diff --git a/auth/src/main/java/com/bonus/auth/controller/TokenController.java b/auth/src/main/java/com/bonus/auth/controller/TokenController.java index f60943f..c877fa0 100644 --- a/auth/src/main/java/com/bonus/auth/controller/TokenController.java +++ b/auth/src/main/java/com/bonus/auth/controller/TokenController.java @@ -22,7 +22,6 @@ import javax.servlet.http.HttpServletRequest; * * @author zys */ -@CrossOrigin @RestController public class TokenController { diff --git a/gateway/src/main/java/com/bonus/gateway/config/CorsConfig.java b/gateway/src/main/java/com/bonus/gateway/config/CorsConfig.java index 2c55e3f..4fe7108 100644 --- a/gateway/src/main/java/com/bonus/gateway/config/CorsConfig.java +++ b/gateway/src/main/java/com/bonus/gateway/config/CorsConfig.java @@ -1,30 +1,30 @@ -package com.bonus.gateway.config; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.cors.CorsConfiguration; -import org.springframework.web.cors.reactive.CorsWebFilter; -import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; -import org.springframework.web.util.pattern.PathPatternParser; - -/** - * 跨域处理请求配置 - * @author 黑子 - */ -@Configuration -public class CorsConfig { - @Bean - public CorsWebFilter corsFilter() { - CorsConfiguration config = new CorsConfiguration(); - // 是什么请求方法,比如GET POST PUT DELATE ... - config.addAllowedMethod("*"); - // 来自哪个域名的请求,*号表示所有 - config.addAllowedOrigin("*"); - // 来自哪个域名的请求,*号表示所有 - config.addAllowedOriginPattern("*"); - // 是什么请求头部 - config.addAllowedHeader("*"); - UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser()); - source.registerCorsConfiguration("/**", config); - return new CorsWebFilter(source); - } -} \ No newline at end of file +//package com.bonus.gateway.config; +//import org.springframework.context.annotation.Bean; +//import org.springframework.context.annotation.Configuration; +//import org.springframework.web.cors.CorsConfiguration; +//import org.springframework.web.cors.reactive.CorsWebFilter; +//import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource; +//import org.springframework.web.util.pattern.PathPatternParser; +// +///** +// * 跨域处理请求配置 +// * @author 黑子 +// */ +//@Configuration +//public class CorsConfig { +// +// @Bean +// public CorsWebFilter corsWebFilter() { +// CorsConfiguration config = new CorsConfiguration(); +// config.addAllowedOrigin("*"); +// config.addAllowedMethod("*"); +// config.addAllowedHeader("*"); +// config.addAllowedOriginPattern("*"); +// config.setAllowCredentials(false); +// config.setMaxAge(3600L); +// +// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); +// source.registerCorsConfiguration("/**", config); +// return new CorsWebFilter(source); +// } +//} \ No newline at end of file diff --git a/gateway/src/main/java/com/bonus/gateway/xss/CacheBodyGlobalFilter.java b/gateway/src/main/java/com/bonus/gateway/xss/CacheBodyGlobalFilter.java deleted file mode 100644 index 89c48ea..0000000 --- a/gateway/src/main/java/com/bonus/gateway/xss/CacheBodyGlobalFilter.java +++ /dev/null @@ -1,61 +0,0 @@ -package com.bonus.gateway.xss; - - -import org.springframework.cloud.gateway.filter.GatewayFilterChain; -import org.springframework.cloud.gateway.filter.GlobalFilter; -import org.springframework.core.Ordered; -import org.springframework.core.io.buffer.DataBuffer; -import org.springframework.core.io.buffer.DataBufferUtils; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.MediaType; -import org.springframework.http.server.reactive.ServerHttpRequest; -import org.springframework.http.server.reactive.ServerHttpRequestDecorator; -import org.springframework.stereotype.Component; -import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Flux; -import reactor.core.publisher.Mono; - -/** - * @Author: - * @Description: 这个过滤器解决body不能重复读的问题,为后续的XssRequestGlobalFilter重写post|put请求的body做准备 - * @Date: - *

- * 没把body的内容放到attribute中去,因为从attribute取出body内容还是需要强转成 Flux,然后转换成String,和直接读取body没有什么区别 - */ -@Component -public class CacheBodyGlobalFilter implements Ordered, GlobalFilter { - @Override - public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) { - HttpMethod method = exchange.getRequest().getMethod(); - String contentType = exchange.getRequest().getHeaders().getFirst(HttpHeaders.CONTENT_TYPE); - if (method == HttpMethod.POST || method == HttpMethod.PUT) { - if (MediaType.APPLICATION_FORM_URLENCODED_VALUE.equalsIgnoreCase(contentType) - || MediaType.APPLICATION_JSON_VALUE.equalsIgnoreCase(contentType) - || MediaType.APPLICATION_JSON_UTF8_VALUE.equals(contentType)) { - return DataBufferUtils.join(exchange.getRequest().getBody()) - .flatMap(dataBuffer -> { - DataBufferUtils.retain(dataBuffer); - Flux cachedFlux = Flux - .defer(() -> Flux.just(dataBuffer.slice(0, dataBuffer.readableByteCount()))); - ServerHttpRequest mutatedRequest = new ServerHttpRequestDecorator( - exchange.getRequest()) { - @Override - public Flux getBody() { - return cachedFlux; - } - }; - return chain.filter(exchange.mutate().request(mutatedRequest).build()); - }); - } - - } - return chain.filter(exchange); - } - - @Override - public int getOrder() { - return Ordered.HIGHEST_PRECEDENCE; - } -} - diff --git a/gateway/src/main/java/com/bonus/gateway/xss/XssCleanRuleUtils.java b/gateway/src/main/java/com/bonus/gateway/xss/XssCleanRuleUtils.java deleted file mode 100644 index f785769..0000000 --- a/gateway/src/main/java/com/bonus/gateway/xss/XssCleanRuleUtils.java +++ /dev/null @@ -1,124 +0,0 @@ -package com.bonus.gateway.xss; - - - -import com.alibaba.fastjson.JSON; -import com.alibaba.fastjson.JSONArray; -import com.alibaba.fastjson.JSONObject; -import org.jsoup.Jsoup; -import org.jsoup.nodes.Document; -import org.jsoup.safety.Whitelist; -import org.springframework.core.io.ClassPathResource; - -import java.io.IOException; -import java.io.InputStream; -import java.util.Iterator; -import java.util.regex.Pattern; - -/** - * @Author: - * @Description: xss过滤工具 - * @Date: - */ -public class XssCleanRuleUtils { - - //xss过滤规则(对于script、src及加载事件和弹窗事件的代码块) - private final static Pattern[] scriptPatterns = { - Pattern.compile("", Pattern.CASE_INSENSITIVE), - Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), - Pattern.compile("", Pattern.CASE_INSENSITIVE), - Pattern.compile("", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), - Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), - Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL), - Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE), - Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE), - Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL) - }; - - //非富文本的 - public static String xssClean(String value) { - if (value != null) { - value = value.replaceAll("\0|\n|\r", ""); - for (Pattern pattern : scriptPatterns) { - value = pattern.matcher(value).replaceAll(""); - } - value = value.replaceAll("<", "<").replaceAll(">", ">"); - } - return value; - - } - - //富文本的 - public static String xssClean2(String value) { - if (value != null) { - value = value.replaceAll("\0|\n|\r", ""); - for (Pattern pattern : scriptPatterns) { - value = pattern.matcher(value).replaceAll(""); - } - } - return value; - } - - - - //自定义的json白名单 - private static final ClassPathResource jsoupWhiteListPathRes = new ClassPathResource("/json/xssWhiteList.json"); - //配置过滤化参数, 不对代码进行格式化 - private static final Document.OutputSettings outputSettings = new Document.OutputSettings().prettyPrint(false); - //富文本的(使用了Jsoup) - public static String xssRichTextClean(String value) { - // 创建一个自定义的白名单,基于Jsoup的默认白名单 - Whitelist customWhitelist = Whitelist.basic(); - InputStream whiteConfig = null; - try { - whiteConfig = jsoupWhiteListPathRes.getInputStream(); - } catch (IOException e) { - e.printStackTrace(); - } - if (whiteConfig == null) { - throw new RuntimeException("读取jsoup xss 白名单文件失败"); - } else { - try { - JSONObject whiteListJson = JSON.parseObject(whiteConfig, JSONObject.class); - - //添加标签 addTags - JSONArray addTagsJsonArr = whiteListJson.getJSONArray("addTags"); - String[] addTagsArr = addTagsJsonArr.toArray(new String[0]); - customWhitelist.addTags(addTagsArr); - - - //添加属性 addAttributes - JSONArray addAttrJsonArr = whiteListJson.getJSONArray("addAttributes"); - Iterator iter = addAttrJsonArr.iterator(); - while (iter.hasNext()) { - JSONObject attrJsonObj = (JSONObject) iter.next(); - String tag = attrJsonObj.getString("tag"); - JSONArray attrJsonArr = attrJsonObj.getJSONArray("attributes"); - String[] attrArr = attrJsonArr.toArray(new String[0]); - customWhitelist.addAttributes(tag, attrArr); - } - - - //添加 addProtocols - JSONArray addProtoJsonArr = whiteListJson.getJSONArray("addProtocols"); - iter = addProtoJsonArr.iterator(); - while (iter.hasNext()) { - JSONObject attrJsonObj = (JSONObject) iter.next(); - String tag = attrJsonObj.getString("tag"); - String attribute = attrJsonObj.getString("attribute"); - JSONArray protoJsonArr = attrJsonObj.getJSONArray("protocols"); - String[] protocolArr = protoJsonArr.toArray(new String[0]); - customWhitelist.addProtocols(tag, attribute, protocolArr); - } - - - } catch (IOException e) { - e.printStackTrace(); - } - } - value =Jsoup.clean(value, "", customWhitelist, outputSettings); - return value; - } -} - - diff --git a/gateway/src/main/java/com/bonus/gateway/xss/XssRequestGlobalFilter.java b/gateway/src/main/java/com/bonus/gateway/xss/XssRequestGlobalFilter.java deleted file mode 100644 index 1445932..0000000 --- a/gateway/src/main/java/com/bonus/gateway/xss/XssRequestGlobalFilter.java +++ /dev/null @@ -1,201 +0,0 @@ -package com.bonus.gateway.xss; -import com.bonus.common.core.utils.StringUtils; -import com.bonus.gateway.config.properties.XssProperties; -import io.netty.buffer.ByteBufAllocator; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.cloud.gateway.filter.GatewayFilterChain; -import org.springframework.cloud.gateway.filter.GlobalFilter; -import org.springframework.core.Ordered; -import org.springframework.core.io.buffer.DataBuffer; -import org.springframework.core.io.buffer.DataBufferUtils; -import org.springframework.core.io.buffer.NettyDataBufferFactory; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.server.reactive.ServerHttpRequest; -import org.springframework.http.server.reactive.ServerHttpRequestDecorator; -import org.springframework.http.server.reactive.ServerHttpResponse; -import org.springframework.stereotype.Component; -import org.springframework.web.server.ServerWebExchange; -import org.springframework.web.util.UriComponentsBuilder; -import reactor.core.publisher.Flux; -import reactor.core.publisher.Mono; - -import java.net.URI; -import java.nio.CharBuffer; -import java.nio.charset.StandardCharsets; -import java.util.concurrent.atomic.AtomicReference; -/** - * @Author: - * @Description: 自定义防XSS攻击网关全局过滤器 - * @Date: - */ - -@Component -public class XssRequestGlobalFilter implements GlobalFilter, Ordered { - @Autowired - private XssProperties xss; - private Logger logger = LoggerFactory.getLogger(XssRequestGlobalFilter.class); - /** - * - * @param exchange - * @param chain - * @return - * - * get请求参考spring cloud gateway自带过滤器: - * @see org.springframework.cloud.gateway.filter.factory.AddRequestParameterGatewayFilterFactory - * - * post请求参考spring cloud gateway自带过滤器: - * @see org.springframework.cloud.gateway.filter.factory.rewrite.ModifyRequestBodyGatewayFilterFactory - */ - @Override - public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain){ - // grab configuration from Config object - logger.info("----自定义防XSS攻击网关全局过滤器生效----"); - String path = exchange.getRequest().getPath().toString(); - ServerHttpRequest serverHttpRequest = exchange.getRequest(); - HttpMethod method = serverHttpRequest.getMethod(); - String contentType = serverHttpRequest.getHeaders().getFirst(HttpHeaders.CONTENT_TYPE); - - Boolean postFlag = (method == HttpMethod.POST || method == HttpMethod.PUT) && - (MediaType.APPLICATION_FORM_URLENCODED_VALUE.equalsIgnoreCase(contentType) || MediaType.APPLICATION_JSON_VALUE.equals(contentType) || MediaType.APPLICATION_JSON_UTF8_VALUE.equals(contentType)); - - // get 请求, 参考的是 org.springframework.cloud.gateway.filter.factory.AddRequestParameterGatewayFilterFactory - if (method == HttpMethod.GET) { - URI uri = exchange.getRequest().getURI(); - - String rawQuery = uri.getRawQuery(); - if (StringUtils.isBlank(rawQuery)){ - return chain.filter(exchange); - } - rawQuery = XssCleanRuleUtils.xssClean(rawQuery); - try { - URI newUri = UriComponentsBuilder.fromUri(uri) - .replaceQuery(rawQuery) - .build(true) - .toUri(); - - ServerHttpRequest request = exchange.getRequest().mutate() - .uri(newUri).build(); - return chain.filter(exchange.mutate().request(request).build()); - } catch (Exception e) { - logger.error("get请求清理xss攻击异常", e); - throw new IllegalStateException("Invalid URI query: \"" + rawQuery + "\""); - } - } - //post请求时,如果是文件上传之类的请求,不修改请求消息体 - else if (postFlag){ - // 参考的是 org.springframework.cloud.gateway.filter.factory.AddRequestParameterGatewayFilterFactory - - //从请求里获取Post请求体 - String bodyStr = resolveBodyFromRequest(serverHttpRequest); - // 这种处理方式,必须保证post请求时,原始post表单必须有数据过来,不然会报错 - if (StringUtils.isBlank(bodyStr)) { - logger.error("请求异常:{} POST请求必须传递参数", serverHttpRequest.getURI().getRawPath()); - ServerHttpResponse response = exchange.getResponse(); - response.setStatusCode(HttpStatus.BAD_REQUEST); - byte[] bytes = "{\"code\":400,\"msg\":\"post data error\"}".getBytes(StandardCharsets.UTF_8); - DataBuffer buffer = response.bufferFactory().wrap(bytes); - return response.writeWith(Mono.just(buffer)); - } - //白名单处理(看业务需求) - String url = exchange.getRequest().getURI().getPath(); - boolean containsTarget =StringUtils.matches(url, xss.getExcludeUrls()); - if (containsTarget) { - //bodyStr = XssCleanRuleUtils.xssRichTextClean(bodyStr); - bodyStr = XssCleanRuleUtils.xssClean2(bodyStr); - } else { - bodyStr = XssCleanRuleUtils.xssClean(bodyStr); - } - - URI uri = serverHttpRequest.getURI(); - URI newUri = UriComponentsBuilder.fromUri(uri).build(true).toUri(); - ServerHttpRequest request = exchange.getRequest().mutate().uri(newUri).build(); - DataBuffer bodyDataBuffer = stringBuffer(bodyStr); - Flux bodyFlux = Flux.just(bodyDataBuffer); - - // 定义新的消息头 - HttpHeaders headers = new HttpHeaders(); - headers.putAll(exchange.getRequest().getHeaders()); - - // 由于修改了传递参数,需要重新设置CONTENT_LENGTH,长度是字节长度,不是字符串长度 - int length = bodyStr.getBytes().length; - headers.remove(HttpHeaders.CONTENT_LENGTH); - headers.setContentLength(length); - - // 设置CONTENT_TYPE - if (StringUtils.isNotBlank(contentType)) { - headers.set(HttpHeaders.CONTENT_TYPE, contentType); - } - - // 由于post的body只能订阅一次,由于上面代码中已经订阅过一次body。所以要再次封装请求到request才行,不然会报错请求已经订阅过 - request = new ServerHttpRequestDecorator(request) { - @Override - public HttpHeaders getHeaders() { - long contentLength = headers.getContentLength(); - HttpHeaders httpHeaders = new HttpHeaders(); - httpHeaders.putAll(super.getHeaders()); - if (contentLength > 0) { - httpHeaders.setContentLength(contentLength); - } else { - // this causes a 'HTTP/1.1 411 Length Required' on httpbin.org - httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked"); - } - return httpHeaders; - } - - @Override - public Flux getBody() { - return bodyFlux; - } - }; - - //封装request,传给下一级 - request.mutate().header(HttpHeaders.CONTENT_LENGTH, Integer.toString(bodyStr.length())); - return chain.filter(exchange.mutate().request(request).build()); - } else { - return chain.filter(exchange); - } - - } - - @Override - public int getOrder() { - return -90; - } - - /** - * 从Flux中获取字符串的方法 - * @return 请求体 - */ - private String resolveBodyFromRequest(ServerHttpRequest serverHttpRequest) { - //获取请求体 - Flux body = serverHttpRequest.getBody(); - AtomicReference bodyRef = new AtomicReference<>(); - body.subscribe(buffer -> { - CharBuffer charBuffer = StandardCharsets.UTF_8.decode(buffer.asByteBuffer()); - DataBufferUtils.release(buffer); - bodyRef.set(charBuffer.toString()); - }); - //获取request body - return bodyRef.get(); - } - - /** - * 字符串转DataBuffer - * @param value - * @return - */ - private DataBuffer stringBuffer(String value) { - byte[] bytes = value.getBytes(StandardCharsets.UTF_8); - NettyDataBufferFactory nettyDataBufferFactory = new NettyDataBufferFactory(ByteBufAllocator.DEFAULT); - DataBuffer buffer = nettyDataBufferFactory.allocateBuffer(bytes.length); - buffer.write(bytes); - return buffer; - } - -} - diff --git a/gateway/src/main/java/com/bonus/gateway/xss/XssResponseGlobalFilter.java b/gateway/src/main/java/com/bonus/gateway/xss/XssResponseGlobalFilter.java deleted file mode 100644 index 6929ddb..0000000 --- a/gateway/src/main/java/com/bonus/gateway/xss/XssResponseGlobalFilter.java +++ /dev/null @@ -1,104 +0,0 @@ -package com.bonus.gateway.xss; -import com.bonus.common.core.utils.StringUtils; -import com.bonus.gateway.config.properties.XssProperties; -import lombok.extern.slf4j.Slf4j; -import org.reactivestreams.Publisher; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.cloud.gateway.filter.GatewayFilterChain; -import org.springframework.cloud.gateway.filter.GlobalFilter; -import org.springframework.core.Ordered; -import org.springframework.core.io.buffer.DataBuffer; -import org.springframework.core.io.buffer.DataBufferFactory; -import org.springframework.core.io.buffer.DataBufferUtils; -import org.springframework.core.io.buffer.DefaultDataBufferFactory; -import org.springframework.http.HttpHeaders; -import org.springframework.http.MediaType; -import org.springframework.http.server.reactive.ServerHttpResponse; -import org.springframework.http.server.reactive.ServerHttpResponseDecorator; -import org.springframework.stereotype.Component; -import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Flux; -import reactor.core.publisher.Mono; - -import java.nio.charset.Charset; - -/** - * @Author: - * @Description: 重写Response,防止xss攻击 - * @Date: - */ -@Component -@Slf4j -public class XssResponseGlobalFilter implements Ordered, GlobalFilter { - - @Autowired - private XssProperties xss; - - - @Override - public Mono filter(ServerWebExchange exchange, GatewayFilterChain chain) { - //获取请求url - String path = exchange.getRequest().getPath().toString(); - - ServerHttpResponse originalResponse = exchange.getResponse(); - DataBufferFactory bufferFactory = originalResponse.bufferFactory(); - ServerHttpResponseDecorator decoratedResponse = new ServerHttpResponseDecorator(originalResponse) { - @Override - public Mono writeWith(Publisher body) { - String contentType = getDelegate().getHeaders().getFirst(HttpHeaders.CONTENT_TYPE); - Boolean flag = MediaType.APPLICATION_JSON_VALUE.equals(contentType) || MediaType.APPLICATION_JSON_UTF8_VALUE.equals(contentType); - if (body instanceof Flux && flag) { - Flux fluxBody = (Flux) body; - return super.writeWith(fluxBody.buffer().map(dataBuffer -> { - //如果响应过大,会进行截断,出现乱码, - //然后看api DefaultDataBufferFactory有个join方法可以合并所有的流,乱码的问题解决 - DataBufferFactory dataBufferFactory = new DefaultDataBufferFactory(); - DataBuffer join = null; - try { - join = dataBufferFactory.join(dataBuffer); - byte[] content = new byte[join.readableByteCount()]; - join.read(content); - //释放掉内存 - DataBufferUtils.release(join); - String result = new String(content, Charset.forName("UTF-8")); - //logger.info("result:"+result); - //若为带有富文本的接口,走富文本xss过滤 - String url = exchange.getRequest().getURI().getPath(); - boolean containsTarget = StringUtils.matches(url, xss.getExcludeUrls()); - - if (containsTarget) { - //result = XssCleanRuleUtils.xssRichTextClean(result); - result = XssCleanRuleUtils.xssClean2(result); - } else { - //result就是response的值,对result进行去XSS - result = XssCleanRuleUtils.xssClean(result); - } - byte[] uppedContent = new String(result.getBytes(), Charset.forName("UTF-8")).getBytes(); - return bufferFactory.wrap(uppedContent); - } catch (Exception e) { - // 处理异常,记录日志等 - throw e; - } finally { - if (join != null) { - //释放掉内存 - DataBufferUtils.release(join); - } - } - })); - } - // if body is not a flux. never got there. - return super.writeWith(body); - } - }; - // replace response with decorator - return chain.filter(exchange.mutate().response(decoratedResponse).build()); - } - - @Override - public int getOrder() { - return -50; - } -} - diff --git a/modules/bmw/src/main/java/com/bonus/bmw/planAndRealName/controller/PlanAndRealNameController.java b/modules/bmw/src/main/java/com/bonus/bmw/planAndRealName/controller/PlanAndRealNameController.java index c570a07..42254a2 100644 --- a/modules/bmw/src/main/java/com/bonus/bmw/planAndRealName/controller/PlanAndRealNameController.java +++ b/modules/bmw/src/main/java/com/bonus/bmw/planAndRealName/controller/PlanAndRealNameController.java @@ -37,7 +37,7 @@ import java.util.stream.Collectors; @RestController @RequestMapping("/planAndRealName") @Slf4j -@CrossOrigin +//@CrossOrigin public class PlanAndRealNameController { @Resource(name = "planAndRealNameService") diff --git a/modules/file/src/main/java/com/bonus/file/upload/controller/UploadController.java b/modules/file/src/main/java/com/bonus/file/upload/controller/UploadController.java index 26b6ec6..19855c1 100644 --- a/modules/file/src/main/java/com/bonus/file/upload/controller/UploadController.java +++ b/modules/file/src/main/java/com/bonus/file/upload/controller/UploadController.java @@ -32,7 +32,7 @@ import java.util.*; * 文件上传 * @author zys */ -@CrossOrigin +//@CrossOrigin @RestController @RequestMapping("/file") public class UploadController { @@ -46,7 +46,7 @@ public class UploadController { * 文件上传请求 */ @PostMapping("/upload") - @CrossOrigin + //@CrossOrigin public R upload(HttpServletRequest request) { try { // 上传并返回访问地址 @@ -224,7 +224,7 @@ public class UploadController { * @return */ @PostMapping("uploadmake") - @CrossOrigin + //@CrossOrigin @Log(title = "文件上传请求", businessType = BusinessType.IMPORT) public R uploadmake(HttpServletRequest request) { try { diff --git a/modules/lineProtector/src/main/java/com/bonus/lineProtector/homepage/controller/HomePageController.java b/modules/lineProtector/src/main/java/com/bonus/lineProtector/homepage/controller/HomePageController.java index 44705e7..709a393 100644 --- a/modules/lineProtector/src/main/java/com/bonus/lineProtector/homepage/controller/HomePageController.java +++ b/modules/lineProtector/src/main/java/com/bonus/lineProtector/homepage/controller/HomePageController.java @@ -16,7 +16,7 @@ import javax.annotation.Resource; * 后端首页 * @author admin */ -@CrossOrigin +//@CrossOrigin @RestController @RequestMapping("/lineProjectHomePage") public class HomePageController { diff --git a/modules/lineProtector/src/main/java/com/bonus/lineProtector/inspectionPlan/controller/InspectionPlanController.java b/modules/lineProtector/src/main/java/com/bonus/lineProtector/inspectionPlan/controller/InspectionPlanController.java index e790420..f880ecf 100644 --- a/modules/lineProtector/src/main/java/com/bonus/lineProtector/inspectionPlan/controller/InspectionPlanController.java +++ b/modules/lineProtector/src/main/java/com/bonus/lineProtector/inspectionPlan/controller/InspectionPlanController.java @@ -33,7 +33,7 @@ import java.util.Map; * @date 2024/8/14 * @description 巡视计划 */ -@CrossOrigin +//@CrossOrigin @RestController @RequestMapping("/inspectionPlan") public class InspectionPlanController extends ResultController { diff --git a/modules/lineProtector/src/main/java/com/bonus/lineProtector/project/controller/LineProjectController.java b/modules/lineProtector/src/main/java/com/bonus/lineProtector/project/controller/LineProjectController.java index c3c6bd6..bc6fcdc 100644 --- a/modules/lineProtector/src/main/java/com/bonus/lineProtector/project/controller/LineProjectController.java +++ b/modules/lineProtector/src/main/java/com/bonus/lineProtector/project/controller/LineProjectController.java @@ -37,7 +37,7 @@ import java.util.Objects; * * @author admin */ -@CrossOrigin +//@CrossOrigin @RestController @RequestMapping("/lineProject") public class LineProjectController extends ResultController { diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/PerAttendanceController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/PerAttendanceController.java index 37d8507..ecba88c 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/PerAttendanceController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/PerAttendanceController.java @@ -19,7 +19,7 @@ import java.util.Map; * 人员考勤统计 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/perAttendance") public class PerAttendanceController { @Resource(name = "perAttendanceService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/PlanRiskPlanController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/PlanRiskPlanController.java index 497124c..ce51ec0 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/PlanRiskPlanController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/PlanRiskPlanController.java @@ -16,7 +16,7 @@ import java.util.Map; * 作业计划 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/planRiskPlan") public class PlanRiskPlanController { @Resource(name = "planRiskPlanService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/ProBranchAnalyseController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/ProBranchAnalyseController.java index 25fa6a9..78a16b9 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/ProBranchAnalyseController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/ProBranchAnalyseController.java @@ -15,7 +15,7 @@ import java.util.Map; * 工程分布分析 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/proBranch") public class ProBranchAnalyseController { @Resource(name = "proBranchAnalyseService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/SubTypeController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/SubTypeController.java index 9f0a309..4df29a8 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/SubTypeController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/SubTypeController.java @@ -17,7 +17,7 @@ import java.util.*; * 人员评价统计 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/subType") public class SubTypeController { @Resource(name = "subTypeService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/ToolController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/ToolController.java index 354c82b..cee5d32 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/ToolController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/ToolController.java @@ -18,7 +18,7 @@ import java.util.List; * 工具类 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/tool") public class ToolController { @Resource(name = "toolService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/UserController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/UserController.java index e89482d..2d56cec 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/UserController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/UserController.java @@ -16,7 +16,7 @@ import java.util.List; import java.util.Map; @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/user") public class UserController { @Resource(name = "userService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/WorkPeopleController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/WorkPeopleController.java index 5fc6756..5767874 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/WorkPeopleController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/WorkPeopleController.java @@ -18,7 +18,7 @@ import java.util.List; * 施工人员统计 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/workPeople") public class WorkPeopleController { @Resource(name = "workPeopleService") diff --git a/modules/mw/src/main/java/com/bonus/mw/home/controller/proInAnalyseController.java b/modules/mw/src/main/java/com/bonus/mw/home/controller/proInAnalyseController.java index fa54a36..ac6e256 100644 --- a/modules/mw/src/main/java/com/bonus/mw/home/controller/proInAnalyseController.java +++ b/modules/mw/src/main/java/com/bonus/mw/home/controller/proInAnalyseController.java @@ -18,7 +18,7 @@ import java.util.Map; * 工程投入分析 */ @RestController -@CrossOrigin +//@CrossOrigin @RequestMapping("/proIn") public class proInAnalyseController { @Resource(name = "proInAnalyseService") diff --git a/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/DayPlanStatisticsController.java b/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/DayPlanStatisticsController.java index 00fed0f..f5ac99e 100644 --- a/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/DayPlanStatisticsController.java +++ b/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/DayPlanStatisticsController.java @@ -130,7 +130,7 @@ public class DayPlanStatisticsController { } @GetMapping("getProduceName") - @CrossOrigin + //@CrossOrigin @Log(title = "获取作业类别", businessType = BusinessType.SELECT) public R getProduceName(DayPlanStatisticsBean bean){ try { @@ -315,7 +315,7 @@ public class DayPlanStatisticsController { } @GetMapping("getType") - @CrossOrigin + //@CrossOrigin @Log(title = "获取类型", businessType = BusinessType.SELECT) public R getType(){ try { diff --git a/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/MonthlyPlanStatisticsController.java b/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/MonthlyPlanStatisticsController.java index 73925cb..76b3955 100644 --- a/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/MonthlyPlanStatisticsController.java +++ b/modules/oiPlan/src/main/java/com/bonus/oiplan/planStatistics/controller/MonthlyPlanStatisticsController.java @@ -126,7 +126,7 @@ public class MonthlyPlanStatisticsController { } @GetMapping("getTaskSource") - @CrossOrigin + //@CrossOrigin @Log(title = "获取运检站", businessType = BusinessType.SELECT) public R getTaskSource(MonthlyPlanStatisticsBean bean){ try { diff --git a/modules/oiPlan/src/main/java/com/bonus/oiplan/planSubmission/controller/MonthlyPlanSubmissionController.java b/modules/oiPlan/src/main/java/com/bonus/oiplan/planSubmission/controller/MonthlyPlanSubmissionController.java index 26a6809..8c73f94 100644 --- a/modules/oiPlan/src/main/java/com/bonus/oiplan/planSubmission/controller/MonthlyPlanSubmissionController.java +++ b/modules/oiPlan/src/main/java/com/bonus/oiplan/planSubmission/controller/MonthlyPlanSubmissionController.java @@ -81,7 +81,7 @@ public class MonthlyPlanSubmissionController { } @GetMapping("getTaskSource") - @CrossOrigin + //@CrossOrigin @Log(title = "获取任务来源", businessType = BusinessType.SELECT) public R getTaskSource() { try { diff --git a/modules/system/src/main/java/com/bonus/system/basic/controller/DictController.java b/modules/system/src/main/java/com/bonus/system/basic/controller/DictController.java index 44fa6ec..beddc6f 100644 --- a/modules/system/src/main/java/com/bonus/system/basic/controller/DictController.java +++ b/modules/system/src/main/java/com/bonus/system/basic/controller/DictController.java @@ -10,7 +10,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import java.util.List; -@CrossOrigin +//@CrossOrigin @RestController @RequestMapping("/dicts") @Slf4j diff --git a/modules/system/src/main/java/com/bonus/system/basic/controller/SelectController.java b/modules/system/src/main/java/com/bonus/system/basic/controller/SelectController.java index b0882fa..4646dda 100644 --- a/modules/system/src/main/java/com/bonus/system/basic/controller/SelectController.java +++ b/modules/system/src/main/java/com/bonus/system/basic/controller/SelectController.java @@ -31,7 +31,7 @@ public class SelectController { private SelectService service; @GetMapping("getCompany") - @CrossOrigin + //@CrossOrigin @Log(title = "查询公司", businessType = BusinessType.SELECT) public R getCompany(SelectBean o){ if(StringUtils.isEmpty(o.getCompanyId())){ @@ -42,7 +42,7 @@ public class SelectController { } @GetMapping("getPro") - @CrossOrigin + //@CrossOrigin @Log(title = "查询工程-companyId", businessType = BusinessType.SELECT) public R getPro(SelectBean o){ if(StringUtils.isEmpty(o.getCompanyId())) { @@ -53,7 +53,7 @@ public class SelectController { } @GetMapping("getNoticeType") - @CrossOrigin + //@CrossOrigin @Log(title = "获取公告类型", businessType = BusinessType.SELECT) public R getNoticeType(SelectBean o){ @@ -61,7 +61,7 @@ public class SelectController { } @GetMapping("getProByOrgId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询工程-orgId", businessType = BusinessType.SELECT) public R getProByOrgId(SelectBean o){ SelfPermissionSettingUtils.getSelfPermissionByOrgId(o); @@ -69,14 +69,14 @@ public class SelectController { } @GetMapping("getProByTeamId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询工程-teamId", businessType = BusinessType.SELECT) public R getProByTeamId(SelectBean o){ return service.getProByTeamId(o); } @GetMapping("getTeamByProId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询班组-proId", businessType = BusinessType.SELECT) public R getTeamByProId(SelectBean o){ SelfPermissionSettingUtils.getSelfPermissionByOrgId(o); @@ -84,14 +84,14 @@ public class SelectController { } @GetMapping("getTeamBySubId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询班组-subId", businessType = BusinessType.SELECT) public R getTeamBySubId(SelectBean o){ return service.getTeamBySubId(o); } @GetMapping("getProBuildByOrgId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询在建工程-orgId", businessType = BusinessType.SELECT) public R getProBuildByOrgId(SelectBean o){ SelfPermissionSettingUtils.getSelfPermissionByOrgId(o); @@ -99,7 +99,7 @@ public class SelectController { } @GetMapping("getRole") - @CrossOrigin + //@CrossOrigin @Log(title = "查询角色", businessType = BusinessType.SELECT) public R getRole(SelectBean o){ if(StringUtils.isEmpty(o.getCompanyId())) { @@ -110,14 +110,14 @@ public class SelectController { } @GetMapping("getRoleByLevel") - @CrossOrigin + //@CrossOrigin @Log(title = "查询角色根据等级", businessType = BusinessType.SELECT) public R getRoleByLevel(SelectBean o){ return service.getRoleByLevel(o); } @GetMapping("getSub") - @CrossOrigin + //@CrossOrigin @Log(title = "查询分包商", businessType = BusinessType.SELECT) public R getSub(SelectBean o){ return service.getSub(o); @@ -125,7 +125,7 @@ public class SelectController { @GetMapping("getCerSub") - @CrossOrigin + //@CrossOrigin @Log(title = "查询证件模块分包商", businessType = BusinessType.SELECT) public R getCerSub(SelectBean o){ String roleLevel = SecurityUtils.getLoginUser().getSysUser().getRoleLevel(); @@ -137,28 +137,28 @@ public class SelectController { } @GetMapping("getProBySubId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询分包商下的工程", businessType = BusinessType.SELECT) public R getProBySubId(SelectBean o){ return service.getProBySubId(o); } @GetMapping("getAttendanceMachineByProId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询工程下的考勤机", businessType = BusinessType.SELECT) public R getAttendanceMachineByProId(SelectBean o){ return service.getAttendanceMachineByProId(o); } @GetMapping("getSubByProId") - @CrossOrigin + //@CrossOrigin @Log(title = "查询分包商根据工程id", businessType = BusinessType.SELECT) public R getSubByProId(SelectBean o){ return service.getSubByProId(o); } @GetMapping("getCompanyAndSubCompany") - @CrossOrigin + //@CrossOrigin @Log(title = "查询公司和子公司", businessType = BusinessType.SELECT) public R getCompanyAndSubCompany(SelectBean o){ SelfPermissionSettingUtils.getSelfPermissionByOrgId(o); @@ -166,7 +166,7 @@ public class SelectController { } @GetMapping("getSubCompany") - @CrossOrigin + //@CrossOrigin @Log(title = "查询分公司", businessType = BusinessType.SELECT) public R getSubCompany(SelectBean o){ String subComId = SecurityUtils.getLoginUser().getSysUser().getSubComId(); @@ -175,21 +175,21 @@ public class SelectController { } @GetMapping("getSubCompanyNoAuth") - @CrossOrigin + //@CrossOrigin @Log(title = "查询分公司-无权限限制", businessType = BusinessType.SELECT) public R getSubCompanyNoAuth(SelectBean o){ return service.getSubCompanyNoAuth(o); } @GetMapping("getPrincipal") - @CrossOrigin + //@CrossOrigin @Log(title = "查询现场负责人", businessType = BusinessType.SELECT) public R getPrincipal(SelectBean o){ return service.getPrincipal(o); } @GetMapping("getProListByOrg") - @CrossOrigin + //@CrossOrigin @Log(title = "用户所在组织及其组织下级所绑定的所有工程", businessType = BusinessType.SELECT) public R getProListByOrg(SelectBean o){ o.setOrgId(SecurityUtils.getLoginUser().getSysUser().getOrgId()); @@ -197,14 +197,14 @@ public class SelectController { } @GetMapping("getRiskLevelLists") - @CrossOrigin + //@CrossOrigin @Log(title = "获取风险等级", businessType = BusinessType.SELECT) public R getRiskLevelLists(){ return service.getRiskLevelLists(); } @GetMapping("getOrg") - @CrossOrigin + //@CrossOrigin @Log(title = "获取组织", businessType = BusinessType.SELECT) public R getOrg(SelectBean o){ SelfPermissionSettingUtils.getSelfPermissionByOrgId(o); @@ -212,7 +212,7 @@ public class SelectController { } @GetMapping("getPlanAuditor") - @CrossOrigin + //@CrossOrigin @Log(title = "获取分公司计划审核人", businessType = BusinessType.SELECT) public R getPlanAuditor(SelectBean o){ String ownOrgId = SecurityUtils.getLoginUser().getSysUser().getOrgId(); @@ -228,56 +228,56 @@ public class SelectController { * type = produceCompanyAuditor 生产审核人 */ @GetMapping("getCompanyPlanAuditor") - @CrossOrigin + //@CrossOrigin @Log(title = "获取总公司计划审核人", businessType = BusinessType.SELECT) public R getCompanyPlanAuditor(SelectBean o){ return service.getCompanyPlanAuditor(o); } @GetMapping("getControlLevelLists") - @CrossOrigin + //@CrossOrigin @Log(title = "获取管控级别", businessType = BusinessType.SELECT) public R getControlLevelLists(){ return service.getControlLevelLists(); } @GetMapping("getControlMethodLists") - @CrossOrigin + //@CrossOrigin @Log(title = "获取管控方式", businessType = BusinessType.SELECT) public R getControlMethodLists(){ return service.getControlMethodLists(); } @GetMapping("getJobTypeLists") - @CrossOrigin + //@CrossOrigin @Log(title = "获取作业类型", businessType = BusinessType.SELECT) public R getJobTypeLists(){ return service.getJobTypeLists(); } @GetMapping("getCertificate") - @CrossOrigin + //@CrossOrigin @Log(title = "获取证件", businessType = BusinessType.SELECT) public R getCertificate(){ return service.getCertificate(); } @GetMapping("getCertificateSub") - @CrossOrigin + //@CrossOrigin @Log(title = "获取证件", businessType = BusinessType.SELECT) public R getCertificateSub(){ return service.getCertificateSub(); } @GetMapping("getSubContract") - @CrossOrigin + //@CrossOrigin @Log(title = "查询分包商合同", businessType = BusinessType.SELECT) public R getSubContract(SelectBean o){ return service.getSubContract(o); } @GetMapping("getProBySubContract") - @CrossOrigin + //@CrossOrigin @Log(title = "根据分包商合同查工程", businessType = BusinessType.SELECT) public R getProBySubContract(SelectBean o){ return service.getProBySubContract(o); @@ -285,14 +285,14 @@ public class SelectController { @GetMapping("getQuestionBank") - @CrossOrigin + //@CrossOrigin @Log(title = "获取题库", businessType = BusinessType.SELECT) public R getQuestionBank(SelectBean o){ return service.getQuestionBank(o); } @GetMapping("getTDict") - @CrossOrigin + //@CrossOrigin @Log(title = "获取字典", businessType = BusinessType.SELECT) public R getTDict(SelectBean o){ return service.getTDict(o); diff --git a/modules/system/src/main/java/com/bonus/system/exam/controller/ExamController.java b/modules/system/src/main/java/com/bonus/system/exam/controller/ExamController.java index 7e7cfbd..d9d8dd3 100644 --- a/modules/system/src/main/java/com/bonus/system/exam/controller/ExamController.java +++ b/modules/system/src/main/java/com/bonus/system/exam/controller/ExamController.java @@ -18,7 +18,7 @@ import javax.annotation.Resource; @RestController @RequestMapping("/exam") @Slf4j -@CrossOrigin +//@CrossOrigin public class ExamController { @Resource(name = "examPagerService") diff --git a/modules/system/src/main/java/com/bonus/system/exam/controller/MergeTrainingExamController.java b/modules/system/src/main/java/com/bonus/system/exam/controller/MergeTrainingExamController.java index 4e30a62..a151ba8 100644 --- a/modules/system/src/main/java/com/bonus/system/exam/controller/MergeTrainingExamController.java +++ b/modules/system/src/main/java/com/bonus/system/exam/controller/MergeTrainingExamController.java @@ -18,7 +18,7 @@ import javax.annotation.Resource; @RestController @RequestMapping("/mergeTrainExam") @Slf4j -@CrossOrigin +//@CrossOrigin public class MergeTrainingExamController { @Resource(name = "mergeTrainingExamService") diff --git a/modules/system/src/main/java/com/bonus/system/exam/controller/TrainController.java b/modules/system/src/main/java/com/bonus/system/exam/controller/TrainController.java index fd6322d..cf32ea6 100644 --- a/modules/system/src/main/java/com/bonus/system/exam/controller/TrainController.java +++ b/modules/system/src/main/java/com/bonus/system/exam/controller/TrainController.java @@ -17,7 +17,7 @@ import javax.annotation.Resource; @RestController @RequestMapping("/train") @Slf4j -@CrossOrigin +//@CrossOrigin public class TrainController { @Resource(name = "trainService") diff --git a/modules/system/src/main/java/com/bonus/system/logs/controller/SysOperlogController.java b/modules/system/src/main/java/com/bonus/system/logs/controller/SysOperlogController.java index 51118d6..c7890dd 100644 --- a/modules/system/src/main/java/com/bonus/system/logs/controller/SysOperlogController.java +++ b/modules/system/src/main/java/com/bonus/system/logs/controller/SysOperlogController.java @@ -41,7 +41,7 @@ public class SysOperlogController extends BaseController } - @CrossOrigin + //@CrossOrigin @PostMapping("/getAllList") @Log(title = "系统管理-操作日志", businessType = BusinessType.SELECT) @RequiresPermissions("sys:operlog:query")