bonus
/
smart_archives_service
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

代码提交

This commit is contained in:
liang.chao 2025-10-14 17:44:23 +08:00
parent 6ae48554ca
commit b4e96a5835
10 changed files with 150 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
bonus-admin/src/main/java/com/bonus/web/controller/archive/FileManagementController.java
View File

@ -30,6 +30,7 @@ import javax.validation.ConstraintViolation;
import javax.validation.Validation;
import javax.validation.Validator;
import javax.validation.ValidatorFactory;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
@ -370,22 +371,76 @@ public class FileManagementController extends BaseController {
return R.fail("文件未找到");
}
String filePath = uploadDir + record.getFilePath();
String fileName = record.getFileName();
// 直接使用字符串处理构建安全路径
String safeFullPath = buildSecureFullPath(uploadDir, record.getFilePath());
if (safeFullPath == null) {
return R.fail("无效的文件路径");
}
Path path = Paths.get(filePath);
File file = new File(safeFullPath);
if (!file.exists() || !file.isFile()) {
return R.fail("文件未找到");
}
// 2. 读取文件为字节数组
byte[] fileBytes = Files.readAllBytes(path);
try {
byte[] fileBytes = Files.readAllBytes(file.toPath());
String base64String = Base64.getEncoder().encodeToString(fileBytes);
// 3. 转为 Base64 编码字符串
String base64String = Base64.getEncoder().encodeToString(fileBytes);
response.put("fileName", record.getFileName());
response.put("suffix_name", record.getSuffixName());
response.put("fileBase64", base64String);
return R.ok(response);
} catch (IOException e) {
return R.fail("文件读取失败");
}
}
// 4. 设置响应数据
response.put("fileName", fileName);
response.put("suffix_name", record.getSuffixName());
// Base64 内容可直接用于前端
response.put("fileBase64", base64String);
return R.ok(response);
/**
* 构建安全的完整文件路径
*/
private String buildSecureFullPath(String baseDir, String filePath) {
if (StringUtils.isBlank(filePath)) {
return null;
}
// 统一路径分隔符
String unifiedPath = filePath.replace('\\', '/');
// 移除开头的斜杠
unifiedPath = unifiedPath.replaceAll("^/+", "");
// 检查路径遍历
if (unifiedPath.contains("../") || unifiedPath.contains("..\\")) {
return null;
}
// 检查绝对路径
if (unifiedPath.matches("^[a-zA-Z]:/.*") || unifiedPath.startsWith("/")) {
return null;
}
// 构建完整路径
String fullPath;
if (baseDir.endsWith(File.separator)) {
fullPath = baseDir + unifiedPath;
} else {
fullPath = baseDir + File.separator + unifiedPath;
}
// 使用File的getCanonicalPath进行最终验证
try {
File canonicalFile = new File(fullPath);
String canonicalPath = canonicalFile.getCanonicalPath();
// 验证是否仍在基础目录内
String canonicalBaseDir = new File(baseDir).getCanonicalPath();
if (!canonicalPath.startsWith(canonicalBaseDir)) {
return null;
}
return canonicalPath;
} catch (IOException e) {
return null;
}
}
}

39
bonus-common/src/main/java/com/bonus/common/utils/encryption/Sm4Utils.java
View File

@ -4,17 +4,42 @@ import cn.hutool.core.util.HexUtil;
import cn.hutool.crypto.Mode;
import cn.hutool.crypto.Padding;
import cn.hutool.crypto.symmetric.SM4;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import javax.annotation.PostConstruct;
/**
* @author bonus
*/
@Component
public class Sm4Utils {
/**
* 必须是16字节
*/
private static final String KEY = "78d1295afa99449b99d6f83820e6965c";
@Value("${Sm4.KEY}")
private String key;
private static final String IV = "f555adf6c01d0ab0761e626a2dae34a2";
@Value("${Sm4.IV}")
private String iv;
private static String KEY;
private static String IV;
@PostConstruct
public void init() {
KEY = this.key;
IV = this.iv;
}
// 静态方法供外部使用
public static String getKey() {
return KEY;
}
public static String getIv() {
return IV;
}
/**
* 加密数据使用固定盐
*
@ -23,7 +48,9 @@ public class Sm4Utils {
*/
public static String encrypt(String plainText) {
try {
SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(IV));
SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(getKey()),HexUtil.decodeHex(getIv()));
System.out.println("key:"+getKey());
System.out.println("iv:"+getIv());
// 加密带盐的明文
byte[] encryptedData = sm4.encrypt(plainText);
// 返回带盐的加密结果Hex编码
@ -43,7 +70,7 @@ public class Sm4Utils {
public static String decrypt(String cipherText) {
try {
// 初始化SM4解密工具
SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(KEY),HexUtil.decodeHex(IV));
SM4 sm4 = new SM4(Mode.CBC, Padding.PKCS5Padding, HexUtil.decodeHex(getKey()),HexUtil.decodeHex(getIv()));
// 解密数据
byte[] decryptedData = sm4.decrypt(cipherText);
return new String(decryptedData);
@ -53,7 +80,7 @@ public class Sm4Utils {
}
// 测试方法演示加密和解密过程
public static void main(String[] args) {
/* public static void main(String[] args) {
String plainText = "15398187429";
System.out.println("原文: " + plainText);
@ -64,5 +91,5 @@ public class Sm4Utils {
// 解密密文
String decryptedText = Sm4Utils.decrypt(plainText);
System.out.println("解密后: " + decryptedText);
}
}*/
}

27
bonus-common/src/main/java/com/bonus/common/utils/http/HttpUtils.java
View File

@ -25,7 +25,7 @@ import org.springframework.http.MediaType;
/**
* 通用http发送方法
*
*
* @author bonus
*/
public class HttpUtils
@ -132,7 +132,7 @@ public class HttpUtils
/**
* 向指定 URL 发送POST方法的请求
*
*
* @param url 发送请求的 URL
* @param param 请求参数
* @param contentType 内容类型
@ -215,7 +215,8 @@ public class HttpUtils
try
{
log.info("sendSSLPost - {}", urlNameString);
SSLContext sc = SSLContext.getInstance("SSL");
// SSLContext sc = SSLContext.getInstance("SSL");
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new java.security.SecureRandom());
URL console = new URL(urlNameString);
HttpsURLConnection conn = (HttpsURLConnection) console.openConnection();
@ -228,7 +229,7 @@ public class HttpUtils
conn.setDoInput(true);
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier(new TrustAnyHostnameVerifier());
conn.setHostnameVerifier(new SecureHostnameVerifier());
conn.connect();
InputStream is = conn.getInputStream();
BufferedReader br = new BufferedReader(new InputStreamReader(is));
@ -282,12 +283,18 @@ public class HttpUtils
}
}
private static class TrustAnyHostnameVerifier implements HostnameVerifier
{
public static class SecureHostnameVerifier implements HostnameVerifier {
private final HostnameVerifier defaultVerifier;
public SecureHostnameVerifier() {
// 使用 JVM 默认的主机名验证器
this.defaultVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
}
@Override
public boolean verify(String hostname, SSLSession session)
{
return true;
public boolean verify(String hostname, SSLSession session) {
// 使用标准的主机名验证
return defaultVerifier.verify(hostname, session);
}
}
}
}

12
bonus-framework/src/main/java/com/bonus/framework/filter/RequestCoverFilter.java
View File

@ -159,7 +159,6 @@ public class RequestCoverFilter implements Filter {
if (integrality) {
String[] parts = requestBody.split("\\|");
if (parts.length != 2) {
log.error("解密后的请求体格式不正确: {}", requestBody);
throw new CaptchaException("请求参数不正确");
}
integrityVerification(parts[1], parts[0]);
@ -176,7 +175,6 @@ public class RequestCoverFilter implements Filter {
chain.doFilter(wrappedRequest, response);
} catch (Exception e) {
log.error("处理请求体时发生错误: {}", e.getMessage(), e);
throw new ServletException("请求处理失败", e);
}
}
@ -235,7 +233,6 @@ public class RequestCoverFilter implements Filter {
if (integrality) {
String[] parts = query.split("\\|");
if (parts.length != 2) {
log.error("解密后的参数格式不正确: {}", query);
throw new CaptchaException("请求参数不正确");
}
integrityVerification(parts[1], parts[0]);
@ -250,7 +247,6 @@ public class RequestCoverFilter implements Filter {
return new QueryStringRequestWrapper(request, query);
} catch (Exception e) {
log.error("解密查询参数时发生错误: {}", e.getMessage(), e);
throw new CaptchaException("请求参数不正确");
}
}
@ -488,7 +484,6 @@ public class RequestCoverFilter implements Filter {
if (integrality) {
String[] parts = decryptedParams.split("\\|");
if (parts.length != 2) {
log.error("解密后的参数格式不正确: {}", decryptedParams);
throw new CaptchaException("请求参数不正确");
}
integrityVerification(parts[1], parts[0]);
@ -505,7 +500,6 @@ public class RequestCoverFilter implements Filter {
}
} catch (Exception e) {
log.error("处理 multipart params 参数时发生错误: {}", e.getMessage(), e);
throw new CaptchaException("请求参数不正确");
}
}
@ -520,8 +514,8 @@ public class RequestCoverFilter implements Filter {
throw new CaptchaException("请求参数不正确");
}
String calculatedHash = Sm3Util.encrypt(data);
log.info("计算出的哈希值: {}", calculatedHash);
log.info("提供的哈希值: {}", providedHmac);
// log.info("计算出的哈希值: {}", calculatedHash);
// log.info("提供的哈希值: {}", providedHmac);
if (!calculatedHash.equals(providedHmac)) {
log.error("参数完整性校验失败");
throw new CaptchaException("请求参数不正确");
@ -606,4 +600,4 @@ public class RequestCoverFilter implements Filter {
}
return SystemConfigStatus;
}
}
}

4
bonus-generator/src/main/java/com/bonus/generator/controller/GenController.java
View File

@ -194,7 +194,7 @@ public class GenController extends BaseController {
/**
* 生成代码自定义路径
*/
@RequiresPermissions("tool:gen:code")
/* @RequiresPermissions("tool:gen:code")
@Log(title = "代码生成", businessType = BusinessType.GENCODE)
@GetMapping("/genCode/{tableName}")
public AjaxResult genCode(@PathVariable("tableName") String tableName) {
@ -203,7 +203,7 @@ public class GenController extends BaseController {
}
genTableService.generatorCode(tableName);
return success();
}
}*/
/**
* 同步数据库

23
bonus-generator/src/main/java/com/bonus/generator/mapper/GenTableMapper.java
View File

@ -2,17 +2,18 @@ package com.bonus.generator.mapper;
import java.util.List;
import com.bonus.generator.domain.GenTable;
import org.apache.ibatis.annotations.Param;
/**
* 业务 数据层
*
*
* @author bonus
*/
public interface GenTableMapper
{
/**
* 查询业务列表
*
*
* @param genTable 业务信息
* @return 业务集合
*/
@ -20,7 +21,7 @@ public interface GenTableMapper
/**
* 查询据库列表
*
*
* @param genTable 业务信息
* @return 数据库表集合
*/
@ -28,7 +29,7 @@ public interface GenTableMapper
/**
* 查询据库列表
*
*
* @param tableNames 表名称组
* @return 数据库表集合
*/
@ -36,14 +37,14 @@ public interface GenTableMapper
/**
* 查询所有表信息
*
*
* @return 表信息集合
*/
public List<GenTable> selectGenTableAll();
/**
* 查询表ID业务信息
*
*
* @param id 业务ID
* @return 业务信息
*/
@ -51,7 +52,7 @@ public interface GenTableMapper
/**
* 查询表名称业务信息
*
*
* @param tableName 表名称
* @return 业务信息
*/
@ -59,7 +60,7 @@ public interface GenTableMapper
/**
* 新增业务
*
*
* @param genTable 业务信息
* @return 结果
*/
@ -67,7 +68,7 @@ public interface GenTableMapper
/**
* 修改业务
*
*
* @param genTable 业务信息
* @return 结果
*/
@ -75,7 +76,7 @@ public interface GenTableMapper
/**
* 批量删除业务
*
*
* @param ids 需要删除的数据ID
* @return 结果
*/
@ -87,5 +88,5 @@ public interface GenTableMapper
* @param sql 表结构
* @return 结果
*/
public int createTable(String sql);
public int createTable(@Param("sql") String sql);
}

30
bonus-generator/src/main/resources/mapper/generator/GenTableMapper.xml
View File

@ -28,7 +28,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<result property="remark" column="remark" />
<collection property="columns" javaType="java.util.List" resultMap="GenTableColumnResult" />
</resultMap>
<resultMap type="GenTableColumn" id="GenTableColumnResult">
<id property="columnId" column="column_id" />
<result property="tableId" column="table_id" />
@ -53,11 +53,11 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<result property="updateBy" column="update_by" />
<result property="updateTime" column="update_time" />
</resultMap>
<sql id="selectGenTableVo">
select table_id, table_name, table_comment, sub_table_name, sub_table_fk_name, class_name, tpl_category, tpl_web_type, package_name, module_name, business_name, function_name, function_author, gen_type, gen_path, options, create_by, create_time, update_by, update_time, remark from da_ky_gen_table
</sql>
<select id="selectGenTableList" parameterType="GenTable" resultMap="GenTableResult">
<include refid="selectGenTableVo"/>
<where>
@ -95,22 +95,22 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
</if>
order by create_time desc
</select>
<select id="selectDbTableListByNames" resultMap="GenTableResult">
select table_name, table_comment, create_time, update_time from information_schema.tables
where table_name NOT LIKE 'qrtz\_%' and table_name NOT LIKE 'gen\_%' and table_schema = (select database())
and table_name in
<foreach collection="array" item="name" open="(" separator="," close=")">
#{name}
</foreach>
</foreach>
</select>
<select id="selectTableByName" parameterType="String" resultMap="GenTableResult">
select table_name, table_comment, create_time, update_time from information_schema.tables
where table_comment <![CDATA[ <> ]]> '' and table_schema = (select database())
and table_name = #{tableName}
</select>
<select id="selectGenTableById" parameterType="Long" resultMap="GenTableResult">
SELECT t.table_id, t.table_name, t.table_comment, t.sub_table_name, t.sub_table_fk_name, t.class_name, t.tpl_category, t.tpl_web_type, t.package_name, t.module_name, t.business_name, t.function_name, t.function_author, t.gen_type, t.gen_path, t.options, t.remark,
c.column_id, c.column_name, c.column_comment, c.column_type, c.java_type, c.java_field, c.is_pk, c.is_increment, c.is_required, c.is_insert, c.is_edit, c.is_list, c.is_query, c.query_type, c.html_type, c.dict_type, c.sort
@ -118,7 +118,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
LEFT JOIN da_ky_gen_table_column c ON t.table_id = c.table_id
where t.table_id = #{tableId} order by c.sort
</select>
<select id="selectGenTableByName" parameterType="String" resultMap="GenTableResult">
SELECT t.table_id, t.table_name, t.table_comment, t.sub_table_name, t.sub_table_fk_name, t.class_name, t.tpl_category, t.tpl_web_type, t.package_name, t.module_name, t.business_name, t.function_name, t.function_author, t.gen_type, t.gen_path, t.options, t.remark,
c.column_id, c.column_name, c.column_comment, c.column_type, c.java_type, c.java_field, c.is_pk, c.is_increment, c.is_required, c.is_insert, c.is_edit, c.is_list, c.is_query, c.query_type, c.html_type, c.dict_type, c.sort
@ -126,7 +126,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
LEFT JOIN da_ky_gen_table_column c ON t.table_id = c.table_id
where t.table_name = #{tableName} order by c.sort
</select>
<select id="selectGenTableAll" parameterType="String" resultMap="GenTableResult">
SELECT t.table_id, t.table_name, t.table_comment, t.sub_table_name, t.sub_table_fk_name, t.class_name, t.tpl_category, t.tpl_web_type, t.package_name, t.module_name, t.business_name, t.function_name, t.function_author, t.options, t.remark,
c.column_id, c.column_name, c.column_comment, c.column_type, c.java_type, c.java_field, c.is_pk, c.is_increment, c.is_required, c.is_insert, c.is_edit, c.is_list, c.is_query, c.query_type, c.html_type, c.dict_type, c.sort
@ -134,7 +134,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
LEFT JOIN da_ky_gen_table_column c ON t.table_id = c.table_id
order by c.sort
</select>
<insert id="insertGenTable" parameterType="GenTable" useGeneratedKeys="true" keyProperty="tableId">
insert into da_ky_gen_table (
<if test="tableName != null">table_name,</if>
@ -170,11 +170,11 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
sysdate()
)
</insert>
<update id="createTable">
${sql}
#{sql}
</update>
<update id="updateGenTable" parameterType="GenTable">
update da_ky_gen_table
<set>
@ -199,7 +199,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
</set>
where table_id = #{tableId}
</update>
<delete id="deleteGenTableByIds" parameterType="Long">
delete from da_ky_gen_table where table_id in
<foreach collection="array" item="tableId" open="(" separator="," close=")">
@ -207,4 +207,4 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
</foreach>
</delete>
</mapper>
</mapper>

2
bonus-system/src/main/resources/mapper/system/SysDeptMapper.xml
View File

@ -42,8 +42,6 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="status != null and status != ''">
AND status = #{status}
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
order by d.parent_id, d.order_num
</select>

2
bonus-system/src/main/resources/mapper/system/SysRoleMapper.xml
View File

@ -51,8 +51,6 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
and date_format(r.create_time,'%Y%m%d') &lt;= date_format(#{params.endTime},'%Y%m%d')
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
order by r.role_sort
</select>

6
bonus-system/src/main/resources/mapper/system/SysUserMapper.xml
View File

@ -91,8 +91,6 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="deptId != null and deptId != 0">
AND (u.dept_id = #{deptId} OR u.dept_id IN ( SELECT t.dept_id FROM da_ky_sys_dept t WHERE find_in_set(#{deptId}, ancestors) ))
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
</select>
<select id="selectAllocatedList" parameterType="SysUser" resultMap="SysUserResult">
@ -108,8 +106,6 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="phonenumber != null and phonenumber != ''">
AND INSTR(u.phonenumber, #{phonenumber}) > 0
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
</select>
<select id="selectUnallocatedList" parameterType="SysUser" resultMap="SysUserResult">
@ -126,8 +122,6 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
<if test="phonenumber != null and phonenumber != ''">
AND INSTR(u.phonenumber, #{phonenumber}) > 0
</if>
<!-- 数据范围过滤 -->
${params.dataScope}
</select>
<select id="selectUserByUserName" parameterType="String" resultMap="SysUserResult">