Merge branch 'hotfix-20220608-cert' of googol/YY_BE_2 into master

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/controller/ApiController.java

@@ -121,6 +121,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.mock.web.MockMultipartFile;
@@ -757,6 +758,24 @@ public class ApiController {
 				List<SysUserSubVO> userSignCertList = sysUserSignCertService.listUserSignCertForApi(sysU.getUserId());
 				mapOne.put("certList", userSignCertList);
 
+				// 获取发起认证的令牌
+				String randomStr;
+
+				// 获取操作员
+				HnqzUser finaAdmin = SecurityUtils.getUser();
+				final String token = String.format("%d:batch_channel_cert:%d:token", finaAdmin.getTenantId(), finaAdmin.getId());
+
+				// 返回缓存生成好的
+				if (Boolean.TRUE.equals(redisTemplate.hasKey(token))) {
+					randomStr = (String) redisTemplate.opsForValue().get(token);
+				} else {
+					// 生成缓存key,将token缓存到redis
+					do {
+						randomStr = RandomStringUtils.randomNumeric(6);
+					} while (Boolean.FALSE.equals(redisTemplate.opsForValue().setIfAbsent(token, randomStr)));
+				}
+				mapOne.put("certToken", randomStr);
+
 				list.add(mapOne);
 
 				roleList.addAll(roleIdList);

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/controller/SysUserSignCertController.java

@@ -14,9 +14,12 @@ import com.qunzhixinxi.hnqz.admin.service.SysUserService;
 import com.qunzhixinxi.hnqz.admin.service.gig.SysUserSignCertService;
 import com.qunzhixinxi.hnqz.common.core.util.R;
 import com.qunzhixinxi.hnqz.common.log.annotation.SysLog;
+import com.qunzhixinxi.hnqz.common.security.service.HnqzUser;
+import com.qunzhixinxi.hnqz.common.security.util.SecurityUtils;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.data.redis.core.RedisTemplate;
+import org.springframework.data.redis.core.script.DefaultRedisScript;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -24,6 +27,7 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -42,7 +46,7 @@ public class SysUserSignCertController {
 
 	private final SysUserService sysUserService;
 
-	private final RedisTemplate redisTemplate;
+	private final RedisTemplate<String, Object> redisTemplate;
 
 	/**
 	 * 保存银行卡信息
@@ -163,6 +167,21 @@ public class SysUserSignCertController {
 	@SysLog("用户签约认证")
 	@PostMapping("/batch-channel-cert")
 	public R<?> batchChannelCert(@RequestBody UserSignCertDTO userSignCertDTO) {
+
+		//1、验证令牌是否合法【令牌的对比和删除必须保证原子性】
+		HnqzUser finaAdmin = SecurityUtils.getUser();
+		final String REDIS_DEL_SCRIPT = "if redis.call('get', KEYS[1]) == ARGV[1] then return redis.call('del', KEYS[1]) else return 0 end";
+		Long execute = redisTemplate.execute(new DefaultRedisScript<>(REDIS_DEL_SCRIPT, Long.class),
+				Collections.singletonList(String.format("%d:batch_channel_cert:%d:token", finaAdmin.getTenantId(), finaAdmin.getId())), userSignCertDTO.getToken());
+		// 通过EVAL脚本原子验证令牌和删除令牌
+		boolean oops = (execute != null && execute == 0);
+
+		// 令牌验证失败
+		if (oops) {
+			log.error(String.format("提交 TOKEN 不正确：%s", userSignCertDTO.getToken()));
+			return R.failed("提交 TOKEN 不正确，请刷新页面重试");
+		}
+
 		if (userSignCertDTO.getUserId() == null) {
 			return R.failed("userId不能为空");
 		}

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/entity/dto/UserSignCertDTO.java

@@ -71,4 +71,9 @@ public class UserSignCertDTO implements Serializable {
 	 * 验证码
 	 */
 	private String verifyCode;
+
+	/**
+	 * 令牌
+	 */
+	private String token;
 }

hnqz-upms/hnqz-upms-biz/src/main/java/com/qunzhixinxi/hnqz/admin/service/gig/impl/GigThirdApiServiceImpl.java

@@ -3,6 +3,7 @@ package com.qunzhixinxi.hnqz.admin.service.gig.impl;
 import cn.hutool.core.map.MapUtil;
 import cn.hutool.core.util.StrUtil;
 import cn.hutool.json.JSONUtil;
+import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.qunzhixinxi.hnqz.admin.api.constant.CacheConstants;
 import com.qunzhixinxi.hnqz.admin.api.dto.OladingCommonRequest;
@@ -294,7 +295,7 @@ public class GigThirdApiServiceImpl implements GigThirdApiService {
 		}
 
 		Map<String, String> subMap = new HashMap<>();
-		SysUserSub updateUserSub = new SysUserSub();
+		LambdaUpdateWrapper<SysUserSub> updateUserSubWrapper = Wrappers.lambdaUpdate();
 		if (OladingCommonRequest.UploadIdCardImageStatus.IDENTIFY_SUCCESS.equals(uploadIdCertStatus)) {
 			// 如果成功，则发送协议上传MQ
 			log.info("=============================发送协议上传MQ==================================");
@@ -303,17 +304,19 @@ public class GigThirdApiServiceImpl implements GigThirdApiService {
 			userSignCertDTO.setGigTypeList(Collections.singletonList(GigTypeEnum.OLADING));
 			sysUserSignCertService.batchChannelCert(userSignCertDTO);
 			subMap.put("certStatus", OladingCertStatus.SIGNED.name());
-			updateUserSub.setCertStatus(Integer.valueOf(OladingCertStatus.SIGNED.getCode()));
+			updateUserSubWrapper.set(SysUserSub::getCertStatus, Integer.valueOf(OladingCertStatus.SIGNED.getCode()));
 		} else {
 			subMap.put("certStatus", OladingCertStatus.SIGNED.name());
-			updateUserSub.setCertStatus(Integer.valueOf(OladingCertStatus.SIGNED.getCode()));
-			updateUserSub.setCallbackStatus(GigCallBackStatus.RETURNED);
+			updateUserSubWrapper.set(SysUserSub::getCertStatus, Integer.valueOf(OladingCertStatus.SIGNED.getCode()));
+			updateUserSubWrapper.set(SysUserSub::getCallbackStatus, GigCallBackStatus.RETURNED);
+			updateUserSubWrapper.set(SysUserSub::getIdCardFrontUrl, null);
+			updateUserSubWrapper.set(SysUserSub::getIdCardBackUrl, null);
 		}
-		updateUserSub.setId(userSub.getId());
-		updateUserSub.setUpdateTime(LocalDateTime.now());
-		updateUserSub.setUpdateUser(0);
+		updateUserSubWrapper.eq(SysUserSub::getId, userSub.getId());
+		updateUserSubWrapper.set(SysUserSub::getUpdateTime, LocalDateTime.now());
+		updateUserSubWrapper.set(SysUserSub::getUpdateUser, 0);
 		// 更新状态
-		sysUserSubService.updateById(updateUserSub);
+		sysUserSubService.update(updateUserSubWrapper);
 
 		// 结果放到redis
 		String key = CacheConstants.USER_SIGN_CERT_RESPONSE_KEY + userSub.getUserId();