bugfix

1 month ago · 031d6ae375
parent 32c1de479c
commit 031d6ae375
8 changed files with 54 additions and 36 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
@ -13,6 +13,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 /**
@ -31,9 +32,7 @@ public class XssFilter implements Filter {
        String tempExcludes = filterConfig.getInitParameter("excludes");
        if (StringUtils.isNotEmpty(tempExcludes)) {
            String[] url = tempExcludes.split(",");
-            for (int i = 0; url != null && i < url.length; i++) {
+            excludes.addAll(Arrays.asList(url));
                excludes.add(url[i]);
            }
        }
    }
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java
@ -8,6 +8,8 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import javax.servlet.DispatcherType;
 import java.util.HashMap;
@ -30,6 +32,7 @@ public class FilterConfig {
    @Bean
    @ConditionalOnProperty(value = "xss.enabled", havingValue = "true")
    public FilterRegistrationBean xssFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setDispatcherTypes(DispatcherType.REQUEST);
        registration.setFilter(new XssFilter());
@ -39,6 +42,16 @@ public class FilterConfig {
        Map<String, String> initParameters = new HashMap<String, String>();
        initParameters.put("excludes", excludes);
        registration.setInitParameters(initParameters);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        CorsConfiguration config = new CorsConfiguration();
        config.setAllowCredentials(true);
        config.addAllowedOrigin("http://39.101.188.84:9999");
        config.addAllowedHeader("*");
        config.addAllowedMethod("*");
        source.registerCorsConfiguration("/**", config); // CORS 配置对所有接口都有效
        registration.setOrder(0);
        return registration;
    }
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
@ -1,5 +1,6 @@
 package com.ruoyi.framework.web.service;
 import cn.hutool.core.collection.CollectionUtil;
 import com.ruoyi.common.constant.CacheConstants;
 import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.constant.UserConstants;
@ -11,7 +12,11 @@ import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.exception.user.CaptchaException;
 import com.ruoyi.common.exception.user.CaptchaExpireException;
 import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
-import com.ruoyi.common.utils.*;
+import com.ruoyi.common.utils.DateUtils;
 import com.ruoyi.common.utils.MessageUtils;
 import com.ruoyi.common.utils.RsaUtils;
 import com.ruoyi.common.utils.ServletUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.ip.IpUtils;
 import com.ruoyi.framework.manager.AsyncManager;
 import com.ruoyi.framework.manager.factory.AsyncFactory;
@ -72,18 +77,23 @@ public class SysLoginService {
     * @return 结果
     */
    public Map<String, Object> login(String username, String password, String code, String uuid, String userType) {
-        String strP = "";
+        String strP;
        try {
-            strP =  RsaUtils.decryptByPrivateKey(password);
+            strP = RsaUtils.decryptByPrivateKey(password);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
        // 验证码校验
 //          validateCaptcha(username, code, uuid);
        // 登录前置校验
-        loginPreCheck(username,strP);
+        loginPreCheck(username, strP);
        Map<String, Object> map = redisCache.getCacheObject(username + password);
        if (CollectionUtil.isNotEmpty(map)) {
            map.remove("@type");
            return map;
        }
        // 用户验证
-        Authentication authentication = null;
+        Authentication authentication;
        try {
            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, strP);
            AuthenticationContextHolder.setContext(authenticationToken);
@ -100,14 +110,14 @@ public class SysLoginService {
        } finally {
            AuthenticationContextHolder.clearContext();
        }
-        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
+//        AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
        LoginUser loginUser = (LoginUser) authentication.getPrincipal();
        //        recordLoginInfo(loginUser.getUserId());
        if (StringUtils.isNull(loginUser) || StringUtils.isNull(loginUser.getUserId())) {
-            addRecord(username, Constants.LOGIN_FAIL, "登录用户不存在");
+//            addRecord(username, Constants.LOGIN_FAIL, "登录用户不存在");
            throw new ServiceException("登录用户：" + username + " 不存在");
        }
-
+        loginUser.getUser().setPassword(password);
        SysUser user = loginUser.getUser();
        // 判断用户类型
        if (!"admin".equals(username)) {
@ -117,11 +127,11 @@ public class SysLoginService {
        }
        if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
-            addRecord(username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
+//            addRecord(username, Constants.LOGIN_FAIL, "对不起，您的账号已被删除");
            throw new ServiceException("对不起，您的账号：" + username + " 已被删除");
        }
        if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
-            addRecord(username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
+//            addRecord(username, Constants.LOGIN_FAIL, "用户已停用，请联系管理员");
            throw new ServiceException("对不起，您的账号：" + username + " 已停用");
        }
 //        sysPasswordService.validate(user);
@ -164,19 +174,19 @@ public class SysLoginService {
    public void loginPreCheck(String username, String password) {
        // 用户名或密码为空 错误
        if (StringUtils.isAnyBlank(username, password)) {
-            this.addRecord(username, Constants.LOGIN_FAIL, "用户/密码必须填写");
+//            this.addRecord(username, Constants.LOGIN_FAIL, "用户/密码必须填写");
            throw new ServiceException("用户/密码必须填写");
        }
        // 密码如果不在指定范围内 错误
        if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                || password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
-            this.addRecord(username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
+//            this.addRecord(username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
            throw new ServiceException("用户密码不在指定范围");
        }
        // 用户名不在指定范围内 错误
        if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                || username.length() > UserConstants.USERNAME_MAX_LENGTH) {
-            this.addRecord(username, Constants.LOGIN_FAIL, "用户名不在指定范围");
+//            this.addRecord(username, Constants.LOGIN_FAIL, "用户名不在指定范围");
            throw new ServiceException("用户名不在指定范围");
        }
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
@ -8,7 +8,6 @@ import com.ruoyi.common.utils.ServletUtils;
 import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.common.utils.ip.AddressUtils;
 import com.ruoyi.common.utils.ip.IpUtils;
 import com.ruoyi.common.utils.uuid.IdUtils;
 import eu.bitwalker.useragentutils.UserAgent;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.Jwts;
@ -96,7 +95,8 @@ public class TokenService {
     * @return 令牌
     */
    public Map<String, Object> createToken(LoginUser loginUser) {
-        String token = IdUtils.fastUUID();
+//        String token = IdUtils.fastUUID();
        String token = String.valueOf(loginUser.getUser().getUserName());
        loginUser.setToken(token);
        setUserAgent(loginUser);
        refreshToken(loginUser);
@ -109,6 +109,7 @@ public class TokenService {
        Map<String, Object> rspMap = new HashMap<>();
        rspMap.put("access_token", token1);
        rspMap.put("expires_in", expireTime);
        redisCache.setCacheObject(token + loginUser.getPassword(), rspMap, 5, TimeUnit.SECONDS);
        return rspMap;
    }
@ -160,10 +161,7 @@ public class TokenService {
     * @return 令牌
     */
    private String createToken(Map<String, Object> claims) {
-        String token = Jwts.builder()
+        return Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
                .setClaims(claims)
                .signWith(SignatureAlgorithm.HS512, secret).compact();
        return token;
    }
    /**
@ -173,10 +171,7 @@ public class TokenService {
     * @return 数据声明
     */
    private Claims parseToken(String token) {
-        return Jwts.parser()
+        return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
                .setSigningKey(secret)
                .parseClaimsJws(token)
                .getBody();
    }
    /**
--- a/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java
+++ b/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java
@ -3,9 +3,9 @@ package com.ruoyi.generator.service;
 import com.ruoyi.common.core.text.Convert;
 import com.ruoyi.generator.domain.GenTableColumn;
 import com.ruoyi.generator.mapper.GenTableColumnMapper;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
 import java.util.List;
 /**
@ -15,7 +15,8 @@ import java.util.List;
 */
@Service
 public class GenTableColumnServiceImpl implements IGenTableColumnService {
-    @Autowired
+
    @Resource
    private GenTableColumnMapper genTableColumnMapper;
    /**
--- a/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java
+++ b/ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java
@ -21,10 +21,10 @@ import org.apache.velocity.VelocityContext;
 import org.apache.velocity.app.Velocity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import javax.annotation.Resource;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
@ -46,10 +46,10 @@ import java.util.zip.ZipOutputStream;
 public class GenTableServiceImpl implements IGenTableService {
    private static final Logger log = LoggerFactory.getLogger(GenTableServiceImpl.class);
-    @Autowired
+    @Resource
    private GenTableMapper genTableMapper;
-    @Autowired
+    @Resource
    private GenTableColumnMapper genTableColumnMapper;
    /**
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java
@ -3,9 +3,9 @@ package com.ruoyi.quartz.service.impl;
 import com.ruoyi.quartz.domain.SysJobLog;
 import com.ruoyi.quartz.mapper.SysJobLogMapper;
 import com.ruoyi.quartz.service.ISysJobLogService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
 import java.util.List;
 /**
@ -15,7 +15,7 @@ import java.util.List;
 */
@Service
 public class SysJobLogServiceImpl implements ISysJobLogService {
-    @Autowired
+    @Resource
    private SysJobLogMapper jobLogMapper;
    /**
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java
@ -11,11 +11,11 @@ import org.quartz.JobDataMap;
 import org.quartz.JobKey;
 import org.quartz.Scheduler;
 import org.quartz.SchedulerException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import javax.annotation.PostConstruct;
 import javax.annotation.Resource;
 import java.util.List;
 /**
@ -25,10 +25,10 @@ import java.util.List;
 */
@Service
 public class SysJobServiceImpl implements ISysJobService {
-    @Autowired
+    @Resource
    private Scheduler scheduler;
-    @Autowired
+    @Resource
    private SysJobMapper jobMapper;
    /**