Merge branch 'feature/marketing-integral-log' into hapr191

Keep backend-adminend/src/api/integral.js (integralListApi) after resolve rename/delete vs hapr191 deletion. Made-with: Cursor
2026-04-09 15:12:42 +08:00
parent 129fa20810 f8ba25e7d5
commit 2f6d8106a0
41 changed files with 7190 additions and 182 deletions
--- a/backend/crmeb-admin/src/main/java/com/zbkj/admin/config/WebSecurityConfig.java
+++ b/backend/crmeb-admin/src/main/java/com/zbkj/admin/config/WebSecurityConfig.java
@@ -148,6 +148,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                .antMatchers("/api/admin/store/product/copy/**").permitAll()
                .antMatchers("/api/admin/merchandise/select").permitAll()
                .antMatchers("/api/admin/merchandise/update").permitAll()
+                // 积分模块外部免认证只读接口（供 /integral-external/* 页面调用）
+                .antMatchers("/api/external/integral/**").permitAll()
                // 除上面外的所有请求全部需要鉴权认证
            .anyRequest().authenticated()
            .and()
--- a/backend/crmeb-admin/src/main/java/com/zbkj/admin/controller/ExternalIntegralController.java
+++ b/backend/crmeb-admin/src/main/java/com/zbkj/admin/controller/ExternalIntegralController.java
@@ -0,0 +1,96 @@
+package com.zbkj.admin.controller;
+
+import cn.hutool.core.collection.CollUtil;
+import com.zbkj.common.page.CommonPage;
+import com.zbkj.common.request.*;
+import com.zbkj.common.response.StoreOrderDetailResponse;
+import com.zbkj.common.response.UserIntegralRecordResponse;
+import com.zbkj.common.response.UserResponse;
+import com.zbkj.common.result.CommonResult;
+import com.zbkj.service.service.StoreOrderService;
+import com.zbkj.service.service.UserIntegralRecordService;
+import com.zbkj.service.service.UserService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+/**
+ * 积分模块外部免认证接口 Controller
+ * 供管理后台外部页面（/integral-external/*）调用，跳过登录验证。
+ * 所有接口仅提供只读查询能力，不包含任何写操作。
+ *
+ * 安全说明：此 Controller 映射路径已在 WebSecurityConfig 中配置为 permitAll。
+ * 建议生产环境配合 IP 白名单或反向代理层访问控制使用。
+ */
+@Slf4j
+@RestController
+@RequestMapping("api/external/integral")
+@Api(tags = "积分外部免认证接口")
+public class ExternalIntegralController {
+
+    @Autowired
+    private UserIntegralRecordService integralRecordService;
+
+    @Autowired
+    private StoreOrderService storeOrderService;
+
+    @Autowired
+    private UserService userService;
+
+    /**
+     * 积分明细分页列表（免认证）
+     * 复用 UserIntegralRecordService.findAdminList，与 /admin/user/integral/list 逻辑完全一致。
+     *
+     * @param request          搜索条件（dateLimit / keywords / uid）
+     * @param pageParamRequest 分页参数（page / limit）
+     */
+    @ApiOperation(value = "积分明细分页列表（免认证）")
+    @RequestMapping(value = "/log/list", method = RequestMethod.POST)
+    public CommonResult<CommonPage<UserIntegralRecordResponse>> getIntegralLogList(
+            @RequestBody @Validated AdminIntegralSearchRequest request,
+            @Validated PageParamRequest pageParamRequest) {
+        CommonPage<UserIntegralRecordResponse> restPage =
+                CommonPage.restPage(integralRecordService.findAdminList(request, pageParamRequest));
+        return CommonResult.success(restPage);
+    }
+
+    /**
+     * 订单分页列表（免认证）
+     * 复用 StoreOrderService.getAdminList，与 /admin/store/order/list 逻辑完全一致。
+     *
+     * @param request          搜索条件（status / dateLimit / orderNo / type）
+     * @param pageParamRequest 分页参数（page / limit）
+     */
+    @ApiOperation(value = "订单分页列表（免认证）")
+    @GetMapping(value = "/order/list")
+    public CommonResult<CommonPage<StoreOrderDetailResponse>> getOrderList(
+            @Validated StoreOrderSearchRequest request,
+            @Validated PageParamRequest pageParamRequest) {
+        CommonPage<StoreOrderDetailResponse> restPage =
+                storeOrderService.getAdminList(request, pageParamRequest);
+        return CommonResult.success(restPage);
+    }
+
+    /**
+     * 用户分页列表（免认证）
+     * 复用 UserService.getList，与 /admin/user/list 逻辑完全一致。
+     *
+     * @param request          搜索条件（keywords / dateLimit 等）
+     * @param pageParamRequest 分页参数（page / limit）
+     */
+    @ApiOperation(value = "用户分页列表（免认证）")
+    @GetMapping(value = "/user/list")
+    public CommonResult<CommonPage<UserResponse>> getUserList(
+            @ModelAttribute @Validated UserSearchRequest request,
+            @Validated PageParamRequest pageParamRequest) {
+        CommonPage<UserResponse> restPage =
+                CommonPage.restPage(userService.getList(request, pageParamRequest));
+        if (CollUtil.isNotEmpty(restPage.getList())) {
+            userService.fillWaSelfBonus(restPage.getList());
+        }
+        return CommonResult.success(restPage);
+    }
+}