From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。

---
 Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java |   86 ++++++++++++++++++++++++++++++++++--------
 1 files changed, 69 insertions(+), 17 deletions(-)

diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java
index c854d94..06ddc94 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java
@@ -22,21 +22,25 @@
 import com.vci.ubcs.code.entity.CodeClassify;
 import com.vci.ubcs.code.mapper.CodeClassifyMapper;
 import com.vci.ubcs.code.service.ICodeClassifyService;
-import com.vci.ubcs.code.vo.CodeOsattributeVO;
 import com.vci.ubcs.code.vo.pagemodel.CodeClassifyVO;
-import com.vci.ubcs.code.vo.pagemodel.TreeQueryObject;
+import com.vci.ubcs.code.vo.pagemodel.CodeImProtRusultVO;
 import com.vci.ubcs.code.wrapper.CodeClassifyWrapper;
-import com.vci.ubcs.com.vci.starter.util.LocalFileUtil;
-import com.vci.ubcs.com.vci.starter.web.pagemodel.BaseQueryObject;
-import com.vci.ubcs.com.vci.starter.web.pagemodel.DataGrid;
-import com.vci.ubcs.com.vci.starter.web.pagemodel.Tree;
-import com.vci.ubcs.com.vci.starter.web.util.ControllerUtil;
-import com.vci.ubcs.com.vci.starter.web.util.LangBaseUtil;
-import com.vci.ubcs.com.vci.starter.web.util.VciBaseUtil;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
+import com.vci.ubcs.omd.vo.BtmTypeAttributeVO;
+import com.vci.ubcs.starter.revision.model.TreeQueryObject;
+import com.vci.ubcs.starter.util.LocalFileUtil;
+import com.vci.ubcs.starter.web.pagemodel.BaseQueryObject;
+import com.vci.ubcs.starter.web.pagemodel.DataGrid;
+import com.vci.ubcs.starter.web.pagemodel.Tree;
+import com.vci.ubcs.starter.web.util.ControllerUtil;
+import com.vci.ubcs.starter.web.util.LangBaseUtil;
+import com.vci.ubcs.starter.web.util.VciBaseUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import lombok.AllArgsConstructor;
+import lombok.extern.log4j.Log4j;
+import lombok.extern.log4j.Log4j2;
 import org.springblade.core.boot.ctrl.BladeController;
 import org.springblade.core.mp.support.Condition;
 import org.springblade.core.mp.support.Query;
@@ -44,9 +48,9 @@
 import org.springblade.core.tool.api.R;
 import org.springblade.core.tool.utils.Func;
 import org.springblade.core.tool.utils.StringUtil;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
-
 import javax.servlet.http.HttpServletResponse;
 import javax.validation.Valid;
 import java.io.File;
@@ -69,11 +73,19 @@
 @AllArgsConstructor
 @RequestMapping("/codeClassify")
 @Api(value = "涓婚搴撳畾涔夎〃", tags = "涓婚搴撳畾涔夎〃鎺ュ彛")
+@Log4j2
 public class CodeClassifyController extends BladeController {
 
 	private final ICodeClassifyService codeClassifyService;
 
 	CodeClassifyMapper codeClassifyMapper;
+
+	/**
+	 * 鏂囦欢瀹夊叏妫�鏌�
+	 */
+	@Autowired
+	private ComprehensiveFileValidator fileValidator;
+
 	/**
 	 * 涓婚搴撳畾涔夎〃 璇︽儏
 	 */
@@ -92,7 +104,7 @@
 	 */
 	@GetMapping("/treeCodeClassify")
 	public List<Tree> treeCodeClassify(TreeQueryObject treeQueryObject)  {
-		return  codeClassifyService. treeCodeClassify(treeQueryObject);
+		return codeClassifyService.treeCodeClassify(treeQueryObject);
 	}
 
 	/**
@@ -119,6 +131,7 @@
 
 	/**
 	 * 涓婚搴撳畾涔夎〃 鏂板
+	 * @param
 	 */
 	@PostMapping("/save")
 	@ApiOperationSupport(order = 4)
@@ -223,7 +236,7 @@
 	 * @return 涓婚搴撳垎绫绘樉绀烘爲
 	 */
 	@GetMapping("/referTree")
-	public List<Tree> referTree(@RequestBody TreeQueryObject treeQueryObject)  {
+	public List<Tree> referTree(TreeQueryObject treeQueryObject)  {
 		return codeClassifyService.referTree(treeQueryObject);
 	}
 
@@ -272,6 +285,12 @@
 	 */
 	@PostMapping("/importClassify")
 	public R importClassify(MultipartFile file) {
+		// 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+		ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+		if (!result.isValid()) {
+			return R.fail(result.getMessage());
+		}
+
 		String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + LocalFileUtil.getFileNameForIE(file.getOriginalFilename());
 		File file1 = new File(excelFileName);
 		try {
@@ -279,12 +298,16 @@
 			codeClassifyService.importClassify(file1);
 			return R.success("瀵煎叆鎴愬姛锛�");
 		}catch (Throwable e) {
+			log.error("瀵煎叆閿欒",e);
 			String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒淇℃伅.txt";
 			LocalFileUtil.writeContentToFile(LangBaseUtil.getErrorMsg(e),errorFile);
-			//鏀惧埌map閲�
-//			R result = R.fail("瀵煎叆澶辫触");
-//			result.(ControllerUtil.putErrorFile(errorFile));
-			return R.data(400,errorFile,"瀵煎叆澶辫触");
+			CodeImProtRusultVO codeImProtRusultVO =new CodeImProtRusultVO();
+			codeImProtRusultVO.setRedisUuid("");
+			codeImProtRusultVO.setFileOid(ControllerUtil.putErrorFile(errorFile));
+			codeImProtRusultVO.setFilePath(errorFile);
+			R r = R.fail("瀵煎叆澶辫触");
+			r.setData(codeImProtRusultVO);
+			return r;
 		}finally {
 			file1.delete();
 		}
@@ -307,8 +330,19 @@
 	 * @return 灞炴�х殑淇℃伅锛屽寘鍚粯璁ょ殑灞炴��
 	 */
 	@GetMapping("/listClassifyLinkAttr")
-	public DataGrid<CodeOsattributeVO> listClassifyLinkAttr(BaseQueryObject baseQueryObject){
+	public DataGrid<BtmTypeAttributeVO> listClassifyLinkAttr(BaseQueryObject baseQueryObject){
 		return codeClassifyService.listClassifyLinkAttr(baseQueryObject);
+	}
+
+	/**
+	 * 涓婚敭鑾峰彇涓婚搴撳垎绫�
+	 * @param oid 涓婚敭
+	 * @return 涓婚搴撳垎绫绘樉绀哄璞�
+	 */
+	@GetMapping("/getObjectByOid")
+	public R<CodeClassifyVO> getObjectByOid(String oid){
+		CodeClassifyVO codeClassifyVO = codeClassifyService.getObjectByOid(oid);
+		return R.data(codeClassifyVO);
 	}
 
 	/**
@@ -330,4 +364,22 @@
 	public List<Tree> treeTopCodeClassify(TreeQueryObject treeQueryObject){
 		return codeClassifyService.treeTopCodeClassify(treeQueryObject);
 	}
+
+	/**
+	 * 涓婚搴撳畾涔夎〃 璇︽儏
+	 */
+	@GetMapping("/getObjectByClsfNamePath")
+	public R<CodeClassifyVO> getObjectByClsfNamePath(String  clsfNamePath) {
+		CodeClassifyVO codeClassifyVO = codeClassifyService.getObjectByClsfNamePath(clsfNamePath);
+		return R.data(codeClassifyVO);
+	}
+
+	/**
+	 * 娴佹按渚濊禆鐢熸垚
+	 */
+	@GetMapping("/flowingDependencyGen")
+	public R flowingDependencyGen(String classifyOid)  {
+		return codeClassifyService.flowingDependencyGen(classifyOid);
+	}
+
 }

--
Gitblit v1.9.3