Giter Site home page Giter Site logo

2227324689 / gpmall Goto Github PK

View Code? Open in Web Editor NEW
4.8K 4.8K 1.9K 55.59 MB

【咕泡学院实战项目】-基于SpringBoot+Dubbo构建的电商平台-微服务架构、商城、电商、微服务、高并发、kafka、Elasticsearch

Home Page: http://vip.istio.tech/

License: Apache License 2.0

Java 44.59% JavaScript 32.87% HTML 0.09% Vue 17.93% PLpgSQL 4.34% SCSS 0.18%
canal dubbo elasticsearch elk java kafka nacos sentinel springboot springcloud-alibaba zookeeper

gpmall's Introduction

Hi there 👋

Github Stats

🍀个人简介

Mic

Mic

谭锋(Mic)

  1. 13年开发&系统架构经验。

  2. 曾任职于平安付、挖财,担任技术专家/业务架构师。

  3. 目前是一名创业者,5年创业生涯。

  4. 5年教研教学经验,对高并发、分布式体系有非常深度的研究。

🌌 著作作品

  1. 2020年出版《Spring Cloud Alibaba微服务原理与实战》

  1. 2021年出版《Java并发编程深度解析与实战》

⛅️ 开源项目及随书代码

  1. GitHub: https://github.com/2227324689
  2. Gitee: https://gitee.com/mic112
  3. 公众号: 跟着Mic学架构

🔑 职业生涯

2009年参加第一份Java开发工作,进入到一个做政务系统的企业,早期是负责对老的政务系统进行维护,由于个人产出表现不错,入职3个月后,开始负责政务系统的全盘工作。

主要涉及到:需求的沟通、 需求整理、 系统设计、系统研发、产品交付和验收、系统部署、团队管理。

2010年,作为技术合伙人,跟随技术总监出来创业,主要方向仍然是政务系统,在这个期间,仍然是负责政务业务的全盘工作,主要职责: 团队管理、人员招聘、 需求沟通、系统设计、研发、 交付和验收。

主要业绩: 半年时间独立完成多个软件项目,总价值350W。

2011年,去了一家做语音实时翻译的公司,负责产品研发的工作,由于产品没有起色,只干了一年时间就离职了

2012年, 加入一家做电信外包的公司(上海理想信息科技),担任技术经理一职,管理10人的技术团队,一年时间从0到1完成商旅项目的整体研发和上线。

2013年,进入到了一家做互联网金融的公司(平安支付),负责理财这条业务线的开发工作,这一份工作是整个职业生涯的重要转折点,在此之前,都是在传统软件行业,技术要求不高。

加入这个公司后的第一个月,主动申请加入到产线运营小组,花了三个月时间梳理了一个完善的产线维护手册,以及梳理了一套完整和清晰的调用链路图和流程图,极大提高了客服人员的生产问题响应效率。

同年9月份,主动申请加入到《花漾卡》项目,负责交易部分的架构设计,同年的12月份这个项目发布上线。

2015年,进入另外一个互联网金融公司(挖财),担任业务架构一职,负责支付平台、账户系统、营销系统的架构设计与开发工作。

2016年7月出来创业,全职承接软件项目。

2017年3月,继续创业,以面向在职人员的IT职业技能提升为导向,提供《Java架构师》的课程培训。

🌏 联系方式

gpmall's People

Contributors

2227324689 avatar 937345232 avatar bladeandmaster88 avatar dependabot[bot] avatar eleven-lo avatar fuyl1988 avatar gu-aoran avatar hepengshuai avatar jerry-sk avatar jiangnan7400 avatar joeltangerine avatar junlongzhangz avatar kaiguoyuanshuai avatar lanwp530 avatar liuchenghong6079 avatar lizhaowh avatar lkmxsxd avatar oahnus avatar pingpong-tech avatar qiangziwwq avatar ramln1989 avatar shuanglingmao avatar silent-night-no-trace avatar tufeng1992 avatar wwpy avatar xiaosos avatar zhangzhenguo2 avatar zszj888 avatar zzzxdm avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

gpmall's Issues

发现验证码验证服务KaptchaServiceImpl有可能60s生成相同的,导致验证失败

如果60s内,大量用户校验验证码时,如生成了两个相同的Code,存入Redis,验证时会失败。
以下是测试代码
public class UserProviderApplication {
public static void main(String[] args) {
ConfigurableApplicationContext context=SpringApplication.run(UserProviderApplication.class,args);
KaptchaServiceImpl kaptchaService= (KaptchaServiceImpl) context.getBean("kaptchaServiceImpl");
Map<String,Object> map=new HashMap<String,Object>();
KaptchaCodeRequest request=new KaptchaCodeRequest();
for(int i=0;i<2000;i++){
KaptchaCodeResponse response=kaptchaService.getKaptchaCode(new KaptchaCodeRequest());
if(map.get(response.getImageCode())==null){
map.put(response.getImageCode(),response);
}else{
System.out.println("60s内有重复的token生成 redis里有两份一样的code,response = " + response);
request.setUuid(response.getUuid());
request.setCode(response.getCode());
KaptchaCodeResponse validateResponse=kaptchaService.validateKaptchaCode(request);
System.out.println("validateResponse = " + validateResponse);
}
}
}
结果总有一两笔是重复的:
60s内有重复的token生成 redis里有两份一样的code,response = KaptchaCodeResponse(imageCode=dktv, uuid=5e884bee-136c-4621-b58c-17f1485c28a3)
2019-10-16 16:47:16.654 INFO 908 --- [ main] c.p.user.services.KaptchaServiceImpl : 请求的redisKey=kaptcha_uuid5e884bee-136c-4621-b58c-17f1485c28a3,请求的code=000000,从redis获得的code=dktv
validateResponse = KaptchaCodeResponse(imageCode=null, uuid=null)
60s内有重复的token生成 redis里有两份一样的code,response = KaptchaCodeResponse(imageCode=961m, uuid=495d00e6-a8b7-4148-9375-4940f6bed166)
2019-10-16 16:47:30.025 INFO 908 --- [ main] c.p.user.services.KaptchaServiceImpl : 请求的redisKey=kaptcha_uuid495d00e6-a8b7-4148-9375-4940f6bed166,请求的code=000000,从redis获得的code=961m
validateResponse = KaptchaCodeResponse(imageCode=null, uuid=null)

建议

项目中需要IP的地方能不能都换成localhost或者其他的。这样,我们clone运行的时候,只要启动相应组件,改下本地的host文件就可以了~

构建

项目不好构建,博主改成gradle项目吧

支付模块中的订单查询,退款,退款查询,异步通知功能如何设计

支付模块中,支付功能是单独封装了一个方法,并使用了策略模式。
但是,订单查询,退款,退款查询,异步通知功能如何设计?
--:是把几个功能一起封装到统一方法中,还是每个功能都封装一个方法,感觉每个都封装一个方法有点多余,不知大佬怎么思考?

分布式事务

请问下分布式事务,事务一直性采用的什么,怎么实现的

wxpay-sdk

com.github.wxpay wxpay-sdk 3.0.9

这个jar包下载不到,请问如何找到这个包

搜索

搜索部分是准备用es还是用什么其他技术实现?我看search-service里面还没有代码

服务启动的时候报错

java.lang.NoClassDefFoundError: org/apache/dubbo/config/spring/util/BeanRegistrar

at org.apache.dubbo.spring.boot.beans.factory.config.OverrideBeanDefinitionRegistryPostProcessor.postProcessBeanDefinitionRegistry(OverrideBeanDefinitionRegistryPostProcessor.java:36) ~[dubbo-spring-boot-autoconfigure-compatible-2.7.3.jar:2.7.3]
at org.springframework.context.support.PostProcessorRegistrationDelegate.invokeBeanFactoryPostProcessors(PostProcessorRegistrationDelegate.java:70) ~[spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:705) ~[spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:531) ~[spring-context-5.1.8.RELEASE.jar:5.1.8.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:742) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:389) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:311) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1213) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1202) [spring-boot-2.1.6.RELEASE.jar:2.1.6.RELEASE]
at com.gpmall.user.bootstrap.UserProviderApplication.main(UserProviderApplication.java:14) [classes/:na]

Caused by: java.lang.ClassNotFoundException: org.apache.dubbo.config.spring.util.BeanRegistrar
at java.net.URLClassLoader.findClass(URLClassLoader.java:382) ~[na:1.8.0_291]
at java.lang.ClassLoader.loadClass(ClassLoader.java:418) ~[na:1.8.0_291]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:355) ~[na:1.8.0_291]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351) ~[na:1.8.0_291]
... 10 common frames omitted

Process finished with exit code 1

token认证存在bug

user-service,user-provider项目中com.gpmall.user.utils.JwtTokenUtils#freeJwt,这个方法中:

//获得token的头部,载荷和签名,只对比头部和载荷
String[] headPayload = token.split("\\.");
 //获得jwt解密后头部
String header = decodedJWT.getHeader();
//获得jwt解密后载荷
String payload = decodedJWT.getPayload();
if (!header.equals(headPayload[0]) && !payload.equals(headPayload[1])) {
throw new ValidateException(SysRetCodeConstants.TOKEN_VALID_FAILED.getCode(), SysRetCodeConstants.TOKEN_VALID_FAILED.getMessage());
        }

其中header和payload都是解密之后的,而headPayload是解密之前的,这里是否存在逻辑错误,希望大家帮忙看看

项目架构

gpmall项目现在是微服务架构还是SOA架构

事务咋都没解决啊

为啥在service 还try,try你就try吧,你catch还不throw,你是要闹哪样啊,咋想的,坑死我了

添加一个物流查询功能

支持登录的用户通过运单号实施查询物流信息,前期可以使用快递100的Api或直接访问快递100的查询运单接口

针对优惠券设计的一些建议

针对优惠券的设计补充一些建议

  • 优惠券的主表中增加针对优惠券条款,图片,除了优惠券总数外的最大领取数、已经领取数,使用分类限制、优惠券来源。另外,关于是否可用的字段来标识范围太局限,优惠券应该会涉及到上下架、删除、过期等状态。

  • 优惠券应该需要增加用户优惠券的设计纬度。以此针对来用户自己的优惠券使用情况及使用期限。

以上仅供参考

Security Vulnerability - Action Required: XXE vulnerability in the newest version of the gpmall

I think the your project may be vulnerable to Improper Restriction of XML External Entity Reference. It shares similarities to a recent CVE disclosure CVE-2021-3878 in the stanfordnlp/CoreNLP. The vulnerable methods are as follows:

  1. com.gpmall.pay.biz.payment.channel.wechatpay.WeChatBuildRequest.doXMLParse(String xml) in the file pay-service/pay-provider/src/main/java/com/gpmall/pay/biz/payment/channel/wechatpay/WeChatBuildRequest.java.

The source vulnerability information is as follows:

Vulnerability Detail:
CVE Identifier: CVE-2021-3878
Description: corenlp is vulnerable to Improper Restriction of XML External Entity Reference
Reference:https://nvd.nist.gov/vuln/detail/CVE-2021-3878.
Patch: stanfordnlp/CoreNLP@e5bbe13.

Vulnerability Description:
This vulnerability occurs because of the Improper Restriction of XML External Entity Reference. Given that the XML schema files which is compromised by a hacker, the victim conducts regular process may result in an XML External Entity (XXE) Injection attack.

Recommended Actions:
The corresponding fixes are similar to CVE-2021-3878 to some extent. I have provided the following fixes by applying several patching statements, ensuring that the external entities and DTDs are not loaded when parsing and processing XML documents using the document builder. You can call the function safeDocumentBuilderFactory I defined below instead of directly calling DocumentBuilderFactory.newInstance() to create a DocumentBuilderFactory object to avoid XXE attacks.

  public static DocumentBuilderFactory safeDocumentBuilderFactory() {
    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    try {
      dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
      dbf.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
      dbf.setFeature("http://xml.org/sax/features/external-general-entities", false);
      dbf.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
      dbf.setFeature("http://apache.org/xml/features/dom/create-entity-ref-nodes", false);
      dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
    } catch (ParserConfigurationException e) {
      log.warn(e);
    }
    return dbf;
  }

Considering the potential riskes it may have, I am willing to cooperate with your to verify, address, and report the identified vulnerability promptly through responsible means. If you require any further information or assistance, please do not hesitate to reach out to me.
Thank you and looking forward to hearing from you soon.

发起拼单的可能

比如双11凑单发起,基于家和上班的地点经纬度算法 发起拼单 省快递费? 其实类似美团外卖的拼单 不过需要计算库存.和打折优惠券之后的 没人付多少钱

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.