Merge branch 'mdc_hyjs_master'

zhangherong

2025-06-25 23855599412c4d61b38d78f0f3abd3430a48b5b1

 lxzn-module-system/lxzn-system-biz/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java

¶Ô±ÈÐÂÎļþ
@@ -0,0 +1,88 @@
package org.jeecg.modules.system.controller;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.modules.system.mapper.SysDictMapper;
import org.jeecg.modules.system.model.DuplicateCheckVo;
import org.jeecg.modules.system.security.DictQueryBlackListHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;

/**
 * @Title: DuplicateCheckAction
 * @Description: é‡å¤æ ¡éªŒå·¥å…·
 * @Author å¼ ä»£æµ©
 * @Date 2019-03-25
 * @Version V1.0
 */
@Slf4j
@RestController
@RequestMapping("/sys/duplicate")
@Api(tags="重复校验")
public class DuplicateCheckController {

   @Resource
   private SysDictMapper sysDictMapper;

   @Autowired
   DictQueryBlackListHandler dictQueryBlackListHandler;

   /**
    * æ ¡éªŒæ•°æ®æ˜¯å¦åœ¨ç³»ç»Ÿä¸­æ˜¯å¦å­˜åœ¨
    * 
    * @return
    */
   @RequestMapping(value = "/check", method = RequestMethod.GET)
   @ApiOperation("重复校验接口")
   public Result<String> doDuplicateCheck(DuplicateCheckVo duplicateCheckVo, HttpServletRequest request) {
      Long num = null;

      log.info("----duplicate check------："+ duplicateCheckVo.toString());
      //关联表字典（举例：sys_user,realname,id）
      //SQL注入校验（只限制非法串改数据库）
      final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
      SqlInjectionUtil.filterContent(sqlInjCheck);
      // update-begin-author:taoyan date:20211227 for: JTC-25 ã€online报表】oracle æ“ä½œé—®é¢˜ å½•å…¥å¼¹æ¡†å•¥éƒ½ä¸å¡«ç›´æŽ¥ä¿å­˜ â‘ ç¼–码不是应该提示必填么？②报错也应该是具体文字提示，不是后台错误日志
      if(StringUtils.isEmpty(duplicateCheckVo.getFieldVal())){
         Result rs = new Result();
         rs.setCode(500);
         rs.setSuccess(true);
         rs.setMessage("数据为空,不作处理！");
         return rs;
      }
      //update-begin-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
      String checkSql = duplicateCheckVo.getTableName() + SymbolConstant.COMMA + duplicateCheckVo.getFieldName() + SymbolConstant.COMMA;
      if(!dictQueryBlackListHandler.isPass(checkSql)){
         return Result.error(dictQueryBlackListHandler.getError());
      }
      //update-end-author:taoyan date:20220329 for: VUEN-223【安全漏洞】当前被攻击的接口
      // update-end-author:taoyan date:20211227 for: JTC-25 ã€online报表】oracle æ“ä½œé—®é¢˜ å½•å…¥å¼¹æ¡†å•¥éƒ½ä¸å¡«ç›´æŽ¥ä¿å­˜ â‘ ç¼–码不是应该提示必填么？②报错也应该是具体文字提示，不是后台错误日志
      if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
         // [2].编辑页面校验
         num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
      } else {
         // [1].添加页面校验
         num = sysDictMapper.duplicateCheckCountSqlNoDataId(duplicateCheckVo);
      }

      if (num == null || num == 0) {
         // è¯¥å€¼å¯ç”¨
         return Result.ok("该值可用！");
      } else {
         // è¯¥å€¼ä¸å¯ç”¨
         log.info("该值不可用，系统中已存在！");
         return Result.error("该值不可用，系统中已存在！");
      }
   }
}