处理http漏洞

apply-net/src/main/resources/application-prod.yml

@@ -15,10 +15,15 @@ server:
   port: 11092
   servlet:
     context-path: /ciop
+    session:
+      cookie:
+        http-only: true
+        secure: true
   tomcat:
     uri-encoding: UTF-8
     max-threads: 200
     max-connections: 2000
+
 winsun:
   app:
     version: @project.version@

common/pom.xml

@@ -123,7 +123,7 @@
         <dependency>
             <groupId>com.konghq</groupId>
             <artifactId>unirest-java</artifactId>
-            <version>3.5.00</version>
+            <version>3.13.6</version>
         </dependency>
         <!--        <dependency>-->
 <!--            <groupId>com.github.ulisesbocchio</groupId>-->

common/src/main/java/com/winsun/outSideSystem/IntelligenceSendOrders.java

@@ -188,6 +188,14 @@ public class IntelligenceSendOrders {
                                 + " orderNum:"
                                 + submitOrderJsonObject.getBody());
 
+                if (submitOrderJsonObject.getStatus() != 200){
+                    Wrapper<Order> orderWrapper = new EntityWrapper<>();
+                    orderWrapper.eq("kd_order_id", orderMap.get("kd_order_id"));
+                    Order updateOrder = new Order();
+                    updateOrder.setOrderStatus("待处理");
+                    updateOrder.setMsg(submitOrderJsonObject.getBody());
+                    orderMapper.update(updateOrder, orderWrapper);
+                }
 
                 //	4、查询智能订单是否存在
                 String orderNum = submitOrderJsonObject.getBody();
@@ -635,15 +643,15 @@ public class IntelligenceSendOrders {
         try {
             log.info("提交参数:" + order_dataJSON);
             Constant.trustEveryone();
-            responese = Unirest.post("http://132.97.20.20/function/id-generator-snowflake.prod-fn?turbo=1")
+            responese = Unirest.put("http://132.97.20.20/function/id-generator-snowflake.prod-fn?turbo=1")
                     .header("Content-Type", "application/json;charset=UTF-8")
                     .header("X-Sign", sign)
                     .body(order_dataJSON)
                     .asString();
             if (businessType == 5) {
-                log.info("单宽带下单接口，返回信息:" + responese);
+                log.info("单宽带下单接口，返回信息:" + responese.getBody());
             }else {
-                log.info("融合下单接口，返回信息:" + responese);
+                log.info("融合下单接口，返回信息:" + responese.getBody());
             }
         } catch (ResourceAccessException e) {
             count++;
@@ -662,9 +670,9 @@ public class IntelligenceSendOrders {
                                 count);
             } else {
                 if (businessType == 5) {
-                    log.info("单宽带下单接口，返回信息:" + responese);
+                    log.info("单宽带下单接口，返回信息:" + responese.getBody());
                 }else {
-                    log.info("融合下单接口，返回信息:" + responese);
+                    log.info("融合下单接口，返回信息:" + responese.getBody());
                 }
             }
         } catch (Exception e) {

core-service/src/main/resources/application-prod.yml

@@ -15,6 +15,10 @@ server:
   port: 10002
   servlet:
     context-path: /ciop
+    session:
+      cookie:
+        http-only: true
+        secure: true
   tomcat:
     uri-encoding: UTF-8
     max-threads: 200

core-service/src/test/java/com/winsun/sendSms/sendSms.java

@@ -26,6 +26,7 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -59,6 +60,9 @@ public class sendSms {
     @Autowired
     private OrderCardAddressMapper orderCardAddressMapper;
 
+    @Autowired
+    public RedisTemplate redisTemplate;
+
     final static String publicKey =
             "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAok8DnvM2OBwtzNoJb4nA" +
                     "jn4lgCkSxLyRw5lLiUfsi+40h00CGAC1arvbinTTbtrSnm4YDYlaJwveiOeDKdk0" +
@@ -85,23 +89,23 @@ public class sendSms {
         map1.put("ysmUser", ysmById.get("user_name"));
         map1.put("sign", ysmById.get("sign"));
 
-        map1.put("lzgh",schoolMap.get("lzgh"));
-        map1.put("lzUser",schoolMap.get("lz_user"));
+        map1.put("lzgh", schoolMap.get("lzgh"));
+        map1.put("lzUser", schoolMap.get("lz_user"));
 
         map1.put("lzgh", "44100621");
         map1.put("lzUser", "黄友健");
 
-        map1.put("idCardUrl1", orderData.getIdCardz().replace("manager","app"));
-        map1.put("idCardUrl2", orderData.getIdCardf().replace("manager","app"));
-        map1.put("idCardUrl3", orderData.getIdCardzs().replace("manager","app"));
+        map1.put("idCardUrl1", orderData.getIdCardz().replace("manager", "app"));
+        map1.put("idCardUrl2", orderData.getIdCardf().replace("manager", "app"));
+        map1.put("idCardUrl3", orderData.getIdCardzs().replace("manager", "app"));
         map1.put("cardType", orderData.getKapin());
 
         if ("49".equals(orderData.getPackageId())) {
             map1.put("userName", orderData.getParentName());
-            map1.put("idCardUrl4", orderData.getIdCardzs().replace("manager","app"));
+            map1.put("idCardUrl4", orderData.getIdCardzs().replace("manager", "app"));
         } else {
             map1.put("userName", orderData.getCustomerName());
-            map1.put("idCardUrl4", orderData.getStudenCard().replace("manager","app"));
+            map1.put("idCardUrl4", orderData.getStudenCard().replace("manager", "app"));
         }
         map1.put("linkPhone", orderData.getContactNumber());
         map1.put("idCard", orderData.getIdCard());
@@ -235,8 +239,8 @@ public class sendSms {
         order_data.put("订购产品", orderingProducts);
 
         Map<Object, Object> logisticsInformation = new HashMap<>();     //物流信息
-        logisticsInformation.put("受理类型","不受理");
-        logisticsInformation.put("发货类型","代理商自行发货");
+        logisticsInformation.put("受理类型", "不受理");
+        logisticsInformation.put("发货类型", "代理商自行发货");
 
         order_data.put("业务类型", "移动业务");  //业务类型
         //order_data.put("业务类型", "单宽业务");  //业务类型
@@ -260,7 +264,7 @@ public class sendSms {
         order_data.put("实名信息", realNameInformation);
 
         Map<String, Object> logistics = new HashMap<>();     //物流信息
-        logistics.put("发货类型","代理商自行发货");
+        logistics.put("发货类型", "代理商自行发货");
         order_data.put("物流信息", logistics);
 
 
@@ -312,15 +316,9 @@ public class sendSms {
     }
 
     @Test
-    public void send(){
-       String s = "{\"order_data\":{\"客户信息\":{\"联系人\":\"赖欣怡\",\"客户类型\":\"普通客户\",\"客户证件号码\":\"441781200204103526\",\"客户证件姓名\":\"赖欣怡\",\"联系电话\":\"18126766003\",\"装机联系电话\":\"18126766003\",\"装机联系人\":\"赖欣怡\",\"客户证件类型\":\"身份证\",\"通讯地址\":\"广州市从化区江埔街道办沿江南路302号广州工程技术职业学院从化校区学生宿舍楼4栋2层201房\"},\"装机详细地址\":\"广州市从化区江埔街道办沿江南路302号广州工程技术职业学院从化校区学生宿舍楼4栋2层201房\",\"代理商账号\":\"hyoujian\",\"订单来源单号\":\"zbaybzpmdwgss4vb7i49\",\"订单备注\":\"\",\"办理类型\":\"新宽旧移\",\"付费类型\":\"预付费\",\"揽装信息\":{\"揽装人联系电话\":\"\",\"揽装姓名\":\"马鸣泽\",\"机构ID\":\"441100000000001113343304\",\"四级机构\":\"\",\"三级机构\":\"\",\"二级机构\":\"\",\"揽装工号\":\"16001425\",\"协销工号\":\"\",\"一级机构\":\"\",\"企微号码\":\"\",\"五级机构\":\"\"},\"发票信息\":{\"发票抬头\":\"\",\"发票投递方式\":\"不需要\",\"电子邮箱\":\"\"},\"接口下单账号\":\"xiaoyuan\",\"订购产品\":{\"产品名称\":\"校园融合套餐\",\"受理内容\":\"\",\"付费类型\":\"预付费\",\"属性列表\":[{\"属性值\":\"4M\",\"属性名\":\"宽带速率\"},{\"属性值\":\"20M\",\"属性名\":\"宽带体验速率\"},{\"属性值\":\"441100000000001113343304\",\"属性名\":\"地址ID\"},{\"属性值\":\"PC+手机\",\"属性名\":\"允许上网终端类型\"},{\"属性值\":\"学生\",\"属性名\":\"用户类别\"},{\"属性值\":\"广州工程技术职业学院\",\"属性名\":\"学校名称\"},{\"属性值\":\"18126766003\",\"属性名\":\"关联移动号码\"},{\"属性值\":\"211328000604\",\"属性名\":\"学生证号\"},{\"属性值\":\"校园天翼宽带用户\",\"属性名\":\"用户类型\"},{\"属性值\":\"包月30元\",\"属性名\":\"月租类型\"},{\"属性值\":\"普通\",\"属性名\":\"计费属性\"},{\"属性值\":\"18126766003@CHGDGCZY\",\"属性名\":\"多媒体账号\"},{\"属性值\":\"l18126766003\",\"属性名\":\"多媒体账号密码\"},{\"属性值\":\"2\",\"属性名\":\"最大在线数\"},{\"属性值\":\"是\",\"属性名\":\"一人一号多终端\"},{\"属性值\":\"否\",\"属性名\":\"是否FTTH+HUB\"},{\"属性值\":\"(FTTB)光缆大楼\",\"属性名\":\"外线方式\"},{\"属性值\":\"首月按天收费\",\"属性名\":\"宽带首月费用类型\"}],\"AI编码\":\"4B90FBDD2A1A43EE8A4C963115C52F14\"},\"业务类型\":\"融合业务\",\"使用人证件号\":\"440802199006080830\",\"宽带装机\":{\"装机详细地址\":\"广州市从化区江埔街道办沿江南路302号广州工程技术职业学院从化校区学生宿舍楼4栋2层201房\",\"省\":\"广东省\",\"市\":\"广州市\",\"区\":\"从化区\",\"装机地址ID\":\"441100000000001113343304\"},\"使用人姓名\":\"黄友健\",\"一次性费用项\":{\"费用项列表\":[{\"费用项名称\":\"校园融合套餐\",\"费用项金额\":\"0.0000\"}],\"缴费方式\":\"现金支付\"},\"月租费用项\":{\"费用项列表\":[{\"费用项名称\":\"校园融合套餐\",\"费用项金额\":\"00.0000\",\"费用项类型\":\"月租\"}],\"缴费方式\":\"现金支付\"}}}";
-       String sign = "FiGuWp3q0rW9s/Kz6Nt8UrLovkJDuaxOulVrWd34xWndydo91TjCxpKHr2Ma27lWFRL/Kd8qy3R8DYGN3SN7zEJJfIyN59OtJm0O97oZu9ur0PbEuEuzsr7LvfPR983I1hDKN9rbIa6X9C4/F+wjWwnZ8nsw/Q+YznoSKECwnjhCQzzUfHchwTb9JIOXng1HRW68+UyT0YQa1Y7Ld+HV0UmOisHuMJR4KifzwC/UcoBEDAPPWEmd5Zo+PM2wdg/xBRZ6Rev6qBHh5WZ+jXQN6o/3ulAotS3rgY8w0nyGB8uX05qSMClprxqGjejPHwmVRK1/O2A0Ox+DfX/of8R9Hg==";
-        HttpResponse<String> response = Unirest.post("https://applet.mini189.cn/prod/generate")
-                .header("Content-Type", "application/json;charset=UTF-8")
-                .header("X-Sign", sign)
-                .body(s)
-                .asString();
-        System.out.println(response.getStatus());
-        System.out.println(response.getBody());
+    public void send() {
+       SimpleDateFormat hour = new SimpleDateFormat("HH");
+        Date date = new Date();
+        System.out.println(date.getHours()-2);
     }
 }

gateway/src/main/resources/application-prod.yml

@@ -27,6 +27,10 @@ spring:
       enabled: true
       max-request-size: 100MB
       max-file-size: 100MB
+    session:
+      cookie:
+        http-only: true
+        secure: true
   datasource:
     url: jdbc:mysql://localhost:3306/school_center?autoReconnect=true&useUnicode=true&characterEncoding=utf8&zeroDateTimeBehavior=CONVERT_TO_NULL&useSSL=false&serverTimezone=CTT&allowPublicKeyRetrieval=true
     username: ENC(z8WG0Zar99IzLr3L9Z3mOw==)

new-user/src/main/resources/application-prod.yml

@@ -15,6 +15,10 @@ server:
   port: 11093
   servlet:
     context-path: /ciop
+    session:
+      cookie:
+        secure: true
+        http-only: true
   tomcat:
     uri-encoding: UTF-8
     max-threads: 200

old-user/src/main/resources/application-prod.yml

@@ -147,6 +147,10 @@ spring:
       enabled: true
       max-request-size: 100MB
       max-file-size: 100MB
+    session:
+      cookie:
+        http-only: true
+        secure: true
   application:
     name: old-user
 feign:

service-manager/src/main/java/com/winsun/controller/OrderController.java

@@ -2384,7 +2384,7 @@ public class OrderController extends BaseController {
         try {
             log.info("提交参数:" + order_dataJSON);
             com.winsun.constant.Constant.trustEveryone();
-            responese = Unirest.post("http://132.97.20.20/function/id-generator-snowflake.prod-fn?turbo=1")
+            responese = Unirest.put("http://132.97.20.20/function/id-generator-snowflake.prod-fn?turbo=1")
                     .header("Content-Type", "application/json;charset=UTF-8")
                     .header("X-Sign", sign)
                     .body(order_dataJSON)

service-manager/src/main/resources/application-prod.yml

@@ -150,6 +150,10 @@ spring:
       enabled: true
       max-request-size: 100MB
       max-file-size: 100MB
+    session:
+      cookie:
+        http-only: true
+        secure: true
   application:
     name: manager
 feign:

task/src/main/resources/application-prod.yml

@@ -15,6 +15,10 @@ server:
   port: 11191
   servlet:
     context-path: /ciop
+    session:
+      cookie:
+        http-only: true
+        secure: true
   tomcat:
     uri-encoding: UTF-8
     max-threads: 200