1、优化增加创建订单的效验

2、启动xss防注入

citu-framework/citu-spring-boot-starter-web/src/main/java/com/citu/framework/i18n/config/CituI18nAutoConfiguration.java

@@ -1,6 +1,5 @@
 package com.citu.framework.i18n.config;
 
-import com.citu.framework.xss.config.XssProperties;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;

citu-framework/citu-spring-boot-starter-web/src/main/java/com/citu/framework/xss/config/CituXssAutoConfiguration.java

@@ -42,7 +42,7 @@ public class CituXssAutoConfiguration implements WebMvcConfigurer {
      */
     @Bean
     @ConditionalOnMissingBean(name = "xssJacksonCustomizer")
-    @ConditionalOnBean(ObjectMapper.class)
+//    @ConditionalOnBean(ObjectMapper.class)
     @ConditionalOnProperty(value = "citu.xss.enable", havingValue = "true")
     public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(XssProperties properties,
                                                                       PathMatcher pathMatcher,

citu-framework/citu-spring-boot-starter-web/src/main/java/com/citu/framework/xss/core/clean/JsoupXssCleaner.java

@@ -59,6 +59,5 @@ public class JsoupXssCleaner implements XssCleaner {
     public String clean(String html) {
         return Jsoup.clean(html, baseUri, safelist, new Document.OutputSettings().prettyPrint(false));
     }
-
 }
 

citu-framework/citu-spring-boot-starter-web/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports

@@ -1,7 +1,9 @@
 com.citu.framework.apilog.config.CituApiLogAutoConfiguration
 com.citu.framework.jackson.config.CituJacksonAutoConfiguration
+com.citu.framework.xss.config.CituXssAutoConfiguration
 com.citu.framework.swagger.config.CituSwaggerAutoConfiguration
 com.citu.framework.web.config.CituWebAutoConfiguration
 com.citu.framework.apilog.config.CituApiLogRpcAutoConfiguration
 com.citu.framework.banner.config.CituBannerAutoConfiguration
 com.citu.framework.i18n.config.CituI18nAutoConfiguration
+

menduner/menduner-system-biz/src/main/java/com/citu/module/menduner/system/controller/app/jobhunt/order/AppTradeOrderController.java

@@ -7,12 +7,14 @@ import com.citu.framework.signature.core.annotation.ApiSignature;
 import com.citu.module.menduner.common.util.LoginUserContext;
 import com.citu.module.menduner.system.controller.app.jobhunt.order.vo.AppTradeOrderPageReqVO;
 import com.citu.module.menduner.system.controller.app.jobhunt.order.vo.AppTradeOrderRespVO;
-import com.citu.module.menduner.system.controller.base.order.AppTradeOrderGetReqVO;
 import com.citu.module.menduner.system.controller.base.order.AppTradeOrderCreateReqVO;
+import com.citu.module.menduner.system.controller.base.order.AppTradeOrderGetReqVO;
 import com.citu.module.menduner.system.controller.base.order.AppTradeOrderGetRespVO;
 import com.citu.module.menduner.system.controller.base.order.TradeOrderCreateReqVO;
+import com.citu.module.menduner.system.dal.dataobject.user.UserPackageDO;
 import com.citu.module.menduner.system.enums.user.MdeUserTypeEnum;
 import com.citu.module.menduner.system.service.order.TradeOrderService;
+import com.citu.module.menduner.system.service.user.UserPackageService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.validation.annotation.Validated;
@@ -21,7 +23,10 @@ import org.springframework.web.bind.annotation.*;
 import javax.annotation.Resource;
 import javax.validation.Valid;
 
+import static com.citu.framework.common.exception.util.ServiceExceptionUtil.exception;
 import static com.citu.framework.common.pojo.CommonResult.success;
+import static com.citu.module.menduner.system.enums.ErrorCodeConstants.ENTERPRISE_PACKAGE_NOT_EXISTS;
+import static com.citu.module.menduner.system.enums.ErrorCodeConstants.MDE_REQUEST_ILLEGAL;
 import static com.citu.module.menduner.system.enums.TradeOrderTypeMq.PAY_APP_USER_KEY;
 
 @Tag(name = "求职端 - 交易订单")
@@ -33,6 +38,9 @@ public class AppTradeOrderController {
     @Resource
     private TradeOrderService tradeOrderService;
 
+    @Resource
+    private UserPackageService userPackageService;
+
     @GetMapping("/page")
     @Operation(summary = "获得订单分页")
     @PreAuthenticated
@@ -52,7 +60,14 @@ public class AppTradeOrderController {
         dto.setSpuId(reqVO.getSpuId());
         dto.setSpuName(reqVO.getSpuName());
         dto.setPrice(reqVO.getPrice());
-        return success(tradeOrderService.createOrder(dto,PAY_APP_USER_KEY));
+        UserPackageDO packageDO = userPackageService.getUserPackage(reqVO.getSpuId());
+        if (null == packageDO) {
+            throw exception(ENTERPRISE_PACKAGE_NOT_EXISTS);
+        }
+        if (null == reqVO.getPrice() || !reqVO.getPrice().equals(packageDO.getPrice())) {
+            throw exception(MDE_REQUEST_ILLEGAL);
+        }
+        return success(tradeOrderService.createOrder(dto, PAY_APP_USER_KEY));
     }
 
     @GetMapping("/get/unpaid")

menduner/menduner-system-biz/src/main/resources/application.yaml

@@ -134,6 +134,11 @@ citu:
     description: 提供管理员管理的所有功能
     version: ${citu.info.version}
     base-package: ${citu.info.base-package}
+  xss:
+    enable: true
+    exclude-urls: # 如下两个 url，仅仅是为了演示，去掉配置也没关系
+      - ${spring.boot.admin.context-path}/** # 不处理 Spring Boot Admin 的请求
+      - ${management.endpoints.web.base-path}/** # 不处理 Actuator 的请求
   # 是否开启国际化
   i18n:
     enable: true