From 208ab02a1fea4eedf36f73e25714a7bf8eb9e478 Mon Sep 17 00:00:00 2001 From: "liang.chao" <1360241448@qq.com> Date: Wed, 22 Oct 2025 11:09:21 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BB=A3=E7=A0=81=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../archive/FileManagementController.java | 14 +++++++++---- .../archive/FilesClassifyMarkController.java | 7 +------ .../system/SysProfileController.java | 7 +++++-- .../web/controller/tool/TreeBuilder.java | 2 +- .../web/service/FilesClassifyMarkService.java | 3 ++- .../impl/FilesClassifyMarkServiceImpl.java | 13 ++++++++++-- .../impl/TransferApplyServiceImpl.java | 6 ++++-- .../java/com/bonus/web/util/webFileUtils.java | 6 ++++-- .../resources/mapper/TransferApplyMapper.xml | 2 +- .../mapper/TransferProblemMapper.xml | 2 +- .../bonus/common/core/domain/BaseEntity.java | 20 ++++++++++++++++++- .../com/bonus/common/utils/bean/FileDto.java | 3 +++ .../interceptor/ReplayAttackInterceptor.java | 11 +++++++--- .../interceptor/XssRequestWrapper.java | 3 ++- .../mapper/system/SysLogininforMapper.xml | 7 ++----- .../mapper/system/SysOperLogMapper.xml | 7 ++----- 16 files changed, 76 insertions(+), 37 deletions(-) diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/archive/FileManagementController.java b/bonus-admin/src/main/java/com/bonus/web/controller/archive/FileManagementController.java index 8f3b42d..95f43e6 100644 --- a/bonus-admin/src/main/java/com/bonus/web/controller/archive/FileManagementController.java +++ b/bonus-admin/src/main/java/com/bonus/web/controller/archive/FileManagementController.java @@ -167,12 +167,15 @@ public class FileManagementController extends BaseController { List list = fileManageMapper.getFilesClassifyNameStandard(); for (FilesClassifyNameStandardDto s : list) { if (s.getStandardType().equals("1") && !file.getOriginalFilename().contains(s.getStandardName())) { - return R.fail("文件命名需包含" + s.getStandardName()); + return R.fail("文件命名需包含:" + s.getStandardName()); } else if (s.getStandardType().equals("0") && file.getOriginalFilename().contains(s.getStandardName())) { - return R.fail("文件命名不能包含" + s.getStandardName()); + return R.fail("文件命名不能包含:" + s.getStandardName()); } } FileDto upload = webFileUtils.upload(file); + if (upload.getErrMessage() != null) { + return R.fail(upload.getErrMessage()); + } dto.setFilePath(upload.getFilePath()); dto.setFileSize(upload.getFileSize()); dto.setFileName(upload.getFileName()); @@ -233,12 +236,15 @@ public class FileManagementController extends BaseController { List list = fileManageMapper.getFilesClassifyNameStandard(); for (FilesClassifyNameStandardDto s : list) { if (s.getStandardType().equals("1") && !file.getOriginalFilename().contains(s.getStandardName())) { - return R.fail("文件命名需包含" + s.getStandardName()); + return R.fail("文件命名需包含:" + s.getStandardName()); } else if (s.getStandardType().equals("0") && file.getOriginalFilename().contains(s.getStandardName())) { - return R.fail("文件命名不能包含" + s.getStandardName()); + return R.fail("文件命名不能包含:" + s.getStandardName()); } } FileDto upload = webFileUtils.upload(file); + if (upload.getErrMessage() != null) { + return R.fail(upload.getErrMessage()); + } dto.setFilePath(upload.getFilePath()); dto.setFileSize(upload.getFileSize()); dto.setFileName(upload.getFileName()); diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/archive/FilesClassifyMarkController.java b/bonus-admin/src/main/java/com/bonus/web/controller/archive/FilesClassifyMarkController.java index cd132e5..09a9a8d 100644 --- a/bonus-admin/src/main/java/com/bonus/web/controller/archive/FilesClassifyMarkController.java +++ b/bonus-admin/src/main/java/com/bonus/web/controller/archive/FilesClassifyMarkController.java @@ -51,12 +51,7 @@ public class FilesClassifyMarkController extends BaseController { @RequiresPermissions("files:classify:add") public R addArchivalCatalogueTree(@RequestBody @Validated FilesClassifyMarkDto dto) { try { - Integer i = service.add(dto); - if (i > 0) { - return R.ok(); - } else { - return R.fail("新增失败"); - } + return service.add(dto); } catch (Exception e) { log.error(e.toString(), e); return R.fail("请求出错了"); diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysProfileController.java b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysProfileController.java index f124984..cdc7814 100644 --- a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysProfileController.java +++ b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysProfileController.java @@ -1,6 +1,8 @@ package com.bonus.web.controller.system; import java.util.Map; + +import com.bonus.common.utils.encryption.Sm4Utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; @@ -28,7 +30,7 @@ import com.bonus.system.service.ISysUserService; /** * 个人信息 业务处理 - * + * * @author bonus */ @RestController @@ -49,6 +51,7 @@ public class SysProfileController extends BaseController { LoginUser loginUser = getLoginUser(); SysUser user = loginUser.getUser(); + user.setPhonenumber(Sm4Utils.decrypt(user.getPhonenumber())); AjaxResult ajax = AjaxResult.success(user); ajax.put("roleGroup", userService.selectUserRoleGroup(loginUser.getUsername())); ajax.put("postGroup", userService.selectUserPostGroup(loginUser.getUsername())); @@ -89,7 +92,7 @@ public class SysProfileController extends BaseController * 重置密码 */ @Log(title = "个人信息", businessType = BusinessType.UPDATE) - @PutMapping("/updatePwd") + @PostMapping("/updatePwd") public AjaxResult updatePwd(@RequestBody Map params) { String oldPassword = params.get("oldPassword"); diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/tool/TreeBuilder.java b/bonus-admin/src/main/java/com/bonus/web/controller/tool/TreeBuilder.java index 58a1382..69fee20 100644 --- a/bonus-admin/src/main/java/com/bonus/web/controller/tool/TreeBuilder.java +++ b/bonus-admin/src/main/java/com/bonus/web/controller/tool/TreeBuilder.java @@ -68,7 +68,7 @@ public class TreeBuilder { for (DaKyProFilesContentsDto item : validList) { String parentId = item.getParentId(); // 如果 parent_id 为 null,则为根节点 - if (parentId == null || parentId.equals("") || parentId.equals("0")) { + if (parentId == null || parentId.equals("") || parentId.equals("1")) { roots.add(item); } else { DaKyProFilesContentsDto parent = map.get(parentId); diff --git a/bonus-admin/src/main/java/com/bonus/web/service/FilesClassifyMarkService.java b/bonus-admin/src/main/java/com/bonus/web/service/FilesClassifyMarkService.java index db8487c..a6343e7 100644 --- a/bonus-admin/src/main/java/com/bonus/web/service/FilesClassifyMarkService.java +++ b/bonus-admin/src/main/java/com/bonus/web/service/FilesClassifyMarkService.java @@ -1,5 +1,6 @@ package com.bonus.web.service; +import com.bonus.common.core.domain.R; import com.bonus.web.domain.ArchivalCatalogueDto; import com.bonus.web.domain.FilesClassifyMarkDto; @@ -12,7 +13,7 @@ import java.util.List; public interface FilesClassifyMarkService { List list(FilesClassifyMarkDto dto); - Integer add(FilesClassifyMarkDto dto); + R add(FilesClassifyMarkDto dto); Integer edit(FilesClassifyMarkDto dto); diff --git a/bonus-admin/src/main/java/com/bonus/web/service/impl/FilesClassifyMarkServiceImpl.java b/bonus-admin/src/main/java/com/bonus/web/service/impl/FilesClassifyMarkServiceImpl.java index a06e830..d1cdcd4 100644 --- a/bonus-admin/src/main/java/com/bonus/web/service/impl/FilesClassifyMarkServiceImpl.java +++ b/bonus-admin/src/main/java/com/bonus/web/service/impl/FilesClassifyMarkServiceImpl.java @@ -1,5 +1,6 @@ package com.bonus.web.service.impl; +import com.bonus.common.core.domain.R; import com.bonus.web.domain.FilesClassifyMarkDto; import com.bonus.web.mapper.FilesClassifyMarkMapper; import com.bonus.web.service.FilesClassifyMarkService; @@ -26,12 +27,20 @@ public class FilesClassifyMarkServiceImpl implements FilesClassifyMarkService { } @Override - public Integer add(FilesClassifyMarkDto dto) { + public R add(FilesClassifyMarkDto dto) { + List list = filesClassifyMarkMapper.list(dto); + if (list.size() > 0){ + return R.fail("该分类标记已存在"); + } dto.setCreateUserId(getLoginUser().getUserId().toString()); dto.setCreateUserName(getLoginUser().getUsername()); dto.setUpdateUserId(getLoginUser().getUserId().toString()); dto.setUpdateUserName(getLoginUser().getUsername()); - return filesClassifyMarkMapper.add(dto); + Integer add = filesClassifyMarkMapper.add(dto); + if (add <= 0){ + return R.fail("添加失败"); + } + return R.ok(); } @Override diff --git a/bonus-admin/src/main/java/com/bonus/web/service/impl/TransferApplyServiceImpl.java b/bonus-admin/src/main/java/com/bonus/web/service/impl/TransferApplyServiceImpl.java index 6ddb1d4..2a39f10 100644 --- a/bonus-admin/src/main/java/com/bonus/web/service/impl/TransferApplyServiceImpl.java +++ b/bonus-admin/src/main/java/com/bonus/web/service/impl/TransferApplyServiceImpl.java @@ -68,8 +68,10 @@ public class TransferApplyServiceImpl implements TransferApplyService { @Override public TransferApplyDto getTransferApply(TransferApplyDto dto) { TransferApplyDto transferApply = transferApplyMapper.getTransferApply(dto); - transferApply.setTransferFileDtos(transferApplyMapper.getTransferFile(dto)); - return transferApply; + if (transferApply != null) { + transferApply.setTransferFileDtos(transferApplyMapper.getTransferFile(dto)); + return transferApply; + } else return new TransferApplyDto(); } @Override diff --git a/bonus-admin/src/main/java/com/bonus/web/util/webFileUtils.java b/bonus-admin/src/main/java/com/bonus/web/util/webFileUtils.java index 5b69849..bbc8e22 100644 --- a/bonus-admin/src/main/java/com/bonus/web/util/webFileUtils.java +++ b/bonus-admin/src/main/java/com/bonus/web/util/webFileUtils.java @@ -68,7 +68,8 @@ public class webFileUtils { for (String pattern : BLOCKED_PATTERNS) { if (lowerInput.contains(pattern)) { - throw new RuntimeException("文件名包含非法字符:" + pattern); + bean.setErrMessage("文件名包含非法字符:" + pattern); + return bean; } } // 校验文件大小 @@ -76,7 +77,8 @@ public class webFileUtils { // 转换为 MB(保留 2 位小数) double sizeInMB = file.getSize() / (1024.0 * 1024.0); if (sizeInMB > Double.parseDouble(fileSizeLimit.getDictValue())) { - throw new RuntimeException("文件大小超出限制"); + bean.setErrMessage("文件大小超出限制"); + return bean; } String fileExtension = originalFileName != null ? originalFileName.split("\\.")[1] : ""; if (isImage(fileExtension)) { diff --git a/bonus-admin/src/main/resources/mapper/TransferApplyMapper.xml b/bonus-admin/src/main/resources/mapper/TransferApplyMapper.xml index ced2545..319870a 100644 --- a/bonus-admin/src/main/resources/mapper/TransferApplyMapper.xml +++ b/bonus-admin/src/main/resources/mapper/TransferApplyMapper.xml @@ -277,7 +277,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" UPDATE da_ky_transfer_file SET file_name = #{fileName} - WHERE id = #{id} + WHERE file_source_id = #{id} UPDATE da_ky_transfer_file diff --git a/bonus-admin/src/main/resources/mapper/TransferProblemMapper.xml b/bonus-admin/src/main/resources/mapper/TransferProblemMapper.xml index 84d33da..96cfdeb 100644 --- a/bonus-admin/src/main/resources/mapper/TransferProblemMapper.xml +++ b/bonus-admin/src/main/resources/mapper/TransferProblemMapper.xml @@ -57,7 +57,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" dkti.pro_id AS proId, dkti.pro_name AS proName, dkti.single_pro_name AS singleProName, - dkti.transfer_time AS transferTime, + DATE_FORMAT(dkti.transfer_time, '%Y-%m-%d') AS transferTime, dkti.dept_id AS deptId, ( SELECT CASE WHEN diff --git a/bonus-common/src/main/java/com/bonus/common/core/domain/BaseEntity.java b/bonus-common/src/main/java/com/bonus/common/core/domain/BaseEntity.java index b1e8437..6b8b29e 100644 --- a/bonus-common/src/main/java/com/bonus/common/core/domain/BaseEntity.java +++ b/bonus-common/src/main/java/com/bonus/common/core/domain/BaseEntity.java @@ -13,7 +13,7 @@ import lombok.extern.slf4j.Slf4j; /** * Entity基类 - * + * * @author bonus */ @Slf4j @@ -41,6 +41,24 @@ public class BaseEntity implements Serializable /** 备注 */ private String remark; + private String beginTime; + private String endTime; + + public String getBeginTime() { + return beginTime; + } + + public void setBeginTime(String beginTime) { + this.beginTime = beginTime; + } + + public String getEndTime() { + return endTime; + } + + public void setEndTime(String endTime) { + this.endTime = endTime; + } /** 请求参数 */ @JsonInclude(JsonInclude.Include.NON_EMPTY) diff --git a/bonus-common/src/main/java/com/bonus/common/utils/bean/FileDto.java b/bonus-common/src/main/java/com/bonus/common/utils/bean/FileDto.java index 73a4e13..3f2ee32 100644 --- a/bonus-common/src/main/java/com/bonus/common/utils/bean/FileDto.java +++ b/bonus-common/src/main/java/com/bonus/common/utils/bean/FileDto.java @@ -22,4 +22,7 @@ public class FileDto { private String fileType; // 文件后缀名 private String suffixName; + + //错误信息 + private String errMessage; } diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ReplayAttackInterceptor.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ReplayAttackInterceptor.java index c81f636..b42f44d 100644 --- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ReplayAttackInterceptor.java +++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ReplayAttackInterceptor.java @@ -169,8 +169,9 @@ public class ReplayAttackInterceptor implements HandlerInterceptor { return true; } catch (Exception e) { - sendErrorResponse(response, "Server error: " + e.getMessage(), HttpServletResponse.SC_INTERNAL_SERVER_ERROR); - return false; +// sendErrorResponse(response, "Server error: " + e.getMessage(), HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + throw new Exception(e.getMessage()); +// return false; } } @@ -234,7 +235,11 @@ public class ReplayAttackInterceptor implements HandlerInterceptor { // 使用HMAC-SHA256计算签名 String calculatedSignature = calculateHMAC(signString, encryptSecret); - return calculatedSignature.equals(receivedSignature); + if (calculatedSignature.equals(receivedSignature)) { + return true; + } else { + throw new RuntimeException("签名验证失败," + requestUrl + "存在非法字符"); + } } /** diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java index 638e39b..55ba593 100644 --- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java +++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java @@ -523,6 +523,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper { log.warn("检测到安全威胁 - 参数: {}, 攻击类型: {}, 原始值: {}", paramName, attackType, originalValue.length() > 100 ? originalValue.substring(0, 100) + "..." : originalValue); + throw new RuntimeException("检测到不安全参数:" + originalValue + ",接口调用失败"); } } @@ -595,4 +596,4 @@ public class XssRequestWrapper extends HttpServletRequestWrapper { private String requestUrl; // 请求URL private String clientIp; // 客户端IP } -} \ No newline at end of file +} diff --git a/bonus-system/src/main/resources/mapper/system/SysLogininforMapper.xml b/bonus-system/src/main/resources/mapper/system/SysLogininforMapper.xml index fdf0642..68e59b7 100644 --- a/bonus-system/src/main/resources/mapper/system/SysLogininforMapper.xml +++ b/bonus-system/src/main/resources/mapper/system/SysLogininforMapper.xml @@ -33,11 +33,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" AND INSTR(user_name, #{userName}) > 0 - - AND login_time >= #{params.beginTime} - - - AND login_time <= #{params.endTime} + + AND login_time BETWEEN CONCAT(#{beginTime}, ' 00:00:00') AND CONCAT(#{endTime}, ' 23:59:59') order by info_id desc diff --git a/bonus-system/src/main/resources/mapper/system/SysOperLogMapper.xml b/bonus-system/src/main/resources/mapper/system/SysOperLogMapper.xml index 81c1724..4019575 100644 --- a/bonus-system/src/main/resources/mapper/system/SysOperLogMapper.xml +++ b/bonus-system/src/main/resources/mapper/system/SysOperLogMapper.xml @@ -76,11 +76,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" AND INSTR(oper_name, #{operName}) > 0 - - AND oper_time >= #{params.beginTime} - - - AND oper_time <= #{params.endTime} + + AND oper_time BETWEEN CONCAT(#{beginTime}, ' 00:00:00') AND CONCAT(#{endTime}, ' 23:59:59') order by oper_id desc