修复安全漏洞。优化代码
This commit is contained in:
paulGao
@@ -1,8 +1,8 @@
|
||||
package cn.lili.controller.member;
|
||||
|
||||
import cn.lili.common.enums.ResultCode;
|
||||
import cn.lili.common.security.context.UserContext;
|
||||
import cn.lili.common.enums.ResultUtil;
|
||||
import cn.lili.common.security.AuthUser;
|
||||
import cn.lili.common.security.context.UserContext;
|
||||
import cn.lili.common.vo.PageVO;
|
||||
import cn.lili.common.vo.ResultMessage;
|
||||
import cn.lili.modules.promotion.entity.dos.MemberCoupon;
|
||||
@@ -10,6 +10,7 @@ import cn.lili.modules.promotion.entity.vos.CouponSearchParams;
|
||||
import cn.lili.modules.promotion.entity.vos.CouponVO;
|
||||
import cn.lili.modules.promotion.service.CouponService;
|
||||
import cn.lili.modules.promotion.service.MemberCouponService;
|
||||
import cn.lili.modules.system.utils.OperationalJudgment;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
@@ -22,6 +23,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* 买家端,买家优惠券接口
|
||||
@@ -56,14 +58,16 @@ public class CouponBuyerController {
|
||||
@ApiOperation(value = "获取当前会员的优惠券列表")
|
||||
@GetMapping("/getCoupons")
|
||||
public ResultMessage<IPage<MemberCoupon>> getCoupons(CouponSearchParams param, PageVO pageVo) {
|
||||
param.setMemberId(UserContext.getCurrentUser().getId());
|
||||
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||
param.setMemberId(currentUser.getId());
|
||||
return ResultUtil.data(memberCouponService.getMemberCoupons(param, pageVo));
|
||||
}
|
||||
|
||||
@ApiOperation(value = "获取当前会员的对于当前商品可使用的优惠券列表")
|
||||
@GetMapping("/canUse")
|
||||
public ResultMessage<IPage<MemberCoupon>> getCouponsByCanUse(CouponSearchParams param, Double totalPrice, PageVO pageVo) {
|
||||
param.setMemberId(UserContext.getCurrentUser().getId());
|
||||
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||
param.setMemberId(currentUser.getId());
|
||||
return ResultUtil.data(memberCouponService.getMemberCouponsByCanUse(param, totalPrice, pageVo));
|
||||
}
|
||||
|
||||
@@ -79,8 +83,9 @@ public class CouponBuyerController {
|
||||
})
|
||||
@GetMapping("/receive/{couponId}")
|
||||
public ResultMessage<Object> receiveCoupon(@NotNull(message = "优惠券ID不能为空") @PathVariable("couponId") String couponId) {
|
||||
memberCouponService.checkCouponLimit(couponId, UserContext.getCurrentUser().getId());
|
||||
memberCouponService.receiveCoupon(couponId, UserContext.getCurrentUser().getId(), UserContext.getCurrentUser().getNickName());
|
||||
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||
memberCouponService.checkCouponLimit(couponId, currentUser.getId());
|
||||
memberCouponService.receiveCoupon(couponId, currentUser.getId(), currentUser.getNickName());
|
||||
return ResultUtil.success();
|
||||
}
|
||||
|
||||
@@ -90,7 +95,7 @@ public class CouponBuyerController {
|
||||
})
|
||||
@GetMapping(value = "/get/{id}")
|
||||
public ResultMessage<MemberCoupon> get(@NotNull(message = "优惠券ID不能为空") @PathVariable("id") String id) {
|
||||
MemberCoupon memberCoupon = memberCouponService.getById(id);
|
||||
MemberCoupon memberCoupon = OperationalJudgment.judgment(memberCouponService.getById(id));
|
||||
return ResultUtil.data(memberCoupon);
|
||||
}
|
||||
|
||||
|
||||
@@ -6,6 +6,7 @@ import cn.lili.common.vo.PageVO;
|
||||
import cn.lili.common.vo.ResultMessage;
|
||||
import cn.lili.modules.member.entity.dos.MemberAddress;
|
||||
import cn.lili.modules.promotion.service.MemberAddressService;
|
||||
import cn.lili.modules.system.utils.OperationalJudgment;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
@@ -14,6 +15,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.validation.Valid;
|
||||
import java.util.Objects;
|
||||
|
||||
|
||||
/**
|
||||
@@ -56,7 +58,7 @@ public class MemberAddressBuyerController {
|
||||
@PostMapping
|
||||
public ResultMessage<MemberAddress> addShippingAddress(@Valid MemberAddress shippingAddress) {
|
||||
//添加会员地址
|
||||
shippingAddress.setMemberId(UserContext.getCurrentUser().getId());
|
||||
shippingAddress.setMemberId(Objects.requireNonNull(UserContext.getCurrentUser()).getId());
|
||||
if(shippingAddress.getIsDefault()==null){
|
||||
shippingAddress.setIsDefault(false);
|
||||
}
|
||||
@@ -73,6 +75,7 @@ public class MemberAddressBuyerController {
|
||||
@ApiImplicitParam(name = "id", value = "会员地址ID", dataType = "String", paramType = "path")
|
||||
@DeleteMapping(value = "/delById/{id}")
|
||||
public ResultMessage<Object> delShippingAddressById(@PathVariable String id) {
|
||||
OperationalJudgment.judgment(memberAddressService.getById(id));
|
||||
memberAddressService.removeMemberAddress(id);
|
||||
return ResultUtil.success();
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package cn.lili.controller.passport;
|
||||
|
||||
import cn.lili.common.enums.ResultUtil;
|
||||
import cn.lili.common.security.enums.UserEnums;
|
||||
import cn.lili.common.vo.ResultMessage;
|
||||
import cn.lili.modules.member.entity.dos.Member;
|
||||
import cn.lili.modules.member.entity.dto.MemberEditDTO;
|
||||
@@ -49,6 +50,13 @@ public class MemberBuyerController {
|
||||
return ResultUtil.data(this.memberService.usernameLogin(username, password));
|
||||
}
|
||||
|
||||
@ApiOperation(value = "注销接口")
|
||||
@PostMapping("/logout")
|
||||
public ResultMessage<Object> logout() {
|
||||
this.memberService.logout(UserEnums.MEMBER);
|
||||
return ResultUtil.success();
|
||||
}
|
||||
|
||||
@ApiOperation(value = "短信登录接口")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = "mobile", value = "手机号", required = true, paramType = "query"),
|
||||
|
||||
@@ -13,6 +13,7 @@ import cn.lili.modules.order.order.service.AfterSaleReasonService;
|
||||
import cn.lili.modules.order.order.service.AfterSaleService;
|
||||
import cn.lili.modules.order.trade.entity.dos.AfterSaleLog;
|
||||
import cn.lili.modules.store.entity.dto.StoreAfterSaleAddressDTO;
|
||||
import cn.lili.modules.system.utils.OperationalJudgment;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
@@ -57,7 +58,8 @@ public class AfterSaleBuyerController {
|
||||
@ApiImplicitParam(name = "sn", value = "售后单号", required = true, paramType = "path")
|
||||
@GetMapping(value = "/get/{sn}")
|
||||
public ResultMessage<AfterSaleVO> get(@NotNull(message = "售后单号") @PathVariable("sn") String sn) {
|
||||
return ResultUtil.data(afterSaleService.getAfterSale(sn));
|
||||
AfterSaleVO afterSale = OperationalJudgment.judgment(afterSaleService.getAfterSale(sn));
|
||||
return ResultUtil.data(afterSale);
|
||||
}
|
||||
|
||||
@ApiOperation(value = "分页获取售后服务")
|
||||
@@ -72,7 +74,8 @@ public class AfterSaleBuyerController {
|
||||
})
|
||||
@GetMapping(value = "/applyAfterSaleInfo/{sn}")
|
||||
public ResultMessage<AfterSaleApplyVO> applyAfterSaleInfo(@PathVariable String sn) {
|
||||
return ResultUtil.data(afterSaleService.getAfterSaleVO(sn));
|
||||
AfterSaleApplyVO afterSaleApplyVO = OperationalJudgment.judgment(afterSaleService.getAfterSaleVO(sn));
|
||||
return ResultUtil.data(afterSaleApplyVO);
|
||||
}
|
||||
|
||||
@PostMapping(value = "/save/{orderItemSn}")
|
||||
@@ -95,7 +98,7 @@ public class AfterSaleBuyerController {
|
||||
public ResultMessage<AfterSale> delivery(@NotNull(message = "售后编号不能为空") @PathVariable("afterSaleSn") String afterSaleSn,
|
||||
@NotNull(message = "发货单号不能为空") @RequestParam String logisticsNo,
|
||||
@NotNull(message = "请选择物流公司") @RequestParam String logisticsId,
|
||||
@NotNull(message = "请选择发货时间") @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date mDeliverTime) {
|
||||
@NotNull(message = "请选择发货时间") @RequestParam @DateTimeFormat(pattern = "yyyy-MM-dd") Date mDeliverTime) {
|
||||
return ResultUtil.data(afterSaleService.buyerDelivery(afterSaleSn, logisticsNo, logisticsId, mDeliverTime));
|
||||
}
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
package cn.lili.controller.trade;
|
||||
|
||||
import cn.lili.common.enums.ResultCode;
|
||||
import cn.lili.common.enums.ResultUtil;
|
||||
import cn.lili.common.exception.ServiceException;
|
||||
import cn.lili.common.security.AuthUser;
|
||||
import cn.lili.common.security.context.UserContext;
|
||||
import cn.lili.common.enums.ResultUtil;
|
||||
import cn.lili.common.vo.ResultMessage;
|
||||
import cn.lili.modules.order.order.entity.dos.Order;
|
||||
import cn.lili.modules.order.order.entity.dto.OrderSearchParams;
|
||||
@@ -12,6 +12,7 @@ import cn.lili.modules.order.order.entity.enums.OrderStatusEnum;
|
||||
import cn.lili.modules.order.order.entity.vo.OrderDetailVO;
|
||||
import cn.lili.modules.order.order.entity.vo.OrderSimpleVO;
|
||||
import cn.lili.modules.order.order.service.OrderService;
|
||||
import cn.lili.modules.system.utils.OperationalJudgment;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
@@ -23,6 +24,7 @@ import springfox.documentation.annotations.ApiIgnore;
|
||||
|
||||
import javax.validation.constraints.NotBlank;
|
||||
import javax.validation.constraints.NotNull;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* 买家端,订单接口
|
||||
@@ -44,7 +46,7 @@ public class OrderBuyerController {
|
||||
@ApiOperation(value = "查询会员订单列表")
|
||||
@GetMapping
|
||||
public ResultMessage<IPage<OrderSimpleVO>> queryMineOrder(OrderSearchParams orderSearchParams) {
|
||||
AuthUser currentUser = UserContext.getCurrentUser();
|
||||
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||
orderSearchParams.setMemberId(currentUser.getId());
|
||||
return ResultUtil.data(orderService.queryByParams(orderSearchParams));
|
||||
}
|
||||
@@ -55,7 +57,9 @@ public class OrderBuyerController {
|
||||
})
|
||||
@GetMapping(value = "/{orderSn}")
|
||||
public ResultMessage<OrderDetailVO> detail(@NotNull(message = "订单编号不能为空") @PathVariable("orderSn") String orderSn) {
|
||||
return ResultUtil.data(orderService.queryDetail(orderSn));
|
||||
OrderDetailVO orderDetailVO = orderService.queryDetail(orderSn);
|
||||
OperationalJudgment.judgment(orderDetailVO.getOrder());
|
||||
return ResultUtil.data(orderDetailVO);
|
||||
}
|
||||
|
||||
@ApiOperation(value = "确认收货")
|
||||
@@ -93,6 +97,7 @@ public class OrderBuyerController {
|
||||
})
|
||||
@DeleteMapping(value = "/{orderSn}")
|
||||
public ResultMessage<Object> deleteOrder(@PathVariable String orderSn) {
|
||||
OperationalJudgment.judgment(orderService.getBySn(orderSn));
|
||||
orderService.deleteOrder(orderSn);
|
||||
return ResultUtil.success();
|
||||
}
|
||||
@@ -103,6 +108,7 @@ public class OrderBuyerController {
|
||||
})
|
||||
@PostMapping(value = "/getTraces/{orderSn}")
|
||||
public ResultMessage<Object> getTraces(@NotBlank(message = "订单编号不能为空") @PathVariable String orderSn) {
|
||||
OperationalJudgment.judgment(orderService.getBySn(orderSn));
|
||||
return ResultUtil.data(orderService.getTraces(orderSn));
|
||||
}
|
||||
|
||||
@@ -113,6 +119,7 @@ public class OrderBuyerController {
|
||||
})
|
||||
@PostMapping(value = "/receipt/{orderSn}")
|
||||
public ResultMessage<Object> invoice(@NotBlank(message = "订单编号不能为空") @PathVariable String orderSn) {
|
||||
OperationalJudgment.judgment(orderService.getBySn(orderSn));
|
||||
return ResultUtil.data(orderService.invoice(orderSn));
|
||||
}
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ import cn.lili.modules.order.order.entity.vo.OrderComplaintSearchParams;
|
||||
import cn.lili.modules.order.order.entity.vo.OrderComplaintVO;
|
||||
import cn.lili.modules.order.order.service.OrderComplaintCommunicationService;
|
||||
import cn.lili.modules.order.order.service.OrderComplaintService;
|
||||
import cn.lili.modules.system.utils.OperationalJudgment;
|
||||
import com.baomidou.mybatisplus.core.metadata.IPage;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiImplicitParam;
|
||||
@@ -22,6 +23,7 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.validation.Valid;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* 买家端,交易投诉接口
|
||||
@@ -51,13 +53,15 @@ public class OrderComplaintBuyerController {
|
||||
@ApiImplicitParam(name = "id", value = "投诉单ID", required = true, paramType = "path")
|
||||
@GetMapping(value = "/{id}")
|
||||
public ResultMessage<OrderComplaintVO> get(@PathVariable String id) {
|
||||
return ResultUtil.data(orderComplaintService.getOrderComplainById(id));
|
||||
OrderComplaintVO orderComplaintVO = OperationalJudgment.judgment(orderComplaintService.getOrderComplainById(id));
|
||||
return ResultUtil.data(orderComplaintVO);
|
||||
}
|
||||
|
||||
@ApiOperation(value = "分页获取")
|
||||
@GetMapping
|
||||
public ResultMessage<IPage<OrderComplaint>> get(OrderComplaintSearchParams searchParams, PageVO pageVO) {
|
||||
searchParams.setMemberId(UserContext.getCurrentUser().getId());
|
||||
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||
searchParams.setMemberId(currentUser.getId());
|
||||
return ResultUtil.data(orderComplaintService.getOrderComplainByPage(searchParams, pageVO));
|
||||
|
||||
}
|
||||
@@ -75,7 +79,7 @@ public class OrderComplaintBuyerController {
|
||||
})
|
||||
@PostMapping("/communication")
|
||||
public ResultMessage<OrderComplaintCommunicationVO> addCommunication(@RequestParam String complainId, @RequestParam String content) {
|
||||
AuthUser currentUser = UserContext.getCurrentUser();
|
||||
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
|
||||
OrderComplaintCommunicationVO communicationVO = new OrderComplaintCommunicationVO(complainId, content, CommunicationOwnerEnum.BUYER.name(), currentUser.getId(), currentUser.getNickName());
|
||||
orderComplaintCommunicationService.addCommunication(communicationVO);
|
||||
return ResultUtil.data(communicationVO);
|
||||
|
||||
Reference in New Issue
Block a user