From 9cb63601d5ed0a970361298c8db078c5b4afe797 Mon Sep 17 00:00:00 2001
From: "liang.chao" <1360241448@qq.com>
Date: Sat, 17 May 2025 15:23:54 +0800
Subject: [PATCH] =?UTF-8?q?bug=E4=BF=AE=E5=A4=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/OrganizationalServiceImpl.java    |  2 +-
 .../OutsourcerEvaluateServiceImpl.java        |  4 --
 .../manager/config/BnsSecurityConfig.java     |  2 +
 .../manager/filter/DecryptionFilter.java      | 31 +++++++++
 .../filter/DecryptionRequestWrapper.java      | 68 +++++++++++++++++++
 .../service/impl/UserDetailsServiceImpl.java  | 43 ++++++------
 .../evaluate/manager/utils/AesCbcUtils.java   | 16 ++++-
 .../InitiateEvaluateMapper.xml                |  1 +
 src/main/resources/static/js/filePreview.js   |  3 +-
 src/main/resources/static/login.html          | 23 ++++++-
 .../static/pages/evaluate/org/addForm.html    |  6 +-
 .../evaluate/person/EvaluatePersonAdd.html    |  2 +-
 12 files changed, 167 insertions(+), 34 deletions(-)
 create mode 100644 src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionFilter.java
 create mode 100644 src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionRequestWrapper.java

diff --git a/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OrganizationalServiceImpl.java b/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OrganizationalServiceImpl.java
index 5159a6c..1478738 100644
--- a/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OrganizationalServiceImpl.java
+++ b/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OrganizationalServiceImpl.java
@@ -172,7 +172,7 @@ public class OrganizationalServiceImpl implements OrganizationalService {
             //新增
             bean.setDataSource("2");
             OrganizationalBean his = mapper.getDataDetails(bean);
-            if (!his.getIdCard().equals(bean.getIdCard())) {
+            if (his.getIdCard() != null && !his.getIdCard().equals(bean.getIdCard())) {
                 int userNum = mapper.getUserNum(bean);
                 if (userNum > 0) {
                     ar.setFailMsg("该人员已存在");
diff --git a/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OutsourcerEvaluateServiceImpl.java b/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OutsourcerEvaluateServiceImpl.java
index 52cfc68..d899ee0 100644
--- a/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OutsourcerEvaluateServiceImpl.java
+++ b/src/main/java/com/bonus/gs/sub/evaluate/evaluate/service/OutsourcerEvaluateServiceImpl.java
@@ -6,10 +6,7 @@ import com.bonus.gs.sub.evaluate.evaluate.beans.*;
 import com.bonus.gs.sub.evaluate.evaluate.dao.OutsourcerEvaluateDao;
 import com.bonus.gs.sub.evaluate.manager.utils.AjaxRes;
 import com.bonus.gs.sub.evaluate.manager.utils.UserUtil;
-import com.sun.java.browser.plugin2.DOM;
-import lombok.val;
 import org.apache.commons.lang3.StringUtils;
-import org.aspectj.weaver.loadtime.Aj;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -17,7 +14,6 @@ import org.springframework.transaction.annotation.Transactional;
 import org.springframework.transaction.interceptor.TransactionAspectSupport;
 
 import javax.annotation.Resource;
-import java.lang.reflect.Array;
 import java.math.BigDecimal;
 import java.time.LocalDate;
 import java.time.format.DateTimeFormatter;
diff --git a/src/main/java/com/bonus/gs/sub/evaluate/manager/config/BnsSecurityConfig.java b/src/main/java/com/bonus/gs/sub/evaluate/manager/config/BnsSecurityConfig.java
index 4458c44..ba23b49 100644
--- a/src/main/java/com/bonus/gs/sub/evaluate/manager/config/BnsSecurityConfig.java
+++ b/src/main/java/com/bonus/gs/sub/evaluate/manager/config/BnsSecurityConfig.java
@@ -1,5 +1,6 @@
 package com.bonus.gs.sub.evaluate.manager.config;
 
+import com.bonus.gs.sub.evaluate.manager.filter.DecryptionFilter;
 import com.bonus.gs.sub.evaluate.manager.filter.TokenFilter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -61,6 +62,7 @@ public class BnsSecurityConfig extends WebSecurityConfigurerAdapter {
 		http.headers().frameOptions().disable();
 		http.headers().cacheControl();
 
+		http.addFilterBefore(new DecryptionFilter(),UsernamePasswordAuthenticationFilter.class);
 		http.addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
 	}
 
diff --git a/src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionFilter.java b/src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionFilter.java
new file mode 100644
index 0000000..df8a864
--- /dev/null
+++ b/src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionFilter.java
@@ -0,0 +1,31 @@
+package com.bonus.gs.sub.evaluate.manager.filter;
+
+/**
+ * @Author：liang.chao
+ * @Date：2025/5/17 - 11:26
+ */
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+public class DecryptionFilter implements Filter {
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+            throws IOException, ServletException {
+
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+
+        if (httpRequest.getRequestURI().endsWith("/login")
+                && "POST".equalsIgnoreCase(httpRequest.getMethod())) {
+            // 处理登录请求
+            DecryptionRequestWrapper wrappedRequest = new DecryptionRequestWrapper(httpRequest);
+            chain.doFilter(wrappedRequest, response);
+            return;
+        }
+
+        chain.doFilter(request, response);
+    }
+}
+
diff --git a/src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionRequestWrapper.java b/src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionRequestWrapper.java
new file mode 100644
index 0000000..f52bcd4
--- /dev/null
+++ b/src/main/java/com/bonus/gs/sub/evaluate/manager/filter/DecryptionRequestWrapper.java
@@ -0,0 +1,68 @@
+package com.bonus.gs.sub.evaluate.manager.filter;
+
+import com.bonus.gs.sub.evaluate.manager.utils.AesCbcUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * @Author：liang.chao
+ * @Date：2025/5/17 - 11:31
+ */
+
+public class DecryptionRequestWrapper extends HttpServletRequestWrapper {
+    private static final String SECRET_KEY = "zhgd@bonus@zhgd@bonus@1234567890";
+    private final Map<String, String[]> decryptedParams = new HashMap<>();
+
+    public DecryptionRequestWrapper(HttpServletRequest request) {
+        super(request);
+
+        // 1. 复制原始参数（不直接修改原始 Map）
+        Map<String, String[]> originalParams = new HashMap<>(request.getParameterMap());
+
+        // 2. 仅解密 username 和 password
+        try {
+            if (originalParams.containsKey("username")) {
+                String encryptedUsername = originalParams.get("username")[0];
+                String decryptedUsername = AesCbcUtils.decryptCode(encryptedUsername);
+                originalParams.put("username", new String[]{decryptedUsername});
+            }
+
+            if (originalParams.containsKey("password")) {
+                String encryptedPassword = originalParams.get("password")[0];
+                String decryptedPassword = AesCbcUtils.decryptCode(encryptedPassword);
+                originalParams.put("password", new String[]{decryptedPassword});
+            }
+        } catch (Exception e) {
+            throw new RuntimeException("解密失败", e);
+        }
+
+        // 3. 最终使用解密后的参数
+        this.decryptedParams.putAll(originalParams);
+    }
+
+    // ----------- 重写方法（保持原样）------------
+    @Override
+    public String getParameter(String name) {
+        return decryptedParams.containsKey(name) ? decryptedParams.get(name)[0] : null;
+    }
+
+    @Override
+    public Map<String, String[]> getParameterMap() {
+        return Collections.unmodifiableMap(decryptedParams);
+    }
+
+    @Override
+    public Enumeration<String> getParameterNames() {
+        return Collections.enumeration(decryptedParams.keySet());
+    }
+
+    @Override
+    public String[] getParameterValues(String name) {
+        return decryptedParams.get(name);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/bonus/gs/sub/evaluate/manager/service/impl/UserDetailsServiceImpl.java b/src/main/java/com/bonus/gs/sub/evaluate/manager/service/impl/UserDetailsServiceImpl.java
index 98be529..864e14d 100644
--- a/src/main/java/com/bonus/gs/sub/evaluate/manager/service/impl/UserDetailsServiceImpl.java
+++ b/src/main/java/com/bonus/gs/sub/evaluate/manager/service/impl/UserDetailsServiceImpl.java
@@ -2,6 +2,7 @@ package com.bonus.gs.sub.evaluate.manager.service.impl;
 
 import java.util.List;
 
+import com.bonus.gs.sub.evaluate.manager.utils.AesCbcUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
@@ -29,29 +30,29 @@ import com.bonus.gs.sub.evaluate.manager.service.UserService;
 @Service
 public class UserDetailsServiceImpl implements UserDetailsService {
 
-	@Autowired
-	private UserService userService;
-	@Autowired
-	private PermissionDao permissionDao;
+    @Autowired
+    private UserService userService;
+    @Autowired
+    private PermissionDao permissionDao;
 
-	@Override
-	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-		SysUser sysUser = userService.findByPhone(username);
-		if (sysUser == null) {
-			throw new AuthenticationCredentialsNotFoundException("用户名不存在");
-		} else if (sysUser.getStatus() == Status.LOCKED) {
-			throw new LockedException("用户被锁定,请联系管理员");
-		} else if (sysUser.getStatus() == Status.DISABLED) {
-			throw new DisabledException("用户已作废");
-		}
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        SysUser sysUser = userService.findByPhone(username);
+        if (sysUser == null) {
+            throw new AuthenticationCredentialsNotFoundException("用户名不存在");
+        } else if (sysUser.getStatus() == Status.LOCKED) {
+            throw new LockedException("用户被锁定,请联系管理员");
+        } else if (sysUser.getStatus() == Status.DISABLED) {
+            throw new DisabledException("用户已作废");
+        }
 
-		LoginUser loginUser = new LoginUser();
-		BeanUtils.copyProperties(sysUser, loginUser);
+        LoginUser loginUser = new LoginUser();
+        BeanUtils.copyProperties(sysUser, loginUser);
 
-		List<Permission> permissions = permissionDao.listByUserId(sysUser.getId());
-		loginUser.setPermissions(permissions);
-		loginUser.setDeptId(sysUser.getDeptId());
-		return loginUser;
-	}
+        List<Permission> permissions = permissionDao.listByUserId(sysUser.getId());
+        loginUser.setPermissions(permissions);
+        loginUser.setDeptId(sysUser.getDeptId());
+        return loginUser;
+    }
 
 }
diff --git a/src/main/java/com/bonus/gs/sub/evaluate/manager/utils/AesCbcUtils.java b/src/main/java/com/bonus/gs/sub/evaluate/manager/utils/AesCbcUtils.java
index 7f3fd9a..c85338a 100644
--- a/src/main/java/com/bonus/gs/sub/evaluate/manager/utils/AesCbcUtils.java
+++ b/src/main/java/com/bonus/gs/sub/evaluate/manager/utils/AesCbcUtils.java
@@ -8,6 +8,7 @@ import javax.crypto.Cipher;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
 import java.security.Security;
 
 /**
@@ -40,7 +41,7 @@ public class AesCbcUtils {
      * AES要求密钥长度为128位或192位或256位，java默认限制AES密钥长度最多128位
      */
     public static String sKey = "zhgd@bonus@zhgd@bonus@1234567890";
-
+    private static final String IV = sKey.substring(0, 16);
     /**
      * 编码格式导出
      */
@@ -139,4 +140,17 @@ public class AesCbcUtils {
         return null;
     }
 
+
+    public static String decryptCode(String encryptedData) throws Exception {
+        SecretKeySpec keySpec = new SecretKeySpec(sKey.getBytes(StandardCharsets.UTF_8), KEY_ALGORITHM);
+        IvParameterSpec ivSpec = new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8));
+
+        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
+        cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
+
+        byte[] decodedBytes = Base64.decodeBase64(encryptedData);
+        byte[] decryptedBytes = cipher.doFinal(decodedBytes);
+        return new String(decryptedBytes, StandardCharsets.UTF_8);
+    }
+
 }
diff --git a/src/main/resources/mappers/initiateEvaluate/InitiateEvaluateMapper.xml b/src/main/resources/mappers/initiateEvaluate/InitiateEvaluateMapper.xml
index 090cc09..b76e69d 100644
--- a/src/main/resources/mappers/initiateEvaluate/InitiateEvaluateMapper.xml
+++ b/src/main/resources/mappers/initiateEvaluate/InitiateEvaluateMapper.xml
@@ -94,6 +94,7 @@
             pt.config_name like concat('%', #{keyWord},
             '%'))
         </if>
+        group by per.evaluate_id
         order by per.create_time desc
     </select>
     <select id="getOrgSelect" resultType="com.bonus.gs.sub.evaluate.evaluate.beans.InitiateEvaluateBean">
diff --git a/src/main/resources/static/js/filePreview.js b/src/main/resources/static/js/filePreview.js
index 096dfb9..2264eb9 100644
--- a/src/main/resources/static/js/filePreview.js
+++ b/src/main/resources/static/js/filePreview.js
@@ -89,7 +89,8 @@ var Base64 = {
     }
 }
 //
-var filePreviewPath = "http://36.33.26.201:21624/GsSubEvaluate/statics/";
+// var filePreviewPath = "http://36.33.26.201:21624/GsSubEvaluate/statics/";
+var filePreviewPath = "http://192.168.0.14:1803/GsSubEvaluate/statics/";   // 测试环境
 
 
 // var filePreviewPath = "http://127.0.0.1:1803/GsSubEvaluate/statics/";
diff --git a/src/main/resources/static/login.html b/src/main/resources/static/login.html
index 0d10779..82843f8 100644
--- a/src/main/resources/static/login.html
+++ b/src/main/resources/static/login.html
@@ -34,6 +34,7 @@
 <script src="js/libs/jquery-2.1.1.min.js"></script>
 <script src="js/publicJs.js"></script>
 <script src="layui/layui.js"></script>
+<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
 
 <script type="text/javascript">
 	// if (top != self) {
@@ -108,7 +109,16 @@
 			}
 		});
 	}
-
+	// AES加密函数
+	function encryptData(data, key) {
+		const keyHex = CryptoJS.enc.Utf8.parse(key);
+		const ivHex = CryptoJS.enc.Utf8.parse(key.substring(0, 16)); // 使用密钥前16位作为IV
+		return CryptoJS.AES.encrypt(data, keyHex, {
+			iv: ivHex,
+			mode: CryptoJS.mode.CBC,
+			padding: CryptoJS.pad.Pkcs7
+		}).toString();
+	}
 	function login(obj) {
 		$(obj).attr("disabled", true);
 
@@ -118,10 +128,19 @@
 			$("#info").html('用户名或者密码不能为空');
 			$(obj).attr("disabled", false);
 		} else {
+			// 加密密钥（需与后端一致）
+			var secretKey = "zhgd@bonus@zhgd@bonus@1234567890";
+
+			// 加密用户名和密码
+			var encryptedData = {
+				username: encryptData(username, secretKey),
+				password: encryptData(password, secretKey),
+			};
+
 			$.ajax({
 				type : 'post',
 				url : ctxPath + '/login',
-				data : {username:username,password:password},
+				data : encryptedData,
 				success : function(data) {
 					// debugger;
 					localStorage.setItem("token", data.token);
diff --git a/src/main/resources/static/pages/evaluate/org/addForm.html b/src/main/resources/static/pages/evaluate/org/addForm.html
index e912205..91d1720 100644
--- a/src/main/resources/static/pages/evaluate/org/addForm.html
+++ b/src/main/resources/static/pages/evaluate/org/addForm.html
@@ -168,13 +168,13 @@
                                 lay-affix="clear" autocomplete="off" maxlength="30">
                         </div>
                     </div>
-                    <div class="layui-form-item">
+                 <!--   <div class="layui-form-item">
                         <label class="layui-form-label"><span class="required_icon">*</span>身份证号码</label>
                         <div class="layui-input-inline">
                             <input class="layui-input" id="idCard" name="idCard" lay-verify="required\|idCard"
                                 lay-affix="clear" autocomplete="off" maxlength="30" readonly>
                         </div>
-                    </div>
+                    </div>-->
                     <div class="layui-form-item">
                         <label class="layui-form-label"><span class="required_icon">*</span>性别</label>
                         <div class="layui-input-inline">
@@ -188,7 +188,7 @@
                         <label class="layui-form-label"><span class="required_icon">*</span>联系电话</label>
                         <div class="layui-input-inline">
                             <input class="layui-input" id="userPhone" name="userPhone" lay-verify="required\|phone"
-                                lay-affix="clear" autocomplete="off" maxlength="30" readonly>
+                                lay-affix="clear" autocomplete="off" maxlength="30">
                         </div>
                     </div>
                 </div>
diff --git a/src/main/resources/static/pages/evaluate/person/EvaluatePersonAdd.html b/src/main/resources/static/pages/evaluate/person/EvaluatePersonAdd.html
index e6ccdaf..5c70fe6 100644
--- a/src/main/resources/static/pages/evaluate/person/EvaluatePersonAdd.html
+++ b/src/main/resources/static/pages/evaluate/person/EvaluatePersonAdd.html
@@ -93,7 +93,7 @@
                             style="color: red">*</span>所属项目/部门：</label>
                     <div class="layui-input-inline" style="width: 60%">
                         <select id="deptId" name="deptId" class="layui-select" lay-filter="changeOrg" lay-search
-                            lay-verify="required" style="height: 360px;"></select>
+                            lay-verify="required" style="height: 360px;" disabled></select>
                     </div>
                 </div>
             </div>