门店APP后台服务初版

conf/application-ddWebOne.xml

@@ -111,9 +111,16 @@
             <service value="com.dderp.webcore.rest.StoreRest"/>
             <service value="com.dderp.webcore.rest.flycat.ExpressOutRest"/>
             <service value="com.dderp.webcore.rest.flycat.OrderRest"/>
+
+            <service value="com.dderp.webcore.rest.flycat.StoreAppRest"/>
+
             <websocket value="com.dderp.webcore.websocket.ERPWebSocket" name="dws" groups="DELIVER_SERVICE_REMOTE"/>
         </rest>
 
+        <rest autoload="false" base="com.dderp.common.base.ERPStoreAppHttpServlet">
+            <service value="com.dderp.webcore.rest.flycat.StoreAppRest"/>
+        </rest>
+
         <servlets autoload="false">
             <servlet value="com.dderp.common.servlet.apidoc.ApiDocServlet">
                 <environment value="dev"/>

conf/script/1000/business/BE_ERPLogin.groovy

@@ -1,3 +1,4 @@
+import com.dderp.common.datas.TokenUserFrom
 import com.dderp.common.entity.store.StoreInfo
 import com.dySweetFishPlugin.sql.dao.TunaService
 import com.dySweetFishPlugin.tool.crypto.EncryptUtil
@@ -116,6 +117,32 @@ class BE_ERPLogin implements BusinessExecutor<ProcessEntityItem<LoginRequest>, L
                         return RetResult.<ERPTokenUser> successT().result(new ERPTokenUser(info))
                     },
                     "tokenKey"     : ssoStoreTokenCommonKey
+            ],
+            "81": [
+                    "name"         : "门店APP管理系统登录",
+                    "resourceLogin": { LoginRequest loginInfo ->
+                        //不允许使用superResourcer登录，防漏洞
+                        return RetResult.<ERPTokenUser> errorT().retinfo("用户账号或密码错误，登录失败")
+                    },
+                    "login"        : { LoginRequest loginInfo, RMap mapParams, DataBaseMultiItemEx supplierItem ->
+                        mapParams.put("companyId", 0L)
+                        StoreInfo info = loginDao.storeLogin(mapParams, supplierItem.dataBaseAlias, Long.parseLong(supplierItem.shardingKey))
+
+                        if (info == null) {
+                            return RetResult.<ERPTokenUser> errorT().retinfo("用户账号或密码错误，登录失败")
+                        }
+
+                        if (info.voidFlag == 1) {
+                            return RetResult.<ERPTokenUser> errorT().retinfo("用户账号已冻结，登录失败")
+                        }
+
+                        ERPTokenUser tokenUser = new ERPTokenUser(info)
+                        //这里强制改一下
+                        tokenUser.userFrom = TokenUserFrom.APP_STORE_ADMIN.value
+                        return RetResult.<ERPTokenUser> successT().result(tokenUser)
+
+                    },
+                    "tokenKey"     : ssoStoreTokenCommonKey
             ]
     ]
 
@@ -134,6 +161,7 @@ class BE_ERPLogin implements BusinessExecutor<ProcessEntityItem<LoginRequest>, L
         //直接定义Resource不好使，还是需要赋值
         loginStrategies.get("0").tokenKey = ssoERPTokenCommonKey
         loginStrategies.get("80").tokenKey = ssoStoreTokenCommonKey
+        loginStrategies.get("81").tokenKey = ssoStoreTokenCommonKey
 
         if (source.inputItem == null) {
             return RetResult.<LoginResult> errorT().retinfo("未传入用户信息")

conf/script/1000/expressApi/BE_Express_CreateOrder_SFTC.groovy

@@ -324,7 +324,7 @@ class BE_Express_CreateOrder_SFTC implements BusinessExecutor<InvokeCallParams,
                             logger.error("订单配送发单错误：" + bulkResponse.buildFailureMessage())
                         }
                     } catch (Exception e) {
-                        logger.error("订单修改基础信息出错：" + e.getMessage(), e)
+                        logger.error("订单配送发单错误：" + e.getMessage(), e)
                     }
                 }
 

ddCommon/src/main/java/com/dderp/common/base/ERPStoreAppHttpServlet.java

@@ -0,0 +1,144 @@
+package com.dderp.common.base;
+
+import com.dderp.common.api.NoSqlKeysService;
+import com.dderp.common.api.StoreService;
+import com.dderp.common.datas.ERPHeader;
+import com.dderp.common.datas.HttpCode;
+import com.dderp.common.datas.RedisKeys;
+import com.dderp.common.entity.site.ERPTokenUser;
+import com.dderp.common.entity.store.StoreInfo;
+import com.dderp.common.tool.ERPUtils;
+import com.dySweetFishPlugin.redis.RedisService;
+import com.dySweetFishPlugin.sql.RMapUtils;
+import com.sweetfish.convert.json.JsonConvert;
+import com.sweetfish.net.http.*;
+import com.sweetfish.util.AnyValue;
+import com.sweetfish.util.AutoLoad;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+import javax.annotation.Resource;
+import java.io.File;
+import java.io.IOException;
+
+import static com.sweetfish.net.Server.RESNAME_SERVER_ROOT;
+
+@AutoLoad(false)
+@HttpUserType(ERPTokenUser.class)
+public class ERPStoreAppHttpServlet extends HttpServlet {
+
+    protected final Logger logger = LogManager.getLogger(this.getClass().getSimpleName());
+
+    @Resource
+    protected NoSqlKeysService keysService;
+
+    @Resource
+    protected RedisService redisService;
+
+    @Resource
+    protected StoreService storeService;
+
+    @Resource(name = RESNAME_SERVER_ROOT)
+    File webRoot;
+
+    @Resource(name = "property.deliver.Store.commonkey")
+    private String ssoStoreTokenCommonKey;
+
+    @Resource
+    JsonConvert jsonConvert;
+
+    @Override
+    public void init(HttpContext context, AnyValue config) {
+        super.init(context, config);
+    }
+
+    /**
+     * 获取当前用户
+     *
+     * @param request http请求
+     * @return 当前用户信息
+     */
+    public ERPTokenUser currentUser(HttpRequest request) {
+        //先判断请求中是否有
+        ERPTokenUser user = request.currentUser();
+        if (user != null) {
+            return user;
+        }
+
+        //没有则判断token
+        String token = ERPUtils.parseHttpToken(request);
+
+        return ERPUtils.parseERPUserFromToken(token, ssoStoreTokenCommonKey, jsonConvert);
+    }
+
+    @Override
+    protected void preExecute(HttpRequest request, HttpResponse response) throws IOException {
+        //注册一个监听器
+        response.recycleListener((req, resp) -> {
+            //记录超过5秒的请求
+            long e = System.currentTimeMillis() - req.getCreatetime();
+            if (e > 50000) {
+                logger.info("http-execute-cost-time: " + e + " ms. request = " + req);
+            }
+        });
+        //设置当前用户
+        ERPTokenUser userInfo = currentUser(request);
+        request.setCurrentUser(userInfo);
+        response.nextEvent();
+    }
+
+    @Override
+    protected void authenticate(HttpRequest request, HttpResponse response) throws IOException {
+        ERPTokenUser info = request.currentUser();
+
+        long supplierCode = request.getLongHeader(ERPHeader.HTTPHEADER_SUPPLIER, 0);
+
+        if (info == null) {
+            //判断是否登录
+            if ("/xdoc/index".equalsIgnoreCase(request.getRequestURI())) {
+                File api = new File(webRoot, "apilogin.html");
+                response.finishFile(api, null);
+            } else {
+                response.finishJson(RMapUtils.error(HttpCode.UNAUTHORIZED.value(), "未登录"));
+            }
+            return;
+        } else {
+            //判断门店是否作废
+            StoreInfo storeInfo = storeService.getStoreInfo(info.getIdBindOrg(), supplierCode, false, false, false);
+            if (storeInfo == null) {
+                response.finishJson(RMapUtils.error(HttpCode.UNAUTHORIZED.value(), "未登录"));
+                return;
+            }
+
+            if (storeInfo.getVoidFlag() == 1) {
+                response.finishJson(RMapUtils.error(HttpCode.UNAUTHORIZED.value(), "未登录"));
+                return;
+            }
+        }
+        //验证通过调用执行方法
+        response.nextEvent();
+    }
+
+    @Override
+    public boolean checkRequestCount(HttpRequest request, HttpResponse response, int limitCount, long limitTime) {
+        String ip = request.getRemoteAddr();
+        String url = request.getRequestURI();
+
+        String key = keysService.getRedisKey(RedisKeys.KEY_REQUESTLIMIT, 0L, true).concat(url).concat(ip);
+        long count = redisService.incrby(key, 1);
+        if (count == 1) {
+            redisService.pexpire(key, limitTime);
+        }
+        if (count > limitCount) {
+            logger.info("用户IP[" + ip + "]访问地址[" + url + "]超过了限定的次数[" + limitCount + "]");
+            response.finishJson(RMapUtils.error(HttpCode.MULTI_STATUS.value(), "请求超过了限定的次数"));
+            return false;
+        }
+        return true;
+    }
+
+    @Override
+    public void responseMethodReturn(HttpRequest request, HttpResponse response, String requestMethod, String actMethod) {
+        response.finishJson(RMapUtils.error(HttpCode.BAD_REQUEST.value(), request.getRequestURI() + "Method(" + requestMethod + ") Error (" + actMethod + ")"));
+    }
+}

ddCommon/src/main/java/com/dderp/common/datas/ERPHeader.java

@@ -25,10 +25,9 @@ public final class ERPHeader {
     public static final String MALLHEADER_DATASOURCE = "X-MALL-DataSource-Id";
 
 
+    public static final String STORE_HEADER_SUPPLIER = "X-Store-Supplier-Code";
 
-    public static final String DNYHEADER_SUPPLIER = "X-DNY-Supplier-Code";
-
-    public static final String DNYHEADER_DATASOURCE = "X-DNY-DataSource-Id";
+    public static final String STORE_HEADER_DATASOURCE = "X-Store-DataSource-Id";
 
     /**
      * 配送平台代码

ddWebCore/src/main/java/com/dderp/webcore/rest/flycat/StoreAppRest.java

@@ -0,0 +1,79 @@
+package com.dderp.webcore.rest.flycat;
+
+import com.dderp.common.api.LoginService;
+import com.dderp.common.api.StoreService;
+import com.dderp.common.api.SystemService;
+import com.dderp.common.base.BaseService;
+import com.dderp.common.datas.ERPHeader;
+import com.dderp.common.datas.HttpCode;
+import com.dderp.common.datas.TokenUserFrom;
+import com.dderp.common.entity.site.ERPTokenUser;
+import com.dderp.common.entity.site.LoginRequest;
+import com.dderp.common.entity.site.LoginResult;
+import com.dderp.common.entity.store.StoreInfo;
+import com.dySweetFishPlugin.sql.RMapUtils;
+import com.sweetfish.net.http.*;
+import com.sweetfish.service.Local;
+import com.sweetfish.service.RetResult;
+import com.sweetfish.util.AutoLoad;
+import org.rex.RMap;
+
+import javax.annotation.Resource;
+import java.util.concurrent.CompletableFuture;
+
+@AutoLoad(false)
+@Local
+@RestService(name = "sApp", moduleid = 0, comment = "门店档案模块")
+@SuppressWarnings("rawtypes")
+public class StoreAppRest extends BaseService {
+
+    @Resource
+    SystemService systemService;
+
+    @Resource
+    LoginService loginService;
+
+    @Resource
+    StoreService storeService;
+
+    @RestMapping(name = "login", logging = 1, sort = 1, comment = "登录", methods = {"POST"})
+    public CompletableFuture<RMap> login(
+            @RestSessionid(create = true) String sessionId,
+            @RestParam(name = "user", comment = "登录人员信息，只需要账号和密码") LoginRequest bean,
+            @RestAddress(comment = "用户ip地址，不需传入") String clientIp,
+            @RestHeader(name = ERPHeader.HTTPHEADER_DATASOURCE) String dataSourceId,
+            @RestHeader(name = ERPHeader.HTTPHEADER_SUPPLIER) String supplierCode) {
+        return CompletableFuture.supplyAsync(
+                () -> {
+
+                    bean.setSupplierCode(Long.parseLong(supplierCode));
+                    bean.setLoginFrom(TokenUserFrom.APP_STORE_ADMIN.getValue());
+
+                    RetResult<LoginResult> loginResult = loginService.login(bean, clientIp);
+
+                    if (!loginResult.isSuccess()) {
+                        return RMapUtils.error(HttpCode.LOGIN_FAIL.value(), loginResult.getRetinfo());
+                    } else {
+                        return RMapUtils.successV2(loginResult.getResult(), null, null);
+                    }
+                }, getExecutor()
+        );
+    }
+
+    @RestMapping(name = "getStoreInfo", auth = true, sort = 2, comment = "获取门店信息", methods = {"GET", "POST"})
+    @WebApiBean(type = StoreInfo.class, result = true)
+    public CompletableFuture<RMap> getStoreInfo(
+            @RestParam(name = "&", comment = "登录用户，无需传入") ERPTokenUser currentUser,
+            @RestHeader(name = ERPHeader.HTTPHEADER_DATASOURCE) String dataSourceId,
+            @RestHeader(name = ERPHeader.HTTPHEADER_SUPPLIER) String supplierCode) {
+        return CompletableFuture.supplyAsync(
+                () -> {
+                    StoreInfo storeInfo = storeService.getStoreInfo(currentUser.getIdBindOrg(), Long.parseLong(supplierCode), false, false, false);
+                    if (storeInfo == null) {
+                        return RMapUtils.error(HttpCode.NOT_FOUND.value(), "无效的门店信息");
+                    }
+                    return RMapUtils.successV2(storeInfo, null, null);
+                }, getExecutor()
+        );
+    }
+}