代码提交

bonus-admin/src/main/java/com/bonus/web/controller/archive/FileManagementController.java

@@ -167,12 +167,15 @@ public class FileManagementController extends BaseController {
                 List<FilesClassifyNameStandardDto> list = fileManageMapper.getFilesClassifyNameStandard();
                 for (FilesClassifyNameStandardDto s : list) {
                     if (s.getStandardType().equals("1") && !file.getOriginalFilename().contains(s.getStandardName())) {
-                        return R.fail("文件命名需包含" + s.getStandardName());
+                        return R.fail("文件命名需包含：" + s.getStandardName());
                     } else if (s.getStandardType().equals("0") && file.getOriginalFilename().contains(s.getStandardName())) {
-                        return R.fail("文件命名不能包含" + s.getStandardName());
+                        return R.fail("文件命名不能包含：" + s.getStandardName());
                     }
                 }
                 FileDto upload = webFileUtils.upload(file);
+                if (upload.getErrMessage() != null) {
+                    return R.fail(upload.getErrMessage());
+                }
                 dto.setFilePath(upload.getFilePath());
                 dto.setFileSize(upload.getFileSize());
                 dto.setFileName(upload.getFileName());
@@ -233,12 +236,15 @@ public class FileManagementController extends BaseController {
                 List<FilesClassifyNameStandardDto> list = fileManageMapper.getFilesClassifyNameStandard();
                 for (FilesClassifyNameStandardDto s : list) {
                     if (s.getStandardType().equals("1") && !file.getOriginalFilename().contains(s.getStandardName())) {
-                        return R.fail("文件命名需包含" + s.getStandardName());
+                        return R.fail("文件命名需包含：" + s.getStandardName());
                     } else if (s.getStandardType().equals("0") && file.getOriginalFilename().contains(s.getStandardName())) {
-                        return R.fail("文件命名不能包含" + s.getStandardName());
+                        return R.fail("文件命名不能包含：" + s.getStandardName());
                     }
                 }
                 FileDto upload = webFileUtils.upload(file);
+                if (upload.getErrMessage() != null) {
+                    return R.fail(upload.getErrMessage());
+                }
                 dto.setFilePath(upload.getFilePath());
                 dto.setFileSize(upload.getFileSize());
                 dto.setFileName(upload.getFileName());

bonus-admin/src/main/java/com/bonus/web/controller/archive/FilesClassifyMarkController.java

@@ -51,12 +51,7 @@ public class FilesClassifyMarkController extends BaseController {
     @RequiresPermissions("files:classify:add")
     public R addArchivalCatalogueTree(@RequestBody @Validated FilesClassifyMarkDto dto) {
         try {
-            Integer i = service.add(dto);
+            return service.add(dto);
-            if (i > 0) {
-                return R.ok();
-            } else {
-                return R.fail("新增失败");
-            }
         } catch (Exception e) {
             log.error(e.toString(), e);
             return R.fail("请求出错了");

bonus-admin/src/main/java/com/bonus/web/controller/system/SysProfileController.java

@@ -1,6 +1,8 @@
 package com.bonus.web.controller.system;
 
 import java.util.Map;
+
+import com.bonus.common.utils.encryption.Sm4Utils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -49,6 +51,7 @@ public class SysProfileController extends BaseController
     {
         LoginUser loginUser = getLoginUser();
         SysUser user = loginUser.getUser();
+        user.setPhonenumber(Sm4Utils.decrypt(user.getPhonenumber()));
         AjaxResult ajax = AjaxResult.success(user);
         ajax.put("roleGroup", userService.selectUserRoleGroup(loginUser.getUsername()));
         ajax.put("postGroup", userService.selectUserPostGroup(loginUser.getUsername()));
@@ -89,7 +92,7 @@ public class SysProfileController extends BaseController
      * 重置密码
      */
     @Log(title = "个人信息", businessType = BusinessType.UPDATE)
-    @PutMapping("/updatePwd")
+    @PostMapping("/updatePwd")
     public AjaxResult updatePwd(@RequestBody Map<String, String> params)
     {
         String oldPassword = params.get("oldPassword");

bonus-admin/src/main/java/com/bonus/web/controller/tool/TreeBuilder.java

@@ -68,7 +68,7 @@ public class TreeBuilder {
         for (DaKyProFilesContentsDto item : validList) {
             String parentId = item.getParentId();
             // 如果 parent_id 为 null，则为根节点
-            if (parentId == null || parentId.equals("") || parentId.equals("0")) {
+            if (parentId == null || parentId.equals("") || parentId.equals("1")) {
                 roots.add(item);
             } else {
                 DaKyProFilesContentsDto parent = map.get(parentId);

bonus-admin/src/main/java/com/bonus/web/service/FilesClassifyMarkService.java

@@ -1,5 +1,6 @@
 package com.bonus.web.service;
 
+import com.bonus.common.core.domain.R;
 import com.bonus.web.domain.ArchivalCatalogueDto;
 import com.bonus.web.domain.FilesClassifyMarkDto;
 
@@ -12,7 +13,7 @@ import java.util.List;
 public interface FilesClassifyMarkService {
     List<FilesClassifyMarkDto> list(FilesClassifyMarkDto dto);
 
-    Integer add(FilesClassifyMarkDto dto);
+    R add(FilesClassifyMarkDto dto);
 
     Integer edit(FilesClassifyMarkDto dto);
 

bonus-admin/src/main/java/com/bonus/web/service/impl/FilesClassifyMarkServiceImpl.java

@@ -1,5 +1,6 @@
 package com.bonus.web.service.impl;
 
+import com.bonus.common.core.domain.R;
 import com.bonus.web.domain.FilesClassifyMarkDto;
 import com.bonus.web.mapper.FilesClassifyMarkMapper;
 import com.bonus.web.service.FilesClassifyMarkService;
@@ -26,12 +27,20 @@ public class FilesClassifyMarkServiceImpl implements FilesClassifyMarkService {
     }
 
     @Override
-    public Integer add(FilesClassifyMarkDto dto) {
+    public R add(FilesClassifyMarkDto dto) {
+        List<FilesClassifyMarkDto> list = filesClassifyMarkMapper.list(dto);
+        if (list.size() > 0){
+            return R.fail("该分类标记已存在");
+        }
         dto.setCreateUserId(getLoginUser().getUserId().toString());
         dto.setCreateUserName(getLoginUser().getUsername());
         dto.setUpdateUserId(getLoginUser().getUserId().toString());
         dto.setUpdateUserName(getLoginUser().getUsername());
-        return filesClassifyMarkMapper.add(dto);
+        Integer add = filesClassifyMarkMapper.add(dto);
+        if (add <= 0){
+            return R.fail("添加失败");
+        }
+        return R.ok();
     }
 
     @Override

bonus-admin/src/main/java/com/bonus/web/service/impl/TransferApplyServiceImpl.java

@@ -68,8 +68,10 @@ public class TransferApplyServiceImpl implements TransferApplyService {
     @Override
     public TransferApplyDto getTransferApply(TransferApplyDto dto) {
         TransferApplyDto transferApply = transferApplyMapper.getTransferApply(dto);
-        transferApply.setTransferFileDtos(transferApplyMapper.getTransferFile(dto));
+        if (transferApply != null) {
-        return transferApply;
+            transferApply.setTransferFileDtos(transferApplyMapper.getTransferFile(dto));
+            return transferApply;
+        } else return new TransferApplyDto();
     }
 
     @Override

bonus-admin/src/main/java/com/bonus/web/util/webFileUtils.java

@@ -68,7 +68,8 @@ public class webFileUtils {
 
             for (String pattern : BLOCKED_PATTERNS) {
                 if (lowerInput.contains(pattern)) {
-                    throw new RuntimeException("文件名包含非法字符：" + pattern);
+                    bean.setErrMessage("文件名包含非法字符：" + pattern);
+                    return bean;
                 }
             }
             // 校验文件大小
@@ -76,7 +77,8 @@ public class webFileUtils {
             // 转换为 MB（保留 2 位小数）
             double sizeInMB = file.getSize() / (1024.0 * 1024.0);
             if (sizeInMB > Double.parseDouble(fileSizeLimit.getDictValue())) {
-                throw new RuntimeException("文件大小超出限制");
+                bean.setErrMessage("文件大小超出限制");
+                return bean;
             }
             String fileExtension = originalFileName != null ? originalFileName.split("\\.")[1] : "";
             if (isImage(fileExtension)) {

bonus-admin/src/main/resources/mapper/TransferApplyMapper.xml

@@ -277,7 +277,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 	<update id="updateTransferRecordFile">
 		UPDATE da_ky_transfer_file
 		SET file_name = #{fileName}
-		WHERE id = #{id}
+		WHERE file_source_id = #{id}
 	</update>
 	<update id="transferReceive">
 		UPDATE da_ky_transfer_file

bonus-admin/src/main/resources/mapper/TransferProblemMapper.xml

@@ -57,7 +57,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 		dkti.pro_id AS proId,
 		dkti.pro_name AS proName,
 		dkti.single_pro_name AS singleProName,
-		dkti.transfer_time AS transferTime,
+		DATE_FORMAT(dkti.transfer_time, '%Y-%m-%d') AS transferTime,
 		dkti.dept_id AS deptId,
 		( SELECT CASE
 		WHEN

bonus-common/src/main/java/com/bonus/common/core/domain/BaseEntity.java

@@ -41,6 +41,24 @@ public class BaseEntity implements Serializable
 
     /** 备注 */
     private String remark;
+    private String beginTime;
+    private String endTime;
+
+    public String getBeginTime() {
+        return beginTime;
+    }
+
+    public void setBeginTime(String beginTime) {
+        this.beginTime = beginTime;
+    }
+
+    public String getEndTime() {
+        return endTime;
+    }
+
+    public void setEndTime(String endTime) {
+        this.endTime = endTime;
+    }
 
     /** 请求参数 */
     @JsonInclude(JsonInclude.Include.NON_EMPTY)

bonus-common/src/main/java/com/bonus/common/utils/bean/FileDto.java

@@ -22,4 +22,7 @@ public class FileDto {
     private String fileType;
     // 文件后缀名
     private String suffixName;
+
+    //错误信息
+    private String errMessage;
 }

bonus-framework/src/main/java/com/bonus/framework/interceptor/ReplayAttackInterceptor.java

@@ -169,8 +169,9 @@ public class ReplayAttackInterceptor implements HandlerInterceptor {
             return true;
 
         } catch (Exception e) {
-            sendErrorResponse(response, "Server error: " + e.getMessage(), HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+//            sendErrorResponse(response, "Server error: " + e.getMessage(), HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
-            return false;
+            throw new Exception(e.getMessage());
+//            return false;
         }
     }
 
@@ -234,7 +235,11 @@ public class ReplayAttackInterceptor implements HandlerInterceptor {
         // 使用HMAC-SHA256计算签名
         String calculatedSignature = calculateHMAC(signString, encryptSecret);
 
-        return calculatedSignature.equals(receivedSignature);
+        if (calculatedSignature.equals(receivedSignature)) {
+            return true;
+        } else {
+            throw new RuntimeException("签名验证失败," + requestUrl + "存在非法字符");
+        }
     }
 
     /**

bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java

@@ -523,6 +523,7 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
             log.warn("检测到安全威胁 - 参数: {}, 攻击类型: {}, 原始值: {}",
                     paramName, attackType,
                     originalValue.length() > 100 ? originalValue.substring(0, 100) + "..." : originalValue);
+            throw new RuntimeException("检测到不安全参数：" + originalValue + ",接口调用失败");
         }
     }
 

bonus-system/src/main/resources/mapper/system/SysLogininforMapper.xml

@@ -33,11 +33,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 			<if test="userName != null and userName != ''">
 				AND INSTR(user_name, #{userName}) > 0
 			</if>
-			<if test="params.beginTime != null and params.beginTime != ''"><!-- 开始时间检索 -->
+			<if test="beginTime != null and beginTime != '' and endTime != null and endTime != ''">
-				AND login_time &gt;= #{params.beginTime}
+				AND login_time BETWEEN CONCAT(#{beginTime}, ' 00:00:00') AND CONCAT(#{endTime}, ' 23:59:59')
-			</if>
-			<if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
-				AND login_time &lt;= #{params.endTime}
 			</if>
 		</where>
 		order by info_id desc

bonus-system/src/main/resources/mapper/system/SysOperLogMapper.xml

@@ -76,11 +76,8 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
 			<if test="operName != null and operName != ''">
 				AND INSTR(oper_name, #{operName}) > 0
 			</if>
-			<if test="params.beginTime != null and params.beginTime != ''"><!-- 开始时间检索 -->
+			<if test="beginTime != null and beginTime != '' and endTime != null and endTime != ''">
-				AND oper_time &gt;= #{params.beginTime}
+				AND oper_time BETWEEN CONCAT(#{beginTime}, ' 00:00:00') AND CONCAT(#{endTime}, ' 23:59:59')
-			</if>
-			<if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
-				AND oper_time &lt;= #{params.endTime}
 			</if>
 		</where>
 		order by oper_id desc