转自:https://blog.csdn.net/qq_41305266/article/details/81174782
一、隐藏秒杀地址
思路:秒杀开始前,先去请求接口获取秒杀地址
1.接口改造,带上PathVariable参数
2.添加生成地址的接口
3.秒杀收到请求,先验证PathVariable
二、数学公式验证码
1.添加生产验证码接口
2.在获取秒杀路径的时候,验证验证码
3.ScriptEngine使用
package com.wings.seckill.controller;
import java.awt.image.BufferedImage;
import java.io.OutputStream;
import java.util.HashMap;
import java.util.List;
import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import com.wings.seckill.access.AccessLimit;
import com.wings.seckill.domain.SeckillOrder;
import com.wings.seckill.domain.SeckillUser;
import com.wings.seckill.rabbitmq.MQSender;
import com.wings.seckill.rabbitmq.SeckillMessage;
import com.wings.seckill.redis.GoodsKey;
import com.wings.seckill.redis.OrderKey;
import com.wings.seckill.redis.RedisService;
import com.wings.seckill.redis.SeckillKey;
import com.wings.seckill.result.CodeMsg;
import com.wings.seckill.result.Result;
import com.wings.seckill.service.GoodsService;
import com.wings.seckill.service.OrderService;
import com.wings.seckill.service.SeckillService;
import com.wings.seckill.service.SeckillUserService;
import com.wings.seckill.vo.GoodsVo;
@Controller
@RequestMapping("/seckill")
public class SeckillController implements InitializingBean {
@Autowired
SeckillUserService userService;
@Autowired
RedisService redisService;
@Autowired
GoodsService goodsService;
@Autowired
OrderService orderService;
@Autowired
SeckillService seckillService;
@Autowired
MQSender sender;
private HashMap
@Override
public void afterPropertiesSet() throws Exception {
List
if (goodsList == null) {
return;
}
for (GoodsVo goods : goodsList) {
redisService.set(GoodsKey.getSeckillGoodsStock, "" + goods.getId(), goods.getStockCount());
localOverMap.put(goods.getId(), false);
}
}
@RequestMapping(value = "/{path}/do_seckill", method = RequestMethod.POST)
@ResponseBody
public Result
@PathVariable("path") String path) {
model.addAttribute("user", user);
if (user == null) {
return Result.error(CodeMsg.SESSION_ERROR);
}
// 验证path
boolean check = seckillService.checkPath(user, goodsId, path);
if (!check) {
return Result.error(CodeMsg.REQUEST_ILLEGAL);
}
// 内存标记,减少redis访问
boolean over = localOverMap.get(goodsId);
if (over) {
return Result.error(CodeMsg.SECKill_OVER);
}
// 预减库存
long stock = redisService.decr(GoodsKey.getSeckillGoodsStock, "" + goodsId);
if (stock <0) {
localOverMap.put(goodsId, true);
return Result.error(CodeMsg.SECKill_OVER);
}
// 判断是否已经秒杀到了
SeckillOrder order = orderService.getSeckillOrderByUserIdGoodsId(user.getId(), goodsId);
if (order != null) {
return Result.error(CodeMsg.REPEATE_SECKILL);
}
// 入队
SeckillMessage mm = new SeckillMessage();
mm.setUser(user);
mm.setGoodsId(goodsId);
sender.sendSeckillMessage(mm);
return Result.success(0);// 排队中
}
@RequestMapping(value = "/reset", method = RequestMethod.GET)
@ResponseBody
public Result
List
for (GoodsVo goods : goodsList) {
goods.setStockCount(10);
redisService.set(GoodsKey.getSeckillGoodsStock, "" + goods.getId(), 10);
localOverMap.put(goods.getId(), false);
}
redisService.delete(OrderKey.getSeckillOrderByUidGid);
redisService.delete(SeckillKey.isGoodsOver);
seckillService.reset(goodsList);
return Result.success(true);
}
/**
* orderId:成功 -1:秒杀失败 0: 排队中
*/
@RequestMapping(value = "/result", method = RequestMethod.GET)
@ResponseBody
public Result
model.addAttribute("user", user);
if (user == null) {
return Result.error(CodeMsg.SESSION_ERROR);
}
long result = seckillService.getSeckillResult(user.getId(), goodsId);
return Result.success(result);
}
@AccessLimit(secOnds= 5, maxCount = 5, needLogin = true)
@RequestMapping(value = "/path", method = RequestMethod.GET)
@ResponseBody
public Result
@RequestParam("goodsId") long goodsId,
@RequestParam(value = "verifyCode", defaultValue = "0") int verifyCode) {
if (user == null) {
return Result.error(CodeMsg.SESSION_ERROR);
}
boolean check = seckillService.checkVerifyCode(user, goodsId, verifyCode);
if (!check) {
return Result.error(CodeMsg.REQUEST_ILLEGAL);
}
String path = seckillService.createSeckillPath(user, goodsId);
return Result.success(path);
}
@RequestMapping(value = "/verifyCode", method = RequestMethod.GET)
@ResponseBody
public Result
@RequestParam("goodsId") long goodsId) {
if (user == null) {
return Result.error(CodeMsg.SESSION_ERROR);
}
try {
BufferedImage image = seckillService.createVerifyCode(user, goodsId);
OutputStream out = response.getOutputStream();
ImageIO.write(image, "JPEG", out);
out.flush();
out.close();
return null;
} catch (Exception e) {
e.printStackTrace();
return Result.error(CodeMsg.SECKILL_FAIL);
}
}
}
package com.wings.seckill.service;
import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.util.List;
import java.util.Random;
import javax.script.ScriptEngine;
import javax.script.ScriptEngineManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.wings.seckill.domain.OrderInfo;
import com.wings.seckill.domain.SeckillOrder;
import com.wings.seckill.domain.SeckillUser;
import com.wings.seckill.redis.RedisService;
import com.wings.seckill.redis.SeckillKey;
import com.wings.seckill.util.Md5Util;
import com.wings.seckill.util.UUIDUtil;
import com.wings.seckill.vo.GoodsVo;
@Service
public class SeckillService {
@Autowired
GoodsService goodsService;
@Autowired
OrderService orderService;
@Autowired
RedisService redisService;
@Transactional
public OrderInfo seckill(SeckillUser user, GoodsVo goods) {
// 减库存 下订单 写入秒杀订单
boolean success = goodsService.reduceStock(goods);
if (success) {
// order_info maiosha_order
return orderService.createOrder(user, goods);
} else {
setGoodsOver(goods.getId());
return null;
}
}
public long getSeckillResult(Long userId, long goodsId) {
SeckillOrder order = orderService.getSeckillOrderByUserIdGoodsId(userId, goodsId);
if (order != null) {// 秒杀成功
return order.getOrderId();
} else {
boolean isOver = getGoodsOver(goodsId);
if (isOver) {
return -1;
} else {
return 0;
}
}
}
private void setGoodsOver(Long goodsId) {
redisService.set(SeckillKey.isGoodsOver, "" + goodsId, true);
}
private boolean getGoodsOver(long goodsId) {
return redisService.exists(SeckillKey.isGoodsOver, "" + goodsId);
}
public void reset(List
goodsService.resetStock(goodsList);
orderService.deleteOrders();
}
public boolean checkPath(SeckillUser user, long goodsId, String path) {
if (user == null || path == null) {
return false;
}
String pathOld = redisService.get(SeckillKey.getSeckillPath, "" + user.getId() + "_" + goodsId, String.class);
return path.equals(pathOld);
}
public String createSeckillPath(SeckillUser user, long goodsId) {
if (user == null || goodsId <= 0) {
return null;
}
String str = Md5Util.md5(UUIDUtil.uuid() + "123456");
redisService.set(SeckillKey.getSeckillPath, "" + user.getId() + "_" + goodsId, str);
return str;
}
public BufferedImage createVerifyCode(SeckillUser user, long goodsId) {
if (user == null || goodsId <= 0) {
return null;
}
int width = 80;
int height = 32;
// create the image
BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
Graphics g = image.getGraphics();
// set the background color
g.setColor(new Color(0xDCDCDC));
g.fillRect(0, 0, width, height);
// draw the border
g.setColor(Color.black);
g.drawRect(0, 0, width - 1, height - 1);
// create a random instance to generate the codes
Random rdm = new Random();
// make some confusion
for (int i = 0; i <50; i++) {
int x = rdm.nextInt(width);
int y = rdm.nextInt(height);
g.drawOval(x, y, 0, 0);
}
// generate a random code
String verifyCode = generateVerifyCode(rdm);
g.setColor(new Color(0, 100, 0));
g.setFont(new Font("Candara", Font.BOLD, 24));
g.drawString(verifyCode, 8, 24);
g.dispose();
// 把验证码存到redis中
int rnd = calc(verifyCode);
redisService.set(SeckillKey.getSeckillVerifyCode, user.getId() + "," + goodsId, rnd);
// 输出图片
return image;
}
public boolean checkVerifyCode(SeckillUser user, long goodsId, int verifyCode) {
if (user == null || goodsId <= 0) {
return false;
}
Integer codeOld = redisService.get(SeckillKey.getSeckillVerifyCode, user.getId() + "," + goodsId,
Integer.class);
if (codeOld == null || codeOld - verifyCode != 0) {
return false;
}
redisService.delete(SeckillKey.getSeckillVerifyCode, user.getId() + "," + goodsId);
return true;
}
private static int calc(String exp) {
try {
ScriptEngineManager manager = new ScriptEngineManager();
ScriptEngine engine = manager.getEngineByName("Javascript");
return (Integer) engine.eval(exp);
} catch (Exception e) {
e.printStackTrace();
return 0;
}
}
private static char[] ops = new char[] { ‘+‘, ‘-‘, ‘*‘ };
/**
* + - *
*/
private String generateVerifyCode(Random rdm) {
int num1 = rdm.nextInt(10);
int num2 = rdm.nextInt(10);
int num3 = rdm.nextInt(10);
char op1 = ops[rdm.nextInt(3)];
char op2 = ops[rdm.nextInt(3)];
String exp = "" + num1 + op1 + num2 + op2 + num3;
return exp;
}
}
秒杀商品详情
您还没有登录,请登陆后再操作
没有收货地址的提示。。。
商品名称
商品图片
秒杀开始时间
商品原价
秒杀价
库存数量
三、接口防刷
思路:对接口做限流
1.可以用拦截器减少对业务侵入
package com.wings.seckill.access;
import com.wings.seckill.domain.SeckillUser;
public class UserContext {
private static ThreadLocal
public static void setUser(SeckillUser user) {
userHolder.set(user);
}
public static SeckillUser getUser() {
return userHolder.get();
}
}
package com.wings.seckill.access;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
@Retention(RUNTIME)
@Target(METHOD)
public @interface AccessLimit {
int seconds();
int maxCount();
boolean needLogin() default true;
}
package com.wings.seckill.access;
import java.io.OutputStream;
import javax.servlet.http.COOKIE;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import com.alibaba.fastjson.JSON;
import com.wings.seckill.domain.SeckillUser;
import com.wings.seckill.redis.AccessKey;
import com.wings.seckill.redis.RedisService;
import com.wings.seckill.result.CodeMsg;
import com.wings.seckill.result.Result;
import com.wings.seckill.service.SeckillUserService;
@Service
public class AccessInterceptor extends HandlerInterceptorAdapter{
@Autowired
SeckillUserService userService;
@Autowired
RedisService redisService;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
throws Exception {
if(handler instanceof HandlerMethod) {
SeckillUser user = getUser(request, response);
UserContext.setUser(user);
HandlerMethod hm = (HandlerMethod)handler;
AccessLimit accessLimit = hm.getMethodAnnotation(AccessLimit.class);
if(accessLimit == null) {
return true;
}
int secOnds= accessLimit.seconds();
int maxCount = accessLimit.maxCount();
boolean needLogin = accessLimit.needLogin();
String key = request.getRequestURI();
if(needLogin) {
if(user == null) {
render(response, CodeMsg.SESSION_ERROR);
return false;
}
key += "_" + user.getId();
}else {
//do nothing
}
AccessKey ak = AccessKey.withExpire(seconds);
Integer count = redisService.get(ak, key, Integer.class);
if(count == null) {
redisService.set(ak, key, 1);
}else if(count
}else {
render(response, CodeMsg.ACCESS_LIMIT_REACHED);
return false;
}
}
return true;
}
private void render(HttpServletResponse response, CodeMsg cm)throws Exception {
response.setContentType("application/json;charset=UTF-8");
OutputStream out = response.getOutputStream();
String str = JSON.toJSONString(Result.error(cm));
out.write(str.getBytes("UTF-8"));
out.flush();
out.close();
}
private SeckillUser getUser(HttpServletRequest request, HttpServletResponse response) {
String paramToken = request.getParameter(SeckillUserService.COOKIE_TOKEN_NAME);
String COOKIEToken = getCOOKIEValue(request, SeckillUserService.COOKIE_TOKEN_NAME);
if(StringUtils.isEmpty(COOKIEToken) && StringUtils.isEmpty(paramToken)) {
return null;
}
String token = StringUtils.isEmpty(paramToken)?COOKIEToken:paramToken;
return userService.getByToken( token, response);
}
private String getCOOKIEValue(HttpServletRequest request, String cookiName) {
COOKIE[] COOKIEs = request.getCOOKIEs();
if(COOKIEs == null || COOKIEs.length <= 0){
return null;
}
for(COOKIE COOKIE : COOKIEs) {
if(COOKIE.getName().equals(cookiName)) {
return COOKIE.getValue();
}
}
return null;
}
}
package com.wings.seckill.config;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import com.wings.seckill.access.AccessInterceptor;
@Configuration
public class WebConfig extends WebMvcConfigurerAdapter {
@Autowired
private UserArgumentResolver userArgumentResolver;
@Autowired
AccessInterceptor accessInterceptor;
@Override
public void addArgumentResolvers(List
argumentResolvers.add(userArgumentResolver);
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(accessInterceptor);
}
}
---------------------
作者:插上小翅膀的程序猿Wings
来源:CSDN
原文:https://blog.csdn.net/qq_41305266/article/details/81174782
版权声明:本文为博主原创文章,转载请附上博文链接!
Java秒杀实战 (七)安全优化
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有 