diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/Filter/XssFilter.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/Filter/XssFilter.java new file mode 100644 index 0000000..da60bfa --- /dev/null +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/Filter/XssFilter.java @@ -0,0 +1,14 @@ +package net.lab1024.sa.admin.Filter; + +import jakarta.servlet.*; +import jakarta.servlet.http.HttpServletRequest; +import java.io.IOException; + +public class XssFilter implements Filter{ + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + chain.doFilter(new XssRequestWrapper((HttpServletRequest) request), response); + } +} diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/Filter/XssRequestWrapper.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/Filter/XssRequestWrapper.java new file mode 100644 index 0000000..7eef7d8 --- /dev/null +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/Filter/XssRequestWrapper.java @@ -0,0 +1,30 @@ +package net.lab1024.sa.admin.Filter; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletRequestWrapper; +import org.jsoup.Jsoup; +import org.jsoup.safety.Safelist; + +public class XssRequestWrapper extends HttpServletRequestWrapper { + public XssRequestWrapper(HttpServletRequest request) { + super(request); + } + + @Override + public String[] getParameterValues(String parameter) { + String[] values = super.getParameterValues(parameter); + if (values == null) { + return null; + } + int count = values.length; + String[] encodedValues = new String[count]; + for (int i = 0; i < count; i++) { + encodedValues[i] = cleanXss(values[i]); + } + return encodedValues; + } + + private String cleanXss(String value) { + return Jsoup.clean(value, Safelist.relaxed()); + } +} diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/MvcConfig.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/MvcConfig.java index 232a88c..c9f175a 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/MvcConfig.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/config/MvcConfig.java @@ -1,8 +1,11 @@ package net.lab1024.sa.admin.config; import jakarta.annotation.Resource; +import net.lab1024.sa.admin.Filter.XssFilter; import net.lab1024.sa.admin.interceptor.AdminInterceptor; import net.lab1024.sa.base.config.SwaggerConfig; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; @@ -36,4 +39,14 @@ public class MvcConfig implements WebMvcConfigurer { registry.addResourceHandler("/webjars/**").addResourceLocations("classpath:/META-INF/resources/webjars/"); } + @Bean + public FilterRegistrationBean xssFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean<>(); + registration.setFilter(new XssFilter()); + registration.addUrlPatterns("/*"); + registration.setName("xssFilter"); + registration.setOrder(1); + return registration; + } + } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/address/controller/AddressController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/address/controller/AddressController.java index 62b587a..72f67f9 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/address/controller/AddressController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/address/controller/AddressController.java @@ -85,7 +85,7 @@ public class AddressController { @Operation(summary = "批量删除 @author hj") @PostMapping("/address/batchDelete") - @SaCheckPermission("address:batchDelete") + @SaCheckPermission("address:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return addressService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/area/controller/AreaController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/area/controller/AreaController.java index 82aedee..6568fb4 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/area/controller/AreaController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/area/controller/AreaController.java @@ -72,7 +72,7 @@ public class AreaController { @Operation(summary = "批量删除 @author hj") @PostMapping("/area/batchDelete") - @SaCheckPermission("area:batchDelete") + @SaCheckPermission("area:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return areaService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/customer/controller/CustomerController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/customer/controller/CustomerController.java index aced5b0..596a383 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/customer/controller/CustomerController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/customer/controller/CustomerController.java @@ -72,7 +72,7 @@ public class CustomerController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/customer/batchDelete") - @SaCheckPermission("customer:batchDelete") + @SaCheckPermission("customer:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return customerService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/item/controller/ItemController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/item/controller/ItemController.java index 5c7edd3..76b3ef6 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/item/controller/ItemController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/item/controller/ItemController.java @@ -84,7 +84,7 @@ public class ItemController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/item/batchDelete") - @SaCheckPermission("item:batchDelete") + @SaCheckPermission("item:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return itemService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/location/controller/LocationController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/location/controller/LocationController.java index a2585bf..b6daabd 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/location/controller/LocationController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/location/controller/LocationController.java @@ -73,7 +73,7 @@ public class LocationController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/location/batchDelete") - @SaCheckPermission("location:batchDelete") + @SaCheckPermission("location:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return locationService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/stock/controller/StockController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/stock/controller/StockController.java index 1f3f1f2..313628b 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/stock/controller/StockController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/base/stock/controller/StockController.java @@ -84,7 +84,7 @@ public class StockController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/stock/batchDelete") - @SaCheckPermission("stock:batchDelete") + @SaCheckPermission("stock:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return stockService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/inventory/inventory/controller/InventoryController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/inventory/inventory/controller/InventoryController.java index f5e28f5..f58a0e6 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/inventory/inventory/controller/InventoryController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/inventory/inventory/controller/InventoryController.java @@ -61,7 +61,7 @@ public class InventoryController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/inventory/batchDelete") - @SaCheckPermission("inventory:batchDelete") + @SaCheckPermission("inventory:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return inventoryService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/jimuReport/JimuReportTokenServiceImpl.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/jimuReport/JimuReportTokenServiceImpl.java index 7666fb5..407b0d2 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/jimuReport/JimuReportTokenServiceImpl.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/jimuReport/JimuReportTokenServiceImpl.java @@ -1,28 +1,53 @@ package net.lab1024.sa.admin.module.business.wms.jimuReport; +import cn.dev33.satoken.session.SaSession; +import cn.dev33.satoken.stp.StpUtil; +import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; +import lombok.extern.slf4j.Slf4j; +import net.lab1024.sa.admin.module.system.login.domain.LoginResultVO; +import net.lab1024.sa.admin.module.system.login.service.LoginService; +import net.lab1024.sa.admin.util.AdminRequestUtil; +import net.lab1024.sa.base.common.util.SmartRequestUtil; +import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpHeaders; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; import org.springframework.stereotype.Component; +import org.springframework.stereotype.Service; /** * 自定义积木报表鉴权(如果不进行自定义,则所有请求不做权限控制) * 1.自定义获取登录token * 2.自定义获取登录用户 */ -@Component +@Service +@Slf4j public class JimuReportTokenServiceImpl implements JmReportTokenServiceI { + @Resource + private LoginService loginService; + /** * 通过请求获取Token + * * @param request * @return */ @Override public String getToken(HttpServletRequest request) { - //System.out.println("---------call---------getToken-----------------------"); - //return TokenUtils.getTokenByRequest(request); - return "123456"; + try { + String token = request.getParameter("token"); + if (StringUtils.isNoneBlank(token)) { + return token; + } + String token2 = request.getHeader("x-access-token"); + if (StringUtils.isNoneBlank(token2)) { + return token2; + } + } catch (Exception e) { + log.error("getToken error:{}", e.getMessage()); + } + return null; } /** @@ -47,6 +72,7 @@ public class JimuReportTokenServiceImpl implements JmReportTokenServiceI { /** * 通过Token获取登录人用户名 + * * @param token * @return */ @@ -65,7 +91,7 @@ public class JimuReportTokenServiceImpl implements JmReportTokenServiceI { @Override public String[] getRoles(String token) { //积木内置三个角色 "admin","lowdeveloper","dbadeveloper" - return new String[]{"admin","lowdeveloper","dbadeveloper"}; + return new String[]{"admin", "lowdeveloper", "dbadeveloper"}; } @@ -81,30 +107,31 @@ public class JimuReportTokenServiceImpl implements JmReportTokenServiceI { //onl:drag:clear:recovery 清空回收站 //drag:analysis:sql SQL解析 //drag:design:getTotalData 仪表盘对Online表单展示数据 - return new String[]{"drag:datasource:testConnection","onl:drag:clear:recovery","drag:analysis:sql","drag:design:getTotalData"}; + return new String[]{"drag:datasource:testConnection", "onl:drag:clear:recovery", "drag:analysis:sql", "drag:design:getTotalData"}; } /** * Token校验 + * * @param token * @return */ @Override public Boolean verifyToken(String token) { - //System.out.println("---------verify-----Token---------------"); - //return TokenUtils.verifyToken(token, sysBaseAPI, redisUtil); - return true; + String loginId = (String) StpUtil.getLoginIdByToken(token); + return StringUtils.isNoneBlank(loginId); } /** - * 自定义请求头 + * 自定义请求头 + * * @return */ @Override public HttpHeaders customApiHeader() { HttpHeaders header = new HttpHeaders(); header.add("custom-header1", "Please set a custom value 1"); - header.add("token", "token value 2"); + header.add("token", "1231231313213"); return header; } } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asn/controller/AsnController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asn/controller/AsnController.java index 46f7f8e..e128e94 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asn/controller/AsnController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asn/controller/AsnController.java @@ -70,7 +70,7 @@ public class AsnController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/asn/batchDelete") - @SaCheckPermission("asn:batchDelete") + @SaCheckPermission("asn:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return asnService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asnDetail/controller/AsnDetailController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asnDetail/controller/AsnDetailController.java index 68f541f..3088e51 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asnDetail/controller/AsnDetailController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/receive/asnDetail/controller/AsnDetailController.java @@ -67,7 +67,7 @@ public class AsnDetailController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/asnDetail/batchDelete") - @SaCheckPermission("asnDetail:batchDelete") + @SaCheckPermission("asnDetail:delete") @OperateLog public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return asnDetailService.batchDelete(idList); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/requestSubmit/RequestSubmit.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/requestSubmit/RequestSubmit.java new file mode 100644 index 0000000..cfcaa48 --- /dev/null +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/requestSubmit/RequestSubmit.java @@ -0,0 +1,24 @@ +package net.lab1024.sa.admin.module.business.wms.requestSubmit; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +public @interface RequestSubmit { + // 限制时间(秒) + int value() default 1; + + // 用户标识类型(可选:IP/USER_ID) + IdentifierType identifierType() default IdentifierType.IP; + + // 自定义业务key(用于区分不同接口) + String key() default ""; + + enum IdentifierType { + IP, // 根据IP限制 + USER_ID // 根据用户ID限制 + } +} diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/requestSubmit/RequestSubmitSubmitAspect.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/requestSubmit/RequestSubmitSubmitAspect.java new file mode 100644 index 0000000..f71d5b4 --- /dev/null +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/requestSubmit/RequestSubmitSubmitAspect.java @@ -0,0 +1,85 @@ +package net.lab1024.sa.admin.module.business.wms.requestSubmit; + +import jakarta.annotation.Resource; +import jakarta.servlet.http.HttpServletRequest; +import net.lab1024.sa.base.common.domain.ResponseDTO; +import net.lab1024.sa.base.common.util.SmartRequestUtil; +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.data.redis.core.StringRedisTemplate; +import org.springframework.stereotype.Component; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import java.util.concurrent.TimeUnit; + +@Aspect +@Component +public class RequestSubmitSubmitAspect { + + @Autowired + private StringRedisTemplate redisTemplate; + + @Around("@annotation(repeatSubmit)") + public Object around(ProceedingJoinPoint joinPoint, RequestSubmit repeatSubmit) throws Throwable { + // 1. 生成Redis Key + String redisKey = buildRedisKey(joinPoint, repeatSubmit); + + // 2. 检查是否已存在请求记录 + if (Boolean.TRUE.equals(redisTemplate.hasKey(redisKey))) { + return ResponseDTO.userErrorParam("邮箱验证码已发送,一分钟内请勿重复发送"); + } + + // 3. 记录当前请求 + redisTemplate.opsForValue().set( + redisKey, + "1", + repeatSubmit.value(), + TimeUnit.SECONDS + ); + + // 4. 执行业务方法 + return joinPoint.proceed(); + } + + private String buildRedisKey(ProceedingJoinPoint joinPoint, RequestSubmit repeatSubmit) { + HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.currentRequestAttributes()) + .getRequest(); + + StringBuilder key = new StringBuilder("request_submit:"); + + // 添加业务key + if (!repeatSubmit.key().isEmpty()) { + key.append(repeatSubmit.key()).append(":"); + } + + // 添加用户标识 + switch (repeatSubmit.identifierType()) { + case IP: + key.append(getClientIp(request)); + break; + case USER_ID: + // 实际项目中从Token或Session获取用户ID + Long userId = SmartRequestUtil.getRequestUserId(); + if (userId == null) userId = 1L; + key.append(userId); + break; + default: + key.append("DEFAULT"); + } + + // 添加方法签名(防止不同接口冲突) + key.append(":").append(joinPoint.getSignature().toShortString()); + + return key.toString(); + } + + private String getClientIp(HttpServletRequest request) { + String ip = request.getHeader("X-Forwarded-For"); + if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) { + ip = request.getRemoteAddr(); + } + return ip; + } +} diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/shipping/pick/controller/PickController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/shipping/pick/controller/PickController.java index 053e61e..061e1af 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/shipping/pick/controller/PickController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/shipping/pick/controller/PickController.java @@ -63,7 +63,7 @@ public class PickController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/pick/batchDelete") - @SaCheckPermission("pick:batchDelete") + @SaCheckPermission("pick:delete") public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return pickService.batchDelete(idList); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/task/controller/TaskController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/task/controller/TaskController.java index 08a3dd3..3f8ddb3 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/task/controller/TaskController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/wms/task/controller/TaskController.java @@ -58,7 +58,7 @@ public class TaskController { @Operation(summary = "批量删除 @author 霍锦") @PostMapping("/task/batchDelete") - @SaCheckPermission("task:batchDelete") + @SaCheckPermission("task:delete") public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return taskService.batchDelete(idList); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/controller/EmployeeController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/controller/EmployeeController.java index 3d4154f..49d7f61 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/controller/EmployeeController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/controller/EmployeeController.java @@ -36,6 +36,7 @@ public class EmployeeController { @PostMapping("/employee/query") @Operation(summary = "员工管理查询 @author yaozz") + @SaCheckPermission("system:employee:query") public ResponseDTO> query(@Valid @RequestBody EmployeeQueryForm query) { return employeeService.queryEmployee(query); } @@ -56,6 +57,7 @@ public class EmployeeController { @Operation(summary = "更新员工个人中心信息 @author 善逸") @PostMapping("/employee/update/center") + @SaCheckPermission("system:employee:update") public ResponseDTO updateCenter(@Valid @RequestBody EmployeeUpdateCenterForm updateCenterForm) { updateCenterForm.setEmployeeId(SmartRequestUtil.getRequestUserId()); return employeeService.updateCenter(updateCenterForm); @@ -63,6 +65,7 @@ public class EmployeeController { @Operation(summary = "更新登录人头像 @author 善逸") @PostMapping("/employee/update/avatar") + @SaCheckPermission("system:employee:update") public ResponseDTO updateAvatar(@Valid @RequestBody EmployeeUpdateAvatarForm employeeUpdateAvatarForm) { employeeUpdateAvatarForm.setEmployeeId(SmartRequestUtil.getRequestUserId()); return employeeService.updateAvatar(employeeUpdateAvatarForm); @@ -92,6 +95,7 @@ public class EmployeeController { @Operation(summary = "修改密码 @author yaozz") @PostMapping("/employee/update/password") @ApiDecrypt + @SaCheckPermission("system:employee:password") public ResponseDTO updatePassword(@Valid @RequestBody EmployeeUpdatePasswordForm updatePasswordForm) { updatePasswordForm.setEmployeeId(SmartRequestUtil.getRequestUserId()); return employeeService.updatePassword(SmartRequestUtil.getRequestUser(), updatePasswordForm); @@ -100,6 +104,7 @@ public class EmployeeController { @Operation(summary = "获取密码复杂度 @author yaozz") @GetMapping("/employee/getPasswordComplexityEnabled") @ApiDecrypt + @SaCheckPermission("system:employee:password") public ResponseDTO getPasswordComplexityEnabled() { return ResponseDTO.ok(level3ProtectConfigService.isPasswordComplexityEnabled()); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java index 95723ac..f07bb70 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java @@ -8,6 +8,7 @@ import jakarta.annotation.Resource; import jakarta.servlet.http.HttpServletRequest; import jakarta.validation.Valid; import net.lab1024.sa.admin.constant.AdminSwaggerTagConst; +import net.lab1024.sa.admin.module.business.wms.requestSubmit.RequestSubmit; import net.lab1024.sa.admin.module.system.login.domain.LoginForm; import net.lab1024.sa.admin.module.system.login.domain.LoginResultVO; import net.lab1024.sa.admin.module.system.login.service.LoginService; @@ -17,6 +18,7 @@ import net.lab1024.sa.base.common.constant.RequestHeaderConst; import net.lab1024.sa.base.common.domain.ResponseDTO; import net.lab1024.sa.base.common.util.SmartRequestUtil; import net.lab1024.sa.base.module.support.captcha.domain.CaptchaVO; +import net.lab1024.sa.base.module.support.repeatsubmit.annoation.RepeatSubmit; import net.lab1024.sa.base.module.support.securityprotect.service.Level3ProtectConfigService; import org.springframework.web.bind.annotation.*; @@ -67,9 +69,11 @@ public class LoginController { return loginService.getCaptcha(); } - @NoNeedLogin + @GetMapping("/login/sendEmailCode/{loginName}") @Operation(summary = "获取邮箱登录验证码 @author yaozz") + @NoNeedLogin + @RequestSubmit(value = 60, key = "sendEmailCode") public ResponseDTO sendEmailCode(@PathVariable String loginName) { return loginService.sendEmailCode(loginName); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java index 9ef5ac1..5f0c5d2 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java @@ -231,6 +231,7 @@ public class LoginService implements StpInterface { // 获取登录结果信息 String token = StpUtil.getTokenValue(); + LoginResultVO loginResultVO = getLoginResult(requestEmployee, token); //保存登录记录 diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/controller/MenuController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/controller/MenuController.java index 6cbcb9a..914ced8 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/controller/MenuController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/controller/MenuController.java @@ -57,6 +57,7 @@ public class MenuController { @Operation(summary = "查询菜单列表 @author yaozz") @GetMapping("/menu/query") + @SaCheckPermission("system:menu:query") public ResponseDTO> queryMenuList() { return ResponseDTO.ok(menuService.queryMenuList(null)); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/position/controller/PositionController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/position/controller/PositionController.java index 832baf2..f41953b 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/position/controller/PositionController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/position/controller/PositionController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.admin.module.system.position.controller; +import cn.dev33.satoken.annotation.SaCheckPermission; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; @@ -34,31 +35,36 @@ public class PositionController { @Operation(summary = "分页查询 @author kaiyun") @PostMapping("/position/queryPage") + @SaCheckPermission("system:position:query") public ResponseDTO> queryPage(@RequestBody @Valid PositionQueryForm queryForm) { return ResponseDTO.ok(positionService.queryPage(queryForm)); } @Operation(summary = "添加 @author kaiyun") @PostMapping("/position/add") + @SaCheckPermission("system:position:add") public ResponseDTO add(@RequestBody @Valid PositionAddForm addForm) { return positionService.add(addForm); } @Operation(summary = "更新 @author kaiyun") @PostMapping("/position/update") + @SaCheckPermission("system:position:update") public ResponseDTO update(@RequestBody @Valid PositionUpdateForm updateForm) { return positionService.update(updateForm); } @Operation(summary = "批量删除 @author kaiyun") @PostMapping("/position/batchDelete") + @SaCheckPermission("system:position:batchDelete") public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return positionService.batchDelete(idList); } @Operation(summary = "单个删除 @author kaiyun") @GetMapping("/position/delete/{positionId}") - public ResponseDTO batchDelete(@PathVariable Long positionId) { + @SaCheckPermission("system:position:delete") + public ResponseDTO delete(@PathVariable Long positionId) { return positionService.delete(positionId); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminApiEncryptController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminApiEncryptController.java index 5540270..2f19b5d 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminApiEncryptController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminApiEncryptController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.admin.module.system.support; +import cn.dev33.satoken.annotation.SaCheckPermission; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.validation.Valid; @@ -37,6 +38,7 @@ public class AdminApiEncryptController extends SupportBaseController { @ApiDecrypt @PostMapping("/apiEncrypt/testRequestEncrypt") @Operation(summary = "测试 请求加密") + @SaCheckPermission("support:apiEncrypt:testRequestEncrypt") public ResponseDTO testRequestEncrypt(@RequestBody @Valid JweForm form) { return ResponseDTO.ok(form); } @@ -44,6 +46,7 @@ public class AdminApiEncryptController extends SupportBaseController { @ApiEncrypt @PostMapping("/apiEncrypt/testResponseEncrypt") @Operation(summary = "测试 返回加密") + @SaCheckPermission("support:apiEncrypt:testResponseEncrypt") public ResponseDTO testResponseEncrypt(@RequestBody @Valid JweForm form) { return ResponseDTO.ok(form); } @@ -52,6 +55,7 @@ public class AdminApiEncryptController extends SupportBaseController { @ApiEncrypt @PostMapping("/apiEncrypt/testDecryptAndEncrypt") @Operation(summary = "测试 请求参数加密和解密、返回数据加密和解密") + @SaCheckPermission("support:apiEncrypt:testDecryptAndEncrypt") public ResponseDTO testDecryptAndEncrypt(@RequestBody @Valid JweForm form) { return ResponseDTO.ok(form); } @@ -60,6 +64,7 @@ public class AdminApiEncryptController extends SupportBaseController { @ApiEncrypt @PostMapping("/apiEncrypt/testArray") @Operation(summary = "测试 数组加密和解密") + @SaCheckPermission("support:apiEncrypt:testArray") public ResponseDTO> testArray(@RequestBody @Valid ValidateList list) { return ResponseDTO.ok(list); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminDataMaskingDemoController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminDataMaskingDemoController.java index 40fc65d..b63e1e9 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminDataMaskingDemoController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminDataMaskingDemoController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.admin.module.system.support; +import cn.dev33.satoken.annotation.SaCheckPermission; import cn.hutool.core.util.RandomUtil; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; @@ -29,6 +30,7 @@ public class AdminDataMaskingDemoController extends SupportBaseController { @Operation(summary = "数据脱敏demo @author YouChain-yaozz") @GetMapping("/dataMasking/demo/query") + @SaCheckPermission("support:dataMasking:query") public ResponseDTO> query() { List list = new ArrayList<>(); diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminHeartBeatController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminHeartBeatController.java index 3885715..c3c3db5 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminHeartBeatController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminHeartBeatController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.admin.module.system.support; +import cn.dev33.satoken.annotation.SaCheckPermission; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; @@ -31,6 +32,7 @@ public class AdminHeartBeatController extends SupportBaseController { @PostMapping("/heartBeat/query") @Operation(summary = "查询心跳记录 @author yaozz") + @SaCheckPermission("support:heartBeat:query") public ResponseDTO> query(@RequestBody @Valid HeartBeatRecordQueryForm pageParam) { return heartBeatService.pageQuery(pageParam); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminProtectController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminProtectController.java index 3b6b5ed..55421d2 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminProtectController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminProtectController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.admin.module.system.support; +import cn.dev33.satoken.annotation.SaCheckPermission; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; @@ -45,6 +46,7 @@ public class AdminProtectController extends SupportBaseController { @Operation(summary = "分页查询 @author YouChain-yaozz") @PostMapping("/protect/loginFail/queryPage") + @SaCheckPermission("support:loginFail:queryPage") public ResponseDTO> queryPage(@RequestBody @Valid LoginFailQueryForm queryForm) { return ResponseDTO.ok(securityLoginService.queryPage(queryForm)); } @@ -52,18 +54,21 @@ public class AdminProtectController extends SupportBaseController { @Operation(summary = "批量删除 @author YouChain-yaozz") @PostMapping("/protect/loginFail/batchDelete") + @SaCheckPermission("support:loginFail:batchDelete") public ResponseDTO batchDelete(@RequestBody ValidateList idList) { return securityLoginService.batchDelete(idList); } @Operation(summary = "更新三级等保配置 @author YouChain-yaozz") @PostMapping("/protect/level3protect/updateConfig") + @SaCheckPermission("support:level3protect:updateConfig") public ResponseDTO updateConfig(@RequestBody @Valid Level3ProtectConfigForm configForm) { return level3ProtectConfigService.updateLevel3Config(configForm); } @Operation(summary = "查询 三级等保配置 @author YouChain-yaozz") @GetMapping("/protect/level3protect/getConfig") + @SaCheckPermission("support:level3protect:getConfig") public ResponseDTO getConfig() { return ResponseDTO.ok(configService.getConfigValue(ConfigKeyEnum.LEVEL3_PROTECT_CONFIG)); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminReloadController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminReloadController.java index 9cff022..fb81e16 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminReloadController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminReloadController.java @@ -32,6 +32,7 @@ public class AdminReloadController extends SupportBaseController { @Operation(summary = "查询reload列表 @author 开云") @GetMapping("/reload/query") + @SaCheckPermission("support:reload:query") public ResponseDTO> query() { return reloadService.query(); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSerialNumberController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSerialNumberController.java index 081ed77..f9b3bee 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSerialNumberController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSerialNumberController.java @@ -58,6 +58,7 @@ public class AdminSerialNumberController extends SupportBaseController { @Operation(summary = "获取所有单号定义 @author yaozz") @GetMapping("/serialNumber/all") + @SaCheckPermission("support:serialNumber:all") public ResponseDTO> getAll() { return ResponseDTO.ok(serialNumberDao.selectList(null)); } diff --git a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSmartJobController.java b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSmartJobController.java index 0d53b13..48ff3dc 100644 --- a/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSmartJobController.java +++ b/nc_wms_java/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSmartJobController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.admin.module.system.support; +import cn.dev33.satoken.annotation.SaCheckPermission; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.validation.Valid; @@ -33,7 +34,7 @@ public class AdminSmartJobController extends SupportBaseController { @Operation(summary = "定时任务-立即执行 @yaozz") @PostMapping("/job/execute") - @RepeatSubmit + @SaCheckPermission("support:job:execute") public ResponseDTO execute(@RequestBody @Valid SmartJobExecuteForm executeForm) { RequestUser requestUser = SmartRequestUtil.getRequestUser(); executeForm.setUpdateName(requestUser.getUserName()); @@ -48,13 +49,14 @@ public class AdminSmartJobController extends SupportBaseController { @Operation(summary = "定时任务-分页查询 @yaozz") @PostMapping("/job/query") + @SaCheckPermission("support:job:query") public ResponseDTO> queryJob(@RequestBody @Valid SmartJobQueryForm queryForm) { return jobService.queryJob(queryForm); } @Operation(summary = "定时任务-添加任务 @huojin") @PostMapping("/job/add") - @RepeatSubmit + @SaCheckPermission("support:job:add") public ResponseDTO addJob(@RequestBody @Valid SmartJobAddForm addForm) { RequestUser requestUser = SmartRequestUtil.getRequestUser(); addForm.setUpdateName(requestUser.getUserName()); @@ -63,7 +65,7 @@ public class AdminSmartJobController extends SupportBaseController { @Operation(summary = "定时任务-更新-任务信息 @huojin") @PostMapping("/job/update") - @RepeatSubmit + @SaCheckPermission("support:job:update") public ResponseDTO updateJob(@RequestBody @Valid SmartJobUpdateForm updateForm) { RequestUser requestUser = SmartRequestUtil.getRequestUser(); updateForm.setUpdateName(requestUser.getUserName()); @@ -72,7 +74,7 @@ public class AdminSmartJobController extends SupportBaseController { @Operation(summary = "定时任务-更新-开启状态 @yaozz") @PostMapping("/job/update/enabled") - @RepeatSubmit + @SaCheckPermission("support:job:update") public ResponseDTO updateJobEnabled(@RequestBody @Valid SmartJobEnabledUpdateForm updateForm) { RequestUser requestUser = SmartRequestUtil.getRequestUser(); updateForm.setUpdateName(requestUser.getUserName()); @@ -81,13 +83,14 @@ public class AdminSmartJobController extends SupportBaseController { @Operation(summary = "定时任务-删除 @huojin") @GetMapping("/job/delete") - @RepeatSubmit + @SaCheckPermission("support:job:delete") public ResponseDTO deleteJob(@RequestParam Integer jobId) { return jobService.deleteJob(jobId, SmartRequestUtil.getRequestUser()); } @Operation(summary = "定时任务-执行记录-分页查询 @huojin") @PostMapping("/job/log/query") + @SaCheckPermission("support:job:log:query") public ResponseDTO> queryJobLog(@RequestBody @Valid SmartJobLogQueryForm queryForm) { return jobService.queryJobLog(queryForm); } diff --git a/nc_wms_java/sa-admin/src/main/resources/dev/application.yaml b/nc_wms_java/sa-admin/src/main/resources/dev/application.yaml index fe11e16..f6614f5 100644 --- a/nc_wms_java/sa-admin/src/main/resources/dev/application.yaml +++ b/nc_wms_java/sa-admin/src/main/resources/dev/application.yaml @@ -8,16 +8,15 @@ # 项目配置: 名称、日志目录 project: name: sa-admin - log-directory: /home/logs/nc_wms/${project.name}/${spring.profiles.active} + log-directory: /home/wms/java/${project.name}/${spring.profiles.active} # 项目端口和url根路径 server: port: 8000 ssl: - key-store: classpath:javaboy.p12 + key-store: file:/ssl/server.jks key-store-type: PKCS12 - key-store-password: 123456 - key-alias: tomcathttps + key-store-password: 56uvgemn enabled: true servlet: context-path: / diff --git a/nc_wms_java/sa-admin/src/main/resources/dev/log4j2-spring.xml b/nc_wms_java/sa-admin/src/main/resources/dev/log4j2-spring.xml index 14e3eea..d03ceca 100644 --- a/nc_wms_java/sa-admin/src/main/resources/dev/log4j2-spring.xml +++ b/nc_wms_java/sa-admin/src/main/resources/dev/log4j2-spring.xml @@ -106,7 +106,7 @@ - + diff --git a/nc_wms_java/sa-admin/src/main/resources/dev/spy.properties b/nc_wms_java/sa-admin/src/main/resources/dev/spy.properties index 667e1ea..07c57b3 100644 --- a/nc_wms_java/sa-admin/src/main/resources/dev/spy.properties +++ b/nc_wms_java/sa-admin/src/main/resources/dev/spy.properties @@ -15,4 +15,4 @@ dateformat=yyyy-MM-dd HH:mm:ss # 开启慢sql outagedetection=true # 慢SQL记录标准(单位秒) -outagedetectioninterval=2 \ No newline at end of file +outagedetectioninterval=5 \ No newline at end of file diff --git a/nc_wms_java/sa-admin/src/main/resources/javaboy.p12 b/nc_wms_java/sa-admin/src/main/resources/javaboy.p12 deleted file mode 100644 index de3cea2..0000000 Binary files a/nc_wms_java/sa-admin/src/main/resources/javaboy.p12 and /dev/null differ diff --git a/nc_wms_java/sa-admin/src/main/resources/prod/application.yaml b/nc_wms_java/sa-admin/src/main/resources/prod/application.yaml index b99c60d..6872d5b 100644 --- a/nc_wms_java/sa-admin/src/main/resources/prod/application.yaml +++ b/nc_wms_java/sa-admin/src/main/resources/prod/application.yaml @@ -8,17 +8,17 @@ # 项目配置: 名称、日志目录 project: name: sa-admin - log-directory: /home/logs/nc_wms/${project.name}/${spring.profiles.active} + log-directory: /home/logs/wms/${project.name}/${spring.profiles.active} # 项目端口和url根路径 server: port: 8000 ssl: - #key-store: classpath:server.jks + #key-store: classpath:server.jks 56uvgemn #key-store: file:C:\Users\hj\Downloads\server.jks key-store: file:/home/wms/server.jks key-store-type: PKCS12 - key-store-password: 56uvgemn + key-store-password: p263buoe enabled: true servlet: context-path: / diff --git a/nc_wms_java/sa-admin/src/main/resources/prod/log4j2-spring.xml b/nc_wms_java/sa-admin/src/main/resources/prod/log4j2-spring.xml index d03ceca..efb5e7d 100644 --- a/nc_wms_java/sa-admin/src/main/resources/prod/log4j2-spring.xml +++ b/nc_wms_java/sa-admin/src/main/resources/prod/log4j2-spring.xml @@ -106,7 +106,7 @@ - + diff --git a/nc_wms_java/sa-admin/src/main/resources/server.jks b/nc_wms_java/sa-admin/src/main/resources/server.jks deleted file mode 100644 index 5ae9e4b..0000000 Binary files a/nc_wms_java/sa-admin/src/main/resources/server.jks and /dev/null differ diff --git a/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/codegenerator/controller/CodeGeneratorController.java b/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/codegenerator/controller/CodeGeneratorController.java index c1bfc93..bc32903 100644 --- a/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/codegenerator/controller/CodeGeneratorController.java +++ b/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/codegenerator/controller/CodeGeneratorController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.base.module.support.codegenerator.controller; +import cn.dev33.satoken.annotation.SaCheckPermission; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import jakarta.annotation.Resource; @@ -49,6 +50,7 @@ public class CodeGeneratorController extends SupportBaseController { @Operation(summary = "查询数据库的表 @author yaozz") @PostMapping("/codeGenerator/table/queryTableList") @ResponseBody + @SaCheckPermission("support:codeGenerator:queryTableList") public ResponseDTO> queryTableList(@RequestBody @Valid TableQueryForm tableQueryForm) { return ResponseDTO.ok(codeGeneratorService.queryTableList(tableQueryForm)); } @@ -58,6 +60,7 @@ public class CodeGeneratorController extends SupportBaseController { @Operation(summary = "获取表的配置信息 @author yaozz") @GetMapping("/codeGenerator/table/getConfig/{table}") @ResponseBody + @SaCheckPermission("support:codeGenerator:getConfig") public ResponseDTO getTableConfig(@PathVariable String table) { return ResponseDTO.ok(codeGeneratorService.getTableConfig(table)); } @@ -65,6 +68,7 @@ public class CodeGeneratorController extends SupportBaseController { @Operation(summary = "更新配置信息 @author yaozz") @PostMapping("/codeGenerator/table/updateConfig") @ResponseBody + @SaCheckPermission("support:codeGenerator:updateConfig") public ResponseDTO updateConfig(@RequestBody @Valid CodeGeneratorConfigForm form) { return codeGeneratorService.updateConfig(form); } @@ -74,12 +78,14 @@ public class CodeGeneratorController extends SupportBaseController { @Operation(summary = "代码预览 @author yaozz") @PostMapping("/codeGenerator/code/preview") @ResponseBody + @SaCheckPermission("support:codeGenerator:preview") public ResponseDTO preview(@RequestBody @Valid CodeGeneratorPreviewForm form) { return codeGeneratorService.preview(form); } @Operation(summary = "代码下载 @author yaozz") @GetMapping(value = "/codeGenerator/code/download/{tableName}", produces = "application/octet-stream") + @SaCheckPermission("support:codeGenerator:download") public void download(@PathVariable String tableName, HttpServletResponse response) throws IOException { ResponseDTO download = codeGeneratorService.download(tableName); diff --git a/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/file/controller/FileController.java b/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/file/controller/FileController.java index 6dfcbf0..309f52a 100644 --- a/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/file/controller/FileController.java +++ b/nc_wms_java/sa-base/src/main/java/net/lab1024/sa/base/module/support/file/controller/FileController.java @@ -1,5 +1,6 @@ package net.lab1024.sa.base.module.support.file.controller; +import cn.dev33.satoken.annotation.SaCheckPermission; import cn.hutool.extra.servlet.JakartaServletUtil; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; @@ -40,6 +41,7 @@ public class FileController extends SupportBaseController { @Operation(summary = "文件上传 @author 胡克") @PostMapping("/file/upload") + @SaCheckPermission("support:file:upload") public ResponseDTO upload(@RequestParam MultipartFile file, @RequestParam Integer folder) { RequestUser requestUser = SmartRequestUtil.getRequestUser(); return fileService.fileUpload(file, folder, requestUser); @@ -47,12 +49,14 @@ public class FileController extends SupportBaseController { @Operation(summary = "获取文件URL:根据fileKey @author 胡克") @GetMapping("/file/getFileUrl") + @SaCheckPermission("support:file:getFileUrl") public ResponseDTO getUrl(@RequestParam String fileKey) { return fileService.getFileUrl(fileKey); } @Operation(summary = "下载文件流(根据fileKey) @author 胡克") @GetMapping("/file/downLoad") + @SaCheckPermission("support:file:download") public void downLoad(@RequestParam String fileKey, HttpServletRequest request, HttpServletResponse response) throws IOException { String userAgent = JakartaServletUtil.getHeaderIgnoreCase(request, RequestHeaderConst.USER_AGENT); ResponseDTO downloadFileResult = fileService.getDownloadFile(fileKey, userAgent); diff --git a/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml b/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml index f74f9e6..a63922e 100644 --- a/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml +++ b/nc_wms_java/sa-base/src/main/resources/dev/sa-base.yaml @@ -23,12 +23,10 @@ spring: # redis 连接池配置信息 data: redis: - sentinel: - master: mymaster - nodes: 47.117.45.79:26379,8.133.200.233:26379,123.60.65.29:26379 - password: 123456 # Sentinel 密码 - password: 123456 # Redis 主从节点密码 database: 1 + host: 127.0.0.1 + port: 6379 + password: timeout: 10000ms lettuce: pool: @@ -84,8 +82,8 @@ file: storage: mode: local local: - upload-path: /home/ncwms/upload/ #文件上传目录 - url-prefix: + upload-path: /home/wms/java/upload/ #文件上传目录 + url-prefix: https://youchain5688.xyz:8000/upload/ cloud: region: oss-cn-hangzhou endpoint: oss-cn-hangzhou.aliyuncs.com @@ -156,7 +154,9 @@ sa-token: # 启动时的字符画打印 is-print: false # 是否从cookie读取token - is-read-cookie: false + is-read-cookie: true + # 是否从Header读取token + is-read-header: true # SmartJob 定时任务配置(不需要可以直接删除以下配置,详细文档请看:https://www.xxxxxx.com) smart: diff --git a/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml b/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml index 71384ca..04f883f 100644 --- a/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml +++ b/nc_wms_java/sa-base/src/main/resources/prod/sa-base.yaml @@ -1,9 +1,9 @@ spring: # 数据库连接信息 datasource: - url: jdbc:p6spy:mysql://47.103.100.52:53306/nc_wms?autoReconnect=true&useServerPreparedStmts=false&rewriteBatchedStatements=true&characterEncoding=UTF-8&useSSL=false&allowMultiQueries=true&serverTimezone=Asia/Shanghai&useCursorFetch=true - username: root - password: Youchain@56 + url: jdbc:p6spy:mysql://10.1.114.14:3306/wmsqas?autoReconnect=true&useServerPreparedStmts=false&rewriteBatchedStatements=true&characterEncoding=UTF-8&useSSL=false&allowMultiQueries=true&serverTimezone=Asia/Shanghai&useCursorFetch=true + username: ncwmsdbadm + password: WmsDB@25#DQxi driver-class-name: com.p6spy.engine.spy.P6SpyDriver initial-size: 10 min-idle: 10 @@ -25,7 +25,7 @@ spring: redis: sentinel: master: mymaster - nodes: 47.117.45.79:26379,8.133.200.233:26379,123.60.65.29:26379 + nodes: 10.1.119.78:26379,10.1.119.79:26379,10.1.119.80:26379 password: 123456 # Sentinel 密码 password: 123456 # Redis 主从节点密码 database: 1 @@ -84,8 +84,8 @@ file: storage: mode: local local: - upload-path: /home/nc_wms/upload/ #文件上传目录 - url-prefix: http://123.60.65.29:8000/upload/ + upload-path: /home/wms/upload/ #文件上传目录 + url-prefix: https://ncwmshaqas.amecnsh.com:8000/upload/ cloud: region: oss-cn-hangzhou endpoint: oss-cn-hangzhou.aliyuncs.com