From a8219a1c955a9bb84300a52944ab886c604a4512 Mon Sep 17 00:00:00 2001
From: Administrator <15274802129@163.com>
Date: Sun, 14 Jun 2026 16:54:52 +0800
Subject: [PATCH] fix(security): 修复CORS配置中的安全漏洞
---
src/main/java/cc/mrbird/febs/pay/util/WeixinServiceUtil.java | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 50 insertions(+), 2 deletions(-)
diff --git a/src/main/java/cc/mrbird/febs/pay/util/WeixinServiceUtil.java b/src/main/java/cc/mrbird/febs/pay/util/WeixinServiceUtil.java
index 8da26bb..c5d8b1b 100644
--- a/src/main/java/cc/mrbird/febs/pay/util/WeixinServiceUtil.java
+++ b/src/main/java/cc/mrbird/febs/pay/util/WeixinServiceUtil.java
@@ -2,11 +2,13 @@
import cc.mrbird.febs.common.exception.FebsException;
import cc.mrbird.febs.common.properties.XcxProperties;
-import cc.mrbird.febs.common.utils.SpringContextHolder;
import cc.mrbird.febs.pay.model.*;
+import cc.mrbird.febs.pay.service.impl.JsApiPayComService;
import cc.mrbird.febs.pay.service.impl.RefundService;
import cn.hutool.core.util.StrUtil;
+import cn.hutool.json.JSONUtil;
import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
@@ -19,7 +21,8 @@
@Service(value="weixinServiceUtil")
public class WeixinServiceUtil {
- private final XcxProperties xcxProperties = SpringContextHolder.getBean(XcxProperties.class);
+ @Autowired
+ private XcxProperties xcxProperties;
/**
* 支付"175.9.82.254"
@@ -127,6 +130,51 @@
}
return flag;
}
+
+ /**@Description 用户提现提现审核,企业付款到个人
+ @date 2017年5月26日
+ @atuhor jiangyouyao
+ * @param desc 描述
+ * @param outTradeNo 提现申请编号
+ * @param totalFee 提现金额(分)
+ * @param openid
+ * @return
+ */
+ public boolean comPay(String desc, String outTradeNo,int totalFee, String openid){
+ log.info("后台同意提现申请..."+ desc+outTradeNo+totalFee+openid);
+ boolean flag=false;
+ try {
+ JsApiPayBusiness jsApiPayBusiness = new JsApiPayBusiness();
+ String paySecret = xcxProperties.getWecharpaySecret();
+ String appId = xcxProperties.getXcxAppid();
+ String certLocalPath = xcxProperties.getCertLocalPath();
+ String mchID = xcxProperties.getWecharpayMchid();
+
+ JsApiPayComReqData jsApiPayComReqData=new JsApiPayComReqData(mchID,
+ appId,
+ paySecret,
+ desc,outTradeNo,totalFee,openid,"NO_CHECK","");
+ JsApiPayComService jsApiPayComService=new JsApiPayComService();
+
+ HttpsRequest2 request2= (HttpsRequest2) jsApiPayComService.getServiceRequest();
+ request2.setCertLocalPath(certLocalPath);
+ request2.setMchId(mchID);
+
+ JsApiPayComResData result = jsApiPayBusiness.payComOrder(jsApiPayComService, jsApiPayComReqData);
+
+ log.info("#提现,企业付款到个人---result:{}",result);
+ if (result.getResult_code().equals("SUCCESS")) {
+ flag=true;
+ }else{
+ log.info("#提现,企业付款到个人失败,{}!", "商户余额不足");
+ flag=false;
+ }
+ } catch (Exception e) {
+ log.error("#企业付款到个人异常#提现#outTradeNo:{}#opUserID:{}", e, outTradeNo,openid);
+ flag=false;
+ }
+ return flag;
+ }
/**@Description 支付获取远程设备的ip
@date 2017年6月27日
--
Gitblit v1.9.1