From b618aac0d23aeb8ac74727d3c981f9e126acc78a Mon Sep 17 00:00:00 2001 From: solo-hx <6gEemAZ> Date: Thu, 5 Sep 2019 14:01:53 +0800 Subject: [PATCH] =?UTF-8?q?=E5=9F=BA=E7=A1=80=E5=B7=A5=E5=85=B7=E7=B1=BB?= =?UTF-8?q?=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../utils/checkImgPath/CheckImgPath.java | 133 +++++++++++ .../common/utils/file/UploadFileUtil.java | 24 +- .../ruoyi/common/utils/http/HttpUtils.java | 27 +-- .../com/ruoyi/common/utils/tree/Ztree.java | 216 ++++++++++++++++++ .../ruoyi/common/utils/tree/ZtreeUtil.java | 60 +++++ .../common/utils/validate/ValidateUtil.java | 37 +++ 6 files changed, 475 insertions(+), 22 deletions(-) create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/checkImgPath/CheckImgPath.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/Ztree.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/ZtreeUtil.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/validate/ValidateUtil.java diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/checkImgPath/CheckImgPath.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/checkImgPath/CheckImgPath.java new file mode 100644 index 000000000..4dcf3f4cf --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/checkImgPath/CheckImgPath.java @@ -0,0 +1,133 @@ +package com.ruoyi.common.utils.checkImgPath; + +import javax.imageio.ImageIO; +import javax.imageio.stream.ImageInputStream; +import java.awt.image.BufferedImage; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Iterator; + +/** + * @author solo + * @date 2019/09/05 + */ +public class CheckImgPath { + public static void main(String[] args) { + String imgPath="/public/image/111.PNG1"; + String format="/public/image"; + System.out.println("结果:"+checkImgPath(imgPath,format)); + } + + /** + * + * @param imgPath 上传图片路径 + * @param format 格式 + * @return + */ + public static boolean checkImgPath(String imgPath,String format){ + int length = format.length(); + String checkImg = imgPath.substring(0,length); + //验证开头 + if (!format.equals(checkImg)){ + return false; + } + //验证后缀 + if( + !(imgPath.endsWith(".jpg") || + imgPath.endsWith(".JPG") || + imgPath.endsWith(".png") || + imgPath.endsWith(".PNG") || + imgPath.endsWith(".gif") || + imgPath.endsWith(".GIF")) + ){ + return false; + } + return true; + } + + /** + * 判断是否是真图片 + * @param file + * @return + */ + public static boolean isImageFile(File file) { + ImageInputStream iis = null; + try { + iis = ImageIO.createImageInputStream(file); // resFile为需被 + Iterator iter = ImageIO.getImageReaders(iis); + if (!iter.hasNext()) {// 文件不是图片 + return false; + } + BufferedImage bi = ImageIO.read(file); + if(bi == null){ + return false; + } + return true; + } catch (IOException e) { + return false; + }finally { + try { + if (iis!=null){ + iis.close(); + } + } catch (IOException e) { + + } + } + } + + public static boolean isICON(File file) { + FileInputStream iis = null; + try { + iis = new FileInputStream(file); + byte[] bufHeaders = readInputStreamAt(iis,0,8); + byte[] markBuf = {0, 0, 1, 0, 1, 0, 32, 32}; + return compare(bufHeaders, markBuf); + } catch (IOException e) { + return false; + }finally { + try { + if (iis!=null){ + iis.close(); + } + } catch (IOException e) { + + } + } + } + + + /** + * 标示一致性比较 + * @param buf 待检测标示 + * @param markBuf 标识符字节数组 + * @return 返回false标示标示不匹配 + */ + private static boolean compare(byte[] buf, byte[] markBuf) { + for (int i = 0; i < markBuf.length; i++) { + byte b = markBuf[i]; + byte a = buf[i]; + + if(a!=b){ + return false; + } + } + return true; + } + /** + * + * @param fis 输入流对象 + * @param skiplength 跳过位置长度 + * @param length 要读取的长度 + * @return 字节数组 + * @throws IOException + */ + private static byte[] readInputStreamAt(FileInputStream fis, long skiplength, int length) throws IOException + { + byte[] buf = new byte[length]; + fis.skip(skiplength); // + int read = fis.read(buf,0,length); + return buf; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/UploadFileUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/UploadFileUtil.java index 7eeb759be..347a83572 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/UploadFileUtil.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/UploadFileUtil.java @@ -1,6 +1,8 @@ package com.ruoyi.common.utils.file; import com.ruoyi.common.utils.DateUtils; +import com.ruoyi.common.utils.checkImgPath.CheckImgPath; +import org.apache.commons.io.FileUtils; import org.springframework.web.multipart.MultipartFile; import java.io.BufferedOutputStream; @@ -103,14 +105,27 @@ public class UploadFileUtil { String relativePath = getRelativePath(rootPath); // 文件存储路径 String fullPath = rootPath + relativePath + fileName; - try ( - FileOutputStream fileOutputStream = new FileOutputStream(new File(fullPath)); - BufferedOutputStream out = new BufferedOutputStream(fileOutputStream); - ) { + BufferedOutputStream out=null; + File targetFile = new File(fullPath); + try{ + FileOutputStream fileOutputStream = new FileOutputStream(targetFile); + out = new BufferedOutputStream(fileOutputStream); out.write(fileBytes); out.flush(); } catch (IOException e) { return null; + }finally { + try { + if (out != null) { + out.close(); + } + } catch (IOException e) { + e.printStackTrace(); + } + } + if (!CheckImgPath.isImageFile(targetFile)&&!CheckImgPath.isICON(targetFile)){ + FileUtils.deleteQuietly(targetFile); + return null; } // 访问的url String fileUrl = urlPrefix + relativePath + fileName; @@ -118,6 +133,7 @@ public class UploadFileUtil { return fileUrl.replaceAll(BACKSLASH_REGEX, SLASH); } + /** * 获取文件名称 */ diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/http/HttpUtils.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/http/HttpUtils.java index 2669db156..655355ebf 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/http/HttpUtils.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/http/HttpUtils.java @@ -1,25 +1,20 @@ package com.ruoyi.common.utils.http; +import org.apache.commons.lang3.StringUtils; +import org.apache.poi.hssf.usermodel.HSSFWorkbook; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.net.ssl.*; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import java.io.*; import java.net.ConnectException; import java.net.SocketTimeoutException; import java.net.URL; import java.net.URLConnection; import java.security.cert.X509Certificate; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang3.StringUtils; -import org.apache.poi.hssf.usermodel.HSSFWorkbook; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * 通用http发送方法 @@ -316,10 +311,6 @@ public class HttpUtils String xreq = request.getHeader("X-Requested-With"); // 判断referer是不是为空 if (StringUtils.isNotEmpty(referer)) { - //线上入金通知接口不做拦截判断,特殊处理 - if (reqUrl.indexOf("/notice/inMoneySuccessNotice") > 0) { - return false; - } // referer不为空,判断referer和当前请求是否同站点 if (!referer.startsWith(url, 8) && !referer.startsWith(url, 7)) { // 不同站点--跨站请求 diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/Ztree.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/Ztree.java new file mode 100644 index 000000000..60948e05f --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/Ztree.java @@ -0,0 +1,216 @@ +package com.ruoyi.common.utils.tree; + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.ruoyi.common.base.BaseBean; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +/** + * tree结构 + * + * @author solo + * @date 2019/09/05. + */ +public class Ztree extends BaseBean { + private String id; + private String text; + private String state; + private boolean isParent; + private boolean checked;; + private int locked; + private List children; + private String iconCls; + private String pid; + private Map attributes = new HashMap(); + private String comment; + private String link; + private String url; + private String target; + private Integer types; + private String code; + private String path; + private Date createtime; + private Date updatetime; + private String object_class; + private String title; + private String name; + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + public String getText() { + return text; + } + + public void setText(String text) { + this.text = text; + } + + public String getState() { + return state; + } + + public void setState(String state) { + this.state = state; + } + + @JsonProperty(value = "isParent") + public boolean getIsParent() { + return isParent; + } + + public void setIsParent(boolean isParent) { + this.isParent = isParent; + } + + public boolean isChecked() { + return checked; + } + + public void setChecked(boolean checked) { + this.checked = checked; + } + + public int getLocked() { + return locked; + } + + public void setLocked(int locked) { + this.locked = locked; + } + + public List getChildren() { + return children; + } + + public void setChildren(List children) { + this.children = children; + } + + public String getIconCls() { + return iconCls; + } + + public void setIconCls(String iconCls) { + this.iconCls = iconCls; + } + + public String getPid() { + return pid; + } + + public void setPid(String pid) { + this.pid = pid; + } + + public Map getAttributes() { + return attributes; + } + + public void setAttributes(Map attributes) { + this.attributes = attributes; + } + + public String getComment() { + return comment; + } + + public void setComment(String comment) { + this.comment = comment; + } + + public String getLink() { + return link; + } + + public void setLink(String link) { + this.link = link; + } + + public String getUrl() { + return url; + } + + public void setUrl(String url) { + this.url = url; + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public Integer getTypes() { + return types; + } + + public void setTypes(Integer types) { + this.types = types; + } + + public String getCode() { + return code; + } + + public void setCode(String code) { + this.code = code; + } + + public String getPath() { + return path; + } + + public void setPath(String path) { + this.path = path; + } + + public Date getCreatetime() { + return createtime; + } + + public void setCreatetime(Date createtime) { + this.createtime = createtime; + } + + public Date getUpdatetime() { + return updatetime; + } + + public void setUpdatetime(Date updatetime) { + this.updatetime = updatetime; + } + + public String getObject_class() { + return object_class; + } + + public void setObject_class(String object_class) { + this.object_class = object_class; + } + + public String getTitle() { + return title; + } + + public void setTitle(String title) { + this.title = title; + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/ZtreeUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/ZtreeUtil.java new file mode 100644 index 000000000..28963bff7 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/tree/ZtreeUtil.java @@ -0,0 +1,60 @@ +package com.ruoyi.common.utils.tree; + + +import org.apache.commons.lang3.StringUtils; + +import java.util.ArrayList; +import java.util.List; + +/** + * tree结构工具类 + * + * @author solo + * @date 2010/09/05. + */ +public class ZtreeUtil { + + public static List ztreeList(List list,String pid) { + List returnList = new ArrayList(); + for (Ztree t : list) { + if (StringUtils.equals(t.getPid(), pid)) { + recursionFn(list, t); + returnList.add(t); + } + } + return returnList; + } + + private static void recursionFn(List list, Ztree t) { + List childList = getChildList(list, t);// 得到子节点列表 + t.setChildren(childList); + t.setState("open"); + t.setIsParent(false); + for (Ztree tChild : childList) { + t.setState("closed"); + t.setIsParent(true); + if (hasChild(list, tChild)) {// 判断是否有子节点 + for (Ztree n : childList) { + recursionFn(list, n); + } + } + } + } + + + // 得到子节点列表 + private static List getChildList(List list, Ztree t) { + List tlist = new ArrayList(); + for (Ztree n : list) { + if (StringUtils.equals(n.getPid(), t.getId())) { + tlist.add(n); + } + } + return tlist; + } + + // 判断是否有子节点 + private static boolean hasChild(List list, Ztree t) { + return getChildList(list, t).size() > 0; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/validate/ValidateUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/validate/ValidateUtil.java new file mode 100644 index 000000000..13ca0f4fb --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/validate/ValidateUtil.java @@ -0,0 +1,37 @@ +package com.ruoyi.common.utils.validate; + + +import javax.validation.ConstraintViolation; +import javax.validation.Validation; +import javax.validation.Validator; +import javax.validation.ValidatorFactory; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +/** + * Bean验证 + * + * @author solo + * @date 2019/09/05. + */ +public class ValidateUtil { + /** + * 验证参数是否合法(JSR303标准,参考地址:https://www.ibm.com/developerworks/cn/java/j-lo-jsr303/) + * + * @param obj 校验对象 + * @return 返回所有验证未通过的消息 + */ + public static List validate(Object obj) { + ValidatorFactory factory = Validation.buildDefaultValidatorFactory(); + Validator validator = factory.getValidator(); + Set> violationSet = validator.validate(obj); + List list = new ArrayList<>(); + if (violationSet.size() > 0) { + for (ConstraintViolation violation : violationSet) { + list.add(violation.getMessage()); + } + } + return list; + } +}