From 2d8f380b718d657c6e08aae06e909e5e544152ad Mon Sep 17 00:00:00 2001
From: 疯狂的狮子li <15040126243@163.com>
Date: 星期五, 02 七月 2021 09:39:07 +0800
Subject: [PATCH] update 优化 增加MP注入异常拦截
---
ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java | 99 ++++++++++++++++++++++++++++++-------------------
1 files changed, 60 insertions(+), 39 deletions(-)
diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
index 75dea08..d5c0fe8 100644
--- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
+++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/LogAspect.java
@@ -1,9 +1,17 @@
package com.ruoyi.framework.aspectj;
-import java.lang.reflect.Method;
-import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
+import cn.hutool.core.lang.Validator;
+import cn.hutool.core.util.StrUtil;
+import com.ruoyi.common.annotation.Log;
+import com.ruoyi.common.core.domain.model.LoginUser;
+import com.ruoyi.common.enums.BusinessStatus;
+import com.ruoyi.common.enums.HttpMethod;
+import com.ruoyi.common.utils.JsonUtils;
+import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.spring.SpringUtils;
+import com.ruoyi.framework.web.service.AsyncService;
+import com.ruoyi.framework.web.service.TokenService;
+import com.ruoyi.system.domain.SysOperLog;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.Signature;
import org.aspectj.lang.annotation.AfterReturning;
@@ -14,25 +22,19 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
+import org.springframework.validation.BindingResult;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.HandlerMapping;
-import com.alibaba.fastjson.JSON;
-import com.ruoyi.common.annotation.Log;
-import com.ruoyi.common.core.domain.model.LoginUser;
-import com.ruoyi.common.enums.BusinessStatus;
-import com.ruoyi.common.enums.HttpMethod;
-import com.ruoyi.common.utils.ServletUtils;
-import com.ruoyi.common.utils.StringUtils;
-import com.ruoyi.common.utils.ip.IpUtils;
-import com.ruoyi.common.utils.spring.SpringUtils;
-import com.ruoyi.framework.manager.AsyncManager;
-import com.ruoyi.framework.manager.factory.AsyncFactory;
-import com.ruoyi.framework.web.service.TokenService;
-import com.ruoyi.system.domain.SysOperLog;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.lang.reflect.Method;
+import java.util.Collection;
+import java.util.Map;
/**
* 鎿嶄綔鏃ュ織璁板綍澶勭悊
- *
+ *
* @author ruoyi
*/
@Aspect
@@ -60,7 +62,7 @@
/**
* 鎷︽埅寮傚父鎿嶄綔
- *
+ *
* @param joinPoint 鍒囩偣
* @param e 寮傚父
*/
@@ -88,10 +90,10 @@
SysOperLog operLog = new SysOperLog();
operLog.setStatus(BusinessStatus.SUCCESS.ordinal());
// 璇锋眰鐨勫湴鍧�
- String ip = IpUtils.getIpAddr(ServletUtils.getRequest());
+ String ip = ServletUtils.getClientIP();
operLog.setOperIp(ip);
// 杩斿洖鍙傛暟
- operLog.setJsonResult(JSON.toJSONString(jsonResult));
+ operLog.setJsonResult(JsonUtils.toJsonString(jsonResult));
operLog.setOperUrl(ServletUtils.getRequest().getRequestURI());
if (loginUser != null)
@@ -102,7 +104,7 @@
if (e != null)
{
operLog.setStatus(BusinessStatus.FAIL.ordinal());
- operLog.setErrorMsg(StringUtils.substring(e.getMessage(), 0, 2000));
+ operLog.setErrorMsg(StrUtil.sub(e.getMessage(), 0, 2000));
}
// 璁剧疆鏂规硶鍚嶇О
String className = joinPoint.getTarget().getClass().getName();
@@ -113,7 +115,7 @@
// 澶勭悊璁剧疆娉ㄨВ涓婄殑鍙傛暟
getControllerMethodDescription(joinPoint, controllerLog, operLog);
// 淇濆瓨鏁版嵁搴�
- AsyncManager.me().execute(AsyncFactory.recordOper(operLog));
+ SpringUtils.getBean(AsyncService.class).recordOper(operLog);
}
catch (Exception exp)
{
@@ -126,7 +128,7 @@
/**
* 鑾峰彇娉ㄨВ涓鏂规硶鐨勬弿杩颁俊鎭� 鐢ㄤ簬Controller灞傛敞瑙�
- *
+ *
* @param log 鏃ュ織
* @param operLog 鎿嶄綔鏃ュ織
* @throws Exception
@@ -149,7 +151,7 @@
/**
* 鑾峰彇璇锋眰鐨勫弬鏁帮紝鏀惧埌log涓�
- *
+ *
* @param operLog 鎿嶄綔鏃ュ織
* @throws Exception 寮傚父
*/
@@ -159,12 +161,12 @@
if (HttpMethod.PUT.name().equals(requestMethod) || HttpMethod.POST.name().equals(requestMethod))
{
String params = argsArrayToString(joinPoint.getArgs());
- operLog.setOperParam(StringUtils.substring(params, 0, 2000));
+ operLog.setOperParam(StrUtil.sub(params, 0, 2000));
}
else
{
Map<?, ?> paramsMap = (Map<?, ?>) ServletUtils.getRequest().getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
- operLog.setOperParam(StringUtils.substring(paramsMap.toString(), 0, 2000));
+ operLog.setOperParam(StrUtil.sub(paramsMap.toString(), 0, 2000));
}
}
@@ -189,29 +191,48 @@
*/
private String argsArrayToString(Object[] paramsArray)
{
- String params = "";
+ StringBuilder params = new StringBuilder();
if (paramsArray != null && paramsArray.length > 0)
{
- for (int i = 0; i < paramsArray.length; i++)
- {
- if (!isFilterObject(paramsArray[i]))
- {
- Object jsonObj = JSON.toJSON(paramsArray[i]);
- params += jsonObj.toString() + " ";
- }
- }
+ for (Object o : paramsArray) {
+ if (Validator.isNotNull(o) && !isFilterObject(o)) {
+ params.append(JsonUtils.toJsonString(o)).append(" ");
+ }
+ }
}
- return params.trim();
+ return params.toString().trim();
}
/**
* 鍒ゆ柇鏄惁闇�瑕佽繃婊ょ殑瀵硅薄銆�
- *
+ *
* @param o 瀵硅薄淇℃伅銆�
* @return 濡傛灉鏄渶瑕佽繃婊ょ殑瀵硅薄锛屽垯杩斿洖true锛涘惁鍒欒繑鍥瀎alse銆�
*/
+ @SuppressWarnings("rawtypes")
public boolean isFilterObject(final Object o)
{
- return o instanceof MultipartFile || o instanceof HttpServletRequest || o instanceof HttpServletResponse;
+ Class<?> clazz = o.getClass();
+ if (clazz.isArray())
+ {
+ return clazz.getComponentType().isAssignableFrom(MultipartFile.class);
+ }
+ else if (Collection.class.isAssignableFrom(clazz))
+ {
+ Collection collection = (Collection) o;
+ for (Object value : collection) {
+ return value instanceof MultipartFile;
+ }
+ }
+ else if (Map.class.isAssignableFrom(clazz))
+ {
+ Map map = (Map) o;
+ for (Object value : map.entrySet()) {
+ Map.Entry entry = (Map.Entry) value;
+ return entry.getValue() instanceof MultipartFile;
+ }
+ }
+ return o instanceof MultipartFile || o instanceof HttpServletRequest || o instanceof HttpServletResponse
+ || o instanceof BindingResult;
}
}
--
Gitblit v1.9.3