From 5c66f3b90c6cd9411f78fe28990175c2102fa0b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Tue, 12 Nov 2024 10:37:51 +0800 Subject: [PATCH 1/6] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E6=94=AF?= =?UTF-8?q?=E6=8C=81=E8=84=B1=E6=95=8F=E4=BC=A0=E5=A4=9A=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E5=A4=9A=E6=9D=83=E9=99=90=E6=A0=87=E8=AF=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/sensitive/annotation/Sensitive.java | 10 ++++++++-- .../common/sensitive/core/SensitiveService.java | 2 +- .../common/sensitive/handler/SensitiveHandler.java | 4 ++-- .../service/impl/SysSensitiveServiceImpl.java | 14 +++++++------- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java index 1dfc896ff..6940966b5 100644 --- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java +++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java @@ -22,7 +22,13 @@ import java.lang.annotation.Target; public @interface Sensitive { SensitiveStrategy strategy(); - String roleKey() default ""; + /** + * 角色标识符 多个角色满足一个即可 + */ + String[] roleKey(); - String perms() default ""; + /** + * 权限标识符 多个权限满足一个即可 + */ + String[] perms(); } diff --git a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveService.java b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveService.java index 7b5264b87..03a7f9c75 100644 --- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveService.java +++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/core/SensitiveService.java @@ -13,6 +13,6 @@ public interface SensitiveService { /** * 是否脱敏 */ - boolean isSensitive(String roleKey, String perms); + boolean isSensitive(String[] roleKey, String[] perms); } diff --git a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/handler/SensitiveHandler.java b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/handler/SensitiveHandler.java index c76c83a98..d454724d7 100644 --- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/handler/SensitiveHandler.java +++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/handler/SensitiveHandler.java @@ -26,8 +26,8 @@ import java.util.Objects; public class SensitiveHandler extends JsonSerializer implements ContextualSerializer { private SensitiveStrategy strategy; - private String roleKey; - private String perms; + private String[] roleKey; + private String[] perms; @Override public void serialize(String value, JsonGenerator gen, SerializerProvider serializers) throws IOException { diff --git a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysSensitiveServiceImpl.java b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysSensitiveServiceImpl.java index 5f4d121b1..8a0d45ef3 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysSensitiveServiceImpl.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/org/dromara/system/service/impl/SysSensitiveServiceImpl.java @@ -1,7 +1,7 @@ package org.dromara.system.service.impl; import cn.dev33.satoken.stp.StpUtil; -import org.dromara.common.core.utils.StringUtils; +import cn.hutool.core.util.ArrayUtil; import org.dromara.common.satoken.utils.LoginHelper; import org.dromara.common.sensitive.core.SensitiveService; import org.dromara.common.tenant.helper.TenantHelper; @@ -22,19 +22,19 @@ public class SysSensitiveServiceImpl implements SensitiveService { * 是否脱敏 */ @Override - public boolean isSensitive(String roleKey, String perms) { + public boolean isSensitive(String[] roleKey, String[] perms) { if (!LoginHelper.isLogin()) { return true; } - boolean roleExist = StringUtils.isNotBlank(roleKey); - boolean permsExist = StringUtils.isNotBlank(perms); + boolean roleExist = ArrayUtil.isNotEmpty(roleKey); + boolean permsExist = ArrayUtil.isNotEmpty(perms); if (roleExist && permsExist) { - if (StpUtil.hasRole(roleKey) && StpUtil.hasPermission(perms)) { + if (StpUtil.hasRoleOr(roleKey) && StpUtil.hasPermissionOr(perms)) { return false; } - } else if (roleExist && StpUtil.hasRole(roleKey)) { + } else if (roleExist && StpUtil.hasRoleOr(roleKey)) { return false; - } else if (permsExist && StpUtil.hasPermission(perms)) { + } else if (permsExist && StpUtil.hasPermissionOr(perms)) { return false; } From 0d5fe5d91e035ec56e3b7fe31ac7a515c939fd56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Tue, 12 Nov 2024 10:39:41 +0800 Subject: [PATCH 2/6] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E6=94=AF?= =?UTF-8?q?=E6=8C=81=E8=84=B1=E6=95=8F=E4=BC=A0=E5=A4=9A=E8=A7=92=E8=89=B2?= =?UTF-8?q?=E5=A4=9A=E6=9D=83=E9=99=90=E6=A0=87=E8=AF=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/dromara/common/sensitive/annotation/Sensitive.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java index 6940966b5..e75dc5bf2 100644 --- a/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java +++ b/ruoyi-common/ruoyi-common-sensitive/src/main/java/org/dromara/common/sensitive/annotation/Sensitive.java @@ -25,10 +25,10 @@ public @interface Sensitive { /** * 角色标识符 多个角色满足一个即可 */ - String[] roleKey(); + String[] roleKey() default {}; /** * 权限标识符 多个权限满足一个即可 */ - String[] perms(); + String[] perms() default {}; } From a098565c37e6c822076f277ba9674b9f307862a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Tue, 12 Nov 2024 10:48:28 +0800 Subject: [PATCH 3/6] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=20=E8=AF=AF?= =?UTF-8?q?=E5=88=A0=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/main/java/org/dromara/generator/util/GenUtils.java | 1 + 1 file changed, 1 insertion(+) diff --git a/ruoyi-modules/ruoyi-generator/src/main/java/org/dromara/generator/util/GenUtils.java b/ruoyi-modules/ruoyi-generator/src/main/java/org/dromara/generator/util/GenUtils.java index 676896250..0981997d8 100644 --- a/ruoyi-modules/ruoyi-generator/src/main/java/org/dromara/generator/util/GenUtils.java +++ b/ruoyi-modules/ruoyi-generator/src/main/java/org/dromara/generator/util/GenUtils.java @@ -37,6 +37,7 @@ public class GenUtils { public static void initColumnField(GenTableColumn column, GenTable table) { String dataType = getDbType(column.getColumnType()); String columnName = column.getColumnName(); + column.setTableId(table.getTableId()); // 设置java字段名 column.setJavaField(StringUtils.toCamelCase(columnName)); // 设置默认类型 From 4f92c0317ea77262999bd31a11e9556890d4b932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Tue, 12 Nov 2024 10:50:10 +0800 Subject: [PATCH 4/6] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20=E5=88=A0?= =?UTF-8?q?=E9=99=A4=E6=97=A0=E6=84=8F=E4=B9=89=E7=9A=84=E6=96=B9=E6=B3=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../org/dromara/common/core/utils/ObjectUtils.java | 13 ------------- .../mybatis/handler/InjectionMetaObjectHandler.java | 5 ++++- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/ObjectUtils.java b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/ObjectUtils.java index 82faf2c57..93617b018 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/ObjectUtils.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/org/dromara/common/core/utils/ObjectUtils.java @@ -43,19 +43,6 @@ public class ObjectUtils extends ObjectUtil { return defaultValue; } - /** - * 如果值不为空,则返回值 - * - * @param obj 对象 - * @return 对象字段 - */ - public static T notNull(T obj) { - if (isNotNull(obj)) { - return obj; - } - return null; - } - /** * 如果值不为空,则返回值,否则返回默认值 * diff --git a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/InjectionMetaObjectHandler.java b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/InjectionMetaObjectHandler.java index 85ef2e97a..fec25792a 100644 --- a/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/InjectionMetaObjectHandler.java +++ b/ruoyi-common/ruoyi-common-mybatis/src/main/java/org/dromara/common/mybatis/handler/InjectionMetaObjectHandler.java @@ -71,7 +71,10 @@ public class InjectionMetaObjectHandler implements MetaObjectHandler { baseEntity.setUpdateTime(current); // 获取当前登录用户的ID,并填充更新人信息 - baseEntity.setUpdateBy(ObjectUtils.notNull(LoginHelper.getUserId())); + Long userId = LoginHelper.getUserId(); + if (ObjectUtil.isNotNull(userId)) { + baseEntity.setUpdateBy(userId); + } } else { this.strictUpdateFill(metaObject, "updateTime", Date.class, new Date()); } From d3b5220dc3c472deb7b4d51b50aa6b5c633dcc6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Tue, 12 Nov 2024 15:10:04 +0800 Subject: [PATCH 5/6] =?UTF-8?q?update=20=E6=8E=92=E9=99=A4=20websocket?= =?UTF-8?q?=E5=8C=85=E5=86=85=E5=8C=85=E5=90=AB=E7=9A=84tomcat=E4=BE=9D?= =?UTF-8?q?=E8=B5=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ruoyi-common/ruoyi-common-websocket/pom.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ruoyi-common/ruoyi-common-websocket/pom.xml b/ruoyi-common/ruoyi-common-websocket/pom.xml index db86dcbe4..0587cd79a 100644 --- a/ruoyi-common/ruoyi-common-websocket/pom.xml +++ b/ruoyi-common/ruoyi-common-websocket/pom.xml @@ -35,6 +35,12 @@ org.springframework.boot spring-boot-starter-websocket + + + org.springframework.boot + spring-boot-starter-tomcat + + From 1a993a7899c2128e78975754502fba0993a8079e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90Li?= <15040126243@163.com> Date: Tue, 12 Nov 2024 18:17:47 +0800 Subject: [PATCH 6/6] =?UTF-8?q?update=20=E4=BC=98=E5=8C=96=20xss=E5=8C=85?= =?UTF-8?q?=E8=A3=85=E5=99=A8=20Parameter=20=E5=A4=84=E7=90=86=20=E5=85=BC?= =?UTF-8?q?=E5=AE=B9=E6=9F=90=E4=BA=9B=E5=AE=B9=E5=99=A8=E4=B8=8D=E5=85=81?= =?UTF-8?q?=E8=AE=B8=E6=94=B9=E5=8F=82=E6=95=B0=E7=9A=84=E6=83=85=E5=86=B5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../filter/XssHttpServletRequestWrapper.java | 47 +++++++++++-------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java index 190f94eab..914e54995 100644 --- a/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java +++ b/ruoyi-common/ruoyi-common-web/src/main/java/org/dromara/common/web/filter/XssHttpServletRequestWrapper.java @@ -1,19 +1,22 @@ package org.dromara.common.web.filter; import cn.hutool.core.io.IoUtil; +import cn.hutool.core.map.MapUtil; +import cn.hutool.core.util.ArrayUtil; import cn.hutool.core.util.StrUtil; import cn.hutool.http.HtmlUtil; -import org.dromara.common.core.utils.StringUtils; -import org.springframework.http.HttpHeaders; -import org.springframework.http.MediaType; - import jakarta.servlet.ReadListener; import jakarta.servlet.ServletInputStream; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequestWrapper; +import org.dromara.common.core.utils.StringUtils; +import org.springframework.http.HttpHeaders; +import org.springframework.http.MediaType; + import java.io.ByteArrayInputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; +import java.util.HashMap; import java.util.Map; /** @@ -32,16 +35,22 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { @Override public String getParameter(String name) { String value = super.getParameter(name); - if (value != null) { - return HtmlUtil.cleanHtmlTag(value).trim(); + if (value == null) { + return null; } - return value; + return HtmlUtil.cleanHtmlTag(value).trim(); } @Override public Map getParameterMap() { Map valueMap = super.getParameterMap(); - for (Map.Entry entry : valueMap.entrySet()) { + if (MapUtil.isEmpty(valueMap)) { + return valueMap; + } + // 避免某些容器不允许改参数的情况 copy一份重新改 + Map map = new HashMap<>(valueMap.size()); + map.putAll(valueMap); + for (Map.Entry entry : map.entrySet()) { String[] values = entry.getValue(); if (values != null) { int length = values.length; @@ -50,25 +59,25 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { // 防xss攻击和过滤前后空格 escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim(); } - valueMap.put(entry.getKey(), escapseValues); + map.put(entry.getKey(), escapseValues); } } - return valueMap; + return map; } @Override public String[] getParameterValues(String name) { String[] values = super.getParameterValues(name); - if (values != null) { - int length = values.length; - String[] escapseValues = new String[length]; - for (int i = 0; i < length; i++) { - // 防xss攻击和过滤前后空格 - escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim(); - } - return escapseValues; + if (ArrayUtil.isEmpty(values)) { + return values; } - return values; + int length = values.length; + String[] escapseValues = new String[length]; + for (int i = 0; i < length; i++) { + // 防xss攻击和过滤前后空格 + escapseValues[i] = HtmlUtil.cleanHtmlTag(values[i]).trim(); + } + return escapseValues; } @Override