bonus
/
gz_car_manage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug 修改

This commit is contained in:
jiang 2025-10-27 14:54:55 +08:00
parent 09c85c8879
commit f6250cb9ea
14 changed files with 390 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/main/java/com/bonus/gzcar/business/backstage/controller/CarBalanceController.java
View File

@ -36,26 +36,29 @@ public class CarBalanceController {
/**
* 分页查询结算接口
*
* @param dto
* @return
*/
@GetMapping("getSupPageList")
@DecryptAndVerify(decryptedClass = CarBalanceVo.class)
public PageInfo<CarBalanceVo> getSupPageList(EncryptedReq<CarBalanceVo> dto) {
PageHelper.startPage(dto.getPageNum(),dto.getPageSize());
List<CarBalanceVo> list = service.getSupPageList(dto.getData());;
PageHelper.startPage(dto.getPageNum(), dto.getPageSize());
List<CarBalanceVo> list = service.getSupPageList(dto.getData());
;
return new PageInfo<>(list);
}
@PostMapping("export")
public void export(HttpServletResponse response, @RequestBody CarBalanceVo dto) {
try {
List<CarBalanceVo> list = service.getSupPageList(dto);
final int[] num = {1};
list.forEach(vo->{
list.forEach(vo -> {
vo.setXh(num[0]);
num[0]++;
});
ExportExcelUtil.export(response,"付款单录入", CarBalanceVo.class,list);
ExportExcelUtil.export(response, "付款单录入", CarBalanceVo.class, list);
} catch (Exception e) {
log.error(e.toString(), e);
}
@ -63,50 +66,64 @@ public class CarBalanceController {
/**
* 分页查询付款计划数据
*
* @param dto
* @return
*/
@GetMapping("getPayCarPlanList")
@DecryptAndVerify(decryptedClass = CarBalancePlanVo.class)
public PageInfo<CarBalancePlanVo> getPayCarPlanList(EncryptedReq<CarBalancePlanVo> dto) {
PageHelper.startPage(dto.getPageNum(),dto.getPageSize());
List<CarBalancePlanVo> list = service.getPayCarPlanList(dto.getData());;
PageHelper.startPage(dto.getPageNum(), dto.getPageSize());
List<CarBalancePlanVo> list = service.getPayCarPlanList(dto.getData());
;
return new PageInfo<>(list);
}
/**
* 按照需求计划进行查询 用车明细
* --查询详情
*
* @param dto
* @return
*/
@GetMapping("getPayCarDetails")
@DecryptAndVerify(decryptedClass = CarPlanOutVoDetailsVo.class)
public ServerResponse<List<CarPlanOutVoDetailsVo>> getPayCarDetails(EncryptedReq<CarPlanOutVoDetailsVo> dto) {
List<CarPlanOutVoDetailsVo> list = service.getPayCarDetails(dto.getData());;
List<CarPlanOutVoDetailsVo> list = service.getPayCarDetails(dto.getData());
;
return ServerResponse.createSuccess(list);
}
@PostMapping("addBalanceData")
public ServerResponse<String> addBalanceData(HttpServletRequest request, @RequestParam(value = "file[]", required = false) MultipartFile[] files) {
return service.addBalanceData(request, files);
}
/**
* 新增 结算信息
* 修改 入场费用与实际天数
*
* @param
* @return
*/
@PostMapping("addBalanceData")
public ServerResponse<String> addBalanceData(HttpServletRequest request, @RequestParam(value = "file[]",required = false) MultipartFile[] files) {
return service.addBalanceData(request,files);
@PostMapping("updatePayCar")
@DecryptAndVerify(decryptedClass = CarPlanOutVoDetailsVo.class)
public ServerResponse<String> updatePayCar(EncryptedReq<CarPlanOutVoDetailsVo> dto) {
return service.updatePayCar(dto.getData());
}
/**
* 查询结算详情
*
* @param dto
* @return
*/
@GetMapping("getSltDetailsList")
@DecryptAndVerify(decryptedClass = CarBalanceVo.class)
public PageInfo<CarBalanceVo> getSltDetailsList(EncryptedReq<CarBalanceVo> dto) {
PageHelper.startPage(dto.getPageNum(),dto.getPageSize());
List<CarBalanceVo> list = service.getSltDetailsList(dto.getData());;
PageHelper.startPage(dto.getPageNum(), dto.getPageSize());
List<CarBalanceVo> list = service.getSltDetailsList(dto.getData());
;
return new PageInfo<>(list);
}
@ -114,33 +131,33 @@ public class CarBalanceController {
public void export2(HttpServletResponse response, @RequestBody CarBalanceVo dto) {
try {
List<CarBalanceVo> list = service.getSltDetailsList(dto);
List<CarBalanceExport4Vo> export=new ArrayList<>();
List<CarBalanceExport4Vo> export = new ArrayList<>();
final int[] num = {1};
list.forEach(vo->{
CarBalanceExport4Vo exp=new CarBalanceExport4Vo();
BeanUtils.copyProperties(vo,exp);
if("未付".equals(exp.getStatus())){
list.forEach(vo -> {
CarBalanceExport4Vo exp = new CarBalanceExport4Vo();
BeanUtils.copyProperties(vo, exp);
if ("未付".equals(exp.getStatus())) {
exp.setPayMoney("未付");
}
if("1".equals(exp.getType())){
if ("1".equals(exp.getType())) {
exp.setType("车辆");
}else{
} else {
exp.setType("吊车");
}
exp.setXh(num[0]);
num[0]++;
export.add(exp);
});
ExportExcelUtil.export(response,"付款单录入详情", CarBalanceExport4Vo.class,export);
ExportExcelUtil.export(response, "付款单录入详情", CarBalanceExport4Vo.class, export);
} catch (Exception e) {
log.error(e.toString(), e);
}
}
/**
* 结算/未结算-详情记录
*
* @param dto 详情在 计划id查询接口
* @return
*/
@ -151,7 +168,4 @@ public class CarBalanceController {
}
}

4
src/main/java/com/bonus/gzcar/business/backstage/entity/CarBalanceVo.java
View File

@ -11,6 +11,8 @@ import java.lang.ref.PhantomReference;
*/
@Data
public class CarBalanceVo extends ParentVo {
private String id;
/**
* 供应商id
*/
@ -126,6 +128,4 @@ public class CarBalanceVo extends ParentVo {
private String typeName;
}

13
src/main/java/com/bonus/gzcar/business/backstage/entity/CarPlanOutVoDetailsVo.java
View File

@ -7,6 +7,7 @@ import java.util.List;
/**
* 派车详情表
*
* @author 黑子
*/
@Data
@ -47,7 +48,7 @@ public class CarPlanOutVoDetailsVo {
private String useAddress;
/**
* 发车id
* 发车id
*/
private String outId;
/**
@ -61,7 +62,7 @@ public class CarPlanOutVoDetailsVo {
/**
* 是否需要驾驶员
*/
private int isDriverSet;
private int isDriverSet;
/**
* 商品名称
*/
@ -82,7 +83,7 @@ public class CarPlanOutVoDetailsVo {
/**
* 计划类型 1车辆 2 吊车
*/
private int planType;
private int planType;
private String brand;
@ -93,7 +94,7 @@ public class CarPlanOutVoDetailsVo {
private String gls;
/**
* 起运地:
* */
*/
private String startAddress;
/**
* 目的地
@ -181,7 +182,6 @@ public class CarPlanOutVoDetailsVo {
private List<FileUploadVo> operaImage;
/**
* 文件集合
*/
@ -244,6 +244,9 @@ public class CarPlanOutVoDetailsVo {
private String planCode;
private int fileNum;
private String fee;
private Integer days;
}

2
src/main/java/com/bonus/gzcar/business/backstage/mapper/CarBalanceMapper.java
View File

@ -75,4 +75,6 @@ public interface CarBalanceMapper {
* @return
*/
List<String> getOutIdByPlanId(CarBalanceDetailsVo vo);
Integer updatePayCar(CarPlanOutVoDetailsVo vo);
}

2
src/main/java/com/bonus/gzcar/business/backstage/service/CarBalanceService.java
View File

@ -56,4 +56,6 @@ public interface CarBalanceService {
* @return
*/
ServerResponse<CarBalanceDetailsVo> getSltDetailsInfo(CarBalanceDetailsVo data);
ServerResponse<String> updatePayCar(CarPlanOutVoDetailsVo vo);
}

215
src/main/java/com/bonus/gzcar/business/backstage/service/CarBalanceServiceImpl.java
View File

@ -4,6 +4,7 @@ import cn.hutool.core.util.ObjectUtil;
import com.alibaba.fastjson.JSON;
import com.bonus.gzcar.business.backstage.entity.*;
import com.bonus.gzcar.business.backstage.mapper.CarBalanceMapper;
import com.bonus.gzcar.business.backstage.mapper.SupDispatchCarMapper;
import com.bonus.gzcar.business.system.entity.FileUploadVo;
import com.bonus.gzcar.business.system.service.AuditRecordService;
import com.bonus.gzcar.business.system.service.FileUploadService;
@ -20,6 +21,8 @@ import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;
import javax.servlet.http.HttpServletRequest;
import java.math.BigDecimal;
import java.math.RoundingMode;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@ -30,8 +33,9 @@ import java.util.Objects;
*/
@Slf4j
@Service
public class CarBalanceServiceImpl implements CarBalanceService{
public class CarBalanceServiceImpl implements CarBalanceService {
@Autowired
private SupDispatchCarMapper supDispatchCarMapper;
@Autowired
private CarBalanceMapper mapper;
@Autowired
@ -40,143 +44,234 @@ public class CarBalanceServiceImpl implements CarBalanceService{
@Override
public List<CarBalanceVo> getSupPageList(CarBalanceVo data) {
List<CarBalanceVo> list=new ArrayList<>();
try{
list=mapper.getSupPageList(data);
}catch (Exception e){
log.error(e.toString(),e);
List<CarBalanceVo> list = new ArrayList<>();
try {
list = mapper.getSupPageList(data);
} catch (Exception e) {
log.error(e.toString(), e);
}
return list;
}
/**
* 查询计划进行结算
*
* @param data
* @return
*/
@Override
public List<CarBalancePlanVo> getPayCarPlanList(CarBalancePlanVo data) {
List<CarBalancePlanVo> list=new ArrayList<>();
try{
list=mapper.getPayCarPlanList(data);
}catch (Exception e){
log.error(e.toString(),e);
List<CarBalancePlanVo> list = new ArrayList<>();
try {
list = mapper.getPayCarPlanList(data);
} catch (Exception e) {
log.error(e.toString(), e);
}
return list;
}
/**
* 查询 派车信息详情
*
* @param data
* @return
*/
@Override
public List<CarPlanOutVoDetailsVo> getPayCarDetails(CarPlanOutVoDetailsVo data) {
List<CarPlanOutVoDetailsVo> list=new ArrayList<>();
try{
List<CarPlanOutVoDetailsVo> list = new ArrayList<>();
try {
data.setPlanIds(Arrays.asList(data.getPlanId().split("@")));
list=mapper.getPayCarDetails(data);
if(!list.isEmpty()){
for (CarPlanOutVoDetailsVo vo:list){
List<FileUploadVo> fileList2=uploadService.getFileList(vo.getId(),"car_plan_out_details","");
list = mapper.getPayCarDetails(data);
if (!list.isEmpty()) {
for (CarPlanOutVoDetailsVo vo : list) {
List<FileUploadVo> fileList2 = uploadService.getFileList(vo.getId(), "car_plan_out_details", "");
vo.setFileList(fileList2);
List<FileUploadVo> carImage=uploadService.getFileList(vo.getCarId(),"car_supplier_info","");
List<FileUploadVo> carImage = uploadService.getFileList(vo.getCarId(), "car_supplier_info", "");
vo.setCarImage(carImage);
List<FileUploadVo> driverUserImage=uploadService.getFileList(vo.getDriverUserId(),"car_driver_info","");
List<FileUploadVo> driverUserImage = uploadService.getFileList(vo.getDriverUserId(), "car_driver_info", "");
vo.setDriverUserImage(driverUserImage);
List<FileUploadVo> operaImage=uploadService.getFileList(vo.getOperaUserId(),"car_driver_info","");
List<FileUploadVo> operaImage = uploadService.getFileList(vo.getOperaUserId(), "car_driver_info", "");
vo.setOperaImage(operaImage);
}
}
}catch (Exception e){
log.error(e.toString(),e);
} catch (Exception e) {
log.error(e.toString(), e);
}
return list;
}
/**
* 新增付款结算信息
*
* @param request
* @param files
* @return
*/
@Override
public ServerResponse<String> addBalanceData(HttpServletRequest request, MultipartFile[] files) {
try{
String params=request.getParameter("params");
if(StringHelper.isEmpty(params)){
return ServerResponse.createErroe("请求参数缺失");
try {
String params = request.getParameter("params");
if (StringHelper.isEmpty(params)) {
return ServerResponse.createErroe("请求参数缺失");
}
String userId= Objects.requireNonNull(UserUtil.getLoginUser()).getUserId().toString();
CarSltApplyVo data= JSON.parseObject(params, CarSltApplyVo.class);
String userId = Objects.requireNonNull(UserUtil.getLoginUser()).getUserId().toString();
CarSltApplyVo data = JSON.parseObject(params, CarSltApplyVo.class);
data.setCreator(userId);
data.setUpdater(userId);
if(files==null || files.length<1){
return ServerResponse.createErroe("请上传结算附件!");
if (files == null || files.length < 1) {
return ServerResponse.createErroe("请上传结算附件!");
}
int num=mapper.addBalanceData(data);
if(num>0){
uploadService.uploadImage(files,data.getId(),"car_slt_apply","结算附件");
List<CarSltPlanVo> planList=data.getPlanList();
int succes=mapper.addSltPlanInfo(data,planList);
if(succes==planList.size()){
List<CarSltApplyDetailsVo> detailsVoList=data.getDetailsList();
int sucNum=mapper.addBalanceDetailsData(data,detailsVoList);
if(sucNum==detailsVoList.size()){
int num = mapper.addBalanceData(data);
if (num > 0) {
uploadService.uploadImage(files, data.getId(), "car_slt_apply", "结算附件");
List<CarSltPlanVo> planList = data.getPlanList();
int succes = mapper.addSltPlanInfo(data, planList);
if (succes == planList.size()) {
List<CarSltApplyDetailsVo> detailsVoList = data.getDetailsList();
int sucNum = mapper.addBalanceDetailsData(data, detailsVoList);
if (sucNum == detailsVoList.size()) {
return ServerResponse.createBySuccessMsg("结算成功");
}
}
}
}catch (Exception e){
log.error(e.toString(),e);
} catch (Exception e) {
log.error(e.toString(), e);
}
return ServerResponse.createErroe("新增结算失败");
}
/**
* 分页查询供应商结算详情
*
* @param data
* @return
*/
@Override
public List<CarBalanceVo> getSltDetailsList(CarBalanceVo data) {
List<CarBalanceVo> list=new ArrayList<>();
try{
list=mapper.getSltDetailsList(data);
}catch (Exception e){
log.error(e.toString(),e);
List<CarBalanceVo> list = new ArrayList<>();
try {
list = mapper.getSltDetailsList(data);
} catch (Exception e) {
log.error(e.toString(), e);
}
return list;
}
/**
* 查询 结算/未结算详情
*
* @param data
* @return
*/
@Override
public ServerResponse<CarBalanceDetailsVo> getSltDetailsInfo(CarBalanceDetailsVo data) {
try{
CarBalanceDetailsVo vo=mapper.getSltDetailsInfo(data);
if(ObjectUtil.isNotEmpty(vo)){
List<String> outIds=mapper.getOutIdByPlanId(vo);
List<FileUploadVo> fileUploadVos=new ArrayList<>();
for (String outId:outIds){
List<FileUploadVo> fileList=uploadService.getFileList(outId,"car_plan_out","");
if(ListHelpUtil.isNotEmpty(fileList)){
try {
CarBalanceDetailsVo vo = mapper.getSltDetailsInfo(data);
if (ObjectUtil.isNotEmpty(vo)) {
List<String> outIds = mapper.getOutIdByPlanId(vo);
List<FileUploadVo> fileUploadVos = new ArrayList<>();
for (String outId : outIds) {
List<FileUploadVo> fileList = uploadService.getFileList(outId, "car_plan_out", "");
if (ListHelpUtil.isNotEmpty(fileList)) {
fileUploadVos.addAll(fileList);
}
}
if(StringHelper.isNotEmpty(vo.getSltId())){
List<FileUploadVo> fileList=uploadService.getFileList(vo.getSltId(),"car_slt_apply","");
if (StringHelper.isNotEmpty(vo.getSltId())) {
List<FileUploadVo> fileList = uploadService.getFileList(vo.getSltId(), "car_slt_apply", "");
fileUploadVos.addAll(fileList);
}
vo.setFileList(fileUploadVos);
}
return ServerResponse.createSuccess(vo);
}catch (Exception e){
log.error(e.toString(),e);
} catch (Exception e) {
log.error(e.toString(), e);
}
return ServerResponse.createSuccess("查询失败", new CarBalanceDetailsVo());
}
@Override
public ServerResponse<String> updatePayCar(CarPlanOutVoDetailsVo vo) {
try {
StringBuilder sb = new StringBuilder();
BigDecimal cost = new BigDecimal(0);
//计划天数
int day = vo.getDays();
try {
BigDecimal days = new BigDecimal(day);
BigDecimal fee = new BigDecimal(vo.getFee());
BigDecimal dcMoney = new BigDecimal("0");
BigDecimal month = new BigDecimal("30");
PriceVo priceVo = getMoney(vo.getContractId(), vo.getModelId(), vo.getSupId(), null);
sb.append("依据:").append(priceVo.getName()).append("-").append(priceVo.getModel());
vo.setPriceId(priceVo.getId());
vo.setGlsPrice(priceVo.getPrice());
int dayToMonth = priceVo.getDayToMonth();
if (day >= dayToMonth) {
sb.append("、作业天数>=").append(dayToMonth);
vo.setDcUnit("元/月/台");
vo.setIsDayOrMonth("2");
BigDecimal monthPrice = new BigDecimal(priceVo.getMonthPrice());
if (day > 30) {
vo.setDcPrice(monthPrice.divide(month, RoundingMode.CEILING).toString());
dcMoney = monthPrice.divide(month, RoundingMode.CEILING).multiply(days);
vo.setDcMoney(dcMoney.toString());
cost = cost.add(dcMoney).add(fee);
vo.setCost(cost.toString());
} else {
vo.setDcPrice(priceVo.getMonthPrice());
vo.setDcMoney(priceVo.getMonthPrice());
cost = cost.add(monthPrice).add(fee);
vo.setCost(cost.toString());
}
} else {
sb.append("、作业天数<").append(dayToMonth);
vo.setIsDayOrMonth("1");
vo.setDcPrice(priceVo.getDayPrice());
vo.setDcUnit("元/天/台");
BigDecimal dayPrice = new BigDecimal(priceVo.getDayPrice());
dcMoney = dayPrice.multiply(days);
vo.setDcMoney(dcMoney.toString());
cost = cost.add(dcMoney).add(fee);
vo.setCost(cost.toString());
}
vo.setDayPrice(priceVo.getDayPrice());
vo.setMonthPrice(priceVo.getMonthPrice());
} catch (Exception e) {
log.error(e.toString(), e);
}
vo.setRemark(sb.toString());
Integer i = mapper.updatePayCar(vo);
return i > 0 ? ServerResponse.createSuccess("录入成功") : ServerResponse.createErroe("录入失败");
} catch (Exception e) {
log.error(e.toString(), e);
return ServerResponse.createErroe("录入失败");
}
}
/**
* 计算 车辆 公里数价格
*
* @param gls
* @return
*/
private PriceVo getMoney(String contractId, String modelId, String supId, String gls) throws Exception {
List<PriceVo> list = supDispatchCarMapper.getContractPriceList(contractId, modelId, supId);
//车辆
if (StringHelper.isEmpty(modelId)) {
BigDecimal nowGls = new BigDecimal(gls);
for (PriceVo priceVo : list) {
BigDecimal glsEnd = new BigDecimal(priceVo.getGlsEnd());
BigDecimal glsStart = new BigDecimal(priceVo.getGlsStart());
if (nowGls.compareTo(glsEnd) <= 0 && nowGls.compareTo(glsStart) >= 0) {
return priceVo;
}
}
throw new Exception();
} else {
return list.get(0);
}
return ServerResponse.createSuccess("查询失败",new CarBalanceDetailsVo());
}

36
src/main/java/com/bonus/gzcar/manager/common/config/CspFilter.java Normal file
View File

@ -0,0 +1,36 @@
package com.bonus.gzcar.manager.common.config;
import org.springframework.context.annotation.Configuration;
import javax.servlet.*;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
// 注册过滤器
@Configuration
public class CspFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
// 配置 CSP 规则添加 form-action 指令根据需求调整允许的地址
String cspPolicy = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline'; " + // 保留原有配置注意'unsafe-inline' 有风险建议后续优化
"style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; " +
"img-src 'self' data:; " +
"font-src 'self' https://cdnjs.cloudflare.com; " +
"form-action 'self';"; // 新增限制表单仅提交到当前域名
httpResponse.setHeader("Content-Security-Policy", cspPolicy);
chain.doFilter(request, response);
}
// 初始化和销毁方法可留空
@Override
public void init(FilterConfig filterConfig) throws ServletException {}
@Override
public void destroy() {}
}

23
src/main/java/com/bonus/gzcar/manager/common/config/CspInterceptor.java Normal file
View File

@ -0,0 +1,23 @@
package com.bonus.gzcar.manager.common.config;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Component
public class CspInterceptor implements HandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 设置 CSP
String csp = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline'; " +
"style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; " +
"img-src 'self' data:; " +
"font-src 'self' https://cdnjs.cloudflare.com; " +
"form-action 'self';";
response.setHeader("Content-Security-Policy", csp);
return true;
}
}

78
src/main/java/com/bonus/gzcar/manager/common/config/WebMvcConfig.java
View File

@ -2,46 +2,72 @@ package com.bonus.gzcar.manager.common.config;
import com.bonus.gzcar.business.utils.SystemUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {
/**
* 跨域支持
* @return
* @return
*/
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
@Autowired
private CspInterceptor cspInterceptor;
/**
* 跨域支持
*
* @return
* @return
*/
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedMethods("*");
// registry.addMapping("/**")
// .allowedOrigins("http://example.com")
// .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
// .allowedHeaders("*")
// .allowCredentials(true);
}
};
}
}
};
}
@Bean
public FilterRegistrationBean<CspFilter> cspFilterRegistration() {
FilterRegistrationBean<CspFilter> registration = new FilterRegistrationBean<>();
registration.setFilter(new CspFilter());
registration.addUrlPatterns("/*"); // 对所有请求生效
registration.setName("cspFilter");
registration.setOrder(Ordered.HIGHEST_PRECEDENCE); // 确保优先级最高避免被其他过滤器覆盖
return registration;
}
/**
* 外部文件访问
*/
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
String filePath = SystemUtils.getUploadPath();//获取文件上传路径
/** 本地文件上传路径 */
registry.addResourceHandler("/statics/**")
.addResourceLocations("file:" + filePath + "/");
registry.addResourceHandler("/files/**")
.addResourceLocations("file:" + filePath);
/**
* 外部文件访问
*/
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
String filePath= SystemUtils.getUploadPath();
/** 本地文件上传路径 */
registry.addResourceHandler("/statics/**")
.addResourceLocations("file:" + filePath+"/");
registry.addResourceHandler("/files/**")
.addResourceLocations("file:"+filePath);
}
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 对所有请求应用拦截器
registry.addInterceptor(cspInterceptor).addPathPatterns("/**");
}
}

30
src/main/java/com/bonus/gzcar/manager/common/config/WebSecurityConfig.java Normal file
View File

@ -0,0 +1,30 @@
package com.bonus.gzcar.manager.common.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Configuration
public class WebSecurityConfig implements WebMvcConfigurer {
@Override
public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new HandlerInterceptor() {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 禁止被任何页面嵌入推荐
response.setHeader("X-Frame-Options", "DENY");
// 或仅允许同源页面嵌入若业务需要被自身域名下的页面嵌入
// response.setHeader("X-Frame-Options", "SAMEORIGIN");
// 补充 CSP 增强安全性 X-Frame-Options 配合
response.setHeader("Content-Security-Policy", "frame-ancestors 'none'"); // 禁止所有嵌入
// 若允许同源frame-ancestors 'self';
return true;
}
}).addPathPatterns("/**"); // 对所有路径生效
}
}

2
src/main/java/com/bonus/gzcar/manager/security/UserAuthenticationProvider.java
View File

@ -53,7 +53,7 @@ public class UserAuthenticationProvider implements AuthenticationProvider {
// throw new BadCredentialsException("密码不正确");
// }
// 还可以加一些其他信息的判断比如用户账号已停用等判断
/*if (userInfo.getStatus().equals("PROHIBIT")){
/* if (userInfo.getStatus().equals("PROHIBIT")){
throw new LockedException("该用户已被冻结");
}*/
// 角色集合

28
src/main/java/com/bonus/gzcar/manager/security/jwt/JwtAuthenticationTokenFilter.java
View File

@ -29,20 +29,20 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
private JWTTokenService tokenService;
@Value("${server.servlet.context-path}")
public String path;
public String path;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException, IOException, ServletException {
//获取token
String jwtToken = SecurityUtils.getToken(request);
String uri=request.getRequestURI();
System.err.println(uri);
if((path+"/login/userLogin").equals(uri)){
String uri = request.getRequestURI();
System.err.println(uri);
System.err.println(path);
if ((path + "/login/userLogin").equals(uri)) {
filterChain.doFilter(request, response);
return;
}
if((path+"/login/appUserLogin").equals(uri)){
if ((path + "/login/appUserLogin").equals(uri)) {
filterChain.doFilter(request, response);
return;
}
@ -58,8 +58,8 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
// filterChain.doFilter(request, response);
// return;
// }
if(StringUtils.isEmpty(jwtToken)){
ResultUtil.responseJson(response,ResultUtil.resultCode(401,"请先登录"));
if (StringUtils.isEmpty(jwtToken)) {
ResultUtil.responseJson(response, ResultUtil.resultCode(401, "请先登录"));
return;
}
//解析token
@ -69,21 +69,21 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
String userName = (String) claims.get(SecurityConstants.DETAILS_USERNAME);
} catch (Exception e) {
e.printStackTrace();
ResultUtil.responseJson(response,ResultUtil.resultCode(401,"请先登录"));
ResultUtil.responseJson(response, ResultUtil.resultCode(401, "请先登录"));
return;
}
SelfUserEntity loginUser = tokenService.getLoginUser(request);
if(Objects.isNull(loginUser)){
ResultUtil.responseJson(response,ResultUtil.resultCode(401,"登录过期,请重新登录"));
SelfUserEntity loginUser = tokenService.getLoginUser(request);
if (Objects.isNull(loginUser)) {
ResultUtil.responseJson(response, ResultUtil.resultCode(401, "登录过期,请重新登录"));
System.err.println("异常401token信息:" + jwtToken + ",地址" + uri);
return;
}else{
} else {
// 验证令牌有效期相差不足10分钟自动刷新缓存
tokenService.verifyToken(loginUser);
//存入SecurityContextHolder
// 获取权限信息封装到Authentication中
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(loginUser,null, loginUser.getAuthorities());
new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
}
//放行

37
src/main/resources/mappers/business/backstage/CarBalanceMapper.xml
View File

@ -24,6 +24,18 @@
</foreach>
</insert>
<update id="updatePayCar">
update car_plan_out_details
set es_cost = #{cost},
days = #{days},
fee =#{fee},
day_price = #{dayPrice},
month_price =#{monthPrice},
dc_unit = #{dcUnit},
day_or_m = #{isDayOrMonth}
WHERE id = #{id}
</update>
<!--查询 供应商集合-->
<select id="getSupPageList" resultType="com.bonus.gzcar.business.backstage.entity.CarBalanceVo">
select cpo.id,cpo.apply_id applyId ,cpo.sup_id supId,count(1) num ,cs.name supName ,slt.money payMoney,
@ -77,25 +89,26 @@
GROUP BY cpa.id
</select>
<select id="getPayCarDetails" resultType="com.bonus.gzcar.business.backstage.entity.CarPlanOutVoDetailsVo">
select cpod.id, cpod.out_id outId, cpod.apply_id planId,
cpod. model_id modelId, cpod.plan_type, cpod.contract_id contractId,
cpod.sup_id supId, cpod.car_id carId,cpod.goods_name goodsName, cpod.gls,
select cpod.id, cpod.out_id outId, cpod.apply_id planId,
cpod. model_id modelId, cpod.plan_type, cpod.contract_id contractId,
cpod.sup_id supId, cpod.car_id carId,cpod.goods_name goodsName, cpod.gls,
cpod.start_address startAddress, cpod.end_address endAddress,
cpod.price_id priceId,cpod.gls_price glsPrice, cpod.gls_money glsMoney, cpod.use_address useAddress,
cpod.use_day planDay,cpod.driver_id driverUserId, cpod.czy_id operaUserId,
cpod.day_price dayPrice, cpod.month_price monthPrice, cpod.jc_gls jcGls,
cpod.jc_price jcMoney, cpod.dc_money dcMoney, cpod.dc_unit dcUnit,
cpod.es_cost cost, cpod.car_out_id carOutId,cmti.model,cmti.type,cmti.name,cpod.car_num carNum,csi.ton,
cpod.price_id priceId,cpod.gls_price glsPrice, cpod.gls_money glsMoney, cpod.use_address useAddress,
cpod.use_day planDay,cpod.driver_id driverUserId, cpod.czy_id operaUserId,
cpod.day_price dayPrice, cpod.month_price monthPrice, cpod.jc_gls jcGls,
cpod.jc_price jcMoney, cpod.dc_money dcMoney, cpod.dc_unit dcUnit,
cpod.es_cost cost, cpod.car_out_id carOutId,cmti.model,cmti.type,cmti.name,cpod.car_num carNum,csi.ton,
day_or_m isDayOrMonth,cpod.remark,cpd.need_day needDay,cct.is_out_set isOutSet,cct.is_driver_set isDriverSet,
cpa.code planCode,cpa.pro_id proId
cpa.code planCode,cpa.pro_id proId,cpod.days days ,cpod.fee fee
from car_plan_out_details cpod
left join car_plan_details cpd on cpd.apply_id=cpod.apply_id and cpd.model_id=cpod.model_id
LEFT JOIN car_ma_type_info cmti on cmti.id=cpod.model_id
left join car_plan_apply cpa on cpa.id =cpod.apply_id
left join car_supplier_info csi on csi.id= cpod.car_id
left join car_supplier_info csi on csi.id= cpod.car_id
left join car_plan_apply_sup cpas on cpd.apply_id=cpas.apply_id
LEFT JOIN car_contract_type cct on cct.model_id=cpd.model_id and cct.sup_id=cpas.sup_id and cpas.contract_id=cct.contract_id
where cpod.apply_id in (
LEFT JOIN car_contract_type cct on cct.model_id=cpd.model_id and cct.sup_id=cpas.sup_id and
cpas.contract_id=cct.contract_id
where cpod.apply_id in (
<foreach collection="planIds" item="item" separator=",">
#{item}
</foreach>

2
src/main/resources/mappers/business/backstage/CarStatisticsMapper.xml
View File

@ -4,7 +4,7 @@
<mapper namespace="com.bonus.gzcar.business.backstage.mapper.CarStatisticsMapper">
<select id="getSltPageListBySupId" resultType="com.bonus.gzcar.business.backstage.entity.CarBalanceVo">
SELECT cpa.`code` ,cpo.sup_id supId ,cpo.apply_id planId ,sum(cpo.dispatch_num) carNum ,sum(cpo.money) money ,sum(IFNULL(csp.money,0)) payMoney ,
SELECT cpo.id, cpa.`code` ,cpo.sup_id supId ,cpo.apply_id planId ,sum(cpo.dispatch_num) carNum ,sum(cpo.money) money ,sum(IFNULL(csp.money,0)) payMoney ,
if(csp.id is null,'未付','已付') status,pro.name proName ,cs.name supName ,cpo.type,
sum(cpo.money)-sum(IFNULL(csp.money,0)) noPayMoney,cpo.manager ,cpo.create_time jbTime ,csa.create_time fkTime
from car_plan_out cpo