@Action("pushresult") public String pushresult() throws IOException { DB db = MongoUtil.getInstance().getDB(); BasicDBObject ret = null; if (checkTime(timestamp)) { if (checkenc(db, timestamp, clientid, userenc)) { DBObject dbo = db.getCollection("Pushmsgs").findOne(new BasicDBObject("msgid", msgid)); if (!CommonUtil.isEmpty(dbo)) { ret = new BasicDBObject() .append("msgid", dbo.get("msgid")) .append("status", dbo.get("status")); } else { errormsg = "Message not found"; } } else { errormsg = "User not authorized"; } } else errormsg = "Timestamp outof range"; HttpServletResponse resp = ServletActionContext.getResponse(); resp.setCharacterEncoding("utf-8"); resp.setContentType("application/json"); if (!CommonUtil.isEmpty(ret)) resp.getWriter().print(JSON.serialize(ret)); else resp.getWriter().write("{\"errcode\":50000,\"errmsg\":\"" + errormsg + "\"}"); return NONE; }
/** * 通过PWD跳转到支付页面 * * @return * @throws IOException */ @Action("ecardpwd") public String pwd() throws IOException { Object openid = getSession().get("openid"); HttpServletResponse resp = org.apache.struts2.ServletActionContext.getResponse(); Map<String, Object> ret = new HashMap<String, Object>(); if (!CommonUtil.isEmpty(openid)) { DBObject payinfo = SWEcardModel.getPwd(uisid); DBObject user = MongoUtil.getInstance() .getDB() .getCollection("Bindings") .findOne(new BasicDBObject("openid", openid)); binds = new TACOAuth2Model().fetchUserinfo(user); if (binds != null && binds.size() > 0) { boolean found = false; for (Object b : binds) { if (b instanceof Map) { Map bm = (Map) b; String uid = String.valueOf(bm.get("user_id")); if (CommonUtil.eq(uid, payinfo.get("uisid"))) { found = true; } } } if (!found) { addActionError("订单的UISID不匹配"); } else { ret.put("retcode", 0); ret.put( "url", WiscomPayModel.formupDirecturl( String.valueOf(openid), String.valueOf(payinfo.get("uisid")), String.valueOf(payinfo.get("pwd")))); } } else { addActionError(" 尚未对任何账号授权"); } } else { addActionError("尚未登录"); } if (hasErrors()) { ret.put("retcode", -500); ret.put("retmsg", getActionErrors()); } resp.setCharacterEncoding("utf-8"); JSON.writeJSONStringTo(ret, resp.getWriter()); return NONE; }
@Action("wxlogin") public String execute() { if (CommonUtil.isEmpty(getSession().get("openid"))) { Config conf = Config.getInstance(); try { byte[] bs = new byte[16]; new Random().nextBytes(bs); String st = EncodeHelper.bytes2hex(bs); // 放进一个使用EhCache维护的容器,当用户从微信的OAuth2.0拿到code后检查这个链接是不是由此链接生成的。 // CacheManager.getInstance().getCache("WXStates") // .put(new Element(st, redir)); getSession().put("wxstate", st); getSession().put("redir", redir); redir = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=" + conf.get("weixin.appid") + "&redirect_uri=" + EncodeHelper.encode(conf.get("weixin.context") + "wxlogindo.act", "URL") + "&response_type=code&scope=snsapi_base&state=" + st + "#wechat_redirect"; } catch (Exception e) { log.error(e); } } try { org.apache.struts2.ServletActionContext.getResponse().sendRedirect(redir); } catch (IOException e) { log.error(e); } return NONE; }
private boolean checkmsgsum(Object data, String touser, String userenc, String checksum) { String sdata = JSON.serialize(data); sdata = sdata.replaceAll("[ \\n\\r\\t]", ""); log.info(sdata); if (CommonUtil.eq(checksum, EncodeHelper.digest(sdata + touser + userenc, "SHA"))) return true; else return false; }
private boolean checkenc(DB db, long stamp, String clientid, String userenc) { DBObject clientinfo = getClientInfo(db, clientid); if (clientinfo == null) return false; String enckey = String.valueOf(clientinfo.get("enckey")); try { String userdec = new String( EncodeHelper.dencrypt( "DESede", EncodeHelper.hex2bytes(userenc), EncodeHelper.hex2bytes(enckey), null)); if (CommonUtil.eq(userdec, String.valueOf(clientinfo.get("password")) + stamp)) return true; else return false; } catch (GeneralSecurityException e) { log.error(e); errormsg = e.getMessage(); return false; } }
public void clearDangerMultiBind() { DBCollection dc = MongoUtil.getInstance().getCollection("Bindings"); DBCursor c = dc.find(); JSONMessageBuilder bd = new JSONMessageBuilder(); bd.setContent( "由于我们发现您绑定了多个不同姓名的账号,为保护个人隐私我们已经将您所有的绑定信息清空,如需继续使用请重新绑定自己的UIS账号。我们不推荐帮助其他人查询个人信息。"); while (c.hasNext()) { DBObject obj = c.next(); try { BasicDBList binds = (BasicDBList) obj.get("binds"); if (binds.size() > 1) { Object name = null; for (int i = 0; i < binds.size(); i++) { DBObject u = (DBObject) binds.get(i); if (i > 0) { if (u.get("username") == null || !u.get("username").equals(name)) { dc.remove(obj); System.out.println(obj); bd.set("touser", obj.get("openid")); System.out.println( CommonUtil.postWebRequest( "https://api.weixin.qq.com/cgi-bin/message/custom/" + "send?access_token=" + AccessTokenHelper.getInstance().getToken(AccessTokenHelper.WEIXIN), WeixinMessageHelper.msg2jsonstr(bd.getMessage()).getBytes("utf-8"), "application/json; charset=utf-8")); } break; } name = u.get("username"); } } } catch (Exception ex) { } } }
/** * 一卡通充值入口界面预处理 * * @return * @throws IOException */ @Action("ecardpre") public String prepaid() throws IOException { Object openid = getSession().get("openid"); if (!CommonUtil.isEmpty(openid)) { DBObject user = MongoUtil.getInstance() .getDB() .getCollection("Bindings") .findOne(new BasicDBObject("openid", openid)); binds = new TACOAuth2Model().fetchUserinfo(user); if (binds != null && binds.size() > 0) { for (Object b : binds) { if (b instanceof Map) { Map bm = (Map) b; String uid = String.valueOf(bm.get("user_id")); bm.put("unpaid", SWEcardModel.unpaid(uid)); } } } } if (binds == null) binds = new ArrayList(); return SUCCESS; }
@Action("wxlogindo") public String logindo() { // Cache cache= CacheManager.getInstance().getCache("WXStates"); // Element el=cache.get(state); if (!CommonUtil.isEmpty(code) && !CommonUtil.isEmpty(state) && state.equals(getSession().remove("wxstate"))) { redir = String.valueOf(getSession().remove("redir")); // cache.removeElement(el); Config conf = Config.getInstance(); // 获取微信的access_token String urlstr = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=" + conf.get("weixin.appid") + "&secret=" + conf.get("weixin.secret") + "&code=" + code + "&grant_type=authorization_code"; try { String ret = CommonUtil.getWebContent(urlstr).toString(); DBObject retobj = (DBObject) JSON.parse(ret); Object acctk = retobj.get("access_token"); if (!CommonUtil.isEmpty(acctk)) { // 更新Bindings库中的access_token DBCollection c = MongoUtil.getInstance().getDB().getCollection("Bindings"); Object openid = retobj.get("openid"); // 设置Session getSession().put("openid", openid); DBObject obj = c.findOne(new BasicDBObject("openid", openid)); if (CommonUtil.isEmpty(obj)) { obj = new BasicDBObject().append("openid", retobj.get("openid")); } obj.put("weixintoken", acctk); obj.put( "weixinexpired", System.currentTimeMillis() + 1000 * (int) retobj.get("expires_in")); obj.put("weixinscope", retobj.get("scope")); obj.put("wexinrefresh", retobj.get("refresh_token")); c.save(obj); /* * if(obj.get("binds")!=null &&obj.get("binds") instanceof * List) { List<BasicDBObject> ls=new * ArrayList<BasicDBObject>(); for(DBObject * ob:(List<DBObject>)obj.get("binds")) { * if(!CommonUtil.isEmpty(ob)){ BasicDBObject bdo=new * BasicDBObject(); bdo.put("uisid", ob.get("uisid")); * bdo.put("username",ob.get("username")); * bdo.put("usertype", ob.get("usertype")); ls.add(bdo); } } * getSession().put("binds", ls); } */ DBObject user = MongoUtil.getInstance() .getDB() .getCollection("weixinuser") .findOne(new BasicDBObject("openid", openid)); if (!CommonUtil.isEmpty(user)) getSession().put("nickname", user.get("nickname")); } else { log.error(ret); } } catch (Exception e) { log.error(e); } try { org.apache.struts2.ServletActionContext.getResponse().sendRedirect(redir); } catch (Exception e) { log.error(e); } } else { try { org.apache.struts2.ServletActionContext.getResponse() .getWriter() .write("Unreconginzed reqest!"); } catch (IOException e) { log.error(e); } } return NONE; }
@Action("msgpush") public String msgpush() throws Exception { BufferedReader r = ServletActionContext.getRequest().getReader(); String ret = null; StringBuffer sb = new StringBuffer(); String s; while ((s = r.readLine()) != null) { sb.append(s); } DBObject req = (DBObject) JSON.parse(sb.toString()); DBObject head = (DBObject) req.get("head"); timestamp = (long) head.get("timestamp"); clientid = String.valueOf(head.get("clientid")); userenc = String.valueOf(head.get("userenc")); String touser = String.valueOf(head.get("touser")); DB db = MongoUtil.getInstance().getDB(); if (checkTime(timestamp)) { if (checkenc(db, timestamp, clientid, userenc)) { if (checkmsgsum(req.get("data"), touser, userenc, String.valueOf(head.get("checksum")))) { Cache cache = CacheManager.getInstance().getCache("MsgCheck"); if (cache.get(head.get("checksum")) == null) { cache.put(new Element(head.get("checksum"), null)); DBObject user = db.getCollection("Bindings") .findOne( new BasicDBObject( "binds", new BasicDBObject("$elemMatch", new BasicDBObject("uisid", touser)))); if (!CommonUtil.isEmpty(user) && !CommonUtil.isEmpty(user.get("openid"))) { // template白名单 if (Config.getInstance() .get("push.whitelist") .indexOf(head.get("template").toString()) >= 0 || db.getCollection("Books") .findOne( new BasicDBObject("openid", user.get("openid")) .append("item", head.get("template")) .append("book", true)) != null) { String cret = TemplateMessage.send( String.valueOf(head.get("template")), String.valueOf(user.get("openid")), (DBObject) req.get("data")); if (cret != null && cret.startsWith("{")) { DBObject retobj = (DBObject) JSON.parse(cret); retobj.put("touser", touser); retobj.put("timestamp", timestamp); retobj.put("clientid", clientid); db.getCollection("Pushmsgs").save(retobj); ret = cret; } else errormsg = cret; } else { errormsg = "Message not booked"; } } else { errormsg = "Touser not binded"; } } else { errormsg = "Same message is sent too frequently"; } } else { errormsg = "Message checksum error"; } } else { errormsg = "User not authorized"; } } else errormsg = "Timestamp outof range"; HttpServletResponse resp = ServletActionContext.getResponse(); resp.setCharacterEncoding("utf-8"); resp.setContentType("application/json"); if (!CommonUtil.isEmpty(ret)) resp.getWriter().print(ret); else resp.getWriter().write("{\"errcode\":50000,\"errmsg\":\"" + errormsg + "\"}"); return NONE; }