From d3e1de5620013eb31af1a7ddec1030465304244d Mon Sep 17 00:00:00 2001 From: paulGao Date: Thu, 9 Sep 2021 16:47:14 +0800 Subject: [PATCH] fix XSS and BAC, improve code style --- .../goods/CategoryBuyerController.java | 2 +- .../member/FootprintController.java | 2 +- .../member/MemberAddressBuyerController.java | 2 +- .../member/MemberCollectionController.java | 2 +- .../MemberEvaluationBuyerController.java | 4 +- .../member/MemberMessageBuyerController.java | 4 +- .../member/MemberReceiptController.java | 4 +- .../member/MemberSignBuyerController.java | 2 +- .../member/MemberWalletBuyerController.java | 8 +- .../MemberWithdrawApplyBuyerController.java | 4 +- .../member/RechargeBuyerController.java | 4 +- .../member/ServiceNoticeBuyerController.java | 4 +- .../other/AppVersionBuyerController.java | 4 +- .../other/ArticleBuyerController.java | 2 +- .../other/broadcast/StudioController.java | 2 +- .../DistributionBuyerController.java | 4 +- .../DistributionCashBuyerController.java | 2 +- .../DistributionGoodsBuyerController.java | 2 +- .../DistributionOrderBuyerController.java | 2 +- .../passport/MemberBuyerController.java | 10 +- .../purchase/PurchaseBuyerController.java | 2 +- .../purchase/PurchaseQuotedController.java | 2 +- .../store/StoreBuyerController.java | 2 +- .../trade/RechargeTradeBuyerController.java | 2 +- .../trade/WalletLogBuyerController.java | 6 +- .../event/impl/MemberExperienceExecute.java | 2 +- .../impl/RegisteredCouponActivityExecute.java | 2 +- .../event/impl/VerificationOrderExecute.java | 4 +- .../impl/broadcast/BroadcastExecute.java | 2 +- .../handler/impl/coupon/CouponExecute.java | 2 +- .../BroadcastTimeTriggerExecutor.java | 6 +- .../java/cn/lili/common/enums/ResultCode.java | 1 + .../filter/XssHttpServletRequestWrapper.java | 157 ++++++++++++------ .../cn/lili/common/utils/CurrencyUtil.java | 2 +- .../cn/lili/common/utils/HttpClientUtils.java | 2 +- .../validation/impl/MobileValidator.java | 3 +- .../validation/impl/PhoneValidator.java | 4 +- .../entity/dto/DistributionApplyDTO.java | 2 +- .../service/DistributionGoodsService.java | 3 +- .../DistributionGoodsServiceImpl.java | 10 +- .../modules/goods/entity/dos/Commodity.java | 2 +- .../lili/modules/goods/entity/dos/Goods.java | 10 +- .../modules/goods/entity/dos/GoodsUnit.java | 2 +- .../lili/modules/goods/entity/dos/Studio.java | 2 +- .../goods/entity/dos/StudioCommodity.java | 2 +- .../goods/entity/dto/CommodityDTO.java | 2 +- .../modules/goods/entity/dto/GoodsInfo.java | 2 +- .../goods/entity/dto/SimpleCommodity.java | 2 +- .../goods/entity/enums/GoodsTypeEnum.java | 2 +- .../goods/entity/enums/StudioStatusEnum.java | 2 +- .../modules/goods/entity/vos/CommodityVO.java | 2 +- .../modules/goods/entity/vos/StudioVO.java | 2 +- .../modules/goods/mapper/CommodityMapper.java | 2 +- .../goods/mapper/StudioCommodityMapper.java | 2 +- .../modules/goods/mapper/StudioMapper.java | 2 +- .../goods/service/CommodityService.java | 2 +- .../goods/service/GoodsUnitService.java | 2 +- .../goods/service/StudioCommodityService.java | 2 +- .../modules/goods/service/StudioService.java | 11 +- .../serviceimpl/CommodityServiceImpl.java | 23 ++- .../goods/serviceimpl/GoodsServiceImpl.java | 39 ++++- .../StudioCommodityServiceImpl.java | 2 +- .../goods/serviceimpl/StudioServiceImpl.java | 97 ++++++----- .../goods/util/WechatLivePlayerUtil.java | 4 +- .../modules/goods/util/WechatMediaUtil.java | 4 +- .../member/mapper/MemberGradeMapper.java | 2 +- .../member/service/MemberGradeService.java | 2 +- .../serviceimpl/MemberGradeServiceImpl.java | 2 +- .../member/serviceimpl/MemberServiceImpl.java | 29 ++-- .../order/aop/OrderOperationLogAspect.java | 2 +- .../order/entity/dos/AfterSaleReason.java | 2 +- .../entity/dto/OrderBatchDeliverDTO.java | 2 +- .../order/entity/dto/OrderExportDTO.java | 2 +- .../serviceimpl/AfterSaleServiceImpl.java | 35 ++-- .../order/serviceimpl/OrderServiceImpl.java | 4 +- .../modules/page/entity/dos/PageData.java | 10 +- .../page/serviceimpl/PageDataServiceImpl.java | 6 +- .../entity/dto/CouponActivityDTO.java | 2 +- .../enums/CouponActivitySendTypeEnum.java | 2 +- .../entity/enums/CouponActivityTypeEnum.java | 2 +- .../entity/enums/CouponRangeDayEnum.java | 2 +- .../entity/vos/CouponActivityItemVO.java | 2 +- .../entity/vos/CouponActivityVO.java | 2 +- .../vos/PromotionGoodsSearchParams.java | 6 + .../mapper/CouponActivityItemMapper.java | 2 +- .../mapper/CouponActivityMapper.java | 2 +- .../service/CouponActivityItemService.java | 2 +- .../service/CouponActivityService.java | 2 +- .../CouponActivityItemServiceImpl.java | 2 +- .../CouponActivityServiceImpl.java | 18 +- .../modules/statistics/aop/PageViewPoint.java | 2 +- .../IndexStatisticsServiceImpl.java | 4 +- .../store/service/StoreAddressService.java | 6 +- .../FreightTemplateServiceImpl.java | 4 +- .../serviceimpl/StoreAddressServiceImpl.java | 17 +- .../serviceimpl/StoreDetailServiceImpl.java | 20 ++- .../store/serviceimpl/StoreServiceImpl.java | 8 +- .../system/aspect/annotation/DemoSite.java | 2 +- .../system/entity/dto/ExperienceSetting.java | 2 +- .../system/entity/dto/SeckillSetting.java | 2 +- .../system/service/StoreLogisticsService.java | 14 +- .../StoreLogisticsServiceImpl.java | 20 +-- .../VerificationSourceServiceImpl.java | 7 +- .../system/utils/OperationalJudgment.java | 14 +- .../service/VerificationService.java | 2 +- .../trigger/message/BroadcastMessage.java | 2 +- .../goods/GoodsUnitManagerController.java | 4 +- .../goods/ParameterManagerController.java | 2 +- .../member/MemberGradeManagerController.java | 4 +- .../MemberMessageManagerController.java | 2 +- .../member/MemberWalletManagerController.java | 2 +- .../MemberWithdrawApplyManagerController.java | 2 +- .../other/SpecialManagerController.java | 4 +- .../other/VerificationSourceController.java | 4 +- .../broadcast/CommodityManagerController.java | 2 +- .../broadcast/StudioManagerController.java | 2 +- .../CouponActivityManagerController.java | 4 +- .../purchase/PurchaseManagerController.java | 2 +- .../InstantDeliveryManagerController.java | 4 +- .../setting/LogManagerController.java | 2 +- .../setting/LogisticsManagerController.java | 4 +- .../MemberNoticeManagerController.java | 6 +- .../NoticeMessageManagerController.java | 4 +- .../ServiceNoticeManagerController.java | 4 +- .../setting/SmsManagerController.java | 4 +- .../setting/SmsSignManagerController.java | 3 +- .../setting/SmsTemplateManagerController.java | 3 +- .../GoodsStatisticsManagerController.java | 2 +- .../IndexStatisticsManagerController.java | 2 +- .../MemberStatisticsManagerController.java | 2 +- .../OrderStatisticsManagerController.java | 2 +- ...efundOrderStatisticsManagerController.java | 2 +- .../store/BillManagerController.java | 2 +- .../store/StoreManagerController.java | 3 +- .../store/StoreMessageManagerController.java | 2 +- .../trade/AfterSaleManagerController.java | 2 +- .../AfterSaleReasonManagerController.java | 4 +- .../OrderComplaintManagerController.java | 2 +- .../trade/RechargeManagerController.java | 6 +- .../trade/RefundLogManagerController.java | 4 +- .../trade/WalletLogManagerController.java | 2 +- .../cn/lili/test/promotion/SeckillTest.java | 39 ++--- ...CategoryParameterGroupStoreController.java | 30 +--- .../goods/CategoryStoreController.java | 6 +- .../goods/DraftGoodsStoreController.java | 28 ++-- .../goods/GoodsGalleryController.java | 79 --------- .../goods/GoodsLabelStoreController.java | 11 +- .../goods/GoodsStoreController.java | 53 +++--- .../broadcast/CommodityStoreController.java | 2 +- .../broadcast/StudioStoreController.java | 19 ++- .../DistributionGoodsStoreController.java | 9 +- .../DistributionOrderStoreController.java | 8 +- .../promotion/CouponStoreController.java | 42 ++--- .../FullDiscountStoreController.java | 14 +- .../promotion/PintuanStoreController.java | 21 ++- .../promotion/SeckillStoreController.java | 12 +- .../FreightTemplateStoreController.java | 16 +- .../settings/LogStoreController.java | 9 +- .../settings/LogisticsStoreController.java | 20 ++- .../settings/StoreAddressController.java | 21 ++- .../settings/StoreMessageController.java | 16 +- .../settings/StorePageDataController.java | 30 +++- .../settings/StoreSettingsController.java | 21 ++- .../GoodsStatisticsStoreController.java | 8 +- .../IndexStatisticsStoreController.java | 8 +- .../OrderStatisticsStoreController.java | 24 +-- .../RefundOrderStatisticsStoreController.java | 12 +- .../ViewStatisticsStoreController.java | 6 +- .../trade/AfterSaleStoreController.java | 10 +- .../controller/trade/BillStoreController.java | 11 +- .../MemberEvaluationStoreController.java | 10 +- .../trade/OrderComplaintStoreController.java | 13 +- .../trade/OrderLogStoreController.java | 6 + .../trade/OrderStoreController.java | 21 ++- .../trade/ReceiptStoreController.java | 16 +- 175 files changed, 858 insertions(+), 678 deletions(-) delete mode 100644 seller-api/src/main/java/cn/lili/controller/goods/GoodsGalleryController.java diff --git a/buyer-api/src/main/java/cn/lili/controller/goods/CategoryBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/goods/CategoryBuyerController.java index 49ed7429..e5cb0157 100644 --- a/buyer-api/src/main/java/cn/lili/controller/goods/CategoryBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/goods/CategoryBuyerController.java @@ -21,7 +21,7 @@ import java.util.List; * 买家端,商品分类接口 * * @author Chopper - * @since: 2020/11/16 10:05 下午 + * @since 2020/11/16 10:05 下午 */ @RestController @Api(tags = "买家端,商品分类接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/FootprintController.java b/buyer-api/src/main/java/cn/lili/controller/member/FootprintController.java index 4d7d73f2..b0ad9da4 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/FootprintController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/FootprintController.java @@ -19,7 +19,7 @@ import java.util.List; * 买家端,浏览历史接口 * * @author Chopper - * @since: 2020/11/16 10:06 下午 + * @since 2020/11/16 10:06 下午 */ @RestController @Api(tags = "买家端,浏览历史接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java index 42cf0a6d..6353c3fa 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberAddressBuyerController.java @@ -20,7 +20,7 @@ import javax.validation.Valid; * 买家端,会员地址接口 * * @author Bulbasaur - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,会员地址接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberCollectionController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberCollectionController.java index 0c13c58e..8fa42a0f 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberCollectionController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberCollectionController.java @@ -18,7 +18,7 @@ import javax.validation.constraints.NotNull; * 买家端,会员收藏接口 * * @author Chopper - * @since: 2020/11/17 2:32 下午 + * @since 2020/11/17 2:32 下午 */ @RestController @Api(tags = "买家端,会员收藏接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberEvaluationBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberEvaluationBuyerController.java index 6801d9e5..acf5b34d 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberEvaluationBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberEvaluationBuyerController.java @@ -1,8 +1,8 @@ package cn.lili.controller.member; +import cn.lili.common.enums.ResultUtil; import cn.lili.common.enums.SwitchEnum; import cn.lili.common.security.context.UserContext; -import cn.lili.common.enums.ResultUtil; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.MemberEvaluation; import cn.lili.modules.member.entity.dto.EvaluationQueryParams; @@ -24,7 +24,7 @@ import javax.validation.constraints.NotNull; * 买家端,会员商品评价接口 * * @author Bulbasaur - * @since: 2020/11/16 10:08 下午 + * @since 2020/11/16 10:08 下午 */ @RestController @Api(tags = "买家端,会员商品评价接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberMessageBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberMessageBuyerController.java index d4f9520b..552e6aeb 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberMessageBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberMessageBuyerController.java @@ -4,8 +4,8 @@ import cn.lili.common.enums.ResultUtil; import cn.lili.common.security.context.UserContext; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; -import cn.lili.modules.message.entity.enums.MessageStatusEnum; import cn.lili.modules.message.entity.dos.MemberMessage; +import cn.lili.modules.message.entity.enums.MessageStatusEnum; import cn.lili.modules.message.entity.vos.MemberMessageQueryVO; import cn.lili.modules.message.service.MemberMessageService; import com.baomidou.mybatisplus.core.metadata.IPage; @@ -19,7 +19,7 @@ import org.springframework.web.bind.annotation.*; * 买家端,会员站内消息接口 * * @author Bulbasaur - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,会员站内消息接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberReceiptController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberReceiptController.java index 9f591e96..2d82d55c 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberReceiptController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberReceiptController.java @@ -1,8 +1,8 @@ package cn.lili.controller.member; -import cn.lili.common.security.context.UserContext; import cn.lili.common.enums.ResultUtil; +import cn.lili.common.security.context.UserContext; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.vo.MemberReceiptAddVO; @@ -19,7 +19,7 @@ import org.springframework.web.bind.annotation.*; * 买家端,会员发票接口 * * @author paulG - * @since: 2021-03-29 14:10:16 + * @since 2021-03-29 14:10:16 */ @RestController @Api(tags = "买家端,会员发票接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberSignBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberSignBuyerController.java index 06c99504..2bd82c61 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberSignBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberSignBuyerController.java @@ -18,7 +18,7 @@ import java.util.List; * 会员签到控制器 * * @author pikachu - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,会员签到API") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberWalletBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberWalletBuyerController.java index d9dac7f5..ca2135c1 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberWalletBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberWalletBuyerController.java @@ -1,18 +1,18 @@ package cn.lili.controller.member; import cn.lili.common.enums.ResultCode; +import cn.lili.common.enums.ResultUtil; import cn.lili.common.exception.ServiceException; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; -import cn.lili.common.enums.ResultUtil; -import cn.lili.modules.verification.enums.VerificationEnums; -import cn.lili.modules.verification.service.VerificationService; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.dos.MemberWallet; import cn.lili.modules.member.entity.vo.MemberWalletVO; import cn.lili.modules.member.service.MemberService; import cn.lili.modules.member.service.MemberWalletService; +import cn.lili.modules.verification.enums.VerificationEnums; +import cn.lili.modules.verification.service.VerificationService; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -30,7 +30,7 @@ import javax.validation.constraints.Pattern; * 买家端,会员余额接口 * * @author pikachu - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,会员余额接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/MemberWithdrawApplyBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/MemberWithdrawApplyBuyerController.java index 28306be0..5ac9e860 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/MemberWithdrawApplyBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/MemberWithdrawApplyBuyerController.java @@ -1,8 +1,8 @@ package cn.lili.controller.member; -import cn.lili.common.security.context.UserContext; import cn.lili.common.enums.ResultUtil; +import cn.lili.common.security.context.UserContext; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.MemberWithdrawApply; @@ -22,7 +22,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,余额提现记录接口 * * @author pikachu - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,余额提现记录接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/RechargeBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/RechargeBuyerController.java index dc57af9f..e75eea9b 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/RechargeBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/RechargeBuyerController.java @@ -1,7 +1,7 @@ package cn.lili.controller.member; -import cn.lili.common.security.context.UserContext; import cn.lili.common.enums.ResultUtil; +import cn.lili.common.security.context.UserContext; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.order.trade.entity.dos.Recharge; @@ -20,7 +20,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,预存款充值记录接口 * * @author pikachu - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,预存款充值记录接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/member/ServiceNoticeBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/member/ServiceNoticeBuyerController.java index 25530f94..4cb786e7 100644 --- a/buyer-api/src/main/java/cn/lili/controller/member/ServiceNoticeBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/member/ServiceNoticeBuyerController.java @@ -1,11 +1,11 @@ package cn.lili.controller.member; -import cn.lili.mybatis.util.PageUtil; import cn.lili.common.enums.ResultUtil; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.system.entity.dos.ServiceNotice; import cn.lili.modules.system.service.ServiceNoticeService; +import cn.lili.mybatis.util.PageUtil; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; @@ -21,7 +21,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,会员站服务消息接口 * * @author Chopper - * @since: 2020/11/17 2:31 下午 + * @since 2020/11/17 2:31 下午 */ @RestController @RequestMapping("/service/notice") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/AppVersionBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/other/AppVersionBuyerController.java index eef2a8c4..581f3051 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/AppVersionBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/AppVersionBuyerController.java @@ -1,11 +1,11 @@ package cn.lili.controller.other; import cn.lili.common.enums.ResultUtil; -import cn.lili.mybatis.util.PageUtil; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.system.entity.dos.AppVersion; import cn.lili.modules.system.service.AppVersionService; +import cn.lili.mybatis.util.PageUtil; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; @@ -21,7 +21,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,APP版本 * * @author Bulbasaur - * @since: 2021/5/21 11:15 上午 + * @since 2021/5/21 11:15 上午 */ @RestController @Api(tags = "买家端,APP版本") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/ArticleBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/other/ArticleBuyerController.java index bb0a4685..cef8b1ad 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/ArticleBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/ArticleBuyerController.java @@ -25,7 +25,7 @@ import java.util.List; * 买家端,文章接口 * * @author Chopper - * @since: 2020/11/16 10:02 下午 + * @since 2020/11/16 10:02 下午 */ @RestController @Api(tags = "买家端,文章接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/broadcast/StudioController.java b/buyer-api/src/main/java/cn/lili/controller/other/broadcast/StudioController.java index 121f50ce..d161e5c1 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/broadcast/StudioController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/broadcast/StudioController.java @@ -19,7 +19,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,直播间接口 * * @author Bulbasaur - * @since: 2021/5/20 12:03 下午 + * @since 2021/5/20 12:03 下午 */ @RestController @Api(tags = "买家端,直播间接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionBuyerController.java index 515c49a2..68a87488 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionBuyerController.java @@ -1,7 +1,6 @@ package cn.lili.controller.other.distribution; import cn.lili.common.enums.ResultUtil; -import cn.lili.common.security.context.UserContext; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.distribution.entity.dos.Distribution; import cn.lili.modules.distribution.entity.dos.DistributionOrder; @@ -12,7 +11,6 @@ import cn.lili.modules.distribution.service.DistributionService; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; -import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; @@ -22,7 +20,7 @@ import org.springframework.web.bind.annotation.*; * 买家端,分销员接口 * * @author pikachu - * @since: 2020/11/16 10:03 下午 + * @since 2020/11/16 10:03 下午 */ @RestController @Api(tags = "买家端,分销员接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionCashBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionCashBuyerController.java index 2e62f6f4..d27ee742 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionCashBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionCashBuyerController.java @@ -28,7 +28,7 @@ import javax.validation.constraints.NotNull; * 买家端,分销商品佣金提现接口 * * @author pikachu - * @since: 2020/11/16 10:03 下午 + * @since 2020/11/16 10:03 下午 */ @RestController @Api(tags = "买家端,分销商品佣金提现接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionGoodsBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionGoodsBuyerController.java index eafb4250..b2e68fa1 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionGoodsBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionGoodsBuyerController.java @@ -25,7 +25,7 @@ import javax.validation.constraints.NotNull; * 买家端,分销商品接口 * * @author Bulbasaur - * @since: 2020/11/16 10:06 下午 + * @since 2020/11/16 10:06 下午 */ @RestController @Api(tags = "买家端,分销商品接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionOrderBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionOrderBuyerController.java index 30a46f49..4ed20e94 100644 --- a/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionOrderBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/other/distribution/DistributionOrderBuyerController.java @@ -19,7 +19,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,分销商品佣金提现接口 * * @author pikachu - * @since: 2020/11/16 10:03 下午 + * @since 2020/11/16 10:03 下午 */ @RestController @Api(tags = "买家端,分销订单接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java index 7528ff04..d81bc53e 100644 --- a/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/passport/MemberBuyerController.java @@ -1,15 +1,15 @@ package cn.lili.controller.passport; import cn.lili.common.enums.ResultCode; -import cn.lili.common.exception.ServiceException; -import cn.lili.modules.system.sms.SmsUtil; import cn.lili.common.enums.ResultUtil; -import cn.lili.modules.verification.enums.VerificationEnums; -import cn.lili.modules.verification.service.VerificationService; +import cn.lili.common.exception.ServiceException; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.member.entity.dos.Member; import cn.lili.modules.member.entity.dto.MemberEditDTO; import cn.lili.modules.member.service.MemberService; +import cn.lili.modules.system.sms.SmsUtil; +import cn.lili.modules.verification.enums.VerificationEnums; +import cn.lili.modules.verification.service.VerificationService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiImplicitParams; @@ -23,7 +23,7 @@ import javax.validation.constraints.NotNull; * 买家端,会员接口 * * @author Chopper - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,会员接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseBuyerController.java index 4a7a3318..5f8dfecd 100644 --- a/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseBuyerController.java @@ -20,7 +20,7 @@ import javax.validation.constraints.NotNull; * 买家端,采购接口 * * @author Chopper - * @since: 2020/11/16 10:06 下午 + * @since 2020/11/16 10:06 下午 */ @Api(tags = "买家端,采购接口") @RestController diff --git a/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseQuotedController.java b/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseQuotedController.java index facb7063..288dce0f 100644 --- a/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseQuotedController.java +++ b/buyer-api/src/main/java/cn/lili/controller/purchase/PurchaseQuotedController.java @@ -18,7 +18,7 @@ import java.util.List; * 买家端,采购报价接口 * * @author Bulbasaur - * @since: 2020/11/16 10:06 下午 + * @since 2020/11/16 10:06 下午 */ @Api(tags = "买家端,采购报价接口") @RestController diff --git a/buyer-api/src/main/java/cn/lili/controller/store/StoreBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/store/StoreBuyerController.java index 274a00d2..c75fa25a 100644 --- a/buyer-api/src/main/java/cn/lili/controller/store/StoreBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/store/StoreBuyerController.java @@ -27,7 +27,7 @@ import java.util.List; * 买家端,店铺接口 * * @author Bulbasaur - * @since: 2020/11/17 2:32 下午 + * @since 2020/11/17 2:32 下午 */ @RestController @RequestMapping("/buyer/store") diff --git a/buyer-api/src/main/java/cn/lili/controller/trade/RechargeTradeBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/trade/RechargeTradeBuyerController.java index 5f2466dc..2cfc49ae 100644 --- a/buyer-api/src/main/java/cn/lili/controller/trade/RechargeTradeBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/trade/RechargeTradeBuyerController.java @@ -21,7 +21,7 @@ import javax.validation.constraints.Min; * 买家端,预存款充值记录接口 * * @author paulG - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,预存款充值记录接口") diff --git a/buyer-api/src/main/java/cn/lili/controller/trade/WalletLogBuyerController.java b/buyer-api/src/main/java/cn/lili/controller/trade/WalletLogBuyerController.java index aa1708ec..b48918f3 100644 --- a/buyer-api/src/main/java/cn/lili/controller/trade/WalletLogBuyerController.java +++ b/buyer-api/src/main/java/cn/lili/controller/trade/WalletLogBuyerController.java @@ -1,13 +1,13 @@ package cn.lili.controller.trade; +import cn.lili.common.enums.ResultUtil; import cn.lili.common.security.AuthUser; import cn.lili.common.security.context.UserContext; -import cn.lili.mybatis.util.PageUtil; -import cn.lili.common.enums.ResultUtil; import cn.lili.common.vo.PageVO; import cn.lili.common.vo.ResultMessage; import cn.lili.modules.order.trade.entity.dos.WalletLog; import cn.lili.modules.order.trade.service.WalletLogService; +import cn.lili.mybatis.util.PageUtil; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.metadata.IPage; import io.swagger.annotations.Api; @@ -21,7 +21,7 @@ import org.springframework.web.bind.annotation.RestController; * 买家端,预存款变动日志记录接口 * * @author pikachu - * @since: 2020/11/16 10:07 下午 + * @since 2020/11/16 10:07 下午 */ @RestController @Api(tags = "买家端,预存款变动日志记录接口") diff --git a/consumer/src/main/java/cn/lili/event/impl/MemberExperienceExecute.java b/consumer/src/main/java/cn/lili/event/impl/MemberExperienceExecute.java index 62904412..d8f33e23 100644 --- a/consumer/src/main/java/cn/lili/event/impl/MemberExperienceExecute.java +++ b/consumer/src/main/java/cn/lili/event/impl/MemberExperienceExecute.java @@ -24,7 +24,7 @@ import org.springframework.beans.factory.annotation.Autowired; * 会员经验值 * * @author Bulbasaur - * @since: 2021/5/16 11:16 下午 + * @since 2021/5/16 11:16 下午 */ //@Service public class MemberExperienceExecute implements MemberRegisterEvent, GoodsCommentCompleteEvent, OrderStatusChangeEvent { diff --git a/consumer/src/main/java/cn/lili/event/impl/RegisteredCouponActivityExecute.java b/consumer/src/main/java/cn/lili/event/impl/RegisteredCouponActivityExecute.java index 1f7a55b0..a6b7d6cf 100644 --- a/consumer/src/main/java/cn/lili/event/impl/RegisteredCouponActivityExecute.java +++ b/consumer/src/main/java/cn/lili/event/impl/RegisteredCouponActivityExecute.java @@ -16,7 +16,7 @@ import java.util.List; * 注册赠券活动 * * @author Bulbasaur - * @since: 2021/5/24 10:48 上午 + * @since 2021/5/24 10:48 上午 */ @Component public class RegisteredCouponActivityExecute implements MemberRegisterEvent { diff --git a/consumer/src/main/java/cn/lili/event/impl/VerificationOrderExecute.java b/consumer/src/main/java/cn/lili/event/impl/VerificationOrderExecute.java index a5177012..008a2fc2 100644 --- a/consumer/src/main/java/cn/lili/event/impl/VerificationOrderExecute.java +++ b/consumer/src/main/java/cn/lili/event/impl/VerificationOrderExecute.java @@ -1,7 +1,6 @@ package cn.lili.event.impl; import cn.hutool.core.util.RandomUtil; -import cn.lili.common.utils.CommonUtil; import cn.lili.event.OrderStatusChangeEvent; import cn.lili.modules.order.order.entity.dos.Order; import cn.lili.modules.order.order.entity.dos.OrderItem; @@ -13,7 +12,6 @@ import cn.lili.modules.order.order.service.OrderItemService; import cn.lili.modules.order.order.service.OrderService; import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper; -import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -21,7 +19,7 @@ import org.springframework.stereotype.Component; * 虚拟商品 * * @author Bulbasaur - * @since: 2021/5/29 9:17 上午 + * @since 2021/5/29 9:17 上午 */ @Component public class VerificationOrderExecute implements OrderStatusChangeEvent { diff --git a/consumer/src/main/java/cn/lili/timetask/handler/impl/broadcast/BroadcastExecute.java b/consumer/src/main/java/cn/lili/timetask/handler/impl/broadcast/BroadcastExecute.java index 69043a2d..6be091e2 100644 --- a/consumer/src/main/java/cn/lili/timetask/handler/impl/broadcast/BroadcastExecute.java +++ b/consumer/src/main/java/cn/lili/timetask/handler/impl/broadcast/BroadcastExecute.java @@ -9,7 +9,7 @@ import org.springframework.stereotype.Component; * 小程序直播状态获取 * * @author Bulbasaur - * @since: 2021/5/20 2:52 下午 + * @since 2021/5/20 2:52 下午 */ @Component public class BroadcastExecute implements EveryHourExecute { diff --git a/consumer/src/main/java/cn/lili/timetask/handler/impl/coupon/CouponExecute.java b/consumer/src/main/java/cn/lili/timetask/handler/impl/coupon/CouponExecute.java index d1245fc5..5e82faba 100644 --- a/consumer/src/main/java/cn/lili/timetask/handler/impl/coupon/CouponExecute.java +++ b/consumer/src/main/java/cn/lili/timetask/handler/impl/coupon/CouponExecute.java @@ -12,7 +12,7 @@ import org.springframework.stereotype.Component; * 优惠券状态监测 * * @author Bulbasaur - * @since: 2021/5/24 10:08 上午 + * @since 2021/5/24 10:08 上午 */ @Component public class CouponExecute implements EveryDayExecute { diff --git a/consumer/src/main/java/cn/lili/trigger/executor/BroadcastTimeTriggerExecutor.java b/consumer/src/main/java/cn/lili/trigger/executor/BroadcastTimeTriggerExecutor.java index c7d74cf9..5c4203ff 100644 --- a/consumer/src/main/java/cn/lili/trigger/executor/BroadcastTimeTriggerExecutor.java +++ b/consumer/src/main/java/cn/lili/trigger/executor/BroadcastTimeTriggerExecutor.java @@ -1,10 +1,10 @@ package cn.lili.trigger.executor; import cn.hutool.json.JSONUtil; -import cn.lili.trigger.message.BroadcastMessage; -import cn.lili.trigger.model.TimeExecuteConstant; import cn.lili.modules.goods.service.StudioService; import cn.lili.trigger.TimeTriggerExecutor; +import cn.lili.trigger.message.BroadcastMessage; +import cn.lili.trigger.model.TimeExecuteConstant; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -13,7 +13,7 @@ import org.springframework.stereotype.Component; * 直播间事件触发 * * @author Bulbasaur - * @since: 2021/6/1 5:02 下午 + * @since 2021/6/1 5:02 下午 */ @Slf4j @Component(TimeExecuteConstant.BROADCAST_EXECUTOR) diff --git a/framework/src/main/java/cn/lili/common/enums/ResultCode.java b/framework/src/main/java/cn/lili/common/enums/ResultCode.java index 2a132b9c..c44fc68c 100644 --- a/framework/src/main/java/cn/lili/common/enums/ResultCode.java +++ b/framework/src/main/java/cn/lili/common/enums/ResultCode.java @@ -360,6 +360,7 @@ public enum ResultCode { STORE_NOT_OPEN(50004, "该会员未开通店铺"), STORE_NOT_LOGIN_ERROR(50005, "未登录店铺"), STORE_CLOSE_ERROR(50006, "店铺关闭,请联系管理员"), + FREIGHT_TEMPLATE_NOT_EXIST(50010, "当前模版不存在"), /** * 结算单 diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java index 3785c4e1..042bd765 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java +++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java @@ -2,10 +2,20 @@ package cn.lili.common.security.filter; import cn.hutool.http.HtmlUtil; +import cn.hutool.json.JSONUtil; +import javax.servlet.ReadListener; +import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequestWrapper; -import java.util.regex.Pattern; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.Map; /** * 防止Xss @@ -15,15 +25,10 @@ import java.util.regex.Pattern; * 2021-06-04 10:39 */ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { - private HttpServletRequest request; - - - public XssHttpServletRequestWrapper(HttpServletRequest request) { super(request); - this.request = request; } /** @@ -61,8 +66,8 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { @Override public Object getAttribute(String name) { Object value = super.getAttribute(name); - if (value != null && value instanceof String) { - cleanXSS((String) value); + if (value instanceof String) { + value = cleanXSS((String) value); } return value; } @@ -79,56 +84,104 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { return cleanXSS(value); } - /** - * 转义字符,使用该方法存在一定的弊端 - * - * @param value - * @return - */ - private String cleanXSS2(String value) { - //移除特殊标签 - value = value.replaceAll("<", "<").replaceAll(">", ">"); - value = value.replaceAll("\\(", "(").replaceAll("\\)", ")"); - value = value.replaceAll("'", "'"); - value = value.replaceAll("eval\\((.*)\\)", ""); - value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\""); - value = value.replaceAll("script", ""); - return value; + @Override + public Map getParameterMap() { + Map parameterMap = super.getParameterMap(); + //因为super.getParameterMap()返回的是Map,所以我们需要定义Map的实现类对数据进行封装 + Map params = new LinkedHashMap<>(); + //如果参数不为空 + if (parameterMap != null) { + //对map进行遍历 + for (Map.Entry entry : parameterMap.entrySet()) { + //根据key获取value + String[] values = entry.getValue(); + //遍历数组 + for (int i = 0; i < values.length; i++) { + String value = values[i]; + value = cleanXSS(value); + //将转义后的数据放回数组中 + values[i] = value; + } + //将转义后的数组put到linkMap当中 + params.put(entry.getKey(), values); + } + } + return params; } + /** + * 获取输入流 + * + * @return + * @throws IOException + */ + @Override + public ServletInputStream getInputStream() throws IOException { + //获取输入流 + ServletInputStream in = super.getInputStream(); + //用于存储输入流 + StringBuffer body = new StringBuffer(); + InputStreamReader reader = new InputStreamReader(in, StandardCharsets.UTF_8); + BufferedReader bufferedReader = new BufferedReader(reader); + //按行读取输入流 + String line = bufferedReader.readLine(); + while (line != null) { + //将获取到的第一行数据append到StringBuffer中 + body.append(line); + //继续读取下一行流,直到line为空 + line = bufferedReader.readLine(); + } + //关闭流 + bufferedReader.close(); + reader.close(); + in.close(); - private static final Pattern SCRIPT_PATTERN1 = Pattern.compile("", Pattern.CASE_INSENSITIVE); - private static final Pattern SCRIPT_PATTERN2 = Pattern.compile("", Pattern.CASE_INSENSITIVE); - private static final Pattern SCRIPT_PATTERN3 = Pattern.compile("", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); - private static final Pattern SCRIPT_PATTERN4 = Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE); - private static final Pattern SRC_PATTERN = Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); - private static final Pattern EVAL_PATTERN = Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); - private static final Pattern E_­_XPRESSION_PATTERN = Pattern.compile("e­xpression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); - private static final Pattern VB_SCRIPT_PATTERN = Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE); - private static final Pattern ONLOAD_PATTERN = Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL); + //将body转换为map + Map map = JSONUtil.parseObj(body.toString()); + //创建空的map用于存储结果 + Map resultMap = new HashMap<>(map.size()); + //遍历数组 + for (Map.Entry entry : map.entrySet()) { + //如果map.get(key)获取到的是字符串就需要进行转义,如果不是直接存储resultMap + if (map.get(entry.getKey()) instanceof String) { + resultMap.put(entry.getKey(), cleanXSS(entry.getValue().toString())); + } else { + resultMap.put(entry.getKey(), entry.getValue()); + } + } + + //将resultMap转换为json字符串 + String resultStr = JSONUtil.toJsonStr(resultMap); + //将json字符串转换为字节 + final ByteArrayInputStream bis = new ByteArrayInputStream(resultStr.getBytes()); + + //实现接口 + return new ServletInputStream() { + @Override + public boolean isFinished() { + return false; + } + + @Override + public boolean isReady() { + return false; + } + + @Override + public void setReadListener(ReadListener readListener) { + + } + + @Override + public int read() { + return bis.read(); + } + }; + } private String cleanXSS(String value) { if (value != null) { -// //推荐使用ESAPI库来避免脚本攻击,value = ESAPI.encoder().canonicalize(value); -// //避免script 标签 -// value = SCRIPT_PATTERN1.matcher(value).replaceAll(""); -// //删除单个的 标签 -// value = SCRIPT_PATTERN2.matcher(value).replaceAll(""); -// //删除单个的