:lock: 接口安全性提高

src/main/java/com/szwl/controller/TAdminController.java

@@ -950,10 +950,11 @@ public class TAdminController {
 
     @ApiOperation(value = "获取admin信息")
     @GetMapping("/getAdminOne/{adminId}")
-    public ResponseModel<?> getAdminOne(@PathVariable Long adminId) {
-        LambdaQueryWrapper<TAdmin> wrapper = Wrappers.lambdaQuery();
-        wrapper.eq(TAdmin::getId, adminId);
-        TAdmin admin = tAdminService.getOne(wrapper);
+    public ResponseModel<TAdmin> getAdminOne(@PathVariable Long adminId) {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String id = userDetailBO.getId().toString();
+        TAdmin admin = tAdminService.getById(id);
         if (Objects.isNull(admin)) {
             return R.fail("当前用户不存在");
         }
@@ -975,7 +976,10 @@ public class TAdminController {
 
     @ApiOperation(value = "通过 adminId 获取上级账号信息")
     @GetMapping("/getRelation")
-    public ResponseModel<TAdmin> getRelation(String adminId) {
+    public ResponseModel<TAdmin> getRelation() {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
         LambdaQueryWrapper<TAdmin> wrapper = Wrappers.lambdaQuery();
         wrapper.eq(TAdmin::getId, adminId);
         TAdmin admin = tAdminService.getOne(wrapper);

src/main/java/com/szwl/controller/TEquipmentController.java

@@ -20,9 +20,12 @@ import com.szwl.annotation.Audit;
 import com.szwl.constant.AuditEnum;
 import com.szwl.constant.ConfigConsts;
 import com.szwl.constant.ResponseCodesEnum;
+import com.szwl.exception.BizException;
+import com.szwl.manager.TokenManager;
 import com.szwl.model.bean.*;
 import com.szwl.model.bo.R;
 import com.szwl.model.bo.ResponseModel;
+import com.szwl.model.bo.UserDetailBO;
 import com.szwl.model.entity.*;
 import com.szwl.model.param.PasswordParam;
 import com.szwl.model.query.StatisticsParam;
@@ -100,6 +103,8 @@ public class TEquipmentController {
     @Autowired
     TLabelService labelService;
 
+    @Autowired
+    TokenManager tokenManager;
     /**
      * 超时时间为30秒
      */
@@ -148,20 +153,24 @@ public class TEquipmentController {
                                             String areaName, String eqeStatus, String machineType, String equimentType,
                                             String channel, String companyType, String labelId, String todayDate, Long current, Long size) {
 
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
+        int authId = Integer.parseInt(adminId);
         LambdaQueryWrapper<TEquipment> query = Wrappers.lambdaQuery();
-        TAdmin admin = tAdminService.getById(id);
+        TAdmin admin = tAdminService.getById(authId);
         // 申泽管理员
-        if (id == 2738) {
+        if (authId == 2738) {
             companyType = "0";
         }
         // 七云管理员
-        if (id == 2739) {
+        if (authId == 2739) {
             companyType = "1";
         }
         Integer type = admin.getType();
         if (type > 1) {
             if (type == 2) {
-                query.eq(TEquipment::getAdminId, id);
+                query.eq(TEquipment::getAdminId, authId);
             }
             if (type == 3) {
                 // TODO:

src/main/java/com/szwl/controller/TJoinpayMchController.java

@@ -6,8 +6,11 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.szwl.constant.ResponseCodesEnum;
+import com.szwl.exception.BizException;
+import com.szwl.manager.TokenManager;
 import com.szwl.model.bo.R;
 import com.szwl.model.bo.ResponseModel;
+import com.szwl.model.bo.UserDetailBO;
 import com.szwl.model.entity.TAdmin;
 import com.szwl.model.entity.TEquipment;
 import com.szwl.model.entity.TJoinpayMch;
@@ -25,6 +28,7 @@ import org.springframework.web.bind.annotation.*;
 import javax.xml.crypto.Data;
 import java.util.Date;
 import java.util.List;
+import java.util.Optional;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -47,10 +51,17 @@ public class TJoinpayMchController {
     TJoinpayMchCheckService tJoinpayMchCheckService;
     @Autowired
     TAdminService adminService;
+    @Autowired
+    TokenManager tokenManager;
+
     @ApiOperation(value = "查找汇聚收款账户信息")
     @PostMapping("/getOne")
-    public ResponseModel<TJoinpayMch> getOne(String adminId) {
-        TAdmin admin = adminService.getById(adminId);
+    public ResponseModel<TJoinpayMch> getOne() {
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
+
+//        TAdmin admin = adminService.getById(adminId);
         LambdaQueryWrapper<TJoinpayMch> query = Wrappers.lambdaQuery();
         query.eq(TJoinpayMch::getAdminId,adminId);
         List<TJoinpayMch> list = tJoinpayMchService.list(query);
@@ -217,7 +228,10 @@ public class TJoinpayMchController {
     @ApiOperation(value = "获取提现信息")
     @GetMapping("/getMch")
     public ResponseModel<TJoinpayMch> getMch(@RequestParam String id) {
-        TAdmin admin = adminService.getById(id);
+        UserDetailBO userDetailBO = Optional.ofNullable(tokenManager.getLoginUserDetails())
+                .orElseThrow(() -> new BizException(ResponseCodesEnum.L0001));
+        String adminId = userDetailBO.getId().toString();
+        TAdmin admin = adminService.getById(adminId);
         if(admin.getType()<=1){
             //公司
             TJoinpayMch tJoinpayMch = new TJoinpayMch();
@@ -226,7 +240,7 @@ public class TJoinpayMchController {
         }else {
             //商家
             LambdaQueryWrapper<TJoinpayMch> query = Wrappers.lambdaQuery();
-            query.eq(TJoinpayMch::getAdminId,Long.valueOf(id));
+            query.eq(TJoinpayMch::getAdminId,Long.valueOf(adminId));
             TJoinpayMch tJoinpayMch = tJoinpayMchService.getOne(query);
             if(tJoinpayMch == null) {
                 return R.ok(null);

src/test/java/com/szwl/service/impl/TestAliMAil.java

@@ -0,0 +1,101 @@
+package com.szwl.service.impl;
+
+import javax.mail.*;
+import javax.mail.internet.InternetAddress;
+import javax.mail.internet.MimeMessage;
+import java.io.UnsupportedEncodingException;
+import java.util.Date;
+import java.util.Properties;
+import java.util.UUID;
+
+public class TestAliMAil {
+    public static void main(String[] args) {
+        sendAuthCodePortalmcc("446678759@qq.com", "邮件测试发送");
+    }
+
+    protected static String genMessageID(String mailFrom) {
+        // message-id 必须符合 first-part@last-part
+        String[] mailInfo = mailFrom.split("@");
+        String domain = mailFrom;
+        int index = mailInfo.length - 1;
+        if (index >= 0) {
+            domain = mailInfo[index];
+        }
+        UUID uuid = UUID.randomUUID();
+        StringBuffer messageId = new StringBuffer();
+        messageId.append('<').append(uuid.toString()).append('@').append(domain).append('>');
+        return messageId.toString();
+    }
+
+    public static void sendAuthCodePortalmcc(String toEmail, String content) {
+        // 配置发送邮件的环境属性
+        final Properties props = new Properties();
+
+        // 表示SMTP发送邮件，需要进行身份验证
+        props.put("mail.smtp.auth", "true");
+        props.put("mail.smtp.host", "smtpdm.aliyun.com");  //华东1：smtpdm.aliyun.com，悉尼：smtpdm-ap-southeast-2.aliyun.com，（美国(原悉尼））：smtpdm-us-east-1.aliyuncs.com
+        //设置端口：
+        props.put("mail.smtp.port", "80");  //或"25"
+        props.put("mail.smtp.from", "support@portalmcc.com.cn");  //mailfrom 参数
+        props.put("mail.user", "support@portalmcc.com.cn");  // 发件人的账号（在控制台创建的发信地址）
+        props.put("mail.password", "DirectMail321");  // 发信地址的smtp密码（在控制台选择发信地址进行设置）
+        System.setProperty("mail.mime.splitlongparameters", "false");  //用于解决附件名过长导致的显示异常
+
+        // 构建授权信息，用于进行SMTP进行身份验证
+        Authenticator authenticator = new Authenticator() {
+            @Override
+            protected PasswordAuthentication getPasswordAuthentication() {
+                // 用户名、密码
+                String userName = props.getProperty("mail.user");
+                String password = props.getProperty("mail.password");
+                return new PasswordAuthentication(userName, password);
+            }
+        };
+        //使用环境属性和授权信息，创建邮件会话
+        Session mailSession = Session.getInstance(props, authenticator);
+        //mailSession.setDebug(true);  //开启debug模式
+
+
+        final String messageIDValue = genMessageID(props.getProperty("mail.user"));
+        //创建邮件消息
+        MimeMessage message = new MimeMessage(mailSession) {
+            @Override
+            protected void updateMessageID() throws MessagingException {
+                //设置自定义Message-ID值
+                setHeader("Message-ID", messageIDValue);  //创建Message-ID
+            }
+        };
+
+        try {
+            // 设置发件人邮件地址和名称。填写控制台配置的发信地址。和上面的mail.user保持一致。名称用户可以自定义填写。
+            InternetAddress from = new InternetAddress("support@portalmcc.com.cn", "Cotton Candy Robot");  //from 参数,可实现代发，注意：代发容易被收信方拒信或进入垃圾箱。
+            message.setFrom(from);
+
+            //可选。设置回信地址
+            Address[] a = new Address[1];
+            a[0] = new InternetAddress(toEmail);
+            message.setReplyTo(a);
+
+            // 设置收件人邮件地址
+            InternetAddress to = new InternetAddress(toEmail);
+            message.setRecipient(MimeMessage.RecipientType.TO, to);
+
+
+            message.setSentDate(new Date());  //设置时间
+
+            //设置邮件标题
+            message.setSubject("Verification Code");
+            message.setContent(content, "text/html;charset=UTF-8");  //html超文本；// "text/plain;charset=UTF-8" //纯文本。
+            // 发送邮件
+            Transport.send(message);
+
+        } catch (MessagingException e) {
+            String err = e.getMessage();
+            // 在这里处理message内容， 格式是固定的
+            System.out.println(err);
+        } catch (UnsupportedEncodingException e) {
+            e.printStackTrace();
+        }
+
+    }
+}