mirror of
https://gitee.com/y_project/RuoYi-Cloud.git
synced 2026-01-27 04:01:56 +08:00
Merge branch 'master' of gitee.com:y_project/RuoYi-Cloud into dev
Signed-off-by: 中科嘉迪 <14620481+zhongke-jiadi@user.noreply.gitee.com>
This commit is contained in:
中科嘉迪
Gitee
@@ -0,0 +1,46 @@
|
||||
package com.ruoyi.file.config;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.servlet.DispatcherType;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import com.ruoyi.file.filter.RefererFilter;
|
||||
|
||||
/**
|
||||
* Filter配置
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
@Configuration
|
||||
public class FilterConfig
|
||||
{
|
||||
/**
|
||||
* 资源映射路径 前缀
|
||||
*/
|
||||
@Value("${file.prefix}")
|
||||
public String localFilePrefix;
|
||||
|
||||
@Value("${referer.allowed-domains}")
|
||||
private String allowedDomains;
|
||||
|
||||
@SuppressWarnings({"rawtypes", "unchecked"})
|
||||
@Bean
|
||||
@ConditionalOnProperty(value = "referer.enabled", havingValue = "true")
|
||||
public FilterRegistrationBean refererFilterRegistration()
|
||||
{
|
||||
FilterRegistrationBean registration = new FilterRegistrationBean();
|
||||
registration.setDispatcherTypes(DispatcherType.REQUEST);
|
||||
registration.setFilter(new RefererFilter());
|
||||
registration.addUrlPatterns(localFilePrefix + "/*");
|
||||
registration.setName("refererFilter");
|
||||
registration.setOrder(FilterRegistrationBean.HIGHEST_PRECEDENCE);
|
||||
Map<String, String> initParameters = new HashMap<String, String>();
|
||||
initParameters.put("allowedDomains", allowedDomains);
|
||||
registration.setInitParameters(initParameters);
|
||||
return registration;
|
||||
}
|
||||
}
|
||||
@@ -3,10 +3,12 @@ package com.ruoyi.file.controller;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.DeleteMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
import com.ruoyi.common.core.domain.R;
|
||||
import com.ruoyi.common.core.utils.StringUtils;
|
||||
import com.ruoyi.common.core.utils.file.FileUtils;
|
||||
import com.ruoyi.file.service.ISysFileService;
|
||||
import com.ruoyi.system.api.domain.SysFile;
|
||||
@@ -45,4 +47,26 @@ public class SysFileController
|
||||
return R.fail(e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 文件删除请求
|
||||
*/
|
||||
@DeleteMapping("delete")
|
||||
public R<Boolean> delete(String fileUrl)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (!FileUtils.validateFilePath(fileUrl))
|
||||
{
|
||||
throw new Exception(StringUtils.format("资源文件({})非法,不允许删除。 ", fileUrl));
|
||||
}
|
||||
sysFileService.deleteFile(fileUrl);
|
||||
return R.ok();
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
log.error("删除文件失败", e);
|
||||
return R.fail(e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,77 @@
|
||||
package com.ruoyi.file.filter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
/**
|
||||
* 防盗链过滤器
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public class RefererFilter implements Filter
|
||||
{
|
||||
/**
|
||||
* 允许的域名列表
|
||||
*/
|
||||
public List<String> allowedDomains;
|
||||
|
||||
@Override
|
||||
public void init(FilterConfig filterConfig) throws ServletException
|
||||
{
|
||||
String domains = filterConfig.getInitParameter("allowedDomains");
|
||||
this.allowedDomains = Arrays.asList(domains.split(","));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException
|
||||
{
|
||||
HttpServletRequest req = (HttpServletRequest) request;
|
||||
HttpServletResponse resp = (HttpServletResponse) response;
|
||||
|
||||
String referer = req.getHeader("Referer");
|
||||
|
||||
// 如果Referer为空,拒绝访问
|
||||
if (referer == null || referer.isEmpty())
|
||||
{
|
||||
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Access denied: Referer header is required");
|
||||
return;
|
||||
}
|
||||
|
||||
// 检查Referer是否在允许的域名列表中
|
||||
boolean allowed = false;
|
||||
for (String domain : allowedDomains)
|
||||
{
|
||||
if (referer.contains(domain))
|
||||
{
|
||||
allowed = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// 根据检查结果决定是否放行
|
||||
if (allowed)
|
||||
{
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
else
|
||||
{
|
||||
resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Access denied: Referer '" + referer + "' is not allowed");
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void destroy()
|
||||
{
|
||||
|
||||
}
|
||||
}
|
||||
@@ -1,11 +1,11 @@
|
||||
package com.ruoyi.file.service;
|
||||
|
||||
import java.io.InputStream;
|
||||
import com.alibaba.nacos.common.utils.IoUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
import com.alibaba.nacos.common.utils.IoUtils;
|
||||
import com.github.tobato.fastdfs.domain.fdfs.StorePath;
|
||||
import com.github.tobato.fastdfs.service.FastFileStorageClient;
|
||||
import com.ruoyi.common.core.utils.file.FileTypeUtils;
|
||||
@@ -53,4 +53,24 @@ public class FastDfsSysFileServiceImpl implements ISysFileService
|
||||
IoUtils.closeQuietly(inputStream);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* FastDFS文件删除接口
|
||||
*
|
||||
* @param fileUrl 文件访问URL
|
||||
* @throws Exception
|
||||
*/
|
||||
@Override
|
||||
public void deleteFile(String fileUrl) throws Exception
|
||||
{
|
||||
try
|
||||
{
|
||||
StorePath storePath = StorePath.parseFromUrl(fileUrl);
|
||||
storageClient.deleteFile(storePath.getGroup(), storePath.getPath());
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
throw new RuntimeException("FastDfs Failed to delete file: ", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -17,4 +17,12 @@ public interface ISysFileService
|
||||
* @throws Exception
|
||||
*/
|
||||
public String uploadFile(MultipartFile file) throws Exception;
|
||||
|
||||
/**
|
||||
* 文件删除接口
|
||||
*
|
||||
* @param fileUrl 文件访问URL
|
||||
* @throws Exception
|
||||
*/
|
||||
public void deleteFile(String fileUrl) throws Exception;
|
||||
}
|
||||
|
||||
@@ -4,6 +4,8 @@ import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Primary;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
import com.ruoyi.common.core.utils.StringUtils;
|
||||
import com.ruoyi.common.core.utils.file.FileUtils;
|
||||
import com.ruoyi.file.utils.FileUploadUtils;
|
||||
|
||||
/**
|
||||
@@ -47,4 +49,17 @@ public class LocalSysFileServiceImpl implements ISysFileService
|
||||
String url = domain + localFilePrefix + name;
|
||||
return url;
|
||||
}
|
||||
|
||||
/**
|
||||
* 本地文件删除接口
|
||||
*
|
||||
* @param fileUrl 文件访问URL
|
||||
* @throws Exception
|
||||
*/
|
||||
@Override
|
||||
public void deleteFile(String fileUrl) throws Exception
|
||||
{
|
||||
String localFile = StringUtils.substringAfter(fileUrl, localFilePrefix);
|
||||
FileUtils.deleteFile(localFilePath + localFile);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,10 +5,12 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
import com.alibaba.nacos.common.utils.IoUtils;
|
||||
import com.ruoyi.common.core.utils.StringUtils;
|
||||
import com.ruoyi.file.config.MinioConfig;
|
||||
import com.ruoyi.file.utils.FileUploadUtils;
|
||||
import io.minio.MinioClient;
|
||||
import io.minio.PutObjectArgs;
|
||||
import io.minio.RemoveObjectArgs;
|
||||
|
||||
/**
|
||||
* Minio 文件存储
|
||||
@@ -57,4 +59,24 @@ public class MinioSysFileServiceImpl implements ISysFileService
|
||||
IoUtils.closeQuietly(inputStream);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Minio文件删除接口
|
||||
*
|
||||
* @param fileUrl 文件访问URL
|
||||
* @throws Exception
|
||||
*/
|
||||
@Override
|
||||
public void deleteFile(String fileUrl) throws Exception
|
||||
{
|
||||
try
|
||||
{
|
||||
String minioFile = StringUtils.substringAfter(fileUrl, minioConfig.getBucketName());
|
||||
client.removeObject(RemoveObjectArgs.builder().bucket(minioConfig.getBucketName()).object(minioFile).build());
|
||||
}
|
||||
catch (Exception e)
|
||||
{
|
||||
throw new RuntimeException("Minio Failed to delete file", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -334,7 +334,7 @@ function getList() {
|
||||
#foreach ($column in $columns)
|
||||
#if($column.htmlType == "datetime" && $column.queryType == "BETWEEN")
|
||||
#set($AttrName=$column.javaField.substring(0,1).toUpperCase() + ${column.javaField.substring(1)})
|
||||
if (null != daterange${AttrName} && '' != daterange${AttrName}) {
|
||||
if (null != daterange${AttrName}.value && '' != daterange${AttrName}.value) {
|
||||
queryParams.value.params["begin${AttrName}"] = daterange${AttrName}.value[0]
|
||||
queryParams.value.params["end${AttrName}"] = daterange${AttrName}.value[1]
|
||||
}
|
||||
|
||||
@@ -415,7 +415,7 @@ function getList() {
|
||||
#foreach ($column in $columns)
|
||||
#if($column.htmlType == "datetime" && $column.queryType == "BETWEEN")
|
||||
#set($AttrName=$column.javaField.substring(0,1).toUpperCase() + ${column.javaField.substring(1)})
|
||||
if (null != daterange${AttrName} && '' != daterange${AttrName}) {
|
||||
if (null != daterange${AttrName}.value && '' != daterange${AttrName}.value) {
|
||||
queryParams.value.params["begin${AttrName}"] = daterange${AttrName}.value[0]
|
||||
queryParams.value.params["end${AttrName}"] = daterange${AttrName}.value[1]
|
||||
}
|
||||
|
||||
@@ -131,11 +131,11 @@ public class ScheduleUtils
|
||||
int count = StringUtils.countMatches(packageName, ".");
|
||||
if (count > 1)
|
||||
{
|
||||
return StringUtils.containsAnyIgnoreCase(invokeTarget, Constants.JOB_WHITELIST_STR);
|
||||
return StringUtils.startsWithAny(invokeTarget, Constants.JOB_WHITELIST_STR);
|
||||
}
|
||||
Object obj = SpringUtils.getBean(StringUtils.split(invokeTarget, ".")[0]);
|
||||
String beanPackageName = obj.getClass().getPackage().getName();
|
||||
return StringUtils.containsAnyIgnoreCase(beanPackageName, Constants.JOB_WHITELIST_STR)
|
||||
&& !StringUtils.containsAnyIgnoreCase(beanPackageName, Constants.JOB_ERROR_STR);
|
||||
return StringUtils.startsWithAny(beanPackageName, Constants.JOB_WHITELIST_STR)
|
||||
&& !StringUtils.startsWithAny(beanPackageName, Constants.JOB_ERROR_STR);
|
||||
}
|
||||
}
|
||||
@@ -100,7 +100,7 @@ public class SysProfileController extends BaseController
|
||||
String oldPassword = params.get("oldPassword");
|
||||
String newPassword = params.get("newPassword");
|
||||
LoginUser loginUser = SecurityUtils.getLoginUser();
|
||||
String userName = loginUser.getUsername();
|
||||
Long userId = loginUser.getUserid();
|
||||
String password = loginUser.getSysUser().getPassword();
|
||||
if (!SecurityUtils.matchesPassword(oldPassword, password))
|
||||
{
|
||||
@@ -111,7 +111,7 @@ public class SysProfileController extends BaseController
|
||||
return error("新密码不能与旧密码相同");
|
||||
}
|
||||
newPassword = SecurityUtils.encryptPassword(newPassword);
|
||||
if (userService.resetUserPwd(userName, newPassword) > 0)
|
||||
if (userService.resetUserPwd(userId, newPassword) > 0)
|
||||
{
|
||||
// 更新缓存用户密码&密码最后更新时间
|
||||
loginUser.getSysUser().setPwdUpdateDate(DateUtils.getNowDate());
|
||||
@@ -143,8 +143,13 @@ public class SysProfileController extends BaseController
|
||||
return error("文件服务异常,请联系管理员");
|
||||
}
|
||||
String url = fileResult.getData().getUrl();
|
||||
if (userService.updateUserAvatar(loginUser.getUsername(), url))
|
||||
if (userService.updateUserAvatar(loginUser.getUserid(), url))
|
||||
{
|
||||
String oldAvatarUrl = loginUser.getSysUser().getAvatar();
|
||||
if (StringUtils.isNotEmpty(oldAvatarUrl))
|
||||
{
|
||||
remoteFileService.delete(oldAvatarUrl);
|
||||
}
|
||||
AjaxResult ajax = AjaxResult.success();
|
||||
ajax.put("imgUrl", url);
|
||||
// 更新缓存用户头像
|
||||
|
||||
@@ -6,6 +6,7 @@ import java.util.Set;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import org.springframework.util.CollectionUtils;
|
||||
import com.ruoyi.common.core.constant.Constants;
|
||||
import com.ruoyi.common.core.constant.UserConstants;
|
||||
import com.ruoyi.common.core.utils.StringUtils;
|
||||
import com.ruoyi.system.api.domain.SysRole;
|
||||
@@ -41,7 +42,7 @@ public class SysPermissionServiceImpl implements ISysPermissionService
|
||||
// 管理员拥有所有权限
|
||||
if (user.isAdmin())
|
||||
{
|
||||
roles.add("admin");
|
||||
roles.add(Constants.SUPER_ADMIN);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -63,7 +64,7 @@ public class SysPermissionServiceImpl implements ISysPermissionService
|
||||
// 管理员拥有所有权限
|
||||
if (user.isAdmin())
|
||||
{
|
||||
perms.add("*:*:*");
|
||||
perms.add(Constants.ALL_PERMISSION);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user