diff --git a/admin/pom.xml b/admin/pom.xml index e49afebf..d14ea30b 100644 --- a/admin/pom.xml +++ b/admin/pom.xml @@ -27,6 +27,11 @@ org.springframework.boot spring-boot-starter-security + + net.logstash.logback + logstash-logback-encoder + ${logstash-logback-encoder} + diff --git a/buyer-api/src/main/java/cn/lili/controller/member/CouponBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/CouponBuyerController.java index edb29fa9..c4b40b0e 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/CouponBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/CouponBuyerController.java @@ -1,8 +1,8 @@ package cn.lili.controller.member; -import cn.lili.common.enums.ResultCode; -import cn.lili.common.security.context.UserContext; import cn.lili.common.enums.ResultUtil; +import cn.lili.common.security.AuthUser; +import cn.lili.common.security.context.UserContext; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.promotion.entity.dos.MemberCoupon; @@ -10,6 +10,7 @@ import cn.lili.modules.promotion.entity.vos.CouponSearchParams; import cn.lili.modules.promotion.entity.vos.CouponVO; import cn.lili.modules.promotion.service.CouponService; import cn.lili.modules.promotion.service.MemberCouponService; +import cn.lili.modules.system.utils.OperationalJudgment; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -22,6 +23,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; import javax.validation.constraints.NotNull; +import java.util.Objects; /** * 买家端,买家优惠券接口 @@ -56,14 +58,16 @@ public class CouponBuyerController { @ApiOperation(value = "获取当前会员的优惠券列表") @GetMapping("/getCoupons") public ResultMessage> getCoupons(CouponSearchParams param, PageVO pageVo) { - param.setMemberId(UserContext.getCurrentUser().getId()); + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); + param.setMemberId(currentUser.getId()); return ResultUtil.data(memberCouponService.getMemberCoupons(param, pageVo)); } @ApiOperation(value = "获取当前会员的对于当前商品可使用的优惠券列表") @GetMapping("/canUse") public ResultMessage> getCouponsByCanUse(CouponSearchParams param, Double totalPrice, PageVO pageVo) { - param.setMemberId(UserContext.getCurrentUser().getId()); + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); + param.setMemberId(currentUser.getId()); return ResultUtil.data(memberCouponService.getMemberCouponsByCanUse(param, totalPrice, pageVo)); } @@ -79,8 +83,9 @@ public class CouponBuyerController { }) @GetMapping("/receive/{couponId}") public ResultMessage receiveCoupon(@NotNull(message = "优惠券ID不能为空") @PathVariable("couponId") String couponId) { - memberCouponService.checkCouponLimit(couponId, UserContext.getCurrentUser().getId()); - memberCouponService.receiveCoupon(couponId, UserContext.getCurrentUser().getId(), UserContext.getCurrentUser().getNickName()); + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); + memberCouponService.checkCouponLimit(couponId, currentUser.getId()); + memberCouponService.receiveCoupon(couponId, currentUser.getId(), currentUser.getNickName()); return ResultUtil.success(); } @@ -90,7 +95,7 @@ public class CouponBuyerController { }) @GetMapping(value = "/get/{id}") public ResultMessage get(@NotNull(message = "优惠券ID不能为空") @PathVariable("id") String id) { - MemberCoupon memberCoupon = memberCouponService.getById(id); + MemberCoupon memberCoupon = OperationalJudgment.judgment(memberCouponService.getById(id)); return ResultUtil.data(memberCoupon); } diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java index 0ffc4c2d..3b056b97 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java @@ -6,6 +6,7 @@ import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.MemberAddress; import cn.lili.modules.member.service.MemberAddressService; +import cn.lili.modules.system.utils.OperationalJudgment; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -14,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import javax.validation.Valid; +import java.util.Objects; /** @@ -56,7 +58,7 @@ public class MemberAddressBuyerController { @PostMapping public ResultMessage addShippingAddress(@Valid MemberAddress shippingAddress) { //添加会员地址 - shippingAddress.setMemberId(UserContext.getCurrentUser().getId()); + shippingAddress.setMemberId(Objects.requireNonNull(UserContext.getCurrentUser()).getId()); if(shippingAddress.getIsDefault()==null){ shippingAddress.setIsDefault(false); } @@ -73,6 +75,7 @@ public class MemberAddressBuyerController { @ApiImplicitParam(name = "id", value = "会员地址ID", dataType = "String", paramType = "path") @DeleteMapping(value = "/delById/{id}") public ResultMessage delShippingAddressById(@PathVariable String id) { + OperationalJudgment.judgment(memberAddressService.getById(id)); memberAddressService.removeMemberAddress(id); return ResultUtil.success(); } diff --git a/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java index e49bf29c..a1e6bccb 100644 --- a/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java @@ -1,6 +1,7 @@ package cn.lili.controller.passport; import cn.lili.common.enums.ResultUtil; +import cn.lili.common.security.enums.UserEnums; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.dto.MemberEditDTO; @@ -49,6 +50,13 @@ public class MemberBuyerController { return ResultUtil.data(this.memberService.usernameLogin(username, password)); } + @ApiOperation(value = "注销接口") + @PostMapping("/logout") + public ResultMessage logout() { + this.memberService.logout(UserEnums.MEMBER); + return ResultUtil.success(); + } + @ApiOperation(value = "短信登录接口") @ApiImplicitParams({ @ApiImplicitParam(name = "mobile", value = "手机号", required = true, paramType = "query"), diff --git a/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java index 3a3da949..46539670 100644 --- a/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/trade/AfterSaleBuyerController.java @@ -13,6 +13,7 @@ import cn.lili.modules.order.order.service.AfterSaleReasonService; import cn.lili.modules.order.order.service.AfterSaleService; import cn.lili.modules.order.trade.entity.dos.AfterSaleLog; import cn.lili.modules.store.entity.dto.StoreAfterSaleAddressDTO; +import cn.lili.modules.system.utils.OperationalJudgment; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -57,7 +58,8 @@ public class AfterSaleBuyerController { @ApiImplicitParam(name = "sn", value = "售后单号", required = true, paramType = "path") @GetMapping(value = "/get/{sn}") public ResultMessage get(@NotNull(message = "售后单号") @PathVariable("sn") String sn) { - return ResultUtil.data(afterSaleService.getAfterSale(sn)); + AfterSaleVO afterSale = OperationalJudgment.judgment(afterSaleService.getAfterSale(sn)); + return ResultUtil.data(afterSale); } @ApiOperation(value = "分页获取售后服务") @@ -72,7 +74,8 @@ public class AfterSaleBuyerController { }) @GetMapping(value = "/applyAfterSaleInfo/{sn}") public ResultMessage applyAfterSaleInfo(@PathVariable String sn) { - return ResultUtil.data(afterSaleService.getAfterSaleVO(sn)); + AfterSaleApplyVO afterSaleApplyVO = OperationalJudgment.judgment(afterSaleService.getAfterSaleVO(sn)); + return ResultUtil.data(afterSaleApplyVO); } @PostMapping(value = "/save/{orderItemSn}") @@ -95,7 +98,7 @@ public class AfterSaleBuyerController { public ResultMessage delivery(@NotNull(message = "售后编号不能为空") @PathVariable("afterSaleSn") String afterSaleSn, @NotNull(message = "发货单号不能为空") @RequestParam String logisticsNo, @NotNull(message = "请选择物流公司") @RequestParam String logisticsId, - @NotNull(message = "请选择发货时间") @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date mDeliverTime) { + @NotNull(message = "请选择发货时间") @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date mDeliverTime) { return ResultUtil.data(afterSaleService.buyerDelivery(afterSaleSn, logisticsNo, logisticsId, mDeliverTime)); } diff --git a/buyer-api/src/main/java/cn/lili/controller/trade/OrderBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/trade/OrderBuyerController.java index ca35081e..83cb51bf 100644 --- a/buyer-api/src/main/java/cn/lili/controller/trade/OrderBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/trade/OrderBuyerController.java @@ -1,10 +1,10 @@ package cn.lili.controller.trade; import cn.lili.common.enums.ResultCode; +import cn.lili.common.enums.ResultUtil; import cn.lili.common.exception.ServiceException; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; -import cn.lili.common.enums.ResultUtil; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.order.order.entity.dos.Order; import cn.lili.modules.order.order.entity.dto.OrderSearchParams; @@ -12,6 +12,7 @@ import cn.lili.modules.order.order.entity.enums.OrderStatusEnum; import cn.lili.modules.order.order.entity.vo.OrderDetailVO; import cn.lili.modules.order.order.entity.vo.OrderSimpleVO; import cn.lili.modules.order.order.service.OrderService; +import cn.lili.modules.system.utils.OperationalJudgment; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -23,6 +24,7 @@ import springfox.documentation.annotations.ApiIgnore; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; +import java.util.Objects; /** * 买家端,订单接口 @@ -44,7 +46,7 @@ public class OrderBuyerController { @ApiOperation(value = "查询会员订单列表") @GetMapping public ResultMessage> queryMineOrder(OrderSearchParams orderSearchParams) { - AuthUser currentUser = UserContext.getCurrentUser(); + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); orderSearchParams.setMemberId(currentUser.getId()); return ResultUtil.data(orderService.queryByParams(orderSearchParams)); } @@ -55,7 +57,9 @@ public class OrderBuyerController { }) @GetMapping(value = "/{orderSn}") public ResultMessage detail(@NotNull(message = "订单编号不能为空") @PathVariable("orderSn") String orderSn) { - return ResultUtil.data(orderService.queryDetail(orderSn)); + OrderDetailVO orderDetailVO = orderService.queryDetail(orderSn); + OperationalJudgment.judgment(orderDetailVO.getOrder()); + return ResultUtil.data(orderDetailVO); } @ApiOperation(value = "确认收货") @@ -93,6 +97,7 @@ public class OrderBuyerController { }) @DeleteMapping(value = "/{orderSn}") public ResultMessage deleteOrder(@PathVariable String orderSn) { + OperationalJudgment.judgment(orderService.getBySn(orderSn)); orderService.deleteOrder(orderSn); return ResultUtil.success(); } @@ -103,6 +108,7 @@ public class OrderBuyerController { }) @PostMapping(value = "/getTraces/{orderSn}") public ResultMessage getTraces(@NotBlank(message = "订单编号不能为空") @PathVariable String orderSn) { + OperationalJudgment.judgment(orderService.getBySn(orderSn)); return ResultUtil.data(orderService.getTraces(orderSn)); } @@ -113,6 +119,7 @@ public class OrderBuyerController { }) @PostMapping(value = "/receipt/{orderSn}") public ResultMessage invoice(@NotBlank(message = "订单编号不能为空") @PathVariable String orderSn) { + OperationalJudgment.judgment(orderService.getBySn(orderSn)); return ResultUtil.data(orderService.invoice(orderSn)); } diff --git a/buyer-api/src/main/java/cn/lili/controller/trade/OrderComplaintBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/trade/OrderComplaintBuyerController.java index 22a41231..2fb5f007 100644 --- a/buyer-api/src/main/java/cn/lili/controller/trade/OrderComplaintBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/trade/OrderComplaintBuyerController.java @@ -13,6 +13,7 @@ import cn.lili.modules.order.order.entity.vo.OrderComplaintSearchParams; import cn.lili.modules.order.order.entity.vo.OrderComplaintVO; import cn.lili.modules.order.order.service.OrderComplaintCommunicationService; import cn.lili.modules.order.order.service.OrderComplaintService; +import cn.lili.modules.system.utils.OperationalJudgment; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -22,6 +23,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import javax.validation.Valid; +import java.util.Objects; /** * 买家端,交易投诉接口 @@ -51,13 +53,15 @@ public class OrderComplaintBuyerController { @ApiImplicitParam(name = "id", value = "投诉单ID", required = true, paramType = "path") @GetMapping(value = "/{id}") public ResultMessage get(@PathVariable String id) { - return ResultUtil.data(orderComplaintService.getOrderComplainById(id)); + OrderComplaintVO orderComplaintVO = OperationalJudgment.judgment(orderComplaintService.getOrderComplainById(id)); + return ResultUtil.data(orderComplaintVO); } @ApiOperation(value = "分页获取") @GetMapping public ResultMessage> get(OrderComplaintSearchParams searchParams, PageVO pageVO) { - searchParams.setMemberId(UserContext.getCurrentUser().getId()); + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); + searchParams.setMemberId(currentUser.getId()); return ResultUtil.data(orderComplaintService.getOrderComplainByPage(searchParams, pageVO)); } @@ -75,7 +79,7 @@ public class OrderComplaintBuyerController { }) @PostMapping("/communication") public ResultMessage addCommunication(@RequestParam String complainId, @RequestParam String content) { - AuthUser currentUser = UserContext.getCurrentUser(); + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); OrderComplaintCommunicationVO communicationVO = new OrderComplaintCommunicationVO(complainId, content, CommunicationOwnerEnum.BUYER.name(), currentUser.getId(), currentUser.getNickName()); orderComplaintCommunicationService.addCommunication(communicationVO); return ResultUtil.data(communicationVO); diff --git a/common-api/src/main/java/cn/lili/controller/common/UploadController.java b/common-api/src/main/java/cn/lili/controller/common/UploadController.java index 281f1d29..38d3cd0d 100644 --- a/common-api/src/main/java/cn/lili/controller/common/UploadController.java +++ b/common-api/src/main/java/cn/lili/controller/common/UploadController.java @@ -1,18 +1,17 @@ package cn.lili.controller.common; -import cn.hutool.core.util.StrUtil; +import cn.hutool.core.text.CharSequenceUtil; import cn.lili.cache.Cache; import cn.lili.common.enums.ResultCode; +import cn.lili.common.enums.ResultUtil; import cn.lili.common.exception.ServiceException; +import cn.lili.common.properties.SystemSettingProperties; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; import cn.lili.common.security.enums.UserEnums; import cn.lili.common.utils.Base64DecodeMultipartFile; import cn.lili.common.utils.CommonUtil; -import cn.lili.common.enums.ResultUtil; -import cn.lili.common.utils.StringUtils; import cn.lili.common.vo.ResultMessage; -import cn.lili.common.properties.SystemSettingProperties; import cn.lili.modules.file.entity.File; import cn.lili.modules.file.plugin.FileManagerPlugin; import cn.lili.modules.file.service.FileService; @@ -30,6 +29,7 @@ import org.springframework.web.bind.annotation.RestController; import org.springframework.web.multipart.MultipartFile; import java.io.InputStream; +import java.util.Objects; /** * 文件上传接口 @@ -68,16 +68,24 @@ public class UploadController { throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR); } Setting setting = settingService.get(SettingEnum.OSS_SETTING.name()); - if (setting == null || StrUtil.isBlank(setting.getSettingValue())) { + if (setting == null || CharSequenceUtil.isBlank(setting.getSettingValue())) { throw new ServiceException(ResultCode.OSS_NOT_EXIST); } + if (file == null || CharSequenceUtil.isEmpty(file.getContentType())) { + throw new ServiceException(ResultCode.IMAGE_FILE_EXT_ERROR); + } - if (StringUtils.isNotBlank(base64)) { + + if (!CharSequenceUtil.containsAny(file.getContentType().toLowerCase(), "image")) { + throw new ServiceException(ResultCode.FILE_TYPE_NOT_SUPPORT); + } + + if (CharSequenceUtil.isNotBlank(base64)) { //base64上传 file = Base64DecodeMultipartFile.base64Convert(base64); } - String result = ""; - String fileKey = CommonUtil.rename(file.getOriginalFilename()); + String result; + String fileKey = CommonUtil.rename(Objects.requireNonNull(file.getOriginalFilename())); File newFile = new File(); try { InputStream inputStream = file.getInputStream(); diff --git a/consumer/src/main/java/cn/lili/listener/NoticeSendMessageListener.java b/consumer/src/main/java/cn/lili/listener/NoticeSendMessageListener.java index df5104a8..c45dad05 100644 --- a/consumer/src/main/java/cn/lili/listener/NoticeSendMessageListener.java +++ b/consumer/src/main/java/cn/lili/listener/NoticeSendMessageListener.java @@ -2,11 +2,9 @@ package cn.lili.listener; import cn.hutool.json.JSONUtil; import cn.lili.common.enums.SwitchEnum; -import cn.lili.rocketmq.tags.OtherTagsEnum; -import cn.lili.modules.system.sms.SmsUtil; import cn.lili.common.vo.PageVO; -import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.vo.MemberSearchVO; +import cn.lili.modules.member.entity.vo.MemberVO; import cn.lili.modules.member.mapper.MemberMapper; import cn.lili.modules.member.service.MemberService; import cn.lili.modules.message.entity.dos.MemberMessage; @@ -20,6 +18,8 @@ import cn.lili.modules.message.service.MemberMessageService; import cn.lili.modules.message.service.StoreMessageService; import cn.lili.modules.store.entity.dos.Store; import cn.lili.modules.store.service.StoreService; +import cn.lili.modules.system.sms.SmsUtil; +import cn.lili.rocketmq.tags.OtherTagsEnum; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import org.apache.rocketmq.common.message.MessageExt; @@ -169,7 +169,7 @@ public class NoticeSendMessageListener implements RocketMQListener { PageVO pageVO = new PageVO(); pageVO.setPageSize(pageSize); pageVO.setPageNumber(i); - IPage page = memberService.getMemberPage(memberSearchVO, pageVO); + IPage page = memberService.getMemberPage(memberSearchVO, pageVO); //循环要保存的信息 page.getRecords().forEach(item -> { MemberMessage memberMessage = new MemberMessage(); diff --git a/framework/pom.xml b/framework/pom.xml index bdd1dd40..170bd277 100644 --- a/framework/pom.xml +++ b/framework/pom.xml @@ -302,6 +302,13 @@ commons-text ${commons-text} + + + com.googlecode.owasp-java-html-sanitizer + owasp-java-html-sanitizer + ${owasp-java-html-sanitizer} + + diff --git a/framework/src/main/java/cn/lili/common/enums/ResultCode.java b/framework/src/main/java/cn/lili/common/enums/ResultCode.java index accc1077..d08ca88f 100644 --- a/framework/src/main/java/cn/lili/common/enums/ResultCode.java +++ b/framework/src/main/java/cn/lili/common/enums/ResultCode.java @@ -37,6 +37,7 @@ public enum ResultCode { LIMIT_ERROR(1003, "访问过于频繁,请稍后再试"), ILLEGAL_REQUEST_ERROR(1004, "非法请求,请重新刷新页面操作"), IMAGE_FILE_EXT_ERROR(1005, "不支持图片格式"), + FILE_TYPE_NOT_SUPPORT(1010, "不支持上传的文件类型!"), PLATFORM_NOT_SUPPORTED_IM(1006, "平台未开启IM"), STORE_NOT_SUPPORTED_IM(1007, "店铺未开启IM"), /** @@ -155,6 +156,7 @@ public enum ResultCode { * 购物车 */ CART_ERROR(30001, "读取结算页的购物车异常"), + CART_NUM_ERROR(30010, "购买数量必须大于0"), CART_PINTUAN_NOT_EXIST_ERROR(30002, "拼团活动已关闭,请稍后重试"), CART_PINTUAN_LIMIT_ERROR(30003, "购买数量超过拼团活动限制数量"), SHIPPING_NOT_APPLY(30005, "购物商品不支持当前收货地址配送"), diff --git a/framework/src/main/java/cn/lili/common/security/context/UserContext.java b/framework/src/main/java/cn/lili/common/security/context/UserContext.java index 534afdc2..6fdd6378 100644 --- a/framework/src/main/java/cn/lili/common/security/context/UserContext.java +++ b/framework/src/main/java/cn/lili/common/security/context/UserContext.java @@ -47,7 +47,7 @@ public class UserContext { */ public static AuthUser getAuthUser(Cache cache, String accessToken) { try { - if (cache.keys("*" + accessToken).size() == 0) { + if (cache.keys("*" + accessToken).isEmpty()) { throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR); } return getAuthUser(accessToken); @@ -56,6 +56,14 @@ public class UserContext { } } + public static String getCurrentUserToken() { + if (RequestContextHolder.getRequestAttributes() != null) { + HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); + return request.getHeader(SecurityEnum.HEADER_TOKEN.getValue()); + } + return null; + } + /** * 根据jwt获取token重的用户信息 * diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java index 4973d0c0..013ebba1 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java +++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java @@ -4,6 +4,7 @@ package cn.lili.common.security.filter; import cn.hutool.core.text.CharSequenceUtil; import cn.hutool.http.HtmlUtil; import cn.hutool.json.JSONUtil; +import org.owasp.html.Sanitizers; import javax.servlet.ReadListener; import javax.servlet.ServletInputStream; @@ -28,6 +29,7 @@ import java.util.Map; */ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { + private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name"}; public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); @@ -42,13 +44,10 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { if (values == null) { return new String[0]; } - if (ignoreXss(name)) { - return values; - } int count = values.length; String[] encodedValues = new String[count]; for (int i = 0; i < count; i++) { - encodedValues[i] = cleanXSS(values[i]); + encodedValues[i] = filterXss(name, values[i]); } return encodedValues; } @@ -62,7 +61,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { if (value == null) { return null; } - return ignoreXss(name) ? value : cleanXSS(value); + return filterXss(name, value); } /** @@ -71,11 +70,8 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { @Override public Object getAttribute(String name) { Object value = super.getAttribute(name); - if (ignoreXss(name)) { - return value; - } if (value instanceof String) { - value = cleanXSS((String) value); + value = filterXss(name, (String) value); } return value; } @@ -89,7 +85,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { if (value == null) { return null; } - return ignoreXss(name) ? value : cleanXSS(value); + return filterXss(name, value); } @Override @@ -103,15 +99,14 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { for (Map.Entry entry : parameterMap.entrySet()) { //根据key获取value String[] values = entry.getValue(); - if (!ignoreXss(entry.getKey())) { - //遍历数组 - for (int i = 0; i < values.length; i++) { - String value = values[i]; - value = cleanXSS(value); - //将转义后的数据放回数组中 - values[i] = value; - } + //遍历数组 + for (int i = 0; i < values.length; i++) { + String value = values[i]; + value = filterXss(entry.getKey(), value); + //将转义后的数据放回数组中 + values[i] = value; } + //将转义后的数组put到linkMap当中 params.put(entry.getKey(), values); } @@ -153,9 +148,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { Map resultMap = new HashMap<>(map.size()); //遍历数组 for (Map.Entry entry : map.entrySet()) { - //如果map.get(key)获取到的是字符串就需要进行转义,如果不是直接存储resultMap - if (map.get(entry.getKey()) instanceof String && !ignoreXss(entry.getKey())) { - resultMap.put(entry.getKey(), cleanXSS(entry.getValue().toString())); + //如果map.get(key)获取到的是字符串就需要进行处理,如果不是直接存储resultMap + if (map.get(entry.getKey()) instanceof String) { + resultMap.put(entry.getKey(), filterXss(entry.getKey(), entry.getValue().toString())); } else { resultMap.put(entry.getKey(), entry.getValue()); } @@ -219,13 +214,25 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { private String cleanXSS(String value) { if (value != null) { - value = HtmlUtil.escape(value); + value = Sanitizers.FORMATTING.and(Sanitizers.LINKS).sanitize(value); } return value; } - private boolean ignoreXss(String name) { - return CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), "logo", "url", "photo", "intro"); + /** + * 过滤xss + * + * @param name 参数名 + * @param value 参数值 + * @return 参数值 + */ + private String filterXss(String name, String value) { + if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) { + // 忽略的处理,(过滤敏感字符) + return HtmlUtil.filter(value); + } else { + return cleanXSS(value); + } } } diff --git a/framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java b/framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java index 8b04e5e7..5bfe5035 100644 --- a/framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java +++ b/framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java @@ -24,6 +24,14 @@ public enum SensitiveStrategy { * Phone sensitive type. */ PHONE(s -> s.replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2")), + /** + * Email sensitive type. + */ + EMAIL(s -> s.replaceAll("(^\\w)[^@]*(@.*$)", "$1****$2")), + /** + * Name sensitive type. + */ + NAME(s -> s.replaceAll("^(.{3}).+(.{3})$", "$1*****$2")), /** * Address sensitive type. */ diff --git a/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java b/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java new file mode 100644 index 00000000..c95d104e --- /dev/null +++ b/framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java @@ -0,0 +1,88 @@ +package cn.lili.modules.member.entity.vo; + +import cn.lili.common.enums.ClientTypeEnum; +import cn.lili.common.security.sensitive.Sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; +import com.fasterxml.jackson.annotation.JsonFormat; +import io.swagger.annotations.ApiModelProperty; +import lombok.Data; +import org.springframework.format.annotation.DateTimeFormat; + +import java.io.Serializable; +import java.util.Date; + +/** + * @author paulG + * @since 2021/11/8 + **/ +@Data +public class MemberVO implements Serializable { + + private static final long serialVersionUID = 1810890757303309436L; + + @ApiModelProperty(value = "唯一标识", hidden = true) + private String id; + + @ApiModelProperty(value = "会员用户名") + private String username; + + @ApiModelProperty(value = "昵称") + private String nickName; + + @ApiModelProperty(value = "会员性别,1为男,0为女") + private Integer sex; + + @JsonFormat(pattern = "yyyy-MM-dd", timezone = "GMT+8") + @DateTimeFormat(pattern = "yyyy-MM-dd") + @ApiModelProperty(value = "会员生日") + private Date birthday; + + @ApiModelProperty(value = "会员地址ID") + private String regionId; + + @ApiModelProperty(value = "会员地址") + private String region; + + @ApiModelProperty(value = "手机号码", required = true) + @Sensitive(strategy = SensitiveStrategy.PHONE) + private String mobile; + + @ApiModelProperty(value = "积分数量") + private Long point; + + @ApiModelProperty(value = "积分总数量") + private Long totalPoint; + + @ApiModelProperty(value = "会员头像") + private String face; + + @ApiModelProperty(value = "会员状态") + private Boolean disabled; + + @ApiModelProperty(value = "是否开通店铺") + private Boolean haveStore; + + @ApiModelProperty(value = "店铺ID") + private String storeId; + + @ApiModelProperty(value = "openId") + private String openId; + + /** + * @see ClientTypeEnum + */ + @ApiModelProperty(value = "客户端") + private String clientEnum; + + @JsonFormat(timezone = "GMT+8", pattern = "yyyy-MM-dd HH:mm:ss") + @ApiModelProperty(value = "最后一次登录时间") + private Date lastLoginDate; + + @ApiModelProperty(value = "会员等级ID") + private String gradeId; + + @ApiModelProperty(value = "经验值数量") + private Long experience; + + +} diff --git a/framework/src/main/java/cn/lili/modules/member/mapper/MemberMapper.java b/framework/src/main/java/cn/lili/modules/member/mapper/MemberMapper.java index d25516dd..4e214753 100644 --- a/framework/src/main/java/cn/lili/modules/member/mapper/MemberMapper.java +++ b/framework/src/main/java/cn/lili/modules/member/mapper/MemberMapper.java @@ -3,7 +3,12 @@ package cn.lili.modules.member.mapper; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.vo.MemberDistributionVO; +import cn.lili.modules.member.entity.vo.MemberVO; +import com.baomidou.mybatisplus.core.conditions.Wrapper; import com.baomidou.mybatisplus.core.mapper.BaseMapper; +import com.baomidou.mybatisplus.core.metadata.IPage; +import com.baomidou.mybatisplus.core.toolkit.Constants; +import org.apache.ibatis.annotations.Param; import org.apache.ibatis.annotations.Select; import java.util.List; @@ -29,4 +34,7 @@ public interface MemberMapper extends BaseMapper { */ @Select("select client_enum,count(0) as num from li_member group by client_enum") List distribution(); + + @Select("select * from li_member ${ew.customSqlSegment}") + IPage pageByMemberVO(IPage page, @Param(Constants.WRAPPER) Wrapper queryWrapper); } \ No newline at end of file diff --git a/framework/src/main/java/cn/lili/modules/member/service/MemberService.java b/framework/src/main/java/cn/lili/modules/member/service/MemberService.java index fac60794..f3f0d44a 100644 --- a/framework/src/main/java/cn/lili/modules/member/service/MemberService.java +++ b/framework/src/main/java/cn/lili/modules/member/service/MemberService.java @@ -1,6 +1,7 @@ package cn.lili.modules.member.service; +import cn.lili.common.security.enums.UserEnums; import cn.lili.common.security.token.Token; import cn.lili.common.vo.PageVO; import cn.lili.modules.connect.entity.dto.ConnectAuthUser; @@ -10,6 +11,7 @@ import cn.lili.modules.member.entity.dto.MemberAddDTO; import cn.lili.modules.member.entity.dto.MemberEditDTO; import cn.lili.modules.member.entity.vo.MemberDistributionVO; import cn.lili.modules.member.entity.vo.MemberSearchVO; +import cn.lili.modules.member.entity.vo.MemberVO; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.extension.service.IService; @@ -141,7 +143,7 @@ public interface MemberService extends IService { * @param page 分页 * @return 会员分页 */ - IPage getMemberPage(MemberSearchVO memberSearchVO, PageVO page); + IPage getMemberPage(MemberSearchVO memberSearchVO, PageVO page); /** * 一键注册会员 @@ -209,4 +211,11 @@ public interface MemberService extends IService { * @return 会员总数 */ Integer getMemberNum(MemberSearchVO memberSearchVO); + + /** + * 登出 + * + * @param userEnums token角色类型 + */ + void logout(UserEnums userEnums); } \ No newline at end of file diff --git a/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberAddressServiceImpl.java b/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberAddressServiceImpl.java index b773f6ee..33915e7e 100644 --- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberAddressServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberAddressServiceImpl.java @@ -14,6 +14,8 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import java.util.Objects; + /** * 收货地址业务层实现 * @@ -36,7 +38,7 @@ public class MemberAddressServiceImpl extends ServiceImpl() - .eq("member_id", UserContext.getCurrentUser().getId()) + .eq("member_id", Objects.requireNonNull(UserContext.getCurrentUser()).getId()) .eq("id", id)); } @@ -49,7 +51,7 @@ public class MemberAddressServiceImpl extends ServiceImpl() - .eq("member_id", UserContext.getCurrentUser().getId()) + .eq("member_id", Objects.requireNonNull(UserContext.getCurrentUser()).getId()) .eq("is_default", true)); } @@ -67,7 +69,7 @@ public class MemberAddressServiceImpl extends ServiceImpl lambdaUpdateWrapper = Wrappers.lambdaUpdate(); lambdaUpdateWrapper.set(MemberAddress::getIsDefault, false); diff --git a/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java b/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java index 57eee5a3..10d69d81 100644 --- a/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java @@ -2,6 +2,7 @@ package cn.lili.modules.member.serviceimpl; import cn.hutool.core.convert.Convert; +import cn.hutool.core.text.CharSequenceUtil; import cn.lili.cache.Cache; import cn.lili.cache.CachePrefix; import cn.lili.common.context.ThreadContextHolder; @@ -11,6 +12,7 @@ import cn.lili.common.exception.ServiceException; import cn.lili.common.properties.RocketmqCustomProperties; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; +import cn.lili.common.security.enums.UserEnums; import cn.lili.common.security.token.Token; import cn.lili.common.utils.BeanUtil; import cn.lili.common.utils.CookieUtil; @@ -30,6 +32,7 @@ import cn.lili.modules.member.entity.dto.MemberPointMessage; import cn.lili.modules.member.entity.enums.PointTypeEnum; import cn.lili.modules.member.entity.vo.MemberDistributionVO; import cn.lili.modules.member.entity.vo.MemberSearchVO; +import cn.lili.modules.member.entity.vo.MemberVO; import cn.lili.modules.member.mapper.MemberMapper; import cn.lili.modules.member.service.MemberService; import cn.lili.modules.member.token.MemberTokenGenerate; @@ -363,7 +366,7 @@ public class MemberServiceImpl extends ServiceImpl impleme } @Override - public IPage getMemberPage(MemberSearchVO memberSearchVO, PageVO page) { + public IPage getMemberPage(MemberSearchVO memberSearchVO, PageVO page) { QueryWrapper queryWrapper = Wrappers.query(); //用户名查询 queryWrapper.like(StringUtils.isNotBlank(memberSearchVO.getUsername()), "username", memberSearchVO.getUsername()); @@ -375,7 +378,7 @@ public class MemberServiceImpl extends ServiceImpl impleme queryWrapper.eq(StringUtils.isNotBlank(memberSearchVO.getDisabled()), "disabled", memberSearchVO.getDisabled().equals(SwitchEnum.OPEN.name()) ? 1 : 0); queryWrapper.orderByDesc("create_time"); - return this.page(PageUtil.initPage(page), queryWrapper); + return this.baseMapper.pageByMemberVO(PageUtil.initPage(page), queryWrapper); } @Override @@ -573,6 +576,17 @@ public class MemberServiceImpl extends ServiceImpl impleme return this.count(queryWrapper); } + /** + * 登出 + */ + @Override + public void logout(UserEnums userEnums) { + String currentUserToken = UserContext.getCurrentUserToken(); + if (CharSequenceUtil.isNotEmpty(currentUserToken)) { + cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + currentUserToken); + } + } + /** * 检测会员 * diff --git a/framework/src/main/java/cn/lili/modules/order/cart/service/CartServiceImpl.java b/framework/src/main/java/cn/lili/modules/order/cart/service/CartServiceImpl.java index e3b63d59..d7ff3fc1 100644 --- a/framework/src/main/java/cn/lili/modules/order/cart/service/CartServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/order/cart/service/CartServiceImpl.java @@ -118,6 +118,9 @@ public class CartServiceImpl implements CartService { @Override public void add(String skuId, Integer num, String cartType, Boolean cover) { + if (num <= 0) { + throw new ServiceException(ResultCode.CART_NUM_ERROR); + } CartTypeEnum cartTypeEnum = getCartType(cartType); GoodsSku dataSku = checkGoods(skuId); try { @@ -492,6 +495,7 @@ public class CartServiceImpl implements CartService { @Override public void selectCoupon(String couponId, String way, boolean use) { + AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser()); //获取购物车,然后重新写入优惠券 CartTypeEnum cartTypeEnum = getCartType(way); TradeDTO tradeDTO = this.readDTO(cartTypeEnum); @@ -500,6 +504,7 @@ public class CartServiceImpl implements CartService { memberCouponService.getOne( new LambdaQueryWrapper() .eq(MemberCoupon::getMemberCouponStatus, MemberCouponStatusEnum.NEW.name()) + .eq(MemberCoupon::getMemberId, currentUser.getId()) .eq(MemberCoupon::getId, couponId)); if (memberCoupon == null) { throw new ServiceException(ResultCode.COUPON_EXPIRED); @@ -507,7 +512,7 @@ public class CartServiceImpl implements CartService { //使用优惠券 与否 if (use) { this.useCoupon(tradeDTO, memberCoupon, cartTypeEnum); - } else if (!use) { + } else { if (Boolean.TRUE.equals(memberCoupon.getIsPlatform())) { tradeDTO.setPlatformCoupon(null); } else { @@ -679,7 +684,7 @@ public class CartServiceImpl implements CartService { //拼团活动,需要对限购数量进行判定 //获取拼团信息 List currentPromotion = cartSkuVO.getPromotions().stream().filter( - promotionGoods -> (promotionGoods.getPromotionType().equals(PromotionTypeEnum.PINTUAN.name()))) + promotionGoods -> (promotionGoods.getPromotionType().equals(PromotionTypeEnum.PINTUAN.name()))) .collect(Collectors.toList()); //拼团活动判定 if (!currentPromotion.isEmpty()) { diff --git a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java index 4ea1946c..f8904e52 100644 --- a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java +++ b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java @@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonFormat; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; +import lombok.EqualsAndHashCode; import lombok.NoArgsConstructor; import org.springframework.format.annotation.DateTimeFormat; @@ -33,6 +34,7 @@ import java.util.Optional; * @author Chopper * @since 2020/11/17 7:30 下午 */ +@EqualsAndHashCode(callSuper = true) @Data @TableName("li_order") @ApiModel(value = "订单") @@ -88,6 +90,7 @@ public class Order extends BaseEntity { private Date paymentTime; @ApiModelProperty(value = "收件人姓名") + @Sensitive(strategy = SensitiveStrategy.USERNAME) private String consigneeName; @ApiModelProperty(value = "收件人手机") @@ -107,6 +110,7 @@ public class Order extends BaseEntity { private String consigneeAddressIdPath; @ApiModelProperty(value = "详细地址") + @Sensitive(strategy = SensitiveStrategy.ADDRESS) private String consigneeDetail; @ApiModelProperty(value = "总价格") diff --git a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/OrderComplaint.java b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/OrderComplaint.java index 86e39260..a18cb71c 100644 --- a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/OrderComplaint.java +++ b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/OrderComplaint.java @@ -1,12 +1,15 @@ package cn.lili.modules.order.order.entity.dos; -import cn.lili.mybatis.BaseEntity; +import cn.lili.common.security.sensitive.Sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; import cn.lili.modules.order.order.entity.enums.ComplaintStatusEnum; +import cn.lili.mybatis.BaseEntity; import com.baomidou.mybatisplus.annotation.TableName; import com.fasterxml.jackson.annotation.JsonFormat; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.Data; +import lombok.EqualsAndHashCode; import java.util.Date; @@ -16,6 +19,7 @@ import java.util.Date; * @author paulG * @since 2020/12/4 **/ +@EqualsAndHashCode(callSuper = true) @Data @TableName("li_order_complaint") @ApiModel(value = "订单交易投诉") @@ -96,12 +100,15 @@ public class OrderComplaint extends BaseEntity { private String memberName; @ApiModelProperty(value = "收货人") + @Sensitive(strategy = SensitiveStrategy.USERNAME) private String consigneeName; @ApiModelProperty(value = "收货地址") + @Sensitive(strategy = SensitiveStrategy.ADDRESS) private String consigneeAddressPath; @ApiModelProperty(value = "收货人手机") + @Sensitive(strategy = SensitiveStrategy.PHONE) private String consigneeMobile; @ApiModelProperty(value = "仲裁结果") diff --git a/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java b/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java index 04d10018..8db3717c 100644 --- a/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java @@ -32,8 +32,8 @@ import cn.lili.modules.order.order.service.OrderService; import cn.lili.modules.order.trade.entity.enums.AfterSaleRefundWayEnum; import cn.lili.modules.order.trade.entity.enums.AfterSaleStatusEnum; import cn.lili.modules.order.trade.entity.enums.AfterSaleTypeEnum; -import cn.lili.modules.payment.kit.RefundSupport; import cn.lili.modules.payment.entity.enums.PaymentMethodEnum; +import cn.lili.modules.payment.kit.RefundSupport; import cn.lili.modules.statistics.entity.dto.StatisticsQueryParam; import cn.lili.modules.statistics.util.StatisticsDateUtil; import cn.lili.modules.store.entity.dto.StoreAfterSaleAddressDTO; @@ -404,7 +404,7 @@ public class AfterSaleServiceImpl extends ServiceImpl orderItems = orderDetailVO.getOrderItems(); @@ -159,8 +162,8 @@ public class OrderComplaintServiceImpl extends ServiceImpl { AdminUserVO adminUserVO = new AdminUserVO(adminUser); - if (!StringUtils.isEmpty(adminUser.getDepartmentId())) { + if (!CharSequenceUtil.isEmpty(adminUser.getDepartmentId())) { try { adminUserVO.setDepartmentTitle( departments.stream().filter @@ -208,8 +209,8 @@ public class AdminUserServiceImpl extends ServiceImpl rolesMaxSize) { throw new ServiceException(ResultCode.PERMISSION_BEYOND_TEN); } - if (roles.size() > 0) { - dbUser.setRoleIds(StringUtils.join(",", roles)); + if (!roles.isEmpty()) { + dbUser.setRoleIds(CharSequenceUtil.join(",", roles)); } this.save(dbUser); dbUser = this.findByUsername(dbUser.getUsername()); diff --git a/framework/src/main/java/cn/lili/modules/search/serviceimpl/EsGoodsSearchServiceImpl.java b/framework/src/main/java/cn/lili/modules/search/serviceimpl/EsGoodsSearchServiceImpl.java index 8d5bef53..3891e4fb 100644 --- a/framework/src/main/java/cn/lili/modules/search/serviceimpl/EsGoodsSearchServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/search/serviceimpl/EsGoodsSearchServiceImpl.java @@ -397,7 +397,7 @@ public class EsGoodsSearchServiceImpl implements EsGoodsSearchService { filterBuilder.must(QueryBuilders.termsQuery(ATTR_BRAND_ID, brands)); } if (searchDTO.getRecommend() != null) { - filterBuilder.filter(QueryBuilders.termQuery("storeId", searchDTO.getRecommend())); + filterBuilder.filter(QueryBuilders.termQuery("recommend", searchDTO.getRecommend())); } //规格项判定 if (searchDTO.getNameIds() != null && !searchDTO.getNameIds().isEmpty()) { diff --git a/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java b/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java index 3e5e2e61..36d383f5 100644 --- a/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java +++ b/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java @@ -1,5 +1,7 @@ package cn.lili.modules.store.entity.dto; +import cn.lili.common.security.sensitive.Sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; import cn.lili.common.validation.Mobile; import cn.lili.common.validation.Phone; import com.baomidou.mybatisplus.annotation.TableField; @@ -37,11 +39,13 @@ public class StoreEditDTO { @NotBlank(message = "公司名称不能为空") @Size(min = 2, max = 100, message = "公司名称错误") @ApiModelProperty(value = "公司名称") + @Sensitive(strategy = SensitiveStrategy.USERNAME) private String companyName; @NotBlank(message = "公司地址不能为空") @Size(min = 1, max = 200, message = "公司地址,长度为1-200字符") @ApiModelProperty(value = "公司地址") + @Sensitive(strategy = SensitiveStrategy.ADDRESS) private String companyAddress; @ApiModelProperty(value = "公司地址地区Id") @@ -52,10 +56,12 @@ public class StoreEditDTO { @Mobile @ApiModelProperty(value = "公司电话") + @Sensitive(strategy = SensitiveStrategy.PHONE) private String companyPhone; @Email @ApiModelProperty(value = "电子邮箱") + @Sensitive(strategy = SensitiveStrategy.EMAIL) private String companyEmail; @Min(value = 1, message = "员工总数,至少一位") @@ -74,10 +80,12 @@ public class StoreEditDTO { @NotBlank(message = "手机号不能为空") @Phone @ApiModelProperty(value = "联系人电话") + @Sensitive(strategy = SensitiveStrategy.PHONE) private String linkPhone; @Size(min = 18, max = 18, message = "营业执照长度为18位字符") @ApiModelProperty(value = "营业执照号") + @Sensitive(strategy = SensitiveStrategy.NAME) private String licenseNum; @Size(min = 1, max = 200, message = "法定经营范围长度为1-200位字符") @@ -91,11 +99,13 @@ public class StoreEditDTO { @NotBlank(message = "法人姓名不能为空") @Size(min = 2, max = 20, message = "法人姓名长度为2-20位字符") @ApiModelProperty(value = "法人姓名") + @Sensitive(strategy = SensitiveStrategy.USERNAME) private String legalName; @NotBlank(message = "法人身份证不能为空") @Size(min = 18, max = 18, message = "法人身份证号长度为18位") @ApiModelProperty(value = "法人身份证") + @Sensitive(strategy = SensitiveStrategy.ID_CARD) private String legalId; @NotBlank(message = "法人身份证不能为空") @@ -105,21 +115,25 @@ public class StoreEditDTO { @Size(min = 1, max = 200, message = "结算银行开户行名称长度为1-200位") @NotBlank(message = "结算银行开户行名称不能为空") @ApiModelProperty(value = "结算银行开户行名称") + @Sensitive(strategy = SensitiveStrategy.NAME) private String settlementBankAccountName; @Size(min = 1, max = 200, message = "结算银行开户账号长度为1-200位") @NotBlank(message = "结算银行开户账号不能为空") @ApiModelProperty(value = "结算银行开户账号") + @Sensitive(strategy = SensitiveStrategy.NAME) private String settlementBankAccountNum; @Size(min = 1, max = 200, message = "结算银行开户支行名称长度为1-200位") @NotBlank(message = "结算银行开户支行名称不能为空") @ApiModelProperty(value = "结算银行开户支行名称") + @Sensitive(strategy = SensitiveStrategy.NAME) private String settlementBankBranchName; @Size(min = 1, max = 50, message = "结算银行支行联行号长度为1-200位") @NotBlank(message = "结算银行支行联行号不能为空") @ApiModelProperty(value = "结算银行支行联行号") + @Sensitive(strategy = SensitiveStrategy.NAME) private String settlementBankJointName; @NotBlank(message = "店铺经营类目不能为空") @@ -141,11 +155,12 @@ public class StoreEditDTO { private String ddCode; //店铺退货收件地址 - @ApiModelProperty(value = "收货人姓名") + @Sensitive(strategy = SensitiveStrategy.USERNAME) private String salesConsigneeName; @ApiModelProperty(value = "收件人手机") + @Sensitive(strategy = SensitiveStrategy.PHONE) private String salesConsigneeMobile; @ApiModelProperty(value = "地址Id, ','分割") diff --git a/framework/src/main/java/cn/lili/modules/store/entity/vos/StoreDetailVO.java b/framework/src/main/java/cn/lili/modules/store/entity/vos/StoreDetailVO.java index d64fd3d7..69b6c6a5 100644 --- a/framework/src/main/java/cn/lili/modules/store/entity/vos/StoreDetailVO.java +++ b/framework/src/main/java/cn/lili/modules/store/entity/vos/StoreDetailVO.java @@ -3,6 +3,7 @@ package cn.lili.modules.store.entity.vos; import cn.lili.modules.store.entity.dto.StoreEditDTO; import io.swagger.annotations.ApiModelProperty; import lombok.Data; +import lombok.EqualsAndHashCode; /** * 店铺详细VO @@ -10,6 +11,7 @@ import lombok.Data; * @author pikachu * @since 2020-03-09 21:53:20 */ +@EqualsAndHashCode(callSuper = true) @Data public class StoreDetailVO extends StoreEditDTO { diff --git a/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java b/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java index 05985eaa..6daf5c1d 100644 --- a/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java +++ b/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java @@ -7,6 +7,7 @@ import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.dto.ManagerMemberEditDTO; import cn.lili.modules.member.entity.dto.MemberAddDTO; import cn.lili.modules.member.entity.vo.MemberSearchVO; +import cn.lili.modules.member.entity.vo.MemberVO; import cn.lili.modules.member.service.MemberService; import cn.lili.modules.system.aspect.annotation.DemoSite; import com.baomidou.mybatisplus.core.metadata.IPage; @@ -35,7 +36,7 @@ public class MemberManagerController { @ApiOperation(value = "会员分页列表") @GetMapping - public ResultMessage> getByPage(MemberSearchVO memberSearchVO, PageVO page) { + public ResultMessage> getByPage(MemberSearchVO memberSearchVO, PageVO page) { return ResultUtil.data(memberService.getMemberPage(memberSearchVO, page)); } diff --git a/manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java b/manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java index 227c8e8d..9bd1d547 100644 --- a/manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java +++ b/manager-api/src/main/java/cn/lili/controller/passport/AdminUserManagerController.java @@ -5,11 +5,13 @@ import cn.lili.common.enums.ResultUtil; import cn.lili.common.exception.ServiceException; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; +import cn.lili.common.security.enums.UserEnums; import cn.lili.common.security.token.Token; import cn.lili.common.utils.StringUtils; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.common.vo.SearchVO; +import cn.lili.modules.member.service.MemberService; import cn.lili.modules.permission.entity.dos.AdminUser; import cn.lili.modules.permission.entity.dto.AdminUserDTO; import cn.lili.modules.permission.entity.vo.AdminUserVO; @@ -51,6 +53,11 @@ public class AdminUserManagerController { private AdminUserService adminUserService; @Autowired private DepartmentService departmentService; + /** + * 会员 + */ + @Autowired + private MemberService memberService; @Autowired private VerificationService verificationService; @@ -67,6 +74,12 @@ public class AdminUserManagerController { } } + @ApiOperation(value = "注销接口") + @PostMapping("/logout") + public ResultMessage logout() { + this.memberService.logout(UserEnums.MANAGER); + return ResultUtil.success(); + } @ApiOperation(value = "刷新token") @GetMapping("/refresh/{refreshToken}") diff --git a/manager-api/src/test/java/cn/lili/test/elasticsearch/EsTest.java b/manager-api/src/test/java/cn/lili/test/elasticsearch/EsTest.java index 430ad1d7..0ddd4001 100644 --- a/manager-api/src/test/java/cn/lili/test/elasticsearch/EsTest.java +++ b/manager-api/src/test/java/cn/lili/test/elasticsearch/EsTest.java @@ -1,6 +1,6 @@ package cn.lili.test.elasticsearch; -import cn.hutool.core.util.ReflectUtil; +import cn.hutool.http.HtmlUtil; import cn.hutool.json.JSONUtil; import cn.lili.cache.Cache; import cn.lili.common.vo.PageVO; @@ -20,14 +20,14 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; +import org.owasp.html.PolicyFactory; +import org.owasp.html.Sanitizers; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.data.elasticsearch.core.SearchPage; import org.springframework.test.context.junit.jupiter.SpringExtension; -import java.lang.reflect.Field; import java.util.ArrayList; -import java.util.Date; import java.util.List; import java.util.Map; @@ -59,47 +59,12 @@ class EsTest { public static void main(String[] args) { - EsGoodsIndex goodsIndex = new EsGoodsIndex(); - goodsIndex.setGoodsName("1111"); - goodsIndex.setBuyCount(99); - goodsIndex.setCommentNum(99); - goodsIndex.setGrade(100D); - goodsIndex.setHighPraiseNum(100); - goodsIndex.setIntro("I'd like a cup of tea, please"); - goodsIndex.setIsAuth("1"); - goodsIndex.setMarketEnable("1"); - goodsIndex.setMobileIntro("I want something cold to drink"); - goodsIndex.setPoint(0); - goodsIndex.setSelfOperated(true); - goodsIndex.setThumbnail("picture"); - goodsIndex.setStoreCategoryPath("1"); - - String ignoreField = "serialVersionUID,promotionMap,id,goodsId"; - - List goodsIndices = new ArrayList<>(); - Map fieldMap = ReflectUtil.getFieldMap(EsGoodsIndex.class); - for (int i = 0; i < 10; i++) { - EsGoodsIndex a = new EsGoodsIndex(); - for (Map.Entry entry : fieldMap.entrySet()) { - Object fieldValue = ReflectUtil.getFieldValue(goodsIndex, entry.getValue()); - if (fieldValue != null && !ignoreField.contains(entry.getKey())) { - ReflectUtil.setFieldValue(a, entry.getValue(), fieldValue); - } - } - goodsIndices.add(a); - } - - ; -// BeanUtil.copyProperties(goodsIndex, a); - System.out.println(cn.hutool.core.date.DateUtil.endOfDay(new Date())); -// ReflectUtil.getFieldValue(goodsIndex, ) -// for (Object o : ReflectUtil.getFieldsValue(goodsIndex)) { -// if (o != null) { -// System.out.println(o); -// } -// } - - + PolicyFactory policy = Sanitizers.FORMATTING.and(Sanitizers.LINKS); + String safeHTML = policy.sanitize("+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-"); + System.out.println(safeHTML); + System.out.println(Sanitizers.FORMATTING.and(Sanitizers.FORMATTING).sanitize("+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-")); + System.out.println(HtmlUtil.unescape(safeHTML)); + System.out.println(HtmlUtil.filter("+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-")); } @Test diff --git a/pom.xml b/pom.xml index e3791af6..94157681 100644 --- a/pom.xml +++ b/pom.xml @@ -59,6 +59,7 @@ 2.3.0 1.2.2 2.3.1 + 20211018.2 diff --git a/seller-api/src/main/java/cn/lili/controller/passport/StorePassportController.java b/seller-api/src/main/java/cn/lili/controller/passport/StorePassportController.java index 639164e1..531857da 100644 --- a/seller-api/src/main/java/cn/lili/controller/passport/StorePassportController.java +++ b/seller-api/src/main/java/cn/lili/controller/passport/StorePassportController.java @@ -4,11 +4,12 @@ package cn.lili.controller.passport; import cn.lili.common.enums.ResultCode; import cn.lili.common.enums.ResultUtil; import cn.lili.common.exception.ServiceException; -import cn.lili.modules.verification.enums.VerificationEnums; -import cn.lili.modules.verification.service.VerificationService; +import cn.lili.common.security.enums.UserEnums; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.service.MemberService; +import cn.lili.modules.verification.enums.VerificationEnums; +import cn.lili.modules.verification.service.VerificationService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; @@ -54,6 +55,13 @@ public class StorePassportController { } } + @ApiOperation(value = "注销接口") + @PostMapping("/logout") + public ResultMessage logout() { + this.memberService.logout(UserEnums.STORE); + return ResultUtil.success(); + } + @ApiOperation(value = "修改密码") @ApiImplicitParams({ @ApiImplicitParam(name = "password", value = "旧密码", required = true, paramType = "query"),