增加参数过滤的拦截器和给用户增加是否内部和是否长期用户标识

bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/config/WebMvcConfig.java

@@ -1,6 +1,7 @@
 package com.bonus.common.security.config;
 
 //import com.bonus.common.security.interceptor.ParamSecureHandler;
+import com.bonus.common.security.interceptor.ParamSecureHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@@ -23,11 +24,12 @@ public class WebMvcConfig implements WebMvcConfigurer
                 .addPathPatterns("/**")
                 .excludePathPatterns(EXCLUDEURLS)
                 .order(-10);
-//        //自定义拦截器
+        //自定义拦截器
-//        registry.addInterceptor(getParamSecureInterceptor())
+        registry.addInterceptor(getParamSecureInterceptor())
-//                .addPathPatterns("/**")
+                .addPathPatterns("/**")
-//                .excludePathPatterns(EXCLUDEURLS)
+                .excludePathPatterns(EXCLUDEURLS)
-//                .order(-10);
+                .order(-10);
+
     }
 
     /**
@@ -42,9 +44,9 @@ public class WebMvcConfig implements WebMvcConfigurer
     /**
      * 自定义参数拦截器
      */
-//    public ParamSecureHandler getParamSecureInterceptor()
+    public ParamSecureHandler getParamSecureInterceptor()
-//    {
+    {
-//        return new ParamSecureHandler();
+        return new ParamSecureHandler();
-//    }
+    }
 
 }

bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java

@@ -19,14 +19,13 @@ import static org.springframework.http.MediaType.MULTIPART_FORM_DATA_VALUE;
 /**
  * @author bonus
  * @data 2023/2/6 17:22
- * @description 安全参数验证，暂时弃用
+ * @description 安全参数验证
  */
 @Slf4j
 public class ParamSecureHandler implements AsyncHandlerInterceptor {
 
     private static String OPERLOG_URL = "/operlog/addLogs";
     private static final String REGISTER = "/user/register";
-    private static final String RECOGNITION = "/ocr/recognition";
     private String rnd = null;
 
     public static String ur = "/";
@@ -61,9 +60,9 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
         if (REGISTER.equals(requestUrl)) {
             return true;
         }
-        if (RECOGNITION.equals(requestUrl)) {
+//        if (RECOGNITION.equals(requestUrl)) {
-            return true;
+//            return true;
-        }
+//        }
         /**
          * 白名单中不验证参数
          */

sql/bns_20240604.sql

@@ -63,14 +63,16 @@ create table sys_user (
   remark            varchar(500)    default null               comment '备注',
   login_type        varchar(100)    default null               comment '登录类型',
   approval_status   char(1)         default '1'                comment '审批状态0：未审批，1：已审批',
+  is_permanent      char(1)         default '1'                comment '长期和临时用户标识0：临时用户，1：长期用户',
+  is_built_in       char(1)         default '0'                comment '是否内置用户0：非内置用户，1：内置用户',
   primary key (user_id)
 ) engine=innodb auto_increment=100 comment = '用户信息表';
 
 -- ----------------------------
 -- 初始化-用户信息表数据
 -- ----------------------------
-insert into sys_user values(1,  103, 'admin', '博诺思', '00', 'ry@163.com', '15888888888', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '管理员','0','1');
+insert into sys_user values(1,  103, 'bonus', '博诺思', '00', 'ry@163.com', '15888888888', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '系统管理员','0','1','1');
-insert into sys_user values(2,  105, 'bonus',    '博诺思', '00', 'ry@qq.com',  '15666666666', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '测试员','0','1');
+insert into sys_user values(2,  103, 'audit', '博诺思', '00', 'ry@163.com', '15888888889', '1', '', '$2a$10$5azz92OgGRyRUETz/ZJeZu1exkggPYUDRssvreywTjKk.0Pmn2Q16', '0', '0', '127.0.0.1', sysdate(), 'admin', sysdate(), '', null, '审计管理员','0','1','1');
 
 
 -- ----------------------------
@@ -120,14 +122,17 @@ create table sys_role (
   update_by            varchar(64)     default ''                 comment '更新者',
   update_time          datetime                                   comment '更新时间',
   remark               varchar(500)    default null               comment '备注',
+  is_built_in          char(1)         default '0'                comment '是否内置0：非内置，1：内置',
+
   primary key (role_id)
 ) engine=innodb auto_increment=100 comment = '角色信息表';
 
 -- ----------------------------
 -- 初始化-角色信息表数据
 -- ----------------------------
-insert into sys_role values('1', '超级管理员',  'admin',  1, 1, 1, 1, '0', '0', 'admin', sysdate(), '', null, '超级管理员');
+insert into sys_role values('1', '超级管理员',  'admin',  1, 1, 1, 1, '0', '0', 'admin', sysdate(), '', null, '超级管理员','1');
-insert into sys_role values('2', '普通角色',    'common', 2, 2, 1, 1, '0', '0', 'admin', sysdate(), '', null, '普通角色');
+insert into sys_role values('2', '审计管理员',  'audit',  1, 1, 1, 1, '0', '0', 'admin', sysdate(), '', null, '审计管理员','1');
+insert into sys_role values('3', '普通角色',    'common', 2, 2, 1, 1, '0', '0', 'admin', sysdate(), '', null, '普通角色');
 
 
 -- ----------------------------
@@ -755,3 +760,4 @@ create table sys_logs_set  (
 ) engine = innodb comment = '数据库日志容量设置表';
 
 insert into sys_logs_set values ('2048');
+