From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java | 98 ++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 76 insertions(+), 22 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
index 061a6b4..623570c 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
@@ -1,6 +1,5 @@
package com.vci.ubcs.code.controller;
-
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.utils.StringUtils;
import com.baomidou.mybatisplus.core.metadata.IPage;
@@ -11,6 +10,7 @@
import com.vci.ubcs.code.service.MdmEngineService;
import com.vci.ubcs.code.service.MdmIOService;
import com.vci.ubcs.code.vo.pagemodel.*;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
import com.vci.ubcs.flow.core.dto.FlowStatusDTO;
import com.vci.ubcs.starter.annotation.VciBusinessLog;
import com.vci.ubcs.starter.revision.model.BaseModel;
@@ -33,11 +33,9 @@
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
-import java.rmi.ServerException;
import java.util.*;
@RestController
-//@AllArgsConstructor
@RequestMapping("/mdmEngineController")
@Api(value = "缂栫爜鏁版嵁绠$悊", tags = "缂栫爜鏁版嵁绠$悊")
public class MdmEngineController {
@@ -46,21 +44,31 @@
* 鏃ュ織
*/
private Logger logger = LoggerFactory.getLogger(getClass());
+
/**
* 涓绘暟鎹紩鎿庢湇鍔�
*/
@Autowired
private MdmEngineService engineService;
+
/**
* 涓绘暟鎹鍏ュ鍑烘湇鍔�
*/
@Autowired
private MdmIOService mdmIOService;
+
/**
* 鏃ュ織淇濆瓨宸ュ叿绫�
*/
@Autowired
private SaveLogUtil saveLogUtil;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ @Autowired
+ private ComprehensiveFileValidator fileValidator;
+
/**
* 涓嬭浇鎵归噺鐢宠鐨勫鍏ユā鏉�
@@ -106,7 +114,6 @@
}
}
-
/**
* 瀵煎叆鎵归噺缂栬緫鏁版嵁
* @param codeClassifyOid 鍒嗙被鐨勪富閿�
@@ -116,6 +123,12 @@
@VciBusinessLog(operateName = "瀵煎叆鎵归噺缂栬緫鏁版嵁")
@PostMapping("/batchImportEdit")
public R batchImportEdit(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -179,8 +192,8 @@
@VciBusinessLog(operateName = "瀵煎嚭涓婚搴撶殑鏁版嵁")
@PostMapping("/exportCode")
public void exportCode(CodeExportAttrDTO exportAttrDTO, HttpServletResponse response) throws IOException {
- String excelName = mdmIOService.exportCode(exportAttrDTO);
try {
+ String excelName = mdmIOService.exportCode(exportAttrDTO);
ControllerUtil.writeFileToResponse(response,excelName);
} catch (Throwable e) {
//濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
@@ -222,6 +235,12 @@
@VciBusinessLog(operateName = "鎵归噺鐢宠缂栫爜鐨勪俊鎭�")
@PostMapping("/batchImportCode")
public R batchImportCode(String secDTOList, String codeClassifyOid, MultipartFile file, HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
CodeOrderDTO orderDTO = new CodeOrderDTO();
orderDTO.setCodeClassifyOid(codeClassifyOid);
if(StringUtils.isNotBlank(secDTOList)){
@@ -273,6 +292,12 @@
@VciBusinessLog(operateName = "瀵煎叆缂栫爜鐨勫巻鍙叉暟鎹�")
@PostMapping("/batchImportHistoryData")
public R batchImportHistoryData(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -316,6 +341,12 @@
@VciBusinessLog(operateName = "鎵归噺鐢宠缂栫爜鐨勪俊鎭�")
@PostMapping("/batchTopImportCode")
public R batchTopImportCode(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -359,7 +390,7 @@
* @param baseModelDTO 鏁版嵁浼犺緭瀵硅薄
* @return 鎵ц缁撴灉
*/
- @PostMapping("changeStatus")
+ @PostMapping("/changeStatus")
public R changeStatus(@RequestBody BaseModelDTO baseModelDTO) {
engineService.changeStatus(baseModelDTO);
return R.success("鎿嶄綔鎴愬姛锛�");
@@ -465,7 +496,7 @@
return engineService.gridTableDataByClassifyOid(codeClassifyOid,templateOid,queryObject.getConditionMap(),queryObject.getPageHelper());
}
- /***
+ /**
* 鑾峰彇鍒嗙被瀵硅薄
* @param redisOid
* @return
@@ -476,7 +507,7 @@
return R.data(codeImportTemplateVOs);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆姝g‘鐨勬暟鎹�
* @param codeClassifyOid
* @param redisOid
@@ -487,7 +518,7 @@
return mdmIOService.gridDatas(codeClassifyOid,redisOid);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆琛岀浉浼奸」鐨勬暟鎹�
* @param dataOid
* @param redisOid
@@ -498,7 +529,7 @@
return mdmIOService.gridRowResemble(dataOid,redisOid);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆鍏锋湁鐩镐技椤圭殑鏁版嵁
* @param codeClassifyOid
* @param redisOid
@@ -509,7 +540,7 @@
return mdmIOService.gridDatas(codeClassifyOid,redisOid);
}
- /***
+ /**
* 瀵煎叆鏁版嵁
* @param codeImprotSaveDatVO//鏁版嵁瀵硅薄
* @return
@@ -519,7 +550,7 @@
return mdmIOService.batchImportData(codeImprotSaveDatVO.getCodeImprotSaveDatVOList(),codeImprotSaveDatVO.getClassifyAttr(),codeImprotSaveDatVO.getImprot());
}
- /***
+ /**
* 鏍规嵁鏁版嵁oid浠庣紦瀛樹腑绉婚櫎鏁版嵁
* @param redisOid redisid
* @param codeClassifyOid 瀛樺偍瑙勫垯鐨刼id
@@ -674,7 +705,7 @@
* @param idPath 缂栧彿鐨勮矾寰�
* @return UI鐩稿叧鐨勪俊鎭紙浠呭寘鍚〃鍗�)
*/
-// @VciUnCheckRight
+ // @VciUnCheckRight
@GetMapping("/getFormDefineByClassifyIdPath")
public MdmUIInfoVO getFormDefineByClassifyIdPath(String idPath){
return engineService.getFormDefineByClassifyIdPath(idPath);
@@ -729,7 +760,7 @@
* @return UI鐩稿叧鐨勪俊鎭紙浠呭寘鍚〃鏍硷級
*/
@GetMapping("/getFlowdUIInfoByClassifyOid")
- public MdmUIInfoVO getUIInfoByClassifyOid(String codeClassifyOid,String functionId,String templateId,String taskId,String modelKey){
+ public MdmUIInfoVO getFlowUIInfoByClassifyOid(String codeClassifyOid,String functionId,String templateId,String taskId,String modelKey){
return engineService.getFlowUIInfoByClassifyOid(codeClassifyOid,functionId,templateId,taskId,modelKey);
}
@@ -844,7 +875,7 @@
*/
@GetMapping("/exportGroupCodeExcel")
@VciBusinessLog(operateName = "瀵煎嚭闆嗗洟鐮�")
- public R exportGroupCodeExcel(String codeClassifyOid, HttpServletResponse response) throws IOException{
+ public void exportGroupCodeExcel(String codeClassifyOid, HttpServletResponse response) throws IOException {
try {
String excelName = mdmIOService.exportGroupCodeExcel(codeClassifyOid);
ControllerUtil.writeFileToResponse(response,excelName);
@@ -854,13 +885,15 @@
if(StringUtils.isBlank(msg)){
msg = "鏈煡閿欒";
}
- return R.fail(msg);
- // ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(msg,errorFile);
+ ControllerUtil.writeFileToResponse(response,errorFile);
+ // return R.fail(msg);
}
- return R.status(true);
+ // return R.status(true);
}
- /***
+ /**
* 闆嗗洟鐮佸鍏�
* @param codeClassifyOid
* @param file
@@ -869,13 +902,23 @@
*/
@PostMapping("/importGroupCode")
public R importGroupCode(String codeClassifyOid,MultipartFile file,HttpServletResponse response){
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
file.transferTo(new File(excelFileName));
- mdmIOService.importGroupCode(codeClassifyOid,file1);
- return R.success("鎿嶄綔鎴愬姛锛�");
+ String excelName=mdmIOService.importGroupCode(codeClassifyOid,file1);
+ if(StringUtils.isNotBlank(excelName)) {
+ ControllerUtil.writeFileToResponse(response,excelName);
+ return R.fail("闆嗗洟鐮佸鍏ュ嚭鐜伴棶棰橈紝璇锋煡鐪嬫枃浠�");
+ }else{
+ return R.status(true);
+ }
}catch (Throwable e) {
logger.error("瀵煎叆閿欒",e);
String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
@@ -885,7 +928,7 @@
codeImProtRusultVO.setRedisUuid("");
codeImProtRusultVO.setFileOid(uuid);
codeImProtRusultVO.setFilePath(errorFile);
- R r = R.fail("瀵煎叆澶辫触");
+ R r = R.fail("闆嗗洟鐮佸鍏ュけ璐�");
r.setData(codeImProtRusultVO);
return r;
}finally {
@@ -893,4 +936,15 @@
}
}
+
+ /**
+ * 鑾峰彇缁熻鍒嗘瀽鏁版嵁
+ * @param btmNames 涓氬姟绫诲瀷
+ * @return
+ */
+ @GetMapping("/getStatisticAnalysis")
+ @VciBusinessLog(operateName = "鑾峰彇缁熻鍒嗘瀽鏁版嵁")
+ public R getStatisticAnalysis(String btmNames) {
+ return engineService.getStatisticAnalysis(btmNames);
+ }
}
--
Gitblit v1.9.3