Merge remote-tracking branch 'origin/master'

pluss-api-page/src/main/java/cn/pluss/platform/controller/MerchantBaseInfoController.java

@@ -12,6 +12,7 @@ import cn.pluss.platform.dto.BusinessLicenseDTO;
 import cn.pluss.platform.dto.ImgDTO;
 import cn.pluss.platform.dto.MerchantBaseInfoDTO;
 import cn.pluss.platform.entity.*;
+import cn.pluss.platform.exception.MsgException;
 import cn.pluss.platform.mapper.MerchantImageMapper;
 import cn.pluss.platform.mapper.MerchantRateMapper;
 import cn.pluss.platform.merchant.MerchantBaseInfoService;
@@ -172,6 +173,9 @@ public class MerchantBaseInfoController {
     @ApiImplicitParams({
             @ApiImplicitParam(name = "MerchantBaseInfoDTO", value = "MerchantBaseInfoDTO实例", paramType = "body", dataType = "MerchantBaseInfoDTO", required = true)})
     public Result<?> saveMerchantBaseInfoV2(@RequestBody MerchantBaseInfoDTO merchantBaseInfoDTO) {
+        if (merchantBaseInfoDTO.getAlias().length() < 4 || merchantBaseInfoDTO.getAlias().length() > 18){
+            MsgException.check(true,"请输入4-18位商户简称");
+        }
         try {
             merchantBaseInfoService.saveMerchantBaseInfo(merchantBaseInfoDTO);
             return ResultGenerator.genSuccessResult("保存成功");

pluss-api-page/src/main/java/cn/pluss/platform/controller/MerchantOrderController.java

@@ -445,11 +445,20 @@ public class MerchantOrderController {
      * @return
      */
     @PostMapping("/posScanPay")
-    public Result<Object> posScanPay(HttpServletRequest request,@RequestBody MerChantOrderDTO merchantOrderDTO) {
+    public Result<Object> posScanPay(HttpServletRequest request,@RequestBody MerChantOrderDTO merchantOrderDTO)throws Exception{
         //首先验签
-        verify(merchantOrderDTO.getTimestamp(), merchantOrderDTO.getRequestId(), merchantOrderDTO.getAppId(), merchantOrderDTO.getToken());
+        verify(merchantOrderDTO.getTimestamp(), merchantOrderDTO.getRequestId(), merchantOrderDTO.getAppId(), merchantOrderDTO.getToken(),
+                merchantOrderDTO.getReqData());
+        //拆分参数
+        JSONObject jsonParam = JSONObject.parseObject(merchantOrderDTO.getReqData());
+        Object sn = jsonParam.get("sn");
+        Object authCode = jsonParam.get("authCode");
+        Object consumeFee = jsonParam.get("consumeFee");
+        Object type = jsonParam.get("type");
+        Object mercOrderNo = jsonParam.get("mercOrderNo");
+        Object remark = jsonParam.get("remark");
         //通过后查询商户信息
-        DeviceStock deviceStock = deviceStockService.checkBind(merchantOrderDTO.getSn());
+        DeviceStock deviceStock = deviceStockService.checkBind(sn.toString());
         MerchantBaseInfo merchantBaseInfoById = merchantBaseInfoService.getMerchantBaseInfoById(Integer.valueOf(deviceStock.getActMercId()));
         MsgException.checkNull(merchantBaseInfoById, "找不到商户");
         merchantOrderDTO.setMerchantCode(merchantBaseInfoById.getMerchantCode());
@@ -1357,6 +1366,31 @@ public class MerchantOrderController {
         return ResultGenerator.genSuccessResult(couponList);
     }
 
+    /**
+     * 加上参数的签名
+     * @param timestamp
+     * @param requestId
+     * @param appId
+     * @param token
+     * @param reqData
+     * @throws Exception
+     */
+    public void verify(String timestamp, String requestId, String appId,
+                       String token, String reqData)throws Exception{
+        //首先验证签
+        Map<String, String> tokenMap = TokenUtil.getToken(timestamp, requestId, appId, reqData);
+        boolean sign = tokenMap.get("TOKEN").equals(token);
+        System.out.println(token);
+        MsgException.check(!sign,"签名错误");
+    }
+
+    /**
+     * 不加参数的签名
+     * @param timestamp
+     * @param requestId
+     * @param appId
+     * @param token
+     */
     public void verify(String timestamp, String requestId, String appId,
                        String token){
         //首先验证签

pluss-common-bundle/src/main/java/cn/pluss/platform/util/TokenUtil.java

@@ -58,11 +58,10 @@ public class TokenUtil {
         finalMap.put("TOKEN", MD5Util.md5(token + APP_SECRET).toUpperCase());
         return finalMap;
     }
+    //
     public static Map<String, String> getToken(String timestamp, String requestId, String appId, String reqData)throws Exception {
         String token = "";
         String encode = "";
-        System.out.println(timestamp);
-        System.out.println(requestId);
         System.out.println(appId);
         System.out.println(reqData);
         SortedMap<String, Object> map = new TreeMap();
@@ -81,7 +80,7 @@ public class TokenUtil {
         System.out.println(token);
         Map<String, String> finalMap = new HashMap<>();
         finalMap.put("ENCODE",encode);
-        finalMap.put("TOKEN", RSASignature.sign(encode, RSAUtil.CERT));
+        finalMap.put("TOKEN", MD5Util.md5(token + APP_SECRET).toUpperCase());
         return finalMap;
     }
 
@@ -92,7 +91,14 @@ public class TokenUtil {
         System.out.println(s);
         String s1 = UUID.randomUUID().toString();
         System.out.println(s1);
-        String param = "{\"date\":null,\"sn\":\"ZF544CG02S00001\",\"type\":null,\"page\":1,\"size\":10}";
+        String param = "{\n" +
+                "        \"type\": \"4\",\n" +
+                "        \"consumeFee\": \"0.01\",\n" +
+                "        \"authCode\": \"283907976309543222\",\n" +
+                "        \"sn\": \"BSJQG01YJ0001\",\n" +
+                "        \"mercOrderNo\": \" \",\n" +
+                "        \"remark\": \"测试\"\n" +
+                "    }";
         Map<String, String> token = getToken(s, s1, APP_ID,param);
         System.out.println(token);
 

pluss-manage-page/src/main/java/cn/pluss/platform/controller/home/LoginController.java

@@ -42,11 +42,11 @@ public class LoginController {
     public Result<Object> jwtTest(HttpServletRequest request) {
         String token = request.getHeader("token");
         String userId = request.getHeader("userId");
-
-        if (!Objects.equals("244", userId)) {
-            // 此处不能返回401, 不然会形成死循环
-            throw new MsgException("未授权");
-        }
+//
+//        if (!Objects.equals("244", userId)) {
+//            // 此处不能返回401, 不然会形成死循环
+//            throw new MsgException("未授权");
+//        }
 
         Object tokenUserId = JwtUtils.get("uid", token);
         if (!Objects.equals(userId, tokenUserId.toString())) {

pluss-manage-page/src/main/resources/application.yml

@@ -1,7 +1,7 @@
 spring:
   profiles:
     include: common, ryx, ys
-    active: prod
+    active: dev
   servlet:
     multipart:
       max-file-size: 100MB

pluss-model-bundle/src/main/java/cn/pluss/platform/dto/MerChantOrderDTO.java

@@ -76,6 +76,10 @@ public class MerChantOrderDTO {
      * 设备号
      */
     private String sn;
+    /**
+     * 业务参数
+     */
+    private String reqData;
 
     /**
      * @description:

pluss-service-bundle/src/main/java/cn/pluss/platform/deviceStock/DeviceStockService.java

@@ -101,6 +101,7 @@ public interface DeviceStockService extends IService<DeviceStock> {
     void bindDevcieV2(DeviceStockDTO dto);
 
     DeviceStock checkBind(String sn);
+    DeviceStock checkSN(String sn);
 
     DeviceStock getDeviceBySnNo(String sn);
 }

pluss-service-bundle/src/main/java/cn/pluss/platform/deviceStock/impl/DeviceStockServiceImpl.java

@@ -398,6 +398,16 @@ public class DeviceStockServiceImpl extends ServiceImpl<DeviceStockMapper, Devic
         MsgException.checkBlank(deviceBySnNo.getActMercId(),"未绑定扫码pos");
         return deviceBySnNo;
     }
+    @Override
+    public DeviceStock checkSN(String sn) {
+        MsgException.checkBlank(sn, "缺失设备SN号");
+        DeviceStock deviceBySnNo = baseMapper.getDeviceBySnNo(sn);
+        if (deviceBySnNo == null){
+            MsgException.throwException("未绑定扫码pos");
+        }
+        return deviceBySnNo;
+    }
+
 
     @Override
     public DeviceStock getDeviceBySnNo(String sn) {