From 031d6ae375f331e0abc95c178a9a2347e8f64ad3 Mon Sep 17 00:00:00 2001 From: wu Date: Thu, 10 Oct 2024 10:42:31 +0800 Subject: [PATCH] bugfix --- .../com/ruoyi/common/filter/XssFilter.java | 5 ++- .../ruoyi/framework/config/FilterConfig.java | 13 +++++++ .../web/service/SysLoginService.java | 36 ++++++++++++------- .../framework/web/service/TokenService.java | 15 +++----- .../service/GenTableColumnServiceImpl.java | 5 +-- .../service/GenTableServiceImpl.java | 6 ++-- .../service/impl/SysJobLogServiceImpl.java | 4 +-- .../service/impl/SysJobServiceImpl.java | 6 ++-- 8 files changed, 54 insertions(+), 36 deletions(-) diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java index 851c16a..8e168ba 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java @@ -13,6 +13,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; /** @@ -31,9 +32,7 @@ public class XssFilter implements Filter { String tempExcludes = filterConfig.getInitParameter("excludes"); if (StringUtils.isNotEmpty(tempExcludes)) { String[] url = tempExcludes.split(","); - for (int i = 0; url != null && i < url.length; i++) { - excludes.add(url[i]); - } + excludes.addAll(Arrays.asList(url)); } } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java index a67ede6..6eb0076 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java @@ -8,6 +8,8 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.web.cors.CorsConfiguration; +import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import javax.servlet.DispatcherType; import java.util.HashMap; @@ -30,6 +32,7 @@ public class FilterConfig { @Bean @ConditionalOnProperty(value = "xss.enabled", havingValue = "true") public FilterRegistrationBean xssFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setDispatcherTypes(DispatcherType.REQUEST); registration.setFilter(new XssFilter()); @@ -39,6 +42,16 @@ public class FilterConfig { Map initParameters = new HashMap(); initParameters.put("excludes", excludes); registration.setInitParameters(initParameters); + + UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); + CorsConfiguration config = new CorsConfiguration(); + config.setAllowCredentials(true); + config.addAllowedOrigin("http://39.101.188.84:9999"); + config.addAllowedHeader("*"); + config.addAllowedMethod("*"); + source.registerCorsConfiguration("/**", config); // CORS 配置对所有接口都有效 + registration.setOrder(0); + return registration; } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java index 802e992..ade3954 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java @@ -1,5 +1,6 @@ package com.ruoyi.framework.web.service; +import cn.hutool.core.collection.CollectionUtil; import com.ruoyi.common.constant.CacheConstants; import com.ruoyi.common.constant.Constants; import com.ruoyi.common.constant.UserConstants; @@ -11,7 +12,11 @@ import com.ruoyi.common.exception.ServiceException; import com.ruoyi.common.exception.user.CaptchaException; import com.ruoyi.common.exception.user.CaptchaExpireException; import com.ruoyi.common.exception.user.UserPasswordNotMatchException; -import com.ruoyi.common.utils.*; +import com.ruoyi.common.utils.DateUtils; +import com.ruoyi.common.utils.MessageUtils; +import com.ruoyi.common.utils.RsaUtils; +import com.ruoyi.common.utils.ServletUtils; +import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.ip.IpUtils; import com.ruoyi.framework.manager.AsyncManager; import com.ruoyi.framework.manager.factory.AsyncFactory; @@ -72,18 +77,23 @@ public class SysLoginService { * @return 结果 */ public Map login(String username, String password, String code, String uuid, String userType) { - String strP = ""; + String strP; try { - strP = RsaUtils.decryptByPrivateKey(password); + strP = RsaUtils.decryptByPrivateKey(password); } catch (Exception e) { throw new RuntimeException(e); } // 验证码校验 // validateCaptcha(username, code, uuid); // 登录前置校验 - loginPreCheck(username,strP); + loginPreCheck(username, strP); + Map map = redisCache.getCacheObject(username + password); + if (CollectionUtil.isNotEmpty(map)) { + map.remove("@type"); + return map; + } // 用户验证 - Authentication authentication = null; + Authentication authentication; try { UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, strP); AuthenticationContextHolder.setContext(authenticationToken); @@ -100,14 +110,14 @@ public class SysLoginService { } finally { AuthenticationContextHolder.clearContext(); } - AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"))); +// AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"))); LoginUser loginUser = (LoginUser) authentication.getPrincipal(); // recordLoginInfo(loginUser.getUserId()); if (StringUtils.isNull(loginUser) || StringUtils.isNull(loginUser.getUserId())) { - addRecord(username, Constants.LOGIN_FAIL, "登录用户不存在"); +// addRecord(username, Constants.LOGIN_FAIL, "登录用户不存在"); throw new ServiceException("登录用户:" + username + " 不存在"); } - + loginUser.getUser().setPassword(password); SysUser user = loginUser.getUser(); // 判断用户类型 if (!"admin".equals(username)) { @@ -117,11 +127,11 @@ public class SysLoginService { } if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) { - addRecord(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除"); +// addRecord(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除"); throw new ServiceException("对不起,您的账号:" + username + " 已被删除"); } if (UserStatus.DISABLE.getCode().equals(user.getStatus())) { - addRecord(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员"); +// addRecord(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员"); throw new ServiceException("对不起,您的账号:" + username + " 已停用"); } // sysPasswordService.validate(user); @@ -164,19 +174,19 @@ public class SysLoginService { public void loginPreCheck(String username, String password) { // 用户名或密码为空 错误 if (StringUtils.isAnyBlank(username, password)) { - this.addRecord(username, Constants.LOGIN_FAIL, "用户/密码必须填写"); +// this.addRecord(username, Constants.LOGIN_FAIL, "用户/密码必须填写"); throw new ServiceException("用户/密码必须填写"); } // 密码如果不在指定范围内 错误 if (password.length() < UserConstants.PASSWORD_MIN_LENGTH || password.length() > UserConstants.PASSWORD_MAX_LENGTH) { - this.addRecord(username, Constants.LOGIN_FAIL, "用户密码不在指定范围"); +// this.addRecord(username, Constants.LOGIN_FAIL, "用户密码不在指定范围"); throw new ServiceException("用户密码不在指定范围"); } // 用户名不在指定范围内 错误 if (username.length() < UserConstants.USERNAME_MIN_LENGTH || username.length() > UserConstants.USERNAME_MAX_LENGTH) { - this.addRecord(username, Constants.LOGIN_FAIL, "用户名不在指定范围"); +// this.addRecord(username, Constants.LOGIN_FAIL, "用户名不在指定范围"); throw new ServiceException("用户名不在指定范围"); } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java index ba487bb..559fcf9 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java @@ -8,7 +8,6 @@ import com.ruoyi.common.utils.ServletUtils; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.ip.AddressUtils; import com.ruoyi.common.utils.ip.IpUtils; -import com.ruoyi.common.utils.uuid.IdUtils; import eu.bitwalker.useragentutils.UserAgent; import io.jsonwebtoken.Claims; import io.jsonwebtoken.Jwts; @@ -96,7 +95,8 @@ public class TokenService { * @return 令牌 */ public Map createToken(LoginUser loginUser) { - String token = IdUtils.fastUUID(); +// String token = IdUtils.fastUUID(); + String token = String.valueOf(loginUser.getUser().getUserName()); loginUser.setToken(token); setUserAgent(loginUser); refreshToken(loginUser); @@ -109,6 +109,7 @@ public class TokenService { Map rspMap = new HashMap<>(); rspMap.put("access_token", token1); rspMap.put("expires_in", expireTime); + redisCache.setCacheObject(token + loginUser.getPassword(), rspMap, 5, TimeUnit.SECONDS); return rspMap; } @@ -160,10 +161,7 @@ public class TokenService { * @return 令牌 */ private String createToken(Map claims) { - String token = Jwts.builder() - .setClaims(claims) - .signWith(SignatureAlgorithm.HS512, secret).compact(); - return token; + return Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact(); } /** @@ -173,10 +171,7 @@ public class TokenService { * @return 数据声明 */ private Claims parseToken(String token) { - return Jwts.parser() - .setSigningKey(secret) - .parseClaimsJws(token) - .getBody(); + return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody(); } /** diff --git a/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java b/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java index fed997c..018cf7b 100644 --- a/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java +++ b/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java @@ -3,9 +3,9 @@ package com.ruoyi.generator.service; import com.ruoyi.common.core.text.Convert; import com.ruoyi.generator.domain.GenTableColumn; import com.ruoyi.generator.mapper.GenTableColumnMapper; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.annotation.Resource; import java.util.List; /** @@ -15,7 +15,8 @@ import java.util.List; */ @Service public class GenTableColumnServiceImpl implements IGenTableColumnService { - @Autowired + + @Resource private GenTableColumnMapper genTableColumnMapper; /** diff --git a/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java b/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java index bd2750c..2c7b5c2 100644 --- a/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java +++ b/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java @@ -21,10 +21,10 @@ import org.apache.velocity.VelocityContext; import org.apache.velocity.app.Velocity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; +import javax.annotation.Resource; import java.io.ByteArrayOutputStream; import java.io.File; import java.io.IOException; @@ -46,10 +46,10 @@ import java.util.zip.ZipOutputStream; public class GenTableServiceImpl implements IGenTableService { private static final Logger log = LoggerFactory.getLogger(GenTableServiceImpl.class); - @Autowired + @Resource private GenTableMapper genTableMapper; - @Autowired + @Resource private GenTableColumnMapper genTableColumnMapper; /** diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java index e867fcf..af2bb6a 100644 --- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java +++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java @@ -3,9 +3,9 @@ package com.ruoyi.quartz.service.impl; import com.ruoyi.quartz.domain.SysJobLog; import com.ruoyi.quartz.mapper.SysJobLogMapper; import com.ruoyi.quartz.service.ISysJobLogService; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.annotation.Resource; import java.util.List; /** @@ -15,7 +15,7 @@ import java.util.List; */ @Service public class SysJobLogServiceImpl implements ISysJobLogService { - @Autowired + @Resource private SysJobLogMapper jobLogMapper; /** diff --git a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java index 6ab7002..0dd6ace 100644 --- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java +++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java @@ -11,11 +11,11 @@ import org.quartz.JobDataMap; import org.quartz.JobKey; import org.quartz.Scheduler; import org.quartz.SchedulerException; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import javax.annotation.PostConstruct; +import javax.annotation.Resource; import java.util.List; /** @@ -25,10 +25,10 @@ import java.util.List; */ @Service public class SysJobServiceImpl implements ISysJobService { - @Autowired + @Resource private Scheduler scheduler; - @Autowired + @Resource private SysJobMapper jobMapper; /**