Browse Source

开放权限接口放入open包中,open包中的接口不需要进行权限校验

liweifan 3 years ago
parent
commit
fe938e14c0

+ 1 - 1
cooleshow-user/user-admin/src/main/java/com/yonge/cooleshow/admin/config/ResourceServerConfig.java

@@ -26,7 +26,7 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 	public void configure(HttpSecurity http) throws Exception {
 		http.csrf().disable().exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()
 				.authorizeRequests().antMatchers("/task/**").hasIpAddress("0.0.0.0/0")
-				.antMatchers("/v2/api-docs", "/code/*", "/api/*","/payment/callback", "/appVersionInfo/queryByPlatform", "/uploadFile","/userOrder/**").permitAll().anyRequest().authenticated()
+				.antMatchers("/v2/api-docs", "/code/*", "/api/*", "/appVersionInfo/queryByPlatform", "/uploadFile","/open/**").permitAll().anyRequest().authenticated()
 				.and().httpBasic();
 	}
 

+ 6 - 1
cooleshow-user/user-admin/src/main/java/com/yonge/cooleshow/admin/controller/PianoRoomSettingsController.java

@@ -60,6 +60,12 @@ public class PianoRoomSettingsController extends BaseController {
     @PostMapping("/save")
     @ApiOperation(value = "新增", notes = "传入pianoRoomSettings")
     public HttpResponseResult save(@Valid @RequestBody PianoRoomSettings pianoRoomSettings) {
+        SysUser user = sysUserFeignService.queryUserInfo();
+        if (user == null || user.getId() == null) {
+            return failed(HttpStatus.FORBIDDEN, "请登录");
+        }
+        pianoRoomSettings.setCreateBy(user.getId());
+        pianoRoomSettings.setUpdateBy(user.getId());
         return status(pianoRoomSettingsService.save(pianoRoomSettings));
     }
     /**
@@ -104,7 +110,6 @@ public class PianoRoomSettingsController extends BaseController {
         if (StringUtil.isEmpty(ids)) {
             return failed("参数不能为空");
         }
-        List<PianoRoomSettings> list = pianoRoomSettingsService.list(Wrappers.emptyWrapper());
         return status(pianoRoomSettingsService.removeByIds(StringUtil.toLongList(ids)));
     }
 

+ 154 - 0
cooleshow-user/user-admin/src/main/java/com/yonge/cooleshow/admin/open/UserOrderClient.java

@@ -0,0 +1,154 @@
+package com.yonge.cooleshow.admin.open;
+
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.yonge.cooleshow.biz.dal.entity.UserOrderPayment;
+import com.yonge.cooleshow.biz.dal.enums.CacheNameEnum;
+import com.yonge.cooleshow.biz.dal.enums.OrderStatusEnum;
+import com.yonge.cooleshow.biz.dal.service.UserOrderPaymentService;
+import com.yonge.cooleshow.biz.dal.service.UserOrderRefundService;
+import com.yonge.cooleshow.biz.dal.service.UserOrderService;
+import com.yonge.cooleshow.biz.dal.support.DistributedLock;
+import com.yonge.cooleshow.biz.dal.vo.UserOrderVo;
+import com.yonge.cooleshow.common.controller.BaseController;
+import com.yonge.cooleshow.common.entity.HttpResponseResult;
+import com.yonge.toolset.base.exception.BizException;
+import com.yonge.toolset.base.result.BaseResult;
+import com.yonge.toolset.payment.base.enums.MethodNameEnum;
+import com.yonge.toolset.payment.base.enums.OpenEnum;
+import com.yonge.toolset.payment.base.enums.PayChannelEnum;
+import com.yonge.toolset.payment.base.enums.PaymentClientEnum;
+import com.yonge.toolset.payment.base.model.Payment;
+import com.yonge.toolset.payment.base.model.callback.PaymentCallBack;
+import com.yonge.toolset.payment.core.service.PaymentClient;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.redisson.api.RedissonClient;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.concurrent.TimeUnit;
+
+@RestController
+@RequestMapping("/open/userOrder")
+@Api(value = "开放权限接口-订单", hidden = true)
+public class UserOrderClient extends BaseController {
+    private final static Logger log = LoggerFactory.getLogger(UserOrderClient.class);
+
+    @Autowired
+    private UserOrderPaymentService paymentService;
+    @Autowired
+    private UserOrderRefundService userOrderRefundService;
+    @Autowired
+    private UserOrderService userOrderService;
+    @Autowired
+    private PaymentClient paymentClient;
+    @Autowired
+    private RedissonClient redissonClient;
+
+    @ApiOperation(value = "查询付款单")
+    @GetMapping("/queryPayment")
+    public HttpResponseResult<Payment> queryPayment(String paymentNo) {
+        UserOrderPayment userOrderPayment = paymentService.getOne(Wrappers.<UserOrderPayment>lambdaQuery()
+                .eq(UserOrderPayment::getPaymentNo, paymentNo)
+        );
+        if (null == userOrderPayment) {
+            return HttpResponseResult.succeed();
+        }
+        Payment param = new Payment(userOrderPayment.getOpenType(),
+                PaymentClientEnum.valueOf(userOrderPayment.getPaymentClient()), userOrderPayment.getPayChannel());
+        param.setId(userOrderPayment.getTransNo());
+        param.setPaymentNo(userOrderPayment.getPaymentNo());
+        BaseResult<Payment> paymentBaseResult = paymentClient.queryPayment(param);
+        return HttpResponseResult.status(paymentBaseResult);
+    }
+
+    /***
+     * 支付回调
+     * @author liweifan
+     * @param: request
+     * @updateTime 2022/3/11 18:35
+     */
+    @PostMapping("/callback/{openType}/{client}/{payChannel}/{payMethod}")
+    public Object callback(
+            @PathVariable("openType") String openType,
+            @PathVariable("client") String client,
+            @PathVariable("payChannel") String payChannel,
+            @PathVariable("payMethod") String payMethod,
+            HttpServletRequest request
+    ) {
+        log.info("支付回调:openType is {} ,paymentClient is {},payChannel is {},payMethod is {}", openType, client, payChannel, payMethod);
+        BaseResult<PaymentCallBack> res = paymentClient.analysisNotice(
+                OpenEnum.valueOf(openType), PaymentClientEnum.valueOf(client),
+                PayChannelEnum.valueOf(payChannel), MethodNameEnum.valueOf(payMethod), request);
+        if (res.getStatus()) {
+            PaymentCallBack data = res.getData();
+            //查询到订单
+            UserOrderVo userOrderVo = userOrderService.getUserOrderByPaymentNoOrTransNo(data.getPaymentNo(), data.getId());
+            if (null == userOrderVo) {
+                return res.getData().getResMsg();
+            }
+            try {
+                DistributedLock.of(redissonClient)
+                        .runIfLockCanGet(CacheNameEnum.LOCK_EXECUTE_ORDER.getRedisKey(userOrderVo.getUserId())
+                                , () -> {
+                                    if (MethodNameEnum.executePayment.equals(data.getMethodName())) {
+                                        //支付交易
+                                        paymentService.executePaymentCallBack(data);
+                                    } else if (MethodNameEnum.closePayment.equals(data.getMethodName())) {
+                                        //关闭订单
+                                        paymentService.closePaymentCallBack(data);
+                                    } else if (MethodNameEnum.refundPayment.equals(data.getMethodName())) {
+                                        //退款
+                                        userOrderRefundService.refundPaymentCallBack(data);
+                                    }
+                                }, 60L, TimeUnit.SECONDS);
+            } catch (BizException e) {
+                log.error("回调业务异常,msg is {}", e.getMessage());
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        return res.getData().getResMsg();
+    }
+
+
+    /***
+     * 支付回调
+     * @author liweifan
+     * @param: request
+     * @updateTime 2022/3/11 18:35
+     */
+    @PostMapping("/testCallback")
+    public void testCallback(@RequestBody PaymentCallBack data) {
+        if (MethodNameEnum.executePayment.equals(data.getMethodName())) {
+            //支付交易
+            paymentService.executePaymentCallBack(data);
+        } else if (MethodNameEnum.closePayment.equals(data.getMethodName())) {
+            //关闭订单
+            paymentService.closePaymentCallBack(data);
+        } else if (MethodNameEnum.refundPayment.equals(data.getMethodName())) {
+            //退款
+            userOrderRefundService.refundPaymentCallBack(data);
+        }
+    }
+
+
+    @GetMapping("/setSuccessStatus")
+    @ApiOperation(value = "完成所有订单(测试用)")
+    public HttpResponseResult<Boolean> setSuccessStatus() {
+        userOrderService.setSuccessStatus();
+        return succeed(true);
+    }
+
+    @GetMapping("/setOrderStatus")
+    @ApiOperation(value = "设置订单状态(测试用)")
+    public HttpResponseResult<Boolean> setOrderStatus(
+            @RequestParam("orderNo") String orderNo,
+            @RequestParam("orderStatus") OrderStatusEnum orderStatus) {
+        userOrderService.setOrderStatus(orderNo, orderStatus);
+        return succeed(true);
+    }
+}

+ 1 - 1
cooleshow-user/user-student/src/main/java/com/yonge/cooleshow/student/config/ResourceServerConfig.java

@@ -28,7 +28,7 @@ public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
                 .authorizeRequests()
                 .antMatchers("/task/**")
                 .hasIpAddress("0.0.0.0/0")
-                .antMatchers("/wechat/*", "/v2/api-docs", "/code/*","/open/**", "/payment/callback", "/userOrder/setSuccessStatus")
+                .antMatchers("/wechat/*", "/v2/api-docs", "/code/*","/open/**")
                 .permitAll().anyRequest().authenticated().and().httpBasic();
     }
 

+ 0 - 14
cooleshow-user/user-student/src/main/java/com/yonge/cooleshow/student/controller/UserOrderController.java

@@ -239,19 +239,5 @@ public class UserOrderController extends BaseController {
         return succeed(detail);
     }
 
-    @GetMapping("/setSuccessStatus")
-    @ApiOperation(value = "完成所有订单(测试用)")
-    public HttpResponseResult<Boolean> setSuccessStatus() {
-        userOrderService.setSuccessStatus();
-        return succeed(true);
-    }
 
-    @GetMapping("/setOrderStatus")
-    @ApiOperation(value = "设置订单状态(测试用)")
-    public HttpResponseResult<Boolean> setOrderStatus(
-            @RequestParam("orderNo") String orderNo,
-            @RequestParam("orderStatus") OrderStatusEnum orderStatus) {
-        userOrderService.setOrderStatus(orderNo, orderStatus);
-        return succeed(true);
-    }
 }

+ 23 - 23
cooleshow-user/user-teacher/src/main/java/com/yonge/cooleshow/teacher/config/ResourceServerConfig.java

@@ -16,30 +16,30 @@ import com.yonge.cooleshow.common.security.BaseAuthenticationEntryPoint;
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
-	@Autowired
-	private BaseAccessDeniedHandler baseAccessDeniedHandler;
-
-	@Autowired
-	private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;
-
-	@Override
-	public void configure(HttpSecurity http) throws Exception {
-		http.csrf()
-				.disable()
-				.exceptionHandling()
-				.accessDeniedHandler(baseAccessDeniedHandler)
-				.authenticationEntryPoint(baseAuthenticationEntryPoint)
-				.and()
-				.authorizeRequests()
-				.antMatchers("/task/**").hasIpAddress("0.0.0.0/0")
-				.antMatchers("/v2/api-docs", "/code/*","/payment/callback",
-                        "/liveRoom/test","/liveRoom/syncUserStatus","/courseGroup/getLockCache","/userWithdrawal/callback","/userWithdrawal/contractCallback")
+    @Autowired
+    private BaseAccessDeniedHandler baseAccessDeniedHandler;
+
+    @Autowired
+    private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception {
+        http.csrf()
+                .disable()
+                .exceptionHandling()
+                .accessDeniedHandler(baseAccessDeniedHandler)
+                .authenticationEntryPoint(baseAuthenticationEntryPoint)
+                .and()
+                .authorizeRequests()
+                .antMatchers("/task/*").hasIpAddress("0.0.0.0/0")
+                .antMatchers("/v2/api-docs", "/code/*",
+                        "/liveRoom/test", "/liveRoom/syncUserStatus", "/courseGroup/getLockCache", "/open/**")
                 .permitAll().anyRequest().authenticated().and().httpBasic();
-	}
+    }
 
-	@Override
-	public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
-		resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
-	}
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
+        resources.authenticationEntryPoint(baseAuthenticationEntryPoint).accessDeniedHandler(baseAccessDeniedHandler);
+    }
 
 }

+ 0 - 38
cooleshow-user/user-teacher/src/main/java/com/yonge/cooleshow/teacher/controller/PianoRoomBuyRecordController.java

@@ -44,43 +44,5 @@ public class PianoRoomBuyRecordController extends BaseController {
 		IPage<PianoRoomBuyRecordVo> pages = pianoRoomBuyRecordService.selectPage(PageUtil.getPage(query), query);
         return succeed(PageUtil.pageInfo(pages));
 	}
-    
-    /**
-	 * 新增
-	 */
-	@PostMapping("/save")
-	@ApiOperation(value = "新增", notes = "传入pianoRoomBuyRecord")
-	public HttpResponseResult save(@Valid @RequestBody PianoRoomBuyRecord pianoRoomBuyRecord) {
-    	return status(pianoRoomBuyRecordService.save(pianoRoomBuyRecord));
-	}
-    
-    /**
-	 * 修改
-	 */
-	@PostMapping("/update")
-	@ApiOperation(value = "修改", notes = "传入pianoRoomBuyRecord")
-	public HttpResponseResult update(@Valid @RequestBody PianoRoomBuyRecord pianoRoomBuyRecord) {
-        return status(pianoRoomBuyRecordService.updateById(pianoRoomBuyRecord));
-	}
-    
-    /**
-	 * 新增或修改
-	 */
-    @PostMapping("/submit")
-    @ApiOperation(value = "新增或修改", notes = "传入pianoRoomBuyRecord")
-	public HttpResponseResult submit(@Valid @RequestBody PianoRoomBuyRecord pianoRoomBuyRecord) {
-        return status(pianoRoomBuyRecordService.saveOrUpdate(pianoRoomBuyRecord));
-    }
 
- 	/**
-	 * 删除
-	 */
-	@PostMapping("/remove")
-	@ApiOperation(value = "逻辑删除", notes = "传入ids")
-	public HttpResponseResult remove(@ApiParam(value = "主键集合", required = true) @RequestParam String ids) {
-        if (StringUtil.isEmpty(ids)) {
-			return failed("参数不能为空");
-		}
-		return status(pianoRoomBuyRecordService.removeByIds(StringUtil.toLongList(ids)));
-	}
 }

+ 0 - 90
cooleshow-user/user-teacher/src/main/java/com/yonge/cooleshow/teacher/controller/UserWithdrawalController.java

@@ -1,13 +1,10 @@
 package com.yonge.cooleshow.teacher.controller;
 
-import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.yonge.cooleshow.auth.api.client.SysUserFeignService;
 import com.yonge.cooleshow.auth.api.entity.SysUser;
 import com.yonge.cooleshow.biz.dal.dto.req.WithdrawalReq;
 import com.yonge.cooleshow.biz.dal.dto.search.TeacherWithdrawalSearch;
-import com.yonge.cooleshow.biz.dal.entity.UserWithdrawalCallback;
-import com.yonge.cooleshow.biz.dal.enums.DealStatusEnum;
 import com.yonge.cooleshow.biz.dal.service.UserWithdrawalService;
 import com.yonge.cooleshow.biz.dal.support.PageUtil;
 import com.yonge.cooleshow.biz.dal.vo.UserWithdrawalVo;
@@ -16,38 +13,28 @@ import com.yonge.cooleshow.common.controller.BaseController;
 import com.yonge.cooleshow.common.entity.HttpResponseResult;
 import com.yonge.toolset.base.exception.BizException;
 import com.yonge.toolset.base.page.PageInfo;
-import com.yonge.toolset.thirdparty.lingxinpay.RSA;
 import com.yonge.toolset.utils.date.DateUtil;
-import com.yonge.toolset.utils.json.JsonUtil;
 import com.yonge.toolset.utils.string.StringUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
-import org.springframework.util.CollectionUtils;
 import org.springframework.web.bind.annotation.*;
 import springfox.documentation.annotations.ApiIgnore;
 
-import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
 import java.time.LocalDate;
 import java.time.LocalDateTime;
 import java.time.LocalTime;
 import java.time.temporal.TemporalAdjusters;
 import java.util.Date;
-import java.util.Map;
 
 @RestController
 @RequestMapping("/userWithdrawal")
 @Api(value = "用户账户提现表", tags = "用户账户提现表")
 public class UserWithdrawalController extends BaseController {
-    private final static Logger log = LoggerFactory.getLogger(UserWithdrawalController.class);
 
     @Autowired
     private UserWithdrawalService userWithdrawalService;
@@ -55,9 +42,6 @@ public class UserWithdrawalController extends BaseController {
     @Autowired
     private SysUserFeignService sysUserFeignService;
 
-    @Value("${withdraw.privateKey}")
-    private String privateKey;
-
     @PostMapping("/getWithdrawalInfo")
     @ApiOperation(value = "查询提现页面信息")
     public HttpResponseResult<WithdrawalInfoRes> getWithdrawalInfo() {
@@ -119,78 +103,4 @@ public class UserWithdrawalController extends BaseController {
         IPage<UserWithdrawalVo> pages = userWithdrawalService.selectPage(PageUtil.getPage(query), query);
         return succeed(PageUtil.pageInfo(pages));
     }
-
-    /**
-     * 异步回调接收-提现
-     *
-     * @param content
-     * @param request
-     * @return
-     */
-    @PostMapping("/callback")
-    public String callback(@RequestBody String content, HttpServletRequest request) {
-        log.info("交易回调请求地址:{} 请求参数:{}", request.getRemoteAddr(), content);
-        try {
-            if (StringUtils.isBlank(content)) {
-                throw new Exception();
-            }
-            JSONObject jsonObject = JSONObject.parseObject(content);
-            String jsonStr = RSA.decryptPri(jsonObject.getString("sign"), privateKey);
-            log.info("jsonStr:{}", jsonStr);
-
-            Map<String, Object> withdrawRecord = JSONObject.parseObject(jsonStr);
-            UserWithdrawalCallback callback = JsonUtil.toJavaObject(withdrawRecord, UserWithdrawalCallback.class);
-
-            userWithdrawalService.callback(callback, jsonStr);
-        } catch (BizException e) {
-            log.error("解密失败e:{}", e.getMessage());
-            return "failed";
-        } catch (Exception e) {
-            log.error("解密失败e:{}", e);
-            return "failed";
-        }
-        return "success";
-    }
-
-    /**
-     * 异步回调接收-签署协议
-     *
-     * @param dataStr
-     * @param request
-     * @return
-     */
-    @PostMapping("/contractCallback")
-    public String contractCallback(@RequestBody String dataStr, HttpServletRequest request) {
-        log.info("回调请求地址:{} 请求参数:{}", request.getRemoteAddr(), dataStr);
-        try {
-            if (StringUtils.isBlank(dataStr)) {
-                throw new Exception();
-            }
-            JSONObject data = JSONObject.parseObject(dataStr);
-            JSONObject content = data.getJSONObject("content");
-
-            String return_code = data.getString("return_code");
-
-            if (CollectionUtils.isEmpty(content) || null == content.getString("serialNo")) {
-                log.error("签署失败,返回合同编号为空 {}", dataStr);
-                return "failed";
-            }
-
-            if ("T".equals(return_code)) {
-                userWithdrawalService.contractCallback(
-                        DealStatusEnum.SCCESS.getCode(), content.getString("serialNo"),
-                        content.getString("contractUrl"), null);
-                return "success";
-            } else {
-                String return_message = data.getString("return_message");
-                userWithdrawalService.contractCallback(
-                        DealStatusEnum.FAILED.getCode(), content.getString("serialNo"), null, return_message);
-                return "failed";
-            }
-        } catch (Exception e) {
-            log.error("签署失败e:{}", e);
-            return "failed";
-        }
-
-    }
 }

+ 110 - 0
cooleshow-user/user-teacher/src/main/java/com/yonge/cooleshow/teacher/open/UserWithdrawalClient.java

@@ -0,0 +1,110 @@
+package com.yonge.cooleshow.teacher.open;
+
+import com.alibaba.fastjson.JSONObject;
+import com.yonge.cooleshow.biz.dal.entity.UserWithdrawalCallback;
+import com.yonge.cooleshow.biz.dal.enums.DealStatusEnum;
+import com.yonge.cooleshow.biz.dal.service.UserWithdrawalService;
+import com.yonge.cooleshow.common.controller.BaseController;
+import com.yonge.toolset.base.exception.BizException;
+import com.yonge.toolset.thirdparty.lingxinpay.RSA;
+import com.yonge.toolset.utils.json.JsonUtil;
+import io.swagger.annotations.Api;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.util.CollectionUtils;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
+
+@RestController
+@RequestMapping("/open/userWithdrawal")
+@Api(value = "开放权限接口-提现", hidden = true)
+public class UserWithdrawalClient extends BaseController {
+    private final static Logger log = LoggerFactory.getLogger(UserWithdrawalClient.class);
+
+    @Autowired
+    private UserWithdrawalService userWithdrawalService;
+
+    @Value("${withdraw.privateKey}")
+    private String privateKey;
+
+    /**
+     * 异步回调接收-提现
+     *
+     * @param content
+     * @param request
+     * @return
+     */
+    @PostMapping("/callback")
+    public String callback(@RequestBody String content, HttpServletRequest request) {
+        log.info("交易回调请求地址:{} 请求参数:{}", request.getRemoteAddr(), content);
+        try {
+            if (StringUtils.isBlank(content)) {
+                throw new Exception();
+            }
+            JSONObject jsonObject = JSONObject.parseObject(content);
+            String jsonStr = RSA.decryptPri(jsonObject.getString("sign"), privateKey);
+            log.info("jsonStr:{}", jsonStr);
+
+            Map<String, Object> withdrawRecord = JSONObject.parseObject(jsonStr);
+            UserWithdrawalCallback callback = JsonUtil.toJavaObject(withdrawRecord, UserWithdrawalCallback.class);
+
+            userWithdrawalService.callback(callback, jsonStr);
+        } catch (BizException e) {
+            log.error("解密失败e:{}", e.getMessage());
+            return "failed";
+        } catch (Exception e) {
+            log.error("解密失败e:{}", e);
+            return "failed";
+        }
+        return "success";
+    }
+
+    /**
+     * 异步回调接收-签署协议
+     *
+     * @param dataStr
+     * @param request
+     * @return
+     */
+    @PostMapping("/contractCallback")
+    public String contractCallback(@RequestBody String dataStr, HttpServletRequest request) {
+        log.info("回调请求地址:{} 请求参数:{}", request.getRemoteAddr(), dataStr);
+        try {
+            if (StringUtils.isBlank(dataStr)) {
+                throw new Exception();
+            }
+            JSONObject data = JSONObject.parseObject(dataStr);
+            JSONObject content = data.getJSONObject("content");
+
+            String return_code = data.getString("return_code");
+
+            if (CollectionUtils.isEmpty(content) || null == content.getString("serialNo")) {
+                log.error("签署失败,返回合同编号为空 {}", dataStr);
+                return "failed";
+            }
+
+            if ("T".equals(return_code)) {
+                userWithdrawalService.contractCallback(
+                        DealStatusEnum.SCCESS.getCode(), content.getString("serialNo"),
+                        content.getString("contractUrl"), null);
+                return "success";
+            } else {
+                String return_message = data.getString("return_message");
+                userWithdrawalService.contractCallback(
+                        DealStatusEnum.FAILED.getCode(), content.getString("serialNo"), null, return_message);
+                return "failed";
+            }
+        } catch (Exception e) {
+            log.error("签署失败e:{}", e);
+            return "failed";
+        }
+    }
+}