diff --git a/common-api/src/main/java/cn/lili/controller/common/UploadController.java b/common-api/src/main/java/cn/lili/controller/common/UploadController.java index 82003a58..281f1d29 100644 --- a/common-api/src/main/java/cn/lili/controller/common/UploadController.java +++ b/common-api/src/main/java/cn/lili/controller/common/UploadController.java @@ -104,11 +104,4 @@ public class UploadController { } return ResultUtil.data(result); } - - - @ApiOperation(value = "返回licences") - @PostMapping(value = "/licences") - public ResultMessage licences() { - return ResultUtil.data(systemSettingProperties.getLicences()); - } } diff --git a/config/application.yml b/config/application.yml index 59d96d8d..0ca54b4e 100644 --- a/config/application.yml +++ b/config/application.yml @@ -114,7 +114,7 @@ spring: props: #是否打印逻辑SQL语句和实际SQL语句,建议调试时打印,在生产环境关闭 sql: - show: false + show: true # 忽略鉴权url ignored: @@ -227,6 +227,12 @@ lili: system: isDemoSite: false isTestModel: true +# 脱敏级别: +# 0:不做脱敏处理 +# 1:管理端用户手机号等信息脱敏 +# 2:商家端信息脱敏(为2时,表示管理端,商家端同时脱敏) +# sensitiveLevel: 2 + statistics: # 在线人数统计 X 小时。这里设置48,即统计过去48小时每小时在线人数 onlineMember: 48 diff --git a/framework/src/main/java/cn/lili/common/properties/SystemSettingProperties.java b/framework/src/main/java/cn/lili/common/properties/SystemSettingProperties.java index 7391fe52..2063270d 100644 --- a/framework/src/main/java/cn/lili/common/properties/SystemSettingProperties.java +++ b/framework/src/main/java/cn/lili/common/properties/SystemSettingProperties.java @@ -27,7 +27,34 @@ public class SystemSettingProperties { private Boolean isTestModel = false; /** - * 授权信息 + * 脱敏级别: + * 0:不做脱敏处理 + * 1:管理端用户手机号等信息脱敏 + * 2:商家端信息脱敏(为2时,表示管理端,商家端同时脱敏) + *

+ * PS: */ - private String licences = ""; + private Integer sensitiveLevel = 0; + + + public Boolean getDemoSite() { + if (isDemoSite == null) { + return false; + } + return isDemoSite; + } + + public Boolean getTestModel() { + if (isTestModel == null) { + return false; + } + return isTestModel; + } + + public Integer getSensitiveLevel() { + if (sensitiveLevel == null) { + return 0; + } + return sensitiveLevel; + } } diff --git a/framework/src/main/java/cn/lili/common/security/filter/SensitiveJsonSerializer.java b/framework/src/main/java/cn/lili/common/security/filter/SensitiveJsonSerializer.java deleted file mode 100644 index cba8edbd..00000000 --- a/framework/src/main/java/cn/lili/common/security/filter/SensitiveJsonSerializer.java +++ /dev/null @@ -1,38 +0,0 @@ -package cn.lili.common.security.filter; - -import com.fasterxml.jackson.core.JsonGenerator; -import com.fasterxml.jackson.databind.BeanProperty; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.JsonSerializer; -import com.fasterxml.jackson.databind.SerializerProvider; -import com.fasterxml.jackson.databind.ser.ContextualSerializer; - -import java.io.IOException; -import java.util.Objects; - -/** - * @author liushuai(liushuai711 @ gmail.com) - * @version v4.1 - * @Description: - * @since 2021/9/8 3:03 下午 - */ -public class SensitiveJsonSerializer extends JsonSerializer implements ContextualSerializer { - private SensitiveStrategy strategy; - - @Override - public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException { - gen.writeString(strategy.desensitizer().apply(value)); - } - - @Override - public JsonSerializer createContextual(SerializerProvider prov, BeanProperty property) throws JsonMappingException { - - Sensitive annotation = property.getAnnotation(Sensitive.class); - if (Objects.nonNull(annotation)&&Objects.equals(String.class, property.getType().getRawClass())) { - this.strategy = annotation.strategy(); - return this; - } - return prov.findValueSerializer(property.getType(), property); - - } -} diff --git a/framework/src/main/java/cn/lili/common/security/filter/Sensitive.java b/framework/src/main/java/cn/lili/common/security/sensitive/Sensitive.java similarity index 67% rename from framework/src/main/java/cn/lili/common/security/filter/Sensitive.java rename to framework/src/main/java/cn/lili/common/security/sensitive/Sensitive.java index 797459af..f8318d6b 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/Sensitive.java +++ b/framework/src/main/java/cn/lili/common/security/sensitive/Sensitive.java @@ -1,5 +1,6 @@ -package cn.lili.common.security.filter; +package cn.lili.common.security.sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; import com.fasterxml.jackson.annotation.JacksonAnnotationsInside; import com.fasterxml.jackson.databind.annotation.JsonSerialize; @@ -8,6 +9,15 @@ import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.Target; + +/** + * 敏感注解 + * + * @author liushuai(liushuai711 @ gmail.com) + * @version v4.0 + * @Description: + * @since 2021/9/10 16:45 + */ @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.FIELD) @JacksonAnnotationsInside diff --git a/framework/src/main/java/cn/lili/common/security/sensitive/SensitiveJsonSerializer.java b/framework/src/main/java/cn/lili/common/security/sensitive/SensitiveJsonSerializer.java new file mode 100644 index 00000000..7fba151f --- /dev/null +++ b/framework/src/main/java/cn/lili/common/security/sensitive/SensitiveJsonSerializer.java @@ -0,0 +1,101 @@ +package cn.lili.common.security.sensitive; + +import cn.lili.common.properties.SystemSettingProperties; +import cn.lili.common.security.AuthUser; +import cn.lili.common.security.context.UserContext; +import cn.lili.common.security.enums.UserEnums; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.BeanProperty; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.ContextualSerializer; +import org.springframework.beans.BeansException; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; + +import java.io.IOException; +import java.util.Objects; + +/** + * 敏感信息序列化时 过滤 + * + * @author liushuai(liushuai711 @ gmail.com) + * @version v4.0 + * @Description: + * @since 2021/9/10 16:46 + */ +public class SensitiveJsonSerializer extends JsonSerializer + implements ContextualSerializer, ApplicationContextAware { + private SensitiveStrategy strategy; + + //系统配置 + private SystemSettingProperties systemSettingProperties; + + @Override + public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException { + // 字段序列化处理 + gen.writeString(strategy.desensitizer().apply(value)); + } + + @Override + public JsonSerializer createContextual(SerializerProvider prov, BeanProperty property) throws JsonMappingException { + + // 判定是否 需要脱敏处理 + if (desensitization()) { + //获取敏感枚举 + Sensitive annotation = property.getAnnotation(Sensitive.class); + //如果有敏感注解,则加入脱敏规则 + if (Objects.nonNull(annotation) && Objects.equals(String.class, property.getType().getRawClass())) { + this.strategy = annotation.strategy(); + return this; + } + } + return prov.findValueSerializer(property.getType(), property); + + } + + @Override + public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { + systemSettingProperties = applicationContext.getBean(SystemSettingProperties.class); + } + + /** + * 是否需要脱敏处理 + * + * @return + */ + private boolean desensitization() { + + //当前用户 + AuthUser authUser = UserContext.getCurrentUser(); + //默认脱敏 + if (authUser == null) { + return true; + } + + //如果是店铺 + if (authUser.getRole().equals(UserEnums.STORE)) { + //店铺需要进行脱敏,则脱敏处理 + if (systemSettingProperties.getSensitiveLevel() == 2) { + return true; + } + //默认不需要 + return false; + } + + + //如果是店铺 + if (authUser.getRole().equals(UserEnums.MANAGER)) { + //店铺需要进行脱敏,则脱敏处理 + if (systemSettingProperties.getSensitiveLevel() >= 1) { + return true; + } + //默认不需要 + return false; + } + + return false; + } +} diff --git a/framework/src/main/java/cn/lili/common/security/filter/SensitiveStrategy.java b/framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java similarity index 88% rename from framework/src/main/java/cn/lili/common/security/filter/SensitiveStrategy.java rename to framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java index dbba625d..8b04e5e7 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/SensitiveStrategy.java +++ b/framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java @@ -1,13 +1,16 @@ -package cn.lili.common.security.filter; +package cn.lili.common.security.sensitive.enums; import java.util.function.Function; /** + * 敏感策略枚举 + * * @author liushuai(liushuai711 @ gmail.com) - * @version v4.1 + * @version v4.0 * @Description: - * @since 2021/9/8 3:03 下午 + * @since 2021/9/10 16:46 */ + public enum SensitiveStrategy { /** * Username sensitive strategy. diff --git a/framework/src/main/java/cn/lili/modules/connect/entity/enums/ConnectEnum.java b/framework/src/main/java/cn/lili/modules/connect/entity/enums/ConnectEnum.java index 1103a9c8..04d17aab 100644 --- a/framework/src/main/java/cn/lili/modules/connect/entity/enums/ConnectEnum.java +++ b/framework/src/main/java/cn/lili/modules/connect/entity/enums/ConnectEnum.java @@ -13,8 +13,8 @@ public enum ConnectEnum { */ QQ("QQ登录"), WEIBO("微博联合登录"), - WECHAT("微信联合登录"), //只存放unionid + WECHAT("微信联合登录"), WECHAT_OPEN_ID("微信openid登录"), WECHAT_MP_OPEN_ID("微信openid登录"), ALIPAY("支付宝登录"), diff --git a/framework/src/main/java/cn/lili/modules/member/entity/dos/Member.java b/framework/src/main/java/cn/lili/modules/member/entity/dos/Member.java index 39b32dcc..a18bd982 100644 --- a/framework/src/main/java/cn/lili/modules/member/entity/dos/Member.java +++ b/framework/src/main/java/cn/lili/modules/member/entity/dos/Member.java @@ -1,8 +1,8 @@ package cn.lili.modules.member.entity.dos; import cn.lili.common.enums.ClientTypeEnum; -import cn.lili.common.security.filter.Sensitive; -import cn.lili.common.security.filter.SensitiveStrategy; +import cn.lili.common.security.sensitive.Sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; import cn.lili.mybatis.BaseEntity; import com.baomidou.mybatisplus.annotation.TableName; import com.fasterxml.jackson.annotation.JsonFormat; diff --git a/framework/src/main/java/cn/lili/modules/member/entity/dos/MemberAddress.java b/framework/src/main/java/cn/lili/modules/member/entity/dos/MemberAddress.java index 3cfeba49..480d2a40 100644 --- a/framework/src/main/java/cn/lili/modules/member/entity/dos/MemberAddress.java +++ b/framework/src/main/java/cn/lili/modules/member/entity/dos/MemberAddress.java @@ -1,7 +1,7 @@ package cn.lili.modules.member.entity.dos; -import cn.lili.common.security.filter.Sensitive; -import cn.lili.common.security.filter.SensitiveStrategy; +import cn.lili.common.security.sensitive.Sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; import cn.lili.common.validation.Phone; import cn.lili.mybatis.BaseEntity; import com.baomidou.mybatisplus.annotation.TableName; diff --git a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java index e72968b5..3cc467d8 100644 --- a/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java +++ b/framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java @@ -4,8 +4,8 @@ import cn.hutool.core.util.StrUtil; import cn.hutool.json.JSONUtil; import cn.lili.common.enums.ClientTypeEnum; import cn.lili.common.enums.PromotionTypeEnum; -import cn.lili.common.security.filter.Sensitive; -import cn.lili.common.security.filter.SensitiveStrategy; +import cn.lili.common.security.sensitive.Sensitive; +import cn.lili.common.security.sensitive.enums.SensitiveStrategy; import cn.lili.common.utils.BeanUtil; import cn.lili.modules.goods.entity.enums.GoodsTypeEnum; import cn.lili.modules.order.cart.entity.dto.TradeDTO; diff --git a/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java b/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java index b09de089..dd9d2453 100644 --- a/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java +++ b/framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java @@ -274,9 +274,9 @@ public class AfterSaleServiceImpl extends ServiceImpl().eq(RefundLog::getPaymentReceivableNo, transactionId)); - if (refundLog != null) { - refundLog.setIsRefund(true); - refundLog.setReceivableNo(refundId); - refundLogService.saveOrUpdate(refundLog); + if (("REFUND.SUCCESS").equals(ciphertext.getStr("event_type"))) { + log.info("退款成功 {}", plainText); + //校验服务器端响应 + JSONObject jsonObject = JSONUtil.parseObj(plainText); + String transactionId = jsonObject.getStr("transaction_id"); + String refundId = jsonObject.getStr("refund_id"); + + RefundLog refundLog = refundLogService.getOne(new LambdaQueryWrapper().eq(RefundLog::getPaymentReceivableNo, transactionId)); + if (refundLog != null) { + refundLog.setIsRefund(true); + refundLog.setReceivableNo(refundId); + refundLogService.saveOrUpdate(refundLog); + } + + } else { + log.info("退款失败 {}", plainText); + JSONObject jsonObject = JSONUtil.parseObj(plainText); + String transactionId = jsonObject.getStr("transaction_id"); + String refundId = jsonObject.getStr("refund_id"); + + RefundLog refundLog = refundLogService.getOne(new LambdaQueryWrapper().eq(RefundLog::getPaymentReceivableNo, transactionId)); + if (refundLog != null) { + refundLog.setReceivableNo(refundId); + refundLog.setErrorMessage(ciphertext.getStr("summary")); + refundLogService.saveOrUpdate(refundLog); + } } } catch (Exception e) { log.error("微信退款失败", e); diff --git a/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java b/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java index f8815508..3e5e2e61 100644 --- a/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java +++ b/framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java @@ -1,7 +1,5 @@ package cn.lili.modules.store.entity.dto; -import cn.lili.common.security.filter.Sensitive; -import cn.lili.common.security.filter.SensitiveStrategy; import cn.lili.common.validation.Mobile; import cn.lili.common.validation.Phone; import com.baomidou.mybatisplus.annotation.TableField; @@ -76,7 +74,6 @@ public class StoreEditDTO { @NotBlank(message = "手机号不能为空") @Phone @ApiModelProperty(value = "联系人电话") - @Sensitive(strategy = SensitiveStrategy.PHONE) private String linkPhone; @Size(min = 18, max = 18, message = "营业执照长度为18位字符") diff --git a/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java b/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java index 9382fb9d..05985eaa 100644 --- a/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java +++ b/manager-api/src/main/java/cn/lili/controller/member/MemberManagerController.java @@ -3,7 +3,6 @@ package cn.lili.controller.member; import cn.lili.common.enums.ResultUtil; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; -import cn.lili.modules.system.aspect.annotation.DemoSite; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.dto.ManagerMemberEditDTO; import cn.lili.modules.member.entity.dto.MemberAddDTO;