From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java | 254 +++++++++++++++++++++++++++++++++++++++++++++-----
1 files changed, 226 insertions(+), 28 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
index f5ce8a2..623570c 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/controller/MdmEngineController.java
@@ -1,24 +1,22 @@
package com.vci.ubcs.code.controller;
-
import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.common.utils.StringUtils;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.vci.ubcs.code.applyjtcodeservice.vo.BaseModelVO;
-import com.vci.ubcs.code.dto.CodeDeleteBatchDTO;
-import com.vci.ubcs.code.dto.CodeExportAttrDTO;
-import com.vci.ubcs.code.dto.CodeOrderDTO;
-import com.vci.ubcs.code.dto.CodeOrderSecDTO;
+import com.vci.ubcs.code.dto.*;
import com.vci.ubcs.code.dto.datapush.BaseModelDTO;
import com.vci.ubcs.code.service.MdmEngineService;
import com.vci.ubcs.code.service.MdmIOService;
import com.vci.ubcs.code.vo.pagemodel.*;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
import com.vci.ubcs.flow.core.dto.FlowStatusDTO;
import com.vci.ubcs.starter.annotation.VciBusinessLog;
import com.vci.ubcs.starter.revision.model.BaseModel;
import com.vci.ubcs.starter.revision.model.TreeQueryObject;
import com.vci.ubcs.starter.util.LocalFileUtil;
+import com.vci.ubcs.starter.util.SaveLogUtil;
import com.vci.ubcs.starter.web.pagemodel.*;
import com.vci.ubcs.starter.web.util.ControllerUtil;
import com.vci.ubcs.starter.web.util.LangBaseUtil;
@@ -38,7 +36,6 @@
import java.util.*;
@RestController
-//@AllArgsConstructor
@RequestMapping("/mdmEngineController")
@Api(value = "缂栫爜鏁版嵁绠$悊", tags = "缂栫爜鏁版嵁绠$悊")
public class MdmEngineController {
@@ -47,16 +44,30 @@
* 鏃ュ織
*/
private Logger logger = LoggerFactory.getLogger(getClass());
+
/**
* 涓绘暟鎹紩鎿庢湇鍔�
*/
@Autowired
private MdmEngineService engineService;
+
/**
* 涓绘暟鎹鍏ュ鍑烘湇鍔�
*/
@Autowired
private MdmIOService mdmIOService;
+
+ /**
+ * 鏃ュ織淇濆瓨宸ュ叿绫�
+ */
+ @Autowired
+ private SaveLogUtil saveLogUtil;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ @Autowired
+ private ComprehensiveFileValidator fileValidator;
/**
@@ -80,6 +91,78 @@
ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
}
}
+
+ /**
+ * 涓嬭浇鎵归噺鐢宠鐨勫鍏ユā鏉�
+ * @param codeClassifyOid 鍒嗙被鐨勪富閿�
+ * @param response 鍝嶅簲瀵硅薄
+ * @throws IOException 鎶涘嚭寮傚父
+ */
+ @GetMapping("/downloadExcelBatchEdit")
+ @VciBusinessLog(operateName = "涓嬭浇鎵归噺鐢宠缂栫爜鐨勫鍏ユā鏉�")
+ public void downloadImportExcelBatchEdit(String codeClassifyOid, HttpServletResponse response) throws IOException{
+ String excelName = mdmIOService.downloadImportExcelBatchEdit(codeClassifyOid);
+ try {
+ ControllerUtil.writeFileToResponse(response,excelName);
+ } catch (Throwable e) {
+ //濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
+ String msg = LangBaseUtil.getErrorMsg(e);
+ if(StringUtils.isBlank(msg)){
+ msg = "鏈煡閿欒";
+ }
+ ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
+ }
+ }
+
+ /**
+ * 瀵煎叆鎵归噺缂栬緫鏁版嵁
+ * @param codeClassifyOid 鍒嗙被鐨勪富閿�
+ * @param classifyAttr 鍒嗙被璺緞浣跨敤鐨勫睘鎬�
+ * @param file 鏂囦欢鐨勫唴瀹�
+ */
+ @VciBusinessLog(operateName = "瀵煎叆鎵归噺缂栬緫鏁版嵁")
+ @PostMapping("/batchImportEdit")
+ public R batchImportEdit(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
+ String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
+ File file1 = new File(excelFileName);
+ try {
+ file.transferTo(new File(excelFileName));
+ CodeImProtRusultVO codeImProtRusultVO =mdmIOService.batchImportEdit(codeClassifyOid, classifyAttr,file1);
+ if(StringUtils.isNotBlank(codeImProtRusultVO.getFilePath())||StringUtils.isNotBlank(codeImProtRusultVO.getRedisUuid())){
+ //鏀惧埌map閲�
+ R result = R.fail("瀵煎叆澶辫触");
+ if(StringUtils.isNotBlank(codeImProtRusultVO.getFilePath())) {
+ String filedUUid = ControllerUtil.putErrorFile(codeImProtRusultVO.getFilePath());
+ codeImProtRusultVO.setFileOid(filedUUid);
+ }
+ result.setData(codeImProtRusultVO);
+ return result;
+ }else {
+ return R.success("鎿嶄綔鎴愬姛锛�");
+ }
+ }catch (Throwable e) {
+ logger.error("瀵煎叆閿欒",e);
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(LangBaseUtil.getErrorMsg(e),errorFile);
+ String uuid=ControllerUtil.putErrorFile(errorFile);
+ CodeImProtRusultVO codeImProtRusultVO =new CodeImProtRusultVO();
+ codeImProtRusultVO.setRedisUuid("");
+ codeImProtRusultVO.setFileOid(uuid);
+ codeImProtRusultVO.setFilePath(errorFile);
+ R r = R.fail("瀵煎叆澶辫触");
+ r.setData(codeImProtRusultVO);
+ return r;
+ }finally {
+ file1.delete();
+ }
+ }
+
/**
* 涓嬭浇鎵归噺鐢宠鐨勫鍏ユā鏉�
* @param codeClassifyOid 鍒嗙被鐨勪富閿�
@@ -100,8 +183,6 @@
}
ControllerUtil.writeDataToResponse(response,msg.getBytes(StandardCharsets.UTF_8),null);
}
-
-
}
/**
@@ -111,8 +192,8 @@
@VciBusinessLog(operateName = "瀵煎嚭涓婚搴撶殑鏁版嵁")
@PostMapping("/exportCode")
public void exportCode(CodeExportAttrDTO exportAttrDTO, HttpServletResponse response) throws IOException {
- String excelName = mdmIOService.exportCode(exportAttrDTO);
try {
+ String excelName = mdmIOService.exportCode(exportAttrDTO);
ControllerUtil.writeFileToResponse(response,excelName);
} catch (Throwable e) {
//濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
@@ -147,13 +228,19 @@
}
/**
- * 鎵归噺鐢宠缂栫爜鐨勪俊鎭�
+ * 鎵归噺鐢宠缂栫爜鐨勪俊鎭紙褰撳墠鍒嗙被涓婃壒閲忕敵璇凤級
* @param secDTOList 鐢宠缂栫爜鐨勪俊鎭紝蹇呴』鍖呭惈鐮佹鍜屽垎绫讳富閿殑淇℃伅
* @param file 鏂囦欢鐨勫唴瀹�
*/
@VciBusinessLog(operateName = "鎵归噺鐢宠缂栫爜鐨勪俊鎭�")
@PostMapping("/batchImportCode")
public R batchImportCode(String secDTOList, String codeClassifyOid, MultipartFile file, HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
CodeOrderDTO orderDTO = new CodeOrderDTO();
orderDTO.setCodeClassifyOid(codeClassifyOid);
if(StringUtils.isNotBlank(secDTOList)){
@@ -205,6 +292,12 @@
@VciBusinessLog(operateName = "瀵煎叆缂栫爜鐨勫巻鍙叉暟鎹�")
@PostMapping("/batchImportHistoryData")
public R batchImportHistoryData(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult validationResult = fileValidator.validateFile(file);
+ if (!validationResult.isValid()) {
+ return R.fail(validationResult.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -238,8 +331,9 @@
file1.delete();
}
}
+
/**
- * 瀵煎叆鍘嗗彶鏁版嵁
+ * 瀵煎叆鍘嗗彶鏁版嵁(浠庨《灞傚垎绫诲鐨�)
* @param codeClassifyOid 鍒嗙被鐨勪富閿�
* @param classifyAttr 鍒嗙被璺緞浣跨敤鐨勫睘鎬�
* @param file 鏂囦欢鐨勫唴瀹�
@@ -247,6 +341,12 @@
@VciBusinessLog(operateName = "鎵归噺鐢宠缂栫爜鐨勪俊鎭�")
@PostMapping("/batchTopImportCode")
public R batchTopImportCode(String codeClassifyOid, String classifyAttr,MultipartFile file,HttpServletResponse response) throws Throwable {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
+
String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
File file1 = new File(excelFileName);
try {
@@ -279,7 +379,6 @@
R r = R.fail("瀵煎叆澶辫触");
r.setData(codeImProtRusultVO);
-
return r;
}finally {
file1.delete();
@@ -291,12 +390,11 @@
* @param baseModelDTO 鏁版嵁浼犺緭瀵硅薄
* @return 鎵ц缁撴灉
*/
- @PostMapping("changeStatus")
+ @PostMapping("/changeStatus")
public R changeStatus(@RequestBody BaseModelDTO baseModelDTO) {
engineService.changeStatus(baseModelDTO);
return R.success("鎿嶄綔鎴愬姛锛�");
}
-
/**
* 鐢宠缂栫爜淇濆瓨
@@ -306,9 +404,16 @@
@PostMapping("/addSaveCode")
@VciBusinessLog(operateName = "鐢宠鍗曚釜缂栫爜")
public R addSaveCode(@RequestBody CodeOrderDTO orderDTO) throws Exception {
- return R.success(engineService.addSaveCode(orderDTO));
+ String s = null;
+ try {
+ s = engineService.addSaveCode(orderDTO);
+ saveLogUtil.operateLog("缂栫爜鐢宠",false,orderDTO.toString());
+ }catch (Exception e){
+ saveLogUtil.operateLog("缂栫爜鐢宠",true,e.toString());
+ throw e;
+ }
+ return R.success(s);
}
-
/**
* 浣跨敤妯℃澘鐨勪富閿幏鍙栬〃鍗曠殑瀹氫箟
@@ -391,8 +496,7 @@
return engineService.gridTableDataByClassifyOid(codeClassifyOid,templateOid,queryObject.getConditionMap(),queryObject.getPageHelper());
}
-
- /***
+ /**
* 鑾峰彇鍒嗙被瀵硅薄
* @param redisOid
* @return
@@ -403,7 +507,7 @@
return R.data(codeImportTemplateVOs);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆姝g‘鐨勬暟鎹�
* @param codeClassifyOid
* @param redisOid
@@ -414,7 +518,7 @@
return mdmIOService.gridDatas(codeClassifyOid,redisOid);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆琛岀浉浼奸」鐨勬暟鎹�
* @param dataOid
* @param redisOid
@@ -425,7 +529,7 @@
return mdmIOService.gridRowResemble(dataOid,redisOid);
}
- /***
+ /**
* 浠巖edis缂撳瓨閲岃幏鍙栧埌瀵煎叆鍏锋湁鐩镐技椤圭殑鏁版嵁
* @param codeClassifyOid
* @param redisOid
@@ -435,18 +539,19 @@
public DataGrid<Map<String,String>> gridResemble(String codeClassifyOid,String redisOid){
return mdmIOService.gridDatas(codeClassifyOid,redisOid);
}
- /***
+
+ /**
* 瀵煎叆鏁版嵁
* @param codeImprotSaveDatVO//鏁版嵁瀵硅薄
* @return
*/
@PostMapping("/batchImportData")
public R batchImportData(@RequestBody CodeImprotParmaDatVO codeImprotSaveDatVO){
- return mdmIOService.batchImportData(codeImprotSaveDatVO.getCodeImprotSaveDatVOList(),codeImprotSaveDatVO.getClassifyAttr(),codeImprotSaveDatVO.getImprot());
+ return mdmIOService.batchImportData(codeImprotSaveDatVO.getCodeImprotSaveDatVOList(),codeImprotSaveDatVO.getClassifyAttr(),codeImprotSaveDatVO.getImprot());
}
- /***
- *鏍规嵁鏁版嵁oid浠庣紦瀛樹腑绉婚櫎鏁版嵁
+ /**
+ * 鏍规嵁鏁版嵁oid浠庣紦瀛樹腑绉婚櫎鏁版嵁
* @param redisOid redisid
* @param codeClassifyOid 瀛樺偍瑙勫垯鐨刼id
* @param dataOids 鎵�闇�鍒犻櫎鐨勬暟鎹�
@@ -456,6 +561,7 @@
public R deleteDatas(String redisOid,String codeClassifyOid,String dataOids){
return mdmIOService.deleteDatas(redisOid,codeClassifyOid,dataOids);
}
+
/**
* 鎵归噺淇濆瓨娴佺▼鎵ц椤甸潰淇敼鐨勫唴瀹�
* @param orderDTOList 缂栫爜鐩稿叧鐨勪俊鎭紝涓嶉渶瑕佺爜娈电殑淇℃伅
@@ -520,7 +626,7 @@
@PostMapping("/upSaveCode")
public R upSaveCode(@RequestBody CodeOrderDTO orderDTO){
engineService.upSaveCode(orderDTO);
- return R.success("鎿嶄綔鎴愬姛锛�");
+ return R.success("鎿嶄綔鎴愬姛锛�");
}
/**
@@ -599,7 +705,7 @@
* @param idPath 缂栧彿鐨勮矾寰�
* @return UI鐩稿叧鐨勪俊鎭紙浠呭寘鍚〃鍗�)
*/
-// @VciUnCheckRight
+ // @VciUnCheckRight
@GetMapping("/getFormDefineByClassifyIdPath")
public MdmUIInfoVO getFormDefineByClassifyIdPath(String idPath){
return engineService.getFormDefineByClassifyIdPath(idPath);
@@ -654,7 +760,7 @@
* @return UI鐩稿叧鐨勪俊鎭紙浠呭寘鍚〃鏍硷級
*/
@GetMapping("/getFlowdUIInfoByClassifyOid")
- public MdmUIInfoVO getUIInfoByClassifyOid(String codeClassifyOid,String functionId,String templateId,String taskId,String modelKey){
+ public MdmUIInfoVO getFlowUIInfoByClassifyOid(String codeClassifyOid,String functionId,String templateId,String taskId,String modelKey){
return engineService.getFlowUIInfoByClassifyOid(codeClassifyOid,functionId,templateId,taskId,modelKey);
}
@@ -749,4 +855,96 @@
public R processChangeStatus(@RequestBody FlowStatusDTO flowDTO){
return engineService.processChangeStatus(flowDTO);
}
+
+ /**
+ * 鏍囧噯鐢宠鍜屼慨璁㈢敤
+ * @param codeBZApplyDTO 缂栫爜鐢宠鐩稿叧鐨勪俊鎭紝闇�瑕佹湁灞炴�у拰鐮佹鐩稿叧鐨勪俊鎭�
+ * @return 鎵ц缁撴灉
+ */
+ @PostMapping("/addSaveBZ")
+ @VciBusinessLog(operateName = "鐢宠鍗曚釜缂栫爜")
+ public R addSaveBZ (@RequestBody CodeBZApplyDTO codeBZApplyDTO) throws Exception {
+ return R.success(engineService.addSaveBZ(codeBZApplyDTO));
+ }
+
+ /**
+ * 涓嬭浇鎵归噺鐢宠鐨勫鍏ユā鏉�
+ * @param codeClassifyOid 鍒嗙被鐨勪富閿�
+ * @param response 鍝嶅簲瀵硅薄
+ * @throws IOException 鎶涘嚭寮傚父
+ */
+ @GetMapping("/exportGroupCodeExcel")
+ @VciBusinessLog(operateName = "瀵煎嚭闆嗗洟鐮�")
+ public void exportGroupCodeExcel(String codeClassifyOid, HttpServletResponse response) throws IOException {
+ try {
+ String excelName = mdmIOService.exportGroupCodeExcel(codeClassifyOid);
+ ControllerUtil.writeFileToResponse(response,excelName);
+ } catch (Throwable e) {
+ //濡傛灉鍑洪敊,鎶婇敊璇俊鎭啓鍒皌ext
+ String msg = LangBaseUtil.getErrorMsg(e);
+ if(StringUtils.isBlank(msg)){
+ msg = "鏈煡閿欒";
+ }
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(msg,errorFile);
+ ControllerUtil.writeFileToResponse(response,errorFile);
+ // return R.fail(msg);
+ }
+ // return R.status(true);
+ }
+
+ /**
+ * 闆嗗洟鐮佸鍏�
+ * @param codeClassifyOid
+ * @param file
+ * @param response
+ * @return
+ */
+ @PostMapping("/importGroupCode")
+ public R importGroupCode(String codeClassifyOid,MultipartFile file,HttpServletResponse response){
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
+
+ String excelFileName = LocalFileUtil.getDefaultTempFolder() + File.separator + file.getOriginalFilename();
+ File file1 = new File(excelFileName);
+ try {
+ file.transferTo(new File(excelFileName));
+ String excelName=mdmIOService.importGroupCode(codeClassifyOid,file1);
+ if(StringUtils.isNotBlank(excelName)) {
+ ControllerUtil.writeFileToResponse(response,excelName);
+ return R.fail("闆嗗洟鐮佸鍏ュ嚭鐜伴棶棰橈紝璇锋煡鐪嬫枃浠�");
+ }else{
+ return R.status(true);
+ }
+ }catch (Throwable e) {
+ logger.error("瀵煎叆閿欒",e);
+ String errorFile = LocalFileUtil.getDefaultTempFolder() + File.separator + "閿欒.txt";
+ LocalFileUtil.writeContentToFile(LangBaseUtil.getErrorMsg(e),errorFile);
+ String uuid=ControllerUtil.putErrorFile(errorFile);
+ CodeImProtRusultVO codeImProtRusultVO =new CodeImProtRusultVO();
+ codeImProtRusultVO.setRedisUuid("");
+ codeImProtRusultVO.setFileOid(uuid);
+ codeImProtRusultVO.setFilePath(errorFile);
+ R r = R.fail("闆嗗洟鐮佸鍏ュけ璐�");
+ r.setData(codeImProtRusultVO);
+ return r;
+ }finally {
+ file1.delete();
+ }
+
+ }
+
+ /**
+ * 鑾峰彇缁熻鍒嗘瀽鏁版嵁
+ * @param btmNames 涓氬姟绫诲瀷
+ * @return
+ */
+ @GetMapping("/getStatisticAnalysis")
+ @VciBusinessLog(operateName = "鑾峰彇缁熻鍒嗘瀽鏁版嵁")
+ public R getStatisticAnalysis(String btmNames) {
+ return engineService.getStatisticAnalysis(btmNames);
+ }
}
--
Gitblit v1.9.3