From af8f87298fc611ac371216e278a18abac6ca0766 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 12:11:50 +0800
Subject: [PATCH] sql注入漏洞
---
src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java | 178 ++++++++++++++++++++++++++++++++++++++++++++---------------
1 files changed, 133 insertions(+), 45 deletions(-)
diff --git a/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java b/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java
index 659eec7..60683dd 100644
--- a/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java
+++ b/src/main/java/com/zy/asrs/task/handler/OrderSyncHandler.java
@@ -5,23 +5,26 @@
import com.core.common.Cools;
import com.core.common.DateUtils;
import com.core.exception.CoolException;
+import com.zy.asrs.entity.DocType;
import com.zy.asrs.entity.Order;
import com.zy.asrs.entity.OrderDetl;
+import com.zy.asrs.entity.param.ReportErpParam;
import com.zy.asrs.service.ApiLogService;
+import com.zy.asrs.service.DocTypeService;
import com.zy.asrs.service.OrderDetlService;
import com.zy.asrs.service.OrderService;
import com.zy.asrs.task.AbstractHandler;
import com.zy.asrs.task.core.ReturnT;
-import com.zy.common.constant.MesConstant;
-import com.zy.common.model.MesPakinParam;
import com.zy.common.utils.HttpHandler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
-import org.springframework.transaction.interceptor.TransactionAspectSupport;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
import java.util.List;
/**
@@ -32,65 +35,150 @@
public class OrderSyncHandler extends AbstractHandler<String> {
@Autowired
- private JdbcTemplate jdbcTemplate;
- @Autowired
private OrderService orderService;
@Autowired
private OrderDetlService orderDetlService;
@Autowired
private ApiLogService apiLogService;
+ @Autowired
+ private DocTypeService docTypeService;
+
+ @Value("${u8.url}")
+ private String url;
+
+ @Value("${u8.orderReportPath}")
+ private String orderReportPath;
@Transactional
public ReturnT<String> start(Order order) {
- List<OrderDetl> orderDetls = orderDetlService.selectByOrderId(order.getId());
+ //List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇閲囪喘鍏ュ簱鍗�", "閾跺骇濮斿鏉愭枡鍑哄簱鍗�", "閾跺骇濮斿鍏ュ簱鍗�", "閾跺骇鐢熶骇鏉愭枡鍑哄簱鍗�"));
+ List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇濮斿鍏ュ簱鍗�", "閾跺骇鐢熶骇鏉愭枡鍑哄簱鍗�"));
- MesPakinParam pakinParam = new MesPakinParam();
- pakinParam.setPakinTime(DateUtils.convert(order.getUpdateTime()));
- pakinParam.setLgortFrom("5008");
- pakinParam.setLgortTo("5006");
- for (OrderDetl orderDetl : orderDetls) {
- String serial = Cools.isEmpty(orderDetl.getBatch()) ? "" : orderDetl.getBatch();
- pakinParam.getList().add(new MesPakinParam.Detl(orderDetl.getMatnr() + (Cools.isEmpty(serial) ? "" : "-" + serial), orderDetl.getAnfme()));
+ DocType docType = docTypeService.selectById(order.getDocType());
+ if (!docNames.contains(docType.getDocName())) {
+ order.setSettle(8L);
+ orderService.updateById(order);
+ return SUCCESS;
}
+// if("鎵嬪姩鍑哄簱鍗�".equals(docType.getDocName())
+// || "鎵嬪姩鍏ュ簱鍗�".equals(docType.getDocName())
+// || "鑷姩琛ヨ揣鍗�".equals(docType.getDocName())
+// || "浜哄伐琛ヨ揣鍗�".equals(docType.getDocName())){
+// order.setSettle(8L);
+// orderService.updateById(order);
+// return SUCCESS;
+// }
+
+ List<OrderDetl> orderDetlList = orderDetlService.selectByOrderId(order.getId());
+
+ ReportErpParam param = new ReportErpParam();
+ mappingParam(order, param);
+ mappingParamChildren(orderDetlList, param);
+
+ int code = doHttpRequest(param, "鍗曟嵁瀹℃牳", url, orderReportPath, null, "127.0.0.1");
+ if (code == 0) {
+ order.setSettle(6L);
+ orderService.updateById(order);
+ }
+
+ return SUCCESS;
+ }
+
+
+ @Transactional
+ public void timelyStart(Order order) {
+
+ List<String> docNames = new ArrayList<>(Arrays.asList("閾跺骇閲囪喘鍏ュ簱鍗�", "閾跺骇濮斿鏉愭枡鍑哄簱鍗�"));
+
+ DocType docType = docTypeService.selectById(order.getDocType());
+ if (docNames.contains(docType.getDocName())) {
+ List<OrderDetl> orderDetlList = orderDetlService.selectByOrderId(order.getId());
+ List<OrderDetl> report = new ArrayList<>();
+ for (OrderDetl orderDetl : orderDetlList) {
+ if (orderDetl.getQty() > 0 && orderDetl.getQty() > (orderDetl.getReportQty() == null ? 0D : orderDetl.getReportQty())) {
+ report.add(orderDetl);
+ }
+ }
+ if (!Cools.isEmpty(report)) {
+ ReportErpParam param = new ReportErpParam();
+ mappingParam(order, param);
+ mappingParamChildren(report, param);
+
+ int code = doHttpRequest(param, "鍗曟嵁瀹℃牳", url, orderReportPath, null, "127.0.0.1");
+ if (code == 0) {
+ for (OrderDetl orderDetl : orderDetlList) {
+ orderDetl.setReportQty(orderDetl.getQty());
+ log.info("{}鍗曞瓙涓婃姤浜嗭細{}", order.getOrderNo(),orderDetl.getQty() - (orderDetl.getReportQty() == null ? 0D : orderDetl.getReportQty()));
+ orderDetlService.updateById(orderDetl);
+ }
+ }
+ }
+
+ }
+ }
+
+ public void mappingParam(Order order, ReportErpParam param) {
+ param.set鎿嶄綔绯荤粺鍙�(order.getDefNumber());
+ param.set鎿嶄綔鍗曟嵁(order.getDocType$());
+ param.set鎿嶄綔绫诲瀷("add");
+ param.setDdate(order.getOrderTime());
+ param.setCWhCode(Cools.isEmpty(order.getPltType()) ? "" : order.getPltType() + "");
+ param.setCDepCode("YZ");
+ param.setCOrderCode(order.getOrderNo());
+ param.setCMaker("");
+ param.setCHandler("");
+ param.setCDefine14(order.getOrderNo()+"_"+DateUtils.convert(new Date(), DateUtils.yyyyMMddHHmmss));
+ }
+
+ public void mappingParamChildren(List<OrderDetl> orderDetlList, ReportErpParam param) {
+ List<ReportErpParam.ChildInfo> paramChild = new ArrayList<>();
+ param.setChildren(paramChild);
+ for (OrderDetl orderDetl : orderDetlList) {
+ ReportErpParam.ChildInfo childInfo = new ReportErpParam.ChildInfo();
+ childInfo.setIrowno(orderDetl.getItemNum());
+ childInfo.setCInvCode(orderDetl.getMatnr());
+ childInfo.setIQuantity(orderDetl.getQty() - (orderDetl.getReportQty() == null ? 0D : orderDetl.getReportQty()) + "");
+ childInfo.setCBatch(orderDetl.getBatch());
+ childInfo.setINum(orderDetl.getLength() + "");
+ childInfo.setIinvexchrate("");
+ childInfo.setBFree1(orderDetl.getDeadTime());
+ childInfo.setIPOsID(orderDetl.getSku());
+ childInfo.setCOrderCode(orderDetl.getOrderNo());
+ childInfo.setIvouchrowno(orderDetl.getItemNum());
+ childInfo.setDefine22(orderDetl.getThreeCode());
+
+ paramChild.add(childInfo);
+ }
+
+ }
+
+ private int doHttpRequest(Object requestParam, String namespace, String url, String path, String appkey, String ip) {
String response = "";
boolean success = false;
+
try {
- response = new HttpHandler.Builder()
- .setUri(MesConstant.URL)
- .setPath(MesConstant.PAKIN_URL)
- .setJson(JSON.toJSONString(pakinParam))
- .build()
- .doPost();
+ response = new HttpHandler.Builder().setUri(url).setPath(path).setJson(JSONObject.toJSONString(requestParam)).build().doPost();
JSONObject jsonObject = JSON.parseObject(response);
- if (jsonObject.getInteger("code").equals(200)) {
- success = true;
- // 淇敼璁㈠崟鐘舵�� 4.瀹屾垚 ===>> 6.宸蹭笂鎶�
- if (!orderService.updateSettle(order.getId(), 6L, null)) {
- throw new CoolException("鏈嶅姟鍣ㄥ唴閮ㄩ敊璇紝璇疯仈绯荤鐞嗗憳");
- }
- } else {
- log.error("璇锋眰鎺ュ彛澶辫触锛侊紒锛乽rl锛歿}锛況equest锛歿}锛況esponse锛歿}", MesConstant.URL+MesConstant.PAKIN_URL, JSON.toJSONString(pakinParam), response);
- throw new CoolException("涓婃姤mes绯荤粺澶辫触");
+
+ if (Cools.isEmpty(jsonObject.get("succeed"))) {
+ throw new CoolException(jsonObject.get("dsc").toString());
}
+
+ String succeed = jsonObject.get("succeed").toString();
+
+ int code = Cools.eq("0", succeed) ? 0 : 1;
+ if (code != 0) {
+ throw new CoolException(jsonObject.get("dsc").toString());
+ }
+ success = true;
+ return code;
} catch (Exception e) {
- log.error("fail", e);
- TransactionAspectSupport.currentTransactionStatus().setRollbackOnly();
- return FAIL.setMsg(e.getMessage());
+ log.error(e.getMessage());
+ throw new CoolException("璋冪敤鎺ュ彛鍝嶅簲閿欒");
} finally {
- try {
- // 淇濆瓨鎺ュ彛鏃ュ織
- apiLogService.save(
- "鎴愬搧搴撳叆搴撲笂鎶�",
- MesConstant.URL + MesConstant.PAKIN_URL,
- null,
- "127.0.0.1",
- JSON.toJSONString(pakinParam),
- response,
- success
- );
- } catch (Exception e) { log.error("", e); }
+ apiLogService.save(namespace, url + path, appkey, ip, JSON.toJSONString(JSONObject.toJSONString(requestParam)), response, success);
}
- return SUCCESS;
+
}
}
--
Gitblit v1.9.1