDataContentDisposition uploadfile,
                            @FormDataParam("ownertable") String ownertable, @FormDataParam("ownerid") String ownerid,
                            @FormDataParam("hrid") String hrid, @FormDataParam("description") String description,
                            @FormDataParam("accesstoken") String accesstoken, @FormDataParam("type") String type) {
        /**
         * 验证正文中的token是否有效
         */
        try{
            /**
             * 验证正文中的token是否有效
             */


            if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) {
                return ErrModel.token_Validate().toString();
            }
            docManage docManage = new docManage();
            String result=null;
            Set set=new HashSet();
            set.addAll(Arrays.asList("ordernode","hyordernode","hyworkorder","afterserviceorder"));
            if(set.contains(ownertable.toLowerCase())&&FISUPLOADFOROBS){
                result = docManage.upLoadDocForOBS(uploadfileInputStream, uploadfile, ownertable, ownerid, hrid, description, "",type);
            }else{
                result = docManage.upLoadDoc(uploadfileInputStream, uploadfile, ownertable, ownerid, hrid, description, "");
            }

            return result;
        }catch (Exception e){
            JSONObject returnObject=new JSONObject();
            returnObject.put("msg", "失败");
            returnObject.put("code", 0);
            returnObject.put("errcode", 0);
            returnObject.put("data", e.getMessage());
            return returnObject.toString();
        }
    }

    @Path("uploaddocurl")
    @POST
    @Consumes({"multipart/form-data"})
    @Produces({"application/json"})
    public String upLoadDocUrl(@FormDataParam("url") String urlstr,
                               @FormDataParam("ownertable") String ownertable, @FormDataParam("ownerid") String ownerid,
                               @FormDataParam("hrid") String hrid, @FormDataParam("description") String description,
                               @FormDataParam("accesstoken") String accesstoken) {
        /**
         * 验证正文中的token是否有效
         */
        if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) {
            return ErrModel.token_Validate().toString();
        }
        docManage docManage = new docManage();
        String result = docManage.upLoadDocUrl(urlstr, ownertable, ownerid, hrid, description);
        return result;
    }

    @Path("uploaddocwechat")
    @POST
    @Consumes({"multipart/form-data"})
    @Produces({"application/json"})
    public String upLoadDocUrlWechat(@FormDataParam("uploadfile") InputStream uploadfileInputStream,
                                     @FormDataParam("uploadfile") FormDataContentDisposition uploadfile,
                                     @FormDataParam("ownertable") String ownertable, @FormDataParam("ownerid") String ownerid,
                                     @FormDataParam("hrid") String hrid, @FormDataParam("description") String description,
                                     @FormDataParam("accesstoken") String accesstoken) {
        /**
         * 验证正文中的token是否有效
         */
        if (!parameter.isdebug && !parameter.tokenlist.contains(accesstoken)) {
            return ErrModel.token_Validate().toString();
        }
        docManage docManage = new docManage();
        String result = docManage.upLoadDoc(uploadfileInputStream, uploadfile, ownertable, ownerid, hrid, description, "微信附件上传");
        return result;
    }

    @Path("wlcx")
    @GET
    public String wlcx(@QueryParam("com") String com, @QueryParam("num") String num) {
        String wl = kuaidi100.queryKuaiDi100(com, num);
        return wl;
    }


    @Path("housekeeperlogin")
    @POST
    public String housekeeper_login(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"username", "password", "from_account"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return ErrModel.request_ContainsMustKey(mustkey).toString();
            }
        }
        String username = requestcontent.getString("username");
        String password = requestcontent.getString("password");
//        System.out.println("username:"+username+" password:"+password);
        // 请求来源
        String from_account = requestcontent.getString("from_account");
        //如果from_account为1 ,则是前端web登录
        String usertype=null;
        if(from_account.equals("1")){
            boolean result = true;
            PaoSetRemote userSet = null;
            try {
                userSet = P2Server.getP2Server().getPaoSet("pp_users",
                        P2Server.getP2Server().getSystemUserInfo());
                userSet.setWhere("hrid='" + username + "'");
                userSet.reset();
                if (userSet.isEmpty()) {
                    JSONObject object = new JSONObject();
                    object.put("status", "error");
                    object.put("errcode", ErrCode.gettokenfail[0]);
                    object.put("msg", "该帐号无登录权限！");
                    return object.toString();

                } else {
                    usertype=userSet.getPao(0).getString("FUSERTYPE");
                    byte[] bytes = userSet.getPao(0).getBytes("password");
                    result = password
                            .equals(P2Server.getP2Server().getP2Cipher().decData(bytes));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {
                try {
                    if (userSet != null) {
                        userSet.clear();
                        userSet.close();
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            String token = "";
            if (result) {
                byte[] secretBytes = null;
                try {
                    secretBytes = MessageDigest.getInstance("md5")
                            .digest((username + password + Calendar.getInstance().getTimeInMillis()).getBytes());
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException("没有这个md5算法！");
                }
                token = new BigInteger(1, secretBytes).toString(16);

                parameter.tokenlist.add(token);

            } else {
                return ErrModel.getToken().toString();
            }
            DBConnect connect = new DBConnect();
//            System.out.println("usertype:"+usertype);
            if(usertype.equals("经销商主账号")){//如果类型是经销商主账号
                // DBConnect connect = new DBConnect("DRP");
                Rows rows = connect.runSqlQuery(
                        "select t1.fagentnum,t.defsite as siteid,t.hrid,t1.FAGENTSHORTNAME,t1.fisservice from pp_users t join TAGENTs t1 on t.hrid=t1.fagentnum " +
                                "where t.hrid='"+username+"' and t.status='ACTIVE' and t1.fisservice=1");
                if (rows.isEmpty()) {
                    JSONObject object = new JSONObject();
                    object.put("status", "error");
                    object.put("errcode", ErrCode.gettokenfail[0]);
                    object.put("msg", "该帐号无登录权限！");
                    return object.toString();
                }
                String fagentnum=rows.get(0).getString("fagentnum");
                String siteid=rows.get(0).getString("siteid");
                String fagentshortname=rows.get(0).getString("FAGENTSHORTNAME");
                boolean fisservice=rows.get(0).getBoolean("fisservice");
                Rows staffauthority = connect.runSqlQuery("select authoritymodule,authorityname from staffauthority where siteid='"+siteid+"' order by frownum");
                List list=new ArrayList();
                for (Row row : staffauthority) {
                    list.add(row.getString("authoritymodule")+"_edit");
                }
                JSONObject object = new JSONObject();
                object.put("status", "ok");
                object.put("token", token);
                JSONObject dataobject = new JSONObject();
                dataobject.put("fusertype", usertype);
                dataobject.put("fagentnum", fagentnum);
                dataobject.put("siteid", siteid);
                dataobject.put("name", fagentshortname);
                dataobject.put("hrid", username.toUpperCase());
                dataobject.put("appids", list);
                dataobject.put("fisservice", fisservice);
                object.put("data", dataobject);
                return object.toString();
            }else if(usertype.equals("经销商员工账号")){//如果类型是经销商员工账号
                Rows rows = connect.runSqlQuery(
                        "select t1.fagentnum,t.defsite as siteid,t.hrid,t1.staffid,t1.fname,'0' fisservice from pp_users t join staff t1 on t1.phone=t.hrid " +
                                "where t.hrid='"+username+"' and t.status='ACTIVE'");
                if (rows.isEmpty()) {
                    JSONObject object = new JSONObject();
                    object.put("status", "error");
                    object.put("errcode", ErrCode.gettokenfail[0]);
                    object.put("msg", "该帐号无登录权限！");
                    return object.toString();
                }

                String fagentnum=rows.get(0).getString("fagentnum");
                String siteid=rows.get(0).getString("siteid");
                String fname=rows.get(0).getString("fname");
                boolean fisservice=rows.get(0).getBoolean("fisservice");
                int staffid=rows.get(0).getInteger("staffid");

                Rows staffauthority = connect.runSqlQuery("select t.authoritymodule,t.authorityname,t.fisedit,t.fisquery from\n" +
                        " staff_authority t\n" +
                        " join staffauthority t1 on t.authoritymodule=t1.authoritymodule and t1.siteid='"+siteid+"'\n" +
                        "where fparentid="+staffid+" order by t1.frownum");


                List list=new ArrayList();
                for (Row row : staffauthority) {
                    if(row.getBoolean("fisedit")){
                        list.add(row.getString("authoritymodule")+"_edit");
                    }
                    else if(row.getBoolean("fisquery")){
                        list.add(row.getString("authoritymodule"));
                    }
                }

                JSONObject object = new JSONObject();
                object.put("status", "ok");
                object.put("token", token);
                JSONObject dataobject = new JSONObject();
                dataobject.put("fusertype", usertype);
                dataobject.put("fagentnum", fagentnum);
                dataobject.put("siteid", siteid);
                dataobject.put("name", fname);
                dataobject.put("hrid", username.toUpperCase());
                dataobject.put("appids", list);
                dataobject.put("fisservice", fisservice);
                object.put("data", dataobject);
                return object.toString();
            }else{
                JSONObject object = new JSONObject();
                object.put("status", "error");
                object.put("errcode", ErrCode.gettokenfail[0]);
                object.put("msg", "该帐号无登录权限！");
                return object.toString();
            }
        }else if(from_account.equals("2")){//小程序登录
            DBConnect connect = new DBConnect();
            Rows rows = connect.runSqlQuery("select t.fagentnum,t.workphone,t.siteid,t.role,t.password from worker t " +
                    "where fisused=1 and workphone='" + username + "' and t.role='服务组长'");
            if(!rows.isEmpty()){
                String realpassword = rows.get(0).getString("password");
                if(!realpassword.equals(password)){
                    JSONObject object = new JSONObject();
                    object.put("status", "error");
                    object.put("errcode", ErrCode.gettokenfail[0]);
                    object.put("msg", "密码错误！");
                    return object.toString();
                }
                byte[] secretBytes = null;
                try {
                    secretBytes = MessageDigest.getInstance("md5")
                            .digest((username + password + Calendar.getInstance().getTimeInMillis()).getBytes());
                } catch (NoSuchAlgorithmException e) {
                    throw new RuntimeException("没有这个md5算法！");
                }
                String token = new BigInteger(1, secretBytes).toString(16);
                parameter.tokenlist.add(token);


                String fagentnum=rows.get(0).getString("fagentnum");
                String siteid=rows.get(0).getString("siteid");
                String role=rows.get(0).getString("role");
                JSONObject object = new JSONObject();
                object.put("status", "ok");
                object.put("token", token);
                JSONObject dataobject = new JSONObject();
                dataobject.put("fusertype", usertype);
                dataobject.put("fagentnum", fagentnum);
                dataobject.put("siteid", siteid);
                dataobject.put("role", role);
                dataobject.put("hrid", username.toUpperCase());
                object.put("data", dataobject);
                return object.toString();

            }else{
                JSONObject object = new JSONObject();
                object.put("status", "error");
                object.put("errcode", ErrCode.gettokenfail[0]);
                object.put("msg", "该帐号无登录权限！");
                return object.toString();
            }
        }else{
            JSONObject object = new JSONObject();
            object.put("status", "error");
            object.put("errcode", ErrCode.gettokenfail[0]);
            object.put("msg", "from参数无效");
            return object.toString();
        }
    }


    public static final String FILE_PATH=P2Server.getP2Server().getConfig().getProperty("p2.attachment.defaultpath");
    public static final String FILE_URL="http://drp.idcgroup.com.cn:8082/samex/rest/webclientrest/download?docinfoid=";
    @Path("download")
    @GET
    public void download(@QueryParam("docinfoid") String docinfoid,@Context HttpServletResponse response){

        int id=Integer.valueOf(docinfoid);
        response.reset();

        File file=null;
        try {
            PaoSetRemote docinfos = P2Server.getP2Server().getPaoSet("docinfo", P2Server.getP2Server().getSystemUserInfo());
            docinfos.setWhere("docinfoid="+Long.valueOf(id));
            docinfos.reset();
            if(!docinfos.isEmpty()){

                PaoRemote docinfo = docinfos.getPao(0);
                String siteid = docinfo.getString("siteid");
                String serialnumber = docinfo.getString("serialnumber");
                String document = docinfo.getString("document");
                String ownertables = docinfo.getString("ownertable");
                String postfix = docinfo.getString("postfix");
                if(postfix.equalsIgnoreCase("pdf")){
                    response.setContentType("application/pdf");
                    response.setHeader("Content-Disposition", "attachment;fileName="+ URLEncoder.encode(document,"UTF-8"));
                }else if(postfix.equalsIgnoreCase("jpg")||
                        postfix.equalsIgnoreCase("png")||
                        postfix.equalsIgnoreCase("jpeg")
                ){
                    response.setContentType("image/png");
                }else if(postfix.equalsIgnoreCase("mp4")){
                    response.setContentType("video/mpeg4");
                }else{
                    response.setContentType("multipart/form-data");
                    response.setHeader("Content-Disposition", "attachment;fileName="+ URLEncoder.encode(document,"UTF-8"));
                }

                file = new File(  FILE_PATH +"\\"+siteid+"\\"+ownertables+"\\"+serialnumber);

            }

        } catch (P2Exception | UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        ServletOutputStream out;
        try {
            if(file!=null){
                FileInputStream inputStream = new FileInputStream(file);
                //3.通过response获取ServletOutputStream对象(out)
                out = response.getOutputStream();
                int b = 0;
                byte[] buffer = new byte[512];
                while (b != -1){
                    b = inputStream.read(buffer);
                    //4.写到输出流(out)中
                    out.write(buffer,0,b);
                }
                inputStream.close();
                out.close();
                out.flush();
            }else{
                out = response.getOutputStream();
                out.write("null".getBytes());
                out.close();
                out.flush();
            }

        } catch (IOException e) {
            e.printStackTrace();
        }
    }


    @Path("find_staffauthority")
    @POST
    public String find_staffauthority(String RequestContent) {

        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.fromObject(RequestContent);
        } catch (Exception e) {
            return ErrModel.request_BasicJsonFormat().toString();
        }
        String username = requestcontent.getString("username");
        DBConnect dbConnect=new DBConnect();
        Rows rows = dbConnect.runSqlQuery("select fusertype,defsite from pp_users where hrid='" + username + "' and status='ACTIVE'");
        if(!rows.isEmpty()){
            Row row_detail = rows.get(0);
            String fusertype = row_detail.getString("fusertype");
            String defsite = row_detail.getString("defsite");
            if(fusertype.equals("经销商主账号")){
                Rows staffauthority = dbConnect.runSqlQuery("select authoritymodule,authorityname from staffauthority where siteid='"+defsite+"' order by frownum");
                List list=new ArrayList();
                for (Row row : staffauthority) {
                    list.add(row.getString("authoritymodule")+"_edit");
                }
                JSONObject object = new JSONObject();
                object.put("status", "ok");
                JSONObject dataobject = new JSONObject();
                dataobject.put("appids", list);
                object.put("data", dataobject);
                return object.toString();

            }else if(fusertype.equals("经销商员工账号")){
                Rows rows1 = dbConnect.runSqlQuery(
                        "select t1.fagentnum,t.defsite as siteid,t.hrid,t1.staffid,t1.fname,'0' fisservice from pp_users t join staff t1 on t1.phone=t.hrid " +
                                "where t.hrid='"+username+"' and t.status='ACTIVE'");
                if (rows1.isEmpty()) {
                    JSONObject object = new JSONObject();
                    object.put("status", "error");
                    object.put("errcode", ErrCode.gettokenfail[0]);
                    object.put("msg", "账号已失效");
                    return object.toString();
                }

                String fagentnum=rows1.get(0).getString("fagentnum");
                String siteid=rows1.get(0).getString("siteid");
                String fname=rows1.get(0).getString("fname");
                boolean fisservice=rows1.get(0).getBoolean("fisservice");
                int staffid=rows1.get(0).getInteger("staffid");

                Rows staffauthority = dbConnect.runSqlQuery("select t.authoritymodule,t.authorityname,t.fisedit,t.fisquery from\n" +
                        " staff_authority t\n" +
                        " join staffauthority t1 on t.authoritymodule=t1.authoritymodule and t1.siteid='"+siteid+"'\n" +
                        "where fparentid="+staffid+" order by t1.frownum");


                List list=new ArrayList();
                for (Row row : staffauthority) {
                    if(row.getBoolean("fisedit")){
                        list.add(row.getString("authoritymodule")+"_edit");
                    }
                    else if(row.getBoolean("fisquery")){
                        list.add(row.getString("authoritymodule"));
                    }
                }
                JSONObject object = new JSONObject();
                object.put("status", "ok");
                JSONObject dataobject = new JSONObject();
                dataobject.put("appids", list);
                object.put("data", dataobject);
                return object.toString();

            }
        }

        JSONObject object = new JSONObject();
        object.put("status", "error");
        object.put("errcode", ErrCode.gettokenfail[0]);
        object.put("msg", "账户不存在");
        return object.toString();

    }

}