Browse Source

fix:“优化部分接口,修复安全漏洞"

soobin 8 months ago
parent
commit
7208db255a

+ 3 - 1
src/main/java/com/szwl/aspect/MyWebMvcConfigurer.java

@@ -69,7 +69,9 @@ public class MyWebMvcConfigurer extends WebMvcConfigurationSupport {
         for (String path : new String[]{
                 "/tAdmin/getAdminList", "/tAdmin/getRelation",
                 "/tJoinpayMch/getOne",
-                "/tEquipment/findList"
+                "/tEquipment/findList",
+                "/v2/api-docs","/tAdmin/getAdminOne/**","/tAdmin/getAdminVo",
+                "/tAdmin/getAdminByUsername","/tAdmin/getIdIfForeign", "/tAdmin/pageAdmin2"
         }) {
             registry.addInterceptor(headTokenInterceptor)
                     .addPathPatterns(path);

+ 6 - 3
src/main/java/com/szwl/controller/TEquipmentController.java

@@ -374,9 +374,12 @@ public class TEquipmentController {
     @GetMapping("/findEquipmentByClientId")
     public ResponseModel<TEquipment> findEquipmentByClientId(@RequestParam String clientId) {
         LambdaQueryWrapper<TEquipment> query = Wrappers.lambdaQuery();
-//        query.like(TEquipment::getClientId, clientId);
-        // 使用 SQL函数RIGHT来匹配后六位相同
-        query.apply("RIGHT(client_id, 6) = {0}", clientId);
+        if (clientId.length() == 6) {
+            // 使用 SQL函数RIGHT来匹配后六位相同
+            query.apply("RIGHT(client_id, 6) = {0}", clientId);
+        } else {
+            query.like(TEquipment::getClientId, clientId);
+        }
         TEquipment equipment = tEquipmentService.getOnly(query);
         return R.ok(equipment);
     }

File diff suppressed because it is too large
+ 0 - 3110
src/main/java/com/szwl/model/entity/TEquipmentExample.java


+ 0 - 2
src/main/java/com/szwl/service/es/EsTEquipmentService.java

@@ -8,9 +8,7 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.szwl.model.bean.ChartBean;
 import com.szwl.model.bean.ChartColumn;
-import com.szwl.model.entity.TAdmin;
 import com.szwl.model.entity.TEquipment;
-import com.szwl.model.entity.TEquipmentExample;
 import com.szwl.model.query.StatisticsParam;
 import com.szwl.model.query.TCoinOrderParam;
 import com.szwl.model.query.TEquipmentParam;

+ 24 - 0
src/main/java/com/szwl/util/TimezoneFmtUtil.java

@@ -1,8 +1,12 @@
 package com.szwl.util;
 
+import cn.hutool.core.util.RandomUtil;
+
+import java.security.SecureRandom;
 import java.time.ZoneId;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeFormatter;
+import java.util.Base64;
 
 public class TimezoneFmtUtil {
 
@@ -13,6 +17,12 @@ public class TimezoneFmtUtil {
 
 //        String nowDateUTC = getNowDateUTC();
 //        System.out.println("nowDateUTC >>> " + nowDateUTC);
+
+        // 生成一个24字节长度的随机密钥
+        String key = generateKey(24);
+
+        // 输出生成的密钥
+        System.out.println("Generated Key: " + key);
     }
 
 
@@ -33,6 +43,20 @@ public class TimezoneFmtUtil {
         return formatted;
     }
 
+    public static String generateKey(int length) {
+        // 创建一个安全的随机数生成器
+        SecureRandom secureRandom = new SecureRandom();
+
+        // 创建一个字节数组,长度为指定的字节数
+        byte[] randomBytes = new byte[length];
+
+        // 填充随机字节
+        secureRandom.nextBytes(randomBytes);
+
+        // 将字节数组编码为Base64字符串
+        return Base64.getEncoder().encodeToString(randomBytes);
+    }
+
 
     /**
      * 获取中国时区的UTC格式