bwj_server/src/dsb/com/cnd3b/common/restful/WebClientRest.java

package com.cnd3b.common.restful;

import com.alibaba.fastjson.JSONException;
import com.alibaba.fastjson.JSONObject;
import com.cnd3b.common.D3BReturnObject_Err;
import com.cnd3b.common.data.Row;
import com.cnd3b.common.data.Rows;
import com.cnd3b.common.data.SQLFactory;
import com.cnd3b.common.data.db.DBConnect;
import com.cnd3b.common.data.db.DataPool;
import com.cnd3b.common.parameter.parameter;
import com.cnd3b.restcontroller.publicmethod.users.Users;
import com.cnd3b.restcontroller.system.system.uploadExcelData;
import com.cnd3b.utility.Encryption;
import com.cnd3b.utility.Sms;
import com.cnd3b.utility.sysmsg;
import com.cnd3b.utility.wechatpay.apppay.POJO.APPQueryOrderRequest;
import com.cnd3b.utility.wechatpay.apppay.POJO.AppWechatOrder;
import com.cnd3b.utility.wechatpay.apppay.apppay;
import com.cnd3b.utility.wechatpay.jsapipay.POJO.JSQueryOrderRequest;
import com.cnd3b.utility.wechatpay.jsapipay.POJO.JSWechatOrder;
import com.cnd3b.utility.wechatpay.jsapipay.jsapipay;
import com.cnd3b.utility.wechatpay.nativepay.nativepay;
import jdk.nashorn.internal.objects.annotations.Getter;
import net.polyv.live.v1.util.LiveSignUtil;
import org.dom4j.dom.DOMElement;
import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
import org.glassfish.jersey.media.multipart.FormDataParam;

import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Random;

@Path("webclientrest")
public class WebClientRest {

    private static String[] nocheckphonenumber = {"13732579910"};

    @POST
    public String method(@Context HttpServletRequest request, String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.parseObject(RequestContent);
        } catch (Exception e) {
            return new D3BReturnObject_Err().setErrMsg("请求正文格式错误，必须为JSONObject格式").toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"classname", "method", "content"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return new D3BReturnObject_Err().setErrMsg("json缺少KEY" + mustkey).toString();
            }
        }
        /**
         * 验证请求正文中的content是否为规范的SONObject格式
         */
        JSONObject content = new JSONObject();
        try {
            content = requestcontent.getJSONObject("content");
        } catch (Exception e) {
            return new D3BReturnObject_Err().setErrMsg("正文content格式错误，必须为JSONObject格式").toString();
        }

        /**
         * 验证正文中的token是否有效
         */
        String accesstoken = "";
        String className = requestcontent.getString("classname");
        if (!className.contains("publicmethod")) {
            if (!requestcontent.containsKey("accesstoken")) {
                return new D3BReturnObject_Err().setErrMsg("登陆状态已过期，请重新登陆！").toString();
            }
            accesstoken = requestcontent.getString("accesstoken");
            /**
             * 盘点当前账号是否存在有效的token
             */
            if (!parameter.tokenlist.containsKey(accesstoken) && !istokeninuserlist(accesstoken)) {
                //如果缓存中不存在，则在账号列表中进行查询，查到结果后，将tokne存入缓存
                return new D3BReturnObject_Err().setErrMsg("登陆状态已过期，请重新登陆！").toString();
            }
            parameter.requesttime.put(accesstoken, Calendar.getInstance().getTime());
        }

        String methodName = requestcontent.getString("method");
        if (content.isEmpty()) {
            content = new JSONObject();
        }
        content.put("$classname", className);
        content.put("$method", methodName);
        content.put("$accesstoken", accesstoken);
        content.put("$requestHost", request.getScheme() + "://" + request.getHeader("Host"));

        String key = className + "." + methodName;
        String result;
        Object obj = null;
        try {
            boolean getdatafromdbanyway = content.containsKey("getdatafromdbanyway")
                    && content.getBoolean("getdatafromdbanyway");
            content.remove("getdatafromdbanyway");
            Object data = null;
            if (!getdatafromdbanyway) {
                data = DataPool.get(content.toString());
            }
            if (data != null) {
                result = data.toString();
                saveCallMethodMsg(key, false, 0L);
            } else {
                long starttimes = Calendar.getInstance().getTimeInMillis();
                /**
                 * 执行请求方法
                 */
                Class clz = Class.forName("com.cnd3b.restcontroller." + className);
                Constructor cla = clz.getDeclaredConstructor(JSONObject.class);
                obj = cla.newInstance(content);
                Method method = obj.getClass().getDeclaredMethod(methodName);
                result = (String) method.invoke(obj);
                long endtimes = Calendar.getInstance().getTimeInMillis();
                saveCallMethodMsg(key, true, endtimes - starttimes);
            }
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
            result = new D3BReturnObject_Err().setErrMsg("找不到指定的类" + className).toString();
        } catch (InstantiationException e) {
            e.printStackTrace();
            result = new D3BReturnObject_Err().setErrMsg("类" + className + "实例化异常").toString();
        } catch (IllegalAccessException e) {
            e.printStackTrace();
            result = new D3BReturnObject_Err().setErrMsg("类" + className + "安全权限异常，可能该类为非public类").toString();
        } catch (NoSuchMethodException e) {
            e.printStackTrace();
            result = new D3BReturnObject_Err().setErrMsg("找不到指定的类" + className + "的" + methodName + "方法").toString();
        } catch (IllegalArgumentException e) {
            e.printStackTrace();
            result = new D3BReturnObject_Err().setErrMsg("类" + className + "的" + methodName + "方法参数不合法").toString();
        } catch (InvocationTargetException e) {
            Throwable targetException = e.getTargetException();
            D3BReturnObject_Err d3BReturnObject_err = new D3BReturnObject_Err();
            d3BReturnObject_err.setErrMsg(targetException.getMessage());
            result = d3BReturnObject_err.toString();
        } catch (Exception e) {
            e.printStackTrace();
            result = new D3BReturnObject_Err().setErrMsg("发生未知异常" + e.getMessage()).toString();
        } finally {
            if (obj != null) {
                try {
                    obj.getClass().getMethod("p2ServerSystemPaoSetClose").invoke(obj);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
        return result;
    }


    public boolean istokeninuserlist(String accesstoken) {
        DBConnect dbConnect = new DBConnect();
        SQLFactory factory = new SQLFactory(this, "持久化账号列表查询");
        factory.addParameter("accesstoken", accesstoken);
        Rows rows = dbConnect.runSqlQuery(factory.getSQL());
        if (rows.isEmpty()) {
            return false;
        } else {
            for (Row row : rows) {
                long userid = row.getLong("userid");
                String token = row.getString("token");
                row.put("logintime", new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime()));
                parameter.userIdList.put(userid, row);
                parameter.tokenlist.put(token, userid);
            }
            return true;
        }
    }

    /**
     * 记录请求数
     *
     * @param key
     * @param fromdb
     * @param time
     */
    private void saveCallMethodMsg(String key, boolean fromdb, long time) {
        long callmethodTimes = parameter.callmethodTimes.containsKey(key) ? parameter.callmethodTimes.get(key) : 0L;

        //更新请求总数
        parameter.callmethodTimes.put(key, callmethodTimes + 1L);

        //最新请求时间
        parameter.lastcallmethodtime.put(key, Calendar.getInstance().getTime());

        //从缓存获取的次数
        long callmethod_fromcacheTimes = parameter.callmethod_fromcacheTimes.containsKey(key) ? parameter.callmethod_fromcacheTimes.get(key) : 0L;
        if (!fromdb) {
            /**
             * 方法请求从缓存获取次数
             */
            parameter.callmethod_fromcacheTimes.put(key, callmethod_fromcacheTimes + 1L);
        } else {
            /**
             * 方法请求查询最新耗时
             */
            parameter.callmethodLastTimeLong.put(key, time);


            long totaltimes = callmethodTimes - callmethod_fromcacheTimes;

            /**
             * 方法请求查询平均时间
             */
            long callmethodTimeLong = parameter.callmethodTimeLong.containsKey(key) ? parameter.callmethodTimeLong.get(key) : 0L;

            parameter.callmethodTimeLong.put(key, (callmethodTimeLong * totaltimes + time) / (totaltimes + 1));
        }
    }

    /**
     * 获取短信登陆验证码
     *
     * @param RequestContent
     * @return
     */
    @Path("getpassword")
    @POST
    public String getPassWord(@Context HttpServletRequest request, String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.parseObject(RequestContent);
        } catch (Exception e) {
            return new D3BReturnObject_Err().setErrMsg("请求正文格式错误，必须为JSONObject格式").toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"phonenumber"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return new D3BReturnObject_Err().setErrMsg("json缺少KEY" + mustkey).toString();
            }
        }
        String phonenumber = requestcontent.getString("phonenumber");
        String client = "";
        if (requestcontent.containsKey("client")) {
            client = requestcontent.getString("client");
        }
//        DBConnect dbConnect = new DBConnect();
//        if (dbConnect.runSqlQuery("select * from tenterprise_users where fphonenumber='" + phonenumber + "'").isEmpty()) {
//            JSONObject object = new JSONObject();
//            object.put("code", 0);
//            object.put("msg", "当前手机号未注册！");
//            return object.toString();
//        }

        String password = createPassWord();
        parameter.phonenumber_password.put(phonenumber, password);
        Calendar calendar = Calendar.getInstance();
        calendar.add(Calendar.MINUTE, 5);
        parameter.phonenumber_date.put(phonenumber, calendar.getTime());

        if (parameter.isdebug()) {
            JSONObject object = new JSONObject();
            object.put("code", 1);
            object.put("msg", "手机验证码为：" + password);
            System.err.println("手机验证码为：" + password);
            return object.toString();
        } else {
            JSONObject object = new JSONObject();
            Sms sms = new Sms();
            sms.sendOutMsg(phonenumber, password);
            object.put("code", 1);
            object.put("msg", "手机验证码已发送，请注意查收！");
            return object.toString();
        }
    }

    /**
     * 创建验证码
     *
     * @return
     */
    public String createPassWord() {
        String allChar = "1234567890";
        StringBuffer sb = new StringBuffer();
        Random random = new Random();
        for (int i = 0; i < 6; i++) {
            sb.append(allChar.charAt(random.nextInt(allChar.length())));
        }
        if (parameter.phonenumber_password.containsValue(sb.toString())) {
            return createPassWord();
        } else {
            return sb.toString();
        }
    }

    @Path("login")
    @POST
    public String login(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.parseObject(RequestContent);
        } catch (Exception e) {
            return new D3BReturnObject_Err().setErrMsg("请求正文格式错误，必须为JSONObject格式").toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"phonenumber", "password"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return new D3BReturnObject_Err().setErrMsg("json缺少KEY" + mustkey).toString();
            }
        }
        String phonenumber = requestcontent.getString("phonenumber");
        String password = requestcontent.getString("password");

        int resultcode;
        DBConnect connect = new DBConnect();
        if (!parameter.phonenumber_password.containsKey(phonenumber)) {
            resultcode = 1;//没有获取验证码
        } else if (parameter.phonenumber_date.get(phonenumber).before(Calendar.getInstance().getTime())) {
            resultcode = 2;//验证码已失效
        } else {
            //系统验证码
            String syspassword = parameter.phonenumber_password.get(phonenumber);
            if (password.equals(new Encryption().Encode_MD5(syspassword))) {
                resultcode = 0;//验证码正确
            } else {
                resultcode = 3;//验证码错误
            }
        }

        int isnewregister = 0;
        if (resultcode == 0 || Arrays.asList(nocheckphonenumber).contains(phonenumber)) {
            //登陆时，如果验证码验证成功，但是手机号未注册过，则自动进行注册！
            if (connect.runSqlQuery("select * from tenterprise_users where fphonenumber='" + phonenumber + "'").isEmpty()) {
                Users users = new Users(requestcontent);
                users.register_usersByLogin(phonenumber);
                isnewregister = 1;
            }

            SQLFactory factory = new SQLFactory(this, "手机账号列表查询");
            factory.addParameter("fphonenumber", phonenumber);
            Rows rows = connect.runSqlQuery(factory.getSQL());

            ArrayList<String> tokensaveList = new ArrayList<>();
            for (Row row : rows) {
                long userid = row.getLong("userid");
                String usertoken = new Encryption().Encode_MD5(phonenumber + password + userid + Calendar.getInstance().getTimeInMillis());
                row.put("token", usertoken);
                row.put("logintime", new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(Calendar.getInstance().getTime()));
                row.put("isnewregister", isnewregister);
                parameter.userIdList.put(userid, row);
                parameter.tokenlist.put(usertoken, userid);

                tokensaveList.add("update tenterprise_users set accesstoken='" + usertoken + "' where tenterprise_userid=" + userid);
            }
            if (!tokensaveList.isEmpty()) {
                /**
                 * 账号登录态持久化
                 */
                connect.runSqlUpdate(tokensaveList);
            }

            JSONObject object = new JSONObject();
            object.put("code", 1);
            object.put("msg", "成功");
            object.put("webclienturl", "");
            object.put("servicehotline", "");
            object.put("account_list", rows.toJsonArray());

            //登录成功，将验证码失效掉；
            Calendar calendar = Calendar.getInstance();
            calendar.add(Calendar.MINUTE, -5);
            parameter.phonenumber_date.put(phonenumber, calendar.getTime());
            return object.toString();
        } else {
            String msg = "";
            if (resultcode == 1) {
                msg = "请先获取所填手机号验证码！";
            } else if (resultcode == 2) {
                msg = "验证码已失效，请重新获取！";
            } else if (resultcode == 3) {
                msg = "无效的验证码！";
            }
            JSONObject object = new JSONObject();
            object.put("code", 0);
            object.put("msg", msg);
            return object.toString();
        }
    }


    @Path("logout")
    @POST
    public String logout(String RequestContent) {
        /**
         * 验证请求正文是否为规范的SONObject格式
         */
        JSONObject requestcontent = null;
        try {
            requestcontent = JSONObject.parseObject(RequestContent);
        } catch (Exception e) {
            return new D3BReturnObject_Err().setErrMsg("请求正文格式错误，必须为JSONObject格式").toString();
        }
        /**
         * 验证请求正文中是否包含必填的键值
         */
        String[] mustkeys = {"accesstoken"};
        for (String mustkey : mustkeys) {
            if (!requestcontent.containsKey(mustkey)) {
                return new D3BReturnObject_Err().setErrMsg("json缺少KEY" + mustkey).toString();
            }
        }
        /**
         * 验证正文中的token是否有效
         */
        String accesstoken = requestcontent.getString("accesstoken");
        parameter.tokenlist.remove(accesstoken);
        new DBConnect().runSqlUpdate("update tenterprise_users set accesstoken=null where accesstoken='" + accesstoken + "'");
        JSONObject object = new JSONObject();
        object.put("status", "ok");
        return object.toString();
    }


    /**
     * 数据导入
     *
     * @param uploadfileInputStream
     * @param uploadfile
     * @param userid
     * @param accesstoken
     * @param ftype
     * @return
     */
    @Path("uploadexcel")
    @POST
    @Consumes({"multipart/form-data"})
    @Produces({"application/json"})
    public String upLoadDoc(@FormDataParam("uploadfile") InputStream uploadfileInputStream,
                            @FormDataParam("uploadfile") FormDataContentDisposition uploadfile,
                            @FormDataParam("userid") String userid,
                            @FormDataParam("accesstoken") String accesstoken, @FormDataParam("ftype") String ftype) {
        /**
         * 验证正文中的token是否有效
         */
        if (!parameter.tokenlist.containsKey(accesstoken)) {
            return new D3BReturnObject_Err().setErrMsg("登陆状态已过期，请重新登陆！").toString();
        }
        JSONObject content = new JSONObject();
        content.put("userid", userid);
        uploadExcelData uploadExcelData = new uploadExcelData(content);
        return uploadExcelData.upLoadExcel(uploadfileInputStream, uploadfile, ftype);
    }

    /**
     * 微信支付回调接口
     *
     * @param RequestContent
     * @return
     */
    @POST
    @Path("wechatpay/returnorderstateapp")
    public String wechatpayapp(String RequestContent) {

        APPQueryOrderRequest queryOrderRequest = new APPQueryOrderRequest();
        AppWechatOrder order = queryOrderRequest.getWechatOrder(RequestContent);
        apppay apppay = new apppay();
        boolean success = apppay.updateLocalOrder(order);
        DOMElement request = new DOMElement("xml");
        request.addElement("return_code").addText(success ? "SUCCESS" : "FAIL");
        request.addElement("return_msg").addText(success ? "OK" : "校验失败");
        return request.asXML();
    }

    /**
     * 微信网页支付回调接口
     *
     * @param RequestContent
     * @return
     */
    @POST
    @Path("wechatpay/returnorderstatenative")
    public String wechatpaynative(String RequestContent) {
        nativepay nativepay = new nativepay();
        JSONObject returnobject = JSONObject.parseObject(RequestContent);
        boolean success = nativepay.updateLocalOrder_callback(returnobject);
        JSONObject request = new JSONObject();
        request.put("code", success ? "SUCCESS" : "FAIL");
        request.put("message", success ? "成功" : "校验失败");
        return request.toString();
    }

    /**
     * 微信网页支付回调接口
     *
     * @param RequestContent
     * @return
     */
    @POST
    @Path("wechatpay/returnorderstatejs")
    public String wechatpayjs(String RequestContent) {

        JSQueryOrderRequest queryOrderRequest = new JSQueryOrderRequest();
        JSWechatOrder order = queryOrderRequest.getWechatOrder(RequestContent);
        jsapipay jsapipay = new jsapipay();
        boolean success = jsapipay.updateLocalOrder(order);
        DOMElement request = new DOMElement("xml");
        request.addElement("return_code").addText(success ? "SUCCESS" : "FAIL");
        request.addElement("return_msg").addText(success ? "OK" : "校验失败");
        return request.asXML();
    }

    @Path("sysmsg")
    @GET
    @Produces(MediaType.TEXT_HTML)
    @Consumes(MediaType.TEXT_HTML)
    public String sysmsg() throws JSONException {
        return new sysmsg().getCustMsg();
    }

    @GET
    @Path("polyvAuth")
    public String polyvAuth(@QueryParam("channelId") String channelId, @QueryParam("userid") String userid, @QueryParam("ts") Long ts, @QueryParam("token") String token) {

        System.err.println(channelId);
        System.err.println(userid);
        JSONObject result = new JSONObject();
        long timeMillis = System.currentTimeMillis();
        long diffTime = Math.abs(timeMillis - ts);
        //1、时间戳判断
        if (diffTime > 5 * 60 * 1000) {
            result.put("status", "0");
            //抛出异常时，如果设置errorUrl，则会跳转到 errorUrl ,如果未返回 errorUrl，则先查询 外部授权参数
            // externalRedirectUri，externalRedirectUri不为空则跳转externalRedirectUri地址，externalRedirectUri为空则跳转保利威默认页面
            result.put("errorUrl", "https://www.polyv.net");
            return result.toJSONString();
        }

        //2、签名判断
        DBConnect dbConnect = new DBConnect();
        Rows rows = dbConnect.runSqlQuery("select secretkey from tlive where channelId='" + channelId + "'");
        if (rows.isEmpty()) {
            result.put("errorUrl", "https://www.polyv.net");
            return result.toJSONString();
        }
        String signText = rows.get(0).getString("secretkey") + userid + rows.get(0).getString("secretkey") + ts;
        String sign = null;
        try {
            sign = LiveSignUtil.md5Hex(signText);
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (sign == null || !sign.equals(token)) {
            result.put("status", "0");
            //抛出异常时，如果设置errorUrl，则会跳转到 errorUrl ,如果未返回 errorUrl，则先查询 外部授权参数
            // externalRedirectUri，externalRedirectUri不为空则跳转externalRedirectUri地址，externalRedirectUri为空则跳转保利威默认页面
            result.put("errorUrl", "https://www.polyv.net");
            return result.toJSONString();
        }
        // 业务逻辑处理，后续需根据具体需求进行数据库操作
        //3、正常返回
        Rows userrows = dbConnect.runSqlQuery("select *from tenterprise_users where tenterprise_userid='" + userid + "'");
        if (userrows.isEmpty()) {
            result.put("status", "0");
            //抛出异常时，如果设置errorUrl，则会跳转到 errorUrl ,如果未返回 errorUrl，则先查询 外部授权参数
            // externalRedirectUri，externalRedirectUri不为空则跳转externalRedirectUri地址，externalRedirectUri为空则跳转保利威默认页面
            result.put("errorUrl", "https://www.polyv.net");
            return result.toJSONString();
        }
        result.put("status", "1");
        result.put("userid", userid);
        result.put("nickname", userrows.get(0).getString("fname"));
        result.put("marqueeName", "保利威测试跑马灯");
        // result.put("actor", "学生");
        result.put("actorFColor", "#2469f3");
        result.put("actorBgColor", null);
        result.put("param4", null);
        result.put("param5", null);
        result.put("avatar", "http://dev.polyv.net/favicon.ico");
        return result.toJSONString();
    }
}