fix(customer): bad comment interceptor

Author: HackyleShawe

blog-common/src/main/java/com/hackyle/blog/common/constant/CacheKeyConstants.java

@@ -1,19 +1,27 @@
 package com.hackyle.blog.customer.handler;
 
+import com.hackyle.blog.common.domain.ApiResponse;
+import com.hackyle.blog.common.exception.BizException;
 import com.hackyle.blog.common.exception.Page404Exception;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.annotation.Order;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.servlet.ModelAndView;
 
 import javax.servlet.http.HttpServletRequest;
 
 /**
  * 全局异常处理器
- * ControllerAdvice表示这是一个控制器增强类，当控制器发生异常且符合类中定义的拦截异常类，将会被拦截。
+ * ControllerAdvice、RestControllerAdvice表示这是一个控制器增强类，当控制器发生异常且符合类中定义的拦截异常类，将会被拦截。
  * 在捕获异常时是按照异常方法的顺序依次捕获(类似于catch关键字后的捕获顺序)，所以需要将顶级的异常放在最后
- * 注意：各个异常处理方法要同名，采取重载的形式
+ * 注意：
+ * RestControllerAdvice修饰的类，并不一定捕获@RestController修饰的controller类抛出的异常
+ * ControllerAdvice修饰的类，并不一定捕获@Controller修饰的controller类抛出的异常。
  *
  * 需要跳转到页面的异常
  * Page404Exception：跳转到404页面
@@ -28,8 +36,18 @@
  * Exception、Error：500
  */
 @ControllerAdvice
+@RestControllerAdvice
 @Slf4j
 public class GlobalExceptionHandler {
+
+    //@ResponseStatus(HttpStatus.UNPROCESSABLE_ENTITY)
+    @ResponseBody
+    @ExceptionHandler(BizException.class)
+    public ApiResponse<Exception> bizExceptionHandler(HttpServletRequest request, BizException exception) {
+        log.error("出现BizException异常：", exception);
+        return ApiResponse.fail(HttpStatus.UNPROCESSABLE_ENTITY.value(), exception.getMessage());
+    }
+
     //@ResponseStatus(HttpStatus.NOT_FOUND)
     @ExceptionHandler(value = Page404Exception.class)
     public ModelAndView page404ExceptionHandler(HttpServletRequest request, Page404Exception exception) {

blog-customer/src/main/java/com/hackyle/blog/customer/handler/GlobalExceptionHandler.java

@@ -0,0 +1,10 @@
+package com.hackyle.blog.customer.infrastructure.redis;
+
+/**
+ * 定义本模块下所有的缓存key前缀
+ */
+public class CacheKey {
+    //统一前缀：blog customer
+    public static final String PREFIX = "bc:";
+
+}

blog-customer/src/main/java/com/hackyle/blog/customer/infrastructure/redis/CacheKey.java

@@ -7,6 +7,7 @@
 import com.hackyle.blog.customer.module.article.service.CommentService;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -27,7 +28,7 @@ public class CommentController {
      * 新增文章评论
      */
     @PostMapping
-    public ApiResponse<String> add(CommentAddDto commentAddDto, HttpServletRequest request) {
+    public ApiResponse<String> add(@Validated CommentAddDto commentAddDto, HttpServletRequest request) {
         log.info("新增文章评论-Controller层入参-commentAddDto={}", JSON.toJSONString(commentAddDto));
 
         boolean commented = commentService.add(commentAddDto);

blog-customer/src/main/java/com/hackyle/blog/customer/module/article/controller/CommentController.java

@@ -5,8 +5,10 @@
 import com.hackyle.blog.common.enums.DeletedEnum;
 import com.hackyle.blog.common.enums.StatusEnum;
 import com.hackyle.blog.common.exception.BizException;
+import com.hackyle.blog.common.ip.IpUtils;
 import com.hackyle.blog.common.util.BeanCopyUtils;
 import com.hackyle.blog.common.util.SnowFlakeIdUtils;
+import com.hackyle.blog.customer.infrastructure.redis.CacheKey;
 import com.hackyle.blog.customer.module.article.mapper.ArticleMapper;
 import com.hackyle.blog.customer.module.article.mapper.CommentMapper;
 import com.hackyle.blog.customer.module.article.model.dto.CommentAddDto;
@@ -15,6 +17,7 @@
 import com.hackyle.blog.customer.module.article.model.vo.CommentVo;
 import com.hackyle.blog.customer.module.article.service.CommentService;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.ValueOperations;
 import org.springframework.stereotype.Service;
@@ -25,6 +28,7 @@
 import java.util.Comparator;
 import java.util.List;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;
 import java.util.stream.Collectors;
 
 @Slf4j
@@ -41,10 +45,8 @@ public class CommentServiceImpl extends ServiceImpl<CommentMapper, CommentEntity
 
     @Override
     public boolean add(CommentAddDto addDto) {
-        //恶意提交判定：对某一IP，6小时内对某target限制提交3次，对某父评论限制提交5次
-        //if(badRequest(request, commentAddDto)) {
-        //    return ApiResponse.fail(ResponseEnum.FRONT_END_ERROR.getCode(), ResponseEnum.FRONT_END_ERROR.getMessage(), "恶意请求，请稍后重试！");
-        //}
+        //恶意提交判定
+        badRequestCheck(addDto);
 
         //检查被评论的文章是否存在
         ArticleEntity articleEntity = articleMapper.selectById(addDto.getArticleId());
@@ -71,6 +73,40 @@ public boolean add(CommentAddDto addDto) {
         return true;
     }
 
+
+    private void badRequestCheck(CommentAddDto commentAddDto) {
+        String publicIp = IpUtils.getPublicIp(); //注意，这里可能获取到的ip是unknown
+        //5小时内对某article限制提交5次
+        String articleIpKey = CacheKey.PREFIX + commentAddDto.getArticleId() + ":" +publicIp;
+        String articleIpVal = valueOperations.get(articleIpKey);
+        if(StringUtils.isBlank(articleIpVal)) {
+            valueOperations.set(articleIpKey, "1", 5, TimeUnit.HOURS);
+        } else {
+            int articleIpInt = Integer.parseInt(articleIpVal);
+            if(articleIpInt > 5) {
+                log.info("对文章的恶意评论-articleIpKey={},articleIpVal={}", articleIpKey, articleIpVal);
+                throw new BizException("您对该文章的评论过于频繁，请稍后再试！");
+            }
+            valueOperations.increment(articleIpKey, 1);
+        }
+
+        //5小时内对某父评论限制提交5次
+        if(commentAddDto.getPid() != null) {
+            String pidIpKey = CacheKey.PREFIX + commentAddDto.getPid() + ":" +publicIp;
+            String pidIpVal = valueOperations.get(pidIpKey);
+            if(StringUtils.isBlank(pidIpVal)) {
+                valueOperations.set(pidIpKey, "1", 5, TimeUnit.HOURS);
+            } else {
+                int reqValInt = Integer.parseInt(pidIpVal);
+                if(reqValInt > 5) {
+                    log.info("对父评论的恶意评论-pidIpKey={},pidIpVal={}", pidIpKey, pidIpVal);
+                    throw new BizException("您对该评论的评论过于频繁，请稍后再试！");
+                }
+                valueOperations.increment(pidIpKey, 1);
+            }
+        }
+    }
+
     /**
      * 获取文章的顶级评论
      * @param articleId 文章id

blog-customer/src/main/java/com/hackyle/blog/customer/module/article/service/impl/CommentServiceImpl.java

@@ -116,7 +116,7 @@ function postComment(name, email, link, content, rootId, pid) {
       tinyMCE.get('commentTextarea').setContent('');
       alert("提交成功，请等待管理员审核通过后呈现！")
     } else {
-      alert("提交失败，请重试！")
+      alert(resp.msg)
     }
   }, 'json')
 }