forked from github/dataease
fix: 插件列表接口sql-inject
This commit is contained in:
fit2cloud-chenyw
parent
d4d6cc23a1
commit
4da7495f91
@ -3,7 +3,7 @@ package io.dataease.auth.aop;
|
||||
import cn.hutool.core.util.ArrayUtil;
|
||||
import io.dataease.auth.annotation.SqlInjectValidator;
|
||||
import io.dataease.commons.exception.DEException;
|
||||
import io.dataease.controller.sys.base.BaseGridRequest;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.aspectj.lang.ProceedingJoinPoint;
|
||||
@ -35,10 +35,10 @@ public class SqlInjectAop {
|
||||
if (args == null || args.length == 0) {
|
||||
return point.proceed();
|
||||
}
|
||||
BaseGridRequest request = null;
|
||||
KeywordRequest request = null;
|
||||
for (int i = 0; i < args.length; i++) {
|
||||
if (args[i] instanceof BaseGridRequest) {
|
||||
request = (BaseGridRequest) args[i];
|
||||
if (args[i] instanceof KeywordRequest) {
|
||||
request = (KeywordRequest) args[i];
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -8,6 +8,7 @@ import io.dataease.commons.utils.PageUtils;
|
||||
import io.dataease.commons.utils.Pager;
|
||||
import io.dataease.controller.sys.base.BaseGridRequest;
|
||||
import io.dataease.plugins.common.base.domain.MyPlugin;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import io.dataease.service.sys.PluginService;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
@ -33,7 +34,7 @@ public class SysPluginController {
|
||||
@PostMapping("/pluginGrid/{goPage}/{pageSize}")
|
||||
@RequiresPermissions("plugin:read")
|
||||
@SqlInjectValidator(value = {"install_time"})
|
||||
public Pager<List<MyPlugin>> pluginGrid(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody BaseGridRequest request) {
|
||||
public Pager<List<MyPlugin>> pluginGrid(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody KeywordRequest request) {
|
||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||
return PageUtils.setPageInfo(page, pluginService.query(request));
|
||||
}
|
||||
|
||||
@ -14,12 +14,13 @@ import io.dataease.commons.constants.ResourceAuthLevel;
|
||||
import io.dataease.commons.constants.SysLogConstants;
|
||||
import io.dataease.commons.exception.DEException;
|
||||
import io.dataease.commons.utils.AuthUtils;
|
||||
import io.dataease.commons.utils.BeanUtils;
|
||||
import io.dataease.commons.utils.PageUtils;
|
||||
import io.dataease.commons.utils.Pager;
|
||||
import io.dataease.controller.response.ExistLdapUser;
|
||||
import io.dataease.controller.sys.base.BaseGridRequest;
|
||||
import io.dataease.controller.sys.request.*;
|
||||
import io.dataease.controller.sys.request.SysUserCreateRequest;
|
||||
import io.dataease.controller.sys.request.SysUserPwdRequest;
|
||||
import io.dataease.controller.sys.request.SysUserStateRequest;
|
||||
import io.dataease.controller.sys.request.UserGridRequest;
|
||||
import io.dataease.controller.sys.response.AuthBindDTO;
|
||||
import io.dataease.controller.sys.response.RoleUserItem;
|
||||
import io.dataease.controller.sys.response.SysUserGridResponse;
|
||||
@ -28,6 +29,7 @@ import io.dataease.i18n.Translator;
|
||||
import io.dataease.plugins.common.base.domain.SysRole;
|
||||
import io.dataease.plugins.common.base.domain.SysUser;
|
||||
import io.dataease.plugins.common.base.domain.SysUserAssist;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import io.dataease.service.sys.SysRoleService;
|
||||
import io.dataease.service.sys.SysUserService;
|
||||
import io.swagger.annotations.Api;
|
||||
@ -230,12 +232,11 @@ public class SysUserController {
|
||||
@ApiImplicitParam(paramType = "path", name = "pageSize", value = "页容量", required = true, dataType = "Integer"),
|
||||
@ApiImplicitParam(name = "request", value = "查询条件", required = true)
|
||||
})
|
||||
@SqlInjectValidator({"create_time", "update_time"})
|
||||
public Pager<List<SysRole>> roleGrid(@PathVariable int goPage, @PathVariable int pageSize,
|
||||
@RequestBody BaseGridRequest request) {
|
||||
@SqlInjectValidator({"create_time"})
|
||||
public Pager<List<SysRole>> roleGrid(@PathVariable int goPage, @PathVariable int pageSize, @RequestBody KeywordRequest request) {
|
||||
|
||||
Page<Object> page = PageHelper.startPage(goPage, pageSize, true);
|
||||
Pager<List<SysRole>> listPager = PageUtils.setPageInfo(page, sysRoleService.query(request));
|
||||
return listPager;
|
||||
return PageUtils.setPageInfo(page, sysRoleService.query(request));
|
||||
}
|
||||
|
||||
@ApiOperation("已同步用户")
|
||||
|
||||
@ -1,11 +1,11 @@
|
||||
package io.dataease.ext;
|
||||
|
||||
import io.dataease.ext.query.GridExample;
|
||||
import io.dataease.plugins.common.base.domain.MyPlugin;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
public interface ExtSysPluginMapper {
|
||||
|
||||
List<MyPlugin> query(GridExample example);
|
||||
List<MyPlugin> query(KeywordRequest request);
|
||||
}
|
||||
|
||||
@ -3,18 +3,13 @@
|
||||
<mapper namespace="io.dataease.ext.ExtSysPluginMapper">
|
||||
|
||||
|
||||
<select id="query" parameterType="io.dataease.ext.query.GridExample" resultMap="io.dataease.plugins.common.base.mapper.MyPluginMapper.BaseResultMap">
|
||||
<select id="query" parameterType="io.dataease.plugins.common.request.KeywordRequest" resultMap="io.dataease.plugins.common.base.mapper.MyPluginMapper.BaseResultMap">
|
||||
select *
|
||||
from my_plugin
|
||||
<if test="_parameter != null">
|
||||
<include refid="io.dataease.ext.query.GridSql.gridCondition" />
|
||||
</if>
|
||||
<if test="orderByClause != null">
|
||||
order by ${orderByClause}
|
||||
</if>
|
||||
<if test="orderByClause == null">
|
||||
order by install_time desc
|
||||
<if test="keyword != null">
|
||||
where name like concat('%', #{keyword} , '%')
|
||||
</if>
|
||||
order by install_time desc
|
||||
|
||||
</select>
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
package io.dataease.ext;
|
||||
|
||||
import io.dataease.ext.query.GridExample;
|
||||
import io.dataease.controller.sys.response.RoleUserItem;
|
||||
import io.dataease.plugins.common.base.domain.SysRole;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import org.apache.ibatis.annotations.Param;
|
||||
|
||||
import java.util.List;
|
||||
@ -12,7 +12,7 @@ import java.util.Map;
|
||||
public interface ExtSysRoleMapper {
|
||||
|
||||
|
||||
List<SysRole> query(GridExample example);
|
||||
List<SysRole> query(KeywordRequest request);
|
||||
|
||||
int deleteRoleMenu(@Param("roleId") Long roleId);
|
||||
|
||||
|
||||
@ -9,18 +9,22 @@
|
||||
<result property="name" column="name"/>
|
||||
</resultMap>
|
||||
|
||||
<select id="query" parameterType="io.dataease.ext.query.GridExample" resultMap="io.dataease.plugins.common.base.mapper.SysRoleMapper.BaseResultMap">
|
||||
select r.*
|
||||
from sys_role r
|
||||
<if test="_parameter != null">
|
||||
<include refid="io.dataease.ext.query.GridSql.gridCondition" />
|
||||
</if>
|
||||
<if test="orderByClause != null">
|
||||
order by ${orderByClause}
|
||||
</if>
|
||||
<if test="orderByClause == null">
|
||||
order by r.update_time desc
|
||||
<select id="query" parameterType="io.dataease.plugins.common.request.KeywordRequest" resultMap="io.dataease.plugins.common.base.mapper.SysRoleMapper.BaseResultMap">
|
||||
select r.* from sys_role r
|
||||
<if test="keyword != null">
|
||||
where name like concat('%', #{keyword} , '%')
|
||||
</if>
|
||||
<choose>
|
||||
<when test="orders!=null and orders.size > 0">
|
||||
order by
|
||||
<foreach collection="orders" item="item" open='' separator=',' close=''>
|
||||
${item}
|
||||
</foreach>
|
||||
</when>
|
||||
<otherwise>
|
||||
order by create_time desc
|
||||
</otherwise>
|
||||
</choose>
|
||||
|
||||
</select>
|
||||
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
package io.dataease.plugins.config;
|
||||
|
||||
import io.dataease.commons.utils.LogUtil;
|
||||
import io.dataease.controller.sys.base.BaseGridRequest;
|
||||
import io.dataease.plugins.common.base.domain.MyPlugin;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import io.dataease.service.sys.PluginService;
|
||||
import org.apache.commons.collections4.CollectionUtils;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
@ -37,11 +37,10 @@ public class PluginRunner implements ApplicationRunner {
|
||||
}
|
||||
|
||||
|
||||
|
||||
@Override
|
||||
public void run(ApplicationArguments args) {
|
||||
// 执行加载插件逻辑
|
||||
BaseGridRequest request = new BaseGridRequest();
|
||||
KeywordRequest request = new KeywordRequest();
|
||||
List<MyPlugin> plugins = pluginService.query(request);
|
||||
if (CollectionUtils.isEmpty(plugins)) return;
|
||||
Map<Boolean, List<MyPlugin>> groupMap = plugins.stream().collect(Collectors.groupingBy(this::isDiscard));
|
||||
|
||||
@ -3,20 +3,19 @@ package io.dataease.service.sys;
|
||||
import cn.hutool.core.io.FileUtil;
|
||||
import cn.hutool.core.util.ZipUtil;
|
||||
import com.google.gson.Gson;
|
||||
import io.dataease.commons.utils.IPUtils;
|
||||
import io.dataease.dto.MyPluginDTO;
|
||||
import io.dataease.ext.ExtSysPluginMapper;
|
||||
import io.dataease.ext.query.GridExample;
|
||||
import io.dataease.commons.constants.AuthConstants;
|
||||
import io.dataease.commons.exception.DEException;
|
||||
import io.dataease.commons.utils.CodingUtil;
|
||||
import io.dataease.commons.utils.DeFileUtils;
|
||||
import io.dataease.commons.utils.IPUtils;
|
||||
import io.dataease.commons.utils.LogUtil;
|
||||
import io.dataease.controller.sys.base.BaseGridRequest;
|
||||
import io.dataease.dto.MyPluginDTO;
|
||||
import io.dataease.ext.ExtSysPluginMapper;
|
||||
import io.dataease.i18n.Translator;
|
||||
import io.dataease.listener.util.CacheUtils;
|
||||
import io.dataease.plugins.common.base.domain.MyPlugin;
|
||||
import io.dataease.plugins.common.base.mapper.MyPluginMapper;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import io.dataease.plugins.config.LoadjarUtil;
|
||||
import io.dataease.plugins.entity.PluginOperate;
|
||||
import io.dataease.service.datasource.DatasourceService;
|
||||
@ -65,9 +64,8 @@ public class PluginService {
|
||||
private String version;
|
||||
|
||||
|
||||
public List<MyPlugin> query(BaseGridRequest request) {
|
||||
GridExample gridExample = request.convertExample();
|
||||
return extSysPluginMapper.query(gridExample);
|
||||
public List<MyPlugin> query(KeywordRequest request) {
|
||||
return extSysPluginMapper.query(request);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -207,11 +205,9 @@ public class PluginService {
|
||||
* @return
|
||||
*/
|
||||
public boolean pluginExist(MyPlugin myPlugin) {
|
||||
GridExample gridExample = new GridExample();
|
||||
List<MyPlugin> plugins = extSysPluginMapper.query(gridExample);
|
||||
return plugins.stream().anyMatch(plugin -> {
|
||||
return StringUtils.equals(myPlugin.getName(), plugin.getName()) || StringUtils.equals(myPlugin.getModuleName(), plugin.getModuleName());
|
||||
});
|
||||
KeywordRequest request = new KeywordRequest();
|
||||
List<MyPlugin> plugins = extSysPluginMapper.query(request);
|
||||
return plugins.stream().anyMatch(plugin -> StringUtils.equals(myPlugin.getName(), plugin.getName()) || StringUtils.equals(myPlugin.getModuleName(), plugin.getModuleName()));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,10 +1,10 @@
|
||||
package io.dataease.service.sys;
|
||||
|
||||
|
||||
import io.dataease.ext.ExtSysRoleMapper;
|
||||
import io.dataease.controller.sys.base.BaseGridRequest;
|
||||
import io.dataease.controller.sys.response.RoleUserItem;
|
||||
import io.dataease.ext.ExtSysRoleMapper;
|
||||
import io.dataease.plugins.common.base.domain.SysRole;
|
||||
import io.dataease.plugins.common.request.KeywordRequest;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
@ -16,10 +16,9 @@ public class SysRoleService {
|
||||
@Resource
|
||||
private ExtSysRoleMapper extSysRoleMapper;
|
||||
|
||||
public List<SysRole> query(BaseGridRequest request) {
|
||||
List<SysRole> result = extSysRoleMapper.query(request.convertExample());
|
||||
public List<SysRole> query(KeywordRequest request) {
|
||||
|
||||
return result;
|
||||
return extSysRoleMapper.query(request);
|
||||
}
|
||||
|
||||
public List<RoleUserItem> allRoles() {
|
||||
|
||||
@ -28,7 +28,6 @@
|
||||
|
||||
<script>
|
||||
import { roleGrid } from '@/api/system/user'
|
||||
import { formatCondition } from '@/utils/index'
|
||||
import { loadShares } from '@/api/panel/share'
|
||||
export default {
|
||||
name: 'GrantRole',
|
||||
@ -70,9 +69,8 @@ export default {
|
||||
this.columnLabel = this.defaultHeadName
|
||||
},
|
||||
|
||||
search(condition) {
|
||||
const temp = formatCondition(condition)
|
||||
const param = temp || {}
|
||||
search() {
|
||||
const param = {}
|
||||
roleGrid(1, 0, param).then(response => {
|
||||
const data = response.data
|
||||
this.data = data.listObject
|
||||
|
||||
@ -219,13 +219,7 @@ export default {
|
||||
search() {
|
||||
const param = {}
|
||||
if (this.name) {
|
||||
param.conditions = [
|
||||
{
|
||||
field: 'name',
|
||||
operator: 'like',
|
||||
value: this.name
|
||||
}
|
||||
]
|
||||
param.keyword = this.name
|
||||
}
|
||||
pluginLists(0, 0, param).then((response) => {
|
||||
this.data = response.data.listObject.filter(item => item.pluginId > 1)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user