From 95211bf2ce90cd63ce87c11c032a44a71eba993e Mon Sep 17 00:00:00 2001
From: cwchen <1048842385@qq.com>
Date: Thu, 11 Sep 2025 16:47:21 +0800
Subject: [PATCH] =?UTF-8?q?=E6=95=B0=E6=8D=AE=E9=9B=86=E6=88=90=E4=BF=AE?=
=?UTF-8?q?=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../common/SessionCheckController.java | 35 ++++++
.../controller/system/SysLoginController.java | 7 +-
.../tool/KyDataClassifyController.java | 1 +
bonus-common/pom.xml | 5 +
.../common/filter/RequestCoverFilter.java | 101 ++++++++++--------
.../framework/config/SecurityConfig.java | 3 +-
.../bonus/framework/config/SessionConfig.java | 30 ++++++
.../framework/filter/ReplayAttackFilter.java | 1 +
.../interceptor/ParamSecureHandler.java | 3 +
.../interceptor/XssRequestWrapper.java | 28 +++--
.../handle/LogoutSuccessHandlerImpl.java | 3 +
.../web/service/SysLoginService.java | 7 +-
.../mapper/system/DataCollectDataMapper.xml | 2 +-
.../mapper/system/SysIpWhitelistMapper.xml | 26 +++--
14 files changed, 176 insertions(+), 76 deletions(-)
create mode 100644 bonus-admin/src/main/java/com/bonus/web/controller/common/SessionCheckController.java
create mode 100644 bonus-framework/src/main/java/com/bonus/framework/config/SessionConfig.java
diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/common/SessionCheckController.java b/bonus-admin/src/main/java/com/bonus/web/controller/common/SessionCheckController.java
new file mode 100644
index 0000000..330a51d
--- /dev/null
+++ b/bonus-admin/src/main/java/com/bonus/web/controller/common/SessionCheckController.java
@@ -0,0 +1,35 @@
+package com.bonus.web.controller.common;
+
+import com.bonus.common.core.domain.AjaxResult;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * 会话检查控制器
+ */
+@RestController
+@RequestMapping("/api/session")
+public class SessionCheckController {
+
+// @Autowired
+// private SessionManagementService sessionManagementService;
+
+ /**
+ * 检查会话状态
+ */
+ /*@GetMapping("/check")
+ public AjaxResult checkSession(HttpServletRequest request) {
+ String sessionId = request.getSession().getId();
+
+ if (sessionManagementService.isSessionForcedLogout(sessionId)) {
+ String message = sessionManagementService.getForceLogoutMessage(sessionId);
+ return AjaxResult.error(403, message).put("forceLogout", true);
+ }
+
+ return AjaxResult.success().put("forceLogout", false);
+ }*/
+}
\ No newline at end of file
diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
index 2486597..a91d8a5 100644
--- a/bonus-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
+++ b/bonus-admin/src/main/java/com/bonus/web/controller/system/SysLoginController.java
@@ -24,6 +24,9 @@ import com.bonus.framework.web.service.TokenService;
import com.bonus.system.service.ISysConfigService;
import com.bonus.system.service.ISysMenuService;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
/**
* 登录验证
*
@@ -54,11 +57,11 @@ public class SysLoginController
* @return 结果
*/
@PostMapping("/login")
- public AjaxResult login(@RequestBody LoginBody loginBody)
+ public AjaxResult login(HttpServletRequest request, @RequestBody LoginBody loginBody)
{
AjaxResult ajax = AjaxResult.success();
// 生成令牌
- String token = loginService.login(loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),
+ String token = loginService.login(request,loginBody.getUsername(), loginBody.getPassword(), loginBody.getCode(),
loginBody.getUuid());
ajax.put(Constants.TOKEN, token);
return ajax;
diff --git a/bonus-admin/src/main/java/com/bonus/web/controller/tool/KyDataClassifyController.java b/bonus-admin/src/main/java/com/bonus/web/controller/tool/KyDataClassifyController.java
index 52c20e9..ef277a9 100644
--- a/bonus-admin/src/main/java/com/bonus/web/controller/tool/KyDataClassifyController.java
+++ b/bonus-admin/src/main/java/com/bonus/web/controller/tool/KyDataClassifyController.java
@@ -109,6 +109,7 @@ public class KyDataClassifyController extends BaseController {
* @return
*/
/*@PreAuthorize("@ss.hasPermi('data:classify:list')")*/
+ @RequiresPermissions("data:Collect:list")
@GetMapping("/listAll")
public TableDataInfo listAll(KyDataClassify kyDataClassify)
{
diff --git a/bonus-common/pom.xml b/bonus-common/pom.xml
index d0d1bc9..d378cb7 100644
--- a/bonus-common/pom.xml
+++ b/bonus-common/pom.xml
@@ -164,6 +164,11 @@
spring-session-data-redis
+
+ com.fasterxml.jackson.core
+ jackson-databind
+
+
\ No newline at end of file
diff --git a/bonus-common/src/main/java/com/bonus/common/filter/RequestCoverFilter.java b/bonus-common/src/main/java/com/bonus/common/filter/RequestCoverFilter.java
index ef51fb1..b669e50 100644
--- a/bonus-common/src/main/java/com/bonus/common/filter/RequestCoverFilter.java
+++ b/bonus-common/src/main/java/com/bonus/common/filter/RequestCoverFilter.java
@@ -218,8 +218,8 @@ public class RequestCoverFilter implements Filter {
throw new CaptchaException("请求参数不正确");
}
String calculatedHash = Sm3Util.encrypt(query);
- log.debug("计算出的哈希值: {}", calculatedHash);
- log.debug("提供的哈希值: {}", providedHmac);
+ log.info("计算出的哈希值: {}", calculatedHash);
+ log.info("提供的哈希值: {}", providedHmac);
if (!calculatedHash.equals(providedHmac)) {
log.error("参数完整性校验失败");
throw new CaptchaException("请求参数不正确");
@@ -279,6 +279,7 @@ public class RequestCoverFilter implements Filter {
public QueryStringRequestWrapper(HttpServletRequest request, String queryString) {
super(request);
this.queryString = queryString;
+// log.info("QueryStringRequestWrapper 接收到的参数: {}", queryString);
}
@Override
@@ -295,7 +296,7 @@ public class RequestCoverFilter implements Filter {
@Override
public Map getParameterMap() {
if (cachedParameterMap == null) {
- cachedParameterMap = parseNestedQueryString(queryString);
+ cachedParameterMap = parseQueryString(queryString);
}
return cachedParameterMap;
}
@@ -311,52 +312,68 @@ public class RequestCoverFilter implements Filter {
}
/**
- * 解析嵌套查询字符串为Map,支持 params[beginTime] 格式
+ * 解析查询字符串,支持普通格式和嵌套格式
*/
- private Map parseNestedQueryString(String queryString) {
+ private Map parseQueryString(String queryString) {
Map parameterMap = new HashMap<>();
- if (queryString != null) {
- try {
- // 先URL解码
- String decodedQueryString = java.net.URLDecoder.decode(queryString, StandardCharsets.UTF_8.name());
- String[] pairs = decodedQueryString.split("&");
+ if (queryString == null || queryString.trim().isEmpty()) {
+ return parameterMap;
+ }
- for (String pair : pairs) {
- String[] keyValue = pair.split("=", 2);
- if (keyValue.length == 2) {
- String key = keyValue[0];
- String value = keyValue[1];
+// log.info("开始解析查询字符串: {}", queryString);
- // 处理嵌套参数格式(如 params[beginTime])
- if (key.startsWith("params[") && key.endsWith("]")) {
- // 提取嵌套参数名,如从 "params[beginTime]" 提取 "beginTime"
- String nestedKey = key.substring(7, key.length() - 1);
+ try {
+ // 先URL解码
+ String decodedQueryString = java.net.URLDecoder.decode(queryString, StandardCharsets.UTF_8.name());
+ String[] pairs = decodedQueryString.split("&");
- // 将嵌套参数转换为 params. 前缀的参数
- String paramsKey = "params[" + nestedKey + "]";
- parameterMap.put(paramsKey, new String[]{value});
- } else {
- // 普通参数处理
- if (parameterMap.containsKey(key)) {
- String[] existingValues = parameterMap.get(key);
- String[] newValues = Arrays.copyOf(existingValues, existingValues.length + 1);
- newValues[existingValues.length] = value;
- parameterMap.put(key, newValues);
- } else {
- parameterMap.put(key, new String[]{value});
- }
- }
- }
+ for (String pair : pairs) {
+ if (pair == null || pair.trim().isEmpty()) {
+ continue;
}
- } catch (Exception e) {
- log.warn("解析嵌套查询字符串失败,使用简单解析: {}", e.getMessage());
- return parseSimpleQueryString(queryString);
+ String[] keyValue = pair.split("=", 2);
+ if (keyValue.length >= 1) {
+ String key = keyValue[0].trim();
+ String value = keyValue.length == 2 ? keyValue[1].trim() : "";
+
+ // 处理嵌套参数格式(如 params[beginTime])
+ if (key.startsWith("params[") && key.endsWith("]")) {
+ String nestedKey = key.substring(7, key.length() - 1);
+ String paramsKey = "params[" + nestedKey + "]";
+ addParameter(parameterMap, paramsKey, value);
+ } else {
+ // 处理普通参数(如 pageNum=1, pageSize=10)
+ addParameter(parameterMap, key, value);
+ }
+ }
}
+
+ } catch (Exception e) {
+ log.warn("解析查询字符串失败: {}", e.getMessage());
+ // 失败时尝试简单解析
+ return parseSimpleQueryString(queryString);
}
+
+// log.info("解析后的参数Map: {}", parameterMap);
return parameterMap;
}
+ /**
+ * 添加参数到Map,支持多值参数
+ */
+ private void addParameter(Map parameterMap, String key, String value) {
+ if (parameterMap.containsKey(key)) {
+ String[] existingValues = parameterMap.get(key);
+ String[] newValues = Arrays.copyOf(existingValues, existingValues.length + 1);
+ newValues[existingValues.length] = value;
+ parameterMap.put(key, newValues);
+ } else {
+ parameterMap.put(key, new String[]{value});
+ }
+// log.info("添加参数: {} = {}", key, value);
+ }
+
/**
* 简单解析查询字符串(备用方案)
*/
@@ -369,15 +386,7 @@ public class RequestCoverFilter implements Filter {
if (keyValue.length == 2) {
String key = keyValue[0];
String value = keyValue[1];
-
- if (parameterMap.containsKey(key)) {
- String[] existingValues = parameterMap.get(key);
- String[] newValues = Arrays.copyOf(existingValues, existingValues.length + 1);
- newValues[existingValues.length] = value;
- parameterMap.put(key, newValues);
- } else {
- parameterMap.put(key, new String[]{value});
- }
+ addParameter(parameterMap, key, value);
}
}
}
diff --git a/bonus-framework/src/main/java/com/bonus/framework/config/SecurityConfig.java b/bonus-framework/src/main/java/com/bonus/framework/config/SecurityConfig.java
index 17d23c6..29e6189 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/config/SecurityConfig.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/config/SecurityConfig.java
@@ -10,6 +10,7 @@ import org.springframework.security.authentication.dao.DaoAuthenticationProvider
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@@ -111,7 +112,7 @@ public class SecurityConfig
.authorizeHttpRequests((requests) -> {
permitAllUrl.getUrls().forEach(url -> requests.antMatchers(url).permitAll());
// 对于登录login 注册register 验证码captchaImage 允许匿名访问
- requests.antMatchers("/login", "/register", "/captchaImage").permitAll()
+ requests.antMatchers("/login", "/register", "/captchaImage","/session/check").permitAll()
// 静态资源,可匿名访问
.antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
.antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()
diff --git a/bonus-framework/src/main/java/com/bonus/framework/config/SessionConfig.java b/bonus-framework/src/main/java/com/bonus/framework/config/SessionConfig.java
new file mode 100644
index 0000000..adb50da
--- /dev/null
+++ b/bonus-framework/src/main/java/com/bonus/framework/config/SessionConfig.java
@@ -0,0 +1,30 @@
+package com.bonus.framework.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+
+/**
+ * Session管理配置
+ */
+@Configuration
+public class SessionConfig {
+
+ /**
+ * 注册SessionRegistry bean
+ */
+ @Bean
+ public SessionRegistry sessionRegistry() {
+ return new SessionRegistryImpl();
+ }
+
+ /**
+ * 注册HttpSessionEventPublisher,用于监听session创建和销毁事件
+ */
+ @Bean
+ public HttpSessionEventPublisher httpSessionEventPublisher() {
+ return new HttpSessionEventPublisher();
+ }
+}
\ No newline at end of file
diff --git a/bonus-framework/src/main/java/com/bonus/framework/filter/ReplayAttackFilter.java b/bonus-framework/src/main/java/com/bonus/framework/filter/ReplayAttackFilter.java
index 9d46a66..0071f49 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/filter/ReplayAttackFilter.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/filter/ReplayAttackFilter.java
@@ -38,6 +38,7 @@ public class ReplayAttackFilter implements Filter {
ignoreUrlPatterns.add("/smartArchives/logout");
ignoreUrlPatterns.add("/smartArchives/getInfo");
ignoreUrlPatterns.add("/smartArchives/getRouters");
+ ignoreUrlPatterns.add("/smartArchives/session/check");
}
@Autowired
diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
index e59688a..b2c8a54 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/ParamSecureHandler.java
@@ -5,6 +5,7 @@ import com.bonus.common.core.domain.AjaxResult;
import com.bonus.common.utils.SafeUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
+import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
@@ -33,6 +34,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
ignoreUrlPatterns.add("/smartArchives/logout");
ignoreUrlPatterns.add("/smartArchives/getInfo");
ignoreUrlPatterns.add("/smartArchives/getRouters");
+ ignoreUrlPatterns.add("/smartArchives/session/check");
}
private String rnd = null;
@@ -67,6 +69,7 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
}
XssRequestWrapper requestWrapper = new XssRequestWrapper(request);
+ System.err.println(JSON.toJSONString(request.getParameterMap()));
/**
* 校验参数是否合法
*/
diff --git a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
index 2eb3934..e5632e4 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/interceptor/XssRequestWrapper.java
@@ -17,7 +17,6 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
@@ -47,12 +46,12 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
}
String requestBody = stringBuilder.toString();
- // 进行XSS清理
- streamParam = xssClean(requestBody);
+ // 不变更请求体,只做检测
+ streamParam = requestBody;
body = streamParam.getBytes(request.getCharacterEncoding() != null ?
request.getCharacterEncoding() : "UTF-8");
- // 检查安全性
+ // 检查安全性(仅校验,不篡改)
String queryStr = request.getQueryString();
setChecked(xssCleanNew(requestBody) && (queryStr == null || xssCleanNew(queryStr)));
@@ -63,7 +62,8 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
setChecked(false);
}
- queryString = xssClean(request.getQueryString());
+ // 不对查询串做篡改,保持原样,防止影响参数绑定
+ queryString = request.getQueryString();
}
@Override
@@ -166,18 +166,14 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
private static final String regex9 = "vbscript:";
private static final String regex10 = "onload(.*?)=";
- // 添加安全脚本模式
- public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|<>|\\[\\]|\\(\\)|\"|script|alert|svg|confirm|prompt|onload|%3c|%3e|%2b|@|!|img|src)";
+ // 安全模式:移除过度严格的字符级别清理,避免破坏 JSON/参数结构
+ // public static final String SAFE_SCRIPT_PATTERN = "(\\||;|\\$|'|\\'|0x0d|0x0a|\\%27|\\%3B|_|.)";
private String xssClean(String value) {
if (value == null) {
return null;
}
- // 移除空字符串替换(这行代码没有实际效果)
- // value = value.replaceAll("", "");
-
- // 使用预编译的模式提高性能
value = Pattern.compile(regex1, Pattern.CASE_INSENSITIVE).matcher(value).replaceAll("");
value = Pattern.compile(regex2, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL).matcher(value).replaceAll("");
value = Pattern.compile(regex3, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL).matcher(value).replaceAll("");
@@ -188,8 +184,8 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
value = Pattern.compile(regex8, Pattern.CASE_INSENSITIVE).matcher(value).replaceAll("");
value = Pattern.compile(regex9, Pattern.CASE_INSENSITIVE).matcher(value).replaceAll("");
value = Pattern.compile(regex10, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL).matcher(value).replaceAll("");
- // 添加额外的安全过滤
- value = Pattern.compile(SAFE_SCRIPT_PATTERN, Pattern.CASE_INSENSITIVE).matcher(value).replaceAll("");
+ // 移除对普通字符的全量替换,防止破坏字段名/JSON结构
+ // value = Pattern.compile(SAFE_SCRIPT_PATTERN, Pattern.CASE_INSENSITIVE).matcher(value).replaceAll("");
return value;
}
@@ -215,7 +211,8 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
patterns.add(Pattern.compile(regex8, Pattern.CASE_INSENSITIVE));
patterns.add(Pattern.compile(regex9, Pattern.CASE_INSENSITIVE));
patterns.add(Pattern.compile(regex10, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL));
- patterns.add(Pattern.compile(SAFE_SCRIPT_PATTERN, Pattern.CASE_INSENSITIVE));
+ // 移除过度严格的 SAFE_SCRIPT_PATTERN 检查
+ // patterns.add(Pattern.compile(SAFE_SCRIPT_PATTERN, Pattern.CASE_INSENSITIVE));
for (Pattern pattern : patterns) {
if (match(pattern, value)) {
@@ -332,7 +329,8 @@ public class XssRequestWrapper extends HttpServletRequestWrapper {
patterns.add(Pattern.compile(regex8, Pattern.CASE_INSENSITIVE));
patterns.add(Pattern.compile(regex9, Pattern.CASE_INSENSITIVE));
patterns.add(Pattern.compile(regex10, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL));
- patterns.add(Pattern.compile(SAFE_SCRIPT_PATTERN, Pattern.CASE_INSENSITIVE));
+ // 移除过度严格的 SAFE_SCRIPT_PATTERN 检查
+ // patterns.add(Pattern.compile(SAFE_SCRIPT_PATTERN, Pattern.CASE_INSENSITIVE));
for (Pattern pattern : patterns) {
if (match(pattern, value)) {
diff --git a/bonus-framework/src/main/java/com/bonus/framework/security/handle/LogoutSuccessHandlerImpl.java b/bonus-framework/src/main/java/com/bonus/framework/security/handle/LogoutSuccessHandlerImpl.java
index 15f1f71..8f69a27 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/security/handle/LogoutSuccessHandlerImpl.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/security/handle/LogoutSuccessHandlerImpl.java
@@ -4,6 +4,7 @@ import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.Authentication;
@@ -30,6 +31,7 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
@Autowired
private TokenService tokenService;
+
/**
* 退出处理
*
@@ -43,6 +45,7 @@ public class LogoutSuccessHandlerImpl implements LogoutSuccessHandler
if (StringUtils.isNotNull(loginUser))
{
String userName = loginUser.getUsername();
+ String sessionId = request.getSession().getId();
// 删除用户缓存记录
tokenService.delLoginUser(loginUser.getToken());
// 记录用户退出日志
diff --git a/bonus-framework/src/main/java/com/bonus/framework/web/service/SysLoginService.java b/bonus-framework/src/main/java/com/bonus/framework/web/service/SysLoginService.java
index 2906dc3..098c987 100644
--- a/bonus-framework/src/main/java/com/bonus/framework/web/service/SysLoginService.java
+++ b/bonus-framework/src/main/java/com/bonus/framework/web/service/SysLoginService.java
@@ -1,11 +1,14 @@
package com.bonus.framework.web.service;
import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import com.bonus.common.constant.CacheConstants;
import com.bonus.common.constant.Constants;
@@ -52,6 +55,8 @@ public class SysLoginService
@Autowired
private ISysConfigService configService;
+
+
/**
* 登录验证
*
@@ -61,7 +66,7 @@ public class SysLoginService
* @param uuid 唯一标识
* @return 结果
*/
- public String login(String username, String password, String code, String uuid)
+ public String login(HttpServletRequest request,String username, String password, String code, String uuid)
{
// 验证码校验
validateCaptcha(username, code, uuid);
diff --git a/bonus-system/src/main/resources/mapper/system/DataCollectDataMapper.xml b/bonus-system/src/main/resources/mapper/system/DataCollectDataMapper.xml
index 300d4ba..e0319dd 100644
--- a/bonus-system/src/main/resources/mapper/system/DataCollectDataMapper.xml
+++ b/bonus-system/src/main/resources/mapper/system/DataCollectDataMapper.xml
@@ -9,7 +9,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
from da_ky_data_collect_data
where del_flag = '1'
- data_classify_id = #{dataClassifyId}
+ AND data_classify_id = #{dataClassifyId}
diff --git a/bonus-system/src/main/resources/mapper/system/SysIpWhitelistMapper.xml b/bonus-system/src/main/resources/mapper/system/SysIpWhitelistMapper.xml
index d74c12c..d7a3e4a 100644
--- a/bonus-system/src/main/resources/mapper/system/SysIpWhitelistMapper.xml
+++ b/bonus-system/src/main/resources/mapper/system/SysIpWhitelistMapper.xml
@@ -65,17 +65,23 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
SELECT COUNT(*)
FROM da_ky_sys_ip_whitelist
WHERE status = '0'
- AND (
- (ip_address = #{ip} AND ip_address IS NOT NULL)
- OR
- (ip_range_start IS NOT NULL AND ip_range_end IS NOT NULL
- AND INET_ATON(#{ip}) BETWEEN INET_ATON(ip_range_start) AND INET_ATON(ip_range_end))
- )
- AND (
+ AND (
+ (TRIM(ip_address) = #{ip})
+ OR
+ (ip_range_start IS NOT NULL
+ AND ip_range_end IS NOT NULL
+ AND TRIM(ip_range_start) != ''
+ AND TRIM(ip_range_end) != ''
+ AND INET_ATON(#{ip}) BETWEEN
+ INET_ATON(TRIM(ip_range_start)) AND
+ INET_ATON(TRIM(ip_range_end)))
+ )
+ AND (
(access_start_time IS NULL AND access_end_time IS NULL)
- OR
- (#{currentTime} BETWEEN access_start_time AND access_end_time)
- )
+ OR
+ (access_start_time <= #{currentTime}
+ AND access_end_time >= #{currentTime})
+ )