From 17925215d37dd97d744c9296b185aeb16d3e44fb Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 20:06:12 +0800
Subject: [PATCH] URL请求路径安全校验

---
 Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java |   19 ++++++++++++++++---
 1 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
index 9bfdd3c..bf38725 100644
--- a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
+++ b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
@@ -21,6 +21,7 @@
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
 import com.vci.ubcs.system.cache.NacosConfigCache;
 import com.vci.ubcs.system.user.entity.User;
 import com.vci.ubcs.system.user.excel.UserExcel;
@@ -32,8 +33,7 @@
 import io.swagger.annotations.ApiParam;
 import lombok.AllArgsConstructor;
 import com.vci.ubcs.common.cache.CacheNames;
-import org.apache.ibatis.annotations.Param;
-import org.hibernate.validator.internal.util.logging.Log;
+import lombok.extern.slf4j.Slf4j;
 import org.springblade.core.cache.utils.CacheUtil;
 import org.springblade.core.excel.util.ExcelUtil;
 import org.springblade.core.mp.support.Condition;
@@ -50,6 +50,7 @@
 import org.springblade.core.tool.utils.StringUtil;
 import com.vci.ubcs.system.user.service.IUserService;
 import com.vci.ubcs.system.user.vo.UserVO;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
 import springfox.documentation.annotations.ApiIgnore;
@@ -71,12 +72,19 @@
 @RestController
 @RequestMapping
 @AllArgsConstructor
-@lombok.extern.java.Log
+@Slf4j
 public class UserController {
 
 	private final IUserService userService;
+
 	private final BladeRedis bladeRedis;
+
 	private final NacosConfigCache nacosConfigCache;
+
+	/**
+	 * 鏂囦欢瀹夊叏妫�鏌�
+	 */
+	private ComprehensiveFileValidator fileValidator;
 
 	/**
 	 * 鏌ヨ鍗曟潯
@@ -263,6 +271,11 @@
 	@ApiOperationSupport(order = 12)
 	@ApiOperation(value = "瀵煎叆鐢ㄦ埛", notes = "浼犲叆excel")
 	public R importUser(MultipartFile file, Integer isCovered) {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+		if (!result.isValid()) {
+			return R.fail(result.getMessage());
+		}
 		UserImporter userImporter = new UserImporter(userService, isCovered == 1);
 		ExcelUtil.save(file, userImporter, UserExcel.class);
 		return R.success("鎿嶄綔鎴愬姛");

--
Gitblit v1.9.3