From 468fa9018486fdebd59b0d22823eb5ea01747a5d Mon Sep 17 00:00:00 2001
From: ArgonarioD <arnordorian@sina.com>
Date: Wed, 13 Jul 2022 01:16:01 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B3=A8=E9=87=8A=E4=BA=86=E7=94=A8=E4=BA=8E?=
 =?UTF-8?q?=E6=A3=80=E6=9F=A5=E8=AF=B7=E6=B1=82=E5=A4=B4=E7=9A=84=E4=BB=A3?=
 =?UTF-8?q?=E7=A0=81=EF=BC=8C=E6=9B=B4=E6=94=B9=E4=BA=86=E7=99=BB=E5=BD=95?=
 =?UTF-8?q?banIP=E7=9A=84=E5=93=8D=E5=BA=94=E6=96=87=E6=9C=AC=EF=BC=8C?=
 =?UTF-8?q?=E7=95=A5=E5=BE=AE=E4=BC=98=E5=8C=96=E4=BA=86=E8=8E=B7=E5=8F=96?=
 =?UTF-8?q?IP=E6=96=B9=E6=B3=95=E7=9A=84=E7=BB=93=E6=9E=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../interceptor/CorsInterceptor.java              |  6 +++---
 .../service/impl/StaffServiceImpl.java            |  5 ++++-
 .../projectmanagement/utils/http/HttpUtils.java   | 15 +++++++++++----
 3 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java
index 9bab5b6..2e2a95b 100644
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java
@@ -24,13 +24,13 @@ public class CorsInterceptor implements HandlerInterceptor {
         response.setHeader("Access-Control-Allow-Headers", "Content-Type,Token");
         response.setHeader("Access-Control-Allow-Credentials", "false");
 
-        //test
-        Enumeration<String> headerNames = request.getHeaderNames();
+        //test: print request headers
+        /*Enumeration<String> headerNames = request.getHeaderNames();
         Iterator<String> nameIter = headerNames.asIterator();
         while (nameIter.hasNext()) {
             String name = nameIter.next();
             System.out.printf("%s: %s%n", name, request.getHeader(name));
-        }
+        }*/
 
         // 如果是OPTIONS则结束请求
         if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java
index ff128d9..0927cf8 100644
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java
@@ -53,7 +53,7 @@ public class StaffServiceImpl extends ServiceImpl<StaffMapper, Staff> implements
         int loginCount = (int) redisTemplate.opsForValue().get(requestIpAddressHex);
 
         if (loginCount >= LOGIN_MAX_TRY_COUNT) {
-            throw new ForbiddenException(String.format("还需要等待%s才能登录"
+            throw new ForbiddenException(String.format("还需要等待%s才能继续尝试登录"
                     , TimeUtils.secondsFormat(redisTemplate.getExpire(requestIpAddressHex))));
         }
 
@@ -91,6 +91,9 @@ public class StaffServiceImpl extends ServiceImpl<StaffMapper, Staff> implements
 
     private BadRequestException loginException(String requestIpAddress, int loginCount) {
         redisTemplate.opsForValue().set(requestIpAddress, ++loginCount, LOGIN_TRY_COUNT_TIMEOUT, TimeUnit.MINUTES);
+        if (loginCount == LOGIN_MAX_TRY_COUNT) {
+            return new BadRequestException(String.format("登录失败，您需要等待%d分钟后才能继续尝试登录", LOGIN_TRY_COUNT_TIMEOUT));
+        }
         return new BadRequestException(String.format("登录失败，%d分钟内还有%d次登录机会", LOGIN_TRY_COUNT_TIMEOUT, LOGIN_MAX_TRY_COUNT - loginCount));
     }
 
diff --git a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/http/HttpUtils.java b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/http/HttpUtils.java
index da75e61..e86184a 100644
--- a/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/http/HttpUtils.java
+++ b/src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/http/HttpUtils.java
@@ -10,16 +10,19 @@ import java.net.UnknownHostException;
  */
 public class HttpUtils {
     public static String getRequestIpAddress(HttpServletRequest request) {
-        String ipAddress = null;
+        String ipAddress;
         try {
             ipAddress = request.getHeader("x-forwarded-for");
-            if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
+            if (ipAddressAvailable(ipAddress)) {
+                ipAddress = request.getHeader("x-real-ip");
+            }
+            if (ipAddressAvailable(ipAddress)) {
                 ipAddress = request.getHeader("Proxy-Client-IP");
             }
-            if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
+            if (ipAddressAvailable(ipAddress)) {
                 ipAddress = request.getHeader("WL-Proxy-Client-IP");
             }
-            if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
+            if (ipAddressAvailable(ipAddress)) {
                 ipAddress = request.getRemoteAddr();
                 if (ipAddress.equals("127.0.0.1")) {
                     // 根据网卡取本机配置的IP
@@ -45,4 +48,8 @@ public class HttpUtils {
         // ipAddress = this.getRequest().getRemoteAddr();
         return ipAddress;
     }
+
+    private static boolean ipAddressAvailable(String ipAddress) {
+        return ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress);
+    }
 }