:lock: 安全性提升

src/main/java/com/szwl/aspect/MyWebMvcConfigurer.java

@@ -66,9 +66,10 @@ public class MyWebMvcConfigurer extends WebMvcConfigurationSupport {
 
         // 特别包含需要进行TOKEN检查的路径
         for (String path : new String[]{
-                "/tAdmin/getAdminList", "/tAdmin/getRelation",
+                "/tAdmin/getAdminList", "/tAdmin/getRelation", "/tAdmin/getAdmin",
                 "/tJoinpayMch/getOne",
-                "/tEquipment/findList"
+                "/tEquipment/findList", "/tEquipment/listEquipment", "/tEquipment/getMachineNum",
+                "/tHuifuMch/getHuifuMchCheck"
         }) {
             registry.addInterceptor(headTokenInterceptor)
                     .addPathPatterns(path);

src/main/java/com/szwl/controller/TAdminController.java

@@ -707,8 +707,11 @@ public class TAdminController {
     @ApiOperation(value = "获取账号信息")
     @GetMapping("/getAdmin")
     public ResponseModel<TAdmin> getAdmin(@RequestParam String id) {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
         LambdaQueryWrapper<TAdmin> query = Wrappers.lambdaQuery();
-        query.eq(TAdmin::getId, id);
+        query.eq(TAdmin::getId, adminId);
         TAdmin tAdmin = Optional.ofNullable(tAdminService.getOnly(query))
                 .orElseThrow(() -> new BizException(ResponseCodesEnum.L0002));
         if (StringUtils.isEmpty(tAdmin.getManagerId())) {
@@ -716,8 +719,8 @@ public class TAdminController {
             tAdmin.setManagerId(managerId);
             tAdminService.getById(tAdmin);
         }
-        UserDetailBO userDetailBO = BeanUtil.copyProperties(tAdmin, UserDetailBO.class, "password");
-        return R.ok(userDetailBO);
+        UserDetailBO userDetail = BeanUtil.copyProperties(tAdmin, UserDetailBO.class, "password");
+        return R.ok(userDetail);
     }
 
     @ApiOperation(value = "获取账号列表 分页")

src/main/java/com/szwl/controller/TEquipmentController.java

@@ -428,14 +428,18 @@ public class TEquipmentController {
     @ApiOperation(value = "adminId查找设备")
     @GetMapping("/listEquipment")
     public ResponseModel<?> listEquipment(String adminId) {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String authId = userDetailBO.getId().toString();
+
         LambdaQueryWrapper<TEquipment> query = Wrappers.lambdaQuery();
-        TAdmin admin = tAdminService.getById(adminId);
+        TAdmin admin = tAdminService.getById(authId);
         Integer type = admin.getType();
         if (type < 2) {
             query.eq(TEquipment::getAdminId, 238);
         }
         if (type == 2) {
-            query.eq(TEquipment::getAdminId, adminId);
+            query.eq(TEquipment::getAdminId, authId);
         }
 
         if (type == 3) {
@@ -903,10 +907,16 @@ public class TEquipmentController {
     @ApiOperation(value = "获取机器数量")
     @PostMapping("/getMachineNum")
     public ResponseModel<?> getMachineNum(@RequestBody StatisticsParam param) {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+
         String machineTotalNum;
         String machineUseNum;
         String equipmentId = param.getEquipmentId();
-        String paramAdminId = param.getAdminId();
+
+        String paramAdminId = userDetailBO.getId().toString();
+//        String paramAdminId = param.getAdminId();
+
         TAdmin admin = tAdminService.getById(paramAdminId);
         Integer type = admin.getType();
         if (type < 2) {

src/main/java/com/szwl/controller/THuifuMchController.java

@@ -8,8 +8,11 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.huifu.bspay.sdk.opps.core.exception.BasePayException;
 import com.szwl.constant.HuifuConstant;
 import com.szwl.constant.ResponseCodesEnum;
+import com.szwl.exception.BizException;
+import com.szwl.manager.TokenManager;
 import com.szwl.model.bo.R;
 import com.szwl.model.bo.ResponseModel;
+import com.szwl.model.bo.UserDetailBO;
 import com.szwl.model.entity.THuifuMch;
 import com.szwl.model.entity.THuifuMchCheck;
 import com.szwl.model.entity.TJoinpayMch;
@@ -26,6 +29,7 @@ import org.springframework.web.multipart.MultipartFile;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 import java.util.Date;
+import java.util.Optional;
 
 /**
  * <p>
@@ -47,6 +51,9 @@ public class THuifuMchController {
     @Autowired
     private THuifuMchCheckService tHuifuMchCheckService;
 
+    @Autowired
+    private TokenManager tokenManager;
+
     @ApiOperation(value = "商户入驻申请")
     @PostMapping("/addApplication")
     public ResponseModel<?> addApplication(@Valid @RequestBody THuifuMchCheck tHuifuMchCheck) {
@@ -314,11 +321,12 @@ public class THuifuMchController {
     @ApiOperation(value = "获取审核信息")
     @GetMapping("/getHuifuMchCheck")
     public ResponseModel<THuifuMchCheck> getHuifuMchCheck(@RequestParam Long adminId) {
-        if(adminId == null) {
-            return R.fail(ResponseCodesEnum.A0001);
-        }
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String authId = userDetailBO.getId().toString();
+
         LambdaQueryWrapper<THuifuMchCheck> queryWrapper = new LambdaQueryWrapper<>();
-        queryWrapper.eq(THuifuMchCheck::getAdminId,adminId);
+        queryWrapper.eq(THuifuMchCheck::getAdminId,authId);
         THuifuMchCheck huifuMchCheck = tHuifuMchCheckService.getOne(queryWrapper);
         return R.ok(huifuMchCheck);
     }