From 2455d0b859708e39fa9fd5b710bebee45c32b085 Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期三, 15 十二月 2021 15:03:44 +0800
Subject: [PATCH] add 增加 自定义 Xss 校验注解 用户导入增加 Bean 校验
---
/dev/null | 24 --------
ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java | 4
ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java | 53 ++++++++---------
ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java | 50 +++++++---------
ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java | 3 +
5 files changed, 52 insertions(+), 82 deletions(-)
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java
index e26e784..522b989 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java
@@ -1,11 +1,11 @@
package com.ruoyi.common.utils;
+import com.ruoyi.common.utils.spring.SpringUtils;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import javax.validation.ConstraintViolation;
import javax.validation.ConstraintViolationException;
-import javax.validation.Validation;
import javax.validation.Validator;
import java.util.Set;
@@ -17,7 +17,7 @@
@NoArgsConstructor(access = AccessLevel.PRIVATE)
public class ValidatorUtils {
- private static final Validator VALID = Validation.buildDefaultValidatorFactory().getValidator();
+ private static final Validator VALID = SpringUtils.getBean(Validator.class);
public static <T> void validate(T object, Class<?>... groups) {
Set<ConstraintViolation<T>> validate = VALID.validate(object, groups);
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java
deleted file mode 100644
index d9821e0..0000000
--- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package com.ruoyi.common.utils.bean;
-
-import java.util.Set;
-import javax.validation.ConstraintViolation;
-import javax.validation.ConstraintViolationException;
-import javax.validation.Validator;
-
-/**
- * bean瀵硅薄灞炴�ч獙璇�
- *
- * @author ruoyi
- */
-public class BeanValidators
-{
- public static void validateWithException(Validator validator, Object object, Class<?>... groups)
- throws ConstraintViolationException
- {
- Set<ConstraintViolation<Object>> constraintViolations = validator.validate(object, groups);
- if (!constraintViolations.isEmpty())
- {
- throw new ConstraintViolationException(constraintViolations);
- }
- }
-}
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java b/ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
index 14e43dc..0a26d60 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java
@@ -1,27 +1,26 @@
-package com.ruoyi.common.xss;
-
-import javax.validation.Constraint;
-import javax.validation.Payload;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * 鑷畾涔墄ss鏍¢獙娉ㄨВ
- *
- * @author ruoyi
- */
-@Retention(RetentionPolicy.RUNTIME)
-@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
-@Constraint(validatedBy = { XssValidator.class })
-public @interface Xss
-{
- String message()
-
- default "涓嶅厑璁镐换浣曡剼鏈繍琛�";
-
- Class<?>[] groups() default {};
-
- Class<? extends Payload>[] payload() default {};
-}
+package com.ruoyi.common.xss;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 鑷畾涔墄ss鏍¢獙娉ㄨВ
+ *
+ * @author Lion Li
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER})
+@Constraint(validatedBy = {XssValidator.class})
+public @interface Xss {
+
+ String message() default "涓嶅厑璁镐换浣曡剼鏈繍琛�";
+
+ Class<?>[] groups() default {};
+
+ Class<? extends Payload>[] payload() default {};
+
+}
diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java b/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
index 4316372..03102df 100644
--- a/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java
@@ -1,29 +1,21 @@
-package com.ruoyi.common.xss;
-
-import javax.validation.ConstraintValidator;
-import javax.validation.ConstraintValidatorContext;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- * 鑷畾涔墄ss鏍¢獙娉ㄨВ瀹炵幇
- *
- * @author ruoyi
- */
-public class XssValidator implements ConstraintValidator<Xss, String>
-{
- private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
-
- @Override
- public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)
- {
- return !containsHtml(value);
- }
-
- public boolean containsHtml(String value)
- {
- Pattern pattern = Pattern.compile(HTML_PATTERN);
- Matcher matcher = pattern.matcher(value);
- return matcher.matches();
- }
-}
\ No newline at end of file
+package com.ruoyi.common.xss;
+
+import cn.hutool.core.util.ReUtil;
+import cn.hutool.http.HtmlUtil;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+/**
+ * 鑷畾涔墄ss鏍¢獙娉ㄨВ瀹炵幇
+ *
+ * @author Lion Li
+ */
+public class XssValidator implements ConstraintValidator<Xss, String> {
+
+ @Override
+ public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
+ return !ReUtil.contains(HtmlUtil.RE_HTML_MARK, value);
+ }
+
+}
diff --git a/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java b/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
index a53e909..3b700d4 100644
--- a/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
+++ b/ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java
@@ -9,6 +9,7 @@
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.ValidatorUtils;
import com.ruoyi.common.utils.spring.SpringUtils;
import com.ruoyi.system.domain.vo.SysUserImportVo;
import com.ruoyi.system.service.ISysConfigService;
@@ -53,12 +54,14 @@
// 楠岃瘉鏄惁瀛樺湪杩欎釜鐢ㄦ埛
if (StringUtils.isNull(user)) {
user = BeanUtil.toBean(userVo, SysUser.class);
+ ValidatorUtils.validate(user);
user.setPassword(password);
user.setCreateBy(operName);
userService.insertUser(user);
successNum++;
successMsg.append("<br/>").append(successNum).append("銆佽处鍙� ").append(user.getUserName()).append(" 瀵煎叆鎴愬姛");
} else if (isUpdateSupport) {
+ ValidatorUtils.validate(user);
user.setUpdateBy(operName);
userService.updateUser(user);
successNum++;
--
Gitblit v1.9.3