1 anno fa · 74f7720ab4
--- a/src/main/java/com/sqx/modules/app/controller/UserController.java
+++ b/src/main/java/com/sqx/modules/app/controller/UserController.java
@@ -1,10 +1,7 @@
 
				 package com.sqx.modules.app.controller;
			
 
				 
			
 
				-import com.alibaba.fastjson.JSON;
			
 
				-import com.alibaba.fastjson.JSONObject;
			
 
				 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
			
 
				 import com.sqx.common.utils.Result;
			
 
				-import com.sqx.modules.app.annotation.Login;
			
 
				 import com.sqx.modules.app.entity.UserEntity;
			
 
				 import com.sqx.modules.app.entity.UserMoney;
			
 
				 import com.sqx.modules.app.response.HomeMessageResponse;
			
@@ -13,13 +10,19 @@ import com.sqx.modules.app.service.UserMoneyDetailsService;
 
				 import com.sqx.modules.app.service.UserMoneyService;
			
 
				 import com.sqx.modules.app.service.UserService;
			
 
				 import com.sqx.modules.pay.service.PayDetailsService;
			
 
				-import com.sqx.modules.utils.fieYun.FeiYunUtils;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
 
				-import org.apache.commons.lang.StringUtils;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PathVariable;
			
 
				+import org.springframework.web.bind.annotation.RequestAttribute;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestMethod;
			
 
				+import org.springframework.web.bind.annotation.ResponseBody;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.text.SimpleDateFormat;
			
 
				 import java.util.Date;
			
@@ -201,7 +204,7 @@ public class UserController {
 
				     @RequestMapping(value = "/updateShopClientId", method = RequestMethod.POST)
			
 
				     @ApiOperation("商家端绑定消息推送clientId")
			
 
				     @ResponseBody
			
 
				-    public Result updateShopClientId(@RequestParam String clientId, @RequestAttribute Long userId,Integer sysPhone) {
			
 
				+    public Result updateShopClientId(@DecryptParam String clientId, @RequestAttribute Long userId, Integer sysPhone) {
			
 
				         UserEntity userEntity = userService.selectUserById(userId);
			
 
				         if (userEntity != null) {
			
 
				             userService.updateUserShopClientIdIsNull(clientId);
			
--- a/src/main/java/com/sqx/modules/app/controller/app/AppController.java
+++ b/src/main/java/com/sqx/modules/app/controller/app/AppController.java
@@ -1,25 +1,24 @@
 
				 package com.sqx.modules.app.controller.app;
			
 
				 
			
 
				 
			
 
				-import com.alibaba.fastjson.JSON;
			
 
				-import com.alibaba.fastjson.JSONObject;
			
 
				 import com.sqx.common.utils.Result;
			
 
				 import com.sqx.modules.app.annotation.Login;
			
 
				 import com.sqx.modules.app.annotation.LoginUser;
			
 
				 import com.sqx.modules.app.entity.UserEntity;
			
 
				 import com.sqx.modules.app.service.AppService;
			
 
				 import com.sqx.modules.app.service.UserService;
			
 
				-import com.sqx.modules.common.entity.CommonInfo;
			
 
				 import com.sqx.modules.common.service.CommonInfoService;
			
 
				 import com.sqx.modules.utils.MD5Util;
			
 
				-import com.sqx.modules.utils.fieYun.FeiYunUtils;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				-import org.apache.commons.lang.StringUtils;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				-
			
 
				-import java.math.BigDecimal;
			
 
				+import org.springframework.web.bind.annotation.RequestAttribute;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestMethod;
			
 
				+import org.springframework.web.bind.annotation.ResponseBody;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 /**
			
 
				  * APP登录授权
			
@@ -56,7 +55,7 @@ public class AppController {
 
				     @RequestMapping(value = "/updatePhone", method = RequestMethod.POST)
			
 
				     @ApiOperation("用户端换绑手机号")
			
 
				     @ResponseBody
			
 
				-    public Result updatePhone(@RequestAttribute("userId") Long userId, @RequestParam String phone, @RequestParam String msg) {
			
 
				+    public Result updatePhone(@RequestAttribute("userId") Long userId, @DecryptParam String phone, @DecryptParam String msg) {
			
 
				         return userService.updatePhone(phone, msg, userId);
			
 
				     }
			
 
				 
			
@@ -111,7 +110,7 @@ public class AppController {
 
				     @RequestMapping(value = "/updateClientId", method = RequestMethod.POST)
			
 
				     @ApiOperation("用户端绑定消息推送clientId")
			
 
				     @ResponseBody
			
 
				-    public Result updateClientId(@RequestParam String clientId, @RequestAttribute Long userId,Integer sysPhone) {
			
 
				+    public Result updateClientId(@DecryptParam String clientId, @RequestAttribute Long userId,Integer sysPhone) {
			
 
				         UserEntity userEntity = userService.getById(userId);
			
 
				         if (userEntity != null) {
			
 
				             //检查是否有其他用户设置这个clientId 如果有 则清除其他用户
			
@@ -130,7 +129,7 @@ public class AppController {
 
				     @RequestMapping(value = "/updateRiderClientId", method = RequestMethod.POST)
			
 
				     @ApiOperation("骑手端绑定消息推送clientId")
			
 
				     @ResponseBody
			
 
				-    public Result updateRiderClientId(@RequestParam String clientId, @RequestAttribute Long userId,Integer sysPhone) {
			
 
				+    public Result updateRiderClientId(@DecryptParam String clientId, @RequestAttribute Long userId,Integer sysPhone) {
			
 
				         UserEntity userEntity = userService.selectUserById(userId);
			
 
				         if (userEntity != null) {
			
 
				             userService.updateUserRiderClientIdIsNull(clientId);
			
--- a/src/main/java/com/sqx/modules/app/controller/app/AppLoginController.java
+++ b/src/main/java/com/sqx/modules/app/controller/app/AppLoginController.java
@@ -12,14 +12,19 @@ import com.sqx.modules.app.utils.WxPhone;
 
				 import com.sqx.modules.common.entity.CommonInfo;
			
 
				 import com.sqx.modules.common.service.CommonInfoService;
			
 
				 import com.sqx.modules.utils.HttpClientUtil;
			
 
				-import com.sqx.modules.utils.MD5Util;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				-import org.junit.Test;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PathVariable;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestMethod;
			
 
				+import org.springframework.web.bind.annotation.ResponseBody;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 import weixin.popular.api.SnsAPI;
			
 
				 import weixin.popular.bean.sns.SnsToken;
			
 
				 
			
@@ -81,7 +86,7 @@ public class AppLoginController {
 
				 
			
 
				     @RequestMapping(value = "/appleLogin", method = RequestMethod.GET)
			
 
				     @ApiOperation("苹果登陆获取appleUserId")
			
 
				-    public Result loginVerify(@RequestParam("identityToken") String identityToken) {
			
 
				+    public Result loginVerify(@DecryptParam("identityToken") String identityToken) {
			
 
				         try {
			
 
				             log.info("苹果token：{}", identityToken);
			
 
				             JSONObject jsonObject = JSON.parseObject(identityToken);
			
@@ -97,14 +102,14 @@ public class AppLoginController {
 
				 
			
 
				     @ApiOperation("苹果登录")
			
 
				     @RequestMapping(value = "/insertAppleUser", method = RequestMethod.GET)
			
 
				-    public Result insertAppleUser(@RequestParam String appleId){
			
 
				+    public Result insertAppleUser(@DecryptParam String appleId){
			
 
				         return userService.iosRegister(appleId);
			
 
				     }
			
 
				 
			
 
				     @RequestMapping(value = "/iosBindMobile", method = RequestMethod.POST)
			
 
				     @ApiOperation("苹果登录绑定手机号")
			
 
				     @ResponseBody
			
 
				-    public Result iosBindMobile(@RequestParam String phone,@RequestParam String code,@RequestParam String appleId,@RequestParam String platform,@RequestParam Integer sysPhone) {
			
 
				+    public Result iosBindMobile(@DecryptParam String phone, @DecryptParam String code, @DecryptParam String appleId, @DecryptParam String platform, @DecryptParam Integer sysPhone) {
			
 
				         return userService.iosBindMobile(phone, code, appleId, platform, sysPhone);
			
 
				     }
			
 
				 
			
@@ -112,7 +117,7 @@ public class AppLoginController {
 
				     @RequestMapping(value = "/wxAppLogin", method = RequestMethod.POST)
			
 
				     @ApiOperation("微信APP登录")
			
 
				     @ResponseBody
			
 
				-    public Result wxAppLogin(@RequestParam String wxOpenId,@RequestParam String token) {
			
 
				+    public Result wxAppLogin(@DecryptParam String wxOpenId,@DecryptParam String token) {
			
 
				         return userService.wxAppLogin(wxOpenId,token);
			
 
				     }
			
 
				 
			
@@ -120,7 +125,7 @@ public class AppLoginController {
 
				     @RequestMapping(value = "/wxBindMobile", method = RequestMethod.POST)
			
 
				     @ApiOperation("微信登录绑定手机号")
			
 
				     @ResponseBody
			
 
				-    public Result wxBindMobile(@RequestParam String phone,@RequestParam String code,@RequestParam String wxOpenId,@RequestParam String token,@RequestParam String platform,@RequestParam Integer sysPhone) {
			
 
				+    public Result wxBindMobile(@DecryptParam String phone,@DecryptParam String code,@DecryptParam String wxOpenId,@DecryptParam String token,@DecryptParam String platform,@DecryptParam Integer sysPhone) {
			
 
				         return userService.wxBindMobile(phone, code, wxOpenId, token, platform, sysPhone);
			
 
				     }
			
 
				 
			
@@ -151,7 +156,7 @@ public class AppLoginController {
 
				     }
			
 
				     @ApiParam("登录app")
			
 
				     @RequestMapping(value = "/loginApp",method = RequestMethod.POST)
			
 
				-    public  Result loginApp(@RequestParam String phone,@RequestParam String password){
			
 
				+    public  Result loginApp(@DecryptParam String phone,@DecryptParam String password){
			
 
				         return userService.loginApp(phone,password);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/app/controller/app/AppUserFollowController.java
+++ b/src/main/java/com/sqx/modules/app/controller/app/AppUserFollowController.java
@@ -3,12 +3,11 @@ package com.sqx.modules.app.controller.app;
 
				 import com.sqx.common.utils.Result;
			
 
				 import com.sqx.modules.app.annotation.Login;
			
 
				 import com.sqx.modules.app.service.UserFollowService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				-
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.web.bind.annotation.RequestAttribute;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				-import org.springframework.web.bind.annotation.RequestParam;
			
 
				 import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 @RestController
			
@@ -25,7 +24,7 @@ public class AppUserFollowController {
 
				 
			
 
				     @RequestMapping("/insert")
			
 
				     @Login
			
 
				-    public Result insert(@RequestAttribute Long userId, @RequestParam Long followUserId) {
			
 
				+    public Result insert(@RequestAttribute Long userId, @DecryptParam Long followUserId) {
			
 
				         return userFollowService.insert(userId, followUserId);
			
 
				     }
			
 
				 
			
@@ -50,7 +49,7 @@ public class AppUserFollowController {
 
				      */
			
 
				     @RequestMapping("/selectFollowUser")
			
 
				     @Login
			
 
				-    public Result selectFollowUser(@RequestAttribute Long userId,@RequestParam Long followUserId) {
			
 
				+    public Result selectFollowUser(@RequestAttribute Long userId,@DecryptParam Long followUserId) {
			
 
				         return userFollowService.selectFollowUser(userId,followUserId);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/chats/controller/ChatsController.java
+++ b/src/main/java/com/sqx/modules/chats/controller/ChatsController.java
@@ -4,11 +4,16 @@ package com.sqx.modules.chats.controller;
 
				 import com.sqx.modules.chats.entity.Chats;
			
 
				 import com.sqx.modules.chats.service.ChatsService;
			
 
				 import com.sqx.modules.chats.utils.Result;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 @RestController
			
 
				 @Api(value="聊天会话",tags={"聊天会话"})
			
@@ -19,20 +24,20 @@ public class ChatsController {
 
				 
			
 
				     @GetMapping("/count")
			
 
				     @ApiOperation("商家端未读消息")
			
 
				-    public Result count(@ApiParam("店铺id(总后台商户传0)") @RequestParam Long storeId) {
			
 
				+    public Result count(@ApiParam("店铺id(总后台商户传0)") @DecryptParam Long storeId) {
			
 
				         return service.count(storeId);
			
 
				     }
			
 
				 
			
 
				     @GetMapping("/userCount")
			
 
				     @ApiOperation("用户端未读消息")
			
 
				-    public Result userCount(@ApiParam("店铺id(总后台商户传0)") @RequestParam Long userId) {
			
 
				+    public Result userCount(@ApiParam("店铺id(总后台商户传0)") @DecryptParam Long userId) {
			
 
				         return service.userCount(userId);
			
 
				     }
			
 
				 
			
 
				     @GetMapping("/list")
			
 
				     @ApiOperation("商家端会话列表")
			
 
				-    public Result findAll(@ApiParam("店铺id(总后台商户传0)") @RequestParam Long storeId,
			
 
				-                          @ApiParam("用户昵称") @RequestParam(required = false) String userName) {
			
 
				+    public Result findAll(@ApiParam("店铺id(总后台商户传0)") @DecryptParam Long storeId,
			
 
				+                          @ApiParam("用户昵称") @DecryptParam(required = false) String userName) {
			
 
				         return service.findAll(storeId, userName);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/chats/controller/app/AppChatsController.java
+++ b/src/main/java/com/sqx/modules/chats/controller/app/AppChatsController.java
@@ -5,11 +5,16 @@ import com.sqx.modules.chats.entity.Chats;
 
				 import com.sqx.modules.chats.service.ChatsContentService;
			
 
				 import com.sqx.modules.chats.service.ChatsService;
			
 
				 import com.sqx.modules.chats.utils.Result;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 @RestController
			
 
				 @Api(value="聊天会话",tags={"聊天会话"})
			
@@ -35,7 +40,7 @@ public class AppChatsController {
 
				     
			
 
				     @GetMapping("/userCount")
			
 
				     @ApiOperation("用户端未读消息")
			
 
				-    public Result userCount(@ApiParam("店铺id(总后台商户传0)") @RequestParam Long userId) {
			
 
				+    public Result userCount(@ApiParam("店铺id(总后台商户传0)") @DecryptParam Long userId) {
			
 
				         return service.userCount(userId);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/errand/controller/app/AppTbIndentController.java
+++ b/src/main/java/com/sqx/modules/errand/controller/app/AppTbIndentController.java
@@ -17,6 +17,7 @@ import com.sqx.modules.errand.entity.ErrandRedPacket;
 
				 import com.sqx.modules.errand.entity.TbIndent;
			
 
				 import com.sqx.modules.errand.service.ErrandComplaintService;
			
 
				 import com.sqx.modules.errand.service.TbIndentService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
@@ -29,7 +30,6 @@ import org.springframework.web.bind.annotation.PutMapping;
 
				 import org.springframework.web.bind.annotation.RequestAttribute;
			
 
				 import org.springframework.web.bind.annotation.RequestBody;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				-import org.springframework.web.bind.annotation.RequestParam;
			
 
				 import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import javax.validation.Valid;
			
@@ -284,7 +284,7 @@ public class AppTbIndentController {
 
				     @Login
			
 
				     @PutMapping(value = "delivery-img/{indentNumber}")
			
 
				     @ApiOperation("骑手上传送达照片")
			
 
				-    public Result riderUploadDeliveryImg(@RequestAttribute Long userId, @PathVariable @ApiParam("跑腿订单id") String indentNumber, @RequestParam @ApiParam("图片地址") String imgs){
			
 
				+    public Result riderUploadDeliveryImg(@RequestAttribute Long userId, @PathVariable @ApiParam("跑腿订单id") String indentNumber, @DecryptParam @ApiParam("图片地址") String imgs){
			
 
				         tbIndentService.riderUploadDeliveryImg(userId, indentNumber, imgs);
			
 
				         return Result.success();
			
 
				     }
			
--- a/src/main/java/com/sqx/modules/file/AliFileUploadController.java
+++ b/src/main/java/com/sqx/modules/file/AliFileUploadController.java
@@ -5,6 +5,7 @@ import com.aliyun.oss.OSSClientBuilder;
 
				 import com.sqx.common.utils.Result;
			
 
				 import com.sqx.modules.common.service.CommonInfoService;
			
 
				 import com.sqx.modules.file.utils.FileUploadUtils;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
@@ -15,9 +16,18 @@ import org.springframework.beans.factory.annotation.Autowired;
 
				 import org.springframework.web.bind.annotation.*;
			
 
				 import org.springframework.web.multipart.MultipartFile;
			
 
				 
			
 
				-import java.io.*;
			
 
				+import java.io.ByteArrayInputStream;
			
 
				+import java.io.File;
			
 
				+import java.io.FileOutputStream;
			
 
				+import java.io.IOException;
			
 
				+import java.io.InputStream;
			
 
				+import java.io.OutputStream;
			
 
				 import java.text.SimpleDateFormat;
			
 
				-import java.util.*;
			
 
				+import java.util.Date;
			
 
				+import java.util.HashMap;
			
 
				+import java.util.Map;
			
 
				+import java.util.Objects;
			
 
				+import java.util.UUID;
			
 
				 
			
 
				 /**
			
 
				  * 阿里云文件上传
			
@@ -41,7 +51,7 @@ public class AliFileUploadController {
 
				     @RequestMapping(value = "/upload", method = RequestMethod.POST)
			
 
				     @ApiOperation("文件上传")
			
 
				     @ResponseBody
			
 
				-    public Result upload(@RequestParam("file") MultipartFile file){
			
 
				+    public Result upload(@DecryptParam("file") MultipartFile file){
			
 
				         String value = commonRepository.findOne(234).getValue();
			
 
				         if("1".equals(value)){
			
 
				             // 创建OSSClient实例。
			
@@ -85,7 +95,7 @@ public class AliFileUploadController {
 
				     @RequestMapping(value = "/uploadUniApp", method = RequestMethod.POST)
			
 
				     @ApiOperation("文件上传")
			
 
				     @ResponseBody
			
 
				-    public String uploadUniApp(@RequestParam("file") MultipartFile file){
			
 
				+    public String uploadUniApp(@DecryptParam("file") MultipartFile file){
			
 
				         String value = commonRepository.findOne(234).getValue();
			
 
				         if("1".equals(value)){
			
 
				             // 创建OSSClient实例。
			
@@ -131,7 +141,7 @@ public class AliFileUploadController {
 
				     @RequestMapping(value = "/uploadMusic", method = RequestMethod.POST)
			
 
				     @ApiOperation("文件上传")
			
 
				     @ResponseBody
			
 
				-    public Result uploadMusic(@RequestParam("file") MultipartFile file) {
			
 
				+    public Result uploadMusic(@DecryptParam("file") MultipartFile file) {
			
 
				         String url="";
			
 
				         String value = commonRepository.findOne(234).getValue();
			
 
				         if("1".equals(value)){
			
--- a/src/main/java/com/sqx/modules/goods/controller/GoodsController.java
+++ b/src/main/java/com/sqx/modules/goods/controller/GoodsController.java
@@ -1,7 +1,6 @@
 
				 package com.sqx.modules.goods.controller;
			
 
				 
			
 
				 import com.sqx.common.utils.Result;
			
 
				-import com.sqx.modules.app.annotation.Login;
			
 
				 import com.sqx.modules.goods.entity.Goods;
			
 
				 import com.sqx.modules.goods.entity.GoodsAttr;
			
 
				 import com.sqx.modules.goods.entity.GoodsClassify;
			
@@ -11,11 +10,16 @@ import com.sqx.modules.goods.service.GoodsService;
 
				 import com.sqx.modules.goods.service.GoodsShopService;
			
 
				 import com.sqx.modules.sys.controller.AbstractController;
			
 
				 import com.sqx.modules.sys.entity.SysUserEntity;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.util.List;
			
 
				 
			
@@ -74,18 +78,18 @@ public class GoodsController extends AbstractController {
 
				 
			
 
				     @ApiOperation(value = "单规格生成sku")
			
 
				     @GetMapping(value = "/onlyFormatAttr")
			
 
				-    public Result onlyFormatSku(@ApiParam("商品图片")@RequestParam(required = false) String coverImg,
			
 
				-                                @ApiParam("原价")@RequestParam(required = false) String originalPrice,
			
 
				-                                @ApiParam("售价")@RequestParam(required = false) String price){
			
 
				+    public Result onlyFormatSku(@ApiParam("商品图片")@DecryptParam(required = false) String coverImg,
			
 
				+                                @ApiParam("原价")@DecryptParam(required = false) String originalPrice,
			
 
				+                                @ApiParam("售价")@DecryptParam(required = false) String price){
			
 
				         return goodsService.onlyFormatAttr(coverImg, originalPrice, price);
			
 
				     }
			
 
				 
			
 
				     @ApiOperation(value = "多规格生成sku")
			
 
				     @PostMapping(value = "/isFormatAttr")
			
 
				     public Result isFormatSku(@RequestBody GoodsAttr attr,
			
 
				-                              @ApiParam("商品图片")@RequestParam(required = false) String coverImg,
			
 
				-                              @ApiParam("原价")@RequestParam(required = false) String originalPrice,
			
 
				-                              @ApiParam("售价")@RequestParam(required = false) String price){
			
 
				+                              @ApiParam("商品图片")@DecryptParam(required = false) String coverImg,
			
 
				+                              @ApiParam("原价")@DecryptParam(required = false) String originalPrice,
			
 
				+                              @ApiParam("售价")@DecryptParam(required = false) String price){
			
 
				         return goodsService.isFormatAttr(attr, coverImg, originalPrice, price);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/invite/controller/InviteController.java
+++ b/src/main/java/com/sqx/modules/invite/controller/InviteController.java
@@ -6,11 +6,16 @@ import com.sqx.modules.app.service.UserService;
 
				 import com.sqx.modules.common.entity.CommonInfo;
			
 
				 import com.sqx.modules.common.service.CommonInfoService;
			
 
				 import com.sqx.modules.utils.SenInfoCheckUtil;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestMethod;
			
 
				+import org.springframework.web.bind.annotation.ResponseBody;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import javax.servlet.http.HttpServletResponse;
			
 
				 import java.util.HashMap;
			
@@ -49,7 +54,7 @@ public class InviteController {
 
				 
			
 
				     @GetMapping("/mpCreateQr")
			
 
				     @ApiOperation("小程序推广二维码")
			
 
				-    public void mpCreateQr(@RequestParam String relation, HttpServletResponse response) {
			
 
				+    public void mpCreateQr(@DecryptParam String relation, HttpServletResponse response) {
			
 
				         SenInfoCheckUtil.getPoster(relation,response);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/invite/controller/app/AppInviteController.java
+++ b/src/main/java/com/sqx/modules/invite/controller/app/AppInviteController.java
@@ -12,11 +12,17 @@ import com.sqx.modules.invite.entity.InviteMoney;
 
				 import com.sqx.modules.invite.service.InviteMoneyService;
			
 
				 import com.sqx.modules.invite.service.InviteService;
			
 
				 import com.sqx.modules.utils.SenInfoCheckUtil;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestAttribute;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestMethod;
			
 
				+import org.springframework.web.bind.annotation.ResponseBody;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import javax.servlet.http.HttpServletResponse;
			
 
				 import java.util.HashMap;
			
@@ -75,7 +81,7 @@ public class AppInviteController {
 
				 
			
 
				     @GetMapping("/mpCreateQr")
			
 
				     @ApiOperation("小程序推广二维码")
			
 
				-    public void mpCreateQr(@RequestParam String invitationCode, HttpServletResponse response) {
			
 
				+    public void mpCreateQr(@DecryptParam String invitationCode, HttpServletResponse response) {
			
 
				         SenInfoCheckUtil.getPoster(invitationCode,response);
			
 
				     }
			
 
				 
			
--- a/src/main/java/com/sqx/modules/order/controller/OrderController.java
+++ b/src/main/java/com/sqx/modules/order/controller/OrderController.java
@@ -9,6 +9,7 @@ import com.sqx.modules.order.service.EvaluateService;
 
				 import com.sqx.modules.sys.controller.AbstractController;
			
 
				 import com.sqx.modules.utils.excel.ExcelData;
			
 
				 import com.sqx.modules.utils.excel.ExportExcelUtils;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import io.swagger.annotations.Api;
			
 
				 import io.swagger.annotations.ApiOperation;
			
 
				 import io.swagger.annotations.ApiParam;
			
@@ -19,7 +20,6 @@ import org.springframework.web.bind.annotation.PathVariable;
 
				 import org.springframework.web.bind.annotation.PostMapping;
			
 
				 import org.springframework.web.bind.annotation.RequestBody;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				-import org.springframework.web.bind.annotation.RequestParam;
			
 
				 import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import javax.servlet.http.HttpServletResponse;
			
@@ -69,7 +69,7 @@ public class OrderController extends AbstractController {
 
				 
			
 
				     @ApiOperation("添加送达照片")
			
 
				     @PostMapping(value = "add-receive-img/{orderId}")
			
 
				-    public Result addReceiveImg(@PathVariable Long orderId, @RequestParam String img){
			
 
				+    public Result addReceiveImg(@PathVariable Long orderId, @DecryptParam String img){
			
 
				         appOrderService.addReceiveImg(orderId, img);
			
 
				 
			
 
				         return Result.success();
			
--- a/src/main/java/com/sqx/modules/oss/controller/SysOssController.java
+++ b/src/main/java/com/sqx/modules/oss/controller/SysOssController.java
@@ -15,9 +15,14 @@ import com.sqx.modules.oss.cloud.OSSFactory;
 
				 import com.sqx.modules.oss.entity.SysOssEntity;
			
 
				 import com.sqx.modules.oss.service.SysOssService;
			
 
				 import com.sqx.modules.sys.service.SysConfigService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import org.apache.shiro.authz.annotation.RequiresPermissions;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 import org.springframework.web.multipart.MultipartFile;
			
 
				 
			
 
				 import java.util.Arrays;
			
@@ -43,7 +48,7 @@ public class SysOssController {
 
				 	 */
			
 
				 	@GetMapping("/list")
			
 
				 	@RequiresPermissions("sys:oss:all")
			
 
				-	public Result list(@RequestParam Map<String, Object> params){
			
 
				+	public Result list(@DecryptParam Map<String, Object> params){
			
 
				 		PageUtils page = sysOssService.queryPage(params);
			
 
				 
			
 
				 		return Result.success().put("page", page);
			
@@ -93,7 +98,7 @@ public class SysOssController {
 
				 	 */
			
 
				 	@PostMapping("/upload")
			
 
				 	@RequiresPermissions("sys:oss:all")
			
 
				-	public Result upload(@RequestParam("file") MultipartFile file) throws Exception {
			
 
				+	public Result upload(@DecryptParam("file") MultipartFile file) throws Exception {
			
 
				 		if (file.isEmpty()) {
			
 
				 			throw new SqxException("上传文件不能为空");
			
 
				 		}
			
--- a/src/main/java/com/sqx/modules/sys/controller/SysConfigController.java
+++ b/src/main/java/com/sqx/modules/sys/controller/SysConfigController.java
@@ -7,9 +7,15 @@ import com.sqx.common.utils.Result;
 
				 import com.sqx.common.validator.ValidatorUtils;
			
 
				 import com.sqx.modules.sys.entity.SysConfigEntity;
			
 
				 import com.sqx.modules.sys.service.SysConfigService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import org.apache.shiro.authz.annotation.RequiresPermissions;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PathVariable;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.util.Map;
			
 
				 
			
@@ -28,7 +34,7 @@ public class SysConfigController extends AbstractController {
 
				 	 */
			
 
				 	@GetMapping("/list")
			
 
				 	@RequiresPermissions("sys:config:list")
			
 
				-	public Result list(@RequestParam Map<String, Object> params){
			
 
				+	public Result list(@DecryptParam Map<String, Object> params){
			
 
				 		PageUtils page = sysConfigService.queryPage(params);
			
 
				 
			
 
				 		return Result.success().put("page", page);
			
--- a/src/main/java/com/sqx/modules/sys/controller/SysDictController.java
+++ b/src/main/java/com/sqx/modules/sys/controller/SysDictController.java
@@ -5,9 +5,13 @@ import com.sqx.common.utils.Result;
 
				 import com.sqx.common.validator.ValidatorUtils;
			
 
				 import com.sqx.modules.sys.entity.SysDictEntity;
			
 
				 import com.sqx.modules.sys.service.SysDictService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import org.apache.shiro.authz.annotation.RequiresPermissions;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.PathVariable;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.util.Arrays;
			
 
				 import java.util.Map;
			
@@ -27,7 +31,7 @@ public class SysDictController {
 
				      */
			
 
				     @RequestMapping("/list")
			
 
				     @RequiresPermissions("sys:dict:list")
			
 
				-    public Result list(@RequestParam Map<String, Object> params){
			
 
				+    public Result list(@DecryptParam Map<String, Object> params){
			
 
				         PageUtils page = sysDictService.queryPage(params);
			
 
				 
			
 
				         return Result.success().put("page", page);
			
--- a/src/main/java/com/sqx/modules/sys/controller/SysLogController.java
+++ b/src/main/java/com/sqx/modules/sys/controller/SysLogController.java
@@ -3,12 +3,12 @@ package com.sqx.modules.sys.controller;
 
				 import com.sqx.common.utils.PageUtils;
			
 
				 import com.sqx.common.utils.Result;
			
 
				 import com.sqx.modules.sys.service.SysLogService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import org.apache.shiro.authz.annotation.RequiresPermissions;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.stereotype.Controller;
			
 
				 import org.springframework.web.bind.annotation.GetMapping;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				-import org.springframework.web.bind.annotation.RequestParam;
			
 
				 import org.springframework.web.bind.annotation.ResponseBody;
			
 
				 
			
 
				 import java.util.Map;
			
@@ -30,7 +30,7 @@ public class SysLogController {
 
				 	@ResponseBody
			
 
				 	@GetMapping("/list")
			
 
				 	@RequiresPermissions("sys:log:list")
			
 
				-	public Result list(@RequestParam Map<String, Object> params){
			
 
				+	public Result list(@DecryptParam Map<String, Object> params){
			
 
				 		PageUtils page = sysLogService.queryPage(params);
			
 
				 
			
 
				 		return Result.success().put("page", page);
			
--- a/src/main/java/com/sqx/modules/sys/controller/SysRoleController.java
+++ b/src/main/java/com/sqx/modules/sys/controller/SysRoleController.java
@@ -7,9 +7,15 @@ import com.sqx.common.validator.ValidatorUtils;
 
				 import com.sqx.modules.sys.entity.SysRoleEntity;
			
 
				 import com.sqx.modules.sys.service.SysRoleMenuService;
			
 
				 import com.sqx.modules.sys.service.SysRoleService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import org.apache.shiro.authz.annotation.RequiresPermissions;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PathVariable;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.util.HashMap;
			
 
				 import java.util.List;
			
@@ -32,7 +38,7 @@ public class SysRoleController extends AbstractController {
 
				 	 */
			
 
				 	@GetMapping("/list")
			
 
				 	@RequiresPermissions("sys:role:list")
			
 
				-	public Result list(@RequestParam Map<String, Object> params){
			
 
				+	public Result list(@DecryptParam Map<String, Object> params){
			
 
				 		//如果不是超级管理员，则只查询自己创建的角色列表
			
 
				 		/*if(getUserId() != Constant.SUPER_ADMIN){
			
 
				 			params.put("createUserId", getUserId());
			
--- a/src/main/java/com/sqx/modules/sys/controller/SysUserController.java
+++ b/src/main/java/com/sqx/modules/sys/controller/SysUserController.java
@@ -19,11 +19,17 @@ import com.sqx.modules.sys.entity.SysUserEntity;
 
				 import com.sqx.modules.sys.form.PasswordForm;
			
 
				 import com.sqx.modules.sys.service.SysUserRoleService;
			
 
				 import com.sqx.modules.sys.service.SysUserService;
			
 
				+import icu.xuyijie.secureapi.annotation.DecryptParam;
			
 
				 import org.apache.commons.lang.ArrayUtils;
			
 
				 import org.apache.shiro.authz.annotation.RequiresPermissions;
			
 
				 import org.apache.shiro.crypto.hash.Sha256Hash;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				-import org.springframework.web.bind.annotation.*;
			
 
				+import org.springframework.web.bind.annotation.GetMapping;
			
 
				+import org.springframework.web.bind.annotation.PathVariable;
			
 
				+import org.springframework.web.bind.annotation.PostMapping;
			
 
				+import org.springframework.web.bind.annotation.RequestBody;
			
 
				+import org.springframework.web.bind.annotation.RequestMapping;
			
 
				+import org.springframework.web.bind.annotation.RestController;
			
 
				 
			
 
				 import java.util.ArrayList;
			
 
				 import java.util.List;
			
@@ -54,7 +60,7 @@ public class SysUserController extends AbstractController {
 
				 	 */
			
 
				 	@GetMapping("/list")
			
 
				 	@RequiresPermissions("sys:user:list")
			
 
				-	public Result list(@RequestParam Map<String, Object> params){
			
 
				+	public Result list(@DecryptParam Map<String, Object> params){
			
 
				 		//只有超级管理员，才能查看所有管理员列表
			
 
				 		/*if(getUserId() != Constant.SUPER_ADMIN){
			
 
				 			params.put("createUserId", getUserId());