You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
package com.example.demo.controller.cash;
import com.example.demo.Util.JWTUtil;import com.example.demo.config.RateLimitUtil;import com.example.demo.domain.entity.Admin;import com.example.demo.domain.vo.cash.CashRecordDTO;import com.example.demo.domain.vo.cash.CashRecordDone;import com.example.demo.domain.vo.cash.CashRecordRefund;import com.example.demo.domain.vo.coin.Page;import com.example.demo.domain.vo.coin.RechargeUser;import com.example.demo.domain.vo.coin.Result;import com.example.demo.service.cash.RefundService;import com.example.demo.service.coin.MarketService;
import jakarta.annotation.Resource;import jakarta.servlet.http.HttpServletRequest;import lombok.RequiredArgsConstructor;import lombok.extern.slf4j.Slf4j;import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;import org.springframework.util.ObjectUtils;import org.springframework.web.bind.annotation.*;import org.springframework.web.context.request.RequestContextHolder;import org.springframework.web.context.request.ServletRequestAttributes;
import java.util.Arrays;import java.util.List;import java.util.Objects;
/** * @program: GOLD * @ClassName RefundController * @description: * @author: huangqizhen * @create: 2025−09-26 14:15 * @Version 1.0 **/@RestController@RequestMapping("/Money")@RequiredArgsConstructor@Slf4j@CrossOriginpublic class CashRefundController { @Autowired private RefundService refundService; @Autowired MarketService marketService;
/** * 当地财务负责人退款记录 */ @PostMapping("/select") public Result select(@RequestBody Page page) throws Exception { // 获取当前请求对象
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String token = request.getHeader("token");
// 解析 token 获取用户信息
Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); List<String> userMarkets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); List<String> markets = marketService.getMarketIds(userMarkets);
// 校验分页参数
if (ObjectUtils.isEmpty(page.getPageNum())) { return Result.error("页码数为空!"); } if (ObjectUtils.isEmpty(page.getPageSize())) { return Result.error("页大小为空!"); }
// 获取传入的市场列表
List<String> requestedMarkets = page.getCashRecordDTO() != null ? page.getCashRecordDTO().getMarkets() : null;
// 权限校验逻辑
if (markets.contains("9") || markets.contains("9999")) { // 特权市场:9 或 9999,跳过权限校验,直接放行传入的 markets
// 如果业务需要,也可以在这里做空值处理
if (page.getCashRecordDTO() != null) { // 保持 requestedMarkets 不变,原样接受
// 可选:如果 requestedMarkets 为 null,可设为默认值或保持 null
} } else { // 普通用户:必须校验权限
if (requestedMarkets == null || requestedMarkets.isEmpty()) { page.getCashRecordDTO().setMarkets(markets); } if (!markets.containsAll(requestedMarkets)) { return Result.error("无权限!请求的市场不在授权范围内。"); } // 校验通过,保持 requestedMarkets 不变
} return Result.success(refundService.financeSelect(page.getPageNum(), page.getPageSize(), page.getCashRecordDTO())); }
/** * 添加退款现金记录 */ @PostMapping("/add") public Result add(@RequestBody CashRecordRefund cashRecordRefund) throws Exception { cashRecordRefund.setStatus(10); try { return Result.success(refundService.add(cashRecordRefund)); } catch (Exception e) { return Result.error(e.getMessage()); } } /** * 执行人查看退款现金记录 */ @PostMapping("/exSelect") public Result executor(@RequestBody Page page) throws Exception { HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String token = request.getHeader("token");
// 解析 token 获取用户信息
Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); List<String> userMarkets = Arrays.asList(StringUtils.split(admin.getMarkets(), ",")); List<String> markets = marketService.getMarketIds(userMarkets);
// 校验分页参数
if (ObjectUtils.isEmpty(page.getPageNum())) { return Result.error("页码数为空!"); } if (ObjectUtils.isEmpty(page.getPageSize())) { return Result.error("页大小为空!"); }
//// 获取传入的市场列表
// List<String> requestedMarkets = page.getCashRecordDTO() != null ? page.getCashRecordDTO().getMarkets() : null;
//
//// 权限校验逻辑
// if (markets.contains("9") || markets.contains("9999")) {
// // 特权市场:9 或 9999,跳过权限校验,直接放行传入的 markets
// // 如果业务需要,也可以在这里做空值处理
// if (page.getCashRecordDTO() != null) {
// // 保持 requestedMarkets 不变,原样接受
// // 可选:如果 requestedMarkets 为 null,可设为默认值或保持 null
// }
// } else {
// // 普通用户:必须校验权限
// if (requestedMarkets == null || requestedMarkets.isEmpty()) {
// page.getCashRecordDTO().setMarkets(markets);
// }
// if (!markets.containsAll(requestedMarkets)) {
// return Result.error("无权限!请求的市场不在授权范围内。");
// }
// // 校验通过,保持 requestedMarkets 不变
// }
return Result.success(refundService.exSelect(page.getPageNum(), page.getPageSize(), page.getCashRecordDTO())); } /** * 查询客服提交现金记录 */ @PostMapping("/selecta") public Result selecta(@RequestBody Page page) {
// 校验分页参数
if (ObjectUtils.isEmpty(page.getPageNum())) { return Result.error("页码数为空!"); } if (ObjectUtils.isEmpty(page.getPageSize())) { return Result.error("页大小为空!"); }// 获取传入的市场列表
List<String> requestedMarkets = page.getCashRecordDTO() != null ? page.getCashRecordDTO().getMarkets() : null;
return Result.success(refundService.select(page.getPageNum(), page.getPageSize(), page.getCashRecordDTO())); } @PostMapping("/update") public Result update(@RequestBody CashRecordDone cashRecordDone)throws Exception { if (cashRecordDone.getStatus() == null) { return Result.error("状态为空"); } if (cashRecordDone.getStatus() == 10) { return Result.success(refundService.withdraw(cashRecordDone)); } else if (cashRecordDone.getStatus() == 11) {
try { return Result.success(refundService.update(cashRecordDone)); } catch (Exception e) { return Result.error(e.getMessage()); } } else return Result.error("该订单状态无法支持此操作"); } @PostMapping("/review") public Result review(@RequestBody CashRecordDone cashRecordDone){ try { return Result.success(refundService.review(cashRecordDone)); } catch (Exception e) { return Result.error(e.getMessage()); } } @PostMapping("/finalReview") public Result finalReview(@RequestBody CashRecordDone cashRecordDone,HttpServletRequest request) { { // --------------- 限流逻辑开始 ---------------
String limitKey = null; try { // 1. 优先用「用户ID」作为限流标识(从token解析,精准限流)
HttpServletRequest req = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); String token = req.getHeader("token"); Admin admin = (Admin) JWTUtil.getUserDetailsList(String.valueOf(token), Admin.class); if (admin != null && admin.getId() != null) { limitKey = "finalReview_" + admin.getId(); // 格式:接口名_用户ID
} } catch (Exception e) { // token解析失败(用户未登录),降级用「IP地址」限流
limitKey = "finalReview_" + getIpAddress(request); // 格式:接口名_IP
}
// 2. 校验限流:3秒内同一key不允许重复请求
if (Objects.isNull(limitKey) || !RateLimitUtil.isAllowed(limitKey)) { return Result.error("3秒内只能请求一次,请稍后再试"); // 限流提示
} // --------------- 限流逻辑结束 ---------------
try { // 原有业务逻辑:执行最终审核
return Result.success(refundService.finalreview(cashRecordDone)); } catch (Exception e) { // 接口执行失败时,移除限流标识(允许用户重新尝试)
RateLimitUtil.removeKey(limitKey); return Result.error("审核失败:" + e.getMessage()); } }} @PostMapping("/executor") public Result executor(@RequestBody CashRecordDone cashRecordDone) throws Exception { try { return Result.success(refundService.executor(cashRecordDone)); } catch (Exception e) { return Result.error(e.getMessage()); }
} /** * 新增线上退款订单 */ @PostMapping("/addOnline") public Result addOnline(@RequestBody CashRecordRefund cashRecordRefund){ cashRecordRefund.setStatus(20); try { return Result.success(refundService.add(cashRecordRefund)); } catch (Exception e) { return Result.error(e.getMessage()); } }
@PostMapping("/export") public Result export(@RequestBody Page page) throws Exception {
// 校验分页参数
if (ObjectUtils.isEmpty(page.getPageNum())) { return Result.error("页码数为空!"); } if (ObjectUtils.isEmpty(page.getPageSize())) { return Result.error("页大小为空!"); }
return Result.success(refundService.financeSelect(page.getPageNum(), page.getPageSize(), page.getCashRecordDTO())); } @PostMapping("/ceshi") public Result ceshi() { return Result.success("测试消息"); }
/** * 辅助方法:获取用户真实IP(处理反向代理/负载均衡场景) */ private String getIpAddress(HttpServletRequest request) { String ip = request.getHeader("x-forwarded-for"); if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getHeader("WL-Proxy-Client-IP"); } if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { ip = request.getRemoteAddr(); } // 多IP场景(如多层代理),取第一个非unknown的IP
if (ip != null && ip.contains(",")) { ip = ip.split(",")[0].trim(); } return ip; }}
|
