ZIP条目覆盖,补充

新在线课逻辑删除库名

See merge request !115

modules/boe-module-idconfig/src/main/java/com/xboe/module/idconfig/IdGeneratorAutoConfig.java

@@ -3,6 +3,7 @@ package com.xboe.module.idconfig;
 import java.net.InetAddress;
 import java.net.NetworkInterface;
 import java.net.SocketException;
+import java.security.SecureRandom;
 import java.util.Enumeration;
 
 import javax.annotation.Resource;
@@ -50,8 +51,10 @@ public class IdGeneratorAutoConfig {
 			dataCenterId=ipm.getDcNum();
 		}else {
 			log.warn("无IP【"+ip+"】的配置的workNum和DataCenterNum,系统自动生成随机数");
-			workServerId=RandomUtils.nextInt(0,31);
-			dataCenterId=RandomUtils.nextInt(0,31);
+			SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+			workServerId = random.nextInt(31);
+			dataCenterId = random.nextInt(31);
+
 			ipm=new IPMapping();
 			ipm.setId(md5);
 			ipm.setIp(ip);

modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/ContentPackageGenerator.java

@@ -1,6 +1,8 @@
 package com.xboe.module.scorm.cam.load;
 
 import java.io.File;
+import java.io.IOException;
+import java.io.StringReader;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -85,6 +87,9 @@ import com.xboe.module.scorm.cam.model.datatype.NonNegativeInteger;
 import com.xboe.module.scorm.cam.model.datatype.Token;
 import com.xboe.module.scorm.cam.model.datatype.VCard;
 import com.xboe.module.scorm.common.CommonUtils;
+import org.xml.sax.EntityResolver;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
 
 @Slf4j
 public class ContentPackageGenerator {
@@ -119,6 +124,10 @@ public class ContentPackageGenerator {
     private String scormPkgDir;
 
     public  ContentPackage generateContentPackageFromFile(String scormPkgDir) {
+        if (scormPkgDir.contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         if (scormPkgDir == null) {
             log.error("scorm package directory is null");
             return contentPackage;
@@ -140,7 +149,16 @@ public class ContentPackageGenerator {
 
         Document manifestXml;
         try {
-        	SAXReader reader = new SAXReader();       
+        	SAXReader reader = new SAXReader();
+
+            reader.setEntityResolver(new EntityResolver() {
+                @Override
+                public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
+                    // 总是返回空的InputSource来忽略外部实体
+                    return new InputSource(new StringReader(""));
+                }
+            });
+
             manifestXml = reader.read(manifestXmlFile);
             
         } catch (DocumentException e) {

modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/FileUtils.java

@@ -44,6 +44,10 @@ public class FileUtils {
     }
 
     public static File createFile(String dstPath, String fileName) throws IOException {
+        if (dstPath.contains("..") || fileName.contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         String[] dirs = fileName.split("/");
         File file = new File(dstPath);
 

modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/SCORMPackageManager.java

@@ -119,6 +119,11 @@ public class SCORMPackageManager {
             return null;
         }
 
+        if (packagePath.contains("..")) {
+//            throw new SecurityException("输入路径包含不安全的字符");
+            return null;
+        }
+
         // step 1: uncompress
         File f=new File(packagePath);
         if(!f.exists()) {

modules/boe-module-scorm/src/main/java/com/xboe/module/scorm/cam/load/ZipUtils.java

@@ -60,6 +60,10 @@ public class ZipUtils {
     }
 
     public static boolean decompressZip(String zipFilePath, String saveFileDir) {
+        if (zipFilePath.contains("..") || saveFileDir.contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         if (!isEndWithZip(zipFilePath)) {
             return false;
         }

servers/boe-server-all/src/main/java/com/xboe/api/ThirdApi.java

@@ -9,6 +9,7 @@ import com.xboe.module.course.vo.StudyCourseVo;
 import com.xboe.module.course.vo.TeacherInfoVo;
 import com.xboe.module.course.vo.TeacherVo;
 import com.xboe.module.dict.entity.DictDto;
+import com.xboe.module.exam.entity.ExamTest;
 import com.xboe.school.study.entity.StudyCourse;
 import com.xboe.system.user.dao.UserDao;
 import com.xboe.system.user.entity.User;
@@ -62,6 +63,9 @@ public class ThirdApi {
 
     @Value("${coursesuilt.getStudyStatus}")
     private String getStudyStatus;
+
+    @Value("${manageApi.editExam}")
+    private String editExam;
     //获取例外人员的id
     public  List<String> getUserId(){
         String responseBody = Optional.ofNullable(HttpRequest.get(infarasApiUrl+"?pid=316&type=1").execute() //prod 316
@@ -206,6 +210,14 @@ public class ThirdApi {
         return studyCourseResult.getResult();
     }
 
+    public void sqlUpdate(ExamTest examTest, String token) {
+        examTest.setSysUpdateTime(null);
+        examTest.setSysCreateTime(null);
+        examTest.setPublishTime(null);
+        String resp = Optional.ofNullable(HttpRequest.post(editExam).body(JSONUtil.toJsonStr(examTest)).header("token", token).execute().body()).orElseThrow(() -> new RuntimeException("token校验失败"));
+        Opt.ofBlankAble(resp).map(t -> JSONUtil.toBean(t, DynamicBean.class).success());
+    }
+
     public static void main(String[] args) {
         String token = "eyJ0eXBlIjoidG9rZW4iLCJhbGciOiJIUzI1NiJ9.eyJjb21wYW55Q29kZSI6IkMwMDEiLCJ1SWQiOiI5NjUzNDIwMjc0OTc2MDcxNjgiLCJjb21wYW55SWQiOiIxMDQxNjczOTc3Mzc5OTQ2NDk2IiwibG9naW5JZCI6IjE2ODg0NDg5MjIwNzY0OTE3NzgiLCJpc3MiOiJodHRwOi8vdS5ib2UuY29tIiwiR2l2ZW5OYW1lIjoiYm9ldSIsImV4cCI6MTY5MTM5OTc2NzU1OCwidXNlck5hbWUiOiLmnY7njonlhrAiLCJ1c2VySWQiOiI2QjA0OUZBRi1DMzE0LTdDQ0YtMEQyOC0wRDIzRjRDNDI1MzEifQ==.8b52dcf4d48a790ed258b9ca2b279bb269f5301722095382fbd352705b51c893";
         String resp = Optional.ofNullable(HttpRequest.post("https://u-pre.boe.com/statApi/xboe/m/stat/userdynamic/list").body(JSONUtil.toJsonStr(UserdynamicParam.builder().
@@ -221,4 +233,6 @@ public class ThirdApi {
 
 
     }
+
+
 }

servers/boe-server-all/src/main/java/com/xboe/converter/ExcelToPdfConverter.java

@@ -66,6 +66,10 @@ public class ExcelToPdfConverter implements ICourseFileConverter {
 
     @Override
     public String convert(String fileType, String filePath)  throws Exception{
+        if (filePath.contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         if (this.getLicense()) {
             FileOutputStream fileOS=null;
             String previewPath = null;

servers/boe-server-all/src/main/java/com/xboe/converter/PPTToPdfConverter.java

@@ -65,6 +65,10 @@ public class PPTToPdfConverter implements ICourseFileConverter {
 
     @Override
     public String convert(String fileType, String filePath) throws Exception{
+        if (filePath.contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         if (this.getLicense()) {
             InputStream slides=null;
             Presentation pres=null;

servers/boe-server-all/src/main/java/com/xboe/converter/WordToPdfConverter.java

@@ -69,6 +69,10 @@ public class WordToPdfConverter implements ICourseFileConverter {
 
     @Override
     public String convert(String fileType, String filePath) throws Exception{
+        if (filePath.contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         if (this.getLicense()) {
             File pdfFile=null;
             FileOutputStream fileOS=null;

servers/boe-server-all/src/main/java/com/xboe/data/dto/UserOrgIds.java

@@ -17,5 +17,7 @@ public class UserOrgIds {
 	private Map<String,Boolean> permissions=new HashMap<String,Boolean>(); 
 	
 	private List<String> ids;
+	//hrbp只读权限
+	private List<String> readIds;
 	
 }

servers/boe-server-all/src/main/java/com/xboe/data/outside/OutSideDataServiceImpl.java

@@ -229,8 +229,10 @@ public class OutSideDataServiceImpl implements IOutSideDataService {
 	public UserOrgIds getOrgIds() {
 		UserOrgIds uids=new UserOrgIds();
 		List<String> orgIds = new ArrayList<>();
-		
+		List<String> readIds = new ArrayList<>();
+
 		uids.setIds(orgIds);
+		uids.setReadIds(readIds);
 		String token = TokenProxy.getToken(request);
 		String type="application/json";
 		String[] headers=new String[] {"token",token,"Content-Type",type};
@@ -281,7 +283,8 @@ public class OutSideDataServiceImpl implements IOutSideDataService {
 					while (elements.hasNext()){
 						String oid=elements.next().asText();
 						if(!orgSetIds.contains(oid)) {
-							orgIds.add(oid);
+//							orgIds.add(oid);
+							readIds.add(oid);
 						}
 					}
 				}

servers/boe-server-all/src/main/java/com/xboe/module/boecase/api/CasesRecommendApi.java

@@ -26,6 +26,7 @@ import com.xboe.module.boecase.vo.BrowseDurationVo;
 import com.xboe.module.boecase.vo.CasesRecommendLaunchVo;
 import com.xboe.module.boecase.vo.CasesRecommendPushVo;
 import com.xboe.module.boecase.vo.CasesRecommendVo;
+import com.xboe.system.aspectj.anno.FileFormatVerification;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.poi.xssf.streaming.SXSSFSheet;
@@ -117,6 +118,7 @@ public class CasesRecommendApi extends ApiBaseController {
      * @return
      * @throws Exception
      */
+    @FileFormatVerification(whites = {"xlsx", "xls"})
     @PostMapping("/import")
     public JsonResponse<ImportData> excelImport(@RequestParam("file") MultipartFile file) throws Exception {
         ExcelReader reader = ExcelUtil.getReader(file.getInputStream());

servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseFileApi.java

@@ -227,6 +227,10 @@ public class CourseFileApi extends ApiBaseController {
         	return badRequest("请先选择资源归属");
         }
 
+        if (file.getFilePath().contains("..")) {
+            throw new SecurityException("输入路径包含不安全的字符");
+        }
+
         // 重设文件类型为小写
         file.setFileType(file.getFileType().toLowerCase());
 
@@ -395,8 +399,15 @@ public class CourseFileApi extends ApiBaseController {
 			//return badRequest("参数错误");
 			return;
 		}
-		
-		String cfPath=null;
+
+        if (cf.contains("..")) {
+            log.error("参数错误");
+//            throw new SecurityException("输入路径包含不安全的字符");
+            return;
+        }
+
+
+        String cfPath=null;
 		String fileName ="";
 		if(StringUtils.isNotBlank(cf)) {
 			cfPath=cf;
@@ -436,6 +447,11 @@ public class CourseFileApi extends ApiBaseController {
             response.reset();
             //由于火狐和其他浏览器显示名称的方式不相同，需要进行不同的编码处理
             if (agent.indexOf("FIREFOX") != -1) {//火狐浏览器
+                // 检查文件名中是否包含不允许的字符
+                if (fileName.matches(".*[\n\r;%].*")) {
+                    throw new IllegalArgumentException("Filename contains illegal characters");
+                }
+
                 response.addHeader("Content-Disposition", "attachment;filename=" + new String(fileName.getBytes("GB2312"), "ISO-8859-1"));
             } else {//其他浏览器
                 response.addHeader("Content-Disposition", "attachment;filename=" + URLEncoder.encode(fileName, "UTF-8"));

servers/boe-server-all/src/main/java/com/xboe/module/course/api/CourseManageApi.java

@@ -1,11 +1,7 @@
 	package com.xboe.module.course.api;
 
 import java.io.OutputStream;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
@@ -134,7 +130,6 @@ public class CourseManageApi extends ApiBaseController{
 	        }else {
 	        	dto.setIsSystemAdmin(false);
 	        }
-	        
 	        String ids="";
 	        if(userOrgIds.getIds()!=null && !userOrgIds.getIds().isEmpty())
 	        {
@@ -142,12 +137,14 @@ public class CourseManageApi extends ApiBaseController{
 	        }
 	        //log.info("获取到的用户的组织机构权限ids",ids);
 	        String aid=getCurrent().getAccountId();
+//			String aid="1706272694871445506";
 	        //如果前端查询当前人的，这里去掉
 	        if(StringUtils.isNotBlank(dto.getAid())) {
 	        	dto.setAid(null);
 	        }
 	        dto.setOrgAid(aid);
 	        dto.setOrgIds(ids);
+			dto.setReadIds(userOrgIds.getReadIds());
 	        PageList<Course> coursePageList = courseService.findPage(pager.getPageIndex(), pager.getPageSize(),dto);
 			return success(coursePageList);
         }catch(Exception e) {

servers/boe-server-all/src/main/java/com/xboe/module/course/dao/CourseContentDao.java

@@ -1,10 +1,13 @@
 package com.xboe.module.course.dao;
 
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.stereotype.Repository;
 
 import com.xboe.core.orm.BaseDao;
 import com.xboe.module.course.entity.CourseContent;
 
+import java.util.List;
+
 @Repository
 public class CourseContentDao extends BaseDao<CourseContent> {
 	
@@ -20,4 +23,5 @@ public class CourseContentDao extends BaseDao<CourseContent> {
 		int count=count(hql, courseId);
 		return count;
     }
+
 }

servers/boe-server-all/src/main/java/com/xboe/module/course/dto/CourseQueryDto.java

@@ -2,6 +2,8 @@ package com.xboe.module.course.dto;
 
 import lombok.Data;
 
+import java.util.List;
+
 /**
  * 课程查询的条件对象
  */
@@ -102,6 +104,9 @@ public class CourseQueryDto {
      * */
     private String orgIds;
 
+    //hrpb只读
+    private List<String> readIds;
+
     /**用户权限的查询*/
     private String orgAid;
 
@@ -110,6 +115,11 @@ public class CourseQueryDto {
      */
     private Boolean isSystemAdmin;
 
+    /**
+     * 是否是新建在线可
+     */
+    private Boolean isCreateCourse;
+
     private Boolean visible;
 
     private String refId;
@@ -129,4 +139,5 @@ public class CourseQueryDto {
      * 登录人id
      */
     private String userId;
+
 }

servers/boe-server-all/src/main/java/com/xboe/module/course/entity/Course.java

@@ -370,6 +370,9 @@ public class Course extends BaseEntity {
     
     @Column(name = "ref_type",length=32,columnDefinition="varchar(32) comment '反向关联的类型'")
     private String refType;
+
+    @Transient
+    private Boolean isPermission=true;
     
     @Transient
     private String orgName;

servers/boe-server-all/src/main/java/com/xboe/module/course/entity/CourseContent.java

@@ -100,6 +100,21 @@ public class CourseContent extends BaseEntity {
     	this.contentType=contentType;
     	this.contentRefId=contentRefId;
     }
-    
 
+    @Override
+    public String toString() {
+        return "CourseContent{" +
+                "rid='" + rid + '\'' +
+                ", typeId='" + typeId + '\'' +
+                ", courseId='" + courseId + '\'' +
+                ", csectionId='" + csectionId + '\'' +
+                ", sortIndex=" + sortIndex +
+                ", contentType=" + contentType +
+                ", contentName='" + contentName + '\'' +
+                ", contentRefId='" + contentRefId + '\'' +
+                ", content='" + content + '\'' +
+                ", duration=" + duration +
+                ", status=" + status +
+                '}';
+    }
 }

servers/boe-server-all/src/main/java/com/xboe/module/course/service/impl/CourseAuditServiceImpl.java

@@ -159,7 +159,10 @@ public class CourseAuditServiceImpl implements ICourseAuditService{
 		if(!pass) {
 			status=Course.STATUS_AUDIT_NOPASS;
 		}
-		
+
+		/**20240620 714 管理员审核应为最终审核 添加下行代码*/
+		courseDao.updateMultiFieldById(courseId,UpdateBuilder.create("status", status),UpdateBuilder.create("auditAid", null),UpdateBuilder.create("auditInfo", null));
+
 		//更新审核记录状态 
 		courseHRBPAuditDao.updateMultiFieldById(auditId, 
 				UpdateBuilder.create("status", pass? CourseHRBPAudit.STATUS_PASS:CourseHRBPAudit.STATUS_NOPASS),
@@ -170,7 +173,8 @@ public class CourseAuditServiceImpl implements ICourseAuditService{
 			);
 		//更新课程的转审状态，并把转审的信息置为空,这会的状态还未审核通过
 		if(!openCourse) { //非公开课，这已表示处理完成，直接更新课程状态
-			courseDao.updateMultiFieldById(courseId,UpdateBuilder.create("status", status),UpdateBuilder.create("auditAid", null),UpdateBuilder.create("auditInfo", null));
+			// 20240620 注释，改为上方一同修改
+//			courseDao.updateMultiFieldById(courseId,UpdateBuilder.create("status", status),UpdateBuilder.create("auditAid", null),UpdateBuilder.create("auditInfo", null));
 			//审核通过并发布，直接发布课程
 			if(pass) {
 				//设置课程状态已审核完成，这里是管理员的审核
@@ -203,11 +207,40 @@ public class CourseAuditServiceImpl implements ICourseAuditService{
 		}else {
 			//对于公开课
 			if(pass) {
+				/**20240620 714 管理员审核应为最终审核 lastState状态由1改为9*/
 				//公开课，hrpb审核通过，下一步是公开课的审核，hrbp审核流程已经完成
-				courseHRBPAuditDao.updateMultiFieldById(auditId, 
+				courseHRBPAuditDao.updateMultiFieldById(auditId,
 						UpdateBuilder.create("forward", CourseHRBPAudit.FORWARD_LAST),
-						UpdateBuilder.create("lastState", CourseHRBPAudit.STATUS_NONE)
+						UpdateBuilder.create("lastState", CourseHRBPAudit.STATUS_PASS)
 				);
+
+				//设置课程状态已审核完成，这里是管理员的审核
+				courseDao.updateMultiFieldById(courseId,
+						UpdateBuilder.create("published", pass),
+						UpdateBuilder.create("erasable", false), //设置以后不能物理删除了
+						UpdateBuilder.create("publishTime", LocalDateTime.now()));
+
+				//发布到全文检索中
+				Course c=courseDao.get(courseId);
+				publishUtil.fullTextPublish(c);
+				//同时添加发布事件,这里的创建人需要修改为教师
+				if(eventSender!=null) {
+					List<CourseTeacher> teachers = courseTeacherDao.findList(FieldFilters.eq("courseId", courseId));
+					if(teachers.size()>0) {
+						String authorIds="";
+						for(CourseTeacher cteacher:teachers) {
+							if(authorIds.equals("")) {
+								authorIds+=cteacher.getTeacherId();
+							}else {
+								authorIds+="|"+cteacher.getTeacherId();
+							}
+						}
+						eventSender.send("发布课程","PublishCourse", "发布课程【"+c.getName()+"】", c.getId(), "1", c.getName(), aid,name,"authors:"+authorIds);
+					}
+
+				}else {
+					log.error("未配置事件消息发送的实现");
+				}
 			}else {
 				//如果未通过，直接修改课程状态
 				courseDao.updateMultiFieldById(courseId,UpdateBuilder.create("status", status),UpdateBuilder.create("auditAid", null),UpdateBuilder.create("auditInfo", null));

servers/boe-server-all/src/main/java/com/xboe/module/exam/api/ExamQuestionApi.java

@@ -8,6 +8,7 @@ import java.util.List;
 
 import javax.annotation.Resource;
 
+import com.xboe.system.aspectj.anno.FileFormatVerification;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.poi.hssf.usermodel.HSSFWorkbook;
 import org.apache.poi.ss.usermodel.Cell;
@@ -148,6 +149,7 @@ public class ExamQuestionApi extends ApiBaseController {
     /**
      * 导入
      * */
+    @FileFormatVerification(whites = {"xls","xlsx"})
     @PostMapping("/import")
     public JsonResponse<QuestionDto> importQuestion(@RequestParam MultipartFile file){
         //获取输入流

servers/boe-server-all/src/main/java/com/xboe/module/exam/api/ExamTestApi.java

@@ -1,7 +1,11 @@
 package com.xboe.module.exam.api;
 
 import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
 
+import com.xboe.api.ThirdApi;
+import org.apache.commons.lang3.StringUtils;
+import org.hibernate.exception.ConstraintViolationException;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -29,7 +33,8 @@ public class ExamTestApi extends ApiBaseController {
 	
     @Resource
     private IExamTestService examTestService;
-
+    @Resource
+    ThirdApi thirdApi;
     /**
      *查询考试，分页，搜索,资源归属，状态
      **/
@@ -77,16 +82,33 @@ public class ExamTestApi extends ApiBaseController {
      * */
     @PostMapping("update")
     @AutoLog(module = "考试",action = "修改考试",info = "修改考试")
-    public JsonResponse<ExamTest> update(@RequestBody ExamTest examTest){
+    public JsonResponse<ExamTest> update(@RequestBody ExamTest examTest, HttpServletRequest request){
         if(StringUtil.isBlank(examTest.getTestName())){
             return badRequest("标题为空");
         }
+
+        // 确保examTest有一个有效的主键ID（如果适用）
+        // 这取决于您的业务逻辑是否允许更新主键
+        // 通常，更新操作不会改变主键
+        if (examTest.getId() == null) {
+            return badRequest("更新操作需要有效的主键ID");
+        }
+        String token = request.getHeader("Xboe-Access-Token");
+        if (StringUtils.isEmpty(token)) {
+            token = request.getHeader("token");
+        }
         try {
             examTestService.update(examTest);
+            thirdApi.sqlUpdate(examTest,token);
             return success(examTest);
+        } catch (ConstraintViolationException e) {
+            // 捕获约束违反异常，并返回一个更具体的错误消息
+            log.error("修改失败，违反了约束条件", e);
+            return error("修改失败，违反了约束条件（可能是主键已存在）");
         } catch (Exception e) {
-            log.error("修改失败",e);
-            return error("修改失败",e.getMessage());
+            // 捕获其他所有异常
+            log.error("修改失败", e);
+            return error("修改失败", e.getMessage());
         }
     }
     /**、

servers/boe-server-all/src/main/java/com/xboe/module/exam/entity/ExamTest.java

@@ -101,7 +101,7 @@ public class ExamTest extends BaseEntity {
     /**
      * 试卷的ID
      */
-    @Column(name = "paper_id",nullable = false,length=20)
+    @Column(name = "paper_id",length=20)
     private String paperId;
     
     /**
@@ -173,7 +173,7 @@ public class ExamTest extends BaseEntity {
 
 
     /**启用的，上架*/
-    @Column(name = "enabled", nullable = false, length = 1)
+    @Column(name = "enabled", length = 1)
     private Boolean enabled;
     
     @Transient

servers/boe-server-all/src/main/java/com/xboe/module/exam/service/impl/ExamTestServiceImpl.java

@@ -70,7 +70,18 @@ public class ExamTestServiceImpl implements IExamTestService {
 
     @Override
     public void update(ExamTest examTest) {
-        examTestDao.update(examTest);
+        if (examTest.getId() == null) {
+            throw new IllegalArgumentException("ID must not be null");
+        }
+        String sql = "update boe_exam_test set arrange = "+ examTest.getArrange() +", deadline_time = '"+examTest.getDeadlineTime() +"' , " +
+                "entrance_time = '"+examTest.getEntranceTime() +"' , paper_id = "+examTest.getPaperId() +",pass_line = "+examTest.getPassLine() +
+                ", percent_score = "+examTest.getPercentScore() +" ,publish_time = '"+examTest.getPublishTime()+"' , published = "+examTest.getPublished()+
+                ",random_count = "+examTest.getRandomCount()+" ,random_mode = "+examTest.getRandomMode()+",range_type = "+examTest.getRangeType() +
+                ",scoring_type = "+examTest.getScoringType() +",show_analysis="+examTest.getShowAnalysis() +",show_answer = "+examTest.getShowAnswer() +
+                ",test_duration = "+examTest.getTestDuration() +",test_name = '"+examTest.getTestName() +"',test_remark= '"+examTest.getTestRemark() +
+                "',test_type= "+examTest.getTestType() +" ,test_up = '"+examTest.getTestUp() +"' ,test_front= '"+examTest.getTestFront() +
+                "',times = '"+examTest.getTimes() +"'  where id = "+examTest.getId()+"";
+        examTestDao.sqlUpdate(sql);
     }
     
     @Override

servers/boe-server-all/src/main/java/com/xboe/module/filecloud/api/XFileBaseApi.java

@@ -8,6 +8,7 @@ import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
+import com.xboe.system.aspectj.anno.FileFormatVerification;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -280,7 +281,8 @@ public class XFileBaseApi extends ApiBaseController{
 		
 		return wrap(list);
 	}
-	
+
+	@FileFormatVerification(whites = {"zip","png","jpg","jpeg","gif","svg","bmp"})
 	@ApiAccess(path="xfile.file.upload")
 	@RequestMapping(value="/file/upload", method={RequestMethod.POST})
 	public JsonResponse<ListViewItem> fileUpload(HttpServletRequest request,String folderId) {

servers/boe-server-all/src/main/java/com/xboe/module/usergroup/api/UserGroupApi.java

@@ -11,6 +11,7 @@ import java.util.Set;
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletResponse;
 
+import com.xboe.system.aspectj.anno.FileFormatVerification;
 import org.apache.commons.collections4.ListUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -198,6 +199,7 @@ public class UserGroupApi extends ApiBaseController {
      * 不直接导入到数据库，而是解析文件并查询相应数据返回
      * @return
      */
+    @FileFormatVerification(whites = {"xlsx","xls"})
     @PostMapping("/import")
     public JsonResponse<Iterable<UserImportDto>> importUserGroup(@RequestParam MultipartFile file) {
 

servers/boe-server-all/src/main/java/com/xboe/school/study/service/IStudyService.java

@@ -94,5 +94,5 @@ public interface IStudyService {
 	 * @param status
 	 * @return
 	 */
-	PageList<StudyCourseItem> findItemPage(int pageIndex,int pageSize,String contentId,String courseId,String name,Integer status);
+	PageList<StudyCourseItem> findItemPage(int pageIndex, int pageSize, String contentId, String courseId, String name, Integer status);
 }

servers/boe-server-all/src/main/java/com/xboe/school/study/service/IStudySignupService.java

@@ -6,6 +6,7 @@ import com.xboe.common.OrderCondition;
 import com.xboe.common.PageList;
 import com.xboe.common.beans.KeyValue;
 import com.xboe.school.study.entity.StudyCourse;
+import com.xboe.school.study.entity.StudyCourseItem;
 import com.xboe.school.study.entity.StudySignup;
 
 /**
@@ -48,6 +49,13 @@ public interface IStudySignupService {
 	 * @param signup
 	 */
 	StudyCourse addSignup(StudySignup signup);
+
+
+	/**
+	 * 管理员添加报名课件
+	 * @param signup
+	 */
+	StudyCourseItem addStudyCourseItem(StudySignup signup);
 	
 	/**
 	 * 删除报名，只有未审核过的才可以删除

servers/boe-server-all/src/main/java/com/xboe/school/study/service/impl/StudyExamServiceImpl.java

@@ -112,29 +112,34 @@ public class StudyExamServiceImpl implements IStudyExamService{
 			if(cexam.getScoringType()==CourseExam.SCORINGTYPE_LAST){
 				scItemDao.updateFieldById(exam.getStudyItemId(), "score",exam.getScore());
 				scItemDao.updateFieldById(exam.getStudyItemId(), "progress",prog);
-			}
-			if(prog==100){
-				scItemDao.updateFieldById(exam.getStudyId(), "progress",100);
-				scItemDao.updateFieldById(exam.getStudyId(), "finish_time",LocalDateTime.now());
-				scItemDao.updateFieldById(exam.getStudyId(), "status",StudyCourseItem.STATUS_FINISH);
-				scItemDao.updateFieldById(exam.getStudyId(), "score",100.0f);
+				if(exam.getScore()>=exam.getPassLine()){
+					scItemDao.updateFieldById(exam.getStudyId(), "progress",100);
+					scItemDao.updateFieldById(exam.getStudyId(), "finish_time",LocalDateTime.now());
+					scItemDao.updateFieldById(exam.getStudyId(), "status",StudyCourseItem.STATUS_FINISH);
+					scItemDao.updateFieldById(exam.getStudyId(), "score",exam.getScore());
+					//scDao.updateFieldById(exam.getStudyId(), "last_score",100.0f);
+				}
 			}
 		}
-
 		//1最高一次,用于最高一次的计算
 		if(cexam.getScoringType()==CourseExam.SCORINGTYPE_MAX) {
-			Float f=(Float)dao.findField("max(score)", FieldFilters.eq("contentId", exam.getContentId()));
+			Float f=(Float)dao.findField("max(score)", FieldFilters.eq("contentId", exam.getContentId()), FieldFilters.eq("courseId", exam.getCourseId()), FieldFilters.eq("studyId", exam.getStudyId()));
 			scItemDao.updateFieldById(exam.getStudyItemId(), "score", f);
 			scItemDao.updateFieldById(exam.getStudyItemId(), "status", f>=exam.getPassLine()?StudyCourseItem.STATUS_FINISH:StudyCourseItem.STATUS_STUDYING);
 			scItemDao.updateFieldById(exam.getStudyItemId(), "progress",f>=exam.getPassLine()?100:f.intValue());
+
 			if(f>=exam.getPassLine()){
 				scItemDao.updateFieldById(exam.getStudyId(), "progress",100);
 				scItemDao.updateFieldById(exam.getStudyId(), "finish_time",LocalDateTime.now());
 				scItemDao.updateFieldById(exam.getStudyId(), "status",StudyCourseItem.STATUS_FINISH);
-				scItemDao.updateFieldById(exam.getStudyId(), "score",100.0f);
+				scItemDao.updateFieldById(exam.getStudyId(), "score",exam.getScore());
+				//scDao.updateFieldById(exam.getStudyId(), "last_score",100.0f);
 			}
-		}
 
+		}
+		int totalContent = courseContentDao.getCount(exam.getCourseId());
+		scDao.finishCheck(exam.getStudyId(),exam.getCourseId(),totalContent,token);
+		scDao.updateFieldById(exam.getStudyId(), "last_score",exam.getScore());
 		//执行完毕 清除redis记录
 //		redisTemplate.delete(key);
 		return "";

servers/boe-server-all/src/main/java/com/xboe/school/study/service/impl/StudyServiceImpl.java

@@ -1,6 +1,9 @@
 package com.xboe.school.study.service.impl;
 
+import java.math.BigInteger;
 import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -8,7 +11,8 @@ import java.util.Map;
 import javax.annotation.Resource;
 import javax.transaction.Transactional;
 
-import com.xboe.api.ThirdApi;
+import com.xboe.module.article.entity.Article;
+import com.xboe.module.interaction.entity.Shares;
 import com.xboe.school.study.entity.StudyCourse;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -163,12 +167,10 @@ public class StudyServiceImpl implements IStudyService{
 
 	@Override
 	public PageList<StudyCourseItem> findItemPage(int pageIndex, int pageSize, String contentId, String courseId,String name,Integer status) {
-		
-		QueryBuilder query=QueryBuilder.from(StudyCourseItem.class);
-		
+		QueryBuilder query = QueryBuilder.from(StudyCourseItem.class);
 		query.setPageIndex(pageIndex);
 		query.setPageSize(pageSize);
-		
+
 		OrderCondition	oc=OrderCondition.desc("id");
 		query.addOrder(oc);
 		if(StringUtils.isNotBlank(contentId)) {
@@ -177,19 +179,116 @@ public class StudyServiceImpl implements IStudyService{
 		if(StringUtils.isNotBlank(courseId)) {
 			query.addFilter(FieldFilters.eq("courseId",courseId));
 		}
-		
-		if(status!=null) {
-			if(status==1) {
-				query.addFilter(FieldFilters.eq("progress", 0));
-			}else {
-				query.addFilter(FieldFilters.eq("progress",100));
-			}
-			
-		}
 		if(StringUtils.isNotBlank(name)) {
 			query.addFilter(FieldFilters.eq("aname", name));
 		}
-		return scItemDao.findPage(query.builder());
+		int pageIndex2 = pageIndex-1;
+		if(status!=null) {
+			if(status==3) {
+				query.addFilter(FieldFilters.eq("status", 2));
+				return scItemDao.findPage(query.builder());
+			}else if(status==2){
+				query.addFilter(FieldFilters.eq("status",9));
+				return scItemDao.findPage(query.builder());
+			}else if (status == 1) {
+				String sql = "select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.content_id,0 as progress,1 as status from boe_study_course bsc " +
+						" left join boe_study_course_item item on bsc.course_id = item.course_id and bsc.id = item.study_id" +
+						" where bsc.course_id = '"+courseId+"' and bsc.id not in(" +
+						" select item.study_id from boe_study_course_item item " +
+						" where item.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by item.study_id" +
+						" ) group by bsc.id limit "+ pageIndex2+","+ pageSize+";";
+
+				String sql2 = "select count(*) as total from (select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.content_id,0 as progress,1 as status from boe_study_course bsc " +
+						" left join boe_study_course_item item on bsc.course_id = item.course_id and bsc.id = item.study_id" +
+						" where bsc.course_id = '"+courseId+"' and bsc.id not in(" +
+						" select item.study_id from boe_study_course_item item " +
+						" where item.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by item.study_id" +
+						" ) group by bsc.id) as total";
+				log.info("资源完成情况未开始sql"+sql);
+				List<Object[]> list = scDao.sqlFindList(sql);
+				log.info("资源完成情况人数"+list);
+				int totalCount = scDao.sqlCount(sql2);
+				List<StudyCourseItem> item = new ArrayList<>();
+				for (Object[] objs : list) {
+					StudyCourseItem sc = new StudyCourseItem();
+					sc.setProgress(Integer.valueOf(objs[5].toString()));
+					sc.setStatus(Integer.valueOf(objs[6].toString()));
+					sc.setAname(objs[3].toString());
+					item.add(sc);
+				}
+				log.info("资源完成情况人员"+item);
+				PageList<StudyCourseItem> pageList = new PageList<>(item);
+				pageList.setCount(totalCount);
+				pageList.setPageSize(pageSize);
+				pageList.setList(item);
+				return pageList;
+			}
+		}
+//		String sql = "select * from (select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.progress,item.status from boe_study_course bsc left join " +
+//				"boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
+//				"where bsc.`status` in (2,9) and bsc.course_id = '"+ courseId+"' group by bsc.id " +
+//				" UNION ALL " +
+//				" select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,0 as progress,1 as status from boe_study_course bsc " +
+//				" LEFT JOIN boe_study_course_item item on item.course_id = bsc.course_id " +
+//				" where bsc.course_id = '"+courseId+"' and bsc.id not in (" +
+//				" select bsc.id from boe_study_course bsc " +
+//				" left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
+//				" where bsc.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by bsc.id" +
+//				" )group by bsc.id) a group by a.id limit "+ pageIndex+","+ pageSize+";";
+
+//		String sql2 = "select count(*) from (select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,item.progress,item.status from boe_study_course bsc left join " +
+//				"boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
+//				"where bsc.`status` in (2,9) and bsc.course_id = '"+ courseId+"' group by bsc.id " +
+//				" UNION ALL " +
+//				" select bsc.id,bsc.course_id,bsc.course_name,bsc.aname,0 as progress,1 as status from boe_study_course bsc " +
+//				" LEFT JOIN boe_study_course_item item on item.course_id = bsc.course_id " +
+//				" where bsc.course_id = '"+courseId+"' and bsc.id not in (" +
+//				" select bsc.id from boe_study_course bsc " +
+//				" left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
+//				" where bsc.course_id = '" + courseId + "' and item.content_id = '"+ contentId+"' group by bsc.id" +
+//				" )group by bsc.id) a group by a.id";
+
+		String sql = "select a.id, a.course_id, a.course_name, a.aname, " +
+				"IFNULL(b.finish_time, '0') as finish_time, IFNULL(b.progress, 0) as progress, IFNULL(b.status, 1) as status " +
+				"from (select id, course_id, course_name, aname, 0, 1 from boe_study_course where course_id = '" + courseId + "') a " +
+				"left join " +
+				"(select bsc.id, bsc.course_id, bsc.course_name, bsc.aname, item.finish_time, item.progress, item.status " +
+				"from boe_study_course bsc left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
+				"where bsc.course_id = '" + courseId + "' and item.content_id = '" + contentId + "' group by bsc.id) b " +
+				"on a.course_id = b.course_id and a.id = b.id " +
+				"group by a.id limit "+ pageIndex2+","+ pageSize+";";
+		String sql2 = "select count(*) as total from (select a.id, a.course_id, a.course_name, a.aname, " +
+				"IFNULL(b.finish_time, 0) as finish_time, IFNULL(b.progress, 0) as progress, IFNULL(b.status, 1) as status " +
+				"from (select id, course_id, course_name, aname, 0, 1 from boe_study_course where course_id = '" + courseId + "') a " +
+				"left join " +
+				"(select bsc.id, bsc.course_id, bsc.course_name, bsc.aname, item.finish_time, item.progress, item.status " +
+				"from boe_study_course bsc left join boe_study_course_item item on item.course_id = bsc.course_id and item.study_id = bsc.id " +
+				"where bsc.course_id = '" + courseId + "' and item.content_id = '" + contentId + "' group by bsc.id) b " +
+				"on a.course_id = b.course_id and a.id = b.id " +
+				"group by a.id) as total";
+		log.info("资源完成情况全部sql"+sql);
+		List<Object[]> list = scDao.sqlFindList(sql);
+		log.info("资源完成情况人数"+list);
+		int totalCount = scDao.sqlCount(sql2);
+		List<StudyCourseItem> item = new ArrayList<>();
+		for (Object[] objs : list) {
+			StudyCourseItem sc = new StudyCourseItem();
+			if (!"0".equals(objs[4].toString())) {
+				DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
+				LocalDateTime finishTime = LocalDateTime.parse(objs[4].toString(), formatter);
+				sc.setFinishTime(finishTime);
+			}
+			sc.setProgress(Integer.valueOf(objs[5].toString()));
+			sc.setStatus(Integer.valueOf(objs[6].toString()));
+			sc.setAname(objs[3].toString());
+			item.add(sc);
+		}
+		log.info("资源完成情况人员"+item);
+		PageList<StudyCourseItem> pageList = new PageList<>(item);
+		pageList.setCount(totalCount);
+		pageList.setPageSize(pageSize);
+		pageList.setList(item);
+		return pageList;
 		
 	}
 

servers/boe-server-all/src/main/java/com/xboe/school/study/service/impl/StudySignupServiceImpl.java

@@ -4,9 +4,15 @@ import java.io.IOException;
 import java.time.LocalDateTime;
 import java.time.ZoneOffset;
 import java.util.List;
+import java.util.Optional;
 
 import javax.transaction.Transactional;
 
+import com.xboe.module.course.dao.CourseContentDao;
+import com.xboe.module.course.dto.CourseContentDto;
+import com.xboe.module.course.entity.CourseContent;
+import com.xboe.school.study.dao.StudyCourseItemDao;
+import com.xboe.school.study.entity.StudyCourseItem;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -39,7 +45,13 @@ public class StudySignupServiceImpl implements IStudySignupService{
 	
 	@Autowired
 	StudyCourseDao studyCourseDao;
-	
+
+	@Autowired
+	StudyCourseItemDao scItemDao;
+
+	@Autowired
+	CourseContentDao contentDao;
+
 	@Autowired(required = false)
 	ICourseStudySearch esSearch;
 	
@@ -69,7 +81,6 @@ public class StudySignupServiceImpl implements IStudySignupService{
 		signupDao.save(signup);
 		//添加到课程学习
 		LocalDateTime now=LocalDateTime.now();
-		
 		StudyCourse sc=new StudyCourse();
 		sc.setAddTime(now);
 		sc.setAid(signup.getAid());
@@ -124,11 +135,40 @@ public class StudySignupServiceImpl implements IStudySignupService{
 		//courseDao.updateMultiFieldById(signup.getCourseId(),UpdateBuilder.create("studys", "studys+1",FieldUpdateType.EXPRESSION));
 	}
 
+	@Override
+	public StudyCourseItem addStudyCourseItem(StudySignup signup) {
+		String sql = "select id,course_id,content_name from boe_course_content where course_id = '"+signup.getCourseId()+"'";
+		List<Object[]> courseContents = contentDao.sqlFindList(sql);
+		if (!courseContents.isEmpty()) {
+			log.info("查看在线课集合内容数据（共 {} 条记录）", courseContents.size());
+			for (Object[] objs : courseContents){
+				log.info("查看在线课内容数据: {}", objs[0].toString());
+				// 使用toString()或自定义格式化字符串
+				StudyCourseItem scitem = new StudyCourseItem();
+				// 设置scitem的属性
+				scitem.setAname(signup.getName());
+				scitem.setAid(signup.getAid());
+				scitem.setCourseId(signup.getCourseId());
+				scitem.setProgress(0);
+				scitem.setScore(0f);
+				scitem.setStatus(1);
+				scitem.setContentId(objs[0].toString());
+				scitem.setStudyId(signup.getStudyId());
+				// 如果需要，可以取消注释以下行来设置contentName
+				// scitem.setContentName(c.getContentName());
+				scItemDao.save(scitem);
+			}
+		} else {
+			log.info("没有找到在线课内容数据。");
+		}
+		return null;
+	}
 	@Override
 	public void addList(List<StudySignup> list) {
 		//用于管理员添加报名
 		for(StudySignup ss : list) {
 			addSignup(ss);
+//			addStudyCourseItem(ss);
 		}
 	}
 
@@ -136,7 +176,6 @@ public class StudySignupServiceImpl implements IStudySignupService{
 	public void audit(String id, String aid, String user, boolean pass, String remark) {
 		if(pass) {
 			StudySignup signup =signupDao.get(id);
-			
 			//是否需要检查是否已报名
 			StudyCourse sc=new StudyCourse();
 			sc.setAddTime(LocalDateTime.now());

servers/boe-server-all/src/main/java/com/xboe/system/api/SysUploaderApi.java

@@ -14,8 +14,10 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.xboe.system.aspectj.anno.FileFormatVerification;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
@@ -43,6 +45,9 @@ public class SysUploaderApi  extends ApiBaseController{
 	
 	@Autowired
 	XFileUploader uploader;
+
+	@Value(value = "${boe.domain}")
+	String domain;
 	
 	private static Set<String> fileTypeSet=new HashSet<>();
 	static {
@@ -61,7 +66,8 @@ public class SysUploaderApi  extends ApiBaseController{
 		fileTypeSet.add("pdf");
 		fileTypeSet.add("zip");
 	}
-	
+
+	@FileFormatVerification(whites = {"mp3","wmv","mp4","jpg","png","gif","doc","docx","xls","xlsx","ppt","pptx","pdf","zip"})
 	@RequestMapping(value = "/file/upload", method = RequestMethod.POST)
 	public JsonResponse<XUploadResult> save(HttpServletRequest request, String name,String dir) throws IOException {
 		//以下三项用于回调
@@ -149,7 +155,8 @@ public class SysUploaderApi  extends ApiBaseController{
 	@RequestMapping(value = "/url/download", method = RequestMethod.GET)
     public void urlDownload(HttpServletResponse res,String urlStr,String fileName) throws IOException {
 
-		URL url = new URL(urlStr);    
+		URL url = new URL(urlStr);
+		downloadLimitation(url);
         HttpURLConnection conn = (HttpURLConnection)url.openConnection();    
                 //设置超时间为3秒  
         conn.setConnectTimeout(3*1000);  
@@ -193,4 +200,19 @@ public class SysUploaderApi  extends ApiBaseController{
 		  //System.out.println("success");
     }
 
+	private void downloadLimitation(URL url) {
+		String allowedDomain = domain;
+		String allowedPathPrefix = "/upload/xfile/";
+
+		// 检查域名是否正确
+		if (!url.getHost().equals(allowedDomain)) {
+			throw new SecurityException("Download from this domain is not allowed.");
+		}
+
+		// 检查路径是否以允许的路径前缀开始
+		if (!url.getPath().startsWith(allowedPathPrefix)) {
+			throw new SecurityException("Download from this path is not allowed.");
+		}
+	}
+
 }

servers/boe-server-all/src/main/java/com/xboe/system/aspectj/UploadAspect.java

@@ -0,0 +1,91 @@
+package com.xboe.system.aspectj;
+
+import com.xboe.system.aspectj.anno.FileFormatVerification;
+import lombok.extern.slf4j.Slf4j;
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.annotation.Before;
+import org.aspectj.lang.annotation.Pointcut;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.multipart.MultipartHttpServletRequest;
+
+import javax.servlet.http.HttpServletRequest;
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.List;
+
+
+/**
+ * @author admin
+ */
+@Aspect
+@Slf4j
+@Component
+public class UploadAspect {
+
+
+    @Pointcut("@annotation(com.xboe.system.aspectj.anno.FileFormatVerification)")
+    private void fileUpload() {
+    }
+
+    @Before("fileUpload()")
+    public void fileFormatVerifies(JoinPoint joinPoint) {
+        List<String> whiteList = getWhiteList(joinPoint);
+
+
+        String[] FILE_UPLOAD_BLACKLIST = {"exe", "sh", "py", "html", "xhtml", "php", "php5", "dat", "dbf", "dev", "asp", "aspx", "asa", "aspx", "ashx", "asmx", "asax", "ascx", "jsp", "jspx", "jspf", "cgi", "war", "ini", "js"};
+        List<String> blackList = Arrays.asList(FILE_UPLOAD_BLACKLIST);
+
+        // 在目标方法执行前执行的代码
+        Object[] args = joinPoint.getArgs(); // 获取被调用方法的参数
+
+        // 处理MultipartFile
+        Arrays.stream(args)
+                .filter(arg -> arg instanceof MultipartFile)
+                .map(arg -> (MultipartFile) arg)
+                .forEach(file -> {
+                    String name = file.getOriginalFilename();
+                    String fileSuffix = name.substring(name.lastIndexOf(".") + 1);
+                    if (blackList.contains(fileSuffix) || !whiteList.contains(fileSuffix)) {
+                        throw new RuntimeException("文件格式不支持");
+                    }
+                });
+
+        // 处理HttpServletRequest中的文件名
+        Arrays.stream(args)
+                .filter(arg -> arg instanceof HttpServletRequest)
+                .map(arg -> (HttpServletRequest) arg)
+                .filter(req -> req instanceof MultipartHttpServletRequest)
+                .map(req -> (MultipartHttpServletRequest) req)
+                .forEach(req -> {
+                    req.getFileMap().forEach((k, v) -> {
+                        String fileSuffix = v.getOriginalFilename().substring(v.getOriginalFilename().lastIndexOf(".") + 1);
+                        if (blackList.contains(fileSuffix) || !whiteList.contains(fileSuffix)) {
+                            throw new RuntimeException("文件格式不支持");
+                        }
+                    });
+                });
+
+
+        int i = 1 / 0;
+
+
+    }
+
+    private static List<String> getWhiteList(JoinPoint joinPoint) {
+        MethodSignature methodSignature = (MethodSignature) joinPoint.getSignature();
+        Method method = methodSignature.getMethod();
+
+        // 获取FileFormatVerification注解
+        FileFormatVerification annotation = method.getAnnotation(FileFormatVerification.class);
+
+        // 获取whiteList属性
+        String[] whites = annotation.whites();
+        List<String> whiteList = Arrays.asList(whites);
+        return whiteList;
+    }
+
+
+}

servers/boe-server-all/src/main/java/com/xboe/system/aspectj/anno/FileFormatVerification.java

@@ -0,0 +1,15 @@
+package com.xboe.system.aspectj.anno;
+
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+@Target(ElementType.METHOD) // 注解目标为方法
+@Retention(RetentionPolicy.RUNTIME) // 注解在运行时有效
+public @interface FileFormatVerification {
+    String[] whites() default {};
+
+}

servers/boe-server-all/src/main/resources/application-dev.properties

@@ -4,7 +4,7 @@ spring.redis.database=1
 #spring.redis.password=ENC(zA5LNV8xw3yEx6LMwdGGBGgNsOaD3Cg+)
 #spring.redis.port=6379
 spring.redis.host=124.70.92.162
-spring.redis.password=qwert!W577
+spring.redis.password=ENC(5oXfdmgE2DDHUFhrGkS/UzUCxr7s8stV)
 spring.redis.port=6379
 
 # cloud nacos config
@@ -20,7 +20,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
 #spring.datasource.password=ENC(lAoFOYuc8CAypPtigTNLYg==)
 spring.datasource.url=jdbc:mysql://10.251.160.40:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
 spring.datasource.username=admin
-spring.datasource.password=boeRds01
+spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
 
 logging.level.org.hibernate.SQL=DEBUG
 logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE

servers/boe-server-all/src/main/resources/application-pre.properties

@@ -1,7 +1,7 @@
 ## redis
 spring.redis.database=1
 spring.redis.host=10.251.160.38
-spring.redis.password=qwert!W577
+spring.redis.password=ENC(5oXfdmgE2DDHUFhrGkS/UzUCxr7s8stV)
 spring.redis.port=6379
 #spring.redis.database=3
 #spring.redis.host=10.251.129.122
@@ -17,7 +17,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
 # spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
 spring.datasource.url=jdbc:mysql://10.251.129.126:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
 spring.datasource.username=admin
-spring.datasource.password=boeRds01
+spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
 
 logging.level.org.hibernate.SQL=ERROR
 #logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE

servers/boe-server-all/src/main/resources/application-pro.properties

@@ -4,7 +4,7 @@ spring.cloud.nacos.discovery.server-addr=10.251.129.51:8848
 ## redis
 spring.redis.database=1
 spring.redis.host=10.251.129.122
-spring.redis.password=qwert!W588
+spring.redis.password=ENC(e1k00MMRGU0DUHvLX8JSOuDkCX0CWNif)
 spring.redis.port=6379
 
 
@@ -18,7 +18,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
 #spring.datasource.password=ocYMC>!{8G
 spring.datasource.url=jdbc:mysql://10.251.129.126:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
 spring.datasource.username=admin
-spring.datasource.password=boeRds01
+spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
 
 ## 使用 hikari 连接池
 spring.datasource.type=com.zaxxer.hikari.HikariDataSource

servers/boe-server-all/src/main/resources/application-test.properties

@@ -1,7 +1,7 @@
 ## redis
 spring.redis.database=1
 spring.redis.host=10.251.160.38
-spring.redis.password=qwert!W577
+spring.redis.password=ENC(oXmZ5HIrhizHQ/DWPNv/S/1hUNJbbRjv)
 spring.redis.port=6379
 
 # cloud nacos config
@@ -13,7 +13,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
 # spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
 spring.datasource.url=jdbc:mysql://10.251.160.40:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
 spring.datasource.username=admin
-spring.datasource.password=boeRds01
+spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
 
 ## 使用 hikari 连接池
 spring.datasource.type=com.zaxxer.hikari.HikariDataSource
@@ -72,7 +72,7 @@ jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator
 xboe.elasticsearch.server.ip=10.251.129.25
 xboe.elasticsearch.server.port=9200
 xboe.elasticsearch.server.user=elastic
-xboe.elasticsearch.server.password=Boe@es123
+xboe.elasticsearch.server.password=ENC(903xqMcg31J+OhmZ0AoinYqvzLoAt8UZ)
 
 ## 邮件的配置
 xboe.email.url=https://u-pre.boe.com/api/b1/email/send

servers/boe-server-all/src/main/resources/application-test135.properties

@@ -1,7 +1,7 @@
 ## redis
 spring.redis.database=2
 spring.redis.host=10.251.160.38
-spring.redis.password=qwert!W577
+spring.redis.password=ENC(5oXfdmgE2DDHUFhrGkS/UzUCxr7s8stV)
 spring.redis.port=6379
 
 ## datasource config
@@ -10,7 +10,7 @@ spring.datasource.driverClassName=com.mysql.jdbc.Driver
 # spring.datasource.driverClassName=com.mysql.cj.jdbc.Driver
 spring.datasource.url=jdbc:mysql://10.251.160.40:3306/boe_base?useSSL=false&useUnicode=true&characterEncoding=UTF8&zeroDateTimeBehavior=convertToNull
 spring.datasource.username=admin
-spring.datasource.password=boeRds01
+spring.datasource.password=ENC(GrOwKqgCAlYEZYjiDYWEjVcKho+5TLgc)
 
 logging.level.org.hibernate.SQL=DEBUG
 logging.level.org.hibernate.type.descriptor.sql.BasicBinder=TRACE
@@ -60,7 +60,7 @@ jasypt.encryptor.iv-generator-classname=org.jasypt.iv.NoIvGenerator
 xboe.elasticsearch.server.ip=10.251.129.25
 xboe.elasticsearch.server.port=9200
 xboe.elasticsearch.server.user=elastic
-xboe.elasticsearch.server.password=Boe@es123
+xboe.elasticsearch.server.password=ENC(903xqMcg31J+OhmZ0AoinYqvzLoAt8UZ)
 
 ## 邮件的配置
 xboe.email.url=https://10.251.160.135/api/b1/email/send

servers/boe-server-all/src/main/resources/application.properties

@@ -71,6 +71,7 @@ audience.getOrgUsers=${boe.domain}/userbasic/user/getOrgUsers
 infrasApi.dict=${boe.domain}/infrasApi/dict/list
 #获取非报名课id
 manageApi.stu.offcourse=${boe.domain}/manageApi/stu/offcourse/getOffCourseId
+manageApi.editExam=${boe.domain}/manageApi/admin/project/editExam
 #获取离职教师id
 userBasic.getTeacherIds=${boe.domain}/userbasic/user/getTeacherInfo
 coursesuilt.getStudyStatus=${boe.domain}/manageApi/stu/project/completeStatus