From 4470052c3b6bdeb18e45987f8aa293d1e93d0552 Mon Sep 17 00:00:00 2001
From: Ludc <2870569285@qq.com>
Date: 星期二, 18 十一月 2025 11:59:12 +0800
Subject: [PATCH] 所有文件上传接口增加文件安全校验逻辑。
---
Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java | 34 +++++++++++++++++++++++++++-------
1 files changed, 27 insertions(+), 7 deletions(-)
diff --git a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
index 6c6c537..bf38725 100644
--- a/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
+++ b/Source/UBCS/ubcs-service/ubcs-user/src/main/java/com/vci/ubcs/system/user/controller/UserController.java
@@ -21,6 +21,7 @@
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.github.xiaoymin.knife4j.annotations.ApiOperationSupport;
+import com.vci.ubcs.common.validator.ComprehensiveFileValidator;
import com.vci.ubcs.system.cache.NacosConfigCache;
import com.vci.ubcs.system.user.entity.User;
import com.vci.ubcs.system.user.excel.UserExcel;
@@ -32,8 +33,7 @@
import io.swagger.annotations.ApiParam;
import lombok.AllArgsConstructor;
import com.vci.ubcs.common.cache.CacheNames;
-import org.apache.ibatis.annotations.Param;
-import org.hibernate.validator.internal.util.logging.Log;
+import lombok.extern.slf4j.Slf4j;
import org.springblade.core.cache.utils.CacheUtil;
import org.springblade.core.excel.util.ExcelUtil;
import org.springblade.core.mp.support.Condition;
@@ -50,6 +50,7 @@
import org.springblade.core.tool.utils.StringUtil;
import com.vci.ubcs.system.user.service.IUserService;
import com.vci.ubcs.system.user.vo.UserVO;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import springfox.documentation.annotations.ApiIgnore;
@@ -71,12 +72,19 @@
@RestController
@RequestMapping
@AllArgsConstructor
-@lombok.extern.java.Log
+@Slf4j
public class UserController {
private final IUserService userService;
+
private final BladeRedis bladeRedis;
+
private final NacosConfigCache nacosConfigCache;
+
+ /**
+ * 鏂囦欢瀹夊叏妫�鏌�
+ */
+ private ComprehensiveFileValidator fileValidator;
/**
* 鏌ヨ鍗曟潯
@@ -191,11 +199,20 @@
*/
@PostMapping("/grant")
@ApiOperationSupport(order = 7)
- @ApiOperation(value = "鏉冮檺璁剧疆", notes = "浼犲叆roleId闆嗗悎浠ュ強menuId闆嗗悎")
+ @ApiOperation(value = "鏉冮檺璁剧疆", notes = "浼犲叆userIds闆嗗悎浠ュ強roleIds闆嗗悎")
//@PreAuth(RoleConstant.HAS_ROLE_ADMIN)
public R grant(@ApiParam(value = "userId闆嗗悎", required = true) @RequestParam String userIds,
@ApiParam(value = "roleId闆嗗悎", required = true) @RequestParam String roleIds) {
- boolean temp = userService.grant(userIds, roleIds);
+ boolean temp = false;
+ try {
+ temp = userService.grant(userIds, roleIds);
+ // 鎻掑叆鎺堟潈鏃ュ織
+ userService.grantLog(UserWrapper.build().entityVO(userService.getById(userIds)).toString(),false);
+ }catch (Exception e){
+ // 鎻掑叆鎺堟潈鏃ュ織
+ userService.grantLog(e.getMessage(),true);
+ throw e;
+ }
return R.status(temp);
}
@@ -254,6 +271,11 @@
@ApiOperationSupport(order = 12)
@ApiOperation(value = "瀵煎叆鐢ㄦ埛", notes = "浼犲叆excel")
public R importUser(MultipartFile file, Integer isCovered) {
+ // 浣跨敤鏂囦欢瀹夊叏楠岃瘉鍣�
+ ComprehensiveFileValidator.UploadValidationResult result = fileValidator.validateFile(file);
+ if (!result.isValid()) {
+ return R.fail(result.getMessage());
+ }
UserImporter userImporter = new UserImporter(userService, isCovered == 1);
ExcelUtil.save(file, userImporter, UserExcel.class);
return R.success("鎿嶄綔鎴愬姛");
@@ -286,7 +308,6 @@
ExcelUtil.export(response, "鐢ㄦ埛鏁版嵁妯℃澘", "鐢ㄦ埛鏁版嵁琛�", list, UserExcel.class);
}
-
/**
* 绗笁鏂规敞鍐岀敤鎴�
*/
@@ -296,7 +317,6 @@
public R registerGuest(User user, Long oauthId) {
return R.status(userService.registerGuest(user, oauthId));
}
-
/**
* 閰嶇疆鐢ㄦ埛骞冲彴淇℃伅
--
Gitblit v1.9.3