package org.jeecg.modules.api.controller; import com.alibaba.fastjson.JSONObject; import lombok.extern.slf4j.Slf4j; import org.apache.tomcat.util.http.fileupload.IOUtils; import org.jeecg.common.api.dto.DataLogDTO; import org.jeecg.common.api.dto.OnlineAuthDTO; import org.jeecg.common.api.dto.message.*; import org.jeecg.common.api.vo.Result; import org.jeecg.common.system.vo.*; import org.jeecg.common.util.SqlInjectionUtil; import org.jeecg.modules.system.entity.MdcPassLog; import org.jeecg.modules.system.security.DictQueryBlackListHandler; import org.jeecg.modules.system.service.IMdcPassLogService; import org.jeecg.modules.system.service.ISysUserService; import org.jeecg.modules.system.service.impl.SysBaseApiImpl; import org.jeecg.modules.system.util.JwTUtil; import org.jeecg.modules.system.util.SM3Util; import org.jeecg.modules.system.vo.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.web.bind.annotation.*; import javax.annotation.Resource; import javax.servlet.ServletInputStream; import javax.servlet.http.HttpServletRequest; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.util.List; import java.util.Map; import java.util.Set; /** * 服务化 system模块 对外接口请求类 * * @author: jeecg-boot */ @Slf4j @RestController @RequestMapping("/sys/api") public class SystemApiController { @Value("${fileService.username}") private String username; @Value("${fileService.pwd}") private String pwd; @Autowired private SysBaseApiImpl sysBaseApi; @Autowired private ISysUserService sysUserService; @Autowired private DictQueryBlackListHandler dictQueryBlackListHandler; @Resource private IMdcPassLogService mdcPassLogService; /** * 发送系统消息 * * @param message 使用构造器赋值参数 如果不设置category(消息类型)则默认为2 发送系统消息 */ @PostMapping("/sendSysAnnouncement") public void sendSysAnnouncement(@RequestBody MessageDTO message) { sysBaseApi.sendSysAnnouncement(message); } /** * 发送消息 附带业务参数 * * @param message 使用构造器赋值参数 */ @PostMapping("/sendBusAnnouncement") public void sendBusAnnouncement(@RequestBody BusMessageDTO message) { sysBaseApi.sendBusAnnouncement(message); } /** * 通过模板发送消息 * * @param message 使用构造器赋值参数 */ @PostMapping("/sendTemplateAnnouncement") public void sendTemplateAnnouncement(@RequestBody TemplateMessageDTO message) { sysBaseApi.sendTemplateAnnouncement(message); } /** * 通过模板发送消息 附带业务参数 * * @param message 使用构造器赋值参数 */ @PostMapping("/sendBusTemplateAnnouncement") public void sendBusTemplateAnnouncement(@RequestBody BusTemplateMessageDTO message) { sysBaseApi.sendBusTemplateAnnouncement(message); } /** * 通过消息中心模板,生成推送内容 * * @param templateDTO 使用构造器赋值参数 * @return */ @PostMapping("/parseTemplateByCode") public String parseTemplateByCode(@RequestBody TemplateDTO templateDTO) { return sysBaseApi.parseTemplateByCode(templateDTO); } /** * 根据业务类型busType及业务busId修改消息已读 */ @GetMapping("/updateSysAnnounReadFlag") public void updateSysAnnounReadFlag(@RequestParam("busType") String busType, @RequestParam("busId") String busId) { sysBaseApi.updateSysAnnounReadFlag(busType, busId); } /** * 根据用户账号查询用户信息 * * @param username * @return */ @GetMapping("/getUserByName") public LoginUser getUserByName(@RequestParam("username") String username) { return sysBaseApi.getUserByName(username); } /** * 根据用户id查询用户信息 * * @param id * @return */ @GetMapping("/getUserById") LoginUser getUserById(@RequestParam("id") String id) { return sysBaseApi.getUserById(id); } /** * 通过用户账号查询角色集合 * * @param username * @return */ @GetMapping("/getRolesByUsername") List getRolesByUsername(@RequestParam("username") String username) { return sysBaseApi.getRolesByUsername(username); } /** * 通过用户账号查询部门集合 * * @param username * @return 部门 id */ @GetMapping("/getDepartIdsByUsername") List getDepartIdsByUsername(@RequestParam("username") String username) { return sysBaseApi.getDepartIdsByUsername(username); } /** * 通过用户账号查询部门 name * * @param username * @return 部门 name */ @GetMapping("/getDepartNamesByUsername") List getDepartNamesByUsername(@RequestParam("username") String username) { return sysBaseApi.getDepartNamesByUsername(username); } /** * 获取数据字典 * * @param code * @return */ @GetMapping("/queryDictItemsByCode") List queryDictItemsByCode(@RequestParam("code") String code) { return sysBaseApi.queryDictItemsByCode(code); } /** * 获取有效的数据字典 * * @param code * @return */ @GetMapping("/queryEnableDictItemsByCode") List queryEnableDictItemsByCode(@RequestParam("code") String code) { return sysBaseApi.queryEnableDictItemsByCode(code); } /** * 查询所有的父级字典,按照create_time排序 */ @GetMapping("/queryAllDict") List queryAllDict() { // try{ // //睡10秒,gateway网关5秒超时,会触发熔断降级操作 // Thread.sleep(10000); // }catch (Exception e){ // e.printStackTrace(); // } log.info("--我是jeecg-system服务节点,微服务接口queryAllDict被调用--"); return sysBaseApi.queryAllDict(); } /** * 查询所有分类字典 * * @return */ @GetMapping("/queryAllSysCategory") List queryAllSysCategory() { return sysBaseApi.queryAllSysCategory(); } /** * 查询所有部门 作为字典信息 id -->value,departName -->text * * @return */ @GetMapping("/queryAllDepartBackDictModel") List queryAllDepartBackDictModel() { return sysBaseApi.queryAllDepartBackDictModel(); } /** * 获取所有角色 带参 * roleIds 默认选中角色 * * @return */ @GetMapping("/queryAllRole") public List queryAllRole(@RequestParam(name = "roleIds", required = false) String[] roleIds) { if (roleIds == null || roleIds.length == 0) { return sysBaseApi.queryAllRole(); } else { return sysBaseApi.queryAllRole(roleIds); } } /** * 通过用户账号查询角色Id集合 * * @param username * @return */ @GetMapping("/getRoleIdsByUsername") public List getRoleIdsByUsername(@RequestParam("username") String username) { return sysBaseApi.getRoleIdsByUsername(username); } /** * 通过部门编号查询部门id * * @param orgCode * @return */ @GetMapping("/getDepartIdsByOrgCode") public String getDepartIdsByOrgCode(@RequestParam("orgCode") String orgCode) { return sysBaseApi.getDepartIdsByOrgCode(orgCode); } /** * 查询所有部门 * * @return */ @GetMapping("/getAllSysDepart") public List getAllSysDepart() { return sysBaseApi.getAllSysDepart(); } /** * 根据 id 查询数据库中存储的 DynamicDataSourceModel * * @param dbSourceId * @return */ @GetMapping("/getDynamicDbSourceById") DynamicDataSourceModel getDynamicDbSourceById(@RequestParam("dbSourceId") String dbSourceId) { return sysBaseApi.getDynamicDbSourceById(dbSourceId); } /** * 根据部门Id获取部门负责人 * * @param deptId * @return */ @GetMapping("/getDeptHeadByDepId") public List getDeptHeadByDepId(@RequestParam("deptId") String deptId) { return sysBaseApi.getDeptHeadByDepId(deptId); } /** * 查找父级部门 * * @param departId * @return */ @GetMapping("/getParentDepartId") public DictModel getParentDepartId(@RequestParam("departId") String departId) { return sysBaseApi.getParentDepartId(departId); } /** * 根据 code 查询数据库中存储的 DynamicDataSourceModel * * @param dbSourceCode * @return */ @GetMapping("/getDynamicDbSourceByCode") public DynamicDataSourceModel getDynamicDbSourceByCode(@RequestParam("dbSourceCode") String dbSourceCode) { return sysBaseApi.getDynamicDbSourceByCode(dbSourceCode); } /** * 给指定用户发消息 * * @param userIds * @param cmd */ @GetMapping("/sendWebSocketMsg") public void sendWebSocketMsg(String[] userIds, String cmd) { sysBaseApi.sendWebSocketMsg(userIds, cmd); } /** * 根据id获取所有参与用户 * userIds * * @return */ @GetMapping("/queryAllUserByIds") public List queryAllUserByIds(@RequestParam("userIds") String[] userIds) { return sysBaseApi.queryAllUserByIds(userIds); } /** * 查询所有用户 返回ComboModel * * @return */ @GetMapping("/queryAllUserBackCombo") public List queryAllUserBackCombo() { return sysBaseApi.queryAllUserBackCombo(); } /** * 分页查询用户 返回JSONObject * * @return */ @GetMapping("/queryAllUser") public JSONObject queryAllUser(@RequestParam(name = "userIds", required = false) String userIds, @RequestParam(name = "pageNo", required = false) Integer pageNo, @RequestParam(name = "pageSize", required = false) int pageSize) { return sysBaseApi.queryAllUser(userIds, pageNo, pageSize); } /** * 将会议签到信息推动到预览 * userIds * * @param userId * @return */ @GetMapping("/meetingSignWebsocket") public void meetingSignWebsocket(@RequestParam("userId") String userId) { sysBaseApi.meetingSignWebsocket(userId); } /** * 根据name获取所有参与用户 * userNames * * @return */ @GetMapping("/queryUserByNames") public List queryUserByNames(@RequestParam("userNames") String[] userNames) { return sysBaseApi.queryUserByNames(userNames); } /** * 获取用户的角色集合 * * @param username * @return */ @GetMapping("/getUserRoleSet") public Set getUserRoleSet(@RequestParam("username") String username) { return sysBaseApi.getUserRoleSet(username); } /** * 获取用户的权限集合 * * @param username * @return */ @GetMapping("/getUserPermissionSet") public Set getUserPermissionSet(@RequestParam("username") String username) { return sysBaseApi.getUserPermissionSet(username); } //----- /** * 判断是否有online访问的权限 * * @param onlineAuthDTO * @return */ @PostMapping("/hasOnlineAuth") public boolean hasOnlineAuth(@RequestBody OnlineAuthDTO onlineAuthDTO) { return sysBaseApi.hasOnlineAuth(onlineAuthDTO); } /** * 查询用户角色信息 * * @param username * @return */ @GetMapping("/queryUserRoles") public Set queryUserRoles(@RequestParam("username") String username) { return sysUserService.getUserRolesSet(username); } /** * 查询用户权限信息 * * @param username * @return */ @GetMapping("/queryUserAuths") public Set queryUserAuths(@RequestParam("username") String username) { return sysUserService.getUserPermissionsSet(username); } /** * 通过部门id获取部门全部信息 */ @GetMapping("/selectAllById") public SysDepartModel selectAllById(@RequestParam("id") String id) { return sysBaseApi.selectAllById(id); } /** * 根据用户id查询用户所属公司下所有用户ids * * @param userId * @return */ @GetMapping("/queryDeptUsersByUserId") public List queryDeptUsersByUserId(@RequestParam("userId") String userId) { return sysBaseApi.queryDeptUsersByUserId(userId); } /** * 查询数据权限 * * @return */ @GetMapping("/queryPermissionDataRule") public List queryPermissionDataRule(@RequestParam("component") String component, @RequestParam("requestPath") String requestPath, @RequestParam("username") String username) { return sysBaseApi.queryPermissionDataRule(component, requestPath, username); } /** * 查询用户信息 * * @param username * @return */ @GetMapping("/getCacheUser") public SysUserCacheInfo getCacheUser(@RequestParam("username") String username) { return sysBaseApi.getCacheUser(username); } /** * 普通字典的翻译 * * @param code * @param key * @return */ @GetMapping("/translateDict") public String translateDict(@RequestParam("code") String code, @RequestParam("key") String key) { return sysBaseApi.translateDict(code, key); } /** * 36根据多个用户账号(逗号分隔),查询返回多个用户信息 * * @param usernames * @return */ @RequestMapping("/queryUsersByUsernames") List queryUsersByUsernames(@RequestParam("usernames") String usernames) { return this.sysBaseApi.queryUsersByUsernames(usernames); } /** * 37根据多个用户id(逗号分隔),查询返回多个用户信息 * * @param ids * @return */ @RequestMapping("/queryUsersByIds") List queryUsersByIds(@RequestParam("ids") String ids) { return this.sysBaseApi.queryUsersByIds(ids); } /** * 38根据多个部门编码(逗号分隔),查询返回多个部门信息 * * @param orgCodes * @return */ @GetMapping("/queryDepartsByOrgcodes") List queryDepartsByOrgcodes(@RequestParam("orgCodes") String orgCodes) { return this.sysBaseApi.queryDepartsByOrgcodes(orgCodes); } /** * 39根据多个部门ID(逗号分隔),查询返回多个部门信息 * * @param ids * @return */ @GetMapping("/queryDepartsByIds") List queryDepartsByIds(@RequestParam("ids") String ids) { return this.sysBaseApi.queryDepartsByIds(ids); } /** * 40发送邮件消息 * * @param email * @param title * @param content */ @GetMapping("/sendEmailMsg") public void sendEmailMsg(@RequestParam("email") String email, @RequestParam("title") String title, @RequestParam("content") String content) { this.sysBaseApi.sendEmailMsg(email, title, content); } ; /** * 41 获取公司下级部门和公司下所有用户信息 * * @param orgCode */ @GetMapping("/getDeptUserByOrgCode") List getDeptUserByOrgCode(@RequestParam("orgCode") String orgCode) { return this.sysBaseApi.getDeptUserByOrgCode(orgCode); } /** * 查询分类字典翻译 * * @param ids 分类字典表id * @return */ @GetMapping("/loadCategoryDictItem") public List loadCategoryDictItem(@RequestParam("ids") String ids) { return sysBaseApi.loadCategoryDictItem(ids); } /** * 根据字典code加载字典text * * @param dictCode 顺序:tableName,text,code * @param keys 要查询的key * @return */ @GetMapping("/loadDictItem") public List loadDictItem(@RequestParam("dictCode") String dictCode, @RequestParam("keys") String keys) { if (!dictQueryBlackListHandler.isPass(dictCode)) { log.error(dictQueryBlackListHandler.getError()); return null; } return sysBaseApi.loadDictItem(dictCode, keys); } /** * 根据字典code查询字典项 * * @param dictCode 顺序:tableName,text,code * @param dictCode 要查询的key * @return */ @GetMapping("/getDictItems") public List getDictItems(@RequestParam("dictCode") String dictCode) { if (!dictQueryBlackListHandler.isPass(dictCode)) { log.error(dictQueryBlackListHandler.getError()); return null; } return sysBaseApi.getDictItems(dictCode); } /** * 根据多个字典code查询多个字典项 * * @param dictCodeList * @return key = dictCode ; value=对应的字典项 */ @RequestMapping("/getManyDictItems") public Map> getManyDictItems(@RequestParam("dictCodeList") List dictCodeList) { return sysBaseApi.getManyDictItems(dictCodeList); } /** * 【下拉搜索】 * 大数据量的字典表 走异步加载,即前端输入内容过滤数据 * * @param dictCode 字典code格式:table,text,code * @param keyword 过滤关键字 * @return */ @GetMapping("/loadDictItemByKeyword") public List loadDictItemByKeyword(@RequestParam("dictCode") String dictCode, @RequestParam("keyword") String keyword, @RequestParam(value = "pageSize", required = false) Integer pageSize) { if (!dictQueryBlackListHandler.isPass(dictCode)) { log.error(dictQueryBlackListHandler.getError()); return null; } return sysBaseApi.loadDictItemByKeyword(dictCode, keyword, pageSize); } /** * 48 普通字典的翻译,根据多个dictCode和多条数据,多个以逗号分割 * * @param dictCodes * @param keys * @return */ @GetMapping("/translateManyDict") public Map> translateManyDict(@RequestParam("dictCodes") String dictCodes, @RequestParam("keys") String keys) { return this.sysBaseApi.translateManyDict(dictCodes, keys); } /** * 获取表数据字典 【接口签名验证】 * * @param table * @param text * @param code * @return */ @GetMapping("/queryTableDictItemsByCode") List queryTableDictItemsByCode(@RequestParam("table") String table, @RequestParam("text") String text, @RequestParam("code") String code) { String str = table + "," + text + "," + code; if (!dictQueryBlackListHandler.isPass(str)) { log.error(dictQueryBlackListHandler.getError()); return null; } return sysBaseApi.queryTableDictItemsByCode(table, text, code); } /** * 查询表字典 支持过滤数据 【接口签名验证】 * * @param table * @param text * @param code * @param filterSql * @return */ @GetMapping("/queryFilterTableDictInfo") List queryFilterTableDictInfo(@RequestParam("table") String table, @RequestParam("text") String text, @RequestParam("code") String code, @RequestParam("filterSql") String filterSql) { String str = table + "," + text + "," + code; if (!dictQueryBlackListHandler.isPass(str)) { log.error(dictQueryBlackListHandler.getError()); return null; } String[] arr = new String[]{table, text, code}; SqlInjectionUtil.filterContent(arr); SqlInjectionUtil.specialFilterContentForDictSql(filterSql); return sysBaseApi.queryFilterTableDictInfo(table, text, code, filterSql); } /** * 【接口签名验证】 * 查询指定table的 text code 获取字典,包含text和value * * @param table * @param text * @param code * @param keyArray * @return */ @Deprecated @GetMapping("/queryTableDictByKeys") public List queryTableDictByKeys(@RequestParam("table") String table, @RequestParam("text") String text, @RequestParam("code") String code, @RequestParam("keyArray") String[] keyArray) { String str = table + "," + text + "," + code; if (!dictQueryBlackListHandler.isPass(str)) { log.error(dictQueryBlackListHandler.getError()); return null; } return sysBaseApi.queryTableDictByKeys(table, text, code, keyArray); } /** * 字典表的 翻译【接口签名验证】 * * @param table * @param text * @param code * @param key * @return */ @GetMapping("/translateDictFromTable") public String translateDictFromTable(@RequestParam("table") String table, @RequestParam("text") String text, @RequestParam("code") String code, @RequestParam("key") String key) { String str = table + "," + text + "," + code; if (!dictQueryBlackListHandler.isPass(str)) { log.error(dictQueryBlackListHandler.getError()); return null; } String[] arr = new String[]{table, text, code, key}; SqlInjectionUtil.filterContent(arr); return sysBaseApi.translateDictFromTable(table, text, code, key); } /** * 【接口签名验证】 * 49 字典表的 翻译,可批量 * * @param table * @param text * @param code * @param keys 多个用逗号分割 * @return */ @GetMapping("/translateDictFromTableByKeys") public List translateDictFromTableByKeys(@RequestParam("table") String table, @RequestParam("text") String text, @RequestParam("code") String code, @RequestParam("keys") String keys) { String str = table + "," + text + "," + code; if (!dictQueryBlackListHandler.isPass(str)) { log.error(dictQueryBlackListHandler.getError()); return null; } return this.sysBaseApi.translateDictFromTableByKeys(table, text, code, keys); } /** * 发送模板信息 * * @param message */ @PostMapping("/sendTemplateMessage") public void sendTemplateMessage(@RequestBody MessageDTO message) { sysBaseApi.sendTemplateMessage(message); } /** * 获取消息模板内容 * * @param code * @return */ @GetMapping("/getTemplateContent") public String getTemplateContent(@RequestParam("code") String code) { return this.sysBaseApi.getTemplateContent(code); } /** * 保存数据日志 * * @param dataLogDto */ @PostMapping("/saveDataLog") public void saveDataLog(@RequestBody DataLogDTO dataLogDto) { this.sysBaseApi.saveDataLog(dataLogDto); } @PostMapping("/addSysFiles") public void addSysFiles(@RequestBody SysFilesModel sysFilesModel) { this.sysBaseApi.addSysFiles(sysFilesModel); } @GetMapping("/getFileUrl") public String getFileUrl(@RequestParam(name = "fileId") String fileId) { return this.sysBaseApi.getFileUrl(fileId); } /** * 更新头像 * * @param loginUser * @return */ @PutMapping("/updateAvatar") public void updateAvatar(@RequestBody LoginUser loginUser) { this.sysBaseApi.updateAvatar(loginUser); } /** * 向app端 websocket推送聊天刷新消息 * * @param userId * @return */ @GetMapping("/sendAppChatSocket") public void sendAppChatSocket(@RequestParam(name = "userId") String userId) { this.sysBaseApi.sendAppChatSocket(userId); } /** * VUEN-2584【issue】平台sql注入漏洞几个问题 * 部分特殊函数 可以将查询结果混夹在错误信息中,导致数据库的信息暴露 * * @param e * @return */ @ExceptionHandler(java.sql.SQLException.class) public Result handleSQLException(Exception e) { String msg = e.getMessage(); String extractvalue = "extractvalue"; String updatexml = "updatexml"; if (msg != null && (msg.toLowerCase().indexOf(extractvalue) >= 0 || msg.toLowerCase().indexOf(updatexml) >= 0)) { return Result.error("校验失败,sql解析异常!"); } return Result.error("校验失败,sql解析异常!" + msg); } /** * 网闸认证 * * @param postParams * @return */ @PostMapping(value = "/appAuth") public TokenResp getToken(@RequestBody PostParams postParams) { //获取请求头中传入的appId和password String appId = postParams.getAppId(); String password = postParams.getPassword(); //用于校验的正确的appId和password(根据业务调整) //校验appId和paaword,由于测试用的明文密码,SM3Util.verify()先将铭文密码SM3加密后再与传入password对比 if (username.equals(appId)) { //校验通过,生成token签名 if (SM3Util.verify(pwd, password)) { String token = JwTUtil.sign(appId, pwd); return new TokenResp("200", "认证成功", token); } else { return new TokenResp("101", "密码错误", null); } } else { return new TokenResp("101", "账号错误", null); } } @PostMapping(value = "/fileUpload") public RespData uploadFiles(HttpServletRequest request) { log.info("上传接口调用开始"); FileDetail fileDetail = new FileDetail(); try { request.setCharacterEncoding("UTF-8"); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } //获取FileName if (request.getHeader("FileName") != null) { try { fileDetail.setFileName(URLDecoder.decode(request.getHeader("FileName"), "utf-8")); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } } //获取Content-Length if (request.getHeader("Content-Length") != null) { try { fileDetail.setContentLength(URLDecoder.decode(request.getHeader("Content-Length"), "utf-8")); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } } //获取文件流 ServletInputStream inputStream = null; try { inputStream = request.getInputStream(); } catch (IOException e) { e.printStackTrace(); } //操作文件流,上传文件 FileOutputStream fileOut = null; try { fileOut = new FileOutputStream(fileDetail.getFileName()); // 这里可以改路径 IOUtils.copy(inputStream, fileOut); fileOut.flush(); //不记录数据量 MdcPassLog mdcPassLog = new MdcPassLog(); File file = new File(fileDetail.getFileName()); String fileName = file.getName(); String sequenceOrder = fileName.substring(fileName.length() - 10, fileName.length() - 4); String dayTime = fileName.substring(fileName.length() - 18, fileName.length() - 10); mdcPassLog.setPassLogFileName(file.getAbsolutePath()); int sequenceNum = Integer.parseInt(sequenceOrder); mdcPassLog.setPassName(fileName); mdcPassLog.setDayTime(dayTime); mdcPassLog.setSequenceNumber(sequenceNum); mdcPassLog.setSequenceOrder(sequenceOrder); mdcPassLogService.save(mdcPassLog); } catch (Exception e) { e.printStackTrace(); } finally { try { if (inputStream != null) { inputStream.close(); } if (fileOut != null) { fileOut.close(); } } catch (IOException e) { e.printStackTrace(); } } log.info("上传接口调用结束"); return new RespData("200", "文件上传成功"); } }