Merge remote-tracking branch 'origin/v1' into v1

pom.xml

@@ -55,6 +55,12 @@
             <artifactId>druid-spring-boot-starter</artifactId>
             <version>1.1.5</version>
         </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
@@ -146,7 +152,7 @@
     <build>
         <resources>
             <resource>
-                <directory>${project.ba1dir}/src/main/resources</directory>
+                <directory>${project.basedir}/src/main/resources</directory>
             </resource>
             <resource>
                 <directory>${project.build.directory}/generated-resources</directory>

src/main/java/cn/quantgroup/cashloanflowboss/api/channel/controller/ChannelConfController.java

@@ -2,6 +2,7 @@ package cn.quantgroup.cashloanflowboss.api.channel.controller;
 
 import cn.quantgroup.cashloanflowboss.api.channel.model.ChannelConfVo;
 import cn.quantgroup.cashloanflowboss.api.channel.service.ChannelConfService;
+import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
 import cn.quantgroup.cashloanflowboss.core.annotation.ChannelIdInit;
 import cn.quantgroup.cashloanflowboss.core.annotation.CheckChannelRole;
 import cn.quantgroup.cashloanflowboss.core.base.Result;
@@ -32,9 +33,13 @@ public class ChannelConfController {
      * @param pageSize
      * @return
      */
+    @Security(authorityId = "Channel.getChannelInfo")
     @ChannelIdInit
     @PostMapping("/info")
     public Result channelInfo(Long channelId, Integer pageNumber, Integer pageSize) {
+        if (pageNumber == null || pageSize == null) {
+            return Result.buildFial("page信息不对");
+        }
         return Result.buildSuccess(channelConfService.getChannelInfo(pageNumber, pageSize, channelId));
     }
 

src/main/java/cn/quantgroup/cashloanflowboss/api/log/controller/LogController.java

@@ -30,7 +30,7 @@ public class LogController {
      * @return
      */
     @PostMapping("/login")
-    public Result<Boolean> login(@RequestBody @Valid LoginFormModel loginFormModel) {
+    public Result<String> login(@RequestBody @Valid LoginFormModel loginFormModel) {
         return new Result<>(ApplicationStatus.SUCCESS, this.logService.login(loginFormModel.getUsername(), loginFormModel.getPassword()));
     }
 

src/main/java/cn/quantgroup/cashloanflowboss/api/log/service/LogService.java

@@ -36,7 +36,7 @@ public class LogService {
      * @param password 密码（明文）
      * @return
      */
-    public boolean login(String username, String password) {
+    public String login(String username, String password) {
 
         User user = this.userService.getUser(username);
 
@@ -61,7 +61,7 @@ public class LogService {
 
         session.setAttribute(ApplicationDictionary.PRINCIPAL, JSONTools.serialize(principal));
 
-        return true;
+        return session.getId();
 
     }
 

src/main/java/cn/quantgroup/cashloanflowboss/api/order/controller/OrderController.java

@@ -4,6 +4,7 @@ import cn.quantgroup.cashloanflowboss.api.order.model.ApproveVo;
 import cn.quantgroup.cashloanflowboss.api.order.model.LendingFormModel;
 import cn.quantgroup.cashloanflowboss.api.order.model.OrderVo;
 import cn.quantgroup.cashloanflowboss.api.order.service.OrderService;
+import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
 import cn.quantgroup.cashloanflowboss.core.annotation.ChannelIdInit;
 import cn.quantgroup.cashloanflowboss.core.annotation.CheckChannelRole;
 import cn.quantgroup.cashloanflowboss.core.annotation.CheckChannelRoleByChannelOrderNumber;
@@ -37,10 +38,14 @@ public class OrderController {
      * @param pageSize
      * @return 返回中包含当前订单可操作的 button
      */
+    @Security(authorityId = "Order.getOrderList")
     @ChannelIdInit
     @CheckChannelRole
-    @GetMapping("/info")
+    @GetMapping("/list")
     public Result getOrders(Long channelId, String channelOrderNumber, Integer pageNumber, Integer pageSize) {
+        if (pageNumber == null || pageSize == null) {
+            return Result.buildFial("page信息不对");
+        }
         return Result.buildSuccess(orderService.getOrders(channelId, channelOrderNumber, pageNumber, pageSize));
     }
 

src/main/java/cn/quantgroup/cashloanflowboss/api/order/model/OrderVo.java

@@ -36,7 +36,7 @@ public class OrderVo {
         cancel("贷前关单"),
         pay_succ("放款成功"),
         pay_fail("放款失败"),
-        withdraw2_succ("二次提现成功"),
+        withdraw_second("存管提现"),
         cancel_after("贷后关单");
 
         OptButtonAction(String desc) {

src/main/java/cn/quantgroup/cashloanflowboss/api/order/service/OrderService.java

@@ -111,21 +111,28 @@ public class OrderService {
             orderVo.setChannelId(it.getRegisteredFrom());
             orderVo.setChannelOrderNumber(it.getChannelOrderNo());
             orderVo.setCreatedAt(it.getCreatedAt().getTime());
-
-            OrderApprove orderApprove = orderApproveRepository.findByCreditNumber(it.getApplyNo());
-
-            ServiceResult<XyqbCurrentOrderStatusServiceResultModel> xyqbCenterServiceXyqbOrderStatus = xyqbCenterService.getXyqbOrderStatus(it.getApplyNo(), it.getLoanId());
-            log.info("[xyqbCenterService.getXyqbOrderStatus]xyqbOrderStatus={}", JSONTools.serialize(xyqbCenterServiceXyqbOrderStatus));
-            if (xyqbCenterServiceXyqbOrderStatus.isSuccess()) {
-                QueryXyqbOrderStatus currentStatus = xyqbCenterServiceXyqbOrderStatus.getData().getCurrentStatus();
-
-                Tuple<String, List<OrderVo.OptButton>> currentStatusAndButtons = OrderUtil.getCurrentStatusAndButtons(currentStatus, orderApprove);
-                orderVo.setStatus(currentStatusAndButtons.getKey());
-                orderVo.setOpt(currentStatusAndButtons.getValue());
-                orderVo.setMessage("");
+            if (StringUtils.isNotEmpty(it.getApplyNo())) {
+
+                OrderApprove orderApprove = orderApproveRepository.findByCreditNumber(it.getApplyNo());
+
+                ServiceResult<XyqbCurrentOrderStatusServiceResultModel> xyqbCenterServiceXyqbOrderStatus = xyqbCenterService.getXyqbOrderStatus(it.getApplyNo(), it.getLoanId());
+                log.info("[xyqbCenterService.getXyqbOrderStatus]xyqbOrderStatus={}", JSONTools.serialize(xyqbCenterServiceXyqbOrderStatus));
+                if (xyqbCenterServiceXyqbOrderStatus.isSuccess()) {
+                    QueryXyqbOrderStatus currentStatus = xyqbCenterServiceXyqbOrderStatus.getData().getCurrentStatus();
+
+                    Tuple<String, List<OrderVo.OptButton>> currentStatusAndButtons = OrderUtil.getCurrentStatusAndButtons(currentStatus, orderApprove);
+                    orderVo.setStatus(currentStatusAndButtons.getKey());
+                    orderVo.setOpt(currentStatusAndButtons.getValue());
+                    orderVo.setMessage("");
+                } else {
+                    orderVo.setMessage("订单查询错误");
+                }
             } else {
-                orderVo.setMessage("订单查询错误");
+                orderVo.setStatus("授信中");
+                orderVo.setOpt(new ArrayList<>());
+                orderVo.setMessage("");
             }
+
             return orderVo;
         });
     }

src/main/java/cn/quantgroup/cashloanflowboss/api/order/util/OrderUtil.java

@@ -80,6 +80,10 @@ public class OrderUtil {
                             cancelAfterButton.setAction(OrderVo.OptButtonAction.cancel_after.name());
                             cancelAfterButton.setName(OrderVo.OptButtonAction.cancel_after.getDesc());
                             buttonList.add(cancelAfterButton);
+                            OrderVo.OptButton withdrawSecondButton = new OrderVo.OptButton();
+                            withdrawSecondButton.setAction(OrderVo.OptButtonAction.withdraw_second.name());
+                            withdrawSecondButton.setName(OrderVo.OptButtonAction.withdraw_second.getDesc());
+                            buttonList.add(withdrawSecondButton);
                         } else {
                             tuple.setKey("放款成功");
                         }

src/main/java/cn/quantgroup/cashloanflowboss/core/aspect/RoleLoadAspect.java

@@ -2,6 +2,7 @@ package cn.quantgroup.cashloanflowboss.core.aspect;
 
 import cn.quantgroup.cashloanflowboss.api.channel.model.ChannelConfVo;
 import cn.quantgroup.cashloanflowboss.api.channel.util.ChannelConfUtil;
+import cn.quantgroup.cashloanflowboss.api.log.model.Principal;
 import cn.quantgroup.cashloanflowboss.core.Application;
 import cn.quantgroup.cashloanflowboss.core.annotation.ChannelIdInit;
 import cn.quantgroup.cashloanflowboss.core.annotation.CheckChannelRole;
@@ -57,20 +58,31 @@ public class RoleLoadAspect {
         MethodSignature methodSignature = (MethodSignature) pjp.getSignature();
         Method method = methodSignature.getMethod();
 
+        Principal principal = Application.getPrincipal();
+        if (principal == null) {
+            try {
+                // 没有登录 登录检查控制
+                return pjp.proceed(args);
+            } catch (Throwable throwable) {
+                log.error("请求失败，e={}", ExceptionUtils.getStackTrace(throwable));
+                return Result.buildFial();
+            }
+        }
+
         // 如果是渠道用户登陆 默认加载channelId
         ChannelIdInit annotation = method.getAnnotation(ChannelIdInit.class);
-        if (annotation != null && Application.getPrincipal().isChannel()) {
+        if (annotation != null && principal.isChannel()) {
             String[] paramNames = ((CodeSignature) pjp.getSignature()).getParameterNames();
             for (int i = 0; i < paramNames.length; i++) {
                 if (ChannelConfUtil.channelIdParamName.equals(paramNames[i])) {
-                    args[i] = Application.getPrincipal().getChannelId();
+                    args[i] = principal.getChannelId();
                 }
             }
         }
 
         // 如果是渠道用户登陆，参数中channelId 不是登陆用户channelId，返回 拒绝请求
         CheckChannelRole checkChannelRole = method.getAnnotation(CheckChannelRole.class);
-        if (checkChannelRole != null && Application.getPrincipal().isChannel()) {
+        if (checkChannelRole != null && principal.isChannel()) {
             Long requestChannelId = -1L;
             if (!checkChannelRole.isObjParam()) {
                 String[] paramNames = ((CodeSignature) pjp.getSignature()).getParameterNames();
@@ -84,7 +96,7 @@ public class RoleLoadAspect {
                             return Result.buildFial(ApplicationStatus.ARGUMENT_VALID_EXCEPTION);
                         }
                         requestChannelId = Long.valueOf(String.valueOf(requestChannelIdObj));
-                        if (!Application.getPrincipal().isSameChannel(requestChannelId)) {
+                        if (!principal.isSameChannel(requestChannelId)) {
                             log.info("[CheckChannelRole]渠道用户，登陆channelId与查询channelId不是同一个");
                             return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
                         }
@@ -102,7 +114,7 @@ public class RoleLoadAspect {
                     requestChannelId = channelIdTemp;
                 }
             }
-            if (!Application.getPrincipal().isSameChannel(requestChannelId)) {
+            if (!principal.isSameChannel(requestChannelId)) {
                 log.info("[CheckChannelRole]渠道用户，登陆channelId与查询channelId不是同一个");
                 return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
             }
@@ -111,7 +123,7 @@ public class RoleLoadAspect {
 
         // 如果是渠道用户登陆，参数中channelOrderNumber 不是登陆用户channelOrderNumber，返回 拒绝请求
         CheckChannelRoleByChannelOrderNumber checkChannelRoleByChannelOrderNumber = method.getAnnotation(CheckChannelRoleByChannelOrderNumber.class);
-        if (checkChannelRoleByChannelOrderNumber != null && Application.getPrincipal().isChannel()) {
+        if (checkChannelRoleByChannelOrderNumber != null && principal.isChannel()) {
             String[] paramNames = ((CodeSignature) pjp.getSignature()).getParameterNames();
             String channelOrderNumber = "";
             for (int i = 0; i < paramNames.length; i++) {
@@ -128,7 +140,7 @@ public class RoleLoadAspect {
                 log.info("[CheckChannelRoleByChannelOrderNumber]无channelOrderNumber数据，channelOrderNumber={}",channelOrderNumber);
                 return Result.buildFial(ApplicationStatus.ARGUMENT_VALID_EXCEPTION, "未找到该订单");
             }
-            if (!clfOrderMapping.getRegisteredFrom().equals(Application.getPrincipal().getChannelId())) {
+            if (!clfOrderMapping.getRegisteredFrom().equals(principal.getChannelId())) {
                 log.info("[CheckChannelRoleByChannelOrderNumber]不是该渠道的订单，channelOrderNumber={}",channelOrderNumber);
                 return Result.buildFial(ApplicationStatus.INVALID_AUTHORITY);
             }

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/CorsConfiguration.java

+package cn.quantgroup.cashloanflowboss.core.configuration;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+/**
+ * function:
+ * date: 2019/8/20
+ *
+ * @author: suntao
+ */
+@Configuration
+public class CorsConfiguration extends WebMvcConfigurerAdapter {
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+
+        registry.addMapping("/**")
+                .allowedOrigins("*")
+                .allowedMethods("GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS", "TRACE")
+                .allowCredentials(true);
+
+    }
+
+}

src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/TomcatConfiguration.java

+package cn.quantgroup.cashloanflowboss.core.configuration;
+
+import org.apache.tomcat.util.http.LegacyCookieProcessor;
+import org.springframework.boot.context.embedded.EmbeddedServletContainerCustomizer;
+import org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer;
+import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Created by WeiWei on 2019/8/21.
+ */
+@Configuration
+public class TomcatConfiguration {
+
+    @Bean
+    public EmbeddedServletContainerCustomizer cookieProcessorCustomizer() {
+
+        return container -> {
+            if (container instanceof TomcatEmbeddedServletContainerFactory) {
+                ((TomcatEmbeddedServletContainerFactory) container).addContextCustomizers((TomcatContextCustomizer) context -> context.setCookieProcessor(new LegacyCookieProcessor()));
+            }
+        };
+
+    }
+
+}

src/main/resources/logback-pro.xml

@@ -16,12 +16,12 @@
             <pattern>${FILE_LOG_PATTERN}</pattern>
         </encoder>
     </appender>
-    <appender name="Sentry" class="cn.quantgroup.sentry.appender.StandardSentryAppender">
-        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
-            <level>ERROR</level>
-            <!-- level:基本建议ERROR or WARN -->
-        </filter>
-    </appender>
+    <!--<appender name="Sentry" class="cn.quantgroup.sentry.appender.StandardSentryAppender">-->
+        <!--<filter class="ch.qos.logback.classic.filter.ThresholdFilter">-->
+            <!--<level>ERROR</level>-->
+            <!--&lt;!&ndash; level:基本建议ERROR or WARN &ndash;&gt;-->
+        <!--</filter>-->
+    <!--</appender>-->
 
     <logger name="org.springframework" level="warn"/>
     <logger name="org.hibernate" level="warn"/>
@@ -31,7 +31,7 @@
     <logger name="cn.quantgroup.user.UserSdkServiceImpl" level="warn"/>
     <root level="info">
         <appender-ref ref="FILE"/>
-        <appender-ref ref="Sentry"/>
+        <!--<appender-ref ref="Sentry"/>-->
     </root>
 
 </configuration>
\ No newline at end of file