diff --git a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/JwtUtils.java b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/JwtUtils.java index a6be530..41a9643 100644 --- a/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/JwtUtils.java +++ b/bonus-common/bonus-common-core/src/main/java/com/bonus/common/core/utils/JwtUtils.java @@ -31,7 +31,7 @@ public class JwtUtils if (!StringUtils.isEmpty(username)){ String encyrptUserName = Sm4Utils.encrypt(username); claims.put(SecurityConstants.DETAILS_USERNAME, encyrptUserName); - System.out.print("****createToken里加密用户名是:" + encyrptUserName); +// System.out.print("****createToken里加密用户名是:" + encyrptUserName); } return Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.HS512, secret).compact(); } @@ -48,7 +48,7 @@ public class JwtUtils String username = getValue(claims, SecurityConstants.DETAILS_USERNAME); if (!StringUtils.isEmpty(username)){ String decryUsername = Sm4Utils.decrypt(username); - System.out.print("****parseToken里解密用户名是:" + decryUsername); +// System.out.print("****parseToken里解密用户名是:" + decryUsername); claims.put(SecurityConstants.DETAILS_USERNAME, decryUsername); } return claims; diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java index 7e0a2cf..2d33ead 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/interceptor/ParamSecureHandler.java @@ -25,7 +25,7 @@ import static org.springframework.http.MediaType.MULTIPART_FORM_DATA_VALUE; public class ParamSecureHandler implements AsyncHandlerInterceptor { private static final String [] WHITE_URL = { - "/login", "/isAdmin", "/isLogin" ,"/register","/user/register","/operlog/addLogs","/job/edit","/user/resetPwd","/user/profile/updatePwd","/user/confirmPassword"}; + "/login", "/isAdmin", "/isLogin" ,"/register","/user/register","/operlog/addLogs","/job/edit","/user","/user/resetPwd","/user/profile/updatePwd","/user/confirmPassword"}; private String rnd = null; public static String ur = "/"; diff --git a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/SecurityUtils.java b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/SecurityUtils.java index a5614bf..eed0f78 100644 --- a/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/SecurityUtils.java +++ b/bonus-common/bonus-common-security/src/main/java/com/bonus/common/security/utils/SecurityUtils.java @@ -119,9 +119,10 @@ public class SecurityUtils //$2a$10$7JB720yubVSZvUI0rEqK/.VqGOZTH.ulu33dHOiBE8ByOhJIrdAu2 //$2a$10$zvlw3Mu8M.j.MhAChrYwluj88ziX6lVD3AoRrBQpwKMcdIZvKMoR2 // String msg= encryptPassword("Admin@1234"); - String msg= encryptPassword("15888888888"); +// String msg= encryptPassword("15888888888"); // boolean rest = matchesPassword("Bonus$2024","$2a$10$8JaKSUAU.K.mceU1.YQbd.wP4EJzbrsIscjAwPlfDR7wAWV6s/BGa"); -// String msg = Sm4Utils.encrypt("Bonus$2026"); + String msg = Sm4Utils.encrypt("Bonus$2026"); +// String msg = Sm4Utils.decrypt("4eb762402e0ce5ef9d0028e2d622c53bc8ea1d7680ea4416975e4cc23b4ef7f0"); System.err.println(msg); // System.err.println(rest); } diff --git a/bonus-modules/bonus-job/src/main/java/com/bonus/job/task/SysTask.java b/bonus-modules/bonus-job/src/main/java/com/bonus/job/task/SysTask.java index b30140d..c011b64 100644 --- a/bonus-modules/bonus-job/src/main/java/com/bonus/job/task/SysTask.java +++ b/bonus-modules/bonus-job/src/main/java/com/bonus/job/task/SysTask.java @@ -24,10 +24,13 @@ public class SysTask /** * 30天 */ - final static int LAST_LOGIN_TIME_INTERVAL = 30*24*60; + final static int LAST_LOGIN_TIME_INTERVAL = 90*24*60; @Resource private SysJobMapper mapper; + /** + *如果用户超过3个月未登录,则修改为停用状态 + */ public void checkUserLastLoginTime(){ try{ SysUser user = new SysUser(); @@ -54,6 +57,9 @@ public class SysTask } } + /** + *临时用户有时间限制,自创建起三个月则修改为停用状态 + */ public void checkUserPermanent(){ try{ SysUser user = new SysUser(); @@ -61,7 +67,7 @@ public class SysTask List sysUsers = mapper.selectUserList(user); sysUsers.forEach(item -> { long minutes = DateUtils.minutesBetween(item.getCreateTime(), DateUtils.getNowDate()); - if (minutes >= LAST_LOGIN_TIME_INTERVAL*3){ + if (minutes >= LAST_LOGIN_TIME_INTERVAL){ int i = mapper.updateUser(item.getUserId()); if (i>0){ logger.error("修改用户状态,用户id为:{},用户名为:{}",item.getUserId(),item.getUserName()); diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysConfigServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysConfigServiceImpl.java index 4d94d25..af63753 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysConfigServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysConfigServiceImpl.java @@ -87,6 +87,14 @@ public class SysConfigServiceImpl implements ISysConfigService @Override public List selectConfigList(SysConfig config) { + if (config.getConfigName() != null) { + String str = config.getConfigName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + config.setConfigName(str); + } + if (config.getConfigKey() != null) { + String str = config.getConfigKey().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + config.setConfigKey(str); + } return configMapper.selectConfigList(config); } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java index d447006..00a1a1d 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDeptServiceImpl.java @@ -60,6 +60,10 @@ public class SysDeptServiceImpl implements ISysDeptService } catch (Exception e) { e.printStackTrace(); } + if (dept.getDeptName() != null) { + String str = dept.getDeptName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + dept.setDeptName(str); + } return deptMapper.selectDeptList(dept); } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDictTypeServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDictTypeServiceImpl.java index 2ec124a..69779cc 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDictTypeServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysDictTypeServiceImpl.java @@ -50,6 +50,15 @@ public class SysDictTypeServiceImpl implements ISysDictTypeService @Override public List selectDictTypeList(SysDictType dictType) { + if (dictType.getDictName() != null) { + String str = dictType.getDictName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + dictType.setDictName(str); + } + if (dictType.getDictType() != null) { + String str = dictType.getDictType().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + dictType.setDictType(str); + } + return dictTypeMapper.selectDictTypeList(dictType); } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java index 57ba247..906ee11 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysLogServiceImpl.java @@ -1,6 +1,5 @@ package com.bonus.system.service.impl; -import com.bonus.config.SystemConfig; import com.bonus.system.warning.SysWarning; import com.bonus.system.warning.WaringLogEvent; import com.google.common.collect.Maps; @@ -17,9 +16,7 @@ import com.bonus.common.core.utils.global.SystemGlobal; import com.bonus.system.api.domain.SysLogsVo; import com.bonus.system.api.model.LoginUser; import com.bonus.system.mapper.SysLogMapper; -import com.mysql.cj.xdevapi.Warning; import lombok.extern.slf4j.Slf4j; -import org.apache.ibatis.scripting.xmltags.ForEachSqlNode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationEventPublisher; import org.springframework.scheduling.annotation.Async; @@ -54,6 +51,7 @@ public class SysLogServiceImpl implements ISysLogService { @Transactional(rollbackFor = Exception.class) public AjaxResult saveLogs(SysLogsVo sysLog) { try { + //如果是异常日志 if(SystemGlobal.LOG_ERR.equals(sysLog.getErrType()) && StringUtils.isEmpty(sysLog.getModel())) { SysLogsVo sysLog1=mapper.getModule(sysLog.getOperUri()); @@ -69,6 +67,14 @@ public class SysLogServiceImpl implements ISysLogService { if (sysLog.getLogType() == 2) { sysLog.setWarningStatus("0"); } + if (sysLog.getOperaUserName() != null) { + String str = sysLog.getOperaUserName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + sysLog.setOperaUserName(str); + } + if (sysLog.getIp() != null) { + String str = sysLog.getIp().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + sysLog.setIp(str); + } mapper.saveLogs(sysLog); if (sysLog.getLogType() == 2) { eventPublisher.publishEvent(new WaringLogEvent(new SysWarning(sysLog.getLogId(),sysLog.getErrType() ,sysLog.getIp(),sysLog.getOperaUserName(),sysLog.getOperTime(),"0"))); @@ -110,6 +116,14 @@ public class SysLogServiceImpl implements ISysLogService { if (sysLog.getLogType() == 2) { sysLog.setWarningStatus("0"); } + if (sysLog.getOperaUserName() != null) { + String str = sysLog.getOperaUserName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + sysLog.setOperaUserName(str); + } + if (sysLog.getIp() != null) { + String str = sysLog.getIp().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + sysLog.setIp(str); + } mapper.saveLogs(sysLog); if (sysLog.getLogType() == 2) { eventPublisher.publishEvent(new WaringLogEvent(new SysWarning(loginUuid, "越权访问", ip, user.getUsername(), DateUtils.getTime(),"0"))); diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysMenuServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysMenuServiceImpl.java index 6d63a4b..c93f74a 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysMenuServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysMenuServiceImpl.java @@ -66,6 +66,10 @@ public class SysMenuServiceImpl implements ISysMenuService @Override public List selectMenuList(SysMenu menu, Long userId) { + if (menu.getMenuName() != null) { + String str = menu.getMenuName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + menu.setMenuName(str); + } List menuList = menuMapper.selectMenuList(menu); return menuList; } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysOperLogServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysOperLogServiceImpl.java index de2864f..6596518 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysOperLogServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysOperLogServiceImpl.java @@ -106,6 +106,14 @@ public class SysOperLogServiceImpl implements ISysOperLogService sysLogsVo.setWarningStatus("0"); eventPublisher.publishEvent(new WaringLogEvent(new SysWarning(sysLogsVo.getLogId(), sysLogsVo.getErrType(), sysLogsVo.getIp(), sysLogsVo.getOperaUserName(), sysLogsVo.getOperTime(), "0"))); } + if (sysLogsVo.getOperaUserName() != null) { + String str = sysLogsVo.getOperaUserName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + sysLogsVo.setOperaUserName(str); + } + if (sysLogsVo.getIp() != null) { + String str = sysLogsVo.getIp().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + sysLogsVo.setIp(str); + } return operLogMapper.addLogs(sysLogsVo); } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysPostServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysPostServiceImpl.java index 15a1013..03dcd5b 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysPostServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysPostServiceImpl.java @@ -35,6 +35,15 @@ public class SysPostServiceImpl implements ISysPostService @Override public List selectPostList(SysPost post) { + if (post.getPostCode() != null) { + String str = post.getPostCode().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + post.setPostCode(str); + } + if (post.getPostName() != null) { + String str = post.getPostName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + post.setPostName(str); + } + return postMapper.selectPostList(post); } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java index 9fbb4e0..f68cb20 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysRoleServiceImpl.java @@ -65,6 +65,14 @@ public class SysRoleServiceImpl implements ISysRoleService } catch (Exception e) { e.printStackTrace(); } + if (role.getRoleName() != null) { + String str = role.getRoleName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + role.setRoleName(str); + } + if (role.getRoleKey() != null) { + String str = role.getRoleKey().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + role.setRoleKey(str); + } return roleMapper.selectRoleList(role); } diff --git a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java index af04904..f4989f1 100644 --- a/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java +++ b/bonus-modules/bonus-system/src/main/java/com/bonus/system/service/impl/SysUserServiceImpl.java @@ -1,5 +1,6 @@ package com.bonus.system.service.impl; +import com.bonus.common.core.constant.Constants; import com.bonus.common.core.constant.UserConstants; import com.bonus.common.core.domain.R; import com.bonus.common.core.exception.ServiceException; @@ -93,6 +94,14 @@ public class SysUserServiceImpl implements ISysUserService { } catch (Exception e) { e.printStackTrace(); } + if (user.getUserName() != null) { + String userName =user.getUserName().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + user.setUserName(userName); + } + if (user.getPhonenumber() != null) { + String phone =user.getPhonenumber().replace("\\", "\\\\").replace("%", "\\%").replace("_", "\\_"); + user.setPhonenumber(phone); + } List sysUsers = userMapper.selectUserList(user); return sysUsers; } diff --git a/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml b/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml index 68b00c0..157ee17 100644 --- a/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml +++ b/bonus-modules/bonus-system/src/main/resources/mapper/system/SysUserMapper.xml @@ -94,9 +94,16 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + +