From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java | 146 +++++++++++++++++++++++++-----------------------
1 files changed, 77 insertions(+), 69 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
index 929d37b..3c6c37b 100644
--- a/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
+++ b/Source/UBCS/ubcs-service/ubcs-code/src/main/java/com/vci/ubcs/code/service/impl/MdmProductCodeServiceImpl.java
@@ -1,5 +1,6 @@
package com.vci.ubcs.code.service.impl;
+import com.alibaba.fastjson.JSON;
import com.vci.ubcs.code.algorithm.CustomSerialEnum;
import com.vci.ubcs.code.annotation.MdmSerialAlgorithm;
import com.vci.ubcs.code.annotation.MdmSerialAlgorithmMethod;
@@ -24,6 +25,7 @@
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyTemplateVO;
import com.vci.ubcs.code.vo.pagemodel.CodeClassifyVO;
import com.vci.ubcs.code.vo.pagemodel.CodeRuleVO;
+import com.vci.ubcs.omd.cache.EnumCache;
import com.vci.ubcs.starter.exception.VciBaseException;
import com.vci.ubcs.starter.revision.model.BaseModel;
import com.vci.ubcs.starter.util.DefaultAttrAssimtUtil;
@@ -50,6 +52,7 @@
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.*;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
@@ -93,10 +96,6 @@
@Autowired
private FormulaServiceImpl formulaService;
- // 娉ㄥ叆浜嬪姟绠$悊鍣�
-// @Autowired
-// private TransactionTemplate transactionTemplate;
-
@Override
@Transactional(rollbackFor = Exception.class)
public List<String> productCodeAndSaveData(CodeClassifyFullInfoBO classifyFullInfoBO, CodeClassifyTemplateVO templateVO, CodeRuleVO ruleVO, List<CodeOrderSecDTO> secDTOList, List<BaseModel> dataCBOList,BladeUser user) throws Exception {
@@ -120,7 +119,7 @@
//VciBaseUtil.setCurrentUserSessionInfo(sessionInfo);
String code = cbo.getId();
List<String> serialUnitList = new CopyOnWriteArrayList<>();
- String seclenghStr=cbo.getData().get(CODE_SEC_LENGTH_FIELD);
+ //String seclenghStr=cbo.getData().get(CODE_SEC_LENGTH_FIELD);
String[] secLengths = cbo.getData().get(CODE_SEC_LENGTH_FIELD).split("#");
cbo.getData().remove(CODE_SEC_LENGTH_FIELD);//灏嗘key闄ゅ幓
cbo.getData().remove(IMPORT_ROW_INDEX);//灏嗘key闄ゅ幓
@@ -139,11 +138,11 @@
//鏈�鍚�
thisSecValue = seclenghStr.contains("#")?code.substring(VciBaseUtil.getInt(secLengths[i-1]),code.length()):code;
}else {*/
- int start = 0;
- for (int j = 0; j < i; j++) {
- start += VciBaseUtil.getInt(secLengths[j]);
- }
- thisSecValue = code.substring(start,start+VciBaseUtil.getInt(secLengths[i]));
+ int start = 0;
+ for (int j = 0; j < i; j++) {
+ start += VciBaseUtil.getInt(secLengths[j]);
+ }
+ thisSecValue = code.substring(start,start+VciBaseUtil.getInt(secLengths[i]));
// }
if(VciBaseUtil.getBoolean(secVO.getSerialDependFlag())){
serialUnitList.add(thisSecValue);
@@ -157,7 +156,7 @@
List<String> serialUnFileStringList = new ArrayList<>();
AtomicReference<String> newSerialUnitString = new AtomicReference<>("");
if(!CollectionUtils.isEmpty(serialValueMap)){
- AtomicInteger index= new AtomicInteger();
+ AtomicInteger index = new AtomicInteger();
serialValueMap.forEach((secOid,secValue)->{
//瑕佺湅鏄笉鏄ˉ浣嶇殑
CodeBasicSecVO secVO = secVOMap.get(secOid);
@@ -178,7 +177,7 @@
if(OsCodeFillTypeEnum.NONE.getValue().equalsIgnoreCase(secVO.getCodeFillType())){
//涓嶈ˉ鐮�
//鎶婃墍鏈変笉鏄暟瀛楃殑鍘绘帀锛屽洜涓哄彲鑳戒細鏄�佹暟鎹紝鏂拌鍒�
- // serialDb = VciBaseUtil.getDouble(killUnNumberChar(subSecValue));
+ //serialDb = VciBaseUtil.getDouble(killUnNumberChar(subSecValue));
//serialDb = killUnNumberChar(subSecValue);
serialDb=subSecValue;
}else {
@@ -186,21 +185,24 @@
serialDb = killFillChar(subSecValue,secVO.getCodeFillSeparator(),
OsCodeFillTypeEnum.LEFT.getValue().equalsIgnoreCase(secVO.getCodeFillType()));
}
- Double newSerialDb= CustomSerialEnum.getDoubleCustomSerialValue(serialDb,secVO.getCustomCodeSerialType());
- HashMap<String, String> thisUnitMaxMap = maxSerialMap.getOrDefault(serialUnitString, new HashMap<>());
- Double maxValue=newSerialDb;
- if(thisUnitMaxMap.containsKey(secOid)){
- String newMaxValue= thisUnitMaxMap.getOrDefault(secOid,"");
- maxValue=StringUtils.isBlank(newMaxValue)?-1:VciBaseUtil.getDouble(newMaxValue);
- if(maxValue<newSerialDb){
- maxValue=newSerialDb;
+ Double newSerialDb = CustomSerialEnum.getDoubleCustomSerialValue(serialDb,secVO.getCustomCodeSerialType());
+ //TODO: 20240822闇�瑕佽繖鍧椾唬鐮佹槸鍚屾鎬х殑锛宮axSerialMap杩欏効浼氬洜涓虹嚎绋嬪彈褰卞搷锛屼慨鏀瑰悗娴嬭瘯澶氭鎬绘暟涓�5000鏉′竴娆″鍏ヨ�楄垂鏃堕棿涓�3鍒�30绉掑乏鍙�
+ synchronized(this) {
+ HashMap<String, String> thisUnitMaxMap = maxSerialMap.getOrDefault(serialUnitString, new HashMap<>());
+ Double maxValue=newSerialDb;
+ if(thisUnitMaxMap.containsKey(secOid)){
+ String newMaxValue = thisUnitMaxMap.getOrDefault(secOid,"");
+ maxValue = StringUtils.isBlank(newMaxValue)?-1:VciBaseUtil.getDouble(newMaxValue);
+ if(maxValue < newSerialDb){
+ maxValue = newSerialDb;
+ }
}
+ String newMaxValue=CustomSerialEnum.getStringCustomSerialValue(maxValue,secVO.getCustomCodeSerialType());
+ serialDb=CustomSerialEnum.getStringCustomSerialValue(newSerialDb,secVO.getCustomCodeSerialType());
+ thisUnitMaxMap.put(secOid,newMaxValue);
+ maxSerialMap.put(serialUnitString,thisUnitMaxMap);
+ serialUnFileStringList.add(String.valueOf(serialDb));
}
- String newMaxValue=CustomSerialEnum.getStringCustomSerialValue(maxValue,secVO.getCustomCodeSerialType());
- serialDb=CustomSerialEnum.getStringCustomSerialValue(newSerialDb,secVO.getCustomCodeSerialType());
- thisUnitMaxMap.put(secOid,newMaxValue);
- maxSerialMap.put(serialUnitString,thisUnitMaxMap);
- serialUnFileStringList.add(String.valueOf(serialDb));
});
}
CodeAllCode allCodeDO = new CodeAllCode();
@@ -215,6 +217,7 @@
String unFillSerial =serialUnFileStringList.size()==1?serialUnFileStringList.get(0)+ SERIAL_VALUE_SPACE:serialUnFileStringList.stream().collect(Collectors.joining(SERIAL_VALUE_SPACE));
allCodeDO.setUnFillSerial(unFillSerial);
allCodeDO.setLcStatus(cbo.getLcStatus());
+ allCodeDO.setLctid("codeAllCodeLC");
allCodeDO.setCodeDelimit(codeValueList.stream().collect(Collectors.joining(SERIAL_VALUE_SPACE)));//娣诲姞閾炬帴绗�
allCodeDOList.add(allCodeDO);
});
@@ -276,7 +279,6 @@
VciBaseUtil.toInSql(codeDOs.stream().map(s->s.getId()).collect(Collectors.toList()).toArray(new String[0])) + ")");
List<CodeAllCode> existCodes = codeAllCodeService.selectByWrapper(allCodeWrapper);
-
if(!CollectionUtils.isEmpty(existCodes)){
existCodes.stream().forEach(existCode->{
String rule_id = existCode.getCodeRuleOid() + "${SEP}" + existCode.getId();
@@ -302,10 +304,6 @@
if(!CollectionUtils.isEmpty(editCodeDOs)){
codeAllCodeService.updateBatchById(editCodeDOs);
}
- // 鑾峰彇浜嬪姟瀹氫箟
- //DefaultTransactionDefinition def = new DefaultTransactionDefinition();
- // 寮�濮嬩簨鍔�
- //TransactionStatus status = transactionTemplate.getTransactionManager().getTransaction(def);
if(!CollectionUtils.isEmpty(addCodeDOs)){
Map<String, String> statusMap = addCodeDOs.stream().collect(Collectors.toMap(s -> s.getOid(), s -> s.getLcStatus()));
addCodeDOs.stream().filter(s -> StringUtils.equalsIgnoreCase("codeallcode",s.getBtmname())).forEach(s -> {
@@ -330,17 +328,24 @@
for (CodeAllCode codeAllCode : takeBack) {
codeAllCode.setTs(new Date());
codeAllCode.setLastModifyTime(new Date());
- codeAllCode.setLastModifier(AuthUtil.getUserId().toString());
- Iterator<CodeAllCode> iterator = addCodeDOs.iterator();
+ codeAllCode.setLastModifier(Func.isNotEmpty(user) ? user.getAccount():AuthUtil.getUserAccount());
+ for (int i = 0; i < addCodeDOs.size(); i++) {
+ if(codeAllCode.getId().equals(addCodeDOs.get(i).getId())){
+ codeAllCode.setCreateCodeOid(addCodeDOs.get(i).getCreateCodeOid());
+ codeAllCode.setLcStatus(addCodeDOs.get(i).getLcStatus());
+ addCodeDOs.remove(i);
+ }
+ }
+ /*Iterator<CodeAllCode> iterator = addCodeDOs.iterator();
while (iterator.hasNext()){
CodeAllCode next = iterator.next();
if(codeAllCode.getId().equals(next.getId())){
codeAllCode.setCreateCodeOid(next.getCreateCodeOid());
codeAllCode.setLcStatus(next.getLcStatus());
// TODO: 杩欏効鍏堟殏鏃舵敞閲婃帀锛屾病鐪嬫噦杩欏効涓轰粈涔堣杩欐牱鍋氾紝瀵艰嚧鎶ラ敊
- //iterator.remove();
+ iterator.remove();
}
- }
+ }*/
}
if(takeBack.size()>0){
codeAllCodeService.updateBatchById(takeBack);
@@ -348,16 +353,7 @@
codeAllCodeService.saveBatch(addCodeDOs);
}
-
-// try {
mdmEngineService.insertBatchByType(dataCBOList.get(0).getBtmname(),dataCBOList);
- // 鎻愪氦浜嬪姟
- //transactionTemplate.getTransactionManager().commit(status);
-// }catch (Exception e){
-// // 鍑虹幇寮傚父鏃跺洖婊氫簨鍔�
-// transactionTemplate.getTransactionManager().rollback(status);
-// }
-
}
return codeList;
}else {
@@ -369,7 +365,11 @@
List<CodeBasicSecVO> attrSecVOList = new ArrayList<>();
for (int i = 0; i < secVOList.size(); i++) {
CodeBasicSecVO secVO = secVOList.get(i);
- switchSecValue(secVO, secValueMap, classifyFullInfoBO, serialSecVOList, attrSecVOList, serialUnitList, secValueList);
+ try{
+ switchSecValue(secVO, secValueMap, classifyFullInfoBO, serialSecVOList, attrSecVOList, serialUnitList, secValueList);
+ }catch (Exception e){
+ throw new ServiceException("鐮佸�艰浆鎹㈡椂鍑虹幇閿欒锛屽師鍥狅細"+e.getMessage());
+ }
}
//澶勭悊灞炴�х爜娈靛拰娴佹按鐮佹
Map<String/**娴佹按鐮佹鐨勪富閿�**/, Map<String/**娴佹按渚濇嵁**/, String>> lastMaxSerialValueMap = new HashMap<>();
@@ -432,7 +432,7 @@
.collectingAndThen(
Collectors.toCollection(() -> new TreeSet<>(Comparator.comparing(CodeAllCode::getId))),
ArrayList::new));
- if( distinctCodeAllCOdes.size() != allCodeDOList.size() ){
+ if(distinctCodeAllCOdes.size() != allCodeDOList.size() ){
throw new ServiceException("缂栫爜鏁版嵁閲嶅锛屾棤娉曚繚瀛橈紝璇锋敞鎰忥紒");
}
QueryWrapper<CodeAllCode> wrapper = new QueryWrapper<>();
@@ -447,34 +447,29 @@
for (CodeAllCode codeAllCode : takeBack) {
codeAllCode.setTs(new Date());
codeAllCode.setLastModifyTime(new Date());
- codeAllCode.setLastModifier(AuthUtil.getUserId().toString());
- Iterator<CodeAllCode> iterator = allCodeDOList.iterator();
- while (iterator.hasNext()){
+ codeAllCode.setLastModifier(Func.isNotEmpty(user) ? user.getAccount():AuthUtil.getUserAccount());
+ for (int i = 0; i < allCodeDOList.size(); i++) {
+ if(codeAllCode.getId().equals(allCodeDOList.get(i).getId())){
+ codeAllCode.setCreateCodeOid(allCodeDOList.get(i).getCreateCodeOid());
+ codeAllCode.setLcStatus(allCodeDOList.get(i).getLcStatus());
+ allCodeDOList.remove(i);
+ }
+ }
+ /*while (iterator.hasNext()){
CodeAllCode next = iterator.next();
if(codeAllCode.getId().equals(next.getId())){
codeAllCode.setCreateCodeOid(next.getCreateCodeOid());
codeAllCode.setLcStatus(next.getLcStatus());
//iterator.remove();
}
- }
+ }*/
}
if(takeBack.size()>0){
codeAllCodeService.updateBatchById(takeBack);
}
codeAllCodeService.saveBatch(allCodeDOList);
-// iCodeWupinService.saveBatch(dataCBOList);
mdmEngineService.insertBatchByType(dataCBOList.get(0).getBtmname(),dataCBOList);
-// batchCBO.getCreateCbos().stream().filter(s -> StringUtils.equalsIgnoreCase("codeallcode",s.getBtmName())).forEach(s -> {
-// s.setLcStatus(statusMap.get(s.getOid()));
-// try {
-// s.setAttributeValue("lcstatus",statusMap.get(s.getOid()));
-// } catch (VCIError e) {
-// e.printStackTrace();
-// }
-// });
}
- // WebUtil.setPersistence(true);
- // boService.persistenceBatch(batchCBO);
return codeList;
}
@@ -522,8 +517,6 @@
});
}
}
-
-
/**
* 杞崲娴佹按鐮佹鐨勫��
@@ -636,8 +629,6 @@
}
}
}
-
-
/**
* 杞崲娴佹按鐮佹鐨勫��
@@ -832,6 +823,12 @@
case CODE_CLASSIFY_SEC:
//鍒嗙被鐮佹鐨勶紝涔熸槸浠庡墠绔�夋嫨浜嗙爜鍊煎嵆鍙紝涓嶈鐮佸�肩殑闀垮害鏄灏�
CodeClassifyValue codeClassifyValueDO= codeClassifyValueMapper.selectById(secValue);
+ //褰撶爜鍊间负绌烘垨#NaN?鏃跺嵆琛ㄧず浣滀负绌哄瓧绗︿覆杩涜鎷兼帴
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
+ if(Func.isBlank(codeClassifyValueDO.getId()) || codeClassifyValueDO.getId().equals(nullSymbol)){
+ codeClassifyValueDO.setId("");
+ }
if(codeClassifyValueDO!=null) {
secValue = joinPreffixAndSuffix(secVO, codeClassifyValueDO.getId());
}
@@ -902,7 +899,7 @@
case CODE_VARIABLE_SEC:
//鍙彉鐮佹锛屾槸鍦ㄩ〉闈笂杈撳叆鍐呭
if (secValue.length() > VciBaseUtil.getInt(secVO.getCodeSecLength())) {
- throw new VciBaseException("銆恵0}銆戣繖涓爜娈垫槸鍙彉鐮佹锛屼絾鏄幇鍦ㄨ緭鍏ョ殑鐮佸�肩殑闀垮害({1})瓒呰繃浜嗚瀹氱殑闀垮害{2}", new String[]{secVO.getName(), String.valueOf(secValue.length()), secVO.getCodeSecLength()});
+ throw new ServiceException(String.format("銆恵%s}銆戣繖涓爜娈垫槸鍙彉鐮佹锛屼絾鏄幇鍦ㄨ緭鍏ョ殑鐮佸�肩殑闀垮害({%s})瓒呰繃浜嗚瀹氱殑闀垮害{%s}", secVO.getName(), secValue.length(), secVO.getCodeSecLength()));
}
OsCodeFillTypeEnum fillTypeEnum = OsCodeFillTypeEnum.forValue(secVO.getCodeFillType());
secValue = fillString(VciBaseUtil.getInt(secVO.getCodeSecLength()), fillTypeEnum, secValue, secVO.getCodeFillSeparator());
@@ -1233,7 +1230,7 @@
for (int j = 0; j < serialSecVOList.size(); j++) {
CodeBasicSecVO secVO = serialSecVOList.get(j);
if(lastMaxSerialValueMap.containsKey(secVO.getOid())){//姝や负鏈�鍚庨渶瑕佸瓨鍏ユ祦姘翠緷璧栫殑鏈�澶ф祦姘�
- Map<String/**娴佹按渚濇嵁**/, String> serialValueMap= lastMaxSerialValueMap.get(secVO.getOid());
+ Map<String/**娴佹按渚濇嵁**/, String> serialValueMap = lastMaxSerialValueMap.get(secVO.getOid());
serialValueMap.forEach((maxSerialUnitString,serialValue)->{
if(StringUtils.isNotBlank(serialValue)){
serialUnitString.set(maxSerialUnitString);
@@ -1283,14 +1280,21 @@
codeAllCode.setLastModifyTime(new Date());
codeAllCode.setLastModifier(AuthUtil.getUserId().toString());
Iterator<CodeAllCode> iterator = allCodeDOList.iterator();
- while (iterator.hasNext()){
+ for (int i = 0; i < allCodeDOList.size(); i++) {
+ if(codeAllCode.getId().equals(allCodeDOList.get(i).getId())){
+ codeAllCode.setCreateCodeOid(allCodeDOList.get(i).getCreateCodeOid());
+ codeAllCode.setLcStatus(allCodeDOList.get(i).getLcStatus());
+ allCodeDOList.remove(i);
+ }
+ }
+ /*while (iterator.hasNext()){
CodeAllCode next = iterator.next();
if(codeAllCode.getId().equals(next.getId())){
codeAllCode.setCreateCodeOid(next.getCreateCodeOid());
codeAllCode.setLcStatus(next.getLcStatus());
//iterator.remove();
}
- }
+ }*/
}
if(takeBack.size()>0){
codeAllCodeService.updateBatchById(takeBack);
@@ -1299,7 +1303,6 @@
mdmEngineService.insertBatchByType(dataCBOList.get(0).getBtmname(),dataCBOList);
return codeList;
}
-
/**
* 杞崲鐮佸�肩殑鍐呭
@@ -1330,6 +1333,11 @@
case CODE_CLASSIFY_SEC:
//鍒嗙被鐮佹鐨勶紝涔熸槸浠庡墠绔�夋嫨浜嗙爜鍊煎嵆鍙紝涓嶈鐮佸�肩殑闀垮害鏄灏�
CodeClassifyValue codeClassifyValueDO= codeClassifyValueMapper.selectById(secValue);
+ String nullSymbol = EnumCache.getValue("nullSymbol", "NULL");
+ nullSymbol = Func.isBlank(nullSymbol) ? "#NaN?":nullSymbol;
+ if(Func.isBlank(codeClassifyValueDO.getId()) || codeClassifyValueDO.getId().equals(nullSymbol)){
+ codeClassifyValueDO.setId("");
+ }
if(codeClassifyValueDO!=null) {
secValue = joinPreffixAndSuffix(secVO, codeClassifyValueDO.getId());
}
--
Gitblit v1.9.3