系统日志/业务日志

2024-03-01 18:04:49 +08:00 · 2024-03-01 18:04:49 +08:00 · 0b1dc5e473
parent d0b905d40a
commit 0b1dc5e473
7 changed files with 130 additions and 87 deletions
--- a/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/constant/Constant.java
+++ b/securitycontrol-commons/securitycontrol-commons-core/src/main/java/com/securitycontrol/common/core/constant/Constant.java
@ -10,5 +10,5 @@ public class Constant {

    public final static Integer PARENT_ID = 0;

-    public final static Integer MENU_TYPE = 3;
+    public final static Integer MENU_TYPE = 2;
 }
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/config/WebMvcConfig.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/config/WebMvcConfig.java
@ -19,18 +19,18 @@ import com.securitycontrol.common.security.interceptor.HeaderInterceptor;
 public class WebMvcConfig implements WebMvcConfigurer
 {
    /** 不需要拦截地址 */
-    public static final String[] EXCLUDE_URLS = { "/login", "/logout", "/refresh","/getUserTicket","/sys/logs/saveLogs","/error","/api/ballrisk/findBallGb","/api/ballrisk/getDeviceState","/api/ballrisk/findDeviceStatus" };
+    public static final String[] EXCLUDE_URLS = { "/login/**","/userLogin/**","/sys/sysLog/saveLogs", "/logout", "/refresh","/getUserTicket","/sys/logs/saveLogs","/error","/sys/select/**" };
    @Override
    public void addInterceptors(InterceptorRegistry registry)
    {
-/*      registry.addInterceptor(getParamSecureInterceptor())
-                .addPathPatterns("/**")
-                .excludePathPatterns(excludeUrls)
-                .order(-10);*/
        registry.addInterceptor(getHeaderInterceptor())
                .addPathPatterns("/**")
                .excludePathPatterns(EXCLUDE_URLS)
                .order(-10);
+        registry.addInterceptor(getParamSecureInterceptor())
+                .addPathPatterns("/**")
+                .excludePathPatterns(EXCLUDE_URLS)
+                .order(-10);
    }


--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/enums/UrlEnums.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/enums/UrlEnums.java
@ -6,24 +6,12 @@ package com.securitycontrol.common.security.enums;

 public enum UrlEnums {
    //注释
-    DICT_URL("/sys/dict/", "字典管理"),
-    LOG_URL("/sys/logs/", "日志管理"),
-    menu_url("/sys/menu/", "菜单管理"),
-    ROLE_URL("/sys/role/", "角色管理"),
-    USER_URL("/userManage/", "用户管理"),
-    DEVICE_URL("/device/", "设备管理"),
-    LEDGER_URL("/ledger", "设备流转台帐"),
-    DEVICE_TYPE_URL("/dev/type/", "设备类型管理"),
-    HOME_URL("/home", "综合展示"),
-    NEW_PRO_URL("/newPro", "工程明细"),
-    TEAM_URL("/team", "班组明细"),
-    RISK_URL("/TRiskPressDropRate", "压降率计算"),
-    UAV_URL("/uav", "无人机巡视"),
-    DAILY_URL("/dailyDutyReport/", "值班日报"),
-    DAILY_STATISTIC_URL("/dutyStatistics/", "值班统计"),
-    SUPER_STATISTICS_URL("/superStatistics/", "违章统计"),
-    TODAY_TASK_URL("/todayTask/", "今日任务"),
-    VOI_PHOTO_LIBRARY_URL("/voiPhotoLibrary/", "违章库照片"),
+    DICT_URL("/sys/dict/", "系统管理-字典管理"),
+    LOG_URL("/sys/logs/", "系统管理-日志管理"),
+    menu_url("/sys/menu/", "系统管理-菜单管理"),
+    ROLE_URL("/sys/role/", "系统管理-角色管理"),
+    USER_URL("/sys/role/", "系统管理-用户管理"),
+    ORG_URL("/sys/role/", "系统管理-组织机构"),
    ;

    private final String url;
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/MyFilter.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/MyFilter.java
@ -0,0 +1,29 @@
+package com.securitycontrol.common.security.interceptor;
+
+import com.securitycontrol.common.security.utils.XssRequestWrapper;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+/**
+ * @author：cwchen
+ * @date：2024-03-01-15:07
+ * @version：1.0
+ * @description：过滤器，处理request
+ */
+@WebFilter
+public class MyFilter implements Filter{
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        ServletRequest requestWrapper = null;
+        if(servletRequest instanceof HttpServletRequest) {
+            requestWrapper = new XssRequestWrapper((HttpServletRequest) servletRequest);
+        }
+        if(requestWrapper == null) {
+            filterChain.doFilter(servletRequest, servletResponse);
+        } else {
+            filterChain.doFilter(requestWrapper, servletResponse);
+        }
+    }
+}
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/ParamSecureHandler.java
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/java/com/securitycontrol/common/security/interceptor/ParamSecureHandler.java
@ -12,11 +12,16 @@ import com.securitycontrol.common.core.utils.ip.IpUtils;
 import com.securitycontrol.common.core.web.domain.AjaxResult;
 import com.securitycontrol.common.security.enums.UrlEnums;
 import com.securitycontrol.common.security.utils.SafeUtil;
+import com.securitycontrol.common.security.utils.SecurityUtils;
 import com.securitycontrol.common.security.utils.Sm3Utils;
 import com.securitycontrol.common.security.utils.XssRequestWrapper;
 import com.securitycontrol.system.api.RemoteLogService;
+import com.securitycontrol.system.api.RemoteUserService;
+import com.securitycontrol.system.api.domain.SysLog;
 import com.securitycontrol.system.api.domain.SysOperLog;
+import com.securitycontrol.system.api.model.LoginUser;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.PathMatcher;
@ -43,51 +48,33 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
    private String rnd = null;


-    private final String whiteURL ="http://10.145.34.32:21001/";
+    private final String whiteURL = "http://127.0.0.1:18080/";

    @Autowired
    private RemoteLogService remoteLogService;

+    @Autowired
+    private RemoteUserService remoteUserService;
+
    private static Map<String, List<Double>> requestLogMap = null;

 //      IResourceService resourceService = (IResourceService) AdapterFactory.getInstance(Constants.CLASS_RESOURCE);

-    String  urls="/pot/superStatistics/importExcel";
-    String  urls1="/pot/todayTask/uploadNoticeVio";
-    String  urls2="/userManage/info/";
-    String  url3="/files/";
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("进入了拦截器");
        System.err.println(request.getRequestURI());
-        if(Objects.equals(urls,request.getRequestURI()) ||
-                Objects.equals(urls1,request.getRequestURI()) ||
-                request.getRequestURI().contains(urls2)
-        ){
-            return true;
-        }
-
-        if(StringUtils.isNotBlank(request.getRequestURI())){
-            if(request.getRequestURI().contains(url3)){
-                return true;
-            }
-        }
-
        XssRequestWrapper requestWrapper = new XssRequestWrapper(request);
        String requestUrl = requestWrapper.getRequestURI();
-        /*if (StringUtil.isEmpty(requestUrl.trim())) {
-            return false;
-        }*/
-

        /**
         * 防止refer篡改
         */
-        String referUrl= request.getHeader("Referer");
-        if(!whiteURL.equals(referUrl)){
+        /*String referUrl= request.getHeader("Referer");
+        if(!Objects.equals(whiteURL,referUrl)){
            returnJson(response,"请求来源不正确！",500);
            return false;
-        }
+        }*/
        /**
         * 白名单中不验证参数
         */
@ -132,9 +119,13 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
            }

        }
-        if (!sm3Check(request)) {
+        /*if (!sm3Check(request)) {
            returnJson(response,"请求参数丢失",500);
            return false;
+        }*/
+        if (!checkIsYq(request, requestWrapper)) {
+            returnJson(response, "请求越权,请检查用户权限", 500);
+            return false;
        }
        return true;
    }
@ -154,34 +145,68 @@ public class ParamSecureHandler implements AsyncHandlerInterceptor {
        }
    }

+    /**
+     * 判断是否越权
+     */
+    private boolean checkIsYq(HttpServletRequest request, XssRequestWrapper requestWrapper) throws Exception {
+        String requestURI = request.getRequestURI();
+        String[] headUrls = requestURI.split("/");
+        String url = "/" + headUrls[1] + "/" + headUrls[2];
+        Boolean result = true;
+//        String token = requestWrapper.getParameter("token");
+        String token = SecurityUtils.getToken(request);
+        if (StringUtils.isNotEmpty(token)) {
+
+//            String userId = JwtUtils.getIscUserId(token);
+            String userId = JwtUtils.getUserId(token);
+            System.out.println("拦截器userId:" + userId);
+            if (StringUtil.isEmpty(userId)) {
+                result = false;
+            } else {
+                LoginUser loginUser = SecurityUtils.getLoginUser();
+                if (loginUser != null && loginUser.getSysUser() != null) {
+                    if(CollectionUtils.isNotEmpty(loginUser.getSysUser().getMenus())){
+
+                    }
+                }else{
+//                    return false;
+                }
+//                result = resourceService.hasPermitURLObj(userId, "9b4483c383538275018615493e1451ea", url);
+            }
+            System.out.println("==================越狱记录：========================userId:" + userId + "============是否越狱：" + result);
+        } else {
+            result = false;
+        }
+
+        if (!result) {
+            addExceedsAccessLog(url, token);
+            return false;
+            //添加弹框
+        }
+        return true;
+    }

    private void addExceedsAccessLog(String url, String token) {
-        SysOperLog sysOperLog = new SysOperLog();
-        sysOperLog.setGrade("越权访问");
-        sysOperLog.setOperName(JwtUtils.getUserName(token));
-        sysOperLog.setTimes(DateTimeHelper.getNowTime());
-        sysOperLog.setRoleName("继远管理员");
-        sysOperLog.setDeptName("建设分公司");
-        sysOperLog.setOperIp(IpUtils.getIpAddr(ServletUtils.getRequest()));
+        SysLog sysLog = new SysLog();
+        String id = UUID.randomUUID().toString().replaceAll("-", "");
+        sysLog.setLogId(id);
+        sysLog.setUserId(Long.valueOf(JwtUtils.getUserId(token)));
+        sysLog.setOperaUserName(JwtUtils.getUserName(token));
+        sysLog.setOperTime(DateTimeHelper.getNowTime());
+        sysLog.setIp(IpUtils.getIpAddr(ServletUtils.getRequest()));
        UrlEnums[] enums = UrlEnums.values();
        for (UrlEnums anEnum : enums) {
            if (url.startsWith(anEnum.getUrl())) {
-                sysOperLog.setTitle(anEnum.getInfo());
+                sysLog.setModel(anEnum.getInfo());
            }
        }
-        if (StringUtils.isEmpty(sysOperLog.getTitle())) {
-            sysOperLog.setTitle("系统管理");
-        }
-        sysOperLog.setRequestMethod("");
-        sysOperLog.setMethod("");
-        sysOperLog.setBusinessType(1);
-        sysOperLog.setOperUrl("");
-        sysOperLog.setOperParam("");
-        sysOperLog.setDetail("用户越权访问地址：" + url);
-        sysOperLog.setLogType("系统日志");
-        sysOperLog.setSysMenu("");
-        sysOperLog.setStatus(1);
-        remoteLogService.saveLogs(sysOperLog, SecurityConstants.INNER);
+        sysLog.setLogType(2);
+        sysLog.setOperUri(url);
+        sysLog.setFailureReason("用户越权访问地址");
+        sysLog.setGrade("高");
+        sysLog.setErrType("越权访问");
+        sysLog.setResult(1);
+        remoteLogService.saveSysLog(sysLog, SecurityConstants.INNER);
    }

    /**
--- a/securitycontrol-commons/securitycontrol-commons-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
+++ b/securitycontrol-commons/securitycontrol-commons-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@ -3,3 +3,4 @@ com.securitycontrol.common.security.service.TokenService
 com.securitycontrol.common.security.aspect.PreAuthorizeAspect
 com.securitycontrol.common.security.aspect.InnerAuthAspect
 com.securitycontrol.common.security.handler.GlobalExceptionHandler
+com.securitycontrol.common.security.interceptor.MyFilter
--- a/securitycontrol-model/securitycontrol-system/src/main/resources/mapper/LoginMapper.xml
+++ b/securitycontrol-model/securitycontrol-system/src/main/resources/mapper/LoginMapper.xml
@ -21,14 +21,14 @@
        select  DISTINCT sm.menu_auth
        FROM sys_user  su
         left join sys_role_menu  srm on srm .role_id=su.role_id
-         left join sys_menu sm on sm.menu_id=srm.menu_id and sm.menu_type=1 AND sm.del_flag=0
+         left join sys_menu sm on sm.menu_id=srm.menu_id and sm.menu_type=2 AND sm.del_flag=0
        where su.user_id=#{userId}
    </select>
    <select id="getAllMenuList" resultType="com.securitycontrol.system.api.domain.decision.SysMenu">
        select   sm.menu_url url,sm.menu_id menuId,sm.menu_name menuName,sm.menu_logo
        FROM sys_user  su
             left join sys_role_menu  srm on srm .role_id=su.role_id
-             left join sys_menu sm on sm.menu_id=srm.menu_id and  sm.del_flag=0 and sm.menu_type=0
+             left join sys_menu sm on sm.menu_id=srm.menu_id and  sm.del_flag=0 and (sm.menu_type=0 or sm.menu_type=1)
        where su.user_id=#{userId}   and sm.p_id=#{pid}
        ORDER BY   sm.menu_sort ASC