高位漏洞修改

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/bean/AliPayBean.java

@@ -11,7 +11,7 @@ import org.springframework.stereotype.Component;
  * CopyRight https://www.huamar.com
  */
 @Component
-@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
+@PropertySource("application-${env.profile}.properties")
 @ConfigurationProperties(prefix = "alipay")
 public class AliPayBean {
 

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/bean/UnionPayBean.java

@@ -11,7 +11,7 @@ import org.springframework.stereotype.Component;
  * CopyRight https://www.huamar.com
  */
 @Component
-@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
+@PropertySource("application-${env.profile}.properties")
 @ConfigurationProperties(prefix = "union")
 public class UnionPayBean {
 

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/bean/WxPayBean.java

@@ -11,7 +11,7 @@ import org.springframework.stereotype.Component;
  * CopyRight https://www.huamar.com
  */
 @Component
-@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
+@PropertySource("application-${env.profile}.properties")
 @ConfigurationProperties(prefix = "wxpay")
 public class WxPayBean {
 

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/bean/WxPayV3Bean.java

@@ -11,7 +11,7 @@ import org.springframework.stereotype.Component;
  * CopyRight https://www.huamar.com
  */
 @Component
-@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
+@PropertySource("application-${env.profile}.properties")
 @ConfigurationProperties(prefix = "v3")
 public class WxPayV3Bean {
 

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/service/impl/SendSmsServiceImpl.java

@@ -83,7 +83,7 @@ public class SendSmsServiceImpl implements SendSmsService {
             try {
                 if (mode != null && mode.intValue() == 1) {
                     // 手机号以","分隔拼接
-                    String mobilePhones = phones.stream().collect(Collectors.joining(","));
+                    String mobilePhones = String.join(",", phones);
                     MessageResDto res = sendMessage(merchantId, mobilePhones, templateUname, contentParams);
                     result.put(res.getResult(), phones);
                 } else {

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/fuintApplication.java

@@ -17,7 +17,8 @@ import org.tuckey.web.filters.urlrewrite.UrlRewriteFilter;
  */
 @EnableScheduling
 @SpringBootApplication
-@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
+//@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
+@PropertySource("application-${env.profile}.properties")
 public class fuintApplication {
 
     public static final String REWRITE_FILTER_NAME = "rewriteFilter";

XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientMessageController.java

@@ -108,9 +108,7 @@ public class ClientMessageController extends BaseController {
     @ApiOperation(value = "微信推送消息")
     @RequestMapping(value = "/wxPush", method = RequestMethod.GET)
     @CrossOrigin
-    public String wxPush(HttpServletRequest request) {
-        String echostr =  request.getParameter("echostr") == null ? "" : request.getParameter("echostr");
-
+    public String wxPush(@RequestParam(name = "echostr") String echostr) {
         if (StringUtil.isNotEmpty(echostr)) {
             return echostr;
         }

XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-dev.properties

@@ -0,0 +1,121 @@
+# \u6570\u636E\u5E93\u914D\u7F6E
+spring.datasource.url=jdbc:mysql://192.168.10.14:23306/fuint-db?useUnicode=true&characterEncoding=UTF8&useSSL=false
+spring.datasource.username=root
+spring.datasource.password=hmkj@2023
+
+# Redis\u914D\u7F6E
+spring.session.store-type=redis
+spring.session.redis.namespace=fuint
+# Redis\u6570\u636E\u5E93\u7D22\u5F15\uFF08\u9ED8\u8BA4\u4E3A0\uFF09
+spring.redis.database=0
+# Redis\u670D\u52A1\u5668\u5730\u5740(\u751F\u4EA7)
+spring.redis.host=120.46.159.203
+# Redis\u670D\u52A1\u5668\u8FDE\u63A5\u7AEF\u53E3
+spring.redis.port=16379
+# Redis\u670D\u52A1\u5668\u8FDE\u63A5\u5BC6\u7801\uFF08\u9ED8\u8BA4\u4E3A\u7A7A\uFF09
+spring.redis.password=a8EYUSoT8wHbuRkX
+# \u8FDE\u63A5\u6C60\u6700\u5927\u8FDE\u63A5\u6570\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
+spring.redis.pool.max-active=-1
+# \u8FDE\u63A5\u6C60\u6700\u5927\u963B\u585E\u7B49\u5F85\u65F6\u95F4\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
+spring.redis.pool.max-wait=-1
+# \u8FDE\u63A5\u6C60\u4E2D\u7684\u6700\u5927\u7A7A\u95F2\u8FDE\u63A5
+spring.redis.pool.max-idle=8
+# \u8FDE\u63A5\u6C60\u4E2D\u7684\u6700\u5C0F\u7A7A\u95F2\u8FDE\u63A5
+spring.redis.pool.min-idle=0
+# \u8FDE\u63A5\u8D85\u65F6\u65F6\u95F4\uFF08\u6BEB\u79D2\uFF09
+spring.redis.timeout=0
+
+# \u7CFB\u7EDF\u540D\u79F0
+system.name = fuint\u4F1A\u5458\u8425\u9500\u7BA1\u7406\u7CFB\u7EDF
+
+# \u524D\u7AEFh5\u5730\u5740
+website.url=https://www.huamar.com/h5/
+
+# \u4E0A\u4F20\u56FE\u7247\u672C\u5730\u5730\u5740
+images.root=/target/classes
+#images.root=D:/download
+#images.path=/profile/
+images.path=/static/uploadImages/
+
+# \u4E0A\u4F20\u56FE\u7247\u670D\u52A1\u5668\u57DF\u540D
+images.upload.url=http://192.168.10.70:8999
+
+# \u4E0A\u4F20\u56FE\u7247\u5141\u8BB8\u7684\u5927\u5C0F\uFF08\u5355\u4F4D\uFF1AMB\uFF09
+images.upload.maxSize=100
+
+################## \u5B9A\u65F6\u811A\u672C\u914D\u7F6E #########################
+# \u5B9A\u65F6\u53D1\u9001\u6D88\u606F
+message.job.switch = 1
+message.job.time = 0 0/1 * * * ?
+
+# \u5361\u5238\u5230\u671F\u5904\u7406
+couponExpire.job.switch = 1
+couponExpire.job.time = 0 0/1 * * * ?
+
+# \u8BA2\u5355\u8D85\u65F6\u53D6\u6D88
+orderCancel.job.switch = 1
+orderCancel.job.time = 0 0/1 * * * ?
+
+# \u5206\u4F63\u63D0\u6210\u8BA1\u7B97
+commission.job.switch = 1
+commission.job.time = 0 0/1 * * * ?
+
+################## \u963F\u91CC\u4E91\u77ED\u4FE1\u914D\u7F6E #######################
+# \u77ED\u4FE1\u63A5\u53E3\u6A21\u5F0F[0-\u5173\u95ED 1-\u6253\u5F00]
+aliyun.sms.mode = 0
+aliyun.sms.accessKeyId=LTAI4GJMjV123oXsrQJLnPZt
+aliyun.sms.accessKeySecret=eGVBL30u5Ypj234d7XODlwYKWTaGT
+# \u963F\u91CC\u4E91\u77ED\u4FE1\u7B7E\u540D
+aliyun.sms.signName=\u5EF6\u79BE\u6280\u672F
+
+
+
+################## \u963F\u91CC\u4E91OSS\u5B58\u50A8\u914D\u7F6E######################
+# \u6A21\u5F0F[0-\u5173\u95ED 1-\u6253\u5F00]
+aliyun.oss.mode = 0
+aliyun.oss.accessKeyId = LTAI4FxWczZd7sojZBYonMnV
+aliyun.oss.accessKeySecret = LJXig28y5CMMV8jORlGZ08MNLXGzg1
+aliyun.oss.endpoint = https://oss-cn-zhangjiakou.aliyuncs.com
+aliyun.oss.bucketName = fuint-application
+# \u4E0A\u4F20\u6587\u4EF6\u5939
+aliyun.oss.folder = uploads
+# \u8BBF\u95EE\u57DF\u540D
+aliyun.oss.domain = https://wine-east-img.oss-cn-zhangjiakou.aliyuncs.com
+
+################## \u5FAE\u4FE1\u76F8\u5173\u914D\u7F6E ##########################
+# \u516C\u4F17\u53F7\u914D\u7F6E
+weixin.official.appId=wxf4327ef05c27a0
+weixin.official.appSecret=1f55e8749332234d9a074873d8e6a3
+
+# \u5C0F\u7A0B\u5E8F\u914D\u7F6E
+wxpay.appId = wx7b3cd05eaf5225b9
+wxpay.appSecret = 2cc8299450b5cccf3afa571498afb1de
+wxpay.mchId=1663547246
+wxpay.apiV2=Xinaoranqi2018Xinaoranqi20182024
+
+#\u5FAE\u4FE1\u5C0F\u7A0B\u5E8Fappid: wx53b5ac263b9cdb5b
+#\u5FAE\u4FE1\u5C0F\u7A0B\u5E8FAppSecret: baa127ca662344cf9b0b8e52b26bac9d
+#\u5FAE\u4FE1\u652F\u4ED8: 1485526382
+#\u5FAE\u4FE1\u652F\u4ED8mchKey: HUAMARYUN20171104QAZWSXEDCRFVTGB
+#\u5FAE\u4FE1\u652F\u4ED8apiv2\u5BC6\u94A5\uFF1Af5aacf8f7ff800f4cd039f2514c5d7da
+#\u5FAE\u4FE1\u652F\u4ED8apiv3\u5BC6\u94A5\uFF1Af5aacf8f7ff800f4cd039f2514c5d7da
+
+
+wxpay.certPath=D:/apiclient_cert.p12
+wxpay.domain=http://dsad.w1.luyouxia.net
+
+################## \u652F\u4ED8\u5B9D\u652F\u4ED8\u76F8\u5173\u914D\u7F6E ######################
+alipay.appId = \u5E94\u7528\u7F16\u53F7
+alipay.privateKey = \u5E94\u7528\u79C1\u94A5
+alipay.publicKey = \u652F\u4ED8\u5B9D\u516C\u94A5\uFF08\u901A\u8FC7\u5E94\u7528\u516C\u94A5\u4E0A\u4F20\u5230\u652F\u4ED8\u5B9D\u5F00\u653E\u5E73\u53F0\u6362\u53D6\u652F\u4ED8\u5B9D\u516C\u94A5\uFF09
+alipay.serverUrl=https://openapi.alipay.com/gateway.do
+alipay.domain=https://www.huamar.com/fuint-application/clientApi/pay/aliPayCallback
+
+################ \u5FAE\u4FE1\u8BA2\u9605\u6A21\u677F\u6D88\u606F\u914D\u7F6E ######################
+weixin.subMessage.orderCreated=[{'key':'time', 'name':'\u8BA2\u5355\u65F6\u95F4'},{'key':'orderSn', 'name':'\u8BA2\u5355\u53F7'},{'key':'remark', 'name':'\u5907\u6CE8\u4FE1\u606F'}]
+weixin.subMessage.deliverGoods=[{'key':'receiver', 'name':'\u6536\u8D27\u4EBA'}, {'key':'orderSn', 'name':'\u8BA2\u5355\u53F7'}, {'key':'expressCompany', 'name':'\u5FEB\u9012\u516C\u53F8'}, {'key':'expressNo', 'name':'\u5FEB\u9012\u5355\u53F7'}]
+weixin.subMessage.couponExpire=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'}, {'key':'expireTime', 'name':'\u5230\u671F\u65F6\u95F4'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
+weixin.subMessage.couponArrival=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'},{'key':'amount', 'name':'\u91D1\u989D'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
+weixin.subMessage.balanceChange=[{'key':'amount', 'name':'\u53D8\u52A8\u91D1\u989D'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
+weixin.subMessage.couponConfirm=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'},{'key':'time', 'name':'\u6838\u9500\u65F6\u95F4'}]
+weixin.subMessage.pointChange=[{'key':'amount', 'name':'\u53D8\u52A8\u6570\u91CF'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'remark', 'name':'\u5907\u6CE8\u4FE1\u606F'}]

XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-prod.properties

@@ -0,0 +1,108 @@
+# 数据库配置
+spring.datasource.url=jdbc:mysql://localhost:3306/fuint-db?useUnicode=true&characterEncoding=UTF8&useSSL=false
+spring.datasource.username=root
+spring.datasource.password=root
+
+# Redis配置
+spring.session.store-type=redis
+spring.session.redis.namespace=fuint
+# Redis数据库索引（默认为0）
+spring.redis.database=0
+# Redis服务器地址(生产)
+spring.redis.host=127.0.0.1
+# Redis服务器连接端口
+spring.redis.port=6379
+# Redis服务器连接密码（默认为空）
+spring.redis.password=
+# 连接池最大连接数（使用负值表示没有限制）
+spring.redis.pool.max-active=-1
+# 连接池最大阻塞等待时间（使用负值表示没有限制）
+spring.redis.pool.max-wait=-1
+# 连接池中的最大空闲连接
+spring.redis.pool.max-idle=8
+# 连接池中的最小空闲连接
+spring.redis.pool.min-idle=0
+# 连接超时时间（毫秒）
+spring.redis.timeout=0
+
+# 系统名称
+system.name = fuint会员营销管理系统
+
+# 前端h5地址
+website.url=https://www.huamar.com/h5/
+
+# 上传图片本地地址
+images.root=/www/wwwroot/www.xxx.com
+images.path=/static/uploadImages/
+
+# 上传图片服务器域名
+images.upload.url=http://localhost:8080
+
+# 上传图片允许的大小（单位：MB）
+images.upload.maxSize=5
+
+################## 定时脚本配置 #########################
+# 定时发送消息
+message.job.switch = 1
+message.job.time = 0 0/1 * * * ?
+
+# 卡券到期处理
+couponExpire.job.switch = 1
+couponExpire.job.time = 0 0/1 * * * ?
+
+# 订单超时取消
+orderCancel.job.switch = 1
+orderCancel.job.time = 0 0/1 * * * ?
+
+# 分佣提成计算
+commission.job.switch = 1
+commission.job.time = 0 0/1 * * * ?
+
+################## 阿里云短信配置 #######################
+# 短信接口模式[0-关闭 1-打开]
+aliyun.sms.mode = 0
+aliyun.sms.accessKeyId=LTAI4GJMjV123oXsrQJLnPZt
+aliyun.sms.accessKeySecret=eGVBL30u5Ypj234d7XODlwYKWTaGT
+# 阿里云短信签名
+aliyun.sms.signName=延禾技术
+
+################## 阿里云OSS存储配置######################
+# 模式[0-关闭 1-打开]
+aliyun.oss.mode = 0
+aliyun.oss.accessKeyId = LTAI4GJMjVhBa212rQJLnPZt
+aliyun.oss.accessKeySecret = eGVBL30u53456gXd7XODlwYKWTaGT
+aliyun.oss.endpoint = https://oss-cn-shenzhen.aliyuncs.com
+aliyun.oss.bucketName = fuint-application
+# 上传文件夹
+aliyun.oss.folder = uploads
+# 访问域名
+aliyun.oss.domain = https://fuint-application.oss-cn-shenzhen.aliyuncs.com
+
+################## 微信相关配置 ##########################
+# 公众号配置
+weixin.official.appId=wxf4327ef05c27a0
+weixin.official.appSecret=1f55e8749332234d9a074873d8e6a3
+
+# 小程序配置
+wxpay.appId = wxb6af3741234162bc
+wxpay.appSecret = 76a538bfa5b55a4564d5f2be5540
+wxpay.mchId=1636980812
+wxpay.apiV2=34354320201030y323e432342343
+wxpay.certPath=/usr/local/fuint/cert/apiclient_cert.p12
+wxpay.domain=https://www.huamar.com/fuint-application
+
+################## 支付宝支付相关配置 ######################
+alipay.appId = 应用编号
+alipay.privateKey = 应用私钥
+alipay.publicKey = 支付宝公钥（通过应用公钥上传到支付宝开放平台换取支付宝公钥）
+alipay.serverUrl=https://openapi.alipay.com/gateway.do
+alipay.domain=https://www.huamar.com/fuint-application/clientApi/pay/aliPayCallback
+
+################ 微信订阅模板消息配置 ######################
+weixin.subMessage.orderCreated=[{'key':'time', 'name':'订单时间'},{'key':'orderSn', 'name':'订单号'},{'key':'remark', 'name':'备注信息'}]
+weixin.subMessage.deliverGoods=[{'key':'receiver', 'name':'收货人'}, {'key':'orderSn', 'name':'订单号'}, {'key':'expressCompany', 'name':'快递公司'}, {'key':'expressNo', 'name':'快递单号'}]
+weixin.subMessage.couponExpire=[{'key':'name', 'name':'卡券名称'}, {'key':'expireTime', 'name':'到期时间'},{'key':'tips', 'name':'温馨提示'}]
+weixin.subMessage.couponArrival=[{'key':'name', 'name':'卡券名称'},{'key':'amount', 'name':'金额'},{'key':'tips', 'name':'温馨提示'}]
+weixin.subMessage.balanceChange=[{'key':'amount', 'name':'变动金额'},{'key':'time', 'name':'变动时间'},{'key':'tips', 'name':'温馨提示'}]
+weixin.subMessage.couponConfirm=[{'key':'name', 'name':'卡券名称'},{'key':'time', 'name':'核销时间'}]
+weixin.subMessage.pointChange=[{'key':'amount', 'name':'变动数量'},{'key':'time', 'name':'变动时间'},{'key':'remark', 'name':'备注信息'}]

XinAoDTS/fuintBackend/fuint-application/src/main/resources/application.properties

@@ -2,7 +2,7 @@
 server.port=8080
 
 env.profile=dev
-env.properties.path=D:/code/XinAoDTS/fuintBackend/configure/
+
 
 # \u6570\u636E\u5E93\u914D\u7F6E
 spring.datasource.type=com.zaxxer.hikari.HikariDataSource