xins
/
hwmom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://gitee.com/y_project/RuoYi-Cloud

Browse Source
2.X
疯狂的狮子li 3 years ago
parent b106ae0e4f 173c0e384f
commit 0036a2a60c
23 changed files with 88 additions and 67 deletions
Show Stats Download Patch File Download Diff File

2
pom.xml
Unescape Escape View File

@ -21,7 +21,7 @@
<spring-cloud.version>2020.0.4</spring-cloud.version>
<spring-cloud-alibaba.version>2021.1</spring-cloud-alibaba.version>
<alibaba.nacos.version>2.0.3</alibaba.nacos.version>
<spring-boot-admin.version>2.5.2</spring-boot-admin.version>
<spring-boot-admin.version>2.5.3</spring-boot-admin.version>
<spring-boot.mybatis>2.2.0</spring-boot.mybatis>
<swagger.fox.version>3.0.0</swagger.fox.version>
<swagger.core.version>1.6.2</swagger.core.version>

6
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/Constants.java
Unescape Escape View File

@ -112,4 +112,10 @@ public class Constants
*
*/
public static final String RESOURCE_PREFIX = "/profile";
/**
*
*/
public static final String[] JOB_ERROR_STR = { "java.net.URL", "javax.naming.InitialContext", "org.yaml.snakeyaml",
"org.springframework.jndi" };
}

34
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/html/EscapeUtil.java
Unescape Escape View File

@ -69,26 +69,37 @@ public class EscapeUtil
*/
private static String encode(String text)
{
int len;
if ((text == null) || ((len = text.length()) == 0))
if (StringUtils.isEmpty(text))
{
return StringUtils.EMPTY;
}
StringBuilder buffer = new StringBuilder(len + (len >> 2));
final StringBuilder tmp = new StringBuilder(text.length() * 6);
char c;
for (int i = 0; i < len; i++)
for (int i = 0; i < text.length(); i++)
{
c = text.charAt(i);
if (c < 64)
if (c < 256)
{
buffer.append(TEXT[c]);
tmp.append("%");
if (c < 16)
{
tmp.append("0");
}
tmp.append(Integer.toString(c, 16));
}
else
{
buffer.append(c);
tmp.append("%u");
if (c <= 0xfff)
{
// issue#I49JU8@Gitee
tmp.append("0");
}
tmp.append(Integer.toString(c, 16));
}
}
return buffer.toString();
return tmp.toString();
}
/**
@ -145,11 +156,12 @@ public class EscapeUtil
public static void main(String[] args)
{
String html = "<script>alert(1);</script>";
String escape = EscapeUtil.escape(html);
// String html = "<scr<script>ipt>alert(\"XSS\")</scr<script>ipt>";
// String html = "<123";
// String html = "123>";
System.out.println(EscapeUtil.clean(html));
System.out.println(EscapeUtil.escape(html));
System.out.println(EscapeUtil.unescape(html));
System.out.println("clean: " + EscapeUtil.clean(html));
System.out.println("escape: " + escape);
System.out.println("unescape: " + EscapeUtil.unescape(escape));
}
}

18
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/utils/poi/ExcelUtil.java
Unescape Escape View File

@ -2,7 +2,6 @@ package com.ruoyi.common.core.utils.poi;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.math.BigDecimal;
@ -357,7 +356,7 @@ public class ExcelUtil<T>
* @return
* @throws IOException
*/
public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)throws IOException
public void exportExcel(HttpServletResponse response, List<T> list, String sheetName)
{
exportExcel(response, list, sheetName, StringUtils.EMPTY);
}
@ -372,12 +371,12 @@ public class ExcelUtil<T>
* @return
* @throws IOException
*/
public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title) throws IOException
public void exportExcel(HttpServletResponse response, List<T> list, String sheetName, String title)
{
response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
response.setCharacterEncoding("utf-8");
this.init(list, sheetName, title, Type.EXPORT);
exportExcel(response.getOutputStream());
exportExcel(response);
}
/**
@ -392,7 +391,7 @@ public class ExcelUtil<T>
* @param sheetName
* @return
*/
public void importTemplateExcel(HttpServletResponse response, String sheetName) throws IOException
public void importTemplateExcel(HttpServletResponse response, String sheetName)
{
importTemplateExcel(response, sheetName, StringUtils.EMPTY);
}
@ -404,12 +403,12 @@ public class ExcelUtil<T>
* @param title
* @return
*/
public void importTemplateExcel(HttpServletResponse response, String sheetName, String title) throws IOException
public void importTemplateExcel(HttpServletResponse response, String sheetName, String title)
{
response.setContentType("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
response.setCharacterEncoding("utf-8");
this.init(null, sheetName, title, Type.IMPORT);
exportExcel(response.getOutputStream());
exportExcel(response);
}
/**
@ -417,12 +416,12 @@ public class ExcelUtil<T>
*
* @return
*/
public void exportExcel(OutputStream out)
public void exportExcel(HttpServletResponse response)
{
try
{
writeSheet();
wb.write(out);
wb.write(response.getOutputStream());
}
catch (Exception e)
{
@ -431,7 +430,6 @@ public class ExcelUtil<T>
finally
{
IOUtils.closeQuietly(wb);
IOUtils.closeQuietly(out);
}
}

12
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/XssFilter.java
Unescape Escape View File

@ -7,7 +7,9 @@ import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferFactory;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.core.io.buffer.DefaultDataBufferFactory;
import org.springframework.core.io.buffer.NettyDataBufferFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
@ -70,10 +72,12 @@ public class XssFilter implements GlobalFilter, Ordered
public Flux<DataBuffer> getBody()
{
Flux<DataBuffer> body = super.getBody();
return body.map(dataBuffer -> {
byte[] content = new byte[dataBuffer.readableByteCount()];
dataBuffer.read(content);
DataBufferUtils.release(dataBuffer);
return body.buffer().map(dataBuffers -> {
DataBufferFactory dataBufferFactory = new DefaultDataBufferFactory();
DataBuffer join = dataBufferFactory.join(dataBuffers);
byte[] content = new byte[join.readableByteCount()];
join.read(content);
DataBufferUtils.release(join);
String bodyStr = new String(content, StandardCharsets.UTF_8);
// 防xss攻击过滤
bodyStr = EscapeUtil.clean(bodyStr);

2
ruoyi-modules/ruoyi-gen/src/main/resources/vm/java/controller.java.vm
Unescape Escape View File

@ -64,7 +64,7 @@ public class ${ClassName}Controller extends BaseController
@RequiresPermissions("${permissionPrefix}:export")
@Log(title = "${functionName}", businessType = BusinessType.EXPORT)
@PostMapping("/export")
public void export(HttpServletResponse response, ${ClassName} ${className}) throws IOException
public void export(HttpServletResponse response, ${ClassName} ${className})
{
List<${ClassName}> list = ${className}Service.select${ClassName}List(${className});
ExcelUtil<${ClassName}> util = new ExcelUtil<${ClassName}>(${ClassName}.class);

2
ruoyi-modules/ruoyi-gen/src/main/resources/vm/vue/index.vue.vm
Unescape Escape View File

@ -561,7 +561,7 @@ export default {
handleExport() {
this.download('${moduleName}/${businessName}/export', {
...this.queryParams
}, `${moduleName}_${businessName}.xlsx`)
}, `${businessName}_#[[${new Date().getTime()}]]#.xlsx`)
}
}
};

11
ruoyi-modules/ruoyi-job/src/main/java/com/ruoyi/job/controller/SysJobController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.job.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.quartz.SchedulerException;
@ -58,7 +57,7 @@ public class SysJobController extends BaseController
@RequiresPermissions("monitor:job:export")
@Log(title = "定时任务", businessType = BusinessType.EXPORT)
@PostMapping("/export")
public void export(HttpServletResponse response, SysJob sysJob) throws IOException
public void export(HttpServletResponse response, SysJob sysJob)
{
List<SysJob> list = jobService.selectJobList(sysJob);
ExcelUtil<SysJob> util = new ExcelUtil<SysJob>(SysJob.class);
@ -99,6 +98,10 @@ public class SysJobController extends BaseController
{
return error("新增任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
}
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
{
return error("新增任务'" + job.getJobName() + "'失败,目标字符串存在违规");
}
job.setCreateBy(SecurityUtils.getUsername());
return toAjax(jobService.insertJob(job));
}
@ -127,6 +130,10 @@ public class SysJobController extends BaseController
{
return error("修改任务'" + job.getJobName() + "'失败,目标字符串不允许'http(s)//'调用");
}
else if (StringUtils.containsAnyIgnoreCase(job.getInvokeTarget(), Constants.JOB_ERROR_STR))
{
return error("修改任务'" + job.getJobName() + "'失败,目标字符串存在违规");
}
job.setUpdateBy(SecurityUtils.getUsername());
return toAjax(jobService.updateJob(job));
}

3
ruoyi-modules/ruoyi-job/src/main/java/com/ruoyi/job/controller/SysJobLogController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.job.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -50,7 +49,7 @@ public class SysJobLogController extends BaseController
@RequiresPermissions("monitor:job:export")
@Log(title = "任务调度日志", businessType = BusinessType.EXPORT)
@PostMapping("/export")
public void export(HttpServletResponse response, SysJobLog sysJobLog) throws IOException
public void export(HttpServletResponse response, SysJobLog sysJobLog)
{
List<SysJobLog> list = jobLogService.selectJobLogList(sysJobLog);
ExcelUtil<SysJobLog> util = new ExcelUtil<SysJobLog>(SysJobLog.class);

2
ruoyi-modules/ruoyi-job/src/main/java/com/ruoyi/job/util/JobInvokeUtil.java
Unescape Escape View File

@ -110,7 +110,7 @@ public class JobInvokeUtil
{
return null;
}
String[] methodParams = methodStr.split(",");
String[] methodParams = methodStr.split(",(?=(?:[^\']*\"[^\']*\')*[^\']*$)");
List<Object[]> classs = new LinkedList<>();
for (int i = 0; i < methodParams.length; i++)
{

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysConfigController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -52,7 +51,7 @@ public class SysConfigController extends BaseController
@Log(title = "参数管理", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:config:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysConfig config) throws IOException
public void export(HttpServletResponse response, SysConfig config)
{
List<SysConfig> list = configService.selectConfigList(config);
ExcelUtil<SysConfig> util = new ExcelUtil<SysConfig>(SysConfig.class);

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDictDataController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
@ -54,7 +53,7 @@ public class SysDictDataController extends BaseController
@Log(title = "字典数据", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:dict:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysDictData dictData) throws IOException
public void export(HttpServletResponse response, SysDictData dictData)
{
List<SysDictData> list = dictDataService.selectDictDataList(dictData);
ExcelUtil<SysDictData> util = new ExcelUtil<SysDictData>(SysDictData.class);

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysDictTypeController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -49,7 +48,7 @@ public class SysDictTypeController extends BaseController
@Log(title = "字典类型", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:dict:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysDictType dictType) throws IOException
public void export(HttpServletResponse response, SysDictType dictType)
{
List<SysDictType> list = dictTypeService.selectDictTypeList(dictType);
ExcelUtil<SysDictType> util = new ExcelUtil<SysDictType>(SysDictType.class);

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysLogininforController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -46,7 +45,7 @@ public class SysLogininforController extends BaseController
@Log(title = "登录日志", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:logininfor:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysLogininfor logininfor) throws IOException
public void export(HttpServletResponse response, SysLogininfor logininfor)
{
List<SysLogininfor> list = logininforService.selectLogininforList(logininfor);
ExcelUtil<SysLogininfor> util = new ExcelUtil<SysLogininfor>(SysLogininfor.class);

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysOperlogController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -46,7 +45,7 @@ public class SysOperlogController extends BaseController
@Log(title = "操作日志", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:operlog:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysOperLog operLog) throws IOException
public void export(HttpServletResponse response, SysOperLog operLog)
{
List<SysOperLog> list = operLogService.selectOperLogList(operLog);
ExcelUtil<SysOperLog> util = new ExcelUtil<SysOperLog>(SysOperLog.class);

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysPostController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -52,7 +51,7 @@ public class SysPostController extends BaseController
@Log(title = "岗位管理", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:post:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysPost post) throws IOException
public void export(HttpServletResponse response, SysPost post)
{
List<SysPost> list = postService.selectPostList(post);
ExcelUtil<SysPost> util = new ExcelUtil<SysPost>(SysPost.class);

3
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysRoleController.java
Unescape Escape View File

@ -1,6 +1,5 @@
package com.ruoyi.system.controller;
import java.io.IOException;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
@ -55,7 +54,7 @@ public class SysRoleController extends BaseController
@Log(title = "角色管理", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:role:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysRole role) throws IOException
public void export(HttpServletResponse response, SysRole role)
{
List<SysRole> list = roleService.selectRoleList(role);
ExcelUtil<SysRole> util = new ExcelUtil<SysRole>(SysRole.class);

2
ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java
Unescape Escape View File

@ -77,7 +77,7 @@ public class SysUserController extends BaseController
@Log(title = "用户管理", businessType = BusinessType.EXPORT)
@RequiresPermissions("system:user:export")
@PostMapping("/export")
public void export(HttpServletResponse response, SysUser user) throws IOException
public void export(HttpServletResponse response, SysUser user)
{
List<SysUser> list = userService.selectUserList(user);
ExcelUtil<SysUser> util = new ExcelUtil<SysUser>(SysUser.class);

4
ruoyi-ui/package.json
Unescape Escape View File

@ -37,9 +37,9 @@
},
"dependencies": {
"@riophae/vue-treeselect": "0.4.0",
"axios": "0.21.0",
"axios": "0.24.0",
"clipboard": "2.0.6",
"core-js": "3.8.1",
"core-js": "3.19.1",
"echarts": "4.9.0",
"element-ui": "2.15.6",
"file-saver": "2.0.5",

6
ruoyi-ui/src/api/login.js
Unescape Escape View File

@ -4,6 +4,9 @@ import request from '@/utils/request'
export function login(username, password, code, uuid) {
return request({
url: '/auth/login',
headers: {
isToken: false
},
method: 'post',
data: { username, password, code, uuid }
})
@ -49,6 +52,9 @@ export function logout() {
export function getCodeImg() {
return request({
url: '/code',
headers: {
isToken: false
},
method: 'get',
timeout: 20000
})

17
ruoyi-ui/src/utils/request.js
Unescape Escape View File

@ -8,7 +8,7 @@ import { saveAs } from 'file-saver'
let downloadLoadingInstance;
axios.defaults.headers['Conntent-Type'] = 'application/json;charset=utf-8'
axios.defaults.headers['Content-Type'] = 'application/json;charset=utf-8'
// 创建axios实例
const service = axios.create({
// axios中请求配置有baseURL选项表示请求URL公共部分
@ -48,16 +48,19 @@ service.interceptors.response.use(res => {
return res.data
}
if (code === 401) {
MessageBox.confirm('登录状态已过期,您可以继续留在该页面,或者重新登录', '系统提示', {
let doms = document.getElementsByClassName('el-message-box')[0]
if(doms === undefined){
MessageBox.confirm('登录状态已过期,您可以继续留在该页面,或者重新登录', '系统提示', {
confirmButtonText: '重新登录',
cancelButtonText: '取消',
type: 'warning'
}
).then(() => {
store.dispatch('LogOut').then(() => {
location.href = '/index';
})
}).catch(() => {});
).then(() => {
store.dispatch('LogOut').then(() => {
location.href = '/index';
})
}).catch(() => {});
}
return Promise.reject('无效的会话,或者会话已过期,请重新登录。')
} else if (code === 500) {
Message({

11
ruoyi-ui/src/utils/ruoyi.js
Unescape Escape View File

@ -3,8 +3,6 @@
* Copyright (c) 2019 ruoyi
*/
const baseURL = process.env.VUE_APP_BASE_API
// 日期格式化
export function parseTime(time, pattern) {
if (arguments.length === 0 || !time) {
@ -87,19 +85,14 @@ export function selectDictLabels(datas, value, separator) {
var temp = value.split(currentSeparator);
Object.keys(value.split(currentSeparator)).some((val) => {
Object.keys(datas).some((key) => {
if (datas[key].dictValue == ('' + temp[val])) {
actions.push(datas[key].dictLabel + currentSeparator);
if (datas[key].value == ('' + temp[val])) {
actions.push(datas[key].label + currentSeparator);
}
})
})
return actions.join('').substring(0, actions.join('').length - 1);
}
// 通用下载方法
export function download(fileName) {
window.location.href = baseURL + "/common/download?fileName=" + encodeURI(fileName) + "&delete=" + true;
}
// 字符串格式化(%s )
export function sprintf(str) {
var args = arguments, flag = true, i = 1;

2
ruoyi-ui/src/views/system/user/index.vue
Unescape Escape View File

@ -653,7 +653,7 @@ export default {
importTemplate() {
this.download('system/user/importTemplate', {
...this.queryParams
}, `user_${new Date().getTime()}.xlsx`)
}, `user_template_${new Date().getTime()}.xlsx`)
},
//
handleFileUploadProgress(event, file, fileList) {

Write Preview
Loading…
Cancel
Save