lbqms.git - Gitblit

疯狂的狮子li

2021-12-15 2455d0b859708e39fa9fd5b710bebee45c32b085

add 增加 自定义 Xss 校验注解 用户导入增加 Bean 校验

已修改4个文件

已删除1个文件

	ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java	4 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java	24 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java	53 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java	50 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java	3 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java

@@ -1,11 +1,11 @@
package com.ruoyi.common.utils;

import com.ruoyi.common.utils.spring.SpringUtils;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;

import javax.validation.ConstraintViolation;
import javax.validation.ConstraintViolationException;
import javax.validation.Validation;
import javax.validation.Validator;
import java.util.Set;

@@ -17,7 +17,7 @@
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class ValidatorUtils {

    private static final Validator VALID = Validation.buildDefaultValidatorFactory().getValidator();
    private static final Validator VALID = SpringUtils.getBean(Validator.class);

    public static <T> void validate(T object, Class<?>... groups) {
        Set<ConstraintViolation<T>> validate = VALID.validate(object, groups);

 ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java

ÎÄ¼þÒÑÉ¾³ý

 ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java

@@ -1,27 +1,26 @@
package com.ruoyi.common.xss;



import javax.validation.Constraint;

import javax.validation.Payload;

import java.lang.annotation.ElementType;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.Target;



/**

 * èªå®ä¹xssæ ¡éªæ³¨è§£

 * 
 * @author ruoyi

 */

@Retention(RetentionPolicy.RUNTIME)

@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })

@Constraint(validatedBy = { XssValidator.class })

public @interface Xss

{

    String message()



    default "ä¸åè®¸ä»»ä½èæ¬è¿è¡";



    Class<?>[] groups() default {};



    Class<? extends Payload>[] payload() default {};

}

package com.ruoyi.common.xss;

import javax.validation.Constraint;
import javax.validation.Payload;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;

/**
 * èªå®ä¹xssæ ¡éªæ³¨è§£
 *
 * @author Lion Li
 */
@Retention(RetentionPolicy.RUNTIME)
@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER})
@Constraint(validatedBy = {XssValidator.class})
public @interface Xss {

    String message() default "ä¸åè®¸ä»»ä½èæ¬è¿è¡";

    Class<?>[] groups() default {};

    Class<? extends Payload>[] payload() default {};

}

 ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java

@@ -1,29 +1,21 @@
package com.ruoyi.common.xss;



import javax.validation.ConstraintValidator;

import javax.validation.ConstraintValidatorContext;

import java.util.regex.Matcher;

import java.util.regex.Pattern;



/**

 * èªå®ä¹xssæ ¡éªæ³¨è§£å®ç°

 * 
 * @author ruoyi

 */

public class XssValidator implements ConstraintValidator<Xss, String>

{

    private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";



    @Override

    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)

    {

        return !containsHtml(value);

    }



    public boolean containsHtml(String value)

    {

        Pattern pattern = Pattern.compile(HTML_PATTERN);

        Matcher matcher = pattern.matcher(value);

        return matcher.matches();

    }

}
package com.ruoyi.common.xss;

import cn.hutool.core.util.ReUtil;
import cn.hutool.http.HtmlUtil;

import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;

/**
 * èªå®ä¹xssæ ¡éªæ³¨è§£å®ç°
 *
 * @author Lion Li
 */
public class XssValidator implements ConstraintValidator<Xss, String> {

    @Override
    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
        return !ReUtil.contains(HtmlUtil.RE_HTML_MARK, value);
    }

}

 ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java

@@ -9,6 +9,7 @@
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ValidatorUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.vo.SysUserImportVo;
import com.ruoyi.system.service.ISysConfigService;
@@ -53,12 +54,14 @@
            // éªè¯æ¯å¦åå¨è¿ä¸ªç¨æ·
            if (StringUtils.isNull(user)) {
                user = BeanUtil.toBean(userVo, SysUser.class);
                ValidatorUtils.validate(user);
                user.setPassword(password);
                user.setCreateBy(operName);
                userService.insertUser(user);
                successNum++;
                successMsg.append("<br/>").append(successNum).append("ãè´¦å· ").append(user.getUserName()).append(" å¯¼å¥æå");
            } else if (isUpdateSupport) {
                ValidatorUtils.validate(user);
                user.setUpdateBy(operName);
                userService.updateUser(user);
                successNum++;

			@@ -1,11 +1,11 @@
			package com.ruoyi.common.utils;

			import com.ruoyi.common.utils.spring.SpringUtils;
			import lombok.AccessLevel;
			import lombok.NoArgsConstructor;

			import javax.validation.ConstraintViolation;
			import javax.validation.ConstraintViolationException;
			import javax.validation.Validation;
			import javax.validation.Validator;
			import java.util.Set;

			@@ -17,7 +17,7 @@
			@NoArgsConstructor(access = AccessLevel.PRIVATE)
			public class ValidatorUtils {

			private static final Validator VALID = Validation.buildDefaultValidatorFactory().getValidator();
			private static final Validator VALID = SpringUtils.getBean(Validator.class);

			public static <T> void validate(T object, Class<?>... groups) {
			Set<ConstraintViolation<T>> validate = VALID.validate(object, groups);

			@@ -1,27 +1,26 @@
			package com.ruoyi.common.xss;

			import javax.validation.Constraint;
			import javax.validation.Payload;
			import java.lang.annotation.ElementType;
			import java.lang.annotation.Retention;
			import java.lang.annotation.RetentionPolicy;
			import java.lang.annotation.Target;

			/**
			* èªå®ä¹xssæ ¡éªæ³¨è§£
			*
			* @author ruoyi
			*/
			@Retention(RetentionPolicy.RUNTIME)
			@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
			@Constraint(validatedBy = { XssValidator.class })
			public @interface Xss
			{
			String message()

			default "ä¸åè®¸ä»»ä½èæ¬è¿è¡";

			Class<?>[] groups() default {};

			Class<? extends Payload>[] payload() default {};
			}
			package com.ruoyi.common.xss;

			import javax.validation.Constraint;
			import javax.validation.Payload;
			import java.lang.annotation.ElementType;
			import java.lang.annotation.Retention;
			import java.lang.annotation.RetentionPolicy;
			import java.lang.annotation.Target;

			/**
			* èªå®ä¹xssæ ¡éªæ³¨è§£
			*
			* @author Lion Li
			*/
			@Retention(RetentionPolicy.RUNTIME)
			@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER})
			@Constraint(validatedBy = {XssValidator.class})
			public @interface Xss {

			String message() default "ä¸åè®¸ä»»ä½èæ¬è¿è¡";

			Class<?>[] groups() default {};

			Class<? extends Payload>[] payload() default {};

			}

			@@ -1,29 +1,21 @@
			package com.ruoyi.common.xss;

			import javax.validation.ConstraintValidator;
			import javax.validation.ConstraintValidatorContext;
			import java.util.regex.Matcher;
			import java.util.regex.Pattern;

			/**
			* èªå®ä¹xssæ ¡éªæ³¨è§£å®ç°
			*
			* @author ruoyi
			*/
			public class XssValidator implements ConstraintValidator<Xss, String>
			{
			private final String HTML_PATTERN = "<(\\S?)[^>]>.?\|<.? />";

			@Override
			public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)
			{
			return !containsHtml(value);
			}

			public boolean containsHtml(String value)
			{
			Pattern pattern = Pattern.compile(HTML_PATTERN);
			Matcher matcher = pattern.matcher(value);
			return matcher.matches();
			}
			}
			package com.ruoyi.common.xss;

			import cn.hutool.core.util.ReUtil;
			import cn.hutool.http.HtmlUtil;

			import javax.validation.ConstraintValidator;
			import javax.validation.ConstraintValidatorContext;

			/**
			* èªå®ä¹xssæ ¡éªæ³¨è§£å®ç°
			*
			* @author Lion Li
			*/
			public class XssValidator implements ConstraintValidator<Xss, String> {

			@Override
			public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
			return !ReUtil.contains(HtmlUtil.RE_HTML_MARK, value);
			}

			}

			@@ -9,6 +9,7 @@
			import com.ruoyi.common.exception.ServiceException;
			import com.ruoyi.common.utils.SecurityUtils;
			import com.ruoyi.common.utils.StringUtils;
			import com.ruoyi.common.utils.ValidatorUtils;
			import com.ruoyi.common.utils.spring.SpringUtils;
			import com.ruoyi.system.domain.vo.SysUserImportVo;
			import com.ruoyi.system.service.ISysConfigService;
			@@ -53,12 +54,14 @@
			// éªè¯æ¯å¦åå¨è¿ä¸ªç¨æ·
			if (StringUtils.isNull(user)) {
			user = BeanUtil.toBean(userVo, SysUser.class);
			ValidatorUtils.validate(user);
			user.setPassword(password);
			user.setCreateBy(operName);
			userService.insertUser(user);
			successNum++;
			successMsg.append("<br/>").append(successNum).append("ãè´¦å· ").append(user.getUserName()).append(" å¯¼å¥æå");
			} else if (isUpdateSupport) {
			ValidatorUtils.validate(user);
			user.setUpdateBy(operName);
			userService.updateUser(user);
			successNum++;