bonus
/
YSpeaManager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: bonus:notMerge
Branches Tags
bonus:master
bonus:notMerge
..
compare: bonus:master
Branches Tags
bonus:master
bonus:notMerge

4 Commits
notMerge ... master

Author SHA1 Message Date
lSun eed4fd7c7b 扫描漏洞解决 2025-10-28 17:41:28 +08:00
马三炮 5330d1e184 安全漏洞和渗透修复 2025-09-10 16:51:05 +08:00
马三炮 ca4a805c5d 安全漏洞和渗透修复 2025-08-27 10:24:12 +08:00
lSun c79ade0cb8 分支备注 2025-06-30 15:01:47 +08:00
45 changed files with 6117 additions and 2059 deletions
Show Stats Expand all files Collapse all files

57
src/main/java/com/bonus/boot/manager/basic/controller/PersonnelLibraryController.java
View File

@ -19,7 +19,6 @@ import com.bonus.boot.manager.manager.utils.GlobalConst;
import com.bonus.boot.manager.task.UnifyTask;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
@ -87,26 +86,24 @@ public class PersonnelLibraryController {
UnifyTask unifyTask = new UnifyTask();
if (cb != 3 && cb != 5){
String token = login();
if(token!=null && token.length()>0 ){
String isActive = addUser(bean.getPersonName(), bean.getPhone(),token);
if(isActive.equals("1")){
ks = 1;
ar.setFailMsg(GlobalConst.INIT_SUCCEED);
}else{
for (int i = 0; i < 3; i++) {
isActive = addUser(bean.getPersonName(), bean.getPhone(),token);
if(isActive.equals("1")){
ks = 1;
ar.setFailMsg(GlobalConst.INIT_SUCCEED);
break;
}
String isActive = addUser(bean.getPersonName(), bean.getPhone(),token);
if(isActive.equals("1")){
ks = 1;
ar.setFailMsg(GlobalConst.INIT_SUCCEED);
}else{
for (int i = 0; i < 3; i++) {
isActive = addUser(bean.getPersonName(), bean.getPhone(),token);
if(isActive.equals("1")){
ks = 1;
ar.setFailMsg(GlobalConst.INIT_SUCCEED);
break;
}
}
//三次都未推送成功 修改推送状态
if(ks!=1){
userService.updateUnify(Long.valueOf(bean.getHospId()));
ar.setFailMsg(GlobalConst.INIT_SUCCEED);
}
}
//三次都未推送成功 修改推送状态
if(ks!=1){
userService.updateUnify(Long.valueOf(bean.getHospId()));
ar.setFailMsg(GlobalConst.INIT_SUCCEED);
}
}else {
ar.setFailMsg(GlobalConst.DATA_FAIL);
@ -217,7 +214,7 @@ public class PersonnelLibraryController {
@LogAnnotation
@PostMapping("resetPassword")
@ApiOperation(value = "体检人员库-重置密码")
@ApiOperation(value = "体检人员库-删除")
public AjaxRes resetPassword(PersonnelLibraryBean bean) {
AjaxRes ar = new AjaxRes();
int result = service.resetPassword(bean);
@ -270,10 +267,7 @@ public class PersonnelLibraryController {
JSONObject object = JSON.parseObject(params);
String result = HttpClientUtils.doHttpPost(AddressConfiguration.UNIFICATION_URL + "/ynuw/sys/api/putUser", object, token);
JSONObject jsonObject = JSONObject.parseObject(result);
String code = "00";
if(jsonObject != null && jsonObject.containsKey("code")){
code = jsonObject.getString("code");
}
String code = jsonObject.getString("code");
System.err.println("新增code="+code);
if("200".equals(code)){
JSONArray data = jsonObject.getJSONArray("data");
@ -321,19 +315,4 @@ public class PersonnelLibraryController {
return isActive;
}
@LogAnnotation
@PostMapping("resetPasswordAll")
@ApiOperation(value = "体检人员库-重置密码-全员")
@PreAuthorize("hasAuthority('sys:reset:all')")
public AjaxRes resetPasswordAll(PersonnelLibraryBean bean) {
AjaxRes ar = new AjaxRes();
int result = service.resetPasswordAll(bean);
if (result > 0 ) {
ar.setSucceedMsg(GlobalConst.DATA_SUCCEED);
} else {
ar.setFailMsg(GlobalConst.DATA_FAIL);
}
return ar;
}
}

5
src/main/java/com/bonus/boot/manager/basic/controller/SysLogController.java
View File

@ -35,6 +35,11 @@ public class SysLogController {
*/
@RequestMapping(value = "/queryByPage")
public String queryByPage(SysLogs sysLogs, @RequestParam("page") Integer page, @RequestParam("limit") Integer pageSize) {
String username = sysLogs.getUsername();
// 用正则匹配是否包含非法字符若匹配到则说明有非法字符
if (username.matches(".*[^a-zA-Z0-9\u4e00-\u9fa5-].*")) {
return "{\"code\":1 , \"msg\":\"操作人仅允许输入中英文、数字和连字符\"}";
}
int count = sysLogDao.count(sysLogs);
page = (page - 1) * pageSize;
List<SysLogs> list = this.sysLogDao.queryAllByLimit(sysLogs, page, pageSize);

21
src/main/java/com/bonus/boot/manager/basic/controller/importExcelController.java
View File

@ -97,25 +97,4 @@ public class importExcelController {
return ar;
}
@LogAnnotation
@PostMapping("/reservationNew")
@ApiOperation(value = "体检人员库导入")
public AjaxRes reservationNew(@RequestParam("file") MultipartFile file, HttpServletRequest request, HttpServletResponse response) throws IOException {
int result = 1;
AjaxRes ar = new AjaxRes();
try {
List<JSONObject> lstObj = (List<JSONObject>) ImportNoPhotoExcelHelper.readExcel(file, PersonnelReservationBean.class);
String code = service.reservationNew(lstObj);
if ("导入成功".equals(code)){
ar.setSucceedMsg("导入成功");
}else{
ar.setFailMsg(code);
}
} catch (Exception e) {
e.printStackTrace();
ar.setFailMsg(e.getMessage());
}
return ar;
}
}

4
src/main/java/com/bonus/boot/manager/basic/dao/PersonnelLibraryDao.java
View File

@ -55,8 +55,4 @@ public interface PersonnelLibraryDao {
int getPhoneBy(@Param("personName")String personName,@Param("phone")String phone);
int getIdNumber(@Param("idNumber")String idNumber);
PersonnelReservationBean getMealNameNew(@Param("setMeal")String setMeal);
int resetPasswordAll(PersonnelLibraryBean bean);
}

10
src/main/java/com/bonus/boot/manager/basic/entity/PersonnelLibraryBean.java
View File

@ -116,14 +116,4 @@ public class PersonnelLibraryBean extends HospitalBean{
private String userId;
/**
* 套餐名称
*/
private String typeName;
/**
* 套餐名称id
*/
private String baseNameId;
}

2
src/main/java/com/bonus/boot/manager/basic/service/ImportExcelService.java
View File

@ -13,6 +13,4 @@ public interface ImportExcelService {
String savenegativeResult(List<JSONObject> lstObj);
String reservation(List<JSONObject> lstObj);
String reservationNew(List<JSONObject> lstObj);
}

2
src/main/java/com/bonus/boot/manager/basic/service/PersonnelLibraryService.java
View File

@ -19,6 +19,4 @@ public interface PersonnelLibraryService {
int resetPassword(PersonnelLibraryBean bean);
List<ZNode> getDepartmentTree();
int resetPasswordAll(PersonnelLibraryBean bean);
}

201
src/main/java/com/bonus/boot/manager/basic/service/impl/ImportExcelServiceImpl.java
View File

@ -460,207 +460,6 @@ public class ImportExcelServiceImpl implements ImportExcelService {
}
@Override
public String reservationNew(List<JSONObject> lstObj) {
List<PersonnelReservationBean> validBeans = new ArrayList<>(); // 用于存储通过验证的数据
String res = "";
int team = 1;
int i = 0;
String personName = "";
String phone = "";
String idNumber = "";
String department = "";
String hospital = "";
String sex = "";
String setMeal = "";
boolean hasError = false; // 标志位用于记录是否有错误
try {
if (lstObj != null && lstObj.size() > 0) {
for (JSONObject obj : lstObj) {
i++;
PersonnelReservationBean bean = new PersonnelReservationBean(); // 每个对象创建一个新的Bean
personName = obj.getString("personName").trim();
idNumber = obj.getString("idNumber").trim();
sex = obj.getString("sex").trim();
department = obj.getString("department").trim();
hospital = obj.getString("hospital").trim();
setMeal = obj.getString("setMeal").trim();
phone = obj.getString("phone").trim();
// 判断姓名为空
if (StringHelper.isEmpty(personName)) {
res += "" + i + "行姓名为空;";
hasError = true;
}
bean.setPersonName(personName);
// 判断身份证为空
/*if (StringHelper.isEmpty(idNumber) || "0.0".equals(idNumber.trim())) {
res += "" + i + "" + personName + "行身份证为空;";
team = 2;
hasError = true;
} else if (idNumber.length() != 18) {
res += "" + i + "" + personName + "行身份证格式错误;";
team = 2;
hasError = true;
}
bean.setIdNumber(idNumber);*/
// 判断性别为空
/*if (StringHelper.isEmpty(sex)) {
res += "" + i + "" + personName + "行性别为空;";
team = 2;
hasError = true;
} else {
String a = getSexByIdcard(idNumber);
String b = "";
if (sex.equals("")) {
b = "0";
} else {
b = "1";
}
if (!a.equals(b)) {
res += "" + i + "" + personName + "行身份证与性别不匹配;";
hasError = true;
} else {
bean.setSex(b);
}
}*/
// 判断部门名称为空
/*if (!department.isEmpty()) {
String departmentName = dao.getdepartmentName(department);
if (StringHelper.isEmpty(departmentName) || "0.0".equals(departmentName.trim())) {
team = 2;
res += "" + i + "" + personName + "部门名称有误,请检查";
hasError = true;
} else {
bean.setDepartment(departmentName + "");
}
} else {
team = 2;
res += "" + i + "" + personName + "部门名称为空";
hasError = true;
}*/
// 判断医院名称为空
if (StringHelper.isEmpty(hospital)) {
res += "" + i + "" + personName + "行医院名称为空;";
team = 2;
hasError = true;
} else {
if (hospital.equals("1")) {
bean.setHospital("33");
} else if (hospital.equals("2")) {
bean.setHospital("34");
} else if (hospital.equals("3")) {
bean.setHospital("35");
} else {
res += "" + i + "" + personName + "行医院名称有误,请检查";
hasError = true;
}
}
String ifHighee = null; // 判断是否为高职
// 判断体检套餐为空
if (StringHelper.isEmpty(setMeal)) {
res += "" + i + "" + personName + "行体检套餐为空;";
team = 2;
hasError = true;
} else {
// PersonnelReservationBean bean1 = dao.getMealName(setMeal);
PersonnelReservationBean bean1 = dao.getMealNameNew(setMeal);
if(bean1!=null){
String setMealName = bean1.getSetMealId();
ifHighee = bean1.getIfHighee();
if (StringHelper.isEmpty(setMealName) || "0.0".equals(setMealName.trim())) {
team = 2;
res += "" + i + "" + personName + "体检套餐有误,请检查";
hasError = true;
} else {
bean.setSetMeal(setMealName + "");
bean.setCheckType(bean1.getCheckType());
bean.setCombName(setMeal);
}
}else{
team = 2;
res += "" + i + "" + personName + "体检套餐有误,请检查";
hasError = true;
}
}
// 判断手机号码为空
if (StringHelper.isEmpty(phone) || "0.0".equals(phone.trim())) {
res += "" + i + "" + personName + "行手机号码为空;";
team = 2;
hasError = true;
} else if (!isLegalMobileNumber(phone)) {
res += "" + i + "" + personName + "行手机号码格式错误;";
team = 2;
hasError = true;
}
bean.setPhone(phone);
// 查询通过身份证姓名电话去查询
int personNameNum = dao.getPersonNameBy(personName);
if (personNameNum > 0) {
} else {
res += "" + i + "" + personName + "行姓名有误。请检查";
team = 2;
hasError = true;
}
int phoneNum = dao.getPhoneBy(personName,phone);
if (phoneNum > 0) {
}else{
res += "" + i + "" + personName + "行手机号有误。请检查";
team = 2;
hasError = true;
}
if (team != 2) {
PersonnelReservationBean beans = dao.getInfoById(personName, "", phone,"");
if (beans != null) {
// 获取预约人的id
// bean.setId(beans.getId());
} else {
res += "" + i + "" + personName + "行身份证有误。请检查";
hasError = true;
}
PersonnelReservationBean beans1 = dao.getInfoById(personName, "", phone,"");
if (beans1 != null) {
// 获取预约人的id
bean.setId(beans1.getId());
} else {
res += "" + i + "" + personName + "行高职与非高职有误。请检查";
hasError = true;
}
}
// 只有在没有错误的情况下才执行新增操作
if (!hasError) {
validBeans.add(bean);
}
}
// 只有在没有错误的情况下才执行批量导入操作
if (!hasError) {
for (PersonnelReservationBean bean : validBeans) {
int k = dao.updateReservation(bean);
}
res = "导入成功";
}
}
} catch (Exception e) {
e.printStackTrace();
}
return res;
}
private String ChangepersonType(String personType) {
String team;
if (personType.equals("在职")) {

4
src/main/java/com/bonus/boot/manager/basic/service/impl/PackageTypeServiceImpl.java
View File

@ -32,7 +32,7 @@ public class PackageTypeServiceImpl implements PackageTypeService {
@Override
public int addInfo(BaseTypePackageBean bean) {
int num = utilDao.determineIfExists("pm_base_type_package_name","type_name",bean.getTypeName(),"");
int num = utilDao.determineIfExists("pm_base_type_package","type_name",bean.getTypeName(),"");
if(num > 0){
num = 3;
}else {
@ -43,7 +43,7 @@ public class PackageTypeServiceImpl implements PackageTypeService {
@Override
public int updateInfo(BaseTypePackageBean bean) {
int num = utilDao.determineIfExists("pm_base_type_package_name","type_name",bean.getTypeName(),bean.getId()+"");
int num = utilDao.determineIfExists("pm_base_type_package","type_name",bean.getTypeName(),bean.getId()+"");
if(num > 0){
num = 3;
}else {

7
src/main/java/com/bonus/boot/manager/basic/service/impl/PersonnelLibraryServiceImpl.java
View File

@ -120,11 +120,4 @@ public class PersonnelLibraryServiceImpl implements PersonnelLibraryService {
public List<ZNode> getDepartmentTree() {
return dao.getDepartmentTree();
}
@Override
public int resetPasswordAll(PersonnelLibraryBean bean) {
bean.setPassword(passwordEncoder.encode("YNsbd@123456"));
return dao.resetPasswordAll(bean);
}
}

11
src/main/java/com/bonus/boot/manager/manager/config/BnsSecurityConfig.java
View File

@ -16,10 +16,11 @@ import org.springframework.security.web.authentication.AuthenticationFailureHand
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.web.cors.CorsConfigurationSource;
/**
* spring security配置
*
*
*/
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
@ -37,6 +38,9 @@ public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private TokenFilter tokenFilter;
@Autowired
private CorsConfigurationSource corsConfigurationSource;
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
@ -45,7 +49,8 @@ public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
// 使用新的跨域配置
http.cors(cors -> cors.configurationSource(corsConfigurationSource));
// 基于token所以不需要session
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
@ -60,7 +65,7 @@ public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint);
http.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
// 解决不允许显示在iframe的问题
http.headers().frameOptions().disable();
//http.headers().frameOptions().disable();
http.headers().cacheControl();
http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);

89
src/main/java/com/bonus/boot/manager/manager/config/CorsConfig.java Normal file
View File

@ -0,0 +1,89 @@
package com.bonus.boot.manager.manager.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.Arrays;
import java.util.List;
/**
* 跨域配置类
* 解决前后端不分离项目的跨域问题
*/
@Configuration
public class CorsConfig implements WebMvcConfigurer {
@Value("${cors.allowed-origins}")
private String allowedOrigins;
@Value("${cors.allowed-methods}")
private String allowedMethods;
@Value("${cors.allowed-headers}")
private String allowedHeaders;
@Value("${cors.allow-credentials}")
private boolean allowCredentials;
@Value("${cors.max-age}")
private long maxAge;
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**")
.allowedOriginPatterns(getAllowedOriginPatterns().toArray(new String[0]))
.allowedMethods(getAllowedMethodArray())
.allowedHeaders(getAllowedHeaderArray())
.allowCredentials(allowCredentials)
.maxAge(maxAge)
.exposedHeaders("Content-Length", "Content-Type", "Token", "Authorization");
}
@Bean
public CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOriginPatterns(getAllowedOriginPatterns());
configuration.setAllowedMethods(Arrays.asList(getAllowedMethodArray()));
configuration.setAllowedHeaders(Arrays.asList(getAllowedHeaderArray()));
configuration.setExposedHeaders(Arrays.asList("Content-Length", "Content-Type", "Token", "Authorization"));
configuration.setAllowCredentials(allowCredentials);
configuration.setMaxAge(maxAge);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
// 统一仅注册一套白名单策略避免出现*
source.registerCorsConfiguration("/**", configuration);
return source;
}
private List<String> getAllowedOriginPatterns() {
if (allowedOrigins == null || allowedOrigins.trim().isEmpty()) {
return Arrays.asList(
"http://localhost:*",
"http://127.0.0.1:*",
"http://192.168.*.*:*",
"http://10.*.*.*:*"
);
}
return Arrays.asList(allowedOrigins.split(","));
}
private String[] getAllowedMethodArray() {
if (allowedMethods == null || allowedMethods.trim().isEmpty()) {
return new String[]{"GET", "POST", "PUT", "DELETE", "OPTIONS"};
}
return allowedMethods.split(",");
}
private String[] getAllowedHeaderArray() {
if (allowedHeaders == null || allowedHeaders.trim().isEmpty()) {
return new String[]{"Content-Type", "X-Requested-With", "Token", "Authorization", "X-Custom-Header"};
}
return allowedHeaders.split(",");
}
}

236
src/main/java/com/bonus/boot/manager/manager/config/CspFilter.java Normal file
View File

@ -0,0 +1,236 @@
package com.bonus.boot.manager.manager.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
@Component
@Order(1) // 确保过滤器优先级
public class CspFilter implements Filter {
// 静态资源扩展名模式
private static final Pattern STATIC_RESOURCE_PATTERN = Pattern.compile(
".*\\.(css|js|map|png|jpg|jpeg|gif|ico|svg|webp|bmp|" +
"woff|woff2|ttf|eot|otf|pdf|txt|xml|json|" +
"zip|rar|7z|tar|gz|mp4|mp3|wav|avi|mov|webm|" +
"doc|docx|xls|xlsx|ppt|pptx)$",
Pattern.CASE_INSENSITIVE
);
// 静态资源路径前缀
private static final List<String> STATIC_PATH_PREFIXES = Arrays.asList(
"/static/", "/public/", "/resources/", "/assets/", "/css/", "/js/",
"/images/", "/img/", "/fonts/", "/webjars/", "/vendor/", "/dist/",
"/uploads/", "/downloads/", "/libs/", "/layui/"
);
// WebGL和3D地图相关页面路径
private static final List<String> WEBGL_PAGE_PATHS = Arrays.asList(
"/pages/synthesisQuery/digitalSignage.html",
"/pages/basic/lineManagement/child/setSpanTowerLonAndLat.html"
);
@Value("${spring.profiles.active:prod}")
private String activeProfile;
@Value("${csp.report-only:false}")
private boolean cspReportOnly;
@Value("${csp.allow-iframe:true}")
private boolean allowIframe;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String requestUri = httpRequest.getRequestURI();
// 设置所有必要的安全头
setSecurityHeaders(httpResponse, requestUri);
chain.doFilter(request, response);
}
private void setSecurityHeaders(HttpServletResponse response, String requestUri) {
// 1. 设置ClickJacking防护头优先解决
setClickJackingProtectionHeaders(response, requestUri);
// 2. 设置CSP头
setCspHeader(response, requestUri);
// 3. 设置其他安全头
setAdditionalSecurityHeaders(response);
}
private void setCspHeader(HttpServletResponse response, String requestUri) {
String cspPolicy;
if (isStaticResource(requestUri)) {
// 静态资源使用简单策略
cspPolicy = "default-src 'self'";
}
else if (isLoginPage(requestUri)) {
// 登录页面 - 使用安全的CSP策略移除不安全的指令
String frameAncestors = allowIframe ? "'self'" : "'none'";
cspPolicy = "default-src 'self'; " +
// 允许同源脚本和外部JavaScript库
"script-src 'self' 'unsafe-inline' https:; " +
// 只允许同源样式
"style-src 'self' 'unsafe-inline' https:; " +
// 只允许同源图片和数据URI
"img-src 'self' data: blob: https:; " +
// 只允许同源字体和数据URI
"font-src 'self' data: https:; " +
// 只允许同源连接
"connect-src 'self' https:; " +
"frame-ancestors " + frameAncestors + "; " +
"form-action 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"report-uri /api/csp-violation";
}
else if (isWebglPage(requestUri)) {
// WebGL和3D地图页面 - 需要更宽松的策略支持WebGLWorker等
String frameAncestors = allowIframe ? "'self'" : "'none'";
cspPolicy = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:; " +
"style-src 'self' 'unsafe-inline' data: blob:; " +
"img-src 'self' data: blob: https:; " +
"font-src 'self' data: blob: https:; " +
"connect-src 'self' https: blob: data: http://data.mars3d.cn; " +
"frame-ancestors " + frameAncestors + "; " +
"form-action 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"worker-src 'self' blob: data:; " +
"child-src 'self' blob: data:; " +
"report-uri /api/csp-violation"; // 移除 upgrade-insecure-requests避免强制HTTPS
} else {
// 普通HTML页面 - 根据配置决定是否允许iframe
String frameAncestors = allowIframe ? "'self'" : "'none'";
cspPolicy = "default-src 'self'; " +
"script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; " +
"style-src 'self' 'unsafe-inline' https:; " +
"img-src 'self' data: blob: https:; " +
"font-src 'self' data: https:; " +
"connect-src 'self' https:; " +
"frame-ancestors " + frameAncestors + "; " +
"form-action 'self'; " +
"object-src 'none'; " +
"base-uri 'self'; " +
"report-uri /api/csp-violation"; // 移除 upgrade-insecure-requests避免强制HTTPS
}
String headerName = cspReportOnly ?
"Content-Security-Policy-Report-Only" : "Content-Security-Policy";
response.setHeader(headerName, cspPolicy);
}
private void setClickJackingProtectionHeaders(HttpServletResponse response, String requestUri) {
// 对于静态资源使用宽松的ClickJacking防护
if (isStaticResource(requestUri)) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
return;
}
// 对于HTML页面根据配置决定防护级别
if (allowIframe) {
response.setHeader("X-Frame-Options", "SAMEORIGIN");
} else {
response.setHeader("X-Frame-Options", "DENY");
}
}
private void setAdditionalSecurityHeaders(HttpServletResponse response) {
response.setHeader("X-Content-Type-Options", "nosniff");
response.setHeader("X-XSS-Protection", "1; mode=block");
response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
response.setHeader("Permissions-Policy",
"geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=()");
// 注意HSTS 只应在 HTTPS 部署下开启当前未在此处强制设置
// 如需开启请在 HTTPS 部署完成后通过配置控制
// 例如Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
}
private boolean isStaticResource(String uri) {
if (uri == null || uri.isEmpty()) {
return false;
}
String path = uri.split("\\?")[0];
if (STATIC_RESOURCE_PATTERN.matcher(path).matches()) {
return true;
}
return STATIC_PATH_PREFIXES.stream().anyMatch(path::startsWith);
}
/**
* 判断是否为登录页面
*/
private boolean isLoginPage(String requestUri) {
return requestUri != null && (
requestUri.endsWith("/login.html") ||
requestUri.endsWith("/login") ||
requestUri.contains("/login")
);
}
/**
* 生成随机nonce值
*/
private String generateNonce() {
byte[] nonceBytes = new byte[16];
new java.util.Random().nextBytes(nonceBytes);
return java.util.Base64.getEncoder().encodeToString(nonceBytes);
}
/**
* 生成内容的SHA-256哈希值
*/
private String generateHash(String content) {
try {
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] hash = digest.digest(content.getBytes("UTF-8"));
return "'sha256-" + java.util.Base64.getEncoder().encodeToString(hash) + "'";
} catch (Exception e) {
return "";
}
}
private boolean isWebglPage(String uri) {
if (uri == null || uri.isEmpty()) {
return false;
}
String path = uri.split("\\?")[0];
return WEBGL_PAGE_PATHS.stream().anyMatch(path::contains);
}
private boolean isProduction() {
return "prod".equals(activeProfile) || "production".equals(activeProfile);
}
@Override
public void destroy() {
// 清理资源
}
}

71
src/main/java/com/bonus/boot/manager/manager/config/SecurityHeadersFilter.java Normal file
View File

@ -0,0 +1,71 @@
package com.bonus.boot.manager.manager.config;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* 额外的安全头过滤器
* 用于设置更多的安全相关头信息
*/
@Component
@Order(2)
public class SecurityHeadersFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
// 设置额外的安全头
setAdditionalSecurityHeaders(httpRequest, httpResponse);
chain.doFilter(request, response);
}
private void setAdditionalSecurityHeaders(HttpServletRequest request, HttpServletResponse response) {
// 1) 缓存控制
response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, max-age=0");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "0");
// 2) IE下载策略
response.setHeader("X-Download-Options", "noopen");
// 3) 跨域策略条件化设置
if (isPotentiallyTrustworthy(request)) {
response.setHeader("Cross-Origin-Opener-Policy", "same-origin");
response.setHeader("Cross-Origin-Resource-Policy", "same-origin");
response.setHeader("Cross-Origin-Embedder-Policy", "require-corp");
} else {
response.setHeader("Cross-Origin-Opener-Policy", "");
response.setHeader("Cross-Origin-Resource-Policy", "");
response.setHeader("Cross-Origin-Embedder-Policy", "");
}
// 4) 不再设置已废弃的 Feature-Policy避免与 Permissions-Policy 冲突
// Permissions-Policy 已在 CspFilter 中统一设置
}
private boolean isPotentiallyTrustworthy(HttpServletRequest request) {
boolean isSecure = request.isSecure();
String forwardedProto = request.getHeader("X-Forwarded-Proto");
if (!isSecure && forwardedProto != null) {
isSecure = "https".equalsIgnoreCase(forwardedProto);
}
String host = request.getServerName();
boolean isLocalhost = "localhost".equalsIgnoreCase(host) || "127.0.0.1".equals(host);
return isSecure || isLocalhost;
}
@Override
public void destroy() {
// 清理资源
}
}

8
src/main/java/com/bonus/boot/manager/manager/config/WebMvcConfig.java
View File

@ -19,10 +19,10 @@ public class WebMvcConfig implements WebMvcConfigurer {
/**
* 跨域支持
*
*
* @return
*/
@Bean
/*@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
@ -30,11 +30,11 @@ public class WebMvcConfig implements WebMvcConfigurer {
registry.addMapping("/**").allowedMethods("*");
}
};
}
}*/
/**
* datatable分页解析
*
*
* @return
*/
@Bean

15
src/main/java/com/bonus/boot/manager/manager/controller/UserController.java
View File

@ -119,7 +119,10 @@ public class UserController {
@ApiOperation(value = "当前登录用户")
@GetMapping("/current")
public SysUser currentUser() {
return UserUtil.getLoginUser();
//置空password
SysUser sysUser = UserUtil.getLoginUser();
sysUser.setPassword(null);
return sysUser;
}
@GetMapping("/getTokenKey")
@ -155,7 +158,7 @@ public class UserController {
}
/**-------------------------------------------以上为老代码,以下为layui新页面所使用的方法-----------------------------------------------------------------*/
@LogAnnotation
@PostMapping("getMsgContent")
@ApiOperation(value = "用户管理-列表")
@ -350,12 +353,8 @@ public class UserController {
// String result = HttpClientUtils.doHttpPost("http://112.29.103.165:1616/ynuw/sys/api/userLogin", object, null);
String result = HttpClientUtils.doHttpPost(AddressConfiguration.UNIFICATION_URL + "/ynuw/sys/api/userLogin", object, null);
JSONObject jsonObject = JSONObject.parseObject(result);
if(jsonObject == null || jsonObject.isEmpty()){
return "";
}else{
String string = JSONObject.parseObject(jsonObject.getString("data")).getString("token");
return string;
}
String string = JSONObject.parseObject(jsonObject.getString("data")).getString("token");
return string;
}
//统一平台后台新增接口 获取token

8
src/main/java/com/bonus/boot/manager/manager/controller/UtilController.java
View File

@ -107,13 +107,5 @@ public class UtilController {
List<MapBean> list = service.getSetMeal(o);
return R.okTable(list, list.size());
}
@LogAnnotation
@PostMapping(value = "/getPackageTypeName")
@ApiOperation(value = "套餐类型select列表")
public List<MapBean> getPackageTypeName() {
List<MapBean> result = service.getPackageTypeName();
return result;
}
}

2
src/main/java/com/bonus/boot/manager/manager/dao/UtilDao.java
View File

@ -62,6 +62,4 @@ public interface UtilDao {
List<MapBean> getExaminationHospital();
List<MapBean> getNewHospitalSelect(MapBean bean);
List<MapBean> getPackageTypeName();
}

16
src/main/java/com/bonus/boot/manager/manager/filter/TokenFilter.java
View File

@ -2,8 +2,7 @@ package com.bonus.boot.manager.manager.filter;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -22,7 +21,7 @@ import com.bonus.boot.manager.manager.entity.LoginUser;
* Token过滤器
*/
@Component
public class TokenFilter extends OncePerRequestFilter {
public class TokenFilter extends OncePerRequestFilter implements Filter {
public static final String TOKEN_KEY = "token";
@ -45,14 +44,18 @@ public class TokenFilter extends OncePerRequestFilter {
SecurityContextHolder.getContext().setAuthentication(authentication);
}
}
// 在这里设置 CSP 头或其他过滤逻辑
/*response.setHeader(
"Content-Security-Policy",
"default-src 'self'; script-src 'self' https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline';font-src 'self' data:;img-src 'self' data:;"
);*/
filterChain.doFilter(request, response);
}
/**
* 校验时间<br>
* 过期时间与当前时间对比临近过期10分钟内的话自动刷新缓存
*
*
* @param loginUser
* @return
*/
@ -70,7 +73,7 @@ public class TokenFilter extends OncePerRequestFilter {
/**
* 根据参数或者header获取token
*
*
* @param request
* @return
*/
@ -82,5 +85,4 @@ public class TokenFilter extends OncePerRequestFilter {
return token;
}
}

2
src/main/java/com/bonus/boot/manager/manager/service/UtilService.java
View File

@ -44,6 +44,4 @@ public interface UtilService {
List<MapBean> getExaminationHospital();
List<MapBean> getNewHospitalSelect(MapBean o);
List<MapBean> getPackageTypeName();
}

5
src/main/java/com/bonus/boot/manager/manager/service/impl/UtilServiceImpl.java
View File

@ -75,9 +75,4 @@ public class UtilServiceImpl implements UtilService {
bean.setHospitalId(hospiral);
return utilDao.getNewHospitalSelect(bean);
}
@Override
public List<MapBean> getPackageTypeName() {
return utilDao.getPackageTypeName();
}
}

77
src/main/resources/application.properties
View File

@ -1,20 +1,20 @@
#\u8BBF\u95EE\u7AEF\u53E3
#\u6B63\u5F0F\u7AEF\u53E3
#\u6B63\u5F0F\u7AEF\u53E3
#server.port=18088
#\u672C\u5730\u7AEF\u53E3
server.port=18088
#\u6D4B\u8BD5\u7AEF\u53E3
#server.port=18088
#\u6D4B\u8BD5\u7AEF\u53E3
server.port=18088
#\u8BBF\u95EE\u8DEF\u5F84
server.servlet.context-path=/YSpeaManager
#\u6B63\u5F0F\u5E93
spring.datasource.url=jdbc:mysql://192.168.1.8:23342/yn_tj_appoint?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true
spring.datasource.username=root
spring.datasource.password=Bonus@yntj123!
#\u6D4B\u8BD5\u5E93
#spring.datasource.url=jdbc:mysql://192.168.0.14:1115/yn_tj_appoint?useSSL=false&allowMultiQueries=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
#spring.datasource.url=jdbc:mysql://192.168.1.8:23342/yn_tj_appoint?useUnicode=true&characterEncoding=utf-8&allowMultiQueries=true
#spring.datasource.username=root
#spring.datasource.password=xbzadmin@szedu14!
#spring.datasource.password=Bonus@yntj123!
#\u6D4B\u8BD5\u5E93
spring.datasource.url=jdbc:mysql://192.168.0.14:1115/yn_tj_appoint?useSSL=false&allowMultiQueries=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
spring.datasource.username=root
spring.datasource.password=xbzadmin@szedu14!
#\u672C\u5730\u5E93
#spring.datasource.url=jdbc:mysql://127.0.0.1:3306/yn_tj_appoint?useSSL=false&allowMultiQueries=true&useUnicode=true&characterEncoding=utf-8&serverTimezone=Asia/Shanghai
#spring.datasource.username=root
@ -32,13 +32,13 @@ mybatis.mapper-locations=classpath:mappers/*/*Mapper.xml
mybatis.type-aliases-package=com.bonus.boot.manager.*.entity
#\u7EBF\u4E0A
spring.redis.host=192.168.1.8
spring.redis.port=23347
spring.redis.password=Bonus@yntj123!
#spring.redis.host=192.168.1.8
#spring.redis.port=23347
#spring.redis.password=Bonus@yntj123!
#\u6D4B\u8BD5
#spring.redis.host=192.168.0.14
#spring.redis.port=2001
#spring.redis.password=Dszbns@Redis123!
spring.redis.host=192.168.0.14
spring.redis.port=2001
spring.redis.password=Dszbns@Redis123!
#\u672C\u5730
#spring.redis.host=127.0.0.1
#spring.redis.port=6379
@ -65,12 +65,49 @@ token.expire.seconds=7200
spring.servlet.multipart.enabled=true
#\u6B63\u5F0F
files.url=http://112.29.103.165:1616/medicalDocumentation/statics
files.path=/data/yn
#\u6D4B\u8BD5
#files.url=http://192.168.0.14:18077/medicalDocumentation/statics
#files.url=http://112.29.103.165:1616/medicalDocumentation/statics
#files.path=/data/yn
#\u6D4B\u8BD5
files.url=http://192.168.0.14:18088/medicalDocumentation/statics
files.path=/data/yn
#\u672C\u5730
#files.url=http://192.168.0.110:18088/YSpeaManager/statics
#files.path=d:\\data\\yn
#files.upload=d:\\files
#files.upload=d:\\files
# \u8DE8\u57DF\u914D\u7F6E
# \u5141\u8BB8\u7684\u6E90\uFF08\u591A\u4E2A\u7528\u9017\u53F7\u5206\u9694\uFF09
cors.allowed-origins=http://localhost:18088,http://127.0.0.1:18088,http://192.168.0.39:1616,http://192.168.0.14:18088,http://112.29.103.165:1616
# \u5141\u8BB8\u7684HTTP\u65B9\u6CD5
cors.allowed-methods=GET,POST,PUT,DELETE,OPTIONS
# \u5141\u8BB8\u7684\u8BF7\u6C42\u5934
cors.allowed-headers=Content-Type,X-Requested-With,Token,Authorization,X-Custom-Header
# \u662F\u5426\u5141\u8BB8\u643A\u5E26\u8BA4\u8BC1\u4FE1\u606F
cors.allow-credentials=true
# \u9884\u68C0\u8BF7\u6C42\u7F13\u5B58\u65F6\u95F4\uFF08\u79D2\uFF09
cors.max-age=3600
# \u5B89\u5168\u5934\u914D\u7F6E
# \u662F\u5426\u542F\u7528\u4E25\u683C\u7684\u5B89\u5168\u5934
security.headers.strict=true
# \u662F\u5426\u542F\u7528HSTS\uFF08HTTP\u4E25\u683C\u4F20\u8F93\u5B89\u5168\uFF09
security.hsts.enabled=true
# \u662F\u5426\u6E05\u9664\u670D\u52A1\u5668\u4FE1\u606F\u5934
security.headers.clear-server-info=true
management.endpoint.caches.enabled=false
# CSP\u548C\u5B89\u5168\u5934\u914D\u7F6E
# \u662F\u5426\u542F\u7528CSP\u62A5\u544A\u6A21\u5F0F\uFF08true\u4E3A\u4EC5\u62A5\u544A\uFF0Cfalse\u4E3A\u5F3A\u5236\u6267\u884C\uFF09
csp.report-only=false
# \u662F\u5426\u5141\u8BB8\u9875\u9762\u5728iframe\u4E2D\u663E\u793A\uFF08true\u4E3A\u5141\u8BB8\u540C\u6E90iframe\uFF0Cfalse\u4E3A\u5B8C\u5168\u7981\u6B62\uFF09
csp.allow-iframe=true
# \u662F\u5426\u542F\u7528WebGL\u652F\u6301\uFF08true\u4E3A\u542F\u7528\uFF0Cfalse\u4E3A\u7981\u7528\uFF09
csp.enable-webgl=true

18
src/main/resources/mappers/basic/PackageTypeMapper.xml
View File

@ -2,24 +2,25 @@
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.bonus.boot.manager.basic.dao.PackageTypeDao">
<insert id="addInfo">
insert into pm_base_type_package_name (type_name,is_active)
values (#{typeName},'1')
insert into pm_base_type_package (type_name,package_descri,is_active)
values (#{typeName},#{packageDescri},'1')
</insert>
<update id="updateInfo">
update pm_base_type_package_name set type_name = #{typeName}
update pm_base_type_package set type_name = #{typeName},package_descri = #{packageDescri}
where id = #{id}
</update>
<delete id="delById">
update pm_base_type_package_name set is_active = '0' where id = #{id}
update pm_base_type_package set is_active = '0' where id = #{id}
</delete>
<select id="getList" resultType="com.bonus.boot.manager.basic.entity.BaseTypePackageBean">
select
id,
type_name as typeName
from pm_base_type_package_name
case when type_name = '1' then '标准套餐' when type_name = '2' then '个性化套餐' when type_name = '3' then '职业健康套餐' end as typeName,
package_descri as packageDescri
from pm_base_type_package
where is_active = '1'
<if test="typeName != null and typeName != ''">
AND type_name LIKE concat ('%',#{typeName},'%')
@ -29,8 +30,9 @@
<select id="getListById" resultType="com.bonus.boot.manager.basic.entity.BaseTypePackageBean">
select
id,
type_name as typeName
from pm_base_type_package_name
type_name as typeName,
package_descri as packageDescri
from pm_base_type_package
where is_active = '1' and id = #{id}
</select>
</mapper>

41
src/main/resources/mappers/basic/PersonnelLibraryMapper.xml
View File

@ -5,9 +5,9 @@
<insert id="addInfo" keyProperty="hospId" useGeneratedKeys="true">
<!-- 插入到pm_base_physical表 -->
insert into
pm_base_physical(phy_name,idcard,age,depart_id,sex,if_higher,telep_number,if_job,special_job,phy_password,is_active,status,nosocomium,personnel_type,pushStatus,base_name_id)
pm_base_physical(phy_name,idcard,age,depart_id,sex,if_higher,telep_number,if_job,special_job,phy_password,is_active,status,nosocomium,set_meal,personnel_type,pushStatus)
values
(#{personName},#{idNumber},#{age},#{departmentId},#{sex},#{higherJob},#{phone},#{personType},#{specialPost},#{password},'1','1',#{hospital},#{personnelType},'1',#{baseNameId})
(#{personName},#{idNumber},#{age},#{departmentId},#{sex},#{higherJob},#{phone},#{personType},#{specialPost},#{password},'1','1',#{hospital},#{setMeal},#{personnelType},'1')
</insert>
<insert id="addresult">
insert into pm_physical_result(physical_id)
@ -27,7 +27,7 @@
special_job = #{specialPost},
nosocomium = #{hospital},
personnel_type = #{personnelType},
base_name_id = #{baseNameId}
set_meal = #{setMeal}
where id = #{id}
and is_active = '1'
</update>
@ -92,14 +92,12 @@
when '2' then '肿瘤'
when '3' then '综合'
else ''
end as setMeal,
pn.type_name as typeName
end as setMeal
from pm_base_physical pbp
left join pm_base_hospital pbh on pbh.id = pbp.nosocomium
left join sys_dic_detail sdd on sdd.id = pbp.if_job
left join pm_base_special_job pbsj on pbsj.id = pbp.special_job and pbsj.is_active = '1'
left join pm_organization po on po.id = pbp.depart_id
LEFT JOIN pm_base_type_package_name pn on pn.id = pbp.base_name_id
left join pm_phy_organization po on po.id = pbp.depart_id
where pbp.is_active = '1'
<if test="personName != null and personName != ''">
AND pbp.phy_name LIKE concat ('%',#{personName},'%')
@ -126,13 +124,10 @@
pbsj.job_name as specialPostName,
pbp.nosocomium as hospital,
pbp.personnel_type as personnelType,
pbp.set_meal as setMeal,
pbp.base_name_id as baseNameId,
pn.type_name as typeName
pbp.set_meal as setMeal
from pm_base_physical pbp
left join pm_base_special_job pbsj on pbsj.id = pbp.special_job and pbsj.is_active = '1'
left join pm_organization po on po.id = pbp.depart_id
LEFT JOIN pm_base_type_package_name pn on pn.id = pbp.base_name_id
left join pm_phy_organization po on po.id = pbp.depart_id
where pbp.is_active = '1'
and pbp.id = #{id}
</select>
@ -152,7 +147,7 @@
</select>
<select id="getdepartmentName" resultType="java.lang.String">
select id
from pm_organization
from pm_phy_organization
where `name` = #{department}
and is_active = '1' limit 1
</select>
@ -172,12 +167,8 @@
<select id="getInfoById" resultType="com.bonus.boot.manager.basic.entity.PersonnelReservationBean">
SELECT id
from pm_base_physical
where is_active = '1' and if_job = '1' and phy_name = #{personName}
where is_active = '1' and if_job = '1' and phy_name = #{personName} and idcard = #{idNumber}
and telep_number = #{phone}
<if test="idNumber!=null and idNumber !='' and idNumber !='null' ">
and idcard = #{idNumber}
</if>
<if test="ifHighee!=null and ifHighee !='' and ifHighee !='null' ">
and if_higher = #{ifHighee}
</if>
@ -206,23 +197,13 @@
where is_active = '1' and idcard = #{idNumber}
</select>
<select id="getMealNameNew" resultType="com.bonus.boot.manager.basic.entity.PersonnelReservationBean">
SELECT id as setMealId FROM `pm_base_type_package_name`
WHERE type_name LIKE concat ('%',#{setMeal},'%')
</select>
<update id="updateReservation">
update pm_base_physical
set
depart_id=#{department},
nosocomium=#{hospital},
base_name_id = #{setMeal}
set_meal = #{checkType}
where is_active = '1' and id=#{id}
</update>
<update id="resetPasswordAll">
update pm_base_physical
set phy_password = #{password}
where is_active = '1'
</update>
</mapper>

4
src/main/resources/mappers/basic/UtilMapper.xml
View File

@ -70,10 +70,6 @@ select count(1) from pm_base_physical where telep_number=#{0} and is_active='1'
select id as `key`,hospital as `value` from pm_base_hospital where is_active ='1'
</select>
<select id="getPackageTypeName" resultType="com.bonus.boot.manager.basic.entity.MapBean">
select id as `key`,type_name AS `value` from pm_base_type_package_name where is_active ='1'
</select>
</mapper>

2
src/main/resources/mappers/physical/EmployeeHealthCheckMapper.xml
View File

@ -67,7 +67,7 @@
where ppr.is_active = '1'
<if test="physicalTime !=null and physicalTime !='null' and physicalTime !=''">
and ppr.create_time like concat ('%',#{physicalTime},'%')
AND SUBSTRING(ppr.create_time, 1, 4) = #{physicalTime}
</if>
<if test="physicalStatus !=null and physicalStatus !='null' and physicalStatus !=''">
and pbpa.appoint_status = #{physicalStatus}

24
src/main/resources/mappers/statistics/resStatistcsMapper.xml
View File

@ -6,7 +6,7 @@
SELECT a.phy_appont_time as `key`,COUNT(a.id) as `value`
FROM pm_base_phy_appont a
LEFT JOIN pm_base_physical b on b.id = a.user_id
WHERE a.if_cancel ='2' and b.is_active = '1'
WHERE a.if_cancel ='2' and b.is_active = '1' and a.if_career_appoint = '2'
<if test="hospitalId !=null and hospitalId !='null'">
<if test="type == 1">
@ -44,17 +44,15 @@
a.phy_name AS personName,
a.idcard AS idNumber,
a.age,
case when check_content_id != "" THEN '常规体检'
else '职业体检' END AS checkContentId,
-- CASE
-- WHEN check_content_id = 1 THEN
-- '心血管'
-- WHEN check_content_id = 2 THEN
-- '肿瘤'
-- WHEN check_content_id = 3 THEN
-- '综合'
-- ELSE
-- '' end AS checkContentId,
CASE
WHEN check_content_id = 1 THEN
'心血管'
WHEN check_content_id = 2 THEN
'肿瘤'
WHEN check_content_id = 3 THEN
'综合'
ELSE
'' end AS checkContentId,
IF (a.sex = '0', '男', '女') AS sex,
# IF (b.if_edu = '0', '否', '是') AS ifEdu,
IF(a.if_higher = '0', '否', '是') AS higherJob,
@ -77,7 +75,7 @@
WHERE
if_cancel = '2' AND (check_content_id != "" OR check_content_id IS NOT NULL)
) b ON a.id = b.user_id and a.is_active ='1'
LEFT JOIN pm_organization pmo ON pmo.ID = a.depart_id and pmo.IS_ACTIVE ='1'
LEFT JOIN pm_phy_organization pmo ON pmo.ID = a.depart_id and pmo.IS_ACTIVE ='1'
LEFT JOIN pm_base_hospital pbh ON pbh.id = b.hospital_id and pbh.is_active = '1'
LEFT JOIN sys_user sysu ON sysu.id = b.appoint_name_id and sysu.is_active ='1'
WHERE

4
src/main/resources/readme.md
View File

@ -1,3 +1 @@
1.notMerge分支用于修改体检名称-施亮提出
2.不能与主分支master合并
3.更新日期 2025-06-30
1.主分支

2
src/main/resources/static/index.html
View File

@ -136,7 +136,7 @@
</div>
<div class="site-mobile-shade"></div>
<script type="text/javascript" src="layui-v2.8.3/layui/layui.js"></script>
<script type="text/javascript" src="js/libs/jquery-2.1.1.min.js"></script>
<script type="text/javascript" src="js/libs/jquery-3.7.1.min.js"></script>
<script type="text/javascript" src="js/common_methon.js"></script>
<script type="text/javascript" src="js/jq.js"></script>
<script type="text/javascript" src="js/publicJs.js"></script>

7021
src/main/resources/static/js/jedate/moment.min.js vendored
View File

File diff suppressed because it is too large Load Diff

6
src/main/resources/static/js/jquery/jquery-1.10.2.min.js vendored
View File

File diff suppressed because one or more lines are too long

4
src/main/resources/static/js/jquery/jquery-3.7.1.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

4
src/main/resources/static/js/libs/jquery-2.1.1.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
src/main/resources/static/js/libs/jquery-3.7.1.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

8
src/main/resources/static/js/plugin/datatables/jquery.dataTables.min.js vendored
View File

File diff suppressed because one or more lines are too long

27
src/main/resources/static/js/select.js
View File

@ -223,31 +223,4 @@ function getHazard(form,hazard) {
console.log("获取危害因素下拉列表出错:", err);
}
});
}
function getPackageTypeName(form,baseNameId) {
$("#baseNameId").html("");
$.ajax({
type: 'post',
url: ctxPath + '/utilConnection/getPackageTypeName',
data: {
},
async: false,
success: function (data) {
var html = '<option value="">--请选择套餐类型--</option>';
for (var i = 0; i < data.length; i++) {
if (baseNameId == data[i].key) {
html += '<option selected="selected" value=\'' + data[i].key + '\'>' + data[i].value + '</option>';
} else {
html += '<option value=\'' + data[i].key + '\'>' + data[i].value + '</option>';
}
}
$("#baseNameId").html(html);
layui.form.render('select'); //这里就是我们要渲染的地方了
},
error: function (err) {
console.log("获取套餐类型下拉列表出错:", err);
}
});
}

5
src/main/resources/static/js/work/basic/PackageTypeList.js
View File

@ -15,8 +15,9 @@ layui.use(['table', 'layer', 'laydate', 'jquery', 'form'], function () {
{
field: 'number', width:120,title: '序号', align: 'center', type: 'numbers'
}
, {field: 'typeName', align: 'center', title: '类型名称'}
, {fixed: 'right', title: '操作', align: 'center', toolbar: '#toolsBar'}
, {field: 'typeName', align: 'center', title: '类型名称'}
, {field: 'packageDescri', align: 'center', title: '套餐描述'}
, {fixed: 'right', title: '操作', width: 200, align: 'center', toolbar: '#toolsBar'}
]]
, id: 'menuTable'
, page: true //开启分页

72
src/main/resources/static/js/work/basic/PersonnelLibraryList.js
View File

@ -38,7 +38,7 @@ layui.use(['table', 'layer', 'laydate', 'jquery', 'form'], function () {
, {field: 'personnelType', width: 120, align: 'center', title: '人员类型'}
, {field: 'specialPost', width: 150, align: 'center', title: '是否特殊岗位'}
, {field: 'hospital', width: 150, align: 'center', title: '体检医院'}
, {field: 'typeName', width: 150, align: 'center', title: '体检套餐'}
, {field: 'setMeal', width: 150, align: 'center', title: '体检套餐'}
, {fixed: 'right',width: 270, title: '操作', align: 'center', toolbar: '#toolsBar'}
]]
, id: 'menuTable'
@ -261,74 +261,4 @@ function importExcelYu() {
}
});
$("#articleImageFileYu").val("");
}
function fetchExcelNew(){
window.location.href = ctxPath + "/download/download?filename=预约体检模版.xlsx"
}
function importExcelNew() {
var formData = new FormData($('form')[0]);
var name = $("#articleImageFileNew").val();
if (name == null || name == "") {
layer.msg("请上传Excel表格(.xlsx)");
return;
}
if (!(name.endsWith(".xlsx"))) {
layer.msg("请上传正确的Excel表格(.xlsx)!");
$("#articleImageFileNew").val("");
return;
}
formData.append("file", $("#articleImageFileNew")[0].files[0]);
console.log(formData)
var idx = layer.msg('正在提交数据,请稍等...', {
icon: 16
, shade: 0.01
, time: '-1'
});
$.ajax({
url: ctxPath + "/export/reservationNew",
type: 'POST',
async: true,
data: formData,
timeout: 60 * 1000 * 10,
// 告诉jQuery不要去处理发送的数据
processData: false,
// 告诉jQuery不要去设置Content-Type请求头
contentType: false,
success: function (data) {
if (data.resMsg == '导入成功') {
showMessages('导入成功!', true);
setTimeout(() => {
window.location.reload();
}, 30001)
} else {
showMessage(data.resMsg, false);
}
console.log(data)
},
error: function (XMLHttpRequest, textStatus, errorThrown) {
console.log(JSON.stringify(errorThrown));
layer.close(idx);
}
});
$("#articleImageFileNew").val("");
}
/**
* 重置密码
* @param id
*/
function resetPasswordAll(){
layer.confirm('确定要重置密码吗?', {
btn : [ '确定', '取消' ]
}, function() {
ajaxCommonMethods('/personnelLibrary/resetPasswordAll',{},"重置成功","重置失败","1");
layer.close(1);
});
}

13
src/main/resources/static/js/work/statistics/reservation/resStatisticsChildList.js
View File

@ -35,19 +35,10 @@ layui.use(['table', 'layer', 'laydate', 'jquery', 'form'], function () {
, {field: 'higherJob', width: 240, align: 'center', title: '是否高职'}
, {field: 'reservationTime', width: 200, align: 'center', title: '预约体检时间'}
, {field: 'name', width: 200, align: 'center', title: '预约医院'}
, {field: 'checkContentId', width: 200, align: 'center', title: '预约体检',
// templet:function(res){
// var checkContentId = res.checkContentId;
// if(checkContentId){
// return "常规体检";
// }else{
// return "职业体检";
// }
// }
}
, {field: 'checkContentId', width: 200, align: 'center', title: '预约套餐'}
, {field: 'combName', width: 200, align: 'center', title: '套餐名称'}
, {field: 'operateTime', width: 130, align: 'center', title: '操作时间'}
// , {field: 'operatePerson', width: 120, align: 'center', title: '操作人员'}
, {field: 'operatePerson', width: 120, align: 'center', title: '操作人员'}
]]
,done: function (res, curr, count) {
var state = "";

2
src/main/resources/static/pages/institution/orgList.html
View File

@ -5,7 +5,7 @@
<title>Insert title here</title>
<link rel="icon" href="img/favicon.ico" type="image/x-icon" />
<script src="../../js/jquery/jquery-1.10.2.min.js"></script>
<script src="../../js/jquery/jquery-3.7.1.min.js"></script>
<script type="text/javascript" src="../../layui/layui.all.js"></script>
<script type="text/javascript" src="../../js/publicJs.js"></script>
<script type="text/javascript" src="../../js/jq.js"></script>

2
src/main/resources/static/pages/institution/orgList01.html
View File

@ -5,7 +5,7 @@
<title>Insert title here</title>
<link rel="icon" href="img/favicon.ico" type="image/x-icon" />
<script src="../../js/jquery/jquery-1.10.2.min.js"></script>
<script src="../../js/jquery/jquery-3.7.1.min.js"></script>
<script type="text/javascript" src="../../layui/layui.all.js"></script>
<script type="text/javascript" src="../../js/publicJs.js"></script>
<script type="text/javascript" src="../../js/jq.js"></script>

15
src/main/resources/static/pages/work/basic/PackageTypeForm.html
View File

@ -44,16 +44,22 @@
<div class="layui-form-item" style="margin-top: 10%;">
<div class="layui-inline">
<label class="layui-form-label"><i class="tip-required" style="color: red;font-size: 20px">*</i>类型名称:</label>
<input type="text" name="typeName" maxlength="40" lay-verify="required" id="typeName" required class="layui-input">
<!-- <input type="text" name="typeName" minlength="2" maxlength="10" title="字数2-10" lay-verify="required" id="typeName" required class="layui-input">-->
<select class="layui-select" id="typeName" lay-verify="required" name="typeName">
<option value="">--请选择类型名称--</option>
<option value="1">标准套餐</option>
<option value="2">个性化套餐</option>
<option value="3">职业健康套餐</option>
</select>
</div>
</div>
<!--<div class="layui-form-item" style="margin-top: 20px;">
<div class="layui-form-item" style="margin-top: 20px;">
<div class="layui-inline">
<label class="layui-form-label"><i class="tip-required" style="color: red;font-size: 20px">*</i>套餐描述:</label>
<input type="text" name="packageDescri" minlength="4" maxlength="30" title="字数4-30"
lay-verify="required" id="packageDescri" required class="layui-input">
</div>
</div>-->
</div>
<div class="layui-form-item" style="display: none">
<div class="layui-input-block">
<button type="submit" class="layui-btn subBtn" id="commit" lay-submit lay-filter="formDemo">提交
@ -190,7 +196,8 @@
var resMsg = data.resMsg;
if ("数据获取成功" == resMsg) {
let info = data.obj.BaseTypePackageBean;
$("#typeName").val(info.typeName);
$("#typeName").find('option[value=\'' + info.typeName + '\']').prop("selected", "selected");
$("#packageDescri").val(info.packageDescri);
form.render();
}
},

8
src/main/resources/static/pages/work/basic/PackageTypeList.html
View File

@ -93,7 +93,13 @@
<div class="layui-form-item">
<div class="layui-input-inline" style="width: 30%;">
<label class="layui-form-label" style="width: 37%;">套餐类型名称:</label>
<input type="text" id="typeName" maxlength="40" title="字数40" placeholder="请输入套餐类型名称" autocomplete="off" class="layui-input">
<!-- <input type="text" id="typeName" placeholder="请输入套餐类型名称" autocomplete="off" class="layui-input">-->
<select class="layui-select" id="typeName" name="typeName">
<option value="">--请选择类型名称--</option>
<option value="1">标准套餐</option>
<option value="2">个性化套餐</option>
<option value="3">职业健康套餐</option>
</select>
</div>
<div class="layui-inline" style="width: 5%;margin-top: 4px">

24
src/main/resources/static/pages/work/basic/PersonnelLibraryForm.html
View File

@ -145,17 +145,20 @@
<div class="layui-form-item" style="margin-top: 20px;">
<div class="layui-inline">
<label class="layui-form-label"><i class="tip-required" style="color: red;font-size: 20px">*</i>体检医院:</label>
<select id="hospital" class="layui-select" name="hospital" lay-verify="required">
<label class="layui-form-label">体检医院:</label>
<select id="hospital" class="layui-select" name="hospital">
</select>
</div>
</div>
<div class="layui-form-item" style="margin-top: 20px;">
<div class="layui-inline">
<label class="layui-form-label"><i class="tip-required" style="color: red;font-size: 20px">*</i>体检套餐:</label>
<select id="baseNameId" name="baseNameId" lay-verify="required">
<label class="layui-form-label">体检套餐:</label>
<select id="setMeal" name="setMeal">
<option value="">选择套餐</option>
<option value="1">心血管</option>
<option value="2">肿瘤</option>
<option value="3">综合</option>
</select>
</div>
</div>
@ -218,12 +221,6 @@
* 部门下拉树
*/
loadOrgTree();
/**
* 体检套餐下拉框
*/
getPackageTypeName(form,null)
/**
* 修改方法调用数据回显
*/
@ -373,10 +370,7 @@
$("#idNumber").prop("readonly", true);
$("#phone").prop("readonly", true);
getExaminationHospital(form, info.hospital);
getPackageTypeName(form, info.baseNameId)
// $("#setMeal").find('option[value=\'' + info.setMeal + '\']').prop("selected", "selected");
$("#setMeal").find('option[value=\'' + info.setMeal + '\']').prop("selected", "selected");
form.render();
// isSpecial('higherJob');
if (info.higherJob == '1'){

15
src/main/resources/static/pages/work/basic/PersonnelLibraryList.html
View File

@ -113,7 +113,7 @@
</div>
<div class="layui-input-inline" style="width: 20%;">
<label class="layui-form-label" style="width: 30%;padding: 12px 0px">高职人员:</label>
<label class="layui-form-label" style="width: 30%;;padding: 12px 0px">高职人员:</label>
<select class="layui-select" id="higherJob" name="higherJob">
<option value="">--请选择是否高职人员--</option>
<option value="1"></option>
@ -148,18 +148,5 @@
<button id="importExcelYu" style="margin-bottom: 3px" onclick="importExcelYu()" class="layui-btn layui-btn-sm" ><i class="layui-icon">&#xe601;</i>导入预约</button>
</div>
<div class="layui-inline" style="width: 6%;margin-top: 4px">
<button id="exportBtnNew" class="layui-btn layui-btn-sm" onclick="fetchExcelNew()" ><i class="layui-icon">&#xe67d;</i>导出预约模板-新</button>
</div>
<div class="layui-inline" >
<input id="articleImageFileNew" name="excelFile" type="file" class="form-control" style="width: 200px; padding-top: 8px;margin-left: 70px;" />
<button id="importExcelNew" style="margin-bottom: 3px" onclick="importExcelNew()" class="layui-btn layui-btn-sm" ><i class="layui-icon">&#xe601;</i>导入预约-新</button>
</div>
<div class="layui-inline">
<button class="layui-btn layui-btn-sm" onclick="resetPasswordAll()" permission="sys:reset:all" ><i class="layui-icon">&#xe67d;</i>全员重置密码</button>
</div>
</div>
</script>