code-image-backup-public/lilishop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复安全漏洞。优化代码

Browse Source
This commit is contained in:
paulGao
2021-11-11 18:15:21 +08:00
parent 9fd75c65e1
commit 6f13218564
34 changed files with 351 additions and 126 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
framework/pom.xml
View File

@@ -302,6 +302,13 @@
<artifactId>commons-text</artifactId>
<version>${commons-text}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.googlecode.owasp-java-html-sanitizer/owasp-java-html-sanitizer -->
<dependency>
<groupId>com.googlecode.owasp-java-html-sanitizer</groupId>
<artifactId>owasp-java-html-sanitizer</artifactId>
<version>${owasp-java-html-sanitizer}</version>
</dependency>
</dependencies>

2
framework/src/main/java/cn/lili/common/enums/ResultCode.java
View File

@@ -37,6 +37,7 @@ public enum ResultCode {
LIMIT_ERROR(1003, "访问过于频繁,请稍后再试"),
ILLEGAL_REQUEST_ERROR(1004, "非法请求,请重新刷新页面操作"),
IMAGE_FILE_EXT_ERROR(1005, "不支持图片格式"),
FILE_TYPE_NOT_SUPPORT(1010, "不支持上传的文件类型!"),
PLATFORM_NOT_SUPPORTED_IM(1006, "平台未开启IM"),
STORE_NOT_SUPPORTED_IM(1007, "店铺未开启IM"),
/**
@@ -155,6 +156,7 @@ public enum ResultCode {
* 购物车
*/
CART_ERROR(30001, "读取结算页的购物车异常"),
CART_NUM_ERROR(30010, "购买数量必须大于0"),
CART_PINTUAN_NOT_EXIST_ERROR(30002, "拼团活动已关闭,请稍后重试"),
CART_PINTUAN_LIMIT_ERROR(30003, "购买数量超过拼团活动限制数量"),
SHIPPING_NOT_APPLY(30005, "购物商品不支持当前收货地址配送"),

10
framework/src/main/java/cn/lili/common/security/context/UserContext.java
View File

@@ -47,7 +47,7 @@ public class UserContext {
*/
public static AuthUser getAuthUser(Cache cache, String accessToken) {
try {
if (cache.keys("*" + accessToken).size() == 0) {
if (cache.keys("*" + accessToken).isEmpty()) {
throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR);
}
return getAuthUser(accessToken);
@@ -56,6 +56,14 @@ public class UserContext {
}
}
public static String getCurrentUserToken() {
if (RequestContextHolder.getRequestAttributes() != null) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
return request.getHeader(SecurityEnum.HEADER_TOKEN.getValue());
}
return null;
}
/**
* 根据jwt获取token重的用户信息
*

55
framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java
View File

@@ -4,6 +4,7 @@ package cn.lili.common.security.filter;
import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.http.HtmlUtil;
import cn.hutool.json.JSONUtil;
import org.owasp.html.Sanitizers;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
@@ -28,6 +29,7 @@ import java.util.Map;
*/
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
private static final String[] ignoreField = {"logo", "url", "photo", "intro", "content", "name"};
public XssHttpServletRequestWrapper(HttpServletRequest request) {
super(request);
@@ -42,13 +44,10 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
if (values == null) {
return new String[0];
}
if (ignoreXss(name)) {
return values;
}
int count = values.length;
String[] encodedValues = new String[count];
for (int i = 0; i < count; i++) {
encodedValues[i] = cleanXSS(values[i]);
encodedValues[i] = filterXss(name, values[i]);
}
return encodedValues;
}
@@ -62,7 +61,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
if (value == null) {
return null;
}
return ignoreXss(name) ? value : cleanXSS(value);
return filterXss(name, value);
}
/**
@@ -71,11 +70,8 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
@Override
public Object getAttribute(String name) {
Object value = super.getAttribute(name);
if (ignoreXss(name)) {
return value;
}
if (value instanceof String) {
value = cleanXSS((String) value);
value = filterXss(name, (String) value);
}
return value;
}
@@ -89,7 +85,7 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
if (value == null) {
return null;
}
return ignoreXss(name) ? value : cleanXSS(value);
return filterXss(name, value);
}
@Override
@@ -103,15 +99,14 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
//根据key获取value
String[] values = entry.getValue();
if (!ignoreXss(entry.getKey())) {
//遍历数组
for (int i = 0; i < values.length; i++) {
String value = values[i];
value = cleanXSS(value);
//将转义后的数据放回数组中
values[i] = value;
}
//遍历数组
for (int i = 0; i < values.length; i++) {
String value = values[i];
value = filterXss(entry.getKey(), value);
//将转义后的数据放回数组中
values[i] = value;
}
//将转义后的数组put到linkMap当中
params.put(entry.getKey(), values);
}
@@ -153,9 +148,9 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
Map<String, Object> resultMap = new HashMap<>(map.size());
//遍历数组
for (Map.Entry<String, Object> entry : map.entrySet()) {
//如果map.get(key)获取到的是字符串就需要进行转义如果不是直接存储resultMap
if (map.get(entry.getKey()) instanceof String && !ignoreXss(entry.getKey())) {
resultMap.put(entry.getKey(), cleanXSS(entry.getValue().toString()));
//如果map.get(key)获取到的是字符串就需要进行处理如果不是直接存储resultMap
if (map.get(entry.getKey()) instanceof String) {
resultMap.put(entry.getKey(), filterXss(entry.getKey(), entry.getValue().toString()));
} else {
resultMap.put(entry.getKey(), entry.getValue());
}
@@ -219,13 +214,25 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
private String cleanXSS(String value) {
if (value != null) {
value = HtmlUtil.escape(value);
value = Sanitizers.FORMATTING.and(Sanitizers.LINKS).sanitize(value);
}
return value;
}
private boolean ignoreXss(String name) {
return CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), "logo", "url", "photo", "intro");
/**
* 过滤xss
*
* @param name 参数名
* @param value 参数值
* @return 参数值
*/
private String filterXss(String name, String value) {
if (CharSequenceUtil.containsAny(name.toLowerCase(Locale.ROOT), ignoreField)) {
// 忽略的处理,(过滤敏感字符)
return HtmlUtil.filter(value);
} else {
return cleanXSS(value);
}
}
}

8
framework/src/main/java/cn/lili/common/security/sensitive/enums/SensitiveStrategy.java
View File

@@ -24,6 +24,14 @@ public enum SensitiveStrategy {
* Phone sensitive type.
*/
PHONE(s -> s.replaceAll("(\\d{3})\\d{4}(\\d{4})", "$1****$2")),
/**
* Email sensitive type.
*/
EMAIL(s -> s.replaceAll("(^\\w)[^@]*(@.*$)", "$1****$2")),
/**
* Name sensitive type.
*/
NAME(s -> s.replaceAll("^(.{3}).+(.{3})$", "$1*****$2")),
/**
* Address sensitive type.
*/

88
framework/src/main/java/cn/lili/modules/member/entity/vo/MemberVO.java Normal file
View File

@@ -0,0 +1,88 @@
package cn.lili.modules.member.entity.vo;
import cn.lili.common.enums.ClientTypeEnum;
import cn.lili.common.security.sensitive.Sensitive;
import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
import com.fasterxml.jackson.annotation.JsonFormat;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import org.springframework.format.annotation.DateTimeFormat;
import java.io.Serializable;
import java.util.Date;
/**
* @author paulG
* @since 2021/11/8
**/
@Data
public class MemberVO implements Serializable {
private static final long serialVersionUID = 1810890757303309436L;
@ApiModelProperty(value = "唯一标识", hidden = true)
private String id;
@ApiModelProperty(value = "会员用户名")
private String username;
@ApiModelProperty(value = "昵称")
private String nickName;
@ApiModelProperty(value = "会员性别,1为男0为女")
private Integer sex;
@JsonFormat(pattern = "yyyy-MM-dd", timezone = "GMT+8")
@DateTimeFormat(pattern = "yyyy-MM-dd")
@ApiModelProperty(value = "会员生日")
private Date birthday;
@ApiModelProperty(value = "会员地址ID")
private String regionId;
@ApiModelProperty(value = "会员地址")
private String region;
@ApiModelProperty(value = "手机号码", required = true)
@Sensitive(strategy = SensitiveStrategy.PHONE)
private String mobile;
@ApiModelProperty(value = "积分数量")
private Long point;
@ApiModelProperty(value = "积分总数量")
private Long totalPoint;
@ApiModelProperty(value = "会员头像")
private String face;
@ApiModelProperty(value = "会员状态")
private Boolean disabled;
@ApiModelProperty(value = "是否开通店铺")
private Boolean haveStore;
@ApiModelProperty(value = "店铺ID")
private String storeId;
@ApiModelProperty(value = "openId")
private String openId;
/**
* @see ClientTypeEnum
*/
@ApiModelProperty(value = "客户端")
private String clientEnum;
@JsonFormat(timezone = "GMT+8", pattern = "yyyy-MM-dd HH:mm:ss")
@ApiModelProperty(value = "最后一次登录时间")
private Date lastLoginDate;
@ApiModelProperty(value = "会员等级ID")
private String gradeId;
@ApiModelProperty(value = "经验值数量")
private Long experience;
}

8
framework/src/main/java/cn/lili/modules/member/mapper/MemberMapper.java
View File

@@ -3,7 +3,12 @@ package cn.lili.modules.member.mapper;
import cn.lili.modules.member.entity.dos.Member;
import cn.lili.modules.member.entity.vo.MemberDistributionVO;
import cn.lili.modules.member.entity.vo.MemberVO;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.mapper.BaseMapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Constants;
import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import java.util.List;
@@ -29,4 +34,7 @@ public interface MemberMapper extends BaseMapper<Member> {
*/
@Select("select client_enum,count(0) as num from li_member group by client_enum")
List<MemberDistributionVO> distribution();
@Select("select * from li_member ${ew.customSqlSegment}")
IPage<MemberVO> pageByMemberVO(IPage<MemberVO> page, @Param(Constants.WRAPPER) Wrapper<Member> queryWrapper);
}

11
framework/src/main/java/cn/lili/modules/member/service/MemberService.java
View File

@@ -1,6 +1,7 @@
package cn.lili.modules.member.service;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.security.token.Token;
import cn.lili.common.vo.PageVO;
import cn.lili.modules.connect.entity.dto.ConnectAuthUser;
@@ -10,6 +11,7 @@ import cn.lili.modules.member.entity.dto.MemberAddDTO;
import cn.lili.modules.member.entity.dto.MemberEditDTO;
import cn.lili.modules.member.entity.vo.MemberDistributionVO;
import cn.lili.modules.member.entity.vo.MemberSearchVO;
import cn.lili.modules.member.entity.vo.MemberVO;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.service.IService;
@@ -141,7 +143,7 @@ public interface MemberService extends IService<Member> {
* @param page 分页
* @return 会员分页
*/
IPage<Member> getMemberPage(MemberSearchVO memberSearchVO, PageVO page);
IPage<MemberVO> getMemberPage(MemberSearchVO memberSearchVO, PageVO page);
/**
* 一键注册会员
@@ -209,4 +211,11 @@ public interface MemberService extends IService<Member> {
* @return 会员总数
*/
Integer getMemberNum(MemberSearchVO memberSearchVO);
/**
* 登出
*
* @param userEnums token角色类型
*/
void logout(UserEnums userEnums);
}

18
framework/src/main/java/cn/lili/modules/member/serviceimpl/MemberServiceImpl.java
View File

@@ -2,6 +2,7 @@ package cn.lili.modules.member.serviceimpl;
import cn.hutool.core.convert.Convert;
import cn.hutool.core.text.CharSequenceUtil;
import cn.lili.cache.Cache;
import cn.lili.cache.CachePrefix;
import cn.lili.common.context.ThreadContextHolder;
@@ -11,6 +12,7 @@ import cn.lili.common.exception.ServiceException;
import cn.lili.common.properties.RocketmqCustomProperties;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.security.token.Token;
import cn.lili.common.utils.BeanUtil;
import cn.lili.common.utils.CookieUtil;
@@ -30,6 +32,7 @@ import cn.lili.modules.member.entity.dto.MemberPointMessage;
import cn.lili.modules.member.entity.enums.PointTypeEnum;
import cn.lili.modules.member.entity.vo.MemberDistributionVO;
import cn.lili.modules.member.entity.vo.MemberSearchVO;
import cn.lili.modules.member.entity.vo.MemberVO;
import cn.lili.modules.member.mapper.MemberMapper;
import cn.lili.modules.member.service.MemberService;
import cn.lili.modules.member.token.MemberTokenGenerate;
@@ -363,7 +366,7 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
}
@Override
public IPage<Member> getMemberPage(MemberSearchVO memberSearchVO, PageVO page) {
public IPage<MemberVO> getMemberPage(MemberSearchVO memberSearchVO, PageVO page) {
QueryWrapper<Member> queryWrapper = Wrappers.query();
//用户名查询
queryWrapper.like(StringUtils.isNotBlank(memberSearchVO.getUsername()), "username", memberSearchVO.getUsername());
@@ -375,7 +378,7 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
queryWrapper.eq(StringUtils.isNotBlank(memberSearchVO.getDisabled()), "disabled",
memberSearchVO.getDisabled().equals(SwitchEnum.OPEN.name()) ? 1 : 0);
queryWrapper.orderByDesc("create_time");
return this.page(PageUtil.initPage(page), queryWrapper);
return this.baseMapper.pageByMemberVO(PageUtil.initPage(page), queryWrapper);
}
@Override
@@ -573,6 +576,17 @@ public class MemberServiceImpl extends ServiceImpl<MemberMapper, Member> impleme
return this.count(queryWrapper);
}
/**
* 登出
*/
@Override
public void logout(UserEnums userEnums) {
String currentUserToken = UserContext.getCurrentUserToken();
if (CharSequenceUtil.isNotEmpty(currentUserToken)) {
cache.remove(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + currentUserToken);
}
}
/**
* 检测会员
*

9
framework/src/main/java/cn/lili/modules/order/cart/service/CartServiceImpl.java
View File

@@ -117,6 +117,9 @@ public class CartServiceImpl implements CartService {
@Override
public void add(String skuId, Integer num, String cartType, Boolean cover) {
if (num <= 0) {
throw new ServiceException(ResultCode.CART_NUM_ERROR);
}
CartTypeEnum cartTypeEnum = getCartType(cartType);
GoodsSku dataSku = checkGoods(skuId);
try {
@@ -491,6 +494,7 @@ public class CartServiceImpl implements CartService {
@Override
public void selectCoupon(String couponId, String way, boolean use) {
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
//获取购物车,然后重新写入优惠券
CartTypeEnum cartTypeEnum = getCartType(way);
TradeDTO tradeDTO = this.readDTO(cartTypeEnum);
@@ -499,6 +503,7 @@ public class CartServiceImpl implements CartService {
memberCouponService.getOne(
new LambdaQueryWrapper<MemberCoupon>()
.eq(MemberCoupon::getMemberCouponStatus, MemberCouponStatusEnum.NEW.name())
.eq(MemberCoupon::getMemberId, currentUser.getId())
.eq(MemberCoupon::getId, couponId));
if (memberCoupon == null) {
throw new ServiceException(ResultCode.COUPON_EXPIRED);
@@ -506,7 +511,7 @@ public class CartServiceImpl implements CartService {
//使用优惠券 与否
if (use) {
this.useCoupon(tradeDTO, memberCoupon, cartTypeEnum);
} else if (!use) {
} else {
if (Boolean.TRUE.equals(memberCoupon.getIsPlatform())) {
tradeDTO.setPlatformCoupon(null);
} else {
@@ -678,7 +683,7 @@ public class CartServiceImpl implements CartService {
//拼团活动,需要对限购数量进行判定
//获取拼团信息
List<PromotionGoods> currentPromotion = cartSkuVO.getPromotions().stream().filter(
promotionGoods -> (promotionGoods.getPromotionType().equals(PromotionTypeEnum.PINTUAN.name())))
promotionGoods -> (promotionGoods.getPromotionType().equals(PromotionTypeEnum.PINTUAN.name())))
.collect(Collectors.toList());
//拼团活动判定
if (!currentPromotion.isEmpty()) {

4
framework/src/main/java/cn/lili/modules/order/order/entity/dos/Order.java
View File

@@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonFormat;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.NoArgsConstructor;
import org.springframework.format.annotation.DateTimeFormat;
@@ -33,6 +34,7 @@ import java.util.Optional;
* @author Chopper
* @since 2020/11/17 7:30 下午
*/
@EqualsAndHashCode(callSuper = true)
@Data
@TableName("li_order")
@ApiModel(value = "订单")
@@ -88,6 +90,7 @@ public class Order extends BaseEntity {
private Date paymentTime;
@ApiModelProperty(value = "收件人姓名")
@Sensitive(strategy = SensitiveStrategy.USERNAME)
private String consigneeName;
@ApiModelProperty(value = "收件人手机")
@@ -107,6 +110,7 @@ public class Order extends BaseEntity {
private String consigneeAddressIdPath;
@ApiModelProperty(value = "详细地址")
@Sensitive(strategy = SensitiveStrategy.ADDRESS)
private String consigneeDetail;
@ApiModelProperty(value = "总价格")

9
framework/src/main/java/cn/lili/modules/order/order/entity/dos/OrderComplaint.java
View File

@@ -1,12 +1,15 @@
package cn.lili.modules.order.order.entity.dos;
import cn.lili.mybatis.BaseEntity;
import cn.lili.common.security.sensitive.Sensitive;
import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
import cn.lili.modules.order.order.entity.enums.ComplaintStatusEnum;
import cn.lili.mybatis.BaseEntity;
import com.baomidou.mybatisplus.annotation.TableName;
import com.fasterxml.jackson.annotation.JsonFormat;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;
import java.util.Date;
@@ -16,6 +19,7 @@ import java.util.Date;
* @author paulG
* @since 2020/12/4
**/
@EqualsAndHashCode(callSuper = true)
@Data
@TableName("li_order_complaint")
@ApiModel(value = "订单交易投诉")
@@ -96,12 +100,15 @@ public class OrderComplaint extends BaseEntity {
private String memberName;
@ApiModelProperty(value = "收货人")
@Sensitive(strategy = SensitiveStrategy.USERNAME)
private String consigneeName;
@ApiModelProperty(value = "收货地址")
@Sensitive(strategy = SensitiveStrategy.ADDRESS)
private String consigneeAddressPath;
@ApiModelProperty(value = "收货人手机")
@Sensitive(strategy = SensitiveStrategy.PHONE)
private String consigneeMobile;
@ApiModelProperty(value = "仲裁结果")

4
framework/src/main/java/cn/lili/modules/order/order/serviceimpl/AfterSaleServiceImpl.java
View File

@@ -32,8 +32,8 @@ import cn.lili.modules.order.order.service.OrderService;
import cn.lili.modules.order.trade.entity.enums.AfterSaleRefundWayEnum;
import cn.lili.modules.order.trade.entity.enums.AfterSaleStatusEnum;
import cn.lili.modules.order.trade.entity.enums.AfterSaleTypeEnum;
import cn.lili.modules.payment.kit.RefundSupport;
import cn.lili.modules.payment.entity.enums.PaymentMethodEnum;
import cn.lili.modules.payment.kit.RefundSupport;
import cn.lili.modules.statistics.entity.dto.StatisticsQueryParam;
import cn.lili.modules.statistics.util.StatisticsDateUtil;
import cn.lili.modules.store.entity.dto.StoreAfterSaleAddressDTO;
@@ -404,7 +404,7 @@ public class AfterSaleServiceImpl extends ServiceImpl<AfterSaleMapper, AfterSale
//写入商家信息
OrderItem orderItem = orderItemService.getBySn(afterSaleDTO.getOrderItemSn());
Order order = orderService.getBySn(orderItem.getOrderSn());
Order order = OperationalJudgment.judgment(orderService.getBySn(orderItem.getOrderSn()));
afterSale.setStoreId(order.getStoreId());
afterSale.setStoreName(order.getStoreName());

14
framework/src/main/java/cn/lili/modules/order/order/serviceimpl/OrderComplaintServiceImpl.java
View File

@@ -3,11 +3,10 @@ package cn.lili.modules.order.order.serviceimpl;
import cn.hutool.core.util.StrUtil;
import cn.lili.common.enums.ResultCode;
import cn.lili.common.exception.ServiceException;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.security.enums.UserEnums;
import cn.lili.common.utils.BeanUtil;
import cn.lili.modules.system.utils.OperationalJudgment;
import cn.lili.mybatis.util.PageUtil;
import cn.lili.common.utils.StringUtils;
import cn.lili.common.vo.PageVO;
import cn.lili.modules.goods.entity.dos.GoodsSku;
@@ -24,6 +23,8 @@ import cn.lili.modules.order.order.service.OrderComplaintCommunicationService;
import cn.lili.modules.order.order.service.OrderComplaintService;
import cn.lili.modules.order.order.service.OrderItemService;
import cn.lili.modules.order.order.service.OrderService;
import cn.lili.modules.system.utils.OperationalJudgment;
import cn.lili.mybatis.util.PageUtil;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
@@ -35,6 +36,7 @@ import org.springframework.stereotype.Service;
import java.util.Date;
import java.util.List;
import java.util.Objects;
/**
* 交易投诉业务层实现
@@ -120,6 +122,7 @@ public class OrderComplaintServiceImpl extends ServiceImpl<OrderComplaintMapper,
public OrderComplaint addOrderComplain(OrderComplaintDTO orderComplaintDTO) {
try {
AuthUser currentUser = Objects.requireNonNull(UserContext.getCurrentUser());
//查询订单信息
OrderDetailVO orderDetailVO = orderService.queryDetail(orderComplaintDTO.getOrderSn());
List<OrderItem> orderItems = orderDetailVO.getOrderItems();
@@ -159,8 +162,8 @@ public class OrderComplaintServiceImpl extends ServiceImpl<OrderComplaintMapper,
orderComplaint.setStoreId(orderDetailVO.getOrder().getStoreId());
orderComplaint.setStoreName(orderDetailVO.getOrder().getStoreName());
orderComplaint.setMemberId(UserContext.getCurrentUser().getId());
orderComplaint.setMemberName(UserContext.getCurrentUser().getUsername());
orderComplaint.setMemberId(currentUser.getId());
orderComplaint.setMemberName(currentUser.getUsername());
//保存订单投诉
this.save(orderComplaint);
@@ -213,8 +216,7 @@ public class OrderComplaintServiceImpl extends ServiceImpl<OrderComplaintMapper,
@Override
public boolean cancel(String id) {
OrderComplaint orderComplaint = this.getById(id);
OrderComplaint orderComplaint = OperationalJudgment.judgment(this.getById(id));
//如果以及仲裁,则不可以进行申诉取消
if(orderComplaint.getComplainStatus().equals(ComplaintStatusEnum.COMPLETE.name())){
throw new ServiceException(ResultCode.COMPLAINT_CANCEL_ERROR);

5
framework/src/main/java/cn/lili/modules/page/entity/dos/Feedback.java
View File

@@ -1,5 +1,7 @@
package cn.lili.modules.page.entity.dos;
import cn.lili.common.security.sensitive.Sensitive;
import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
import cn.lili.modules.page.entity.enums.FeedbackTypeEnum;
import cn.lili.mybatis.BaseIdEntity;
import com.baomidou.mybatisplus.annotation.FieldFill;
@@ -9,6 +11,7 @@ import com.fasterxml.jackson.annotation.JsonFormat;
import io.swagger.annotations.ApiModel;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;
import org.hibernate.validator.constraints.Length;
import org.springframework.data.annotation.CreatedDate;
import org.springframework.format.annotation.DateTimeFormat;
@@ -22,6 +25,7 @@ import java.util.Date;
* @author Bulbasaur
* @since 2020/12/10 17:42
*/
@EqualsAndHashCode(callSuper = true)
@Data
@TableName("li_feedback")
@ApiModel(value = "意见反馈")
@@ -46,6 +50,7 @@ public class Feedback extends BaseIdEntity {
@ApiModelProperty(value = "手机号")
@Length(max = 11, message = "手机号不能超过11位")
@Sensitive(strategy = SensitiveStrategy.PHONE)
private String mobile;
@ApiModelProperty(value = "图片,多个图片使用:()分割")

11
framework/src/main/java/cn/lili/modules/permission/serviceimpl/AdminUserServiceImpl.java
View File

@@ -1,12 +1,11 @@
package cn.lili.modules.permission.serviceimpl;
import cn.lili.modules.system.aspect.annotation.SystemLogPoint;
import cn.hutool.core.text.CharSequenceUtil;
import cn.lili.common.enums.ResultCode;
import cn.lili.common.exception.ServiceException;
import cn.lili.common.security.AuthUser;
import cn.lili.common.security.context.UserContext;
import cn.lili.common.security.token.Token;
import cn.lili.modules.system.token.ManagerTokenGenerate;
import cn.lili.common.utils.BeanUtil;
import cn.lili.common.utils.StringUtils;
import cn.lili.modules.permission.entity.dos.AdminUser;
@@ -17,6 +16,8 @@ import cn.lili.modules.permission.entity.dto.AdminUserDTO;
import cn.lili.modules.permission.entity.vo.AdminUserVO;
import cn.lili.modules.permission.mapper.AdminUserMapper;
import cn.lili.modules.permission.service.*;
import cn.lili.modules.system.aspect.annotation.SystemLogPoint;
import cn.lili.modules.system.token.ManagerTokenGenerate;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
@@ -68,7 +69,7 @@ public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser
adminUserPage.getRecords().forEach(adminUser -> {
AdminUserVO adminUserVO = new AdminUserVO(adminUser);
if (!StringUtils.isEmpty(adminUser.getDepartmentId())) {
if (!CharSequenceUtil.isEmpty(adminUser.getDepartmentId())) {
try {
adminUserVO.setDepartmentTitle(
departments.stream().filter
@@ -208,8 +209,8 @@ public class AdminUserServiceImpl extends ServiceImpl<AdminUserMapper, AdminUser
if (roles.size() > rolesMaxSize) {
throw new ServiceException(ResultCode.PERMISSION_BEYOND_TEN);
}
if (roles.size() > 0) {
dbUser.setRoleIds(StringUtils.join(",", roles));
if (!roles.isEmpty()) {
dbUser.setRoleIds(CharSequenceUtil.join(",", roles));
}
this.save(dbUser);
dbUser = this.findByUsername(dbUser.getUsername());

10
framework/src/main/java/cn/lili/modules/promotion/serviceimpl/MemberAddressServiceImpl.java
View File

@@ -14,6 +14,8 @@ import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.util.Objects;
/**
* 收货地址业务层实现
*
@@ -36,7 +38,7 @@ public class MemberAddressServiceImpl extends ServiceImpl<MemberAddressMapper, M
public MemberAddress getMemberAddress(String id) {
return this.getOne(
new QueryWrapper<MemberAddress>()
.eq("member_id", UserContext.getCurrentUser().getId())
.eq("member_id", Objects.requireNonNull(UserContext.getCurrentUser()).getId())
.eq("id", id));
}
@@ -49,7 +51,7 @@ public class MemberAddressServiceImpl extends ServiceImpl<MemberAddressMapper, M
public MemberAddress getDefaultMemberAddress() {
return this.getOne(
new QueryWrapper<MemberAddress>()
.eq("member_id", UserContext.getCurrentUser().getId())
.eq("member_id", Objects.requireNonNull(UserContext.getCurrentUser()).getId())
.eq("is_default", true));
}
@@ -67,7 +69,7 @@ public class MemberAddressServiceImpl extends ServiceImpl<MemberAddressMapper, M
public MemberAddress updateMemberAddress(MemberAddress memberAddress) {
MemberAddress originalMemberAddress = this.getMemberAddress(memberAddress.getId());
if (originalMemberAddress != null &&
originalMemberAddress.getMemberId().equals(UserContext.getCurrentUser().getId())) {
originalMemberAddress.getMemberId().equals(Objects.requireNonNull(UserContext.getCurrentUser()).getId())) {
if (memberAddress.getIsDefault() == null) {
memberAddress.setIsDefault(false);
@@ -93,7 +95,7 @@ public class MemberAddressServiceImpl extends ServiceImpl<MemberAddressMapper, M
*/
private void removeDefaultAddress(MemberAddress memberAddress) {
//如果不是默认地址不需要处理
if (memberAddress.getIsDefault()) {
if (Boolean.TRUE.equals(memberAddress.getIsDefault())) {
//将会员的地址修改为非默认地址
LambdaUpdateWrapper<MemberAddress> lambdaUpdateWrapper = Wrappers.lambdaUpdate();
lambdaUpdateWrapper.set(MemberAddress::getIsDefault, false);

2
framework/src/main/java/cn/lili/modules/search/serviceimpl/EsGoodsSearchServiceImpl.java
View File

@@ -397,7 +397,7 @@ public class EsGoodsSearchServiceImpl implements EsGoodsSearchService {
filterBuilder.must(QueryBuilders.termsQuery(ATTR_BRAND_ID, brands));
}
if (searchDTO.getRecommend() != null) {
filterBuilder.filter(QueryBuilders.termQuery("storeId", searchDTO.getRecommend()));
filterBuilder.filter(QueryBuilders.termQuery("recommend", searchDTO.getRecommend()));
}
//规格项判定
if (searchDTO.getNameIds() != null && !searchDTO.getNameIds().isEmpty()) {

17
framework/src/main/java/cn/lili/modules/store/entity/dto/StoreEditDTO.java
View File

@@ -1,5 +1,7 @@
package cn.lili.modules.store.entity.dto;
import cn.lili.common.security.sensitive.Sensitive;
import cn.lili.common.security.sensitive.enums.SensitiveStrategy;
import cn.lili.common.validation.Mobile;
import cn.lili.common.validation.Phone;
import com.baomidou.mybatisplus.annotation.TableField;
@@ -37,11 +39,13 @@ public class StoreEditDTO {
@NotBlank(message = "公司名称不能为空")
@Size(min = 2, max = 100, message = "公司名称错误")
@ApiModelProperty(value = "公司名称")
@Sensitive(strategy = SensitiveStrategy.USERNAME)
private String companyName;
@NotBlank(message = "公司地址不能为空")
@Size(min = 1, max = 200, message = "公司地址,长度为1-200字符")
@ApiModelProperty(value = "公司地址")
@Sensitive(strategy = SensitiveStrategy.ADDRESS)
private String companyAddress;
@ApiModelProperty(value = "公司地址地区Id")
@@ -52,10 +56,12 @@ public class StoreEditDTO {
@Mobile
@ApiModelProperty(value = "公司电话")
@Sensitive(strategy = SensitiveStrategy.PHONE)
private String companyPhone;
@Email
@ApiModelProperty(value = "电子邮箱")
@Sensitive(strategy = SensitiveStrategy.EMAIL)
private String companyEmail;
@Min(value = 1, message = "员工总数,至少一位")
@@ -74,10 +80,12 @@ public class StoreEditDTO {
@NotBlank(message = "手机号不能为空")
@Phone
@ApiModelProperty(value = "联系人电话")
@Sensitive(strategy = SensitiveStrategy.PHONE)
private String linkPhone;
@Size(min = 18, max = 18, message = "营业执照长度为18位字符")
@ApiModelProperty(value = "营业执照号")
@Sensitive(strategy = SensitiveStrategy.NAME)
private String licenseNum;
@Size(min = 1, max = 200, message = "法定经营范围长度为1-200位字符")
@@ -91,11 +99,13 @@ public class StoreEditDTO {
@NotBlank(message = "法人姓名不能为空")
@Size(min = 2, max = 20, message = "法人姓名长度为2-20位字符")
@ApiModelProperty(value = "法人姓名")
@Sensitive(strategy = SensitiveStrategy.USERNAME)
private String legalName;
@NotBlank(message = "法人身份证不能为空")
@Size(min = 18, max = 18, message = "法人身份证号长度为18位")
@ApiModelProperty(value = "法人身份证")
@Sensitive(strategy = SensitiveStrategy.ID_CARD)
private String legalId;
@NotBlank(message = "法人身份证不能为空")
@@ -105,21 +115,25 @@ public class StoreEditDTO {
@Size(min = 1, max = 200, message = "结算银行开户行名称长度为1-200位")
@NotBlank(message = "结算银行开户行名称不能为空")
@ApiModelProperty(value = "结算银行开户行名称")
@Sensitive(strategy = SensitiveStrategy.NAME)
private String settlementBankAccountName;
@Size(min = 1, max = 200, message = "结算银行开户账号长度为1-200位")
@NotBlank(message = "结算银行开户账号不能为空")
@ApiModelProperty(value = "结算银行开户账号")
@Sensitive(strategy = SensitiveStrategy.NAME)
private String settlementBankAccountNum;
@Size(min = 1, max = 200, message = "结算银行开户支行名称长度为1-200位")
@NotBlank(message = "结算银行开户支行名称不能为空")
@ApiModelProperty(value = "结算银行开户支行名称")
@Sensitive(strategy = SensitiveStrategy.NAME)
private String settlementBankBranchName;
@Size(min = 1, max = 50, message = "结算银行支行联行号长度为1-200位")
@NotBlank(message = "结算银行支行联行号不能为空")
@ApiModelProperty(value = "结算银行支行联行号")
@Sensitive(strategy = SensitiveStrategy.NAME)
private String settlementBankJointName;
@NotBlank(message = "店铺经营类目不能为空")
@@ -141,11 +155,12 @@ public class StoreEditDTO {
private String ddCode;
//店铺退货收件地址
@ApiModelProperty(value = "收货人姓名")
@Sensitive(strategy = SensitiveStrategy.USERNAME)
private String salesConsigneeName;
@ApiModelProperty(value = "收件人手机")
@Sensitive(strategy = SensitiveStrategy.PHONE)
private String salesConsigneeMobile;
@ApiModelProperty(value = "地址Id ''分割")

2
framework/src/main/java/cn/lili/modules/store/entity/vos/StoreDetailVO.java
View File

@@ -3,6 +3,7 @@ package cn.lili.modules.store.entity.vos;
import cn.lili.modules.store.entity.dto.StoreEditDTO;
import io.swagger.annotations.ApiModelProperty;
import lombok.Data;
import lombok.EqualsAndHashCode;
/**
* 店铺详细VO
@@ -10,6 +11,7 @@ import lombok.Data;
* @author pikachu
* @since 2020-03-09 21:53:20
*/
@EqualsAndHashCode(callSuper = true)
@Data
public class StoreDetailVO extends StoreEditDTO {