From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java | 111 ++++++++++++++++++++++++++++++++++++++++---------------
1 files changed, 80 insertions(+), 31 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java
index 8232b33..06ddc94 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/CodeClassifyController.java
@@ -18,40 +18,41 @@
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.toolkit.SqlHelper;
+import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
import com.vci.ubcs.code.entity.CodeClassify;
import com.vci.ubcs.code.mapper.CodeClassifyMapper;
-import com.vci.ubcs.code.vo.CodeOsattributeVO;
+import com.vci.ubcs.code.service.ICodeClassifyService;
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyVO;
-import com.vci.ubcs.code.vo.pagemodel.TreeQueryObject;
-import com.vci.ubcs.com.vci.starter.util.LocalFileUtil;
-import com.vci.ubcs.com.vci.starter.web.pagemodel.BaseQueryObject;
-import com.vci.ubcs.com.vci.starter.web.pagemodel.DataGrid;
-import com.vci.ubcs.com.vci.starter.web.pagemodel.Tree;
-import com.vci.ubcs.com.vci.starter.web.util.ControllerUtil;
-import com.vci.ubcs.com.vci.starter.web.util.LangBaseUtil;
-import com.vci.ubcs.com.vci.starter.web.util.VciBaseUtil;
+import com.vci.ubcs.code.vo.pagemodel.CodeImProtRusultVO;
+import com.vci.ubcs.code.wrapper.CodeClassifyWrapper;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
+import com.vci.ubcs.omd.vo.BtmTypeAttributeVO;
+import com.vci.ubcs.starter.revision.model.TreeQueryObject;
+import com.vci.ubcs.starter.util.LocalFileUtil;
+import com.vci.ubcs.starter.web.pagemodel.BaseQueryObject;
+import com.vci.ubcs.starter.web.pagemodel.DataGrid;
+import com.vci.ubcs.starter.web.pagemodel.Tree;
+import com.vci.ubcs.starter.web.util.ControllerUtil;
+import com.vci.ubcs.starter.web.util.LangBaseUtil;
+import com.vci.ubcs.starter.web.util.VciBaseUtil;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
-import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
import lombok.AllArgsConstructor;
-
-import javax.servlet.http.HttpServletResponse;
-import javax.validation.Valid;
-
+import lombok.extern.log4j.Log4j;
+import lombok.extern.log4j.Log4j2;
+import org.springblade.core.boot.ctrl.BladeController;
import org.springblade.core.mp.support.Condition;
import org.springblade.core.mp.support.Query;
import org.springblade.core.secure.utils.AuthUtil;
-import org.springblade.core.tool.api.IResultCode;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.utils.Func;
import org.springblade.core.tool.utils.StringUtil;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
-import com.vci.ubcs.code.wrapper.CodeClassifyWrapper;
-import com.vci.ubcs.code.service.ICodeClassifyService;
-import org.springblade.core.boot.ctrl.BladeController;
import org.springframework.web.multipart.MultipartFile;
-
+import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@@ -70,13 +71,21 @@
*/
@RestController
@AllArgsConstructor
-@RequestMapping("ubcs-code/codeClassify")
+@RequestMapping("/codeClassify")
@Api(value = "涓婚搴撳畾涔夎〃", tags = "涓婚搴撳畾涔夎〃鎺ュ彛")
+@Log4j2
public class CodeClassifyController extends BladeController {
private final ICodeClassifyService codeClassifyService;
CodeClassifyMapper codeClassifyMapper;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ @Autowired
+ private ComprehensiveFileValidator fileValidator;
+
/**
* 涓婚搴撳畾涔夎〃 璇︽儏
*/
@@ -95,7 +104,7 @@
*/
@GetMapping("/treeCodeClassify")
public List<Tree> treeCodeClassify(TreeQueryObject treeQueryObject) {
- return codeClassifyService. treeCodeClassify(treeQueryObject);
+ return codeClassifyService.treeCodeClassify(treeQueryObject);
}
/**
@@ -122,6 +131,7 @@
/**
* 涓婚搴撳畾涔夎〃 鏂板
+ * @param
*/
@PostMapping("/save")
@ApiOperationSupport(order = 4)
@@ -175,7 +185,7 @@
* @return 鎵ц缁撴灉 success涓簍rue涓哄彲浠ュ垹闄わ紝false琛ㄧず鏈夋暟鎹紩鐢�
*/
@PostMapping( "/checkIsCanDelete")
- public R checkIsCanDelete(CodeClassify codeClassify) {
+ public R checkIsCanDelete(@Valid @RequestBody CodeClassify codeClassify) {
return codeClassifyService.checkIsCanDelete(codeClassify);
}
@@ -185,7 +195,7 @@
* @return 鍒犻櫎缁撴灉鍙嶉锛氾細success锛氭垚鍔燂紝fail锛氬け璐�
*/
@DeleteMapping( "/deleteData")
- public R delCodeClassify(CodeClassify codeClassify) {
+ public R delCodeClassify(@Valid @RequestBody CodeClassify codeClassify) {
return codeClassifyService.deleteCodeClassify(codeClassify);
}
@@ -195,7 +205,7 @@
* @return
*/
@PostMapping( "/enableData")
- public R enable(CodeClassify codeClassify) {
+ public R enable(@Valid @RequestBody CodeClassify codeClassify) {
return codeClassifyService.updateLcStatus(codeClassify.getOid(),FRAMEWORK_DATA_ENABLED);
}
@@ -205,7 +215,7 @@
* @return
*/
@PostMapping( "/disableData")
- public R disable(CodeClassify codeClassify) {
+ public R disable(@Valid @RequestBody CodeClassify codeClassify) {
return codeClassifyService.updateLcStatus(codeClassify.getOid(),FRAMEWORK_DATA_DISABLED);
}
@@ -235,7 +245,7 @@
* @param oid 鍒嗙被涓婚敭
*/
@GetMapping("/exportClassify")
- public void exportClassify(String oid, HttpServletResponse response) throws IOException {
+ public void exportClassify(@ApiParam(value = "涓婚敭", required = true) @RequestParam String oid, HttpServletResponse response) throws IOException {
String excelName = codeClassifyService.exportClassify(oid);
try {
ControllerUtil.writeFileToResponse(response,excelName);
@@ -275,6 +285,12 @@
*/
@PostMapping("/importClassify")
public R importClassify(MultipartFile file) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + LocalFileUtil.getFileNameForIE(file.getOriginalFilename());
File file1 = new File(excelFileName);
try {
@@ -282,12 +298,16 @@
codeClassifyService.importClassify(file1);
return R.success("瀵煎叆鎴愬姛锛�");
}catch (Throwable e) {
+ log.error("瀵煎叆閿欒",e);
String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒淇℃伅.txt";
LocalFileUtil.writeContentToFile(LangBaseUtil.getErrorMsg(e),errorFile);
- //鏀惧埌map閲�
-// R result = R.fail("瀵煎叆澶辫触");
-// result.(ControllerUtil.putErrorFile(errorFile));
- return R.data(400,errorFile,"瀵煎叆澶辫触");
+ CodeImProtRusultVO codeImProtRusultVO =new CodeImProtRusultVO();
+ codeImProtRusultVO.setRedisUuid("");
+ codeImProtRusultVO.setFileOid(ControllerUtil.putErrorFile(errorFile));
+ codeImProtRusultVO.setFilePath(errorFile);
+ R r = R.fail("瀵煎叆澶辫触");
+ r.setData(codeImProtRusultVO);
+ return r;
}finally {
file1.delete();
}
@@ -310,8 +330,19 @@
* @return 灞炴�х殑淇℃伅锛屽寘鍚粯璁ょ殑灞炴��
*/
@GetMapping("/listClassifyLinkAttr")
- public DataGrid<CodeOsattributeVO> listClassifyLinkAttr(BaseQueryObject baseQueryObject){
+ public DataGrid<BtmTypeAttributeVO> listClassifyLinkAttr(BaseQueryObject baseQueryObject){
return codeClassifyService.listClassifyLinkAttr(baseQueryObject);
+ }
+
+ /**
+ * 涓婚敭鑾峰彇涓婚搴撳垎绫�
+ * @param oid 涓婚敭
+ * @return 涓婚搴撳垎绫绘樉绀哄璞�
+ */
+ @GetMapping("/getObjectByOid")
+ public R<CodeClassifyVO> getObjectByOid(String oid){
+ CodeClassifyVO codeClassifyVO = codeClassifyService.getObjectByOid(oid);
+ return R.data(codeClassifyVO);
}
/**
@@ -333,4 +364,22 @@
public List<Tree> treeTopCodeClassify(TreeQueryObject treeQueryObject){
return codeClassifyService.treeTopCodeClassify(treeQueryObject);
}
+
+ /**
+ * 涓婚搴撳畾涔夎〃 璇︽儏
+ */
+ @GetMapping("/getObjectByClsfNamePath")
+ public R<CodeClassifyVO> getObjectByClsfNamePath(String clsfNamePath) {
+ CodeClassifyVO codeClassifyVO = codeClassifyService.getObjectByClsfNamePath(clsfNamePath);
+ return R.data(codeClassifyVO);
+ }
+
+ /**
+ * 娴佹按渚濊禆鐢熸垚
+ */
+ @GetMapping("/flowingDependencyGen")
+ public R flowingDependencyGen(String classifyOid) {
+ return codeClassifyService.flowingDependencyGen(classifyOid);
+ }
+
}
--
Gitblit v1.9.3