脱敏2

apply-net/src/main/java/com/winsun/controller/ImgController.java

@@ -51,4 +51,34 @@ public class ImgController {
         }
         return bytes;
     }
+
+    @RequestMapping( value = "/pictures/**",produces ={MediaType.IMAGE_JPEG_VALUE,MediaType.IMAGE_PNG_VALUE} )
+    public byte[] getbackground2(HttpServletRequest request) {
+        byte[] bytes=new byte[10];
+        if ( request.getServletPath().contains("Card")){
+            return bytes;
+        }
+        String replace = request.getServletPath().replace("pictures", "images");
+        System.out.println("url:" + replace);
+        String  imgurl= pathPre + FilePath.BACKGROUNDIMG.getValue()+"/"+replace;
+        imgurl = imgurl.replace("//", "/");
+        File file = new File(imgurl);
+        FileInputStream inputStream = null;
+        try {
+            inputStream = new FileInputStream(file);
+            bytes = new byte[inputStream.available()];
+            if (inputStream != null) {
+                inputStream.read(bytes, 0, inputStream.available());
+            }
+        } catch (IOException e) {
+            log.error("图片下载失败",e.getMessage());
+        }finally {
+            if (inputStream != null) {
+                try{
+                    inputStream.close();
+                }catch (Exception e){}
+            }
+        }
+        return bytes;
+    }
 }

common/src/main/java/com/winsun/advice/ErrorControllerAdvice.java

@@ -3,6 +3,7 @@ package com.winsun.advice;
 import com.winsun.auth.core.common.model.ResponseData;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.springframework.core.annotation.Order;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 
@@ -12,11 +13,12 @@ import org.springframework.web.bind.annotation.RestControllerAdvice;
  */
 @Slf4j
 @RestControllerAdvice
+@Order(-2)
 public class ErrorControllerAdvice {
 
     private final static Integer errorLength = 20;
 
-    @ExceptionHandler(Exception.class)
+    @ExceptionHandler(RuntimeException.class)
     public ResponseData<String> allErrorHandler(Exception e) {
         String message = e.getMessage();
         if (StringUtils.isNotBlank(message) && message.length() > errorLength) {

common/src/main/java/com/winsun/mapper/PartnerMapper.java

@@ -18,21 +18,27 @@ import org.springframework.stereotype.Component;
 @Component
 public interface PartnerMapper extends BaseMapper<Partner> {
 
-    @Update("update sys_user set phone = #{phone} ,name = #{name} ,account = #{account} ,sex = #{sex}, password = #{password}, roleid= #{roleId}, substName = #{subName}  where id=#{id}")
+    @Update("<script>update sys_user set " +
+            "<if test=\"phone != null and phone != ''\">phone = #{phone} ,</if>" +
+            "name = #{name} ," +
+            "<if test=\"account != null and account != ''\">account = #{account},</if> " +
+            "sex = #{sex}, password = #{password}, roleid= #{roleId}, substName = #{subName}  where id=#{id}</script>")
     int updateSysUser(@Param("phone") String phone, @Param("name") String name, @Param("account") String account, @Param("sex") String sex,
                       @Param("password") String password, @Param("roleId") String roleId, @Param("id") String id, @Param("subName") String subName);
 
-    @Update("update hhr_user set ysm = #{ysm} ,grade = #{grade} ,id_card = #{idCard},position = #{position} ,parent_id = #{parentId} ,parent_ids = #{parentIds}  where id=#{id}")
-    int updateHhUser(@Param("ysm") String ysm,@Param("grade") String grade,@Param("idCard") String idCard,@Param("position") String position,@Param("parentId") String parentId,@Param("parentIds") String parentIds,@Param("id") String id);
+    @Update("<script>update hhr_user set ysm = #{ysm} ,grade = #{grade} ,<if test=\"idCard != null and idCard != ''\">" +
+            "            id_card = #{idCard},</if> " +
+            "position = #{position} ,parent_id = #{parentId} ,parent_ids = #{parentIds}  where id=#{id}</script>")
+    int updateHhUser(@Param("ysm") String ysm, @Param("grade") String grade, @Param("idCard") String idCard, @Param("position") String position, @Param("parentId") String parentId, @Param("parentIds") String parentIds, @Param("id") String id);
 
     @Update("update hhr_user_school set school_id = #{schoolId}  where user_id=#{userId}")
-    int updateSchoolRef(@Param("schoolId") String schoolId,@Param("userId") String userId);
+    int updateSchoolRef(@Param("schoolId") String schoolId, @Param("userId") String userId);
 
     @Select("select *  from `sys_user` where account = #{account} order by createtime desc")
     List<Map<String, Object>> selectSysUser(String account);
 
     @Insert(" replace into hhr_user_school(user_id,school_id) VALUES(#{userId},#{schoolId})")
-    int saveSchoolRef(@Param("userId") String userId,@Param("schoolId") String schoolId);
+    int saveSchoolRef(@Param("userId") String userId, @Param("schoolId") String schoolId);
 
     @Select(" select id,name from  sys_role ")
     List<Map<String, Object>> roleList();

core-service/src/main/java/com/winsun/intercept/AuthConfigurationSupport.java

+//package com.winsun.intercept;
+//
+//import lombok.extern.slf4j.Slf4j;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.context.annotation.Configuration;
+//import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+//import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
+//
+//import java.util.ArrayList;
+//import java.util.List;
+//
+///**
+// * @author chengfengluo
+// * @date 2022-03-15 14:58
+// */
+//@Slf4j
+//@Configuration
+//public class AuthConfigurationSupport extends WebMvcConfigurationSupport {
+//
+//    @Autowired
+//    private AuthIntercept authIntercept;
+//
+//    @Override
+//    protected void addInterceptors(InterceptorRegistry registry) {
+//        log.info("配置拦截中");
+//        List<String> s = new ArrayList<>();
+//        s.add("/login");
+//        s.add("/getPhoneCode");
+//        registry.addInterceptor(authIntercept).excludePathPatterns(s);
+//        super.addInterceptors(registry);
+//    }
+//}

core-service/src/main/java/com/winsun/intercept/AuthIntercept.java

+package com.winsun.intercept;
+
+import com.alibaba.fastjson.JSONObject;
+import com.winsun.auth.core.common.model.ResponseData;
+import com.winsun.auth.core.shiro.ShiroUser;
+import com.winsun.auth.model.common.Menu;
+import com.winsun.item.core.shiro.ShiroKit;
+import com.winsun.item.util.LoginUtils;
+import com.winsun.mapper.SysUserMapper;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.redis.core.StringRedisTemplate;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.List;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * @author chengfengluo
+ * @date 2022-03-15 14:47
+ */
+@Slf4j
+@Component
+public class AuthIntercept extends HandlerInterceptorAdapter {
+
+    @Autowired
+    private StringRedisTemplate stringRedisTemplate;
+
+    private final static String AUTH_REDIS_PREFIX = "authRedis:";
+
+    private final static String AUTH_REDIS_SECURITY = "authRedisSecurity:";
+
+    private final static Integer CACHE_TIME =  60;
+
+    @Autowired
+    private SysUserMapper sysUserMapper;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        try {
+            ShiroUser user = ShiroKit.getUser();
+            if (user == null) {
+                log.error("错误");
+                return false;
+            }
+
+            String security = request.getHeader("security").trim();
+
+            if (StringUtils.isBlank(security)) {
+                log.error("校验权限失败！");
+                return false;
+            }
+
+            List<Integer> roleList = user.getRoleList();
+            if (roleList.size() == 0) {
+                log.error("无权限");
+                return false;
+            }
+
+            String key = AUTH_REDIS_PREFIX + StringUtils.join(roleList.toArray(), ",");
+
+            String securityKey = AUTH_REDIS_SECURITY + security;
+
+            String securityValue = stringRedisTemplate.opsForValue().get(securityKey);
+            if (StringUtils.isNotBlank(securityValue)) {
+                return false;
+            }
+
+            ResponseData<String> stringResponseData = LoginUtils.pwdDecrypt(security);
+            if (!stringResponseData.isSuccess()) {
+                log.error("鉴权失败");
+                return false;
+            }
+            String data = stringResponseData.getData();
+            String s = stringRedisTemplate.opsForValue().get(key);
+            List<Menu> roleMenu = null;
+            if (StringUtils.isNotBlank(s)) {
+                roleMenu = JSONObject.parseArray(s, Menu.class);
+            }else {
+                roleMenu = sysUserMapper.getRoleMenu(roleList);
+                stringRedisTemplate.opsForValue().set(key,
+                                JSONObject.toJSONString(roleMenu),
+                                CACHE_TIME, TimeUnit.SECONDS);
+            }
+
+            if (roleMenu == null || roleMenu.isEmpty()) {
+                return false;
+            }
+
+            log.info("data: {}", data);
+            for (Menu menu : roleMenu) {
+
+
+                if (menu == null || StringUtils.isBlank(menu.getUrl())) {
+                    continue;
+                }
+                log.info(menu.getUrl());
+                if (StringUtils.equals(menu.getUrl(), data)) {
+                    log.info("获取到相同的菜单");
+
+                    stringRedisTemplate.opsForValue().set(securityKey, "1", 1, TimeUnit.HOURS);
+
+                    return true;
+                }
+            }
+
+        }catch (Exception e) {
+            e.printStackTrace();
+        }
+        return false;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+
+        super.postHandle(request, response, handler, modelAndView);
+    }
+}

service-manager/pom.xml

@@ -155,7 +155,10 @@
             <groupId>com.winsun.framework</groupId>
             <artifactId>winsun-core-service</artifactId>
         </dependency>
-
+        <dependency>
+            <groupId>com.winsun.framework</groupId>
+            <artifactId>winsun-core-common</artifactId>
+        </dependency>
         <dependency>
             <groupId>dom4j</groupId>
             <artifactId>dom4j</artifactId>

service-manager/src/main/java/com/winsun/controller/ImgController.java

@@ -36,19 +36,18 @@ public class ImgController extends BaseController {
 
     //menuname = "图片路径"  只支持jpeg 和 png
     @Permission(menuname = "图片查询", value =  "/images", method = RequestMethod.POST,produces ={MediaType.IMAGE_JPEG_VALUE,MediaType.IMAGE_PNG_VALUE})
-    public ResponseData<String> getbackground(String url) {
+    public String getbackground(String url) {
         ShiroUser shiroUser = getShiroUser();
         if (!shiroUser.getRoleNames().stream().anyMatch(roleName -> StringUtils.equalsAny(roleName, "超级管理员", "系统管理员","县分管理员（订单）","合伙人"))) {
-            return ResponseData.error("无数据权限");
+            return "无数据权限";
         }
         System.out.println("url :"+url);
-        url = url.replace("/api/manager/ciop","");
+        url = url.replace("manager/ciop","");
         byte[] bytes=new byte[10];
         String  imgurl= pathPre + FilePath.BACKGROUNDIMG.getValue()+"/"+url;
         imgurl = imgurl.replace("//", "/");
 
-        //File file = new File(imgurl);
-        File file = new File("D:\\test.jpg");
+        File file = new File(imgurl);
         FileInputStream inputStream = null;
         try {
             inputStream = new FileInputStream(file);
@@ -69,6 +68,7 @@ public class ImgController extends BaseController {
                 }catch (Exception e){}
             }
         }
-        return ResponseData.success(Base64.encodeBase64String(bytes));
+        String s = Base64.encodeBase64String(bytes);
+        return s;
     }
 }

service-manager/src/main/java/com/winsun/controller/PartnerController.java

@@ -81,6 +81,15 @@ public class PartnerController extends BaseController {
 			if (StringUtils.isEmpty(subName) || !subName.equals(school.getSubName())){
 				return ResponseData.error("修改失败");
 			}
+			if (phone.contains("*")){
+				phone = "";
+			}
+			if(account.contains("*")){
+				account = "";
+			}
+			if(idCard.contains("*")){
+				idCard = "";
+			}
 			int updateSysUse = partnerMapper.updateSysUser(phone, name, account, sex, password,roleId, id, subName);
 			int updateHhUser = partnerMapper.updateHhUser(ysm, grade, idCard,position,parentId,parentIds,id);
 			int updateSchoolRef = partnerMapper.updateSchoolRef(schoolId, id);

service-manager/src/main/java/com/winsun/intercept/AuthIntercept.java

@@ -39,6 +39,8 @@ public class AuthIntercept extends HandlerInterceptorAdapter {
 
     private final static String AUTH_REDIS_PREFIX = "authRedis:";
 
+    private final static String AUTH_REDIS_SECURITY = "authRedisSecurity:";
+
     private final static Integer CACHE_TIME =  60;
 
     @Autowired
@@ -65,46 +67,63 @@ public class AuthIntercept extends HandlerInterceptorAdapter {
                 log.error("无权限");
                 return false;
             }
+
+            String key = AUTH_REDIS_PREFIX + StringUtils.join(roleList.toArray(), ",");
+
+            String securityKey = AUTH_REDIS_SECURITY + security;
+
+            String securityValue = stringRedisTemplate.opsForValue().get(securityKey);
+            if (StringUtils.isNotBlank(securityValue)) {
+                return false;
+            }
+
             ResponseData<String> stringResponseData = LoginUtils.pwdDecrypt(security);
             if (!stringResponseData.isSuccess()) {
                 log.error("鉴权失败");
                 return false;
             }
             String data = stringResponseData.getData();
-            String s = stringRedisTemplate.opsForValue().get(AUTH_REDIS_PREFIX + user.getRoleId());
+            String s = stringRedisTemplate.opsForValue().get(key);
             List<Menu> roleMenu = null;
             if (StringUtils.isNotBlank(s)) {
                 roleMenu = JSONObject.parseArray(s, Menu.class);
             }else {
                 roleMenu = sysUserMapper.getRoleMenu(roleList);
-                stringRedisTemplate.opsForValue().set(AUTH_REDIS_PREFIX + user.getRoleId(),
+                stringRedisTemplate.opsForValue().set(key,
                                 JSONObject.toJSONString(roleMenu),
                                 CACHE_TIME, TimeUnit.SECONDS);
             }
+
             if (roleMenu == null || roleMenu.isEmpty()) {
                 return false;
             }
+
             log.info("data: {}", data);
             for (Menu menu : roleMenu) {
+
+
+                if (menu == null || StringUtils.isBlank(menu.getUrl())) {
+                    continue;
+                }
                 log.info(menu.getUrl());
                 if (StringUtils.equals(menu.getUrl(), data)) {
                     log.info("获取到相同的菜单");
+
+                    stringRedisTemplate.opsForValue().set(securityKey, "1", 1, TimeUnit.HOURS);
+
                     return true;
                 }
             }
+
         }catch (Exception e) {
             e.printStackTrace();
         }
-
-        return super.preHandle(request, response, handler);
+        return false;
     }
 
     @Override
     public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
 
-        Map<String, Object> model = modelAndView.getModel();
-        log.info("结束信息: {}", JSONObject.toJSONString(model));
-
         super.postHandle(request, response, handler, modelAndView);
     }
 }