Merge branch 'master-jdk21' of https://gitee.com/zhijiantianya/yudao-cloud

# Conflicts:
#	yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/service/task/BpmProcessInstanceServiceImpl.java
#	yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/service/level/MemberLevelServiceImpl.java
#	yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/controller/admin/user/vo/MpUserPageReqVO.java
#	yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/controller/admin/user/vo/MpUserRespVO.java
#	yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/controller/admin/user/vo/MpUserUpdateReqVO.java
#	yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/convert/user/MpUserConvert.java

yudao-framework/yudao-spring-boot-starter-biz-ip/src/main/resources/area.csv

@@ -522,6 +522,29 @@ id,name,type,parentId
 441931,凤岗镇,4,441900
 441932,长安镇,4,441900
 442000,中山市,3,440000
+442001,石岐街道,4,442000
+442002,东区街道,4,442000
+442003,中山港街道,4,442000
+442004,西区街道,4,442000
+442005,南区街道,4,442000
+442006,五桂山街道,4,442000
+442007,民众街道,4,442000
+442008,南朗街道,4,442000
+442009,黄圃镇,4,442000
+442010,东凤镇,4,442000
+442011,古镇镇,4,442000
+442012,沙溪镇,4,442000
+442013,坦洲镇,4,442000
+442014,港口镇,4,442000
+442015,三角镇,4,442000
+442016,横栏镇,4,442000
+442017,南头镇,4,442000
+442018,阜沙镇,4,442000
+442019,三乡镇,4,442000
+442020,板芙镇,4,442000
+442021,大涌镇,4,442000
+442022,神湾镇,4,442000
+442023,小榄镇,4,442000
 445100,潮州市,3,440000
 445200,揭阳市,3,440000
 445300,云浮市,3,440000

yudao-framework/yudao-spring-boot-starter-biz-tenant/src/main/java/cn/iocoder/yudao/framework/tenant/core/context/TenantContextHolder.java

@@ -30,16 +30,6 @@ public class TenantContextHolder {
         return TENANT_ID.get();
     }
 
-    /**
-     * 获得租户编号 String
-     *
-     * @return 租户编号
-     */
-    public static String getTenantIdStr() {
-        Long tenantId = getTenantId();
-        return StrUtil.toStringOrNull(tenantId);
-    }
-
     /**
      * 获得租户编号。如果不存在，则抛出 NullPointerException 异常
      *

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/xss/config/YudaoXssAutoConfiguration.java

@@ -44,9 +44,11 @@ public class YudaoXssAutoConfiguration implements WebMvcConfigurer {
     @ConditionalOnMissingBean(name = "xssJacksonCustomizer")
     @ConditionalOnBean(ObjectMapper.class)
     @ConditionalOnProperty(value = "yudao.xss.enable", havingValue = "true")
-    public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(XssCleaner xssCleaner) {
+    public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(XssProperties properties,
+                                                                      PathMatcher pathMatcher,
+                                                                      XssCleaner xssCleaner) {
         // 在反序列化时进行 xss 过滤，可以替换使用 XssStringJsonSerializer，在序列化时进行处理
-        return builder -> builder.deserializerByType(String.class, new XssStringJsonDeserializer(xssCleaner));
+        return builder -> builder.deserializerByType(String.class, new XssStringJsonDeserializer(properties, pathMatcher, xssCleaner));
     }
 
     /**

yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/xss/core/json/XssStringJsonDeserializer.java

@@ -1,12 +1,16 @@
 package cn.iocoder.yudao.framework.xss.core.json;
 
+import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
+import cn.iocoder.yudao.framework.xss.config.XssProperties;
 import cn.iocoder.yudao.framework.xss.core.clean.XssCleaner;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonToken;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.deser.std.StringDeserializer;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.util.PathMatcher;
 
 import java.io.IOException;
 
@@ -20,10 +24,29 @@ import java.io.IOException;
 @AllArgsConstructor
 public class XssStringJsonDeserializer extends StringDeserializer {
 
+    /**
+     * 属性
+     */
+    private final XssProperties properties;
+    /**
+     * 路径匹配器
+     */
+    private final PathMatcher pathMatcher;
+
     private final XssCleaner xssCleaner;
 
     @Override
     public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+        // 1. 白名单 URL 的处理
+        HttpServletRequest request = ServletUtils.getRequest();
+        if (request != null) {
+            String uri = ServletUtils.getRequest().getRequestURI();
+            if (properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, uri))) {
+                return p.getText();
+            }
+        }
+
+        // 2. 真正使用 xssCleaner 进行过滤
         if (p.hasToken(JsonToken.VALUE_STRING)) {
             return xssCleaner.clean(p.getText());
         }

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/convert/task/BpmProcessInstanceConvert.java

@@ -53,8 +53,10 @@ public interface BpmProcessInstanceConvert {
             // user
             if (userMap != null) {
                 AdminUserRespDTO startUser = userMap.get(NumberUtils.parseLong(pageResult.getList().get(i).getStartUserId()));
-                respVO.setStartUser(BeanUtils.toBean(startUser, BpmProcessInstanceRespVO.User.class));
-                MapUtils.findAndThen(deptMap, startUser.getDeptId(), dept -> respVO.getStartUser().setDeptName(dept.getName()));
+                if (startUser != null) {
+                    respVO.setStartUser(BeanUtils.toBean(startUser, BpmProcessInstanceRespVO.User.class));
+                    MapUtils.findAndThen(deptMap, startUser.getDeptId(), dept -> respVO.getStartUser().setDeptName(dept.getName()));
+                }
             }
         }
         return vpPageResult;
@@ -105,10 +107,10 @@ public interface BpmProcessInstanceConvert {
 
     default BpmMessageSendWhenProcessInstanceRejectReqDTO buildProcessInstanceRejectMessage(ProcessInstance instance, String reason) {
         return new BpmMessageSendWhenProcessInstanceRejectReqDTO()
-            .setProcessInstanceName(instance.getName())
-            .setProcessInstanceId(instance.getId())
-            .setReason(reason)
-            .setStartUserId(NumberUtils.parseLong(instance.getStartUserId()));
+                .setProcessInstanceName(instance.getName())
+                .setProcessInstanceId(instance.getId())
+                .setReason(reason)
+                .setStartUserId(NumberUtils.parseLong(instance.getStartUserId()));
     }
 
 }

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/framework/flowable/core/util/FlowableUtils.java

@@ -1,10 +1,12 @@
 package cn.iocoder.yudao.module.bpm.framework.flowable.core.util;
 
+import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
 import cn.iocoder.yudao.module.bpm.framework.flowable.core.enums.BpmConstants;
 import org.flowable.common.engine.api.delegate.Expression;
 import org.flowable.common.engine.api.variable.VariableContainer;
 import org.flowable.common.engine.impl.el.ExpressionManager;
 import org.flowable.common.engine.impl.identity.Authentication;
+import org.flowable.engine.ProcessEngineConfiguration;
 import org.flowable.engine.history.HistoricProcessInstance;
 import org.flowable.engine.impl.cfg.ProcessEngineConfigurationImpl;
 import org.flowable.engine.impl.util.CommandContextUtil;
@@ -32,6 +34,11 @@ public class FlowableUtils {
         Authentication.setAuthenticatedUserId(null);
     }
 
+    public static String getTenantId() {
+        Long tenantId = TenantContextHolder.getTenantId();
+        return tenantId != null ? String.valueOf(tenantId) : ProcessEngineConfiguration.NO_TENANT_ID;
+    }
+
     // ========== Execution 相关的工具方法 ==========
 
     /**

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/service/definition/BpmModelServiceImpl.java

@@ -5,7 +5,6 @@ import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.json.JsonUtils;
 import cn.iocoder.yudao.framework.common.util.object.PageUtils;
 import cn.iocoder.yudao.framework.common.util.validation.ValidationUtils;
-import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
 import cn.iocoder.yudao.module.bpm.controller.admin.definition.vo.model.BpmModelCreateReqVO;
 import cn.iocoder.yudao.module.bpm.controller.admin.definition.vo.model.BpmModelPageReqVO;
 import cn.iocoder.yudao.module.bpm.controller.admin.definition.vo.model.BpmModelUpdateReqVO;
@@ -14,6 +13,7 @@ import cn.iocoder.yudao.module.bpm.dal.dataobject.definition.BpmFormDO;
 import cn.iocoder.yudao.module.bpm.enums.definition.BpmModelFormTypeEnum;
 import cn.iocoder.yudao.module.bpm.framework.flowable.core.candidate.BpmTaskCandidateInvoker;
 import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.BpmnModelUtils;
+import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.FlowableUtils;
 import cn.iocoder.yudao.module.bpm.service.definition.dto.BpmModelMetaInfoRespDTO;
 import lombok.extern.slf4j.Slf4j;
 import org.flowable.bpmn.model.BpmnModel;
@@ -78,7 +78,7 @@ public class BpmModelServiceImpl implements BpmModelService {
             return PageResult.empty(count);
         }
         List<Model> models = modelQuery
-                .modelTenantId(TenantContextHolder.getTenantIdStr())
+                .modelTenantId(FlowableUtils.getTenantId())
                 .orderByCreateTime().desc()
                 .listPage(PageUtils.getStart(pageVO), pageVO.getPageSize());
         return new PageResult<>(models, count);
@@ -99,7 +99,7 @@ public class BpmModelServiceImpl implements BpmModelService {
         // 创建流程定义
         Model model = repositoryService.newModel();
         BpmModelConvert.INSTANCE.copyToCreateModel(model, createReqVO);
-        model.setTenantId(TenantContextHolder.getTenantIdStr());
+        model.setTenantId(FlowableUtils.getTenantId());
         // 保存流程定义
         repositoryService.saveModel(model);
         // 保存 BPMN XML

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/service/definition/BpmProcessDefinitionServiceImpl.java

@@ -5,12 +5,12 @@ import cn.hutool.core.util.StrUtil;
 import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.object.BeanUtils;
 import cn.iocoder.yudao.framework.common.util.object.PageUtils;
-import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder;
 import cn.iocoder.yudao.module.bpm.controller.admin.definition.vo.process.BpmProcessDefinitionPageReqVO;
 import cn.iocoder.yudao.module.bpm.dal.dataobject.definition.BpmFormDO;
 import cn.iocoder.yudao.module.bpm.dal.dataobject.definition.BpmProcessDefinitionInfoDO;
 import cn.iocoder.yudao.module.bpm.dal.mysql.definition.BpmProcessDefinitionInfoMapper;
 import cn.iocoder.yudao.module.bpm.framework.flowable.core.enums.BpmnModelConstants;
+import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.FlowableUtils;
 import cn.iocoder.yudao.module.bpm.service.definition.dto.BpmModelMetaInfoRespDTO;
 import lombok.extern.slf4j.Slf4j;
 import org.flowable.bpmn.model.BpmnModel;
@@ -109,7 +109,7 @@ public class BpmProcessDefinitionServiceImpl implements BpmProcessDefinitionServ
         Deployment deploy = repositoryService.createDeployment()
                 .key(model.getKey()).name(model.getName()).category(model.getCategory())
                 .addBytes(model.getKey() + BpmnModelConstants.BPMN_FILE_SUFFIX, bpmnBytes)
-                .tenantId(TenantContextHolder.getTenantIdStr())
+                .tenantId(FlowableUtils.getTenantId())
                 .disableSchemaValidation() // 禁用 XML Schema 验证，因为有自定义的属性
                 .deploy();
 
@@ -195,7 +195,7 @@ public class BpmProcessDefinitionServiceImpl implements BpmProcessDefinitionServ
             query.active();
         }
         // 执行查询
-        query.processDefinitionTenantId(TenantContextHolder.getTenantIdStr());
+        query.processDefinitionTenantId(FlowableUtils.getTenantId());
         return query.list();
     }
 

yudao-module-bpm/yudao-module-bpm-biz/src/main/java/cn/iocoder/yudao/module/bpm/service/task/BpmTaskServiceImpl.java

@@ -9,6 +9,8 @@ import cn.iocoder.yudao.framework.common.pojo.PageResult;
 import cn.iocoder.yudao.framework.common.util.date.DateUtils;
 import cn.iocoder.yudao.framework.common.util.number.NumberUtils;
 import cn.iocoder.yudao.framework.common.util.object.PageUtils;
+import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.BpmnModelUtils;
+import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.FlowableUtils;
 import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils;
 import cn.iocoder.yudao.module.bpm.controller.admin.task.vo.task.*;
 import cn.iocoder.yudao.module.bpm.convert.task.BpmTaskConvert;
@@ -17,8 +19,6 @@ import cn.iocoder.yudao.module.bpm.enums.task.BpmDeleteReasonEnum;
 import cn.iocoder.yudao.module.bpm.enums.task.BpmTaskSignTypeEnum;
 import cn.iocoder.yudao.module.bpm.enums.task.BpmTaskStatusEnum;
 import cn.iocoder.yudao.module.bpm.framework.flowable.core.enums.BpmConstants;
-import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.BpmnModelUtils;
-import cn.iocoder.yudao.module.bpm.framework.flowable.core.util.FlowableUtils;
 import cn.iocoder.yudao.module.bpm.service.definition.BpmModelService;
 import cn.iocoder.yudao.module.bpm.service.message.BpmMessageService;
 import cn.iocoder.yudao.module.system.api.user.AdminUserApi;
@@ -134,6 +134,7 @@ public class BpmTaskServiceImpl implements BpmTaskService {
     public PageResult<HistoricTaskInstance> getTaskPage(Long userId, BpmTaskPageReqVO pageVO) {
         HistoricTaskInstanceQuery taskQuery = historyService.createHistoricTaskInstanceQuery()
                 .includeTaskLocalVariables()
+                .taskTenantId(FlowableUtils.getTenantId())
                 .orderByHistoricTaskInstanceEndTime().desc(); // 审批时间倒序
         if (StrUtil.isNotBlank(pageVO.getName())) {
             taskQuery.taskNameLike("%" + pageVO.getName() + "%");

yudao-module-crm/yudao-module-crm-biz/src/main/java/cn/iocoder/yudao/module/crm/controller/admin/customer/CrmCustomerController.java

@@ -289,7 +289,7 @@ public class CrmCustomerController {
     @PostMapping("/import")
     @Operation(summary = "导入客户")
     @PreAuthorize("@ss.hasPermission('system:customer:import')")
-    public CommonResult<CrmCustomerImportRespVO> importExcel(@Valid @RequestBody CrmCustomerImportReqVO importReqVO)
+    public CommonResult<CrmCustomerImportRespVO> importExcel(@Valid CrmCustomerImportReqVO importReqVO)
             throws Exception {
         List<CrmCustomerImportExcelVO> list = ExcelUtils.read(importReqVO.getFile(), CrmCustomerImportExcelVO.class);
         return success(customerService.importCustomerList(list, importReqVO));

yudao-module-member/yudao-module-member-biz/src/main/java/cn/iocoder/yudao/module/member/service/level/MemberLevelServiceImpl.java

@@ -22,7 +22,7 @@ import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.validation.annotation.Validated;
 
-import javax.annotation.Resource;
+import jakarta.annotation.Resource;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
@@ -241,11 +241,8 @@ public class MemberLevelServiceImpl implements MemberLevelService {
         MemberUserDO user = memberUserService.getUser(userId);
         Integer userExperience = ObjUtil.defaultIfNull(user.getExperience(), 0);
         userExperience = NumberUtil.max(userExperience + experience, 0); // 防止扣出负数
-        MemberLevelRecordDO levelRecord = new MemberLevelRecordDO()
-                .setUserId(user.getId())
-                .setExperience(experience)
-                .setUserExperience(userExperience)
-                .setLevelId(user.getLevelId());
+        MemberLevelRecordDO levelRecord = new MemberLevelRecordDO().setUserId(user.getId())
+                .setExperience(experience).setUserExperience(userExperience).setLevelId(user.getLevelId());
         memberExperienceRecordService.createExperienceRecord(userId, experience, userExperience,
                 bizType, bizId);
 

yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/controller/admin/user/vo/MpUserPageReqVO.java

@@ -2,12 +2,11 @@ package cn.iocoder.yudao.module.mp.controller.admin.user.vo;
 
 import cn.iocoder.yudao.framework.common.pojo.PageParam;
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 import lombok.EqualsAndHashCode;
 import lombok.ToString;
 
-import javax.validation.constraints.NotNull;
-
 @Schema(description = "管理后台 - 公众号粉丝分页 Request VO")
 @Data
 @EqualsAndHashCode(callSuper = true)
@@ -22,7 +21,7 @@ public class MpUserPageReqVO extends PageParam {
     private String openid;
 
     @Schema(description = "微信生态唯一标识，模糊匹配", example = "o6_bmjrPTlm6_2sgVt7hMZOPfL2M")
-    private String unionid;
+    private String unionId;
 
     @Schema(description = "公众号粉丝昵称，模糊匹配", example = "芋艿")
     private String nickname;

yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/controller/admin/user/vo/MpUserRespVO.java

@@ -4,7 +4,6 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import lombok.Data;
 
 import java.time.LocalDateTime;
-import java.util.Date;
 import java.util.List;
 
 @Schema(description = "管理后台 - 公众号粉丝 Response VO")
@@ -17,8 +16,8 @@ public class MpUserRespVO  {
     @Schema(description = "公众号粉丝标识", requiredMode = Schema.RequiredMode.REQUIRED, example = "o6_bmjrPTlm6_2sgVt7hMZOPfL2M")
     private String openid;
 
-     @Schema(description = "微信生态唯一标识", requiredMode = Schema.RequiredMode.REQUIRED, example = "o6_bmjrPTlm6_2sgVt7hMZOPfL2M")
-    private String unionid;
+    @Schema(description = "微信生态唯一标识", requiredMode = Schema.RequiredMode.REQUIRED, example = "o6_bmjrPTlm6_2sgVt7hMZOPfL2M")
+    private String unionId;
 
     @Schema(description = "关注状态 参见 CommonStatusEnum 枚举", requiredMode = Schema.RequiredMode.REQUIRED, example = "1")
     private Integer subscribeStatus;

yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/controller/admin/user/vo/MpUserUpdateReqVO.java

@@ -1,9 +1,9 @@
 package cn.iocoder.yudao.module.mp.controller.admin.user.vo;
 
 import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotNull;
 import lombok.Data;
 
-import javax.validation.constraints.NotNull;
 import java.util.List;
 
 @Schema(description = "管理后台 - 公众号粉丝更新 Request VO")

yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/convert/user/MpUserConvert.java

@@ -29,7 +29,7 @@ public interface MpUserConvert {
 
     @Mappings(value = {
             @Mapping(source = "openId", target = "openid"),
-            @Mapping(source = "unionId", target = "unionid"),
+            @Mapping(source = "unionId", target = "unionId"),
             @Mapping(source = "headImgUrl", target = "headImageUrl"),
             @Mapping(target = "subscribeTime", ignore = true), // 单独转换
     })

yudao-module-mp/yudao-module-mp-biz/src/main/java/cn/iocoder/yudao/module/mp/dal/dataobject/user/MpUserDO.java

@@ -43,6 +43,10 @@ public class MpUserDO extends BaseDO {
      * 微信生态唯一标识
      */
     private String unionid;
+    /**
+     * 微信生态唯一标识
+     */
+    private String unionId;
     /**
      * 关注状态
      *

yudao-module-system/yudao-module-system-api/src/main/java/cn/iocoder/yudao/module/system/enums/ErrorCodeConstants.java

@@ -125,7 +125,7 @@ public interface ErrorCodeConstants {
 
     ErrorCode SOCIAL_CLIENT_WEIXIN_MINI_APP_PHONE_CODE_ERROR = new ErrorCode(1_002_018_200, "获得手机号失败");
     ErrorCode SOCIAL_CLIENT_NOT_EXISTS = new ErrorCode(1_002_018_201, "社交客户端不存在");
-    ErrorCode SOCIAL_CLIENT_UNIQUE = new ErrorCode(1_002_018_201, "社交客户端已存在配置");
+    ErrorCode SOCIAL_CLIENT_UNIQUE = new ErrorCode(1_002_018_202, "社交客户端已存在配置");
 
     // ========== 系统敏感词 1-002-019-000 =========
     ErrorCode SENSITIVE_WORD_NOT_EXISTS = new ErrorCode(1_002_019_000, "系统敏感词在所有标签中都不存在");