@Action("pushresult")
public String pushresult() throws IOException {
DB db = MongoUtil.getInstance().getDB();
BasicDBObject ret = null;
if (checkTime(timestamp)) {
if (checkenc(db, timestamp, clientid, userenc)) {
DBObject dbo = db.getCollection("Pushmsgs").findOne(new BasicDBObject("msgid", msgid));
if (!CommonUtil.isEmpty(dbo)) {
ret =
new BasicDBObject()
.append("msgid", dbo.get("msgid"))
.append("status", dbo.get("status"));
} else {
errormsg = "Message not found";
}
} else {
errormsg = "User not authorized";
}
} else errormsg = "Timestamp outof range";
HttpServletResponse resp = ServletActionContext.getResponse();
resp.setCharacterEncoding("utf-8");
resp.setContentType("application/json");
if (!CommonUtil.isEmpty(ret)) resp.getWriter().print(JSON.serialize(ret));
else resp.getWriter().write("{\"errcode\":50000,\"errmsg\":\"" + errormsg + "\"}");
return NONE;
}
/**
* 通过PWD跳转到支付页面
*
* @return
* @throws IOException
*/
@Action("ecardpwd")
public String pwd() throws IOException {
Object openid = getSession().get("openid");
HttpServletResponse resp = org.apache.struts2.ServletActionContext.getResponse();
Map<String, Object> ret = new HashMap<String, Object>();
if (!CommonUtil.isEmpty(openid)) {
DBObject payinfo = SWEcardModel.getPwd(uisid);
DBObject user =
MongoUtil.getInstance()
.getDB()
.getCollection("Bindings")
.findOne(new BasicDBObject("openid", openid));
binds = new TACOAuth2Model().fetchUserinfo(user);
if (binds != null && binds.size() > 0) {
boolean found = false;
for (Object b : binds) {
if (b instanceof Map) {
Map bm = (Map) b;
String uid = String.valueOf(bm.get("user_id"));
if (CommonUtil.eq(uid, payinfo.get("uisid"))) {
found = true;
}
}
}
if (!found) {
addActionError("订单的UISID不匹配");
} else {
ret.put("retcode", 0);
ret.put(
"url",
WiscomPayModel.formupDirecturl(
String.valueOf(openid),
String.valueOf(payinfo.get("uisid")),
String.valueOf(payinfo.get("pwd"))));
}
} else {
addActionError(" 尚未对任何账号授权");
}
} else {
addActionError("尚未登录");
}
if (hasErrors()) {
ret.put("retcode", -500);
ret.put("retmsg", getActionErrors());
}
resp.setCharacterEncoding("utf-8");
JSON.writeJSONStringTo(ret, resp.getWriter());
return NONE;
}
@Action("wxlogin")
public String execute() {
if (CommonUtil.isEmpty(getSession().get("openid"))) {
Config conf = Config.getInstance();
try {
byte[] bs = new byte[16];
new Random().nextBytes(bs);
String st = EncodeHelper.bytes2hex(bs);
// 放进一个使用EhCache维护的容器,当用户从微信的OAuth2.0拿到code后检查这个链接是不是由此链接生成的。
// CacheManager.getInstance().getCache("WXStates")
// .put(new Element(st, redir));
getSession().put("wxstate", st);
getSession().put("redir", redir);
redir =
"https://open.weixin.qq.com/connect/oauth2/authorize?appid="
+ conf.get("weixin.appid")
+ "&redirect_uri="
+ EncodeHelper.encode(conf.get("weixin.context") + "wxlogindo.act", "URL")
+ "&response_type=code&scope=snsapi_base&state="
+ st
+ "#wechat_redirect";
} catch (Exception e) {
log.error(e);
}
}
try {
org.apache.struts2.ServletActionContext.getResponse().sendRedirect(redir);
} catch (IOException e) {
log.error(e);
}
return NONE;
}
private boolean checkmsgsum(Object data, String touser, String userenc, String checksum) {
String sdata = JSON.serialize(data);
sdata = sdata.replaceAll("[ \\n\\r\\t]", "");
log.info(sdata);
if (CommonUtil.eq(checksum, EncodeHelper.digest(sdata + touser + userenc, "SHA"))) return true;
else return false;
}
private boolean checkenc(DB db, long stamp, String clientid, String userenc) {
DBObject clientinfo = getClientInfo(db, clientid);
if (clientinfo == null) return false;
String enckey = String.valueOf(clientinfo.get("enckey"));
try {
String userdec =
new String(
EncodeHelper.dencrypt(
"DESede", EncodeHelper.hex2bytes(userenc), EncodeHelper.hex2bytes(enckey), null));
if (CommonUtil.eq(userdec, String.valueOf(clientinfo.get("password")) + stamp)) return true;
else return false;
} catch (GeneralSecurityException e) {
log.error(e);
errormsg = e.getMessage();
return false;
}
}
public void clearDangerMultiBind() {
DBCollection dc = MongoUtil.getInstance().getCollection("Bindings");
DBCursor c = dc.find();
JSONMessageBuilder bd = new JSONMessageBuilder();
bd.setContent(
"由于我们发现您绑定了多个不同姓名的账号,为保护个人隐私我们已经将您所有的绑定信息清空,如需继续使用请重新绑定自己的UIS账号。我们不推荐帮助其他人查询个人信息。");
while (c.hasNext()) {
DBObject obj = c.next();
try {
BasicDBList binds = (BasicDBList) obj.get("binds");
if (binds.size() > 1) {
Object name = null;
for (int i = 0; i < binds.size(); i++) {
DBObject u = (DBObject) binds.get(i);
if (i > 0) {
if (u.get("username") == null || !u.get("username").equals(name)) {
dc.remove(obj);
System.out.println(obj);
bd.set("touser", obj.get("openid"));
System.out.println(
CommonUtil.postWebRequest(
"https://api.weixin.qq.com/cgi-bin/message/custom/"
+ "send?access_token="
+ AccessTokenHelper.getInstance().getToken(AccessTokenHelper.WEIXIN),
WeixinMessageHelper.msg2jsonstr(bd.getMessage()).getBytes("utf-8"),
"application/json; charset=utf-8"));
}
break;
}
name = u.get("username");
}
}
} catch (Exception ex) {
}
}
}
/**
* 一卡通充值入口界面预处理
*
* @return
* @throws IOException
*/
@Action("ecardpre")
public String prepaid() throws IOException {
Object openid = getSession().get("openid");
if (!CommonUtil.isEmpty(openid)) {
DBObject user =
MongoUtil.getInstance()
.getDB()
.getCollection("Bindings")
.findOne(new BasicDBObject("openid", openid));
binds = new TACOAuth2Model().fetchUserinfo(user);
if (binds != null && binds.size() > 0) {
for (Object b : binds) {
if (b instanceof Map) {
Map bm = (Map) b;
String uid = String.valueOf(bm.get("user_id"));
bm.put("unpaid", SWEcardModel.unpaid(uid));
}
}
}
}
if (binds == null) binds = new ArrayList();
return SUCCESS;
}
@Action("wxlogindo")
public String logindo() {
// Cache cache= CacheManager.getInstance().getCache("WXStates");
// Element el=cache.get(state);
if (!CommonUtil.isEmpty(code)
&& !CommonUtil.isEmpty(state)
&& state.equals(getSession().remove("wxstate"))) {
redir = String.valueOf(getSession().remove("redir"));
// cache.removeElement(el);
Config conf = Config.getInstance();
// 获取微信的access_token
String urlstr =
"https://api.weixin.qq.com/sns/oauth2/access_token?appid="
+ conf.get("weixin.appid")
+ "&secret="
+ conf.get("weixin.secret")
+ "&code="
+ code
+ "&grant_type=authorization_code";
try {
String ret = CommonUtil.getWebContent(urlstr).toString();
DBObject retobj = (DBObject) JSON.parse(ret);
Object acctk = retobj.get("access_token");
if (!CommonUtil.isEmpty(acctk)) {
// 更新Bindings库中的access_token
DBCollection c = MongoUtil.getInstance().getDB().getCollection("Bindings");
Object openid = retobj.get("openid");
// 设置Session
getSession().put("openid", openid);
DBObject obj = c.findOne(new BasicDBObject("openid", openid));
if (CommonUtil.isEmpty(obj)) {
obj = new BasicDBObject().append("openid", retobj.get("openid"));
}
obj.put("weixintoken", acctk);
obj.put(
"weixinexpired", System.currentTimeMillis() + 1000 * (int) retobj.get("expires_in"));
obj.put("weixinscope", retobj.get("scope"));
obj.put("wexinrefresh", retobj.get("refresh_token"));
c.save(obj);
/*
* if(obj.get("binds")!=null &&obj.get("binds") instanceof
* List) { List<BasicDBObject> ls=new
* ArrayList<BasicDBObject>(); for(DBObject
* ob:(List<DBObject>)obj.get("binds")) {
* if(!CommonUtil.isEmpty(ob)){ BasicDBObject bdo=new
* BasicDBObject(); bdo.put("uisid", ob.get("uisid"));
* bdo.put("username",ob.get("username"));
* bdo.put("usertype", ob.get("usertype")); ls.add(bdo); } }
* getSession().put("binds", ls); }
*/
DBObject user =
MongoUtil.getInstance()
.getDB()
.getCollection("weixinuser")
.findOne(new BasicDBObject("openid", openid));
if (!CommonUtil.isEmpty(user)) getSession().put("nickname", user.get("nickname"));
} else {
log.error(ret);
}
} catch (Exception e) {
log.error(e);
}
try {
org.apache.struts2.ServletActionContext.getResponse().sendRedirect(redir);
} catch (Exception e) {
log.error(e);
}
} else {
try {
org.apache.struts2.ServletActionContext.getResponse()
.getWriter()
.write("Unreconginzed reqest!");
} catch (IOException e) {
log.error(e);
}
}
return NONE;
}
@Action("msgpush")
public String msgpush() throws Exception {
BufferedReader r = ServletActionContext.getRequest().getReader();
String ret = null;
StringBuffer sb = new StringBuffer();
String s;
while ((s = r.readLine()) != null) {
sb.append(s);
}
DBObject req = (DBObject) JSON.parse(sb.toString());
DBObject head = (DBObject) req.get("head");
timestamp = (long) head.get("timestamp");
clientid = String.valueOf(head.get("clientid"));
userenc = String.valueOf(head.get("userenc"));
String touser = String.valueOf(head.get("touser"));
DB db = MongoUtil.getInstance().getDB();
if (checkTime(timestamp)) {
if (checkenc(db, timestamp, clientid, userenc)) {
if (checkmsgsum(req.get("data"), touser, userenc, String.valueOf(head.get("checksum")))) {
Cache cache = CacheManager.getInstance().getCache("MsgCheck");
if (cache.get(head.get("checksum")) == null) {
cache.put(new Element(head.get("checksum"), null));
DBObject user =
db.getCollection("Bindings")
.findOne(
new BasicDBObject(
"binds",
new BasicDBObject("$elemMatch", new BasicDBObject("uisid", touser))));
if (!CommonUtil.isEmpty(user) && !CommonUtil.isEmpty(user.get("openid"))) {
// template白名单
if (Config.getInstance()
.get("push.whitelist")
.indexOf(head.get("template").toString())
>= 0
|| db.getCollection("Books")
.findOne(
new BasicDBObject("openid", user.get("openid"))
.append("item", head.get("template"))
.append("book", true))
!= null) {
String cret =
TemplateMessage.send(
String.valueOf(head.get("template")),
String.valueOf(user.get("openid")),
(DBObject) req.get("data"));
if (cret != null && cret.startsWith("{")) {
DBObject retobj = (DBObject) JSON.parse(cret);
retobj.put("touser", touser);
retobj.put("timestamp", timestamp);
retobj.put("clientid", clientid);
db.getCollection("Pushmsgs").save(retobj);
ret = cret;
} else errormsg = cret;
} else {
errormsg = "Message not booked";
}
} else {
errormsg = "Touser not binded";
}
} else {
errormsg = "Same message is sent too frequently";
}
} else {
errormsg = "Message checksum error";
}
} else {
errormsg = "User not authorized";
}
} else errormsg = "Timestamp outof range";
HttpServletResponse resp = ServletActionContext.getResponse();
resp.setCharacterEncoding("utf-8");
resp.setContentType("application/json");
if (!CommonUtil.isEmpty(ret)) resp.getWriter().print(ret);
else resp.getWriter().write("{\"errcode\":50000,\"errmsg\":\"" + errormsg + "\"}");
return NONE;
}
