suzhou-jichuang-lanhai
/
JinJiHuJava
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bugfix

Browse Source
duhanyu
吴顺杰 1 month ago
parent 32c1de479c
commit 031d6ae375
8 changed files with 54 additions and 36 deletions
Show Stats Download Patch File Download Diff File

5
ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java
Unescape View File

@ -13,6 +13,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
/**
@ -31,9 +32,7 @@ public class XssFilter implements Filter {
String tempExcludes = filterConfig.getInitParameter("excludes");
if (StringUtils.isNotEmpty(tempExcludes)) {
String[] url = tempExcludes.split(",");
for (int i = 0; url != null && i < url.length; i++) {
excludes.add(url[i]);
}
excludes.addAll(Arrays.asList(url));
}
}

13
ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java
Unescape View File

@ -8,6 +8,8 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import javax.servlet.DispatcherType;
import java.util.HashMap;
@ -30,6 +32,7 @@ public class FilterConfig {
@Bean
@ConditionalOnProperty(value = "xss.enabled", havingValue = "true")
public FilterRegistrationBean xssFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setDispatcherTypes(DispatcherType.REQUEST);
registration.setFilter(new XssFilter());
@ -39,6 +42,16 @@ public class FilterConfig {
Map<String, String> initParameters = new HashMap<String, String>();
initParameters.put("excludes", excludes);
registration.setInitParameters(initParameters);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("http://39.101.188.84:9999");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config); // CORS 配置对所有接口都有效
registration.setOrder(0);
return registration;
}

36
ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/SysLoginService.java
Unescape View File

@ -1,5 +1,6 @@
package com.ruoyi.framework.web.service;
import cn.hutool.core.collection.CollectionUtil;
import com.ruoyi.common.constant.CacheConstants;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.constant.UserConstants;
@ -11,7 +12,11 @@ import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
import com.ruoyi.common.utils.*;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.MessageUtils;
import com.ruoyi.common.utils.RsaUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.IpUtils;
import com.ruoyi.framework.manager.AsyncManager;
import com.ruoyi.framework.manager.factory.AsyncFactory;
@ -72,18 +77,23 @@ public class SysLoginService {
* @return
*/
public Map<String, Object> login(String username, String password, String code, String uuid, String userType) {
String strP = "";
String strP;
try {
strP = RsaUtils.decryptByPrivateKey(password);
strP = RsaUtils.decryptByPrivateKey(password);
} catch (Exception e) {
throw new RuntimeException(e);
}
// 验证码校验
// validateCaptcha(username, code, uuid);
// 登录前置校验
loginPreCheck(username,strP);
loginPreCheck(username, strP);
Map<String, Object> map = redisCache.getCacheObject(username + password);
if (CollectionUtil.isNotEmpty(map)) {
map.remove("@type");
return map;
}
// 用户验证
Authentication authentication = null;
Authentication authentication;
try {
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, strP);
AuthenticationContextHolder.setContext(authenticationToken);
@ -100,14 +110,14 @@ public class SysLoginService {
} finally {
AuthenticationContextHolder.clearContext();
}
AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
// AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
// recordLoginInfo(loginUser.getUserId());
if (StringUtils.isNull(loginUser) || StringUtils.isNull(loginUser.getUserId())) {
addRecord(username, Constants.LOGIN_FAIL, "登录用户不存在");
// addRecord(username, Constants.LOGIN_FAIL, "登录用户不存在");
throw new ServiceException("登录用户:" + username + " 不存在");
}
loginUser.getUser().setPassword(password);
SysUser user = loginUser.getUser();
// 判断用户类型
if (!"admin".equals(username)) {
@ -117,11 +127,11 @@ public class SysLoginService {
}
if (UserStatus.DELETED.getCode().equals(user.getDelFlag())) {
addRecord(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除");
// addRecord(username, Constants.LOGIN_FAIL, "对不起,您的账号已被删除");
throw new ServiceException("对不起,您的账号:" + username + " 已被删除");
}
if (UserStatus.DISABLE.getCode().equals(user.getStatus())) {
addRecord(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员");
// addRecord(username, Constants.LOGIN_FAIL, "用户已停用,请联系管理员");
throw new ServiceException("对不起,您的账号:" + username + " 已停用");
}
// sysPasswordService.validate(user);
@ -164,19 +174,19 @@ public class SysLoginService {
public void loginPreCheck(String username, String password) {
// 用户名或密码为空 错误
if (StringUtils.isAnyBlank(username, password)) {
this.addRecord(username, Constants.LOGIN_FAIL, "用户/密码必须填写");
// this.addRecord(username, Constants.LOGIN_FAIL, "用户/密码必须填写");
throw new ServiceException("用户/密码必须填写");
}
// 密码如果不在指定范围内 错误
if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
|| password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
this.addRecord(username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
// this.addRecord(username, Constants.LOGIN_FAIL, "用户密码不在指定范围");
throw new ServiceException("用户密码不在指定范围");
}
// 用户名不在指定范围内 错误
if (username.length() < UserConstants.USERNAME_MIN_LENGTH
|| username.length() > UserConstants.USERNAME_MAX_LENGTH) {
this.addRecord(username, Constants.LOGIN_FAIL, "用户名不在指定范围");
// this.addRecord(username, Constants.LOGIN_FAIL, "用户名不在指定范围");
throw new ServiceException("用户名不在指定范围");
}

15
ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java
Unescape View File

@ -8,7 +8,6 @@ import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.AddressUtils;
import com.ruoyi.common.utils.ip.IpUtils;
import com.ruoyi.common.utils.uuid.IdUtils;
import eu.bitwalker.useragentutils.UserAgent;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
@ -96,7 +95,8 @@ public class TokenService {
* @return
*/
public Map<String, Object> createToken(LoginUser loginUser) {
String token = IdUtils.fastUUID();
// String token = IdUtils.fastUUID();
String token = String.valueOf(loginUser.getUser().getUserName());
loginUser.setToken(token);
setUserAgent(loginUser);
refreshToken(loginUser);
@ -109,6 +109,7 @@ public class TokenService {
Map<String, Object> rspMap = new HashMap<>();
rspMap.put("access_token", token1);
rspMap.put("expires_in", expireTime);
redisCache.setCacheObject(token + loginUser.getPassword(), rspMap, 5, TimeUnit.SECONDS);
return rspMap;
}
@ -160,10 +161,7 @@ public class TokenService {
* @return
*/
private String createToken(Map<String, Object> claims) {
String token = Jwts.builder()
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, secret).compact();
return token;
return Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact();
}
/**
@ -173,10 +171,7 @@ public class TokenService {
* @return
*/
private Claims parseToken(String token) {
return Jwts.parser()
.setSigningKey(secret)
.parseClaimsJws(token)
.getBody();
return Jwts.parser().setSigningKey(secret).parseClaimsJws(token).getBody();
}
/**

5
ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableColumnServiceImpl.java
Unescape View File

@ -3,9 +3,9 @@ package com.ruoyi.generator.service;
import com.ruoyi.common.core.text.Convert;
import com.ruoyi.generator.domain.GenTableColumn;
import com.ruoyi.generator.mapper.GenTableColumnMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
/**
@ -15,7 +15,8 @@ import java.util.List;
*/
@Service
public class GenTableColumnServiceImpl implements IGenTableColumnService {
@Autowired
@Resource
private GenTableColumnMapper genTableColumnMapper;
/**

6
ruoyi-generator/src/main/java/com/ruoyi/generator/service/GenTableServiceImpl.java
Unescape View File

@ -21,10 +21,10 @@ import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.Velocity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.annotation.Resource;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
@ -46,10 +46,10 @@ import java.util.zip.ZipOutputStream;
public class GenTableServiceImpl implements IGenTableService {
private static final Logger log = LoggerFactory.getLogger(GenTableServiceImpl.class);
@Autowired
@Resource
private GenTableMapper genTableMapper;
@Autowired
@Resource
private GenTableColumnMapper genTableColumnMapper;
/**

4
ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobLogServiceImpl.java
Unescape View File

@ -3,9 +3,9 @@ package com.ruoyi.quartz.service.impl;
import com.ruoyi.quartz.domain.SysJobLog;
import com.ruoyi.quartz.mapper.SysJobLogMapper;
import com.ruoyi.quartz.service.ISysJobLogService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import javax.annotation.Resource;
import java.util.List;
/**
@ -15,7 +15,7 @@ import java.util.List;
*/
@Service
public class SysJobLogServiceImpl implements ISysJobLogService {
@Autowired
@Resource
private SysJobLogMapper jobLogMapper;
/**

6
ruoyi-quartz/src/main/java/com/ruoyi/quartz/service/impl/SysJobServiceImpl.java
Unescape View File

@ -11,11 +11,11 @@ import org.quartz.JobDataMap;
import org.quartz.JobKey;
import org.quartz.Scheduler;
import org.quartz.SchedulerException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import java.util.List;
/**
@ -25,10 +25,10 @@ import java.util.List;
*/
@Service
public class SysJobServiceImpl implements ISysJobService {
@Autowired
@Resource
private Scheduler scheduler;
@Autowired
@Resource
private SysJobMapper jobMapper;
/**

Write Preview
Loading…
Cancel
Save