注释了用于检查请求头的代码，更改了登录banIP的响应文本，略微优化了获取IP方法的结构

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/interceptor/CorsInterceptor.java

@@ -24,13 +24,13 @@ public class CorsInterceptor implements HandlerInterceptor {
         response.setHeader("Access-Control-Allow-Headers", "Content-Type,Token");
         response.setHeader("Access-Control-Allow-Credentials", "false");
 
-        //test
+        //test: print request headers
-        Enumeration<String> headerNames = request.getHeaderNames();
+        /*Enumeration<String> headerNames = request.getHeaderNames();
         Iterator<String> nameIter = headerNames.asIterator();
         while (nameIter.hasNext()) {
             String name = nameIter.next();
             System.out.printf("%s: %s%n", name, request.getHeader(name));
-        }
+        }*/
 
         // 如果是OPTIONS则结束请求
         if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/service/impl/StaffServiceImpl.java

@@ -53,7 +53,7 @@ public class StaffServiceImpl extends ServiceImpl<StaffMapper, Staff> implements
         int loginCount = (int) redisTemplate.opsForValue().get(requestIpAddressHex);
 
         if (loginCount >= LOGIN_MAX_TRY_COUNT) {
-            throw new ForbiddenException(String.format("还需要等待%s才能登录"
+            throw new ForbiddenException(String.format("还需要等待%s才能继续尝试登录"
                     , TimeUtils.secondsFormat(redisTemplate.getExpire(requestIpAddressHex))));
         }
 
@@ -91,6 +91,9 @@ public class StaffServiceImpl extends ServiceImpl<StaffMapper, Staff> implements
 
     private BadRequestException loginException(String requestIpAddress, int loginCount) {
         redisTemplate.opsForValue().set(requestIpAddress, ++loginCount, LOGIN_TRY_COUNT_TIMEOUT, TimeUnit.MINUTES);
+        if (loginCount == LOGIN_MAX_TRY_COUNT) {
+            return new BadRequestException(String.format("登录失败，您需要等待%d分钟后才能继续尝试登录", LOGIN_TRY_COUNT_TIMEOUT));
+        }
         return new BadRequestException(String.format("登录失败，%d分钟内还有%d次登录机会", LOGIN_TRY_COUNT_TIMEOUT, LOGIN_MAX_TRY_COUNT - loginCount));
     }
 

src/main/java/cn/edu/hfut/rmdjzz/projectmanagement/utils/http/HttpUtils.java

@@ -10,16 +10,19 @@ import java.net.UnknownHostException;
  */
 public class HttpUtils {
     public static String getRequestIpAddress(HttpServletRequest request) {
-        String ipAddress = null;
+        String ipAddress;
         try {
             ipAddress = request.getHeader("x-forwarded-for");
-            if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
+            if (ipAddressAvailable(ipAddress)) {
+                ipAddress = request.getHeader("x-real-ip");
+            }
+            if (ipAddressAvailable(ipAddress)) {
                 ipAddress = request.getHeader("Proxy-Client-IP");
             }
-            if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
+            if (ipAddressAvailable(ipAddress)) {
                 ipAddress = request.getHeader("WL-Proxy-Client-IP");
             }
-            if (ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress)) {
+            if (ipAddressAvailable(ipAddress)) {
                 ipAddress = request.getRemoteAddr();
                 if (ipAddress.equals("127.0.0.1")) {
                     // 根据网卡取本机配置的IP
@@ -45,4 +48,8 @@ public class HttpUtils {
         // ipAddress = this.getRequest().getRemoteAddr();
         return ipAddress;
     }
+
+    private static boolean ipAddressAvailable(String ipAddress) {
+        return ipAddress == null || ipAddress.length() == 0 || "unknown".equalsIgnoreCase(ipAddress);
+    }
 }