From 7b98d1d9d08068211fec2bd1a6ed7ec7c7137949 Mon Sep 17 00:00:00 2001 From: Chopper Date: Tue, 7 Dec 2021 04:33:51 +0800 Subject: [PATCH] =?UTF-8?q?=E5=87=A0=E4=B8=AA=E4=BB=A3=E7=A0=81=E7=BC=96?= =?UTF-8?q?=E8=AF=91=E9=97=AE=E9=A2=98=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/common/FileController.java | 4 +- .../filter/XssHttpServletRequestWrapper.java | 141 ++++++++++-------- .../utils/Base64DecodeMultipartFile.java | 13 +- .../java/cn/lili/common/utils/BeanUtil.java | 11 +- .../cn/lili/common/utils/CurrencyUtil.java | 37 ++--- .../java/cn/lili/common/utils/DateUtil.java | 4 +- .../modules/goods/util/WechatMediaUtil.java | 3 +- 7 files changed, 110 insertions(+), 103 deletions(-) diff --git a/common-api/src/main/java/cn/lili/controller/common/FileController.java b/common-api/src/main/java/cn/lili/controller/common/FileController.java index 84df93ff..710bb287 100644 --- a/common-api/src/main/java/cn/lili/controller/common/FileController.java +++ b/common-api/src/main/java/cn/lili/controller/common/FileController.java @@ -78,9 +78,7 @@ public class FileController { } throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR); case MANAGER: - if (file.getUserEnums().equals(authUser.getRole().name())) { - break; - } + break; default: throw new ServiceException(ResultCode.USER_AUTHORITY_ERROR); } diff --git a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java index f542397a..928436f3 100644 --- a/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java +++ b/framework/src/main/java/cn/lili/common/security/filter/XssHttpServletRequestWrapper.java @@ -4,6 +4,7 @@ package cn.lili.common.security.filter; import cn.hutool.core.text.CharSequenceUtil; import cn.hutool.http.HtmlUtil; import cn.hutool.json.JSONUtil; +import lombok.extern.slf4j.Slf4j; import org.owasp.html.Sanitizers; import javax.servlet.ReadListener; @@ -27,6 +28,7 @@ import java.util.Map; * @version v1.0 * 2021-06-04 10:39 */ +@Slf4j public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { @@ -141,45 +143,72 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { */ @Override public ServletInputStream getInputStream() throws IOException { - //获取输入流 - ServletInputStream in = super.getInputStream(); - //用于存储输入流 - StringBuilder body = new StringBuilder(); - InputStreamReader reader = new InputStreamReader(in, StandardCharsets.UTF_8); - BufferedReader bufferedReader = new BufferedReader(reader); - //按行读取输入流 - String line = bufferedReader.readLine(); - while (line != null) { - //将获取到的第一行数据append到StringBuffer中 - body.append(line); - //继续读取下一行流,直到line为空 - line = bufferedReader.readLine(); - } - //关闭流 - bufferedReader.close(); - reader.close(); - in.close(); - if (CharSequenceUtil.isNotEmpty(body) && Boolean.TRUE.equals(JSONUtil.isJsonObj(body.toString()))) { - //将body转换为map - Map map = JSONUtil.parseObj(body.toString()); - //创建空的map用于存储结果 - Map resultMap = new HashMap<>(map.size()); - //遍历数组 - for (Map.Entry entry : map.entrySet()) { - //如果map.get(key)获取到的是字符串就需要进行处理,如果不是直接存储resultMap - if (map.get(entry.getKey()) instanceof String) { - resultMap.put(entry.getKey(), filterXss(entry.getKey(), entry.getValue().toString())); - } else { - resultMap.put(entry.getKey(), entry.getValue()); + BufferedReader bufferedReader = null; + + InputStreamReader reader = null; + + //获取输入流 + ServletInputStream in = null; + try { + in = super.getInputStream(); + //用于存储输入流 + StringBuilder body = new StringBuilder(); + reader = new InputStreamReader(in, StandardCharsets.UTF_8); + bufferedReader = new BufferedReader(reader); + //按行读取输入流 + String line = bufferedReader.readLine(); + while (line != null) { + //将获取到的第一行数据append到StringBuffer中 + body.append(line); + //继续读取下一行流,直到line为空 + line = bufferedReader.readLine(); + } + if (CharSequenceUtil.isNotEmpty(body) && Boolean.TRUE.equals(JSONUtil.isJsonObj(body.toString()))) { + //将body转换为map + Map map = JSONUtil.parseObj(body.toString()); + //创建空的map用于存储结果 + Map resultMap = new HashMap<>(map.size()); + //遍历数组 + for (Map.Entry entry : map.entrySet()) { + //如果map.get(key)获取到的是字符串就需要进行处理,如果不是直接存储resultMap + if (map.get(entry.getKey()) instanceof String) { + resultMap.put(entry.getKey(), filterXss(entry.getKey(), entry.getValue().toString())); + } else { + resultMap.put(entry.getKey(), entry.getValue()); + } } + + //将resultMap转换为json字符串 + String resultStr = JSONUtil.toJsonStr(resultMap); + //将json字符串转换为字节 + final ByteArrayInputStream resultBIS = new ByteArrayInputStream(resultStr.getBytes()); + + //实现接口 + return new ServletInputStream() { + @Override + public boolean isFinished() { + return false; + } + + @Override + public boolean isReady() { + return false; + } + + @Override + public void setReadListener(ReadListener readListener) { + } + + @Override + public int read() { + return resultBIS.read(); + } + }; } - //将resultMap转换为json字符串 - String resultStr = JSONUtil.toJsonStr(resultMap); //将json字符串转换为字节 - final ByteArrayInputStream resultBIS = new ByteArrayInputStream(resultStr.getBytes()); - + final ByteArrayInputStream bis = new ByteArrayInputStream(body.toString().getBytes()); //实现接口 return new ServletInputStream() { @Override @@ -194,41 +223,31 @@ public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper { @Override public void setReadListener(ReadListener readListener) { + } @Override public int read() { - return resultBIS.read(); + return bis.read(); } }; + } catch (Exception e) { + + log.error("get request inputStream error", e); + return null; + } finally { + //关闭流 + if (bufferedReader != null) { + bufferedReader.close(); + } + if (reader != null) { + reader.close(); + } + if (in != null) { + in.close(); + } } - //将json字符串转换为字节 - final ByteArrayInputStream bis = new ByteArrayInputStream(body.toString().getBytes()); - - //实现接口 - return new ServletInputStream() { - @Override - public boolean isFinished() { - return false; - } - - @Override - public boolean isReady() { - return false; - } - - @Override - public void setReadListener(ReadListener readListener) { - - } - - @Override - public int read() { - return bis.read(); - } - }; - } private String cleanXSS(String value) { diff --git a/framework/src/main/java/cn/lili/common/utils/Base64DecodeMultipartFile.java b/framework/src/main/java/cn/lili/common/utils/Base64DecodeMultipartFile.java index b05d5662..95a67ced 100644 --- a/framework/src/main/java/cn/lili/common/utils/Base64DecodeMultipartFile.java +++ b/framework/src/main/java/cn/lili/common/utils/Base64DecodeMultipartFile.java @@ -55,7 +55,7 @@ public class Base64DecodeMultipartFile implements MultipartFile { } @Override - public InputStream getInputStream() throws IOException { + public InputStream getInputStream() { return new ByteArrayInputStream(imgContent); } @@ -66,8 +66,9 @@ public class Base64DecodeMultipartFile implements MultipartFile { stream = new FileOutputStream(dest); stream.write(imgContent); } catch (IOException e) { - log.error("transferTo错误",e); - }finally { + log.error("transferTo错误", e); + } finally { + assert stream != null; stream.close(); } } @@ -94,7 +95,7 @@ public class Base64DecodeMultipartFile implements MultipartFile { byte[] bytes = Base64.getDecoder().decode(base64); stream = new ByteArrayInputStream(bytes); } catch (Exception e) { - log.error("base64ToInputStream错误",e); + log.error("base64ToInputStream错误", e); } return stream; } @@ -111,13 +112,13 @@ public class Base64DecodeMultipartFile implements MultipartFile { } data = swapStream.toByteArray(); } catch (IOException e) { - log.error("转码错误",e); + log.error("转码错误", e); } finally { if (in != null) { try { in.close(); } catch (IOException e) { - log.error("inputStreamToStream错误",e); + log.error("inputStreamToStream错误", e); } } } diff --git a/framework/src/main/java/cn/lili/common/utils/BeanUtil.java b/framework/src/main/java/cn/lili/common/utils/BeanUtil.java index 55eda005..a5e66e54 100644 --- a/framework/src/main/java/cn/lili/common/utils/BeanUtil.java +++ b/framework/src/main/java/cn/lili/common/utils/BeanUtil.java @@ -16,7 +16,7 @@ public class BeanUtil { * 复制属性 * * @param objectFrom 源自对象 - * @param objectTo 复制给对象 + * @param objectTo 复制给对象 */ public static void copyProperties(Object objectFrom, Object objectTo) { BeanUtils.copyProperties(objectFrom, objectTo); @@ -25,6 +25,7 @@ public class BeanUtil { /** * 获取属性名数组 + * * @param o 获取字段的对象 * @return 返回各个字段 */ @@ -49,8 +50,9 @@ public class BeanUtil { /** * 根据属性名获取属性值 + * * @param fieldName 属性名 - * @param o 对象 + * @param o 对象 * @return 属性值 */ public static Object getFieldValueByName(String fieldName, Object o) { @@ -69,6 +71,7 @@ public class BeanUtil { /** * 将对象转换为key value * A=a&B=b&C=c 格式 + * * @param object 对象 * @return 格式化结果 */ @@ -87,6 +90,7 @@ public class BeanUtil { String key = fieldNames[j]; //获取值 Object value = BeanUtil.getFieldValueByName(key, object); + assert value != null; stringBuffer.append(key).append("=").append(value.toString()); } return stringBuffer.toString(); @@ -95,8 +99,9 @@ public class BeanUtil { /** * key value键值对 转换为 对象 * A=a&B=b&C=c 格式 转换为对象 + * * @param str 对象字符串 - * @param t 范型 + * @param t 范型 * @param 范型 * @return 格式化结果 */ diff --git a/framework/src/main/java/cn/lili/common/utils/CurrencyUtil.java b/framework/src/main/java/cn/lili/common/utils/CurrencyUtil.java index e0d9ec1a..7e77edcb 100644 --- a/framework/src/main/java/cn/lili/common/utils/CurrencyUtil.java +++ b/framework/src/main/java/cn/lili/common/utils/CurrencyUtil.java @@ -29,8 +29,8 @@ public final class CurrencyUtil { * @return 两个参数的和 */ public static Double add(double v1, double v2) { - BigDecimal b1 = new BigDecimal(v1); - BigDecimal b2 = new BigDecimal(v2); + BigDecimal b1 = BigDecimal.valueOf(v1); + BigDecimal b2 = BigDecimal.valueOf(v2); return b1.add(b2).setScale(2, RoundingMode.HALF_UP).doubleValue(); } @@ -42,8 +42,8 @@ public final class CurrencyUtil { * @return 两个参数的差 */ public static double sub(double v1, double v2) { - BigDecimal b1 = new BigDecimal(v1); - BigDecimal b2 = new BigDecimal(v2); + BigDecimal b1 = BigDecimal.valueOf(v1); + BigDecimal b2 = BigDecimal.valueOf(v2); return b1.subtract(b2).setScale(2, RoundingMode.HALF_UP).doubleValue(); } @@ -55,8 +55,8 @@ public final class CurrencyUtil { * @return 两个参数的积 */ public static Double mul(double v1, double v2) { - BigDecimal b1 = new BigDecimal(v1); - BigDecimal b2 = new BigDecimal(v2); + BigDecimal b1 = BigDecimal.valueOf(v1); + BigDecimal b2 = BigDecimal.valueOf(v2); return b1.multiply(b2).setScale(2, RoundingMode.HALF_UP).doubleValue(); } @@ -73,8 +73,8 @@ public final class CurrencyUtil { throw new IllegalArgumentException( "The scale must be a positive integer or zero"); } - BigDecimal b1 = new BigDecimal(v1); - BigDecimal b2 = new BigDecimal(v2); + BigDecimal b1 = BigDecimal.valueOf(v1); + BigDecimal b2 = BigDecimal.valueOf(v2); return b1.multiply(b2).setScale(scale, RoundingMode.HALF_UP).doubleValue(); } @@ -106,28 +106,11 @@ public final class CurrencyUtil { if (v2 == 0) { return 0; } - BigDecimal b1 = new BigDecimal(v1); - BigDecimal b2 = new BigDecimal(v2); + BigDecimal b1 = BigDecimal.valueOf(v1); + BigDecimal b2 = BigDecimal.valueOf(v2); return b1.divide(b2, scale, RoundingMode.HALF_UP).doubleValue(); } - /** - * 提供精确的小数位四舍五入处理。 - * - * @param v 需要四舍五入的数字 - * @param scale 小数点后保留几位 - * @return 四舍五入后的结果 - */ - public static double round(double v, int scale) { - if (scale < 0) { - throw new IllegalArgumentException( - "The scale must be a positive integer or zero"); - } - BigDecimal b = new BigDecimal(v); - BigDecimal one = new BigDecimal("1"); - return b.divide(one, scale, RoundingMode.HALF_UP).doubleValue(); - } - /** * 金额转分 * diff --git a/framework/src/main/java/cn/lili/common/utils/DateUtil.java b/framework/src/main/java/cn/lili/common/utils/DateUtil.java index 306cc0cd..b07f0bde 100644 --- a/framework/src/main/java/cn/lili/common/utils/DateUtil.java +++ b/framework/src/main/java/cn/lili/common/utils/DateUtil.java @@ -273,7 +273,7 @@ public class DateUtil { * @return 时间戳 */ public static long getDateline(String date) { - return toDate(date, STANDARD_DATE_FORMAT).getTime() / 1000; + return Objects.requireNonNull(toDate(date, STANDARD_DATE_FORMAT)).getTime() / 1000; } /** @@ -311,7 +311,7 @@ public class DateUtil { * @return 时间戳 */ public static long getDateline(String date, String pattern) { - return toDate(date, pattern).getTime() / 1000; + return Objects.requireNonNull(toDate(date, pattern)).getTime() / 1000; } /** diff --git a/framework/src/main/java/cn/lili/modules/goods/util/WechatMediaUtil.java b/framework/src/main/java/cn/lili/modules/goods/util/WechatMediaUtil.java index f5f16fca..d94dcdfe 100644 --- a/framework/src/main/java/cn/lili/modules/goods/util/WechatMediaUtil.java +++ b/framework/src/main/java/cn/lili/modules/goods/util/WechatMediaUtil.java @@ -105,8 +105,9 @@ public class WechatMediaUtil { } catch (Exception e) { log.error("微信媒体上传失败", e); } + assert resultStr != null; JSONObject jsonObject = new JSONObject(resultStr.toString()); - log.info("微信媒体上传:" + jsonObject.toString()); + log.info("微信媒体上传:" + jsonObject); //判断是否传递成功,如果token过期则重新获取 if (jsonObject.get("errcode") != null && ("40001").equals(jsonObject.get("errcode"))) { wechatAccessTokenUtil.removeAccessToken(ClientTypeEnum.WECHAT_MP);