From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java | 188 +++++++++++++++++++++++++++++++++++++++++++----
1 files changed, 172 insertions(+), 16 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
index e4e3328..623570c 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
@@ -1,6 +1,5 @@
package com.vci.ubcs.code.controller;
-
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.utils.StringUtils;
import com.baomidou.mybatisplus.core.metadata.IPage;
@@ -11,6 +10,7 @@
import com.vci.ubcs.code.service.MdmEngineService;
import com.vci.ubcs.code.service.MdmIOService;
import com.vci.ubcs.code.vo.pagemodel.*;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
import com.vci.ubcs.flow.core.dto.FlowStatusDTO;
import com.vci.ubcs.starter.annotation.VciBusinessLog;
import com.vci.ubcs.starter.revision.model.BaseModel;
@@ -33,11 +33,9 @@
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
-import java.rmi.ServerException;
import java.util.*;
@RestController
-//@AllArgsConstructor
@RequestMapping("/mdmEngineController")
@Api(value = "缂栫爜鏁版嵁绠$悊", tags = "缂栫爜鏁版嵁绠$悊")
public class MdmEngineController {
@@ -46,21 +44,31 @@
* 鏃ュ織
*/
private Logger logger = LoggerFactory.getLogger(getClass());
+
/**
* 涓绘暟鎹紩鎿庢湇鍔�
*/
@Autowired
private MdmEngineService engineService;
+
/**
* 涓绘暟鎹鍏ュ鍑烘湇鍔�
*/
@Autowired
private MdmIOService mdmIOService;
+
/**
* 鏃ュ織淇濆瓨宸ュ叿绫�
*/
@Autowired
private SaveLogUtil saveLogUtil;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ @Autowired
+ private ComprehensiveFileValidator fileValidator;
+
/**
* 涓嬭浇鎵归噺鐢宠鐨勫鍏ユā鏉�
@@ -81,6 +89,77 @@
msg = "鏈煡閿欒";
}
ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
+ }
+ }
+
+ /**
+ * 涓嬭浇鎵归噺鐢宠鐨勫鍏ユā鏉�
+ * @param codeClassifyOid 鍒嗙被鐨勪富閿�
+ * @param response 鍝嶅簲瀵硅薄
+ * @throws IOException 鎶涘嚭寮傚父
+ */
+ @GetMapping("/downloadExcelBatchEdit")
+ @VciBusinessLog(operateName = "涓嬭浇鎵归噺鐢宠缂栫爜鐨勫鍏ユā鏉�")
+ public void downloadImportExcelBatchEdit(String codeClassifyOid, HttpServletResponse response) throws IOException{
+ String excelName = mdmIOService.downloadImportExcelBatchEdit(codeClassifyOid);
+ try {
+ ControllerUtil.writeFileToResponse(response,excelName);
+ } catch (Throwable e) {
+ //濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
+ String msg = LangBaseUtil.getErrorMsg(e);
+ if(StringUtils.isBlank(msg)){
+ msg = "鏈煡閿欒";
+ }
+ ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
+ }
+ }
+
+ /**
+ * 瀵煎叆鎵归噺缂栬緫鏁版嵁
+ * @param codeClassifyOid 鍒嗙被鐨勪富閿�
+ * @param classifyAttr 鍒嗙被璺緞浣跨敤鐨勫睘鎬�
+ * @param file 鏂囦欢鐨勫唴瀹�
+ */
+ @VciBusinessLog(operateName = "瀵煎叆鎵归噺缂栬緫鏁版嵁")
+ @PostMapping("/batchImportEdit")
+ public R batchImportEdit(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
+ String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
+ File file1 = new File(excelFileName);
+ try {
+ file.transferTo(new File(excelFileName));
+ CodeImProtRusultVO codeImProtRusultVO =mdmIOService.batchImportEdit(codeClassifyOid, classifyAttr,file1);
+ if(StringUtils.isNotBlank(codeImProtRusultVO.getFilePath())||StringUtils.isNotBlank(codeImProtRusultVO.getRedisUuid())){
+ //鏀惧埌map閲�
+ R result = R.fail("瀵煎叆澶辫触");
+ if(StringUtils.isNotBlank(codeImProtRusultVO.getFilePath())) {
+ String filedUUid = ControllerUtil.putErrorFile(codeImProtRusultVO.getFilePath());
+ codeImProtRusultVO.setFileOid(filedUUid);
+ }
+ result.setData(codeImProtRusultVO);
+ return result;
+ }else {
+ return R.success("鎿嶄綔鎴愬姛锛�");
+ }
+ }catch (Throwable e) {
+ logger.error("瀵煎叆閿欒",e);
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(LangBaseUtil.getErrorMsg(e),errorFile);
+ String uuid=ControllerUtil.putErrorFile(errorFile);
+ CodeImProtRusultVO codeImProtRusultVO =new CodeImProtRusultVO();
+ codeImProtRusultVO.setRedisUuid("");
+ codeImProtRusultVO.setFileOid(uuid);
+ codeImProtRusultVO.setFilePath(errorFile);
+ R r = R.fail("瀵煎叆澶辫触");
+ r.setData(codeImProtRusultVO);
+ return r;
+ }finally {
+ file1.delete();
}
}
@@ -113,8 +192,8 @@
@VciBusinessLog(operateName = "瀵煎嚭涓婚搴撶殑鏁版嵁")
@PostMapping("/exportCode")
public void exportCode(CodeExportAttrDTO exportAttrDTO, HttpServletResponse response) throws IOException {
- String excelName = mdmIOService.exportCode(exportAttrDTO);
try {
+ String excelName = mdmIOService.exportCode(exportAttrDTO);
ControllerUtil.writeFileToResponse(response,excelName);
} catch (Throwable e) {
//濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
@@ -156,6 +235,12 @@
@VciBusinessLog(operateName = "鎵归噺鐢宠缂栫爜鐨勪俊鎭�")
@PostMapping("/batchImportCode")
public R batchImportCode(String secDTOList, String codeClassifyOid, MultipartFile file, HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
CodeOrderDTO orderDTO = new CodeOrderDTO();
orderDTO.setCodeClassifyOid(codeClassifyOid);
if(StringUtils.isNotBlank(secDTOList)){
@@ -207,6 +292,12 @@
@VciBusinessLog(operateName = "瀵煎叆缂栫爜鐨勫巻鍙叉暟鎹�")
@PostMapping("/batchImportHistoryData")
public R batchImportHistoryData(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -250,6 +341,12 @@
@VciBusinessLog(operateName = "鎵归噺鐢宠缂栫爜鐨勪俊鎭�")
@PostMapping("/batchTopImportCode")
public R batchTopImportCode(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -293,7 +390,7 @@
* @param baseModelDTO 鏁版嵁浼犺緭瀵硅薄
* @return 鎵ц缁撴灉
*/
- @PostMapping("changeStatus")
+ @PostMapping("/changeStatus")
public R changeStatus(@RequestBody BaseModelDTO baseModelDTO) {
engineService.changeStatus(baseModelDTO);
return R.success("鎿嶄綔鎴愬姛锛�");
@@ -399,7 +496,7 @@
return engineService.gridTableDataByClassifyOid(codeClassifyOid,templateOid,queryObject.getConditionMap(),queryObject.getPageHelper());
}
- /***
+ /**
* 鑾峰彇鍒嗙被瀵硅薄
* @param redisOid
* @return
@@ -410,7 +507,7 @@
return R.data(codeImportTemplateVOs);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆姝g‘鐨勬暟鎹�
* @param codeClassifyOid
* @param redisOid
@@ -421,7 +518,7 @@
return mdmIOService.gridDatas(codeClassifyOid,redisOid);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆琛岀浉浼奸」鐨勬暟鎹�
* @param dataOid
* @param redisOid
@@ -432,7 +529,7 @@
return mdmIOService.gridRowResemble(dataOid,redisOid);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆鍏锋湁鐩镐技椤圭殑鏁版嵁
* @param codeClassifyOid
* @param redisOid
@@ -443,7 +540,7 @@
return mdmIOService.gridDatas(codeClassifyOid,redisOid);
}
- /***
+ /**
* 瀵煎叆鏁版嵁
* @param codeImprotSaveDatVO//鏁版嵁瀵硅薄
* @return
@@ -453,7 +550,7 @@
return mdmIOService.batchImportData(codeImprotSaveDatVO.getCodeImprotSaveDatVOList(),codeImprotSaveDatVO.getClassifyAttr(),codeImprotSaveDatVO.getImprot());
}
- /***
+ /**
* 鏍规嵁鏁版嵁oid浠庣紦瀛樹腑绉婚櫎鏁版嵁
* @param redisOid redisid
* @param codeClassifyOid 瀛樺偍瑙勫垯鐨刼id
@@ -608,7 +705,7 @@
* @param idPath 缂栧彿鐨勮矾寰�
* @return UI鐩稿叧鐨勪俊鎭紙浠呭寘鍚〃鍗�)
*/
-// @VciUnCheckRight
+ // @VciUnCheckRight
@GetMapping("/getFormDefineByClassifyIdPath")
public MdmUIInfoVO getFormDefineByClassifyIdPath(String idPath){
return engineService.getFormDefineByClassifyIdPath(idPath);
@@ -663,7 +760,7 @@
* @return UI鐩稿叧鐨勪俊鎭紙浠呭寘鍚〃鏍硷級
*/
@GetMapping("/getFlowdUIInfoByClassifyOid")
- public MdmUIInfoVO getUIInfoByClassifyOid(String codeClassifyOid,String functionId,String templateId,String taskId,String modelKey){
+ public MdmUIInfoVO getFlowUIInfoByClassifyOid(String codeClassifyOid,String functionId,String templateId,String taskId,String modelKey){
return engineService.getFlowUIInfoByClassifyOid(codeClassifyOid,functionId,templateId,taskId,modelKey);
}
@@ -778,17 +875,76 @@
*/
@GetMapping("/exportGroupCodeExcel")
@VciBusinessLog(operateName = "瀵煎嚭闆嗗洟鐮�")
- public void exportGroupCodeExcel(String codeClassifyOid, HttpServletResponse response) throws IOException{
-
+ public void exportGroupCodeExcel(String codeClassifyOid, HttpServletResponse response) throws IOException {
try {
String excelName = mdmIOService.exportGroupCodeExcel(codeClassifyOid);
+ ControllerUtil.writeFileToResponse(response,excelName);
} catch (Throwable e) {
//濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
String msg = LangBaseUtil.getErrorMsg(e);
if(StringUtils.isBlank(msg)){
msg = "鏈煡閿欒";
}
- ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(msg,errorFile);
+ ControllerUtil.writeFileToResponse(response,errorFile);
+ // return R.fail(msg);
}
+ // return R.status(true);
+ }
+
+ /**
+ * 闆嗗洟鐮佸鍏�
+ * @param codeClassifyOid
+ * @param file
+ * @param response
+ * @return
+ */
+ @PostMapping("/importGroupCode")
+ public R importGroupCode(String codeClassifyOid,MultipartFile file,HttpServletResponse response){
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
+
+ String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
+ File file1 = new File(excelFileName);
+ try {
+ file.transferTo(new File(excelFileName));
+ String excelName=mdmIOService.importGroupCode(codeClassifyOid,file1);
+ if(StringUtils.isNotBlank(excelName)) {
+ ControllerUtil.writeFileToResponse(response,excelName);
+ return R.fail("闆嗗洟鐮佸鍏ュ嚭鐜伴棶棰橈紝璇锋煡鐪嬫枃浠�");
+ }else{
+ return R.status(true);
+ }
+ }catch (Throwable e) {
+ logger.error("瀵煎叆閿欒",e);
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(LangBaseUtil.getErrorMsg(e),errorFile);
+ String uuid=ControllerUtil.putErrorFile(errorFile);
+ CodeImProtRusultVO codeImProtRusultVO =new CodeImProtRusultVO();
+ codeImProtRusultVO.setRedisUuid("");
+ codeImProtRusultVO.setFileOid(uuid);
+ codeImProtRusultVO.setFilePath(errorFile);
+ R r = R.fail("闆嗗洟鐮佸鍏ュけ璐�");
+ r.setData(codeImProtRusultVO);
+ return r;
+ }finally {
+ file1.delete();
+ }
+
+ }
+
+ /**
+ * 鑾峰彇缁熻鍒嗘瀽鏁版嵁
+ * @param btmNames 涓氬姟绫诲瀷
+ * @return
+ */
+ @GetMapping("/getStatisticAnalysis")
+ @VciBusinessLog(operateName = "鑾峰彇缁熻鍒嗘瀽鏁版嵁")
+ public R getStatisticAnalysis(String btmNames) {
+ return engineService.getStatisticAnalysis(btmNames);
}
}
--
Gitblit v1.9.3