Merge branch 'hotfix-20220608-cert' into temp-pre

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/controller/ApiController.java

@@ -121,6 +121,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.mock.web.MockMultipartFile;
@@ -658,7 +659,7 @@ public class ApiController {
 
 				// 小程序角色:5-全职学术信息沟通专员, 6-兼职学术信息沟通专员, 10-兼职CRC, 13-HCP
 				List<Integer> roleIdList = sysU.getRoleList().stream().filter(item ->
-						item.getRoleId() == 5 || item.getRoleId() == 6 || item.getRoleId() == 10 || item.getRoleId() == 13)
+								item.getRoleId() == 5 || item.getRoleId() == 6 || item.getRoleId() == 10 || item.getRoleId() == 13)
 						.map(SysRole::getRoleId).collect(Collectors.toList());
 
 				if ("2".equals(management) && roleIdList.contains(5)) {
@@ -757,6 +758,24 @@ public class ApiController {
 				List<SysUserSubVO> userSignCertList = sysUserSignCertService.listUserSignCertForApi(sysU.getUserId());
 				mapOne.put("certList", userSignCertList);
 
+				// 获取发起认证的令牌
+				String randomStr;
+
+				// 获取操作员
+				HnqzUser finaAdmin = SecurityUtils.getUser();
+				final String token = String.format("%d:batch_channel_cert:%d:token", finaAdmin.getTenantId(), finaAdmin.getId());
+
+				// 返回缓存生成好的
+				if (Boolean.TRUE.equals(redisTemplate.hasKey(token))) {
+					randomStr = (String) redisTemplate.opsForValue().get(token);
+				} else {
+					// 生成缓存key,将token缓存到redis
+					do {
+						randomStr = RandomStringUtils.randomNumeric(6);
+					} while (Boolean.FALSE.equals(redisTemplate.opsForValue().setIfAbsent(token, randomStr)));
+				}
+				mapOne.put("certToken", randomStr);
+
 				list.add(mapOne);
 
 				roleList.addAll(roleIdList);
@@ -819,16 +838,16 @@ public class ApiController {
 				.in(WmTaskType::getParentId, parentId));
 
 		// 按照父id分组
-		Map<String,Map<String, List<WmTaskType>>> pTaskTypeMap = baseTypeList1.stream()
-				.collect(Collectors.groupingBy(WmTaskType::getParentId,Collectors.groupingBy(WmTaskType::getBaseId)));
+		Map<String, Map<String, List<WmTaskType>>> pTaskTypeMap = baseTypeList1.stream()
+				.collect(Collectors.groupingBy(WmTaskType::getParentId, Collectors.groupingBy(WmTaskType::getBaseId)));
 
 		// 查询所有子id对应的taskType列表
 		List<WmTaskType> baseTypeList2 = wmTaskTypeService.
 				list(Wrappers.<WmTaskType>query().lambda().eq(WmTaskType::getTaskTypeLevel, "1").in(WmTaskType::getId, id));
 
 		// 所有子id对应的taskType列表 按照父id分组
-		Map<String,Map<String, List<WmTaskType>>> cTaskTypeMap = baseTypeList2.stream()
-				.collect(Collectors.groupingBy(WmTaskType::getParentId,Collectors.groupingBy(WmTaskType::getBaseId)));
+		Map<String, Map<String, List<WmTaskType>>> cTaskTypeMap = baseTypeList2.stream()
+				.collect(Collectors.groupingBy(WmTaskType::getParentId, Collectors.groupingBy(WmTaskType::getBaseId)));
 		// 对应的parentId
 		Set<String> cPidSet = cTaskTypeMap.keySet();
 
@@ -2863,7 +2882,6 @@ public class ApiController {
 		sysUserService.updateById(sysUser);
 
 
-
 		return R.ok();
 	}
 
@@ -3245,21 +3263,20 @@ public class ApiController {
 
 		List<Map<String, Object>> listMap = new ArrayList<>();
 
-
-		statusList.parallelStream().forEach(item -> {
+		for (WmScorePackageStatus item : statusList) {
 			WmScorePackage wmScorePackage = wmScorePackageService.getById(item.getPackageId());
 			if (null != wmScorePackage) {
 				if ("0".equals(wmScorePackage.getTaskAddFlag())) {
-					return;
+					continue;
 				}
 				if ("1".equals(wmScorePackage.getEnableFlag())) {
-					return;
+					continue;
 				}
 				if ("2".equals(wmScorePackage.getPackageType2())) {
-					return;
+					continue;
 				}
 				if ("3".equals(wmScorePackage.getPackageType1())) {
-					return;
+					continue;
 				}
 				/**
 				 * 过滤有效任务类型
@@ -3281,44 +3298,7 @@ public class ApiController {
 				}
 
 			}
-		});
-
-//		for (WmScorePackageStatus item : statusList) {
-//			WmScorePackage wmScorePackage = wmScorePackageService.getById(item.getPackageId());
-//			if (null != wmScorePackage) {
-//				if ("0".equals(wmScorePackage.getTaskAddFlag())) {
-//					continue;
-//				}
-//				if ("1".equals(wmScorePackage.getEnableFlag())) {
-//					continue;
-//				}
-//				if ("2".equals(wmScorePackage.getPackageType2())) {
-//					continue;
-//				}
-//				if ("3".equals(wmScorePackage.getPackageType1())) {
-//					continue;
-//				}
-//				/**
-//				 * 过滤有效任务类型
-//				 */
-//				WmScoreTaskType taskType = new WmScoreTaskType();
-//				taskType.setTaskTypeId(type);
-//				taskType.setScoreId(wmScorePackage.getId());
-////				List<WmScoreTaskType> taskTypes = wmScoreTaskTypeService.
-////						list(Wrappers.query(taskType));
-//				int total = wmScoreTaskTypeService.count(Wrappers.query(taskType));
-//
-//				if (total != 0) {
-//					Map<String, Object> map = new HashMap<>();
-//					map.put("label", wmScorePackage.getScorePackageName());
-//					map.put("value", wmScorePackage.getId());
-//					String drugProducer = ArrayUtils.isEmpty(wmScorePackage.getDrugProducerList()) ? "" : String.join(StrUtil.COMMA, wmScorePackage.getDrugProducerList());
-//					map.put("drugProducer", drugProducer);
-//					listMap.add(map);
-//				}
-//
-//			}
-//		}
+		}
 
 		return R.ok(listMap);
 	}
@@ -3441,7 +3421,7 @@ public class ApiController {
 	 * @param packageId        积分包id
 	 * @param sharePicUrl      分享图片链接
 	 * @param taskCategoryName 任务类别名称
-	 * @param remark 备注
+	 * @param remark           备注
 	 * @return 结果
 	 */
 	private R<?> shareAndReadTaskMethod(String id, String shareUserId, String openUserId, String type, String packageId,
@@ -3951,12 +3931,13 @@ public class ApiController {
 
 	/**
 	 * 记录广告点击情况
+	 *
 	 * @param json 请求参数
 	 * @return 记录结果
 	 */
 	@PostMapping(value = "/ad-record")
 	@Transactional(rollbackFor = Exception.class)
-	public R<Boolean> insertAdRecord(@RequestBody String json){
+	public R<Boolean> insertAdRecord(@RequestBody String json) {
 		JSONObject jsonObject = JSONObject.parseObject(json);
 		WmAdRecord record = new WmAdRecord();
 		record.setUrl(jsonObject.getString("url"));

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/controller/SysUserSignCertController.java

@@ -14,9 +14,12 @@ import com.qunzhixinxi.hnqz.admin.service.SysUserService;
 import com.qunzhixinxi.hnqz.admin.service.gig.SysUserSignCertService;
 import com.qunzhixinxi.hnqz.common.core.util.R;
 import com.qunzhixinxi.hnqz.common.log.annotation.SysLog;
+import com.qunzhixinxi.hnqz.common.security.service.HnqzUser;
+import com.qunzhixinxi.hnqz.common.security.util.SecurityUtils;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.script.DefaultRedisScript;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -24,6 +27,7 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -42,7 +46,7 @@ public class SysUserSignCertController {
 
 	private final SysUserService sysUserService;
 
-	private final RedisTemplate redisTemplate;
+	private final RedisTemplate<String, Object> redisTemplate;
 
 	/**
 	 * 保存银行卡信息
@@ -163,6 +167,21 @@ public class SysUserSignCertController {
 	@SysLog("用户签约认证")
 	@PostMapping("/batch-channel-cert")
 	public R<?> batchChannelCert(@RequestBody UserSignCertDTO userSignCertDTO) {
+
+		//1、验证令牌是否合法【令牌的对比和删除必须保证原子性】
+		HnqzUser finaAdmin = SecurityUtils.getUser();
+		final String REDIS_DEL_SCRIPT = "if redis.call('get', KEYS[1]) == ARGV[1] then return redis.call('del', KEYS[1]) else return 0 end";
+		Long execute = redisTemplate.execute(new DefaultRedisScript<>(REDIS_DEL_SCRIPT, Long.class),
+				Collections.singletonList(String.format("%d:batch_channel_cert:%d:token", finaAdmin.getTenantId(), finaAdmin.getId())), userSignCertDTO.getToken());
+		// 通过EVAL脚本原子验证令牌和删除令牌
+		boolean oops = (execute != null && execute == 0);
+
+		// 令牌验证失败
+		if (oops) {
+			log.error(String.format("提交 TOKEN 不正确：%s", userSignCertDTO.getToken()));
+			return R.failed("提交 TOKEN 不正确，请刷新页面重试");
+		}
+
 		if (userSignCertDTO.getUserId() == null) {
 			return R.failed("userId不能为空");
 		}

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/entity/dto/UserSignCertDTO.java

@@ -71,4 +71,9 @@ public class UserSignCertDTO implements Serializable {
 	 * 验证码
 	 */
 	private String verifyCode;
+
+	/**
+	 * 令牌
+	 */
+	private String token;
 }