diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/configuration/FilterConfig.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/configuration/FilterConfig.java new file mode 100644 index 0000000..2a0b458 --- /dev/null +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/configuration/FilterConfig.java @@ -0,0 +1,29 @@ +package cn.estsh.i3plus.core.apiservice.configuration; + +import cn.estsh.i3plus.core.apiservice.filter.CookieFrameFilter; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.ArrayList; +import java.util.List; + +@Configuration +public class FilterConfig { + + @Autowired + private CookieFrameFilter cookieFrameFilter; + + @Bean + public FilterRegistrationBean requestFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + registration.setFilter(cookieFrameFilter); + registration.setName("cookieFrameFilter"); + registration.setOrder(1); + List urlPatterns = new ArrayList<>(); + urlPatterns.add("/*"); + registration.setUrlPatterns(urlPatterns); + return registration; + } +} diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java index 423b839..d521801 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/base/WhiteController.java @@ -514,6 +514,39 @@ public class WhiteController extends CoreBaseController { } } + + /** + * 获取首页所需要的翻译资源 + * 目前只有三个 + * + * @param languageCode + * @return + */ + @GetMapping(value = "/find-indexpage-language-resource") + @ApiOperation(value = "获取首页所需的翻译资源") + public ResultBean findInexPageResourceByLanguageCode(String languageCode) { + try { + + ValidatorBean.checkNotNull(languageCode, "语言代码不能为空"); + if (sysLocaleLanguageService.getSysLocaleLanguageByCode(languageCode) == null) { + throw ImppExceptionBuilder.newInstance() + .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) + .setErrorCode(ImppExceptionEnum.VARIFY_EXCEPTION.getCode()) + .setErrorDetail("语言不存在") + .build(); + } + Map indexMap = new HashMap<>(); + indexMap.put("记住密码", redisRes.getHash(CommonConstWords.REDIS_PREFIX_CACHE_LANGUAGE_WEB + ":" + languageCode + ":1", "记住密码")); + indexMap.put("自动登录", redisRes.getHash(CommonConstWords.REDIS_PREFIX_CACHE_LANGUAGE_WEB + ":" + languageCode + ":1", "自动登录")); + indexMap.put("登录", redisRes.getHash(CommonConstWords.REDIS_PREFIX_CACHE_LANGUAGE_WEB + ":" + languageCode + ":1", "登录")); + return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()).setResultMap(indexMap); + } catch (ImppBusiException busExcep) { + return ResultBean.fail(busExcep); + } catch (Exception e) { + return ImppExceptionBuilder.newInstance().buildExceptionResult(e); + } + } + @PostMapping(value = "/sys-locale-resource/query") @ApiOperation(value = "按条件查询资源") public ResultBean findSysLocaleResource(@RequestBody CloudPagerModel pagerModel) { @@ -873,7 +906,7 @@ public class WhiteController extends CoreBaseController { ValidatorBean.checkNotNull(newPwd, "新密码不能为空"); ValidatorBean.checkNotNull(loginName, "用户名不能为空"); - if (password.equals(newPwd)){ + if (password.equals(newPwd)) { return ResultBean.fail("新旧密码不能相同"); } @@ -935,6 +968,8 @@ public class WhiteController extends CoreBaseController { @PostMapping(value = "/user/insert") @ApiOperation(value = "添加用户信息", notes = "返回内容添加用户信息") public ResultBean insertUserDetailModel(@RequestBody UserDetailModel model) { + //设置【密码】和【确认密码】一致 + model.setPassword(model.getUserLoginPassword()); return personnelController.insertUserDetailModel(model); } @@ -1077,6 +1112,7 @@ public class WhiteController extends CoreBaseController { /** * 获取fastJosn配置并测试 + * * @return */ @GetMapping(value = "/fastjson") @@ -1088,53 +1124,53 @@ public class WhiteController extends CoreBaseController { model.setUserLoginName("test"); Map resultMap = new HashMap<>(); try { - String json = JSON.toJSONString(model, SerializerFeature.WriteClassName); - resultMap.put("json",json); + String json = JSON.toJSONString(model, SerializerFeature.WriteClassName); + resultMap.put("json", json); JSON.parse(json); - resultMap.put("parseredJosn",json); + resultMap.put("parseredJosn", json); - resultMap.put("config",JSON.toJSONString(config)); + resultMap.put("config", JSON.toJSONString(config)); } catch (Exception e) { e.printStackTrace(); - if (e.getCause() != null){ - resultMap.put("error",e.getCause().getMessage()); - }else { - resultMap.put("error",e.getMessage()); + if (e.getCause() != null) { + resultMap.put("error", e.getCause().getMessage()); + } else { + resultMap.put("error", e.getMessage()); } } - return ResultBean.success().setResultMap(resultMap); + return ResultBean.success().setResultMap(resultMap); } - private static final Long ACCESS_TOKEN_EXPIRE_TIME = 7080L; private static final String ACCESS_TOKEN_KEY = "ding_talk:access_token"; /** * 钉钉单聊机器人批量发送消息 + * * @param dingSendBatchRequestModel * @return */ @PostMapping(value = "/dingRobot/sendBatchRequestByUserLoginName") @ApiOperation(value = "根据登录用户名 钉钉单聊机器人批量发送消息", notes = "根据登录用户名 钉钉单聊机器人批量发送消息") - public ResultBean singleRobotsendBatchRequestByUserLoginName(@RequestBody DingSendBatchRequestModel dingSendBatchRequestModel ) { - if(ObjectUtils.isEmpty(dingSendBatchRequestModel)){ + public ResultBean singleRobotsendBatchRequestByUserLoginName(@RequestBody DingSendBatchRequestModel dingSendBatchRequestModel) { + if (ObjectUtils.isEmpty(dingSendBatchRequestModel)) { return ResultBean.fail("消息内容不能为空"); } - if(ObjectUtils.isEmpty(dingSendBatchRequestModel.getUserLoginNameList())){ + if (ObjectUtils.isEmpty(dingSendBatchRequestModel.getUserLoginNameList())) { return ResultBean.fail("登录用户名不能为空"); } - List userLoginNameList = dingSendBatchRequestModel.getUserLoginNameList(); + List userLoginNameList = dingSendBatchRequestModel.getUserLoginNameList(); userLoginNameList = userLoginNameList.stream().filter(StringUtils::isNotBlank).distinct().collect(Collectors.toList()); - if(ObjectUtils.isEmpty(userLoginNameList)){ + if (ObjectUtils.isEmpty(userLoginNameList)) { return ResultBean.fail("登录用户名不能为空"); } List userList = userService.findSysUserByLoginName(userLoginNameList); - if(ObjectUtils.isEmpty(userList)){ + if (ObjectUtils.isEmpty(userList)) { return ResultBean.fail("登录用户名没有对应的账号"); } - List phoneNumberList =userList.stream().map(SysUser::getUserPhone).filter(StringUtils::isNotBlank).distinct().collect(Collectors.toList()); - if(ObjectUtils.isEmpty(userList)){ + List phoneNumberList = userList.stream().map(SysUser::getUserPhone).filter(StringUtils::isNotBlank).distinct().collect(Collectors.toList()); + if (ObjectUtils.isEmpty(userList)) { return ResultBean.fail("登录用户名没有对应的手机号"); } dingSendBatchRequestModel.setPhoneNumberList(phoneNumberList); @@ -1145,16 +1181,18 @@ public class WhiteController extends CoreBaseController { /** * 批量发送的最大值 */ - private final int MAX_DINGROBOT_SEND_NUM = 1000; + private final int MAX_DINGROBOT_SEND_NUM = 1000; + /** * 钉钉单聊机器人批量发送消息 + * * @param dingSendBatchRequestModel * @return */ @PostMapping(value = "/dingRobot/sendBatchRequest") @ApiOperation(value = "根据手机号 钉钉单聊机器人批量发送消息", notes = "根据手机号 钉钉单聊机器人批量发送消息") - public ResultBean singleRobotsendBatchRequest(@RequestBody DingSendBatchRequestModel dingSendBatchRequestModel ) { - if(ObjectUtils.isEmpty(dingSendBatchRequestModel)){ + public ResultBean singleRobotsendBatchRequest(@RequestBody DingSendBatchRequestModel dingSendBatchRequestModel) { + if (ObjectUtils.isEmpty(dingSendBatchRequestModel)) { return ResultBean.fail("消息内容不能为空"); } List phoneNumberList = dingSendBatchRequestModel.getPhoneNumberList(); @@ -1188,8 +1226,8 @@ public class WhiteController extends CoreBaseController { ResultBean result = getDingUserIdByPhoneNumber(el, batchSendOTOHeaders.xAcsDingtalkAccessToken); if (result.isSuccess()) { userIdList.add((String) result.getResultObject()); - }else{ - LOGGER.info("手机号:{}没法获取的钉钉用户id",el); + } else { + LOGGER.info("手机号:{}没法获取的钉钉用户id", el); } }); @@ -1265,15 +1303,15 @@ public class WhiteController extends CoreBaseController { req.setMobile(phoneNumber); // req.setMobile("13298408382"); OapiV2UserGetbymobileResponse rsp = client.execute(req, accessToken); - if (ObjectUtils.isEmpty(rsp)||ObjectUtils.isEmpty(rsp.getResult()) || StringUtils.isBlank(rsp.getResult().getUserid())){ + if (ObjectUtils.isEmpty(rsp) || ObjectUtils.isEmpty(rsp.getResult()) || StringUtils.isBlank(rsp.getResult().getUserid())) { return ResultBean.fail("根据手机号无法获取用户id"); } return ResultBean.success("获取用户id成功").setResultObject(rsp.getResult().getUserid()); } catch (ApiException e) { - LOGGER.error("调用钉钉根据手机号获取用户id发生异常:",e); + LOGGER.error("调用钉钉根据手机号获取用户id发生异常:", e); return ImppExceptionBuilder.newInstance().buildExceptionResult(e); } catch (Exception e) { - LOGGER.error("调用钉钉根据手机号获取用户id发生异常:",e); + LOGGER.error("调用钉钉根据手机号获取用户id发生异常:", e); return ImppExceptionBuilder.newInstance().buildExceptionResult(e); } } @@ -1345,12 +1383,12 @@ public class WhiteController extends CoreBaseController { @GetMapping(value = "/query-user-by-name") @ApiOperation(value = "根据用户名或登录名查询") - public ResultBean queryUserByName(String userLoginName,String userName ,Pager pager) { + public ResultBean queryUserByName(String userLoginName, String userName, Pager pager) { try { if (ObjectUtils.isEmpty(pager)) { pager = Pager.defaultPager(); } - return ResultBean.success("操作成功").setListPager(sysUserService.findSysUserByName(userLoginName,userName,pager)).setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()); + return ResultBean.success("操作成功").setListPager(sysUserService.findSysUserByName(userLoginName, userName, pager)).setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()); } catch (ImppBusiException busExcep) { return ResultBean.fail(busExcep); } catch (Exception e) { diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java index 08e000b..9fb3d0f 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/PersonnelController.java @@ -36,6 +36,7 @@ import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.ObjectUtils; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -101,6 +102,10 @@ public class PersonnelController extends CoreBaseController { @ApiOperation(value = "添加用户信息", notes = "返回内容添加用户信息") public ResultBean insertUserDetailModel(UserDetailModel model) { try { + ResultBean validateResult = validatePassword(model); + if (validateResult != null && !validateResult.isSuccess()) { + return validateResult; + } startMultiService(); licenseClickService.checkLicenseNumberUser(); @@ -193,6 +198,27 @@ public class PersonnelController extends CoreBaseController { } /** + * 校验前端输入的【密码】和【确认密码】 + * @param model + * @return + */ + private ResultBean validatePassword(UserDetailModel model) { + if(ObjectUtils.isEmpty(model)){ + return ResultBean.fail("用户信息不能为空"); + } + if(StringUtils.isBlank(model.getPassword())){ + return ResultBean.fail("密码不能为空"); + } + if(StringUtils.isBlank(model.getUserLoginPassword())){ + return ResultBean.fail("确认密码不能为空"); + } + if(!model.getPassword().equals(model.getUserLoginPassword())){ + return ResultBean.fail("密码和确认密码不相同,请检查密码和确认密码"); + } + return ResultBean.success(); + } + + /** * 修改用户信息 * * @param model 用户信息 diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysLocaleResourceController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysLocaleResourceController.java index 9cc0849..756f74e 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysLocaleResourceController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/busi/SysLocaleResourceController.java @@ -696,4 +696,35 @@ public class SysLocaleResourceController extends CoreBaseController { return ImppExceptionBuilder.newInstance().buildExceptionResult(e); } } + + @GetMapping(value = "/find-web-resource-by-language-code") + @ApiOperation(value = "根据语言代码查询web端翻译资源") + public ResultBean findSysLocaleResourceByLanguageCode(String languageCode) { + try { + startMultiService(); + + ValidatorBean.checkNotNull(languageCode, "语言代码不能为空"); + if (sysLocaleLanguageService.getSysLocaleLanguageByCode(languageCode) == null) { + throw ImppExceptionBuilder.newInstance() + .setSystemID(CommonEnumUtil.SOFT_TYPE.CORE.getCode()) + .setErrorCode(ImppExceptionEnum.VARIFY_EXCEPTION.getCode()) + .setErrorDetail("语言不存在") + .build(); + } + + // 从缓存获取语言信息 + Map resourceMap = + redisRes.getHashMap(CommonConstWords.REDIS_PREFIX_CACHE_LANGUAGE_WEB + ":" + languageCode); + if (resourceMap == null || resourceMap.size() == 0) { + systemInitService.putAndLoadSysLocaleLanguage(); + resourceMap = redisRes.getHashMap(CommonConstWords.REDIS_PREFIX_CACHE_LANGUAGE_WEB + ":" + languageCode); + } + + return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()).setResultMap(resourceMap); + } catch (ImppBusiException busExcep) { + return ResultBean.fail(busExcep); + } catch (Exception e) { + return ImppExceptionBuilder.newInstance().buildExceptionResult(e); + } + } } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/filter/CookieFrameFilter.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/filter/CookieFrameFilter.java new file mode 100644 index 0000000..b006ef4 --- /dev/null +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/filter/CookieFrameFilter.java @@ -0,0 +1,45 @@ +package cn.estsh.i3plus.core.apiservice.filter; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.stereotype.Component; + +import javax.servlet.*; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +/** + * @Description: 解决 点击劫持:X-Frame-Options未配置 + * @Param: + * @return: + * @Date: + */ +@Component +public class CookieFrameFilter implements Filter { + public static final Logger LOGGER = LoggerFactory.getLogger(CookieFrameFilter.class); + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + LOGGER.info("CookieFrameFilter Init..."); + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletRequest req = (HttpServletRequest) request; + HttpServletResponse resp = (HttpServletResponse) response; + // 点击劫持问题 + resp.addHeader("X-Frame-Options", "SAMEORIGIN"); + resp.addHeader("Content-Security-Policy", "frame-ancestors 'self'"); + // 防止基于 MIME 类型混淆的攻击 + resp.addHeader("X-Content-Type-Options", "nosniff"); + // xss 保护 + resp.addHeader("X-XSS-Protection", "1; mode=block"); + chain.doFilter(req, resp); + } + + @Override + public void destroy() { + LOGGER.info("CookieFrameFilter Destory."); + } +} diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysRoleService.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysRoleService.java index bf7028e..009ed45 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysRoleService.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysRoleService.java @@ -217,6 +217,9 @@ public class SysRoleService extends CrudService implements ISysRoleServ if (CollectionUtils.isNotEmpty(refs)) { refRoleMenuRDao.saveAll(refs); + //更新角色 + ConvertBean.serviceModelUpdate(role,AuthUtil.getSessionUser().getUserName()); + roleRDao.update(role); } } } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java index fad0bf6..435cc6e 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/busi/SysUserService.java @@ -985,6 +985,10 @@ public class SysUserService implements ISysUserService { public SysUser validatePasswordByLoginNameAndReturnUser(String loginName, String password) { SysUser userDb = getSysUserByLoginName(loginName); ValidatorBean.checkNotNull(userDb, "不存在的用户信息"); + //由于数据库的字符集不区分大小写,所以需要根据用户名查询出来后再次比对 + if (!userDb.getUserLoginName().equals(loginName)){ + throw new IncorrectCredentialsException("用户名或密码错误"); + } if (userDb.getUserLoginPasswordId() == null || userDb.getUserLoginPasswordId() <= 0) { if (!userDb.getUserLoginPassword().equals(SysUserPasswordUtil.encoder(password))) { throw new IncorrectCredentialsException("用户密码错误"); diff --git a/pom.xml b/pom.xml index d9653ba..ca3fa22 100644 --- a/pom.xml +++ b/pom.xml @@ -361,7 +361,6 @@ elasticsearch 7.5.1 - com.fasterxml.jackson.core jackson-databind