WebSVN – SmartDukaan – Diff – /trunk/profitmandi-web/src/main/java/com/spice/profitmandi/web/interceptor/PostInterceptor.java

 package com.spice.profitmandi.web.interceptor;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import com.spice.profitmandi.web.filter.RequestCachingFilter;
-import org.apache.logging.log4j.Logger;
 import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.cache.Cache;
-import org.springframework.cache.CacheManager;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
-import com.spice.profitmandi.common.exception.ProfitMandiBusinessException;
+import javax.servlet.http.HttpServletRequest;
-import com.spice.profitmandi.common.model.UserInfo;
+import javax.servlet.http.HttpServletResponse;
-import com.spice.profitmandi.service.authentication.JWTUtil;
+import java.security.MessageDigest;
-import com.spice.profitmandi.common.web.util.ResponseSender;
+import java.util.concurrent.TimeUnit;
 @Component
 public class PostInterceptor implements HandlerInterceptor {
     private static final Logger LOGGER = LogManager.getLogger(PostInterceptor.class);
+    private static final String IDEM_PREFIX = "idem:";
+    private static final long IDEM_TTL_SECONDS = 300;
+    private static final String REQUEST_ATTR_IDEM_KEY = "postInterceptor.idemKey";
     @Autowired
-    private ResponseSender<?> responseSender;
+    private RedisTemplate<String, Object> redisTemplate;
-    @Autowired
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-    private CacheManager timeoutCacheManager;
+        String idempotencyHeader = request.getHeader("IdempotencyKey");
+        boolean isPost = "POST".equalsIgnoreCase(request.getMethod());
+        if (!isPost && (idempotencyHeader == null || idempotencyHeader.isEmpty())) {
-    @Autowired
+            return true;
-    JWTUtil jwtUtil;
+        }
+        String idemKey = buildIdempotencyKey(request, idempotencyHeader);
+        if (idemKey == null) {
+            return true;
-    @Override
+        }
+        String redisKey = IDEM_PREFIX + idemKey;
+        Boolean claimed = redisTemplate.opsForValue()
-    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object arg2, Exception arg3)
+                .setIfAbsent(redisKey, "pending", IDEM_TTL_SECONDS, TimeUnit.SECONDS);
+        if (Boolean.TRUE.equals(claimed)) {
+            request.setAttribute(REQUEST_ATTR_IDEM_KEY, idemKey);
-            throws Exception {
+            return true;
+        }
+        LOGGER.info("Duplicate request detected: idemKey={}, uri={}", idemKey, request.getRequestURI());
+        response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+        response.getWriter().write("Duplicate request.");
+        return false;
+    }
     @Override
-    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object arg2, ModelAndView arg3)
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)
             throws Exception {
-        LOGGER.info("request is received after : "+request.getRequestURL().toString());
+    }
     @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object object) throws Exception {
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+            throws Exception {
-        LOGGER.info("request is received in post interceptor before [{}] with method [{}]", request.getRequestURL().toString(), request.getMethod());
+        String idemKey = (String) request.getAttribute(REQUEST_ATTR_IDEM_KEY);
-        if ("POST".equalsIgnoreCase(request.getMethod())) {
+        if (idemKey == null) {
+            return;
+        }
-            String idempotencyKey = request.getHeader("IdempotencyKey");
+        String redisKey = IDEM_PREFIX + idemKey;
-            if (idempotencyKey == null || idempotencyKey.isEmpty()) {
+        if (ex == null && response.getStatus() >= 200 && response.getStatus() < 300) {
-//                response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Missing idempotency token in header");
+            redisTemplate.opsForValue().set(redisKey, "done", IDEM_TTL_SECONDS, TimeUnit.SECONDS);
+        } else {
-                return true;
+            redisTemplate.delete(redisKey);
-            }
+        }
+    }
-            Cache cache = timeoutCacheManager.getCache("IdempotencyKey");
+    private String buildIdempotencyKey(HttpServletRequest request, String header) {
-            if (cache != null) {
+        if (header != null && !header.isEmpty()) {
-                if (cache.get(idempotencyKey) != null) {
+            String uri = request.getRequestURI();
-                    response.setStatus(HttpServletResponse.SC_OK);
+            String query = request.getQueryString();
-                    response.getWriter().write("Duplicate request. Idempotency Key already processed.");
+            String scope = header + "|" + uri + (query != null ? "?" + query : "");
-                    return false;
+            return sha256(scope.getBytes(java.nio.charset.StandardCharsets.UTF_8));
-                } else {
+        }
+        if ("POST".equalsIgnoreCase(request.getMethod())
-                    cache.put(idempotencyKey, "PROCESSED");
+                && request instanceof RequestCachingFilter.CachedBodyRequest) {
+            byte[] body = ((RequestCachingFilter.CachedBodyRequest) request).getCachedBody();
-                    return true;
+            if (body.length > 0) {
-                }
+                return sha256(body);
+            }
+        }
-        return true;
+        return null;
+    }
-    private UserInfo getUserInfo(String token) throws ProfitMandiBusinessException{
+    private static String sha256(byte[] data) {
+        try {
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
+            byte[] hash = digest.digest(data);
+            StringBuilder hex = new StringBuilder(64);
+            for (byte b : hash) {
+                hex.append(String.format("%02x", b));
+            }
-        return jwtUtil.getUserInfo(token);
+            return hex.toString();
+        } catch (Exception e) {
+            throw new RuntimeException("SHA-256 not available", e);
+        }
+    }
+}

Subversion Repositories SmartDukaan

(root)/trunk/profitmandi-web/src/main/java/com/spice/profitmandi/web/interceptor/PostInterceptor.java – Rev 35272 → 36510