修复了一些已知问题

2022-01-07 19:06:58 +08:00 · 2022-01-07 19:06:58 +08:00 · 6bb648c6e8
commit 6bb648c6e8
parent 862ab8c80a f9f3f4b777
12 changed files with 361 additions and 112 deletions
--- a/pom.xml
+++ b/pom.xml
@ -163,7 +163,7 @@
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-to-slf4j</artifactId>
-            <version>2.17.0</version>
+            <version>2.17.1</version>
            <exclusions>
                <exclusion>
                    <groupId>org.apache.logging.log4j</groupId>
@ -174,7 +174,7 @@
        <dependency>
            <groupId>org.apache.logging.log4j</groupId>
            <artifactId>log4j-api</artifactId>
-            <version>2.17.0</version>
+            <version>2.17.1</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
@ -294,6 +294,7 @@
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>2.3.5.RELEASE</version>
            </plugin>
        </plugins>
        <finalName>forest</finalName>
--- a/src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java
+++ b/src/main/java/com/rymcu/forest/core/service/security/AuthorshipAspect.java
@ -0,0 +1,178 @@
 package com.rymcu.forest.core.service.security;
 import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor;
 import com.rymcu.forest.dto.TokenUser;
 import com.rymcu.forest.entity.Article;
 import com.rymcu.forest.entity.Portfolio;
 import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.jwt.def.JwtConstants;
 import com.rymcu.forest.service.ArticleService;
 import com.rymcu.forest.service.PortfolioService;
 import com.rymcu.forest.util.UserUtils;
 import com.rymcu.forest.web.api.exception.BaseApiException;
 import com.rymcu.forest.web.api.exception.ErrorCode;
 import org.apache.commons.lang.StringUtils;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.annotation.Aspect;
 import org.aspectj.lang.annotation.Before;
 import org.aspectj.lang.annotation.Pointcut;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.servlet.HandlerMapping;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
 import java.lang.reflect.Method;
 import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 /**
 * 检查用户修改信息权限
 *
 * @author ronger
 */
@Aspect
@Component
 public class AuthorshipAspect {
    Logger logger = LoggerFactory.getLogger(AuthorshipAspect.class);
    @Pointcut("@annotation(com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor)")
    public void authorshipPointCut() {
    }
    @Resource
    private ArticleService articleService;
    @Resource
    private PortfolioService portfolioService;
    /**
     * 检查用户修改信息权限
     *
     * @param joinPoint 连接点
     * @return 方法执行结果
     * @throws Throwable 调用出错
     */
    @Before(value = "authorshipPointCut()")
    public void doBefore(JoinPoint joinPoint) throws BaseApiException {
        logger.info("检查作者身份 start ...");
        String methodName = joinPoint.getSignature().getName();
        Method method = currentMethod(joinPoint, methodName);
        AuthorshipInterceptor log = method.getAnnotation(AuthorshipInterceptor.class);
        if (Objects.nonNull(log)) {
            boolean isArticle = true;
            if (Module.PORTFOLIO.equals(log.moduleName())) {
                isArticle = false;
            }
            HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
            String idArticle = "";
            Integer idAuthor = 0;
            if (isAjax(request)) {
                Object[] objects = joinPoint.getArgs();
                JSONObject jsonObject = JSONObject.parseObject(JSON.toJSONString(objects[0]));
                if (Objects.nonNull(jsonObject)) {
                    if (isArticle) {
                        idArticle = jsonObject.getString("idArticle");
                        Article article = articleService.findById(idArticle);
                        if (Objects.nonNull(article)) {
                            idAuthor = article.getArticleAuthorId();
                        }
                    } else {
                        idArticle = jsonObject.getString("idPortfolio");
                        Portfolio portfolio = portfolioService.findById(idArticle);
                        if (Objects.nonNull(portfolio)) {
                            idAuthor = portfolio.getPortfolioAuthorId();
                        }
                    }
                }
            } else {
                Map params = getParams(request);
                if (params.isEmpty()) {
                    params = (Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
                } else {
                    params.putAll((Map) request.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE));
                }
                if (isArticle) {
                    idArticle = (String) params.get("idArticle");
                    Article article = articleService.findById(idArticle);
                    if (Objects.nonNull(article)) {
                        idAuthor = article.getArticleAuthorId();
                    }
                } else {
                    idArticle = (String) params.get("idPortfolio");
                    Portfolio portfolio = portfolioService.findById(idArticle);
                    if (Objects.nonNull(portfolio)) {
                        idAuthor = portfolio.getPortfolioAuthorId();
                    }
                }
            }
            if (idAuthor > 0) {
                String authHeader = request.getHeader(JwtConstants.AUTHORIZATION);
                if (StringUtils.isNotBlank(authHeader)) {
                    TokenUser tokenUser = UserUtils.getTokenUser(authHeader);
                    if (Objects.nonNull(tokenUser)) {
                        if (!idAuthor.equals(tokenUser.getIdUser())) {
                            throw new BaseApiException(ErrorCode.ACCESS_DENIED);
                        }
                    } else {
                        throw new BaseApiException(ErrorCode.ACCESS_DENIED);
                    }
                }
            } else {
                throw new BaseApiException(ErrorCode.ACCESS_DENIED);
            }
        }
        logger.info("检查作者身份 end ...");
    }
    /**
     * 获取当前执行的方法
     *
     * @param joinPoint  连接点
     * @param methodName 方法名称
     * @return 方法
     */
    private Method currentMethod(JoinPoint joinPoint, String methodName) {
        /**
         * 获取目标类的所有方法，找到当前要执行的方法
         */
        Method[] methods = joinPoint.getTarget().getClass().getMethods();
        Method resultMethod = null;
        for (Method method : methods) {
            if (method.getName().equals(methodName)) {
                resultMethod = method;
                break;
            }
        }
        return resultMethod;
    }
    private Map<String, String> getParams(HttpServletRequest request) {
        Map<String, String> paramsMap = new HashMap<>(10);
        Enumeration<String> paraNames = request.getParameterNames();
        while (paraNames.hasMoreElements()) {
            String key = paraNames.nextElement();
            if ("password".equals(key)) {
                continue;
            }
            paramsMap.put(key, request.getParameter(key));
        }
        return paramsMap;
    }
    private boolean isAjax(HttpServletRequest request) {
        String requestedWith = request.getHeader("x-requested-with");
        if (requestedWith != null && "XMLHttpRequest".equalsIgnoreCase(requestedWith)) {
            return true;
        }
        String contentType = request.getContentType();
        return StringUtils.isNotBlank(contentType) && contentType.contains("application/json");
    }
 }
--- a/src/main/java/com/rymcu/forest/core/service/security/annotation/AuthorshipInterceptor.java
+++ b/src/main/java/com/rymcu/forest/core/service/security/annotation/AuthorshipInterceptor.java
@ -0,0 +1,21 @@
 package com.rymcu.forest.core.service.security.annotation;
 import com.rymcu.forest.enumerate.Module;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 /**
 * Created on 2022/1/5 19:46.
 *
 * @author ronger
 * @email ronger-x@outlook.com
 */
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
 public @interface AuthorshipInterceptor {
    Module moduleName();
 }
--- a/src/main/java/com/rymcu/forest/enumerate/Module.java
+++ b/src/main/java/com/rymcu/forest/enumerate/Module.java
@ -0,0 +1,12 @@
 package com.rymcu.forest.enumerate;
 /**
 * Created on 2022/1/5 20:05.
 *
 * @author ronger
 * @email ronger-x@outlook.com
 */
 public enum Module {
    ARTICLE,
    PORTFOLIO;
 }
--- a/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java
+++ b/src/main/java/com/rymcu/forest/jwt/aop/RestAuthTokenInterceptor.java
@ -68,8 +68,8 @@ public class RestAuthTokenInterceptor implements HandlerInterceptor {
 			request.setAttribute(JwtConstants.CURRENT_USER_NAME, model.getUsername());
 			String uri = request.getRequestURI();
 			// 判断是否为后台接口或财政划转接口
-			String adminApi = "/admin";
+			String adminApi = "/admin/";
-			String transactionApi = "/transaction";
+			String transactionApi = "/transaction/";
 			if (uri.contains(adminApi) || uri.contains(transactionApi)) {
 				// 判断管理员权限
 				boolean hasPermission = userMapper.hasAdminPermission(model.getUsername());
--- a/src/main/java/com/rymcu/forest/lucene/util/UserIndexUtil.java
+++ b/src/main/java/com/rymcu/forest/lucene/util/UserIndexUtil.java
@ -3,6 +3,7 @@ package com.rymcu.forest.lucene.util;
 import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.util.StrUtil;
 import com.rymcu.forest.lucene.model.UserLucene;
 import org.apache.commons.lang.StringUtils;
 import org.apache.lucene.document.Document;
 import org.apache.lucene.document.Field;
 import org.apache.lucene.document.StringField;
@ -21,67 +22,76 @@ import java.util.Arrays;
 */
 public class UserIndexUtil {
-  /** lucene索引保存目录 */
+    /**
-  private static final String PATH = System.getProperty("user.dir") + StrUtil.SLASH + LucenePath.USER_PATH;
+     * lucene索引保存目录
     */
    private static final String PATH = System.getProperty("user.dir") + StrUtil.SLASH + LucenePath.USER_PATH;
-  /** 系统运行时索引保存目录 */
+    /**
-  private static final String INDEX_PATH = LucenePath.USER_INCREMENT_INDEX_PATH;
+     * 系统运行时索引保存目录
     */
    private static final String INDEX_PATH = LucenePath.USER_INCREMENT_INDEX_PATH;
-  /** 删除所有运行中保存的索引 */
+    /**
-  public static void deleteAllIndex() {
+     * 删除所有运行中保存的索引
-    if (FileUtil.exist(INDEX_PATH)) {
+     */
-      FileUtil.del(INDEX_PATH);
+    public static void deleteAllIndex() {
        if (FileUtil.exist(INDEX_PATH)) {
            FileUtil.del(INDEX_PATH);
        }
    }
  }
-  public static void addIndex(UserLucene t) {
+    public static void addIndex(UserLucene t) {
-    creatIndex(t);
+        creatIndex(t);
  }
  public static void updateIndex(UserLucene t) {
    deleteIndex(t.getIdUser().toString());
    creatIndex(t);
  }
  /**
   * 增加或创建单个索引
   *
   * @param t
   * @throws Exception
   */
  private static synchronized void creatIndex(UserLucene t) {
    System.out.println("创建单个索引");
    IndexWriter writer;
    try {
      writer = IndexUtil.getIndexWriter(INDEX_PATH, false);
      Document doc = new Document();
      doc.add(new StringField("id", t.getIdUser() + "", Field.Store.YES));
      doc.add(new TextField("nickname", t.getNickname(), Field.Store.YES));
      doc.add(new TextField("signature", t.getSignature(), Field.Store.YES));
      writer.addDocument(doc);
      writer.close();
    } catch (IOException e) {
      e.printStackTrace();
    }
  }
-  /** 删除单个索引 */
+    public static void updateIndex(UserLucene t) {
-  public static synchronized void deleteIndex(String id) {
+        deleteIndex(t.getIdUser().toString());
-    Arrays.stream(FileUtil.ls(PATH))
+        creatIndex(t);
-        .forEach(
+    }
-            each -> {
+
-              if (each.isDirectory()) {
+    /**
-                IndexWriter writer;
+     * 增加或创建单个索引
-                try {
+     *
-                  writer = IndexUtil.getIndexWriter(each.getAbsolutePath(), false);
+     * @param t
-                  writer.deleteDocuments(new Term("id", id));
+     * @throws Exception
-                  writer.forceMergeDeletes(); // 强制删除
+     */
-                  writer.commit();
+    private static synchronized void creatIndex(UserLucene t) {
-                  writer.close();
+        System.out.println("创建单个索引");
-                } catch (IOException e) {
+        IndexWriter writer;
-                  e.printStackTrace();
+        try {
-                }
+            writer = IndexUtil.getIndexWriter(INDEX_PATH, false);
-              }
+            Document doc = new Document();
-            });
+            doc.add(new StringField("id", t.getIdUser() + "", Field.Store.YES));
-  }
+            doc.add(new TextField("nickname", t.getNickname(), Field.Store.YES));
            // 新注册用户无签名
            doc.add(new TextField("signature", StringUtils.isNotBlank(t.getSignature()) ? t.getSignature() : "", Field.Store.YES));
            writer.addDocument(doc);
            writer.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
    /**
     * 删除单个索引
     */
    public static synchronized void deleteIndex(String id) {
        Arrays.stream(FileUtil.ls(PATH))
                .forEach(
                        each -> {
                            if (each.isDirectory()) {
                                IndexWriter writer;
                                try {
                                    writer = IndexUtil.getIndexWriter(each.getAbsolutePath(), false);
                                    writer.deleteDocuments(new Term("id", id));
                                    writer.forceMergeDeletes(); // 强制删除
                                    writer.commit();
                                    writer.close();
                                } catch (IOException e) {
                                    e.printStackTrace();
                                }
                            }
                        });
    }
 }
--- a/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java
+++ b/src/main/java/com/rymcu/forest/service/impl/ArticleServiceImpl.java
@ -1,7 +1,6 @@
 package com.rymcu.forest.service.impl;
 import com.rymcu.forest.core.constant.NotificationConstant;
 import com.rymcu.forest.core.constant.ProjectConstant;
 import com.rymcu.forest.core.service.AbstractService;
 import com.rymcu.forest.dto.*;
 import com.rymcu.forest.entity.Article;
@ -13,7 +12,10 @@ import com.rymcu.forest.mapper.ArticleMapper;
 import com.rymcu.forest.service.ArticleService;
 import com.rymcu.forest.service.TagService;
 import com.rymcu.forest.service.UserService;
-import com.rymcu.forest.util.*;
+import com.rymcu.forest.util.Html2TextUtil;
 import com.rymcu.forest.util.NotificationUtils;
 import com.rymcu.forest.util.UserUtils;
 import com.rymcu.forest.util.Utils;
 import com.rymcu.forest.web.api.exception.BaseApiException;
 import com.rymcu.forest.web.api.exception.ErrorCode;
 import lombok.extern.slf4j.Slf4j;
@ -143,10 +145,6 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
            if (DEFAULT_STATUS.equals(newArticle.getArticleStatus())) {
                isUpdate = true;
            }
            if (!user.getIdUser().equals(newArticle.getArticleAuthorId())) {
                map.put("message", "非法访问！");
                return map;
            }
            newArticle.setArticleTitle(articleTitle);
            newArticle.setArticleTags(articleTags);
            newArticle.setArticleStatus(article.getArticleStatus());
@ -237,19 +235,6 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
    @Transactional(rollbackFor = Exception.class)
    public Map delete(Integer id) throws BaseApiException {
        Map<String, String> map = new HashMap(1);
        // 鉴权
        User user = UserUtils.getCurrentUserByToken();
        if (Objects.isNull(user)) {
            throw new BaseApiException(ErrorCode.INVALID_TOKEN);
        }
        Integer roleWeights = userService.findRoleWeightsByUser(user.getIdUser());
        if (roleWeights > ADMIN_ROLE_WEIGHTS) {
            Article article = articleMapper.selectByPrimaryKey(id);
            if (!user.getIdUser().equals(article.getArticleAuthorId())) {
                map.put("message", "非法访问！");
                return map;
            }
        }
        int result;
        // 判断是否有评论
        boolean isHavComment = articleMapper.existsCommentWithPrimaryKey(id);
@ -293,7 +278,7 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
            throw new BaseApiException(ErrorCode.INVALID_TOKEN);
        }
        StringBuilder shareUrl = new StringBuilder(article.getArticlePermalink());
-        shareUrl.append("?s=").append(user.getNickname());
+        shareUrl.append("?s=").append(user.getAccount());
        Map map = new HashMap(1);
        map.put("shareUrl", shareUrl);
        return map;
--- a/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/admin/AdminArticleController.java
@ -0,0 +1,33 @@
 package com.rymcu.forest.web.api.admin;
 import com.rymcu.forest.core.result.GlobalResult;
 import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.entity.Article;
 import com.rymcu.forest.service.ArticleService;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import javax.annotation.Resource;
 import java.util.Map;
 /**
 * Created on 2022/1/3 10:11.
 *
 * @author ronger
 * @email ronger-x@outlook.com
 */
@RestController
@RequestMapping("/api/v1/admin/article")
 public class AdminArticleController {
    @Resource
    private ArticleService articleService;
    @PatchMapping("/update-perfect")
    public GlobalResult updatePerfect(@RequestBody Article article) {
        Map map = articleService.updatePerfect(article.getIdArticle(), article.getArticlePerfect());
        return GlobalResultGenerator.genSuccessResult(map);
    }
 }
--- a/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
+++ b/src/main/java/com/rymcu/forest/web/api/article/ArticleController.java
@ -4,11 +4,13 @@ import com.github.pagehelper.PageHelper;
 import com.github.pagehelper.PageInfo;
 import com.rymcu.forest.core.result.GlobalResult;
 import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor;
 import com.rymcu.forest.dto.ArticleDTO;
 import com.rymcu.forest.dto.CommentDTO;
 import com.rymcu.forest.entity.Article;
 import com.rymcu.forest.entity.ArticleThumbsUp;
 import com.rymcu.forest.entity.Sponsor;
 import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.service.ArticleService;
 import com.rymcu.forest.service.ArticleThumbsUpService;
 import com.rymcu.forest.service.CommentService;
@ -40,9 +42,9 @@ public class ArticleController {
    @Resource
    private SponsorService sponsorService;
-    @GetMapping("/detail/{id}")
+    @GetMapping("/detail/{idArticle}")
-    public GlobalResult<Map<String, Object>> detail(@PathVariable Integer id, @RequestParam(defaultValue = "2") Integer type) {
+    public GlobalResult<Map<String, Object>> detail(@PathVariable Integer idArticle, @RequestParam(defaultValue = "2") Integer type) {
-        ArticleDTO articleDTO = articleService.findArticleDTOById(id, type);
+        ArticleDTO articleDTO = articleService.findArticleDTOById(idArticle, type);
        Map map = new HashMap<>(1);
        map.put("article", articleDTO);
        return GlobalResultGenerator.genSuccessResult(map);
@ -55,20 +57,22 @@ public class ArticleController {
    }
    @PutMapping("/post")
    @AuthorshipInterceptor(moduleName = Module.ARTICLE)
    public GlobalResult updateArticle(@RequestBody ArticleDTO article, HttpServletRequest request) throws BaseApiException, UnsupportedEncodingException {
        Map map = articleService.postArticle(article, request);
        return GlobalResultGenerator.genSuccessResult(map);
    }
-    @DeleteMapping("/delete/{id}")
+    @DeleteMapping("/delete/{idArticle}")
-    public GlobalResult delete(@PathVariable Integer id) throws BaseApiException {
+    @AuthorshipInterceptor(moduleName = Module.ARTICLE)
-        Map map = articleService.delete(id);
+    public GlobalResult delete(@PathVariable Integer idArticle) throws BaseApiException {
        Map map = articleService.delete(idArticle);
        return GlobalResultGenerator.genSuccessResult(map);
    }
-    @GetMapping("/{id}/comments")
+    @GetMapping("/{idArticle}/comments")
-    public GlobalResult<Map<String, Object>> commons(@PathVariable Integer id) {
+    public GlobalResult<Map<String, Object>> commons(@PathVariable Integer idArticle) {
-        List<CommentDTO> commentDTOList = commentService.getArticleComments(id);
+        List<CommentDTO> commentDTOList = commentService.getArticleComments(idArticle);
        Map map = new HashMap<>(1);
        map.put("comments", commentDTOList);
        return GlobalResultGenerator.genSuccessResult(map);
@ -83,21 +87,16 @@ public class ArticleController {
        return GlobalResultGenerator.genSuccessResult(map);
    }
-    @GetMapping("/{id}/share")
+    @GetMapping("/{idArticle}/share")
-    public GlobalResult share(@PathVariable Integer id) throws BaseApiException {
+    public GlobalResult share(@PathVariable Integer idArticle) throws BaseApiException {
-        Map map = articleService.share(id);
+        Map map = articleService.share(idArticle);
        return GlobalResultGenerator.genSuccessResult(map);
    }
-    @PostMapping("/{id}/update-tags")
+    @PostMapping("/update-tags")
-    public GlobalResult updateTags(@PathVariable Integer id, @RequestBody Article article) throws BaseApiException, UnsupportedEncodingException {
+    @AuthorshipInterceptor(moduleName = Module.ARTICLE)
-        Map map = articleService.updateTags(id, article.getArticleTags());
+    public GlobalResult updateTags(@RequestBody Article article) throws BaseApiException, UnsupportedEncodingException {
-        return GlobalResultGenerator.genSuccessResult(map);
+        Map map = articleService.updateTags(article.getIdArticle(), article.getArticleTags());
    }
    @PatchMapping("/update-perfect")
    public GlobalResult updatePerfect(@RequestBody Article article) {
        Map map = articleService.updatePerfect(article.getIdArticle(), article.getArticlePerfect());
        return GlobalResultGenerator.genSuccessResult(map);
    }
--- a/src/main/java/com/rymcu/forest/web/api/common/CommonApiController.java
+++ b/src/main/java/com/rymcu/forest/web/api/common/CommonApiController.java
@ -7,9 +7,11 @@ import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.core.result.GlobalResultMessage;
 import com.rymcu.forest.core.service.log.annotation.VisitLogger;
 import com.rymcu.forest.dto.*;
 import com.rymcu.forest.entity.Portfolio;
 import com.rymcu.forest.entity.User;
-import com.rymcu.forest.service.*;
+import com.rymcu.forest.service.ArticleService;
 import com.rymcu.forest.service.JavaMailService;
 import com.rymcu.forest.service.PortfolioService;
 import com.rymcu.forest.service.UserService;
 import com.rymcu.forest.util.UserUtils;
 import com.rymcu.forest.util.Utils;
 import org.springframework.web.bind.annotation.*;
--- a/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
+++ b/src/main/java/com/rymcu/forest/web/api/portfolio/PortfolioController.java
@ -2,9 +2,11 @@ package com.rymcu.forest.web.api.portfolio;
 import com.rymcu.forest.core.result.GlobalResult;
 import com.rymcu.forest.core.result.GlobalResultGenerator;
 import com.rymcu.forest.core.service.security.annotation.AuthorshipInterceptor;
 import com.rymcu.forest.dto.PortfolioArticleDTO;
 import com.rymcu.forest.dto.PortfolioDTO;
 import com.rymcu.forest.entity.Portfolio;
 import com.rymcu.forest.enumerate.Module;
 import com.rymcu.forest.service.PortfolioService;
 import com.rymcu.forest.web.api.exception.BaseApiException;
 import org.springframework.web.bind.annotation.*;
@ -23,9 +25,9 @@ public class PortfolioController {
    @Resource
    private PortfolioService portfolioService;
-    @GetMapping("/detail/{id}")
+    @GetMapping("/detail/{idPortfolio}")
-    public GlobalResult detail(@PathVariable Integer id,@RequestParam(defaultValue = "0") Integer type) {
+    public GlobalResult detail(@PathVariable Integer idPortfolio,@RequestParam(defaultValue = "0") Integer type) {
-        PortfolioDTO portfolio = portfolioService.findPortfolioDTOById(id, type);
+        PortfolioDTO portfolio = portfolioService.findPortfolioDTOById(idPortfolio, type);
        Map map = new HashMap<>(1);
        map.put("portfolio", portfolio);
        return GlobalResultGenerator.genSuccessResult(map);
@ -38,36 +40,42 @@ public class PortfolioController {
    }
    @PutMapping("/post")
    @AuthorshipInterceptor(moduleName = Module.PORTFOLIO)
    public GlobalResult update(@RequestBody Portfolio portfolio) throws BaseApiException {
        portfolio = portfolioService.postPortfolio(portfolio);
        return GlobalResultGenerator.genSuccessResult(portfolio);
    }
-    @GetMapping("/{id}/unbind-articles")
+    @GetMapping("/{idPortfolio}/unbind-articles")
-    public GlobalResult unbindArticles(@RequestParam(defaultValue = "0") Integer page, @RequestParam(defaultValue = "10") Integer rows, @RequestParam(defaultValue = "") String searchText,@PathVariable Integer id) throws BaseApiException {
+    @AuthorshipInterceptor(moduleName = Module.PORTFOLIO)
-        Map map = portfolioService.findUnbindArticles(page, rows, searchText, id);
+    public GlobalResult unbindArticles(@RequestParam(defaultValue = "0") Integer page, @RequestParam(defaultValue = "10") Integer rows, @RequestParam(defaultValue = "") String searchText,@PathVariable Integer idPortfolio) throws BaseApiException {
        Map map = portfolioService.findUnbindArticles(page, rows, searchText, idPortfolio);
        return GlobalResultGenerator.genSuccessResult(map);
    }
    @PostMapping("/bind-article")
    @AuthorshipInterceptor(moduleName = Module.PORTFOLIO)
    public GlobalResult bindArticle(@RequestBody PortfolioArticleDTO portfolioArticle) {
        Map map = portfolioService.bindArticle(portfolioArticle);
        return GlobalResultGenerator.genSuccessResult(map);
    }
    @PutMapping("/update-article-sort-no")
    @AuthorshipInterceptor(moduleName = Module.PORTFOLIO)
    public GlobalResult updateArticleSortNo(@RequestBody PortfolioArticleDTO portfolioArticle) {
        Map map = portfolioService.updateArticleSortNo(portfolioArticle);
        return GlobalResultGenerator.genSuccessResult(map);
    }
    @DeleteMapping("/unbind-article")
    @AuthorshipInterceptor(moduleName = Module.PORTFOLIO)
    public GlobalResult unbindArticle(Integer idArticle,Integer idPortfolio) {
        Map map = portfolioService.unbindArticle(idPortfolio,idArticle);
        return GlobalResultGenerator.genSuccessResult(map);
    }
    @DeleteMapping("/delete")
    @AuthorshipInterceptor(moduleName = Module.PORTFOLIO)
    public GlobalResult delete(Integer idPortfolio) throws BaseApiException {
        Map map = portfolioService.deletePortfolio(idPortfolio);
        return GlobalResultGenerator.genSuccessResult(map);
--- a/src/main/java/mapper/TransactionRecordMapper.xml
+++ b/src/main/java/mapper/TransactionRecordMapper.xml
@ -17,8 +17,8 @@
    </update>
    <select id="selectTransactionRecords" resultMap="DTOResultMap">
        select * from forest_transaction_record ftr
-        where form_bank_account = #{bankAccount} or to_bank_account = #{bankAccount}
+        where (form_bank_account = #{bankAccount} or to_bank_account = #{bankAccount})
-        and transaction_time between str_to_date(#{startDate}, '%Y-%m-%d') and str_to_date(#{endDate}, '%Y-%m-%d') + 1
+        and transaction_time between str_to_date(#{startDate}, '%Y-%m-%d') and str_to_date(#{endDate}, '%Y-%m-%d') + interval 1 day
        order by transaction_time desc
    </select>
    <select id="existsWithBankAccountAndFunds" resultType="java.lang.Boolean">