高位漏洞修改

6 months ago · bce113666c
parent 2a1078a9ae
commit bce113666c
14 changed files with 388 additions and 135 deletions
--- a/XinAoDTS/fuintAdmin/.env.development
+++ b/XinAoDTS/fuintAdmin/.env.development
@ -11,4 +11,4 @@ VUE_APP_BASE_API = '/dev-api'
 VUE_APP_PUBLIC_PATH = '/'
 # 后端接口地址
-VUE_APP_SERVER_URL = 'http://localhost:8080/'
+VUE_APP_SERVER_URL = 'http://localhost:8081/'
--- a/XinAoDTS/fuintAdmin/.env.production
+++ b/XinAoDTS/fuintAdmin/.env.production
@ -1,5 +1,5 @@
 # 页面标题
-VUE_APP_TITLE = fuint会员营销管理系统
+VUE_APP_TITLE = 大桶水管理系统
 # 生产环境配置
 ENV = 'production'
@ -8,8 +8,8 @@ ENV = 'production'
 VUE_APP_BASE_API = '/fuint-application/'
 # 发布目录
-VUE_APP_PUBLIC_PATH = '/fuintAdmin/'
+VUE_APP_PUBLIC_PATH = '/'
 # 后端接口地址
-VUE_APP_SERVER_URL = 'https://www.huamar.com/fuint-application/'
+VUE_APP_SERVER_URL = 'http://localhost:8081/'
--- a/XinAoDTS/fuintAdmin/vue.config.js
+++ b/XinAoDTS/fuintAdmin/vue.config.js
@ -7,7 +7,7 @@ function resolve(dir) {
 const CompressionPlugin = require('compression-webpack-plugin')
-const name = process.env.VUE_APP_TITLE || 'fuint会员营销管理系统' // 网页标题
+const name = process.env.VUE_APP_TITLE || '大桶水管理系统' // 网页标题
 const port = process.env.port || process.env.npm_config_port || 81 // 端口
--- a/XinAoDTS/fuintBackend/fuint-application/pom.xml
+++ b/XinAoDTS/fuintBackend/fuint-application/pom.xml
@ -77,6 +77,11 @@
            <artifactId>mybatis-plus</artifactId>
            <version>${mybatis-plus.version}</version>
        </dependency>
        <dependency>
            <groupId>org.jetbrains.kotlin</groupId>
            <artifactId>kotlin-stdlib-jdk8</artifactId>
            <version>1.9.24</version>
        </dependency>
        <dependency>
            <groupId>com.github.pagehelper</groupId>
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/config/SecurityConfig.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/config/SecurityConfig.java
@ -71,10 +71,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                        "/**/*.js",
                        "/profile/**"
                ).permitAll()
-                .antMatchers("/swagger-ui.html").anonymous()
+//                .antMatchers("/swagger-ui.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
+//                .antMatchers("/swagger-resources/**").anonymous()
                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
+//                .antMatchers("/*/api-docs").anonymous()
                .antMatchers("/druid/**").anonymous()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated()
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/filter/MyRequestWrapper.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/filter/MyRequestWrapper.java
@ -0,0 +1,109 @@
 package com.fuint.common.filter;
 import com.alipay.api.internal.util.file.Charsets;
 import javax.servlet.ReadListener;
 import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletRequestWrapper;
 import java.io.*;
 import java.util.Enumeration;
 import java.util.Map;
 /**
 * <p> @Title MyRequestWrapper
 * <p> @Description 用于过滤器中获取POST请求参数
 *
 * @author zhj
 * @date 2021/10/28 9:52
 */
 public class MyRequestWrapper extends HttpServletRequestWrapper {
    private String body;
    public MyRequestWrapper(HttpServletRequest request) throws IOException {
        super(request);
        StringBuilder stringBuilder = new StringBuilder();
        BufferedReader bufferedReader = null;
        try {
            InputStream inputStream = request.getInputStream();
            if (inputStream != null) {
                bufferedReader = new BufferedReader(new InputStreamReader(inputStream,"UTF-8"));
                char[] charBuffer = new char[128];
                int bytesRead = -1;
                while ((bytesRead = bufferedReader.read(charBuffer)) > 0) {
                    stringBuilder.append(charBuffer, 0, bytesRead);
                }
            } else {
                stringBuilder.append("");
            }
        } catch (IOException ex) {
            throw ex;
        } finally {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException ex) {
                    throw ex;
                }
            }
        }
        body = stringBuilder.toString();
    }
    @Override
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(body.getBytes("UTF-8"));
        ServletInputStream servletInputStream = new ServletInputStream() {
            @Override
            public boolean isFinished() {
                return false;
            }
            @Override
            public boolean isReady() {
                return false;
            }
            @Override
            public void setReadListener(ReadListener readListener) {
            }
            @Override
            public int read() {
                return byteArrayInputStream.read();
            }
        };
        return servletInputStream;
    }
    @Override
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(this.getInputStream(), Charsets.UTF_8));
    }
    public String getBody() {
        return this.body;
    }
    @Override
    public String getParameter(String name) {
        return super.getParameter(name);
    }
    @Override
    public Map<String, String[]> getParameterMap() {
        return super.getParameterMap();
    }
    @Override
    public Enumeration<String> getParameterNames() {
        return super.getParameterNames();
    }
    @Override
    public String[] getParameterValues(String name) {
        return super.getParameterValues(name);
    }
 }
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/filter/SpecialCharFilter.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/filter/SpecialCharFilter.java
@ -0,0 +1,101 @@
 package com.fuint.common.filter;
 import cn.hutool.core.util.ObjectUtil;
 import com.alibaba.fastjson2.JSONObject;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fuint.framework.exception.BusinessRuntimeException;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.multipart.support.StandardServletMultipartResolver;
 import javax.servlet.*;
 import javax.servlet.annotation.WebFilter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.stream.Collectors;
@WebFilter(filterName = "CharsetFilter",urlPatterns = "/*")
 public class SpecialCharFilter implements Filter {
    private static final String SQL_REGX = "[\\\\^$*+?{}()=&;%+\\[\\].|]";
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain) throws IOException, ServletException, IOException {
        HttpServletRequest req = (HttpServletRequest) servletRequest;
        // 防止流读取一次后就没有了, 所以需要将流继续写出去
        MyRequestWrapper requestWrapper = new MyRequestWrapper(req);
        // 获取请求参数
        Map<String, Object> paramsMaps = new TreeMap<>();
        if ("POST".equals(req.getMethod().toUpperCase())) {
            String body = requestWrapper.getBody();
            paramsMaps = JSONObject.parseObject(body, TreeMap.class);
        } else {
            Map<String, String[]> parameterMap = requestWrapper.getParameterMap();
            Set<Map.Entry<String, String[]>> entries = parameterMap.entrySet();
            for (Map.Entry<String, String[]> next : entries) {
                paramsMaps.put(next.getKey(), next.getValue()[0]);
            }
        }
        // 校验SQL注入
         if (ObjectUtil.isNotEmpty(paramsMaps)) {
             for (Object o : paramsMaps.entrySet()) {
                 Map.Entry entry = (Map.Entry) o;
                 Object value = entry.getValue();
                 if (value != null) {
                     boolean isValid = checkSqlInject(value.toString(), servletResponse);
                     if (!isValid) {
                         return;
                     }
                 }
             }
         }
        chain.doFilter(requestWrapper, servletResponse);
    }
    //获取request请求body中参数
    public static String getBodyString(BufferedReader br) {
        String inputLine;
        String str = "";
        try {
            while ((inputLine = br.readLine()) != null) {
                str += inputLine;
            }
            br.close();
        } catch (IOException e) {
            System.out.println("IOException: " + e);
        }
        return str;
    }
    /**
     * 检查SQL注入
     *
     * @param value           参数值
     * @param servletResponse 相应实例
     * @throws IOException      IO异常
     */
    private boolean checkSqlInject(String value, ServletResponse servletResponse) throws IOException {
        if (null != value) {
            String output = value.replaceAll(SQL_REGX, "");
            if (output.length()<value.length()) {
               return false;
            }
        }
        return true;
    }
 }
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/service/impl/AccountServiceImpl.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/common/service/impl/AccountServiceImpl.java
@ -1,5 +1,6 @@
 package com.fuint.common.service.impl;
 import cn.hutool.core.util.ObjectUtil;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@ -10,6 +11,7 @@ import com.fuint.common.service.AccountService;
 import com.fuint.common.service.CaptchaService;
 import com.fuint.common.service.StaffService;
 import com.fuint.common.service.StoreService;
 import com.fuint.common.util.RedisUtil;
 import com.fuint.common.util.TokenUtil;
 import com.fuint.framework.annoation.OperationServiceLog;
 import com.fuint.framework.exception.BusinessCheckException;
@ -32,11 +34,12 @@ import org.springframework.data.domain.PageImpl;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import java.util.*;
 /**
 * 后台账号接口
- *
+ * <p>
 * Created by FSQ
 * CopyRight https://www.huamar.com
 */
@ -61,12 +64,12 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
    /**
     * 店铺服务接口
-     * */
+     */
    private StoreService storeService;
    /**
     * 验证码服务接口
-     * */
+     */
    private CaptchaService captchaService;
    /**
@ -107,20 +110,20 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
        List<AccountDto> dataList = new ArrayList<>();
        for (TAccount tAccount : accountList) {
-             AccountDto accountDto = new AccountDto();
+            AccountDto accountDto = new AccountDto();
-             BeanUtils.copyProperties(tAccount, accountDto);
+            BeanUtils.copyProperties(tAccount, accountDto);
-             accountDto.setId(tAccount.getAcctId());
+            accountDto.setId(tAccount.getAcctId());
-             MtMerchant mtMerchant = mtMerchantMapper.selectById(tAccount.getMerchantId());
+            MtMerchant mtMerchant = mtMerchantMapper.selectById(tAccount.getMerchantId());
-             if (mtMerchant != null) {
+            if (mtMerchant != null) {
-                 accountDto.setMerchantName(mtMerchant.getName());
+                accountDto.setMerchantName(mtMerchant.getName());
-             }
+            }
-             MtStore mtStore = mtStoreMapper.selectById(tAccount.getStoreId());
+            MtStore mtStore = mtStoreMapper.selectById(tAccount.getStoreId());
-             if (mtStore != null) {
+            if (mtStore != null) {
-                 accountDto.setStoreName(mtStore.getName());
+                accountDto.setStoreName(mtStore.getName());
-             }
+            }
-             accountDto.setSalt(null);
+            accountDto.setSalt(null);
-             accountDto.setPassword(null);
+            accountDto.setPassword(null);
-             dataList.add(accountDto);
+            dataList.add(accountDto);
        }
        PageRequest pageRequest = PageRequest.of(paginationRequest.getCurrentPage(), paginationRequest.getPageSize());
@ -138,7 +141,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     *
     * @param userName 账号名称
     * @return
-     * */
+     */
    @Override
    public AccountInfo getAccountByName(String userName) {
        Map<String, Object> param = new HashMap();
@ -178,7 +181,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     *
     * @param userId 账号ID
     * @return
-     * */
+     */
    @Override
    public TAccount getAccountInfoById(Integer userId) {
        TAccount tAccount = tAccountMapper.selectById(userId);
@ -190,7 +193,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     *
     * @param tAccount
     * @return
-     * */
+     */
    @Override
    @OperationServiceLog(description = "新增后台账户")
    public TAccount createAccountInfo(TAccount tAccount, List<TDuty> duties) throws BusinessCheckException {
@ -220,14 +223,14 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
        if (id > 0 && duties != null && duties.size() > 0) {
            for (TDuty tDuty : duties) {
-                 TAccountDuty tAccountDuty = new TAccountDuty();
+                TAccountDuty tAccountDuty = new TAccountDuty();
-                 tAccountDuty.setDutyId(tDuty.getDutyId());
+                tAccountDuty.setDutyId(tDuty.getDutyId());
-                 tAccountDuty.setAcctId(account.getAcctId());
+                tAccountDuty.setAcctId(account.getAcctId());
-                 tAccountDutyMapper.insert(tAccountDuty);
+                tAccountDutyMapper.insert(tAccountDuty);
            }
        }
-        if (id > 0 ) {
+        if (id > 0) {
            return this.getAccountInfoById(id);
        } else {
            throw new BusinessRuntimeException("创建账号错误");
@ -239,7 +242,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     *
     * @param accountId
     * @return
-     * */
+     */
    @Override
    public List<Long> getRoleIdsByAccountId(Integer accountId) {
        List<Long> roleIds = tDutyMapper.getRoleIdsByAccountId(accountId);
@ -249,7 +252,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
    /**
     * 修改账户
     *
-     * @param  tAccount 账户实体
+     * @param tAccount 账户实体
     * @throws BusinessCheckException
     */
    @Override
@ -265,10 +268,10 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
            if (tAccount.getAcctId() != null && tAccount.getAcctId() > 0) {
                tAccountDutyMapper.deleteDutiesByAccountId(tAccount.getAcctId());
                for (TDuty tDuty : duties) {
-                     TAccountDuty tAccountDuty = new TAccountDuty();
+                    TAccountDuty tAccountDuty = new TAccountDuty();
-                     tAccountDuty.setDutyId(tDuty.getDutyId());
+                    tAccountDuty.setDutyId(tDuty.getDutyId());
-                     tAccountDuty.setAcctId(tAccount.getAcctId());
+                    tAccountDuty.setAcctId(tAccount.getAcctId());
-                     tAccountDutyMapper.insert(tAccountDuty);
+                    tAccountDutyMapper.insert(tAccountDuty);
                }
            }
        }
@ -284,7 +287,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
    /**
     * 根据账户名称获取账户所分配的角色ID集合
     *
-     * @param  accountId 账户
+     * @param accountId 账户
     * @return 角色ID集合
     */
    @Override
@ -309,7 +312,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     *
     * @param accountId 账号ID
     * @return
-     * */
+     */
    @Override
    @Transactional(rollbackFor = Exception.class)
    @OperationServiceLog(description = "删除后台账户")
@ -340,7 +343,7 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     * @param password
     * @param salt
     * @return
-     * */
+     */
    @Override
    public String getEntryptPassword(String password, String salt) {
        byte[] salt1 = Encodes.decodeHex(salt);
@ -352,23 +355,29 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
     * 登录后台系统
     *
     * @param loginRequest 登录参数
-     * @param userAgent 登录浏览器
+     * @param userAgent    登录浏览器
     * @return
-     * */
+     */
    @Override
    @OperationServiceLog(description = "登录后台系统")
    public LoginResponse doLogin(LoginRequest loginRequest, String userAgent) throws BusinessCheckException {
        String accountName = loginRequest.getUsername();
        String password = loginRequest.getPassword();
        String captchaCode = loginRequest.getCaptchaCode();
        String uuid = loginRequest.getUuid();
-
+        RedisUtil.remove("error" + accountName);
        Object o = RedisUtil.get("error" + accountName);
        if (ObjectUtil.isNotEmpty(o)){
            int i = Integer.parseInt(o.toString());
            throw new BusinessCheckException("登录账号或密码有误次数过多请"+(i*15)+"分钟后再试");
        }
        Boolean captchaVerify = captchaService.checkCodeByUuid(captchaCode, uuid);
        if (!captchaVerify) {
            throw new BusinessCheckException("图形验证码有误");
        }
-        if (StringUtil.isEmpty(accountName)|| StringUtil.isEmpty(password) || StringUtil.isEmpty(captchaCode)) {
+        if (StringUtil.isEmpty(accountName) || StringUtil.isEmpty(password) || StringUtil.isEmpty(captchaCode)) {
            throw new BusinessCheckException("登录参数有误");
        } else {
            AccountInfo accountInfo = getAccountByName(loginRequest.getUsername());
@ -380,9 +389,21 @@ public class AccountServiceImpl extends ServiceImpl<TAccountMapper, TAccount> im
            String myPassword = tAccount.getPassword();
            String inputPassword = getEntryptPassword(password, tAccount.getSalt());
            if (!myPassword.equals(inputPassword) || !tAccount.getAccountStatus().toString().equals("1")) {
                Object userAccountName = RedisUtil.get("user" + accountName);
                if (ObjectUtil.isEmpty(userAccountName)) {
                    RedisUtil.set("user" + accountName, 1);
                    RedisUtil.expire("user" + accountName,15*60);
                } else {
                    RedisUtil.incr("user" + accountName, 1);
                }
                int i = Integer.parseInt(RedisUtil.get("user" + accountName).toString());
                if (i>=3){
                    RedisUtil.set("error" + accountName,i-2);
                    RedisUtil.expire("error" + accountName, (long) (i - 2) *15*60);
               }
                throw new BusinessCheckException("登录账号或密码有误");
            }
-
+               RedisUtil.remove("user" + accountName);
            // 商户已禁用
            if (tAccount.getMerchantId() != null && tAccount.getMerchantId() > 0) {
                MtMerchant mtMerchant = mtMerchantMapper.selectById(tAccount.getMerchantId());
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/fuintApplication.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/fuintApplication.java
@ -3,6 +3,7 @@ package com.fuint;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.boot.web.servlet.ServletComponentScan;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.PropertySource;
@ -19,6 +20,7 @@ import org.tuckey.web.filters.urlrewrite.UrlRewriteFilter;
@SpringBootApplication
 //@PropertySource("file:${env.properties.path}/${env.profile}/application.properties")
@PropertySource("application-${env.profile}.properties")
@ServletComponentScan
 public class fuintApplication {
    public static final String REWRITE_FILTER_NAME = "rewriteFilter";
@ -27,11 +29,6 @@ public class fuintApplication {
    public static void main(String[] args) {
        ConfigurableApplicationContext run = SpringApplication.run(fuintApplication.class, args);
        System.out.println("==================================================\n" +
                "恭喜，fuint系统启动成功啦！  \n" +
                "系统官网：https://www.huamar.com  \n" +
                "接口文档：http://localhost:"+  run.getEnvironment().getProperty("server.port")+"/swagger-ui.html \n" +
                "==================================================\n  \n");
    }
    @Bean
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendAccountController.java
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/java/com/fuint/module/backendApi/controller/BackendAccountController.java
@ -1,5 +1,7 @@
 package com.fuint.module.backendApi.controller;
 import cn.hutool.core.collection.CollectionUtil;
 import cn.hutool.core.util.ObjectUtil;
 import com.fuint.common.Constants;
 import com.fuint.common.dto.AccountDto;
 import com.fuint.common.dto.AccountInfo;
@ -26,19 +28,19 @@ import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 import javax.servlet.http.HttpServletRequest;
-import java.util.ArrayList;
+import java.util.*;
-import java.util.HashMap;
+import java.util.concurrent.atomic.AtomicReference;
-import java.util.List;
+import java.util.stream.Collectors;
 import java.util.Map;
 /**
 * 后台管理员管理
- *
+ * <p>
 * Created by FSQ
 * CopyRight https://www.huamar.com
 */
-@Api(tags="管理端-管理员相关接口")
+@Api(tags = "管理端-管理员相关接口")
@RestController
@AllArgsConstructor
@RequestMapping(value = "/backendApi/account")
@ -67,7 +69,7 @@ public class BackendAccountController extends BaseController {
    /**
     * 账户信息列表
     *
-     * @param  request HttpServletRequest对象
+     * @param request HttpServletRequest对象
     * @return 账户信息列表
     */
    @ApiOperation(value = "账户信息列表")
@ -119,8 +121,8 @@ public class BackendAccountController extends BaseController {
    /**
     * 获取账户详情
     *
-     * @param  request
+     * @param request
-     * @param  userId 账号ID
+     * @param userId  账号ID
     * @return 账户详情
     */
    @ApiOperation(value = "获取账户详情")
@ -287,7 +289,23 @@ public class BackendAccountController extends BaseController {
        if (loginAccount == null) {
            return getFailureResult(1001, "请先登录");
        }
        AtomicReference<Boolean> isok = new AtomicReference<>(false);
        if (ObjectUtil.isNotEmpty(roleIds)) {
            List<TDuty> roleList = tDutyService.getAvailableRoles(loginAccount.getMerchantId(), loginAccount.getId());
            if (ObjectUtil.isNotEmpty(roleList)) {
                List<Integer> collect = roleList.stream().map(TDuty::getDutyId).collect(Collectors.toList());
                roleIds.forEach(s -> {
                    if (!CollectionUtil.contains(collect, s)) {
                        isok.set(true);
                    }
                });
            }
        }
        if (isok.get()) {
            return getFailureResult(201, "角色权限不足");
        }
        TAccount tAccount = tAccountService.getAccountInfoById(id.intValue());
        tAccount.setAcctId(id.intValue());
        tAccount.setRealName(realName);
@ -334,7 +352,7 @@ public class BackendAccountController extends BaseController {
     * 删除账户信息
     *
     * @param request HttpServletRequest对象
-     * @param userIds  账户ID（逗号隔开）
+     * @param userIds 账户ID（逗号隔开）
     * @return
     * @throws BusinessCheckException
     */
@ -351,22 +369,22 @@ public class BackendAccountController extends BaseController {
        String ids[] = userIds.split(",");
        if (ids.length > 0) {
            for (int i = 0; i < ids.length; i++) {
-                 if (StringUtil.isNotEmpty(ids[i])) {
+                if (StringUtil.isNotEmpty(ids[i])) {
-                     Integer userId = Integer.parseInt(ids[i]);
+                    Integer userId = Integer.parseInt(ids[i]);
-                     TAccount tAccount = tAccountService.getAccountInfoById(userId.intValue());
+                    TAccount tAccount = tAccountService.getAccountInfoById(userId.intValue());
-                     if (tAccount == null) {
+                    if (tAccount == null) {
-                         return getFailureResult(201, "账户不存在");
+                        return getFailureResult(201, "账户不存在");
-                     }
+                    }
-                     if (StringUtil.equals(accountInfo.getAccountName(), tAccount.getAccountName())) {
+                    if (StringUtil.equals(accountInfo.getAccountName(), tAccount.getAccountName())) {
-                         return getFailureResult(201, "您不能删除自己");
+                        return getFailureResult(201, "您不能删除自己");
-                     }
+                    }
-                 }
+                }
            }
            for (int i = 0; i < ids.length; i++) {
-                 if (StringUtil.isNotEmpty(ids[i])) {
+                if (StringUtil.isNotEmpty(ids[i])) {
-                     Long userId = Long.parseLong(ids[i]);
+                    Long userId = Long.parseLong(ids[i]);
-                     tAccountService.deleteAccount(userId);
+                    tAccountService.deleteAccount(userId);
-                 }
+                }
            }
        }
        return getSuccessResult(true);
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-dev.properties
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-dev.properties
@ -3,6 +3,7 @@ spring.datasource.url=jdbc:mysql://192.168.10.14:23306/fuint-db?useUnicode=true&
 spring.datasource.username=root
 spring.datasource.password=hmkj@2023
 # Redis\u914D\u7F6E
 spring.session.store-type=redis
 spring.session.redis.namespace=fuint
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-prod.properties
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application-prod.properties
@ -1,108 +1,109 @@
-# 数据库配置
+# \u6570\u636E\u5E93\u914D\u7F6E
-spring.datasource.url=jdbc:mysql://localhost:3306/fuint-db?useUnicode=true&characterEncoding=UTF8&useSSL=false
+spring.datasource.url=jdbc:mysql://10.203.0.245:3306/datongshui?useUnicode=true&characterEncoding=UTF8&useSSL=false
-spring.datasource.username=root
+spring.datasource.username=user_wateriot
-spring.datasource.password=root
+spring.datasource.password=^CX&yXrvX77j3vV7
-# Redis配置
+
 # Redis\u914D\u7F6E
 spring.session.store-type=redis
 spring.session.redis.namespace=fuint
-# Redis数据库索引（默认为0）
+# Redis\u6570\u636E\u5E93\u7D22\u5F15\uFF08\u9ED8\u8BA4\u4E3A0\uFF09
 spring.redis.database=0
-# Redis服务器地址(生产)
+# Redis\u670D\u52A1\u5668\u5730\u5740(\u751F\u4EA7)
-spring.redis.host=127.0.0.1
+spring.redis.host=10.203.1.63
-# Redis服务器连接端口
+# Redis\u670D\u52A1\u5668\u8FDE\u63A5\u7AEF\u53E3
 spring.redis.port=6379
-# Redis服务器连接密码（默认为空）
+# Redis\u670D\u52A1\u5668\u8FDE\u63A5\u5BC6\u7801\uFF08\u9ED8\u8BA4\u4E3A\u7A7A\uFF09
-spring.redis.password=
+spring.redis.password=kYkPqKf85BCYBELe
-# 连接池最大连接数（使用负值表示没有限制）
+# \u8FDE\u63A5\u6C60\u6700\u5927\u8FDE\u63A5\u6570\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
 spring.redis.pool.max-active=-1
-# 连接池最大阻塞等待时间（使用负值表示没有限制）
+# \u8FDE\u63A5\u6C60\u6700\u5927\u963B\u585E\u7B49\u5F85\u65F6\u95F4\uFF08\u4F7F\u7528\u8D1F\u503C\u8868\u793A\u6CA1\u6709\u9650\u5236\uFF09
 spring.redis.pool.max-wait=-1
-# 连接池中的最大空闲连接
+# \u8FDE\u63A5\u6C60\u4E2D\u7684\u6700\u5927\u7A7A\u95F2\u8FDE\u63A5
 spring.redis.pool.max-idle=8
-# 连接池中的最小空闲连接
+# \u8FDE\u63A5\u6C60\u4E2D\u7684\u6700\u5C0F\u7A7A\u95F2\u8FDE\u63A5
 spring.redis.pool.min-idle=0
-# 连接超时时间（毫秒）
+# \u8FDE\u63A5\u8D85\u65F6\u65F6\u95F4\uFF08\u6BEB\u79D2\uFF09
 spring.redis.timeout=0
-# 系统名称
+# \u7CFB\u7EDF\u540D\u79F0
-system.name = fuint会员营销管理系统
+system.name = fuint\u4F1A\u5458\u8425\u9500\u7BA1\u7406\u7CFB\u7EDF
-# 前端h5地址
+# \u524D\u7AEFh5\u5730\u5740
 website.url=https://www.huamar.com/h5/
-# 上传图片本地地址
+# \u4E0A\u4F20\u56FE\u7247\u672C\u5730\u5730\u5740
-images.root=/www/wwwroot/www.xxx.com
+images.root=/home/
 images.path=/static/uploadImages/
-# 上传图片服务器域名
+# \u4E0A\u4F20\u56FE\u7247\u670D\u52A1\u5668\u57DF\u540D
-images.upload.url=http://localhost:8080
+images.upload.url=http://localhost:8081
-# 上传图片允许的大小（单位：MB）
+# \u4E0A\u4F20\u56FE\u7247\u5141\u8BB8\u7684\u5927\u5C0F\uFF08\u5355\u4F4D\uFF1AMB\uFF09
 images.upload.maxSize=5
-################## 定时脚本配置 #########################
+################## \u5B9A\u65F6\u811A\u672C\u914D\u7F6E #########################
-# 定时发送消息
+# \u5B9A\u65F6\u53D1\u9001\u6D88\u606F
 message.job.switch = 1
 message.job.time = 0 0/1 * * * ?
-# 卡券到期处理
+# \u5361\u5238\u5230\u671F\u5904\u7406
 couponExpire.job.switch = 1
 couponExpire.job.time = 0 0/1 * * * ?
-# 订单超时取消
+# \u8BA2\u5355\u8D85\u65F6\u53D6\u6D88
 orderCancel.job.switch = 1
 orderCancel.job.time = 0 0/1 * * * ?
-# 分佣提成计算
+# \u5206\u4F63\u63D0\u6210\u8BA1\u7B97
 commission.job.switch = 1
 commission.job.time = 0 0/1 * * * ?
-################## 阿里云短信配置 #######################
+################## \u963F\u91CC\u4E91\u77ED\u4FE1\u914D\u7F6E #######################
-# 短信接口模式[0-关闭 1-打开]
+# \u77ED\u4FE1\u63A5\u53E3\u6A21\u5F0F[0-\u5173\u95ED 1-\u6253\u5F00]
 aliyun.sms.mode = 0
 aliyun.sms.accessKeyId=LTAI4GJMjV123oXsrQJLnPZt
 aliyun.sms.accessKeySecret=eGVBL30u5Ypj234d7XODlwYKWTaGT
-# 阿里云短信签名
+# \u963F\u91CC\u4E91\u77ED\u4FE1\u7B7E\u540D
-aliyun.sms.signName=延禾技术
+aliyun.sms.signName=\u5EF6\u79BE\u6280\u672F
-################## 阿里云OSS存储配置######################
+################## \u963F\u91CC\u4E91OSS\u5B58\u50A8\u914D\u7F6E######################
-# 模式[0-关闭 1-打开]
+# \u6A21\u5F0F[0-\u5173\u95ED 1-\u6253\u5F00]
 aliyun.oss.mode = 0
 aliyun.oss.accessKeyId = LTAI4GJMjVhBa212rQJLnPZt
 aliyun.oss.accessKeySecret = eGVBL30u53456gXd7XODlwYKWTaGT
 aliyun.oss.endpoint = https://oss-cn-shenzhen.aliyuncs.com
 aliyun.oss.bucketName = fuint-application
-# 上传文件夹
+# \u4E0A\u4F20\u6587\u4EF6\u5939
 aliyun.oss.folder = uploads
-# 访问域名
+# \u8BBF\u95EE\u57DF\u540D
 aliyun.oss.domain = https://fuint-application.oss-cn-shenzhen.aliyuncs.com
-################## 微信相关配置 ##########################
+################## \u5FAE\u4FE1\u76F8\u5173\u914D\u7F6E ##########################
-# 公众号配置
+# \u516C\u4F17\u53F7\u914D\u7F6E
 weixin.official.appId=wxf4327ef05c27a0
 weixin.official.appSecret=1f55e8749332234d9a074873d8e6a3
-# 小程序配置
+# \u5C0F\u7A0B\u5E8F\u914D\u7F6E
-wxpay.appId = wxb6af3741234162bc
+wxpay.appId = wx7b3cd05eaf5225b9
-wxpay.appSecret = 76a538bfa5b55a4564d5f2be5540
+wxpay.appSecret = 2cc8299450b5cccf3afa571498afb1de
-wxpay.mchId=1636980812
+wxpay.mchId=1663547246
-wxpay.apiV2=34354320201030y323e432342343
+wxpay.apiV2=Xinaoranqi2018Xinaoranqi20182024
 wxpay.certPath=/usr/local/fuint/cert/apiclient_cert.p12
 wxpay.domain=https://www.huamar.com/fuint-application
-################## 支付宝支付相关配置 ######################
+################## \u652F\u4ED8\u5B9D\u652F\u4ED8\u76F8\u5173\u914D\u7F6E ######################
-alipay.appId = 应用编号
+alipay.appId = \u5E94\u7528\u7F16\u53F7
-alipay.privateKey = 应用私钥
+alipay.privateKey = \u5E94\u7528\u79C1\u94A5
-alipay.publicKey = 支付宝公钥（通过应用公钥上传到支付宝开放平台换取支付宝公钥）
+alipay.publicKey = \u652F\u4ED8\u5B9D\u516C\u94A5\uFF08\u901A\u8FC7\u5E94\u7528\u516C\u94A5\u4E0A\u4F20\u5230\u652F\u4ED8\u5B9D\u5F00\u653E\u5E73\u53F0\u6362\u53D6\u652F\u4ED8\u5B9D\u516C\u94A5\uFF09
 alipay.serverUrl=https://openapi.alipay.com/gateway.do
 alipay.domain=https://www.huamar.com/fuint-application/clientApi/pay/aliPayCallback
-################ 微信订阅模板消息配置 ######################
+################ \u5FAE\u4FE1\u8BA2\u9605\u6A21\u677F\u6D88\u606F\u914D\u7F6E ######################
-weixin.subMessage.orderCreated=[{'key':'time', 'name':'订单时间'},{'key':'orderSn', 'name':'订单号'},{'key':'remark', 'name':'备注信息'}]
+weixin.subMessage.orderCreated=[{'key':'time', 'name':'\u8BA2\u5355\u65F6\u95F4'},{'key':'orderSn', 'name':'\u8BA2\u5355\u53F7'},{'key':'remark', 'name':'\u5907\u6CE8\u4FE1\u606F'}]
-weixin.subMessage.deliverGoods=[{'key':'receiver', 'name':'收货人'}, {'key':'orderSn', 'name':'订单号'}, {'key':'expressCompany', 'name':'快递公司'}, {'key':'expressNo', 'name':'快递单号'}]
+weixin.subMessage.deliverGoods=[{'key':'receiver', 'name':'\u6536\u8D27\u4EBA'}, {'key':'orderSn', 'name':'\u8BA2\u5355\u53F7'}, {'key':'expressCompany', 'name':'\u5FEB\u9012\u516C\u53F8'}, {'key':'expressNo', 'name':'\u5FEB\u9012\u5355\u53F7'}]
-weixin.subMessage.couponExpire=[{'key':'name', 'name':'卡券名称'}, {'key':'expireTime', 'name':'到期时间'},{'key':'tips', 'name':'温馨提示'}]
+weixin.subMessage.couponExpire=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'}, {'key':'expireTime', 'name':'\u5230\u671F\u65F6\u95F4'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
-weixin.subMessage.couponArrival=[{'key':'name', 'name':'卡券名称'},{'key':'amount', 'name':'金额'},{'key':'tips', 'name':'温馨提示'}]
+weixin.subMessage.couponArrival=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'},{'key':'amount', 'name':'\u91D1\u989D'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
-weixin.subMessage.balanceChange=[{'key':'amount', 'name':'变动金额'},{'key':'time', 'name':'变动时间'},{'key':'tips', 'name':'温馨提示'}]
+weixin.subMessage.balanceChange=[{'key':'amount', 'name':'\u53D8\u52A8\u91D1\u989D'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'tips', 'name':'\u6E29\u99A8\u63D0\u793A'}]
-weixin.subMessage.couponConfirm=[{'key':'name', 'name':'卡券名称'},{'key':'time', 'name':'核销时间'}]
+weixin.subMessage.couponConfirm=[{'key':'name', 'name':'\u5361\u5238\u540D\u79F0'},{'key':'time', 'name':'\u6838\u9500\u65F6\u95F4'}]
-weixin.subMessage.pointChange=[{'key':'amount', 'name':'变动数量'},{'key':'time', 'name':'变动时间'},{'key':'remark', 'name':'备注信息'}]
+weixin.subMessage.pointChange=[{'key':'amount', 'name':'\u53D8\u52A8\u6570\u91CF'},{'key':'time', 'name':'\u53D8\u52A8\u65F6\u95F4'},{'key':'remark', 'name':'\u5907\u6CE8\u4FE1\u606F'}]
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application.properties
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/application.properties
@ -1,5 +1,5 @@
 # \u57FA\u672C\u914D\u7F6E
-server.port=8080
+server.port=8081
 env.profile=dev
--- a/XinAoDTS/fuintBackend/fuint-application/src/main/resources/logback-spring.xml
+++ b/XinAoDTS/fuintBackend/fuint-application/src/main/resources/logback-spring.xml
@ -14,10 +14,10 @@
        <encoder>
            <pattern>%d{MM-dd HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
        </encoder>
-        <file>/data/log/fuint/server.log</file>
+        <file>/home/e_wanglx/java/datongshui/logs/server.log</file>
        <!-- 滚动记录文件，先将日志记录到指定文件，当符合某个条件时，将日志记录到其他文件。-->
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-            <fileNamePattern>/data/log/fuint/archive/server_all_%d{yyyy-MM-dd}.%i.log.zip
+            <fileNamePattern>/home/e_wanglx/java/datongshui/logs/server_all_%d{yyyy-MM-dd}.%i.log.zip
            </fileNamePattern>
            <!-- 当天的日志大小 超过${log.max.size}时,压缩日志并保存 -->
            <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">