Merge branch 'hotfix-20181219' into test6.8.4

+package com.yohoufo.common.interceptor;
+
+import com.yohoufo.common.annotation.InnerApi;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.lang.reflect.Method;
+import java.net.InetAddress;
+
+/**
+ * 内网IP   接口访问控制
+ * 主要实现: 打上 注解 @InnerApi 的接口 需要校验是否是内网ip
+ */
+public class InnerApiInterceptor implements HandlerInterceptor {
+
+    private final Logger logger = LoggerFactory.getLogger(InnerApiInterceptor.class);
+
+    //是否启用
+    private boolean enableDebug = false;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        if (isEnableDebug() && "XYZ".equals(request.getParameter("debug"))) {
+            return true;
+        }
+        // 不是内部接口
+        if (!hasInnerApiAnnotation(handler)) {
+            return true;
+        }
+        String ip = getRemoteIP(request);
+        try {
+            // 判断是否是内网IP
+            String[] ipArr = ip.split(",");
+            InetAddress inetAddress = InetAddress.getByName(ipArr[ipArr.length - 1].trim());
+            if (inetAddress.isSiteLocalAddress()) {
+                // 是内网IP
+                return true;
+            } else {
+                // 不是内网接口拒绝访问
+                logger.info("handler inner api interceptor, {} can not run inner api.", ip);
+                return false;
+            }
+        } catch (Exception e) {
+            // 判断是否内网IP异常
+            logger.warn("handler inner api interceptor fail, decide {} is site local address", ip, e);
+            return true;
+        }
+    }
+
+    private boolean hasInnerApiAnnotation(Object handler) {
+        try {
+            if (handler.getClass().isAssignableFrom(HandlerMethod.class)) {
+                HandlerMethod handlerMethod = (HandlerMethod) handler;
+                Method bridgedMethod = handlerMethod.getMethod();
+                return bridgedMethod.isAnnotationPresent(InnerApi.class);
+            } else {
+                return false;
+            }
+        } catch (Exception e) {
+            // 判断是否存在InnerApi annotation 异常
+            logger.warn("handler inner api interceptor fail, find inner api annotation", e);
+            return false;
+        }
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+
+    }
+
+    /**
+     * 获取用户IP
+     *
+     * @param httpServletRequest 1） x-forwarded-for     2）.getRemoteAddr();     --->  , 最后一个IP
+     * @return 用户IP
+     */
+    private String getRemoteIP(final HttpServletRequest httpServletRequest) {
+        String ip = httpServletRequest.getHeader("X-Forwarded-For");
+        if (StringUtils.isEmpty(ip)) {
+            ip = httpServletRequest.getRemoteAddr();
+        }
+        return ip;
+    }
+
+    public boolean isEnableDebug() {
+        return enableDebug;
+    }
+
+    public void setEnableDebug(boolean enableDebug) {
+        this.enableDebug = enableDebug;
+    }
+}

@@ -45,6 +45,9 @@
 		</property>
 	</bean>
 	<bean id="localIpInterceptor" class="com.yohoufo.common.interceptor.RemoteIPInterceptor" />
+	<bean id="innerApiInterceptor" class="com.yohoufo.common.interceptor.InnerApiInterceptor">
+		<property name="enableDebug" value="${is_debug_enable:false}" />
+	</bean>
 	<!-- end -->
 
 	<bean id="redisGwCacheClient" class="com.yohoufo.common.cache.RedisGwCacheClient">

@@ -4,6 +4,7 @@ import com.yoho.tools.docs.ApiOperation;
 import com.yohoufo.common.ApiResponse;
 import com.yohoufo.common.annotation.IgnoreSession;
 import com.yohoufo.common.annotation.IgnoreSignature;
+import com.yohoufo.common.annotation.InnerApi;
 import com.yohoufo.resource.service.IConfigTypeService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -59,6 +60,7 @@ public class ConfigTypeController {
 	@ResponseBody
 	@IgnoreSession
 	@IgnoreSignature
+	@InnerApi
 	public ApiResponse updateConfigTypeContent(@RequestParam(name = "code") String code,
 									 @RequestParam(name = "content") String content) {
 		int rows = configTypeService.updateContentByCode(code, content);

@@ -106,6 +106,7 @@
 		<ref bean="localIpInterceptor" />
 		<ref bean="securityInterceptor" />
 		<ref bean="signatureVerifyInterceptor" />
+		<ref bean="innerApiInterceptor" />
 	</mvc:interceptors>
 
 </beans>
\ No newline at end of file