mirror of
https://codeup.aliyun.com/67762337eccfc218f6110e0e/per-boe/java-servers.git
synced 2025-12-09 02:46:50 +08:00
Compare commits
43 Commits
yx-104-082
...
zcwy0823-l
| Author | SHA1 | Date | |
|---|---|---|---|
|
a15537ef20 | ||
|
|
89573debef | ||
|
|
24ae3c0ec6 | ||
|
|
fffa12344a | ||
|
|
a4b034752d | ||
|
|
06415d58ac | ||
|
|
bebe36d39e | ||
|
|
d42d1b2e83 | ||
|
|
f0fe015561 | ||
|
|
91bcec00ef | ||
|
|
7a210ec701 | ||
|
|
6c616a1163 | ||
|
|
939325d5bd | ||
|
|
4eddbc8e8f | ||
|
|
50bdd59a26 | ||
|
|
b85eb97bc1 | ||
|
|
28b58a73cf | ||
|
|
b9adf4c45f | ||
|
|
49aab74463 | ||
|
|
9f30910d04 | ||
|
|
6658b8c04b | ||
|
|
19df4224a9 | ||
|
|
95ddc9f5d5 | ||
|
|
f3b6bb6fee | ||
|
|
64965f5ec6 | ||
|
|
a407ca2dad | ||
|
|
16f1c2337b | ||
|
|
bf476a23a0 | ||
|
|
0f0edaf2cd | ||
|
|
68d00e8c51 | ||
|
|
41a542ea23 | ||
|
|
fc98025a3a | ||
|
|
e2c697f860 | ||
|
|
c6a785bb4f | ||
|
|
8567fa9ecc | ||
|
|
359b66e48a | ||
|
|
8125a6bd77 | ||
|
|
9b37e8a73d | ||
|
|
2fa3378e94 | ||
|
|
0b7784779f | ||
|
|
e03118275d | ||
|
|
1b1cb17861 | ||
|
|
a35c1faa49 |
@@ -3,7 +3,6 @@ package com.xboe.module.idconfig;
|
||||
import java.net.InetAddress;
|
||||
import java.net.NetworkInterface;
|
||||
import java.net.SocketException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Enumeration;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
@@ -51,10 +50,8 @@ public class IdGeneratorAutoConfig {
|
||||
dataCenterId=ipm.getDcNum();
|
||||
}else {
|
||||
log.warn("无IP【"+ip+"】的配置的workNum和DataCenterNum,系统自动生成随机数");
|
||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
|
||||
workServerId = random.nextInt(31);
|
||||
dataCenterId = random.nextInt(31);
|
||||
|
||||
workServerId=RandomUtils.nextInt(0,31);
|
||||
dataCenterId=RandomUtils.nextInt(0,31);
|
||||
ipm=new IPMapping();
|
||||
ipm.setId(md5);
|
||||
ipm.setIp(ip);
|
||||
|
||||
@@ -1,8 +1,6 @@
|
||||
package com.xboe.module.scorm.cam.load;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.StringReader;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@@ -87,9 +85,6 @@ import com.xboe.module.scorm.cam.model.datatype.NonNegativeInteger;
|
||||
import com.xboe.module.scorm.cam.model.datatype.Token;
|
||||
import com.xboe.module.scorm.cam.model.datatype.VCard;
|
||||
import com.xboe.module.scorm.common.CommonUtils;
|
||||
import org.xml.sax.EntityResolver;
|
||||
import org.xml.sax.InputSource;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
@Slf4j
|
||||
public class ContentPackageGenerator {
|
||||
@@ -124,10 +119,6 @@ public class ContentPackageGenerator {
|
||||
private String scormPkgDir;
|
||||
|
||||
public ContentPackage generateContentPackageFromFile(String scormPkgDir) {
|
||||
if (scormPkgDir.contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
if (scormPkgDir == null) {
|
||||
log.error("scorm package directory is null");
|
||||
return contentPackage;
|
||||
@@ -150,15 +141,6 @@ public class ContentPackageGenerator {
|
||||
Document manifestXml;
|
||||
try {
|
||||
SAXReader reader = new SAXReader();
|
||||
|
||||
reader.setEntityResolver(new EntityResolver() {
|
||||
@Override
|
||||
public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
|
||||
// 总是返回空的InputSource来忽略外部实体
|
||||
return new InputSource(new StringReader(""));
|
||||
}
|
||||
});
|
||||
|
||||
manifestXml = reader.read(manifestXmlFile);
|
||||
|
||||
} catch (DocumentException e) {
|
||||
|
||||
@@ -44,10 +44,6 @@ public class FileUtils {
|
||||
}
|
||||
|
||||
public static File createFile(String dstPath, String fileName) throws IOException {
|
||||
if (dstPath.contains("..") || fileName.contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
String[] dirs = fileName.split("/");
|
||||
File file = new File(dstPath);
|
||||
|
||||
|
||||
@@ -119,11 +119,6 @@ public class SCORMPackageManager {
|
||||
return null;
|
||||
}
|
||||
|
||||
if (packagePath.contains("..")) {
|
||||
// throw new SecurityException("输入路径包含不安全的字符");
|
||||
return null;
|
||||
}
|
||||
|
||||
// step 1: uncompress
|
||||
File f=new File(packagePath);
|
||||
if(!f.exists()) {
|
||||
|
||||
@@ -60,10 +60,6 @@ public class ZipUtils {
|
||||
}
|
||||
|
||||
public static boolean decompressZip(String zipFilePath, String saveFileDir) {
|
||||
if (zipFilePath.contains("..") || saveFileDir.contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
if (!isEndWithZip(zipFilePath)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -12,13 +12,10 @@ import com.xboe.module.dict.entity.DictDto;
|
||||
import com.xboe.module.exam.entity.ExamTest;
|
||||
import com.xboe.school.study.entity.StudyCourse;
|
||||
import com.xboe.system.user.dao.UserDao;
|
||||
import com.xboe.system.user.entity.User;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.data.domain.Page;
|
||||
import org.springframework.stereotype.Service;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
@@ -66,10 +66,6 @@ public class ExcelToPdfConverter implements ICourseFileConverter {
|
||||
|
||||
@Override
|
||||
public String convert(String fileType, String filePath) throws Exception{
|
||||
if (filePath.contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
if (this.getLicense()) {
|
||||
FileOutputStream fileOS=null;
|
||||
String previewPath = null;
|
||||
|
||||
@@ -65,10 +65,6 @@ public class PPTToPdfConverter implements ICourseFileConverter {
|
||||
|
||||
@Override
|
||||
public String convert(String fileType, String filePath) throws Exception{
|
||||
if (filePath.contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
if (this.getLicense()) {
|
||||
InputStream slides=null;
|
||||
Presentation pres=null;
|
||||
|
||||
@@ -69,10 +69,6 @@ public class WordToPdfConverter implements ICourseFileConverter {
|
||||
|
||||
@Override
|
||||
public String convert(String fileType, String filePath) throws Exception{
|
||||
if (filePath.contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
if (this.getLicense()) {
|
||||
File pdfFile=null;
|
||||
FileOutputStream fileOS=null;
|
||||
|
||||
@@ -26,7 +26,6 @@ import com.xboe.module.boecase.vo.BrowseDurationVo;
|
||||
import com.xboe.module.boecase.vo.CasesRecommendLaunchVo;
|
||||
import com.xboe.module.boecase.vo.CasesRecommendPushVo;
|
||||
import com.xboe.module.boecase.vo.CasesRecommendVo;
|
||||
import com.xboe.system.aspectj.anno.FileFormatVerification;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.poi.xssf.streaming.SXSSFSheet;
|
||||
@@ -118,7 +117,6 @@ public class CasesRecommendApi extends ApiBaseController {
|
||||
* @return
|
||||
* @throws Exception
|
||||
*/
|
||||
@FileFormatVerification(whites = {"xlsx", "xls"})
|
||||
@PostMapping("/import")
|
||||
public JsonResponse<ImportData> excelImport(@RequestParam("file") MultipartFile file) throws Exception {
|
||||
ExcelReader reader = ExcelUtil.getReader(file.getInputStream());
|
||||
|
||||
@@ -227,10 +227,6 @@ public class CourseFileApi extends ApiBaseController {
|
||||
return badRequest("请先选择资源归属");
|
||||
}
|
||||
|
||||
if (file.getFilePath().contains("..")) {
|
||||
throw new SecurityException("输入路径包含不安全的字符");
|
||||
}
|
||||
|
||||
// 重设文件类型为小写
|
||||
file.setFileType(file.getFileType().toLowerCase());
|
||||
|
||||
@@ -400,13 +396,6 @@ public class CourseFileApi extends ApiBaseController {
|
||||
return;
|
||||
}
|
||||
|
||||
if (cf.contains("..")) {
|
||||
log.error("参数错误");
|
||||
// throw new SecurityException("输入路径包含不安全的字符");
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
String cfPath=null;
|
||||
String fileName ="";
|
||||
if(StringUtils.isNotBlank(cf)) {
|
||||
@@ -447,11 +436,6 @@ public class CourseFileApi extends ApiBaseController {
|
||||
response.reset();
|
||||
//由于火狐和其他浏览器显示名称的方式不相同,需要进行不同的编码处理
|
||||
if (agent.indexOf("FIREFOX") != -1) {//火狐浏览器
|
||||
// 检查文件名中是否包含不允许的字符
|
||||
if (fileName.matches(".*[\n\r;%].*")) {
|
||||
throw new IllegalArgumentException("Filename contains illegal characters");
|
||||
}
|
||||
|
||||
response.addHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("GB2312"), "ISO-8859-1"));
|
||||
} else {//其他浏览器
|
||||
response.addHeader("Content-Disposition", "attachment;filename=" + URLEncoder.encode(fileName, "UTF-8"));
|
||||
|
||||
@@ -84,6 +84,11 @@ public class CourseContent extends BaseEntity {
|
||||
@Column(name = "duration")
|
||||
private Integer duration;
|
||||
|
||||
/**
|
||||
* 视频播放进度
|
||||
* */
|
||||
@Column(name = "progress_video")
|
||||
private Float progressVideo;
|
||||
|
||||
/**用于学习时的状态显示,非存储字段*/
|
||||
@Transient
|
||||
|
||||
@@ -82,4 +82,7 @@ public interface ICourseContentService{
|
||||
* @return
|
||||
*/
|
||||
CourseAssess getAssess(String ccid);
|
||||
|
||||
void updateProcessVideo(String contentId, String courseId, Float processVideo);
|
||||
|
||||
}
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
package com.xboe.module.course.service.impl;
|
||||
|
||||
import java.sql.PreparedStatement;
|
||||
import java.sql.SQLException;
|
||||
import java.util.List;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
@@ -141,6 +143,17 @@ public class CourseContentServiceImpl implements ICourseContentService {
|
||||
return assess;
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public void updateProcessVideo(String id, String courseId, Float progressVideo) {
|
||||
// 处理 processVideo 为 null 的情况
|
||||
if (progressVideo == null) {
|
||||
progressVideo = 0.00f;
|
||||
}
|
||||
String sql = "UPDATE boe_course_content SET progress_video = "+ progressVideo+" WHERE id = "+ id+" AND course_id = "+ courseId+" ";
|
||||
ccDao.sqlUpdate(sql);
|
||||
}
|
||||
|
||||
@Override
|
||||
@Transactional
|
||||
public void updateName(String id, String name) {
|
||||
|
||||
@@ -8,7 +8,6 @@ import java.util.List;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
|
||||
import com.xboe.system.aspectj.anno.FileFormatVerification;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.poi.hssf.usermodel.HSSFWorkbook;
|
||||
import org.apache.poi.ss.usermodel.Cell;
|
||||
@@ -149,7 +148,6 @@ public class ExamQuestionApi extends ApiBaseController {
|
||||
/**
|
||||
* 导入
|
||||
* */
|
||||
@FileFormatVerification(whites = {"xls","xlsx"})
|
||||
@PostMapping("/import")
|
||||
public JsonResponse<QuestionDto> importQuestion(@RequestParam MultipartFile file){
|
||||
//获取输入流
|
||||
|
||||
@@ -28,7 +28,7 @@ public class ExamTest extends BaseEntity {
|
||||
/**
|
||||
* 考试名称
|
||||
* */
|
||||
@Column(name = "test_name",nullable = false,length = 50)
|
||||
@Column(name = "test_name",length = 50)
|
||||
private String testName;
|
||||
|
||||
/**
|
||||
@@ -46,7 +46,7 @@ public class ExamTest extends BaseEntity {
|
||||
/**
|
||||
* 考试时长 分钟
|
||||
* */
|
||||
@Column(name = "test_duration",nullable = false)
|
||||
@Column(name = "test_duration")
|
||||
private Integer testDuration;
|
||||
/**
|
||||
* 显示解析
|
||||
@@ -107,13 +107,13 @@ public class ExamTest extends BaseEntity {
|
||||
/**
|
||||
* 考试的类型
|
||||
* */
|
||||
@Column(name = "test_type",nullable = false)
|
||||
@Column(name = "test_type")
|
||||
private Integer testType;
|
||||
|
||||
/**
|
||||
* 发布状态 ,是否已发布
|
||||
*/
|
||||
@Column(name = "published",length = 1,nullable = false)
|
||||
@Column(name = "published",length = 1)
|
||||
private Boolean published;
|
||||
/**
|
||||
* 发布时间
|
||||
@@ -154,7 +154,7 @@ public class ExamTest extends BaseEntity {
|
||||
/**
|
||||
* 范围,1表独立使用,2表课程内部
|
||||
* */
|
||||
@Column(name = "range_type",nullable = false)
|
||||
@Column(name = "range_type")
|
||||
private Integer rangeType;
|
||||
|
||||
/**
|
||||
|
||||
@@ -142,9 +142,6 @@ public class AloneExamServiceImpl implements IAloneExamService{
|
||||
if(StringUtils.isNotBlank(aea.getTestId())) {
|
||||
query.addFilter(FieldFilters.eq("testId",aea.getTestId()));
|
||||
}
|
||||
if(StringUtils.isNotBlank(aea.getTestName())) {
|
||||
query.addFilter(FieldFilters.eq("testName",aea.getTestName()));
|
||||
}
|
||||
if(StringUtils.isNotBlank(aea.getAid())) {
|
||||
query.addFilter(FieldFilters.eq("aid",aea.getAid()));
|
||||
}
|
||||
|
||||
@@ -95,7 +95,7 @@ public class ExamTestServiceImpl implements IExamTestService {
|
||||
|
||||
@Override
|
||||
public Boolean has(String paperId) {
|
||||
ExamTest et=examTestDao.findOne(FieldFilters.eq("paperId", paperId));
|
||||
ExamTest et=examTestDao.findOne(FieldFilters.eq("paperId", paperId),FieldFilters.eq("deleted", false));
|
||||
//String etId= (String)examTestDao.findField("id", FieldFilters.eq("paperId", paperId));
|
||||
if(et==null){
|
||||
return true;
|
||||
|
||||
@@ -8,7 +8,6 @@ import java.util.List;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import com.xboe.system.aspectj.anno.FileFormatVerification;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@@ -282,7 +281,6 @@ public class XFileBaseApi extends ApiBaseController{
|
||||
return wrap(list);
|
||||
}
|
||||
|
||||
@FileFormatVerification(whites = {"zip","png","jpg","jpeg","gif","svg","bmp"})
|
||||
@ApiAccess(path="xfile.file.upload")
|
||||
@RequestMapping(value="/file/upload", method={RequestMethod.POST})
|
||||
public JsonResponse<ListViewItem> fileUpload(HttpServletRequest request,String folderId) {
|
||||
|
||||
@@ -11,7 +11,6 @@ import java.util.Set;
|
||||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import com.xboe.system.aspectj.anno.FileFormatVerification;
|
||||
import org.apache.commons.collections4.ListUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
@@ -199,7 +198,6 @@ public class UserGroupApi extends ApiBaseController {
|
||||
* 不直接导入到数据库,而是解析文件并查询相应数据返回
|
||||
* @return
|
||||
*/
|
||||
@FileFormatVerification(whites = {"xlsx","xls"})
|
||||
@PostMapping("/import")
|
||||
public JsonResponse<Iterable<UserImportDto>> importUserGroup(@RequestParam MultipartFile file) {
|
||||
|
||||
|
||||
@@ -11,6 +11,7 @@ import com.xboe.api.vo.*;
|
||||
import com.xboe.module.course.vo.TeacherVo;
|
||||
import com.xboe.module.usergroup.entity.UserGroupItem;
|
||||
import com.xboe.module.usergroup.service.IUserGroupService;
|
||||
import com.xboe.school.study.dao.StudyCourseDao;
|
||||
import org.apache.commons.lang3.ArrayUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -66,6 +67,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||
@RequestMapping(value="/xboe/school/study/course")
|
||||
public class StudyCourseApi extends ApiBaseController{
|
||||
|
||||
|
||||
|
||||
@Autowired
|
||||
IStudyCourseService service;
|
||||
|
||||
@@ -529,7 +532,7 @@ public class StudyCourseApi extends ApiBaseController{
|
||||
* @return
|
||||
*/
|
||||
@PostMapping("/study-video-time")
|
||||
public JsonResponse<Boolean> study(String studyId,String itemId,Integer videoTime){
|
||||
public JsonResponse<Boolean> study(String itemId,Integer videoTime,String contentId , String courseId,Float progressVideo){
|
||||
|
||||
if(StringUtils.isBlank(itemId)){
|
||||
return error("参数错误");
|
||||
@@ -540,6 +543,9 @@ public class StudyCourseApi extends ApiBaseController{
|
||||
//检查是否已存在
|
||||
try {
|
||||
studyService.updateLastTime(itemId,videoTime, getCurrent().getAccountId());
|
||||
if (contentId != null && courseId != null && progressVideo != null){
|
||||
contentService.updateProcessVideo(contentId, courseId, progressVideo);
|
||||
}
|
||||
return success(true);
|
||||
}catch(Exception e) {
|
||||
log.error("记录最后学习时间错误",e);
|
||||
@@ -691,8 +697,9 @@ public class StudyCourseApi extends ApiBaseController{
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@RequestMapping(value="/study-course-content",method = {RequestMethod.GET,RequestMethod.POST})
|
||||
public JsonResponse<StudyCourseItem> findStudyCourseItem(String studyId,String contentId){
|
||||
public JsonResponse<StudyCourseItem> findStudyCourseItem(String studyId,String contentId, HttpServletRequest request){
|
||||
if(StringUtils.isBlank(studyId)){
|
||||
return error("无学习信息");
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import java.util.Map;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import com.xboe.api.ThirdApi;
|
||||
import com.xboe.school.study.dao.StudyCourseDao;
|
||||
import com.xboe.school.study.entity.StudyCourse;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -32,6 +33,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||
@RestController
|
||||
@RequestMapping(value="/xboe/school/study/exam")
|
||||
public class StudyExamApi extends ApiBaseController{
|
||||
@Autowired
|
||||
StudyCourseDao scDao;
|
||||
|
||||
@Autowired
|
||||
IStudyExamService sexamService;
|
||||
|
||||
@@ -44,7 +44,7 @@ public class StudyAssessServiceImpl implements IStudyAssessService{
|
||||
LocalDateTime ldt=LocalDateTime.now();
|
||||
sci.setStudyId(assess.getStudyId());
|
||||
sci.setContentId(assess.getContentId());
|
||||
//sci.setContentName(homework.getContentName());
|
||||
sci.setContentName("评估");
|
||||
sci.setCourseId(assess.getCourseId());
|
||||
//sci.setCsectionId(homework.getCsectionId());
|
||||
sci.setProgress(100);//直接设置为学习完成
|
||||
|
||||
@@ -82,7 +82,7 @@ public class StudyExamServiceImpl implements IStudyExamService{
|
||||
LocalDateTime ldt=LocalDateTime.now();
|
||||
sci.setStudyId(exam.getStudyId());
|
||||
sci.setContentId(exam.getContentId());
|
||||
//sci.setContentName(homework.getContentName());
|
||||
sci.setContentName("考试");
|
||||
sci.setCourseId(exam.getCourseId());
|
||||
//sci.setCsectionId(homework.getCsectionId());
|
||||
sci.setProgress(prog);//直接设置为学习完成
|
||||
|
||||
@@ -46,7 +46,7 @@ public class StudyHomeWorkServiceImpl implements IStudyHomeWorkService{
|
||||
LocalDateTime ldt=LocalDateTime.now();
|
||||
sci.setStudyId(homework.getStudyId());
|
||||
sci.setContentId(homework.getContentId());
|
||||
//sci.setContentName(homework.getContentName());
|
||||
sci.setContentName(homework.getHwName());
|
||||
sci.setCourseId(homework.getCourseId());
|
||||
//sci.setCsectionId(homework.getCsectionId());
|
||||
sci.setProgress(100);//直接设置为学习完成
|
||||
@@ -67,7 +67,7 @@ public class StudyHomeWorkServiceImpl implements IStudyHomeWorkService{
|
||||
//只是保留一条作业记录,不再保存多条记录了
|
||||
//dao.save(homework);
|
||||
//设置id。然后进行悠
|
||||
homework.setId(obj.toString());
|
||||
homework.setId(homework.getStudyItemId());
|
||||
dao.update(homework);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -182,7 +182,7 @@ public class StudyServiceImpl implements IStudyService{
|
||||
if(StringUtils.isNotBlank(name)) {
|
||||
query.addFilter(FieldFilters.eq("aname", name));
|
||||
}
|
||||
int pageIndex2 = pageIndex-1;
|
||||
int pageIndex2 = (pageIndex-1)*10;
|
||||
if(status!=null) {
|
||||
if(status==3) {
|
||||
query.addFilter(FieldFilters.eq("status", 2));
|
||||
@@ -193,16 +193,16 @@ public class StudyServiceImpl implements IStudyService{
|
||||
}else if (status == 1) {
|
||||
String sql = "select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.content_id,0 as progress,1 as status from boe_study_course bsc " +
|
||||
" left join boe_study_course_item item on bsc.course_id = item.course_id and bsc.id = item.study_id" +
|
||||
" where bsc.course_id = '"+courseId+"' and bsc.id not in(" +
|
||||
" where bsc.course_id = '"+courseId+"' and bsc.aname like '%"+name+"%' and bsc.id not in(" +
|
||||
" select item.study_id from boe_study_course_item item " +
|
||||
" where item.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by item.study_id" +
|
||||
" where item.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' and item.aname like '%"+name+"%' group by item.study_id" +
|
||||
" ) group by bsc.id limit "+ pageIndex2+","+ pageSize+";";
|
||||
|
||||
String sql2 = "select count(*) as total from (select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.content_id,0 as progress,1 as status from boe_study_course bsc " +
|
||||
" left join boe_study_course_item item on bsc.course_id = item.course_id and bsc.id = item.study_id" +
|
||||
" where bsc.course_id = '"+courseId+"' and bsc.id not in(" +
|
||||
" where bsc.course_id = '"+courseId+"' and bsc.aname like '%"+name+"%' and bsc.id not in(" +
|
||||
" select item.study_id from boe_study_course_item item " +
|
||||
" where item.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by item.study_id" +
|
||||
" where item.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' and item.aname like '%"+name+"%' group by item.study_id" +
|
||||
" ) group by bsc.id) as total";
|
||||
log.info("资源完成情况未开始sql"+sql);
|
||||
List<Object[]> list = scDao.sqlFindList(sql);
|
||||
@@ -224,46 +224,22 @@ public class StudyServiceImpl implements IStudyService{
|
||||
return pageList;
|
||||
}
|
||||
}
|
||||
// String sql = "select * from (select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.progress,item.status from boe_study_course bsc left join " +
|
||||
// "boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
|
||||
// "where bsc.`status` in (2,9) and bsc.course_id = '"+ courseId+"' group by bsc.id " +
|
||||
// " UNION ALL " +
|
||||
// " select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,0 as progress,1 as status from boe_study_course bsc " +
|
||||
// " LEFT JOIN boe_study_course_item item on item.course_id = bsc.course_id " +
|
||||
// " where bsc.course_id = '"+courseId+"' and bsc.id not in (" +
|
||||
// " select bsc.id from boe_study_course bsc " +
|
||||
// " left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
|
||||
// " where bsc.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by bsc.id" +
|
||||
// " )group by bsc.id) a group by a.id limit "+ pageIndex+","+ pageSize+";";
|
||||
|
||||
// String sql2 = "select count(*) from (select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.progress,item.status from boe_study_course bsc left join " +
|
||||
// "boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
|
||||
// "where bsc.`status` in (2,9) and bsc.course_id = '"+ courseId+"' group by bsc.id " +
|
||||
// " UNION ALL " +
|
||||
// " select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,0 as progress,1 as status from boe_study_course bsc " +
|
||||
// " LEFT JOIN boe_study_course_item item on item.course_id = bsc.course_id " +
|
||||
// " where bsc.course_id = '"+courseId+"' and bsc.id not in (" +
|
||||
// " select bsc.id from boe_study_course bsc " +
|
||||
// " left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
|
||||
// " where bsc.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by bsc.id" +
|
||||
// " )group by bsc.id) a group by a.id";
|
||||
|
||||
String sql = "select a.id, a.course_id, a.course_name, a.aname, " +
|
||||
"IFNULL(b.finish_time, '0') as finish_time, IFNULL(b.progress, 0) as progress, IFNULL(b.status, 1) as status " +
|
||||
"from (select id, course_id, course_name, aname, 0, 1 from boe_study_course where course_id = '" + courseId + "') a " +
|
||||
"from (select id, course_id, course_name, aname, 0, 1 from boe_study_course where course_id = '" + courseId + "' and aname like '%"+name+"%') a " +
|
||||
"left join " +
|
||||
"(select bsc.id, bsc.course_id, bsc.course_name, bsc.aname, item.finish_time, item.progress, item.status " +
|
||||
"from boe_study_course bsc left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
|
||||
"where bsc.course_id = '" + courseId + "' and item.content_id = '" + contentId + "' group by bsc.id) b " +
|
||||
"where bsc.course_id = '" + courseId + "' and item.content_id = '" + contentId + "' and item.aname like '%"+name+"%' group by bsc.id) b " +
|
||||
"on a.course_id = b.course_id and a.id = b.id " +
|
||||
"group by a.id limit "+ pageIndex2+","+ pageSize+";";
|
||||
String sql2 = "select count(*) as total from (select a.id, a.course_id, a.course_name, a.aname, " +
|
||||
"IFNULL(b.finish_time, 0) as finish_time, IFNULL(b.progress, 0) as progress, IFNULL(b.status, 1) as status " +
|
||||
"from (select id, course_id, course_name, aname, 0, 1 from boe_study_course where course_id = '" + courseId + "') a " +
|
||||
"from (select id, course_id, course_name, aname, 0, 1 from boe_study_course where course_id = '" + courseId + "' and aname like '%"+name+"%') a " +
|
||||
"left join " +
|
||||
"(select bsc.id, bsc.course_id, bsc.course_name, bsc.aname, item.finish_time, item.progress, item.status " +
|
||||
"from boe_study_course bsc left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
|
||||
"where bsc.course_id = '" + courseId + "' and item.content_id = '" + contentId + "' group by bsc.id) b " +
|
||||
"where bsc.course_id = '" + courseId + "' and item.content_id = '" + contentId + "' and item.aname like '%"+name+"%' group by bsc.id) b " +
|
||||
"on a.course_id = b.course_id and a.id = b.id " +
|
||||
"group by a.id) as total";
|
||||
log.info("资源完成情况全部sql"+sql);
|
||||
|
||||
@@ -14,10 +14,8 @@ import java.util.Set;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import com.xboe.system.aspectj.anno.FileFormatVerification;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
@@ -46,9 +44,6 @@ public class SysUploaderApi extends ApiBaseController{
|
||||
@Autowired
|
||||
XFileUploader uploader;
|
||||
|
||||
@Value(value = "${boe.domain}")
|
||||
String domain;
|
||||
|
||||
private static Set<String> fileTypeSet=new HashSet<>();
|
||||
static {
|
||||
fileTypeSet.add("mp3");
|
||||
@@ -67,7 +62,6 @@ public class SysUploaderApi extends ApiBaseController{
|
||||
fileTypeSet.add("zip");
|
||||
}
|
||||
|
||||
@FileFormatVerification(whites = {"mp3","wmv","mp4","jpg","png","gif","doc","docx","xls","xlsx","ppt","pptx","pdf","zip"})
|
||||
@RequestMapping(value = "/file/upload", method = RequestMethod.POST)
|
||||
public JsonResponse<XUploadResult> save(HttpServletRequest request, String name,String dir) throws IOException {
|
||||
//以下三项用于回调
|
||||
@@ -156,7 +150,6 @@ public class SysUploaderApi extends ApiBaseController{
|
||||
public void urlDownload(HttpServletResponse res,String urlStr,String fileName) throws IOException {
|
||||
|
||||
URL url = new URL(urlStr);
|
||||
downloadLimitation(url);
|
||||
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
|
||||
//设置超时间为3秒
|
||||
conn.setConnectTimeout(3*1000);
|
||||
@@ -200,19 +193,4 @@ public class SysUploaderApi extends ApiBaseController{
|
||||
//System.out.println("success");
|
||||
}
|
||||
|
||||
private void downloadLimitation(URL url) {
|
||||
String allowedDomain = domain;
|
||||
String allowedPathPrefix = "/upload/xfile/";
|
||||
|
||||
// 检查域名是否正确
|
||||
if (!url.getHost().equals(allowedDomain)) {
|
||||
throw new SecurityException("Download from this domain is not allowed.");
|
||||
}
|
||||
|
||||
// 检查路径是否以允许的路径前缀开始
|
||||
if (!url.getPath().startsWith(allowedPathPrefix)) {
|
||||
throw new SecurityException("Download from this path is not allowed.");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,91 +0,0 @@
|
||||
package com.xboe.system.aspectj;
|
||||
|
||||
import com.xboe.system.aspectj.anno.FileFormatVerification;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.aspectj.lang.JoinPoint;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
import org.aspectj.lang.annotation.Before;
|
||||
import org.aspectj.lang.annotation.Pointcut;
|
||||
import org.aspectj.lang.reflect.MethodSignature;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
import org.springframework.web.multipart.MultipartHttpServletRequest;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.lang.reflect.Method;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
|
||||
|
||||
/**
|
||||
* @author admin
|
||||
*/
|
||||
@Aspect
|
||||
@Slf4j
|
||||
@Component
|
||||
public class UploadAspect {
|
||||
|
||||
|
||||
@Pointcut("@annotation(com.xboe.system.aspectj.anno.FileFormatVerification)")
|
||||
private void fileUpload() {
|
||||
}
|
||||
|
||||
@Before("fileUpload()")
|
||||
public void fileFormatVerifies(JoinPoint joinPoint) {
|
||||
List<String> whiteList = getWhiteList(joinPoint);
|
||||
|
||||
|
||||
String[] FILE_UPLOAD_BLACKLIST = {"exe", "sh", "py", "html", "xhtml", "php", "php5", "dat", "dbf", "dev", "asp", "aspx", "asa", "aspx", "ashx", "asmx", "asax", "ascx", "jsp", "jspx", "jspf", "cgi", "war", "ini", "js"};
|
||||
List<String> blackList = Arrays.asList(FILE_UPLOAD_BLACKLIST);
|
||||
|
||||
// 在目标方法执行前执行的代码
|
||||
Object[] args = joinPoint.getArgs(); // 获取被调用方法的参数
|
||||
|
||||
// 处理MultipartFile
|
||||
Arrays.stream(args)
|
||||
.filter(arg -> arg instanceof MultipartFile)
|
||||
.map(arg -> (MultipartFile) arg)
|
||||
.forEach(file -> {
|
||||
String name = file.getOriginalFilename();
|
||||
String fileSuffix = name.substring(name.lastIndexOf(".") + 1);
|
||||
if (blackList.contains(fileSuffix) || !whiteList.contains(fileSuffix)) {
|
||||
throw new RuntimeException("文件格式不支持");
|
||||
}
|
||||
});
|
||||
|
||||
// 处理HttpServletRequest中的文件名
|
||||
Arrays.stream(args)
|
||||
.filter(arg -> arg instanceof HttpServletRequest)
|
||||
.map(arg -> (HttpServletRequest) arg)
|
||||
.filter(req -> req instanceof MultipartHttpServletRequest)
|
||||
.map(req -> (MultipartHttpServletRequest) req)
|
||||
.forEach(req -> {
|
||||
req.getFileMap().forEach((k, v) -> {
|
||||
String fileSuffix = v.getOriginalFilename().substring(v.getOriginalFilename().lastIndexOf(".") + 1);
|
||||
if (blackList.contains(fileSuffix) || !whiteList.contains(fileSuffix)) {
|
||||
throw new RuntimeException("文件格式不支持");
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
int i = 1 / 0;
|
||||
|
||||
|
||||
}
|
||||
|
||||
private static List<String> getWhiteList(JoinPoint joinPoint) {
|
||||
MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
|
||||
Method method = methodSignature.getMethod();
|
||||
|
||||
// 获取FileFormatVerification注解
|
||||
FileFormatVerification annotation = method.getAnnotation(FileFormatVerification.class);
|
||||
|
||||
// 获取whiteList属性
|
||||
String[] whites = annotation.whites();
|
||||
List<String> whiteList = Arrays.asList(whites);
|
||||
return whiteList;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
package com.xboe.system.aspectj.anno;
|
||||
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
|
||||
@Target(ElementType.METHOD) // 注解目标为方法
|
||||
@Retention(RetentionPolicy.RUNTIME) // 注解在运行时有效
|
||||
public @interface FileFormatVerification {
|
||||
String[] whites() default {};
|
||||
|
||||
}
|
||||
@@ -4,7 +4,7 @@ spring.redis.database=1
|
||||
#spring.redis.password=ENC(zA5LNV8xw3yEx6LMwdGGBGgNsOaD3Cg+)
|
||||
#spring.redis.port=6379
|
||||
spring.redis.host=124.70.92.162
|
||||
spring.redis.password=ENC(5oXfdmgE2DDHUFhrGkS/UzUCxr7s8stV)
|
||||
spring.redis.password=qwert!W577
|
||||
spring.redis.port=6379
|
||||
|
||||
# cloud nacos config
|
||||
@@ -20,7 +20,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
|
||||
#spring.datasource.password=ENC(lAoFOYuc8CAypPtigTNLYg==)
|
||||
spring.datasource.url=jdbc:mysql://10.251.160.40:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
|
||||
spring.datasource.username=admin
|
||||
spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
|
||||
spring.datasource.password=boeRds01
|
||||
|
||||
logging.level.org.hibernate.SQL=DEBUG
|
||||
logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
## redis
|
||||
spring.redis.database=1
|
||||
spring.redis.host=10.251.160.38
|
||||
spring.redis.password=ENC(5oXfdmgE2DDHUFhrGkS/UzUCxr7s8stV)
|
||||
spring.redis.password=qwert!W577
|
||||
spring.redis.port=6379
|
||||
#spring.redis.database=3
|
||||
#spring.redis.host=10.251.129.122
|
||||
@@ -17,7 +17,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
|
||||
# spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
|
||||
spring.datasource.url=jdbc:mysql://10.251.129.126:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
|
||||
spring.datasource.username=admin
|
||||
spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
|
||||
spring.datasource.password=boeRds01
|
||||
|
||||
logging.level.org.hibernate.SQL=ERROR
|
||||
#logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE
|
||||
|
||||
@@ -4,7 +4,7 @@ spring.cloud.nacos.discovery.server-addr=10.251.129.51:8848
|
||||
## redis
|
||||
spring.redis.database=1
|
||||
spring.redis.host=10.251.129.122
|
||||
spring.redis.password=ENC(e1k00MMRGU0DUHvLX8JSOuDkCX0CWNif)
|
||||
spring.redis.password=qwert!W588
|
||||
spring.redis.port=6379
|
||||
|
||||
|
||||
@@ -18,7 +18,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
|
||||
#spring.datasource.password=ocYMC>!{8G
|
||||
spring.datasource.url=jdbc:mysql://10.251.129.126:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
|
||||
spring.datasource.username=admin
|
||||
spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
|
||||
spring.datasource.password=boeRds01
|
||||
|
||||
## 使用 hikari 连接池
|
||||
spring.datasource.type=com.zaxxer.hikari.HikariDataSource
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
## redis
|
||||
spring.redis.database=1
|
||||
spring.redis.host=10.251.160.38
|
||||
spring.redis.password=ENC(oXmZ5HIrhizHQ/DWPNv/S/1hUNJbbRjv)
|
||||
spring.redis.password=qwert!W577
|
||||
spring.redis.port=6379
|
||||
|
||||
# cloud nacos config
|
||||
@@ -13,7 +13,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
|
||||
# spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
|
||||
spring.datasource.url=jdbc:mysql://10.251.160.40:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
|
||||
spring.datasource.username=admin
|
||||
spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
|
||||
spring.datasource.password=boeRds01
|
||||
|
||||
## 使用 hikari 连接池
|
||||
spring.datasource.type=com.zaxxer.hikari.HikariDataSource
|
||||
@@ -72,7 +72,7 @@ jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator
|
||||
xboe.elasticsearch.server.ip=10.251.129.25
|
||||
xboe.elasticsearch.server.port=9200
|
||||
xboe.elasticsearch.server.user=elastic
|
||||
xboe.elasticsearch.server.password=ENC(903xqMcg31J+OhmZ0AoinYqvzLoAt8UZ)
|
||||
xboe.elasticsearch.server.password=Boe@es123
|
||||
|
||||
## 邮件的配置
|
||||
xboe.email.url=https://u-pre.boe.com/api/b1/email/send
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
## redis
|
||||
spring.redis.database=2
|
||||
spring.redis.host=10.251.160.38
|
||||
spring.redis.password=ENC(5oXfdmgE2DDHUFhrGkS/UzUCxr7s8stV)
|
||||
spring.redis.password=qwert!W577
|
||||
spring.redis.port=6379
|
||||
|
||||
## datasource config
|
||||
@@ -10,7 +10,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
|
||||
# spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
|
||||
spring.datasource.url=jdbc:mysql://10.251.160.40:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
|
||||
spring.datasource.username=admin
|
||||
spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
|
||||
spring.datasource.password=boeRds01
|
||||
|
||||
logging.level.org.hibernate.SQL=DEBUG
|
||||
logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE
|
||||
@@ -60,7 +60,7 @@ jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator
|
||||
xboe.elasticsearch.server.ip=10.251.129.25
|
||||
xboe.elasticsearch.server.port=9200
|
||||
xboe.elasticsearch.server.user=elastic
|
||||
xboe.elasticsearch.server.password=ENC(903xqMcg31J+OhmZ0AoinYqvzLoAt8UZ)
|
||||
xboe.elasticsearch.server.password=Boe@es123
|
||||
|
||||
## 邮件的配置
|
||||
xboe.email.url=https://10.251.160.135/api/b1/email/send
|
||||
|
||||
Reference in New Issue
Block a user