南网漏洞修复

sgzb-auth/src/main/java/com/bonus/sgzb/auth/controller/TokenController.java

@@ -124,9 +124,10 @@ public class TokenController {
      * @return
      */
     @PostMapping("loginApp")
-    public R<?> loginApp(@RequestBody LoginBody form) {
+    public R<?> loginApp(@RequestBody LoginBody form) throws Exception {
+        String decryptedData = RsaUtil.decryptByPrivateKey(form.getPassword(), privateKey);
         // 用户登录
-        LoginUser userInfo = sysLoginService.login(form.getUsername(), form.getPassword());
+        LoginUser userInfo = sysLoginService.login(form.getUsername(), decryptedData);
         if (userInfo != null) {
             userInfo.setLoginMethod("mobile");
             return R.ok(tokenService.createToken(userInfo));

sgzb-modules/sgzb-system/src/main/java/com/bonus/sgzb/system/controller/SysFileController.java

@@ -42,34 +42,34 @@ public class SysFileController {
     private ResourceLoader resourceLoader;
 
 
-//    @PostMapping("/upload")
-//    @ApiOperation(value = "文件上传")
-//    public AjaxResult upload(HttpServletRequest request) {
-//        String limitWords = request.getParameter("limitWords");
-//        FileInfo file = new FileInfo();
-//        try {
-//            file = service.uploadFile(request);
-//           // String suffix = file.getFileName().substring(file.getFileName().lastIndexOf(".") + 1);
-//
-//          /*  if (! ATTACHMENT_FILE_SUFFIX.contains(suffix) || ! COST_FILE_SUFFIX.contains(suffix)) {
-//                return AjaxResult.error(ErrorCode.COMMISSION_BILL_ATTACHMENT_NOT_SUPPORT.getCode(),
-//                        ErrorCode.COMMISSION_BILL_ATTACHMENT_NOT_SUPPORT.getMessage());
-//            }*/
-//            if (limitWords != null && file.getWords() > Integer.parseInt(limitWords)){
-//                return AjaxResult.error(ErrorCode.ATTACHMENT_UPLOAD_FAILED.getCode(),
-//                        ErrorCode.ATTACHMENT_UPLOAD_FAILED.getMessage());
-//            }
-//        }catch (Exception e){
-//            log.error(e.getMessage());
-//        }
-//        if (file != null && file.getId() != 0){
-//            return AjaxResult.success(file);
-//        }else {
-//            return AjaxResult.error(ErrorCode.FAILURE_TO_UPLOAD_FILE.getCode(),
-//                    ErrorCode.FAILURE_TO_UPLOAD_FILE.getMessage());
-//        }
-//
-//    }
+    @PostMapping("/upload")
+    @ApiOperation(value = "文件上传")
+    public AjaxResult upload(HttpServletRequest request) {
+        String limitWords = request.getParameter("limitWords");
+        FileInfo file = new FileInfo();
+        try {
+            file = service.uploadFile(request);
+           // String suffix = file.getFileName().substring(file.getFileName().lastIndexOf(".") + 1);
+
+          /*  if (! ATTACHMENT_FILE_SUFFIX.contains(suffix) || ! COST_FILE_SUFFIX.contains(suffix)) {
+                return AjaxResult.error(ErrorCode.COMMISSION_BILL_ATTACHMENT_NOT_SUPPORT.getCode(),
+                        ErrorCode.COMMISSION_BILL_ATTACHMENT_NOT_SUPPORT.getMessage());
+            }*/
+            if (limitWords != null && file.getWords() > Integer.parseInt(limitWords)){
+                return AjaxResult.error(ErrorCode.ATTACHMENT_UPLOAD_FAILED.getCode(),
+                        ErrorCode.ATTACHMENT_UPLOAD_FAILED.getMessage());
+            }
+        }catch (Exception e){
+            log.error(e.getMessage());
+        }
+        if (file != null && file.getId() != 0){
+            return AjaxResult.success(file);
+        }else {
+            return AjaxResult.error(ErrorCode.FAILURE_TO_UPLOAD_FILE.getCode(),
+                    ErrorCode.FAILURE_TO_UPLOAD_FILE.getMessage());
+        }
+
+    }
 
     @ApiOperation(value = "模板", httpMethod = "GET")
     @GetMapping("download")