等保测试修改

src/main/java/com/huoran/iasf/IASFApplication.java

@@ -1,5 +1,6 @@
 package com.huoran.iasf;
 
+import com.huoran.iasf.common.annotation.EnableSecurity;
 import lombok.extern.slf4j.Slf4j;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.SpringApplication;
@@ -13,6 +14,7 @@ import java.net.InetAddress;
 @SpringBootApplication
 @MapperScan("com.huoran.iasf.mapper")
 @Slf4j
+@EnableSecurity
 @ServletComponentScan(basePackages = {"com.huoran.iasf.common.filter"}) //这一句完成了配置，Springboot的”懒理念“真的厉害。
 public class IASFApplication {
 

src/main/java/com/huoran/iasf/common/advice/DecryptHttpInputMessage.java

@@ -0,0 +1,98 @@
+package com.huoran.iasf.common.advice;
+
+
+import com.huoran.iasf.common.annotation.Decrypt;
+import com.huoran.iasf.common.config.SecretKeyConfig;
+import com.huoran.iasf.common.exception.EncryptRequestException;
+import com.huoran.iasf.common.utils.Base64Util;
+import com.huoran.iasf.common.utils.JsonUtils;
+import com.huoran.iasf.common.utils.RSAUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpInputMessage;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.util.stream.Collectors;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9
+ **/
+public class DecryptHttpInputMessage implements HttpInputMessage {
+
+    private Logger log = LoggerFactory.getLogger(this.getClass());
+    private HttpHeaders headers;
+    private InputStream body;
+
+
+    public DecryptHttpInputMessage(HttpInputMessage inputMessage, SecretKeyConfig secretKeyConfig, Decrypt decrypt) throws Exception {
+
+        String privateKey =  secretKeyConfig.getPrivateKey();
+        String charset = secretKeyConfig.getCharset();
+        boolean showLog = secretKeyConfig.isShowLog();
+        boolean timestampCheck = secretKeyConfig.isTimestampCheck();
+
+        if (StringUtils.isEmpty(privateKey)) {
+            throw new IllegalArgumentException("privateKey is null");
+        }
+
+        this.headers = inputMessage.getHeaders();
+        String content = new BufferedReader(new InputStreamReader(inputMessage.getBody()))
+                .lines().collect(Collectors.joining(System.lineSeparator()));
+        String decryptBody;
+        // 未加密内容
+        if (content.startsWith("{")||StringUtils.isNumeric(content)||content.length()<10) {
+            // 必须加密
+            if (decrypt.required()) {
+                log.error("not support unencrypted content:{}", content);
+                throw new EncryptRequestException("not support unencrypted content");
+            }
+            log.info("Unencrypted without decryption:{}", content);
+            decryptBody = content;
+        } else {
+            StringBuilder json = new StringBuilder();
+            content = content.replaceAll(" ", "+");
+
+            if (!StringUtils.isEmpty(content)) {
+                String[] contents = content.split("\\|");
+                for (String value : contents) {
+                    value = new String(RSAUtil.decrypt(Base64Util.decode(value), privateKey), charset);
+                    json.append(value);
+                }
+            }
+            decryptBody = json.toString();
+            if(showLog) {
+                log.info("Encrypted data received：{},After decryption：{}", content, decryptBody);
+            }
+        }
+
+        // 开启时间戳检查
+        if (timestampCheck) {
+            // 容忍最小请求时间
+            long toleranceTime = System.currentTimeMillis() - decrypt.timeout();
+            long requestTime = JsonUtils.getNode(decryptBody, "timestamp").asLong();
+            // 如果请求时间小于最小容忍请求时间, 判定为超时
+            if (requestTime < toleranceTime) {
+                log.error("Encryption request has timed out, toleranceTime:{}, requestTime:{}, After decryption：{}", toleranceTime, requestTime, decryptBody);
+                throw new EncryptRequestException("request timeout");
+            }
+        }
+
+        this.body = new ByteArrayInputStream(decryptBody.getBytes());
+    }
+
+    @Override
+    public InputStream getBody(){
+        return body;
+    }
+
+    @Override
+    public HttpHeaders getHeaders() {
+        return headers;
+    }
+}

src/main/java/com/huoran/iasf/common/advice/EncryptRequestBodyAdvice.java

@@ -0,0 +1,77 @@
+package com.huoran.iasf.common.advice;
+
+
+import com.huoran.iasf.common.annotation.Decrypt;
+import com.huoran.iasf.common.config.SecretKeyConfig;
+import com.huoran.iasf.common.exception.EncryptRequestException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.MethodParameter;
+import org.springframework.http.HttpInputMessage;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.Type;
+import java.util.Objects;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9
+ **/
+@ControllerAdvice
+public class EncryptRequestBodyAdvice  implements RequestBodyAdvice {
+
+    private Logger log = LoggerFactory.getLogger(this.getClass());
+
+    private boolean encrypt;
+    private Decrypt decryptAnnotation;
+
+    @Autowired
+    private SecretKeyConfig secretKeyConfig;
+
+    @Override
+    public boolean supports(MethodParameter methodParameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
+        Method method = methodParameter.getMethod();
+        if (Objects.isNull(method)) {
+            encrypt = false;
+            return false;
+        }
+        if (method.isAnnotationPresent(Decrypt.class) && secretKeyConfig.isOpen()) {
+            encrypt = true;
+            decryptAnnotation = methodParameter.getMethodAnnotation(Decrypt.class);
+            return true;
+        }
+        // 此处如果按照原逻辑直接返回encrypt, 会造成一次修改为true之后, 后续请求都会变成true, 在不支持时, 需要做修正
+        encrypt = false;
+        return false;
+    }
+
+    @Override
+    public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
+        return body;
+    }
+
+    @Override
+    public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
+                                           Class<? extends HttpMessageConverter<?>> converterType){
+        if (encrypt) {
+            try {
+                return new DecryptHttpInputMessage(inputMessage, secretKeyConfig, decryptAnnotation);
+            } catch (EncryptRequestException e) {
+                throw e;
+            } catch (Exception e) {
+                log.error("Decryption failed", e);
+            }
+        }
+        return inputMessage;
+    }
+
+    @Override
+    public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
+                                Class<? extends HttpMessageConverter<?>> converterType) {
+        return body;
+    }
+}

src/main/java/com/huoran/iasf/common/advice/EncryptResponseBodyAdvice.java

@@ -0,0 +1,81 @@
+package com.huoran.iasf.common.advice;
+
+
+import com.huoran.iasf.common.annotation.Encrypt;
+import com.huoran.iasf.common.config.SecretKeyConfig;
+import com.huoran.iasf.common.utils.Base64Util;
+import com.huoran.iasf.common.utils.JsonUtils;
+import com.huoran.iasf.common.utils.RSAUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.MethodParameter;
+import org.springframework.http.MediaType;
+import org.springframework.http.converter.HttpMessageConverter;
+import org.springframework.http.server.ServerHttpRequest;
+import org.springframework.http.server.ServerHttpResponse;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
+
+import java.lang.reflect.Method;
+import java.util.Objects;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9
+ **/
+@ControllerAdvice
+public class EncryptResponseBodyAdvice implements ResponseBodyAdvice<Object> {
+
+    private Logger log = LoggerFactory.getLogger(this.getClass());
+
+    private boolean encrypt;
+
+    @Autowired
+    private SecretKeyConfig secretKeyConfig;
+
+    private static ThreadLocal<Boolean> encryptLocal = new ThreadLocal<>();
+
+    @Override
+    public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
+        Method method = returnType.getMethod();
+        if (Objects.isNull(method)) {
+            return encrypt;
+        }
+        encrypt = method.isAnnotationPresent(Encrypt.class) && secretKeyConfig.isOpen();
+        return encrypt;
+    }
+
+    @Override
+    public Object beforeBodyWrite(Object body, MethodParameter returnType, MediaType selectedContentType,
+                                  Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request, ServerHttpResponse response) {
+        // EncryptResponseBodyAdvice.setEncryptStatus(false);
+        // Dynamic Settings Not Encrypted
+        Boolean status = encryptLocal.get();
+        if (null != status && !status) {
+            encryptLocal.remove();
+            return body;
+        }
+        if (encrypt) {
+            String publicKey = secretKeyConfig.getPublicKey();
+            try {
+                String content = JsonUtils.writeValueAsString(body);
+                if (!StringUtils.hasText(publicKey)) {
+                    throw new NullPointerException("Please configure rsa.encrypt.privatekeyc parameter!");
+                }
+                byte[] data = content.getBytes();
+                byte[] encodedData = RSAUtil.encrypt(data, publicKey);
+                String result = Base64Util.encode(encodedData);
+                if(secretKeyConfig.isShowLog()) {
+                    log.info("Pre-encrypted data：{}，After encryption：{}", content, result);
+                }
+                return result;
+            } catch (Exception e) {
+                log.error("Encrypted data exception", e);
+            }
+        }
+
+        return body;
+    }
+}

src/main/java/com/huoran/iasf/common/annotation/Decrypt.java

@@ -0,0 +1,28 @@
+package com.huoran.iasf.common.annotation;
+
+
+import com.huoran.iasf.common.exception.EncryptRequestException;
+
+import java.lang.annotation.*;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9 16:45
+ **/
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface Decrypt{
+
+    /**
+     * 请求参数一定要是加密内容
+     */
+    boolean required() default true;
+
+    /**
+     * 请求数据时间戳校验时间差
+     * 超过(当前时间-指定时间)的数据认定为伪造
+     * 注意应用程序需要捕获 {@link EncryptRequestException} 异常
+     */
+    long timeout() default 3000;
+}

src/main/java/com/huoran/iasf/common/annotation/EnableSecurity.java

@@ -0,0 +1,24 @@
+package com.huoran.iasf.common.annotation;
+
+
+import com.huoran.iasf.common.advice.EncryptRequestBodyAdvice;
+import com.huoran.iasf.common.advice.EncryptResponseBodyAdvice;
+import com.huoran.iasf.common.config.SecretKeyConfig;
+import org.springframework.context.annotation.Import;
+
+import java.lang.annotation.*;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9 16:44
+ **/
+@Target({ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+@Import({SecretKeyConfig.class,
+        EncryptResponseBodyAdvice.class,
+        EncryptRequestBodyAdvice.class})
+public @interface EnableSecurity{
+
+}

src/main/java/com/huoran/iasf/common/annotation/Encrypt.java

@@ -0,0 +1,14 @@
+package com.huoran.iasf.common.annotation;
+
+import java.lang.annotation.*;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9 16:45
+ **/
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface Encrypt{
+
+}

src/main/java/com/huoran/iasf/common/config/SecretKeyConfig.java

@@ -0,0 +1,77 @@
+package com.huoran.iasf.common.config;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Author:Bobby
+ * DateTime:2019/4/9
+ **/
+@ConfigurationProperties(prefix = "rsa.encrypt")
+@Configuration
+public class SecretKeyConfig {
+
+    private String privateKey;
+
+    private String publicKey;
+
+    private String charset = "UTF-8";
+
+    private boolean open = true;
+
+    private boolean showLog = false;
+
+    /**
+     * 请求数据时间戳校验时间差
+     * 超过指定时间的数据认定为伪造
+     */
+    private boolean timestampCheck = false;
+
+    public String getPrivateKey() {
+        return privateKey;
+    }
+
+    public void setPrivateKey(String privateKey) {
+        this.privateKey = privateKey;
+    }
+
+    public String getPublicKey() {
+        return publicKey;
+    }
+
+    public void setPublicKey(String publicKey) {
+        this.publicKey = publicKey;
+    }
+
+    public String getCharset() {
+        return charset;
+    }
+
+    public void setCharset(String charset) {
+        this.charset = charset;
+    }
+
+    public boolean isOpen() {
+        return open;
+    }
+
+    public void setOpen(boolean open) {
+        this.open = open;
+    }
+
+    public boolean isShowLog() {
+        return showLog;
+    }
+
+    public void setShowLog(boolean showLog) {
+        this.showLog = showLog;
+    }
+
+    public boolean isTimestampCheck() {
+        return timestampCheck;
+    }
+
+    public void setTimestampCheck(boolean timestampCheck) {
+        this.timestampCheck = timestampCheck;
+    }
+}

src/main/java/com/huoran/iasf/common/config/WebMvcConfigurer.java

@@ -47,7 +47,10 @@ public class WebMvcConfigurer extends WebMvcConfigurationSupport {
     private CorsConfiguration buildConfig() {
         CorsConfiguration corsConfiguration = new CorsConfiguration();
         corsConfiguration.addAllowedHeader("*"); // 允许任何头
-        corsConfiguration.addAllowedOrigin("*"); // 允许任何头
+//        corsConfiguration.addAllowedOrigin("*"); // 允许任何头
+        corsConfiguration.addAllowedOrigin("*.iasf.ac.cn"); //允许信任域名
+        corsConfiguration.addAllowedOrigin("http://192.168.31.125:8088"); //允许信任域名
+        corsConfiguration.addAllowedOrigin("http://10.10.11.7"); //允许信任域名
         corsConfiguration.addAllowedMethod("*"); // 允许任何方法（post、get等）
         return corsConfiguration;
     }

src/main/java/com/huoran/iasf/common/exception/EncryptRequestException.java

@@ -0,0 +1,14 @@
+package com.huoran.iasf.common.exception;
+
+
+/**
+ * @author imyzt
+ * @date 2020/06/02
+ * @description 加密请求超时异常
+ */
+public class EncryptRequestException extends RuntimeException {
+
+    public EncryptRequestException(String msg) {
+        super(msg);
+    }
+}

src/main/java/com/huoran/iasf/common/exception/code/BaseResponseCode.java

@@ -24,7 +24,7 @@ public enum BaseResponseCode implements ResponseCodeInterface {
     KEY_OR_TOMEUNIT(10009, "key or TomeUnit 不能为空！"),
     DICTIONARY_DATA_FAILED(10010, "获取字典数据失败"),
     UPLOAD_EMPTY(10011, "上传内容为空"),
-    UPLOAD_FAILED(10012, "上传失败"),
+    UPLOAD_FAILED(10012, "文件格式上传有误"),
     VERIFICATION_CODE_ERROR(10007, "验证码错误！"),
     VERIFICATION_CODE_EXPIRED(10006, "验证码已过期！"),
     CANNOT_SAME(10005, "新密码不能与旧密码相同！"),
@@ -37,11 +37,13 @@ public enum BaseResponseCode implements ResponseCodeInterface {
     EXCEL_FILE_FORMAT_ERROR(40007, "请根据模板使用说明录入正确的用户信息！"),
     TOKEN_ERROR(401, "登录凭证已过期，请重新登录"),
     DATA_ERROR(401003, "传入数据异常"),
-    NOT_ACCOUNT(401004, "该用户不存在,请先注册"),
+    NOT_ACCOUNT(401004, "用户名不存在或密码错误"),
-    USER_LOCK(401005, "该用户已被锁定，请联系运营人员"),
+    USER_LOCK(401005, "该用户已被锁定，请联系管理员！"),
-    PASSWORD_ERROR(401006, "用户名或密码错误"),
+    PASSWORD_ERROR(401006, "用户名不存在或密码错误"),
-    METHOD_ARGUMENT_NOT_VALID_EXCEPTION(400, "请求参数有误"),
+    METHOD_ARGUMENT_NOT_VALID_EXCEPTION(400, "参数错误！"),
-    UNAUTHORIZED_ERROR(401008, "权鉴校验不通过"),
+    ILLEGAL_CHARACTERS(400, "入参中有非法字符，请修改！"),
+//    UNAUTHORIZED_ERROR(401008, "权鉴校验不通过"),
+    UNAUTHORIZED_ERROR(401008, "无操作权限！"),
     ROLE_PERMISSION_RELATION(401009, "该菜单权限存在子集关联，不允许删除"),
     OLD_PASSWORD_ERROR(401010, "旧密码不正确"),
     NOT_PERMISSION_DELETED_DEPT(401011, "该组织机构下还关联着用户，不允许删除"),
@@ -55,6 +57,8 @@ public enum BaseResponseCode implements ResponseCodeInterface {
     EXCEL_FILE_NULL(40006, "导入失败，导入数据为空！"),
 
     DATA_DOES_NOT_EXIST(500, "当前数据不存在"),
+    XSS_FILTER(400, "xss攻击检查：参数含有非法攻击字符，请修改后继续操作！"),
+    SQL_FILTER(400, "sql攻击检查：参数含有非法攻击字符，请修改后继续操作！"),
     ;
 
     /**

src/main/java/com/huoran/iasf/common/exception/handler/RestExceptionHandler.java

@@ -1,7 +1,9 @@
 package com.huoran.iasf.common.exception.handler;
 
+import com.alibaba.fastjson.JSONException;
 import com.google.common.collect.Maps;
 import com.huoran.iasf.common.exception.BusinessException;
+import com.huoran.iasf.common.exception.EncryptRequestException;
 import com.huoran.iasf.common.exception.NotFoundException;
 import com.huoran.iasf.common.exception.UnauthorizedException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
@@ -10,6 +12,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authz.AuthorizationException;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.converter.HttpMessageNotReadableException;
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
@@ -52,6 +55,20 @@ public class RestExceptionHandler {
         return R.getResult(BaseResponseCode.METHOD_ARGUMENT_NOT_VALID_EXCEPTION);
     }
 
+    @ExceptionHandler(EncryptRequestException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public R encryptRequestException(EncryptRequestException e) {
+        log.error("Exception,exception:{}", e, e);
+        return R.getResult(BaseResponseCode.METHOD_ARGUMENT_NOT_VALID_EXCEPTION);
+    }
+
+    @ExceptionHandler(HttpMessageNotReadableException.class)
+    @ResponseStatus(HttpStatus.BAD_REQUEST)
+    public R illegalArgumentException(JSONException e) {
+        log.error("Exception,exception:{}", e, e);
+        return R.getResult(BaseResponseCode.ILLEGAL_CHARACTERS);
+    }
+
     @ExceptionHandler(AuthenticationException.class)
     @ResponseStatus(HttpStatus.UNAUTHORIZED)
     public R authenticationException(AuthenticationException e) {
@@ -75,7 +92,7 @@ public class RestExceptionHandler {
      * 权限全局异常处理
      */
     @ExceptionHandler(value = UnauthorizedException.class)
-    @ResponseStatus(HttpStatus.UNAUTHORIZED)
+//    @ResponseStatus(HttpStatus.UNAUTHORIZED)
     public R businessExceptionHandler(UnauthorizedException e) {
         log.error("Exception,exception:{}", e, e);
         BaseResponseCode em = e.getBaseResponseCode();

src/main/java/com/huoran/iasf/common/filter/XSSFilter.java

@@ -0,0 +1,56 @@
+package com.huoran.iasf.common.filter;
+
+import org.apache.commons.lang.StringUtils;
+import org.springframework.core.annotation.Order;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+@WebFilter(filterName = "xssFilter", urlPatterns = "/*", asyncSupported = true)
+@Order(2)
+public class XSSFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig1) throws ServletException {
+
+    }
+
+
+    @Override
+    public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
+            throws IOException, ServletException {
+
+        //注入xss过滤器实例
+        if(arg2 != null){
+            HttpServletRequest req = (HttpServletRequest) arg0;
+            String method = req.getMethod();
+            boolean methodB = false;
+            if("POST".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method)){
+                methodB = true;
+            }
+
+            if (methodB && req.getContentType() != null && req.getContentType().startsWith("multipart/")) {
+                // 过滤
+                arg2.doFilter(req, arg1);
+            }else {
+                HttpServletResponse response = (HttpServletResponse) arg1;
+                XssHttpServletRequestWrapper reqW = new XssHttpServletRequestWrapper(req);
+                //过滤
+                arg2.doFilter(reqW, response);
+            }
+        }
+
+    }
+
+    @Override
+    public void destroy() {
+    }
+
+
+}

src/main/java/com/huoran/iasf/common/filter/XssHttpServletRequestWrapper.java

@@ -0,0 +1,224 @@
+package com.huoran.iasf.common.filter;
+
+import com.alibaba.fastjson.JSONObject;
+import com.huoran.iasf.common.exception.BusinessException;
+import com.huoran.iasf.common.exception.code.BaseResponseCode;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+
+import javax.servlet.ReadListener;
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import java.io.*;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.regex.Pattern;
+
+@Slf4j
+public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+    /**
+     * post请求体
+     */
+    private byte[] body;
+
+    /**
+     * 是否是文件上传
+     */
+    private boolean fileUpload = true;
+
+    //富文本验证链接
+    private static final String[] whiteList =
+            {"/iasf/sysContent/save",
+                    "/iasf/sysContent/update"};
+
+    /**
+     * sql注入正则
+     */
+    private static String badStrReg =
+            "\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
+
+    /**
+     * xss脚本正则
+     */
+    private final static Pattern[] scriptPatterns = {
+            Pattern.compile("<script>(.*?)</script>", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
+            Pattern.compile("</script>", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("<script(.*?)>", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
+            Pattern.compile("eval\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
+            Pattern.compile("expression\\((.*?)\\)", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL),
+            Pattern.compile("javascript:", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("script", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("ScriPT", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("meta", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("vbscript:", Pattern.CASE_INSENSITIVE),
+            Pattern.compile("onload(.*?)=", Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL)
+    };
+
+    public XssHttpServletRequestWrapper() {
+        super(null);
+    }
+
+    /**
+     * 构造函数 - 获取post请求体
+     * @param httpservletrequest
+     * @throws IOException
+     */
+    public XssHttpServletRequestWrapper(HttpServletRequest httpservletrequest) throws IOException {
+        super(httpservletrequest);
+        String sessionStream = getBodyString(httpservletrequest);
+        body = sessionStream.getBytes(StandardCharsets.UTF_8);
+        System.out.println(httpservletrequest.getRequestURI());
+        if(Arrays.asList(whiteList).contains(httpservletrequest.getRequestURI())){
+            fileUpload = false;
+        }
+    }
+
+    /**
+     * 读取post请求体
+     * @param httpservletrequest
+     * @return
+     * @throws IOException
+     */
+    private String getBodyString(HttpServletRequest httpservletrequest) throws IOException {
+        StringBuilder sb = new StringBuilder();
+        InputStream ins = httpservletrequest.getInputStream();
+        try (BufferedReader isr = new BufferedReader(new InputStreamReader(ins, StandardCharsets.UTF_8));) {
+            String line = "";
+            while ((line = isr.readLine()) != null) {
+                sb.append(line);
+            }
+        } catch (IOException e) {
+            throw e;
+        }
+        return sb.toString();
+    }
+
+    /**
+     * 过滤springmvc中的 @RequestParam 注解中的参数
+     * @param s
+     * @return
+     */
+    @Override
+    public String[] getParameterValues(String s) {
+        String[] str = super.getParameterValues(s);
+        if (str == null) {
+            return null;
+        }
+        int i = str.length;
+        String[] as1 = new String[i];
+        for (int j = 0; j < i; j++) {
+            as1[j] = cleanXSS(cleanSQLInject(str[j]));
+        }
+//        log.info("XssHttpServletRequestWrapper净化后的请求为：========== {}", Arrays.toString(as1));
+        return as1;
+    }
+
+    /**
+     * 过滤request.getParameter的参数
+     * @param s
+     * @return
+     */
+    @Override
+    public String getParameter(String s) {
+        String s1 = super.getParameter(s);
+        if (s1 == null) {
+            return null;
+        } else {
+            String s2 = cleanXSS(cleanSQLInject(s1));
+//            log.info("XssHttpServletRequestWrapper净化后的请求为：========== {}",  s2);
+            return s2;
+        }
+    }
+
+
+    /**
+     * 过滤请求体 json 格式的
+     * @return
+     * @throws IOException
+     */
+    @Override
+    public ServletInputStream getInputStream() throws IOException {
+        // 非文件上传进行过滤
+        if (!fileUpload) {
+            // 获取body中的请求参数
+            JSONObject json = JSONObject.parseObject(new String(body));
+            // 校验并过滤xss攻击和sql注入
+            for (String k : json.keySet()) {
+                cleanSQLInject(cleanXSS(json.getString(k)));
+            }
+        }
+        // 将请求体参数流转 -- 流读取一次就会消失,所以我们事先读取之后就存在byte数组里边方便流转
+        final ByteArrayInputStream bais = new ByteArrayInputStream(body);
+        return new ServletInputStream() {
+
+            @Override
+            public int read() throws IOException {
+                return bais.read();
+            }
+
+            @Override
+            public boolean isFinished() {
+                return false;
+            }
+
+            @Override
+            public boolean isReady() {
+                return false;
+            }
+
+            @Override
+            public void setReadListener(ReadListener readListener) {
+            }
+        };
+    }
+
+    /**
+     * 清除xss
+     * @param src 单个参数
+     * @return
+     */
+    public String cleanXSS(String src) {
+        if(StringUtils.isBlank(src)){
+            return src;
+        }
+        String temp = src;
+        // 校验xss脚本
+        for (Pattern pattern : scriptPatterns) {
+            temp = pattern.matcher(temp).replaceAll("");
+        }
+        // 校验xss特殊字符 匹配一个空白字符（包括空格、制表符、换页符和换行符等）//这个可以不用，因为有写数据用富文本编辑的时候有换行
+//        temp = temp.replaceAll("\0|\n|\r", "");
+        temp = temp.replaceAll("<", "<").replaceAll(">", ">");
+
+        if (!temp.equals(src)) {
+
+            log.error("xss攻击检查：参数含有非法攻击字符，已禁止继续访问！");
+            log.error("原始输入信息-->" + temp);
+
+            throw new BusinessException(BaseResponseCode.XSS_FILTER);
+        }
+
+        return src;
+    }
+
+    /**
+     * 过滤sql注入 -- 需要增加通配，过滤大小写组合
+     * @param src 单个参数值
+     * @return
+     */
+    public String cleanSQLInject(String src) {
+        if(StringUtils.isBlank(src)){
+            return src;
+        }
+        // 非法sql注入正则
+        Pattern sqlPattern = Pattern.compile(badStrReg, Pattern.CASE_INSENSITIVE);
+        if (sqlPattern.matcher(src.toLowerCase()).find()) {
+            log.error("sql注入检查：输入信息存在SQL攻击！");
+            throw new BusinessException(BaseResponseCode.SQL_FILTER);
+        }
+        return src;
+    }
+}

src/main/java/com/huoran/iasf/common/shiro/ShiroConfig.java

@@ -146,6 +146,7 @@ public class ShiroConfig {
         filterChainDefinitionMap.put("/sysFiles/upload", "anon");
         filterChainDefinitionMap.put("/seo/list", "anon");
         filterChainDefinitionMap.put("/sysContent/queryArticleColumnParent", "anon");
+
         /*filterChainDefinitionMap.put("/index/**", "anon");
         filterChainDefinitionMap.put("/doc.html", "anon");
         filterChainDefinitionMap.put("/swagger-resources/**", "anon");

src/main/java/com/huoran/iasf/common/utils/Base64Util.java

@@ -0,0 +1,31 @@
+package com.huoran.iasf.common.utils;
+
+import org.apache.commons.codec.binary.Base64;
+
+/**
+ * Base64
+ * Author:Bobby
+ * DateTime:2019/4/9
+ **/
+public class Base64Util{
+
+    /**
+     * Decoding to binary
+     * @param base64 base64
+     * @return byte
+     * @throws Exception Exception
+     */
+    public static byte[] decode(String base64) throws Exception {
+        return Base64.decodeBase64(base64);
+    }
+
+    /**
+     * Binary encoding as a string
+     * @param bytes byte
+     * @return String
+     * @throws Exception Exception
+     */
+    public static String encode(byte[] bytes) throws Exception {
+        return new String(Base64.encodeBase64(bytes));
+    }
+}

src/main/java/com/huoran/iasf/common/utils/JsonUtils.java

@@ -0,0 +1,30 @@
+package com.huoran.iasf.common.utils;
+
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import java.io.IOException;
+
+/**
+ * @author imyzt
+ * @date 2020/06/08
+ * @description JSON 工具类
+ */
+public class JsonUtils {
+
+    private JsonUtils() {
+    }
+
+    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();
+
+    public static JsonNode getNode(String content, String key) throws IOException {
+        JsonNode jsonNode = OBJECT_MAPPER.readTree(content);
+        return jsonNode.get(key);
+    }
+
+    public static String writeValueAsString(Object body) throws JsonProcessingException {
+        return OBJECT_MAPPER.writeValueAsString(body);
+    }
+}

src/main/java/com/huoran/iasf/common/utils/RSAUtil.java

@@ -0,0 +1,103 @@
+package com.huoran.iasf.common.utils;
+
+import javax.crypto.Cipher;
+import java.io.ByteArrayOutputStream;
+import java.security.Key;
+import java.security.KeyFactory;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
+
+/**
+ * RSA Util
+ * Author:Bobby
+ * DateTime:2019/4/9
+ **/
+public class RSAUtil{
+
+    /**
+     * encryption algorithm RSA
+     */
+    public static final String KEY_ALGORITHM = "RSA";
+
+    /**
+     * RSA Maximum Encrypted Plaintext Size
+     */
+    private static final int MAX_ENCRYPT_BLOCK = 117;
+
+    /**
+     * RSA Maximum decrypted ciphertext size
+     */
+    private static final int MAX_DECRYPT_BLOCK = 256;
+
+    /**
+     * encryption
+     * @param data data
+     * @param publicKey publicKey
+     * @return byte
+     * @throws Exception Exception
+     */
+    public static byte[] encrypt(byte[] data, String publicKey)
+            throws Exception {
+        byte[] keyBytes = Base64Util.decode(publicKey);
+        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
+        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
+        Key publicK = keyFactory.generatePublic(x509KeySpec);
+        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
+        cipher.init(Cipher.ENCRYPT_MODE, publicK);
+        int inputLen = data.length;
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        int offSet = 0;
+        byte[] cache;
+        int i = 0;
+        // Sectional Encryption of Data
+        while (inputLen - offSet > 0) {
+            if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
+                cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
+            } else {
+                cache = cipher.doFinal(data, offSet, inputLen - offSet);
+            }
+            out.write(cache, 0, cache.length);
+            i++;
+            offSet = i * MAX_ENCRYPT_BLOCK;
+        }
+        byte[] encryptedData = out.toByteArray();
+        out.close();
+        return encryptedData;
+    }
+
+    /**
+     * Decrypt
+     * @param text text
+     * @param privateKey privateKey
+     * @return byte
+     * @throws Exception Exception
+     */
+    public static byte[] decrypt(byte[] text, String privateKey)
+            throws Exception {
+        byte[] keyBytes = Base64Util.decode(privateKey);
+        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
+        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
+        Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
+        Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
+        cipher.init(Cipher.DECRYPT_MODE, privateK);
+        int inputLen = text.length;
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        int offSet = 0;
+        byte[] cache;
+        int i = 0;
+        // Sectional Encryption of Data
+        while (inputLen - offSet > 0) {
+            if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
+                cache = cipher.doFinal(text, offSet, MAX_DECRYPT_BLOCK);
+            } else {
+                cache = cipher.doFinal(text, offSet, inputLen - offSet);
+            }
+            out.write(cache, 0, cache.length);
+            i++;
+            offSet = i * MAX_DECRYPT_BLOCK;
+        }
+        byte[] decryptedData = out.toByteArray();
+        out.close();
+        return decryptedData;
+    }
+}

src/main/java/com/huoran/iasf/common/utils/fileUploadUtils.java

@@ -0,0 +1,119 @@
+package com.huoran.iasf.common.utils;
+
+import com.huoran.iasf.common.exception.BusinessException;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+
+import static com.huoran.iasf.common.exception.code.BaseResponseCode.UPLOAD_FAILED;
+
+/**
+ * 文件上传校验工具类
+ **/
+public class fileUploadUtils {
+
+
+    // 缓存文件魔数值
+    public static final HashMap<String, String> mFileTypes = new HashMap<String, String>();
+
+    static {
+        mFileTypes.put("FFD8FFE0", "jpg");
+        mFileTypes.put("89504E47", "png");
+        mFileTypes.put("47494638", "gif");
+//        mFileTypes.put("49492A00", "tif");
+//        mFileTypes.put("424D", "bmp");
+//        mFileTypes.put("38425053", "psd");
+//        mFileTypes.put("3C3F786D6C", "xml");
+//        mFileTypes.put("68746D6C3E", "html");
+        mFileTypes.put("D0CF11E0", "doc");
+        mFileTypes.put("D0CF11E0", "xls");//excel2003版本文件
+        mFileTypes.put("6D6F6F76", "mov");
+        mFileTypes.put("504B0304", "xlsx");//excel2007以上版本文件
+//        mFileTypes.put("5374616E64617264204A", "mdb");
+        mFileTypes.put("255044462D312E", "pdf");
+        mFileTypes.put("504B0304", "docx");
+        mFileTypes.put("00000020667479706D70","MP4");
+        mFileTypes.put("49443303000000002176","MP3");
+//        mFileTypes.put("52617221", "rar");
+//        mFileTypes.put("41564920", "avi");
+    }
+
+
+    /**
+     * 文件上传校验
+     *
+     * @param file             上传的文件
+     * @param allowedExtension 允许上传的文件后缀集合
+     * @throws Exception
+     */
+    public static final void assertAllowed(MultipartFile file, String[] allowedExtension) throws Exception {
+
+        //通过文件魔数获取文件的原始类型
+        String fileExtension = mFileTypes.get(getFileHeader(file));
+        //原始类型与允许类型集合进行比较，判断文件是否合法
+        if (!isAllowedExtension(fileExtension, allowedExtension)) {
+            throw new BusinessException(UPLOAD_FAILED);
+        }
+    }
+
+    /**
+     * 获取文件魔数值
+     *
+     * @param file
+     * @return
+     */
+    public static String getFileHeader(MultipartFile file) {
+        InputStream is = null;
+        String value = null;
+        try {
+            is = file.getInputStream();
+            byte[] b = new byte[4];
+            is.read(b, 0, b.length);
+            value = bytesToHexString(b);
+        } catch (Exception e) {
+        } finally {
+            if (null != is) {
+                try {
+                    is.close();
+                } catch (IOException e) {
+                }
+            }
+        }
+        return value;
+    }
+
+    private static String bytesToHexString(byte[] src) {
+        StringBuilder builder = new StringBuilder();
+        if (src == null || src.length <= 0) {
+            return null;
+        }
+        String hv;
+        for (int i = 0; i < src.length; i++) {
+            hv = Integer.toHexString(src[i] & 0xFF).toUpperCase();
+            if (hv.length() < 2) {
+                builder.append(0);
+            }
+            builder.append(hv);
+        }
+        System.out.println("文件魔数值为：" + builder.toString());
+        return builder.toString();
+    }
+
+    /**
+     * 判断MIME类型是否是允许的MIME类型
+     *
+     * @param extension
+     * @param allowedExtension
+     * @return
+     */
+    public static final boolean isAllowedExtension(String extension, String[] allowedExtension) {
+        for (String str : allowedExtension) {
+            if (str.equalsIgnoreCase(extension)) {
+                return true;
+            }
+        }
+        return false;
+    }
+}

src/main/java/com/huoran/iasf/controller/DeptController.java

@@ -1,5 +1,6 @@
 package com.huoran.iasf.controller;
 
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.aop.annotation.LogAnnotation;
 import com.huoran.iasf.common.aop.annotation.NoRepeatSubmit;
 import com.huoran.iasf.common.utils.R;
@@ -31,6 +32,7 @@ public class DeptController {
     @Resource
     private DeptService deptService;
     @NoRepeatSubmit
+    @Decrypt
     @PostMapping("/dept")
     @ApiOperation(value = "新增组织接口")
     @LogAnnotation(title = "机构管理", action = "新增组织")
@@ -44,16 +46,18 @@ public class DeptController {
         return R.success();
     }
 
-    @DeleteMapping("/dept/{id}")
+    @PostMapping("/deleteDept")
     @ApiOperation(value = "删除组织接口")
+    @Decrypt
     @LogAnnotation(title = "机构管理", action = "删除组织")
     @RequiresPermissions("sys:dept:deleted")
-    public R deleted(@PathVariable("id") String id) {
+    public R deleted(@RequestBody String id) {
         deptService.deleted(id);
         return R.success();
     }
 
-    @PutMapping("/dept")
+    @PostMapping("/updateDept")
+    @Decrypt
     @ApiOperation(value = "更新组织信息接口")
     @LogAnnotation(title = "机构管理", action = "更新组织信息")
     @RequiresPermissions("sys:dept:update")
@@ -80,7 +84,7 @@ public class DeptController {
     @GetMapping("/dept/tree")
     @ApiOperation(value = "树型组织列表接口",response = DeptRespNodeVO.class)
     @LogAnnotation(title = "部门管理", action = "树型组织列表")
-//    @RequiresPermissions(value = {"sys:user:list", "sys:user:update", "sys:user:add", "sys:dept:add", "sys:dept:update"}, logical = Logical.OR)
+    @RequiresPermissions(value = {"sys:user:list", "sys:user:update", "sys:user:add", "sys:dept:add", "sys:dept:update"}, logical = Logical.OR)
     public R getTree(
             @ApiParam(name = "deptId", value = "部门id",required = false)
             @RequestParam(required = false) String deptId) {

src/main/java/com/huoran/iasf/controller/RoleController.java

@@ -3,6 +3,7 @@ package com.huoran.iasf.controller;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.aop.annotation.LogAnnotation;
 import com.huoran.iasf.common.aop.annotation.NoRepeatSubmit;
 import com.huoran.iasf.common.utils.R;
@@ -44,7 +45,8 @@ public class RoleController {
     @Resource
     private HttpSessionService httpSessionService;
     @NoRepeatSubmit
-    @PostMapping("/role")
+    @Decrypt
+    @PostMapping("/addRole")
     @ApiOperation(value = "新增角色接口")
     @LogAnnotation(title = "角色管理", action = "新增角色")
     @RequiresPermissions("sys:role:add")
@@ -67,17 +69,19 @@ public class RoleController {
         return R.success();
     }
 
-    @DeleteMapping("/role/deleted")
+    @PostMapping("/role/deleted")
     @ApiOperation(value = "删除角色接口")
+    @Decrypt
     @LogAnnotation(title = "角色管理", action = "删除角色")
     @RequiresPermissions("sys:role:deleted")
-    public R deleted(@RequestBody @ApiParam(value = "id集合") List<Integer> ids) {
+    public R deleted(@RequestBody @ApiParam(value = "id集合") List<String> ids) {
         roleService.deletedRole(ids);
         return R.success();
     }
 
-    @PutMapping("/role")
+    @PostMapping("/updateRole")
     @ApiOperation(value = "更新角色信息接口")
+    @Decrypt
     @LogAnnotation(title = "角色管理", action = "更新角色信息")
     @RequiresPermissions("sys:role:update")
     public R updateDept(@RequestBody SysRole vo) {
@@ -92,11 +96,12 @@ public class RoleController {
         return R.success();
     }
 
-    @GetMapping("/role/{id}")
+    @PostMapping("/role")
+    @Decrypt
     @ApiOperation(value = "查询角色详情接口")
     @LogAnnotation(title = "角色管理", action = "查询角色详情")
-//    @RequiresPermissions("sys:role:detail")
+    @RequiresPermissions("sys:role:detail")
-    public R detailInfo(@PathVariable("id") String id) {
+    public R detailInfo(@RequestBody Integer id) {
         // return R.success(roleService.detailInfo(id));
         SysRole role = roleService.getById(id);
         QueryWrapper<SysRolePermission> wrapper = new QueryWrapper<>();
@@ -113,6 +118,7 @@ public class RoleController {
     }
 
     @PostMapping("/roles")
+    @Decrypt
     @ApiOperation(value = "分页获取角色信息接口")
     @LogAnnotation(title = "角色管理", action = "分页获取角色信息")
     @RequiresPermissions("sys:role:list")

src/main/java/com/huoran/iasf/controller/SeoController.java

@@ -0,0 +1,76 @@
+package com.huoran.iasf.controller;
+
+
+import cn.hutool.core.util.ObjectUtil;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.huoran.iasf.common.aop.annotation.LogAnnotation;
+import com.huoran.iasf.common.utils.R;
+import com.huoran.iasf.entity.Seo;
+import com.huoran.iasf.entity.Site;
+import com.huoran.iasf.service.SeoService;
+import com.huoran.iasf.service.SiteService;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+
+/**
+ * <p>
+ *  前端控制器
+ * </p>
+ *
+ * @author cheney
+ * @since 2023-08-24
+ */
+@Api(tags = "seo管理")
+@RestController
+@RequestMapping("/seo")
+public class SeoController {
+
+    @Autowired
+    private SeoService seoService;
+
+    @PostMapping("/add")
+    @ApiOperation(value = "新增seo")
+    public R addUserGroup(@RequestBody Seo seo) {
+        Seo one = seoService.getOne(new QueryWrapper<Seo>().
+                eq("title", seo.getTitle()));
+        if (ObjectUtil.isNotNull(one)){
+            R.fail("seo已存在");
+        }
+        boolean save = seoService.save(seo);
+        return save ? R.success() : R.fail("添加失败");
+    }
+
+    @PostMapping("/delete")
+    @ApiOperation(value = "删除seo")
+    public R deleted(@RequestParam Integer id) {
+        boolean remove = seoService.removeById(id);
+        return remove ? R.success() : R.fail("删除失败");
+    }
+
+    @PostMapping("/update")
+    @ApiOperation(value = "更新seo")
+    public R update(@RequestBody Seo seo) {
+        boolean update = seoService.updateById(seo);
+        return update ? R.success() : R.fail("更新失败");
+    }
+
+
+    @GetMapping("/list")
+    @ApiOperation(value = "站点seo列表")
+    public R list(@RequestParam Integer siteId) {
+        QueryWrapper<Seo> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("site_id",siteId);
+        List<Seo> list = seoService.list(queryWrapper);
+        return R.success(list);
+    }
+
+}
+

src/main/java/com/huoran/iasf/controller/SysColumnController.java

@@ -2,6 +2,7 @@ package com.huoran.iasf.controller;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.aop.annotation.NoRepeatSubmit;
 import com.huoran.iasf.common.exception.NotFoundException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
@@ -9,10 +10,13 @@ import com.huoran.iasf.common.utils.Constant;
 import com.huoran.iasf.entity.*;
 import com.huoran.iasf.service.*;
 import com.huoran.iasf.vo.req.ColumnWeightReqVO;
+import com.huoran.iasf.vo.req.OneLevelChecksThemAll;
 import com.huoran.iasf.vo.req.PaginationColumnReqVO;
+import com.huoran.iasf.vo.req.SubLevelColumnsUnderALevel;
 import com.huoran.iasf.vo.resp.SortColumnRespVO;
 import io.swagger.annotations.*;
 import com.huoran.iasf.common.utils.R;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
@@ -65,12 +69,14 @@ public class SysColumnController {
     public SysFilesService sysFilesService;
 
     @PostMapping("/listWithTree")
+    @Decrypt
     @ApiOperation(value = "栏目树结构", response = SysColumn.class)
     public R listWithTree(@RequestBody @Valid PaginationColumnReqVO sysColumn) {
         return R.success(service.listWithTree(sysColumn));
     }
 
     @PostMapping("/listWithTreeMenuVisible")
+    @Decrypt
     @ApiOperation(value = "栏目树结构(前台可见，只展示试单可见的栏目)", response = SysColumn.class)
     public R listWithTreeMenuVisible(@RequestBody @Valid PaginationColumnReqVO sysColumn) {
         return R.success(service.listWithTreeMenuVisible(sysColumn));
@@ -78,8 +84,9 @@ public class SysColumnController {
 
 
     @PostMapping("/findById")
+    @Decrypt
     @ApiOperation(value = "查询详情", response = SysColumn.class)
-    public R findById(@RequestParam("id") @ApiParam(value = "序号") Integer id) {
+    public R findById(@RequestBody @ApiParam(value = "序号") Integer id) {
         SysColumn sysColumn = service.getById(id);
         if (sysColumn == null) {
             throw new NotFoundException(BaseResponseCode.DATA_DOES_NOT_EXIST);
@@ -96,6 +103,7 @@ public class SysColumnController {
     @NoRepeatSubmit
     @PostMapping("/save")
     @ApiOperation(value = "新增", response = SysColumn.class)
+    @RequiresPermissions("sys:column:save")
     public R save(@RequestBody @Valid SysColumn sysColumn) {
         QueryWrapper<SysColumn> queryWrapper = new QueryWrapper<SysColumn>();
         queryWrapper.eq("father_id", sysColumn.getFatherId());
@@ -107,6 +115,7 @@ public class SysColumnController {
 
     @PostMapping("/update")
     @ApiOperation(value = "修改", response = SysColumn.class)
+    @RequiresPermissions("sys:column:update")
     public R update(@RequestBody SysColumn sysColumn) {
         boolean updateState = service.updateById(sysColumn);
         return updateState ? R.success() : R.fail("编辑失败");
@@ -134,9 +143,11 @@ public class SysColumnController {
     }*/
 
     @NoRepeatSubmit
+    @Decrypt
     @PostMapping("/batchDeletion")
     @ApiOperation(value = "批量删除栏目", response = SysColumn.class)
-    public R batchDeletion(@ApiParam(name = "ids", value = "主键", required = true) @RequestParam List<Integer> ids) {
+    @RequiresPermissions("sys:column:batchDeletion")
+    public R batchDeletion(@ApiParam(name = "ids", value = "主键", required = true) @RequestBody List<Integer> ids) {
         boolean ret = false;
         for (Integer id : ids) {
             UpdateWrapper<SysFilesEntity> filesEntityUpdateWrapper = new UpdateWrapper<>();
@@ -180,6 +191,7 @@ public class SysColumnController {
 
     @PostMapping("/sortByColumn")
     @ApiOperation(value = "栏目排序(依据id更改)", response = SysColumn.class)
+    @RequiresPermissions("sys:column:sort")
     public R sortByColumn(@RequestBody List<SortColumnRespVO> sortColumnRespVOList) {
         for (SortColumnRespVO sort : sortColumnRespVOList) {
 
@@ -214,11 +226,12 @@ public class SysColumnController {
 
 
     @ApiOperation("获取某层级下的子级栏目")
+    @Decrypt
     @PostMapping("/getsSublevelColumnsUnderALevel")
-    public R getsSublevelColumnsUnderALevel(@ApiParam(name = "id", value = "id", required = true) @RequestParam Integer id,
+    public R getsSublevelColumnsUnderALevel(
-                                            @ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId) {
+            @RequestBody SubLevelColumnsUnderALevel subLevelColumnsUnderALevel) {
-        String ids = this.getIds(id);
+        String ids = this.getIds(subLevelColumnsUnderALevel.getId());
-        return service.getsTheSubColumn(id, ids,siteId);
+        return service.getsTheSubColumn(subLevelColumnsUnderALevel.getId(), ids,subLevelColumnsUnderALevel.getSiteId());
 
     }
 
@@ -259,8 +272,11 @@ public class SysColumnController {
 
 
     @ApiOperation("获取一级下的子级栏目以及下的全部文章标签")
+    @Decrypt
     @PostMapping("/getTheFullArticleByColumn")
-    public R getTheFullArticleByColumn(@ApiParam(name = "id", value = "一级栏目id", required = true) @RequestParam Integer id) {
+    public R getTheFullArticleByColumn(
+            @ApiParam(name = "id", value = "一级栏目id", required = true)
+            @RequestBody Integer id) {
         String ids = this.getIds(id);
         return contentService.getTheFullArticleByColumn(ids);
     }
@@ -280,15 +296,13 @@ public class SysColumnController {
     }
 
     @ApiOperation("某一级查全部")
+    @Decrypt
     @PostMapping("/oneLevelChecksThemAll")
-    public R oneLevelChecksThemAll(@ApiParam(name = "id", value = "栏目id", required = true) @RequestParam Integer id,
+    public R oneLevelChecksThemAll(
-                                   @ApiParam(name = "isSort", value = "判断是否为排序接口调用(1为排序接口调用 0我栏目管理列表调用)", required = true) @RequestParam Integer isSort,
+            @RequestBody OneLevelChecksThemAll oneLevelChecksThemAll) {
-                                   @ApiParam(name = "ids", value = "主键", required = true) @RequestParam Integer siteId
+        Integer pid = service.oneLevelChecksThemAll(oneLevelChecksThemAll.getId());
-    ) {
-
-        Integer pid = service.oneLevelChecksThemAll(id);
         String ids = this.getIds(pid);
-        return service.getSubColumn(pid, ids, isSort,siteId);
+        return service.getSubColumn(pid, ids, oneLevelChecksThemAll.getIsSort(),oneLevelChecksThemAll.getSiteId());
     }
 
 
@@ -300,8 +314,11 @@ public class SysColumnController {
      * @return
      */
     @ApiOperation("查询栏目下的文章(若选中栏目与子级全部栏目类型一致返回全部文章，反之查询选中栏目下的文章)")
+    @Decrypt
     @PostMapping("/queryArticlesByColumnType")
-    public R queryArticlesByColumnType(@ApiParam(name = "columnId", value = "栏目id", required = true) @RequestParam Integer columnId) {
+    public R queryArticlesByColumnType(
+            @ApiParam(name = "columnId", value = "栏目id", required = true)
+            @RequestBody Integer columnId) {
         String ids = this.getIds(columnId);
         return service.queryArticlesByColumnType(ids, columnId);
     }

src/main/java/com/huoran/iasf/controller/SysColumnLongPageController.java

@@ -2,6 +2,7 @@ package com.huoran.iasf.controller;
 
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.exception.NotFoundException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
 import com.huoran.iasf.common.utils.Constant;
@@ -61,8 +62,11 @@ public class SysColumnLongPageController {
 
 
     @PostMapping("/getLongPageInformation")
+    @Decrypt
     @ApiOperation(value = "根据栏目id查询类型长页栏目信息", response = SysColumnLongPage.class)
-    public R getLongPageInformation(@ApiParam(name = "columnId", value = "栏目id", required = true) @RequestParam Integer columnId) {
+    public R getLongPageInformation(
+            @ApiParam(name = "columnId", value = "栏目id", required = true)
+            @RequestBody Integer columnId) {
         QueryWrapper<SysColumnLongPage> queryWrapper = new QueryWrapper<>();
         queryWrapper.eq("column_id", columnId);
         List<SysColumnLongPage> longPageList = service.list(queryWrapper);

src/main/java/com/huoran/iasf/controller/SysContentClassificationController.java

@@ -1,11 +1,14 @@
 package com.huoran.iasf.controller;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.exception.NotFoundException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
 import com.huoran.iasf.common.utils.R;
 import com.huoran.iasf.entity.SysContentClassification;
 import com.huoran.iasf.service.SysContentClassificationService;
+import com.huoran.iasf.vo.req.AllTheQuery;
+import com.huoran.iasf.vo.req.CheckForHeavy;
 import io.swagger.annotations.*;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -39,11 +42,12 @@ public class SysContentClassificationController {
 
 
     @PostMapping("/allTheQuery")
+    @Decrypt
     @ApiOperation(value = "查询全部文章所属分类", response = SysContentClassification.class)
-    public R allTheQuery(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId,
+    public R allTheQuery(
-                         @ApiParam(name = "templateId", value = "模板id", required = true) @RequestParam Integer templateId) {
+            @RequestBody AllTheQuery allTheQuery) {
         List<SysContentClassification> list = service.list(new QueryWrapper<SysContentClassification>()
-                .eq("site_id", siteId).eq("template_id",templateId));
+                .eq("site_id", allTheQuery.getSiteId()).eq("template_id",allTheQuery.getTemplateId()));
         return R.success(list);
     }
 
@@ -60,17 +64,17 @@ public class SysContentClassificationController {
 
 
     @PostMapping("/checkForHeavy")
+    @Decrypt
     @ApiOperation(value = "分类校验判重", response = SysContentClassification.class)
-    public R checkForHeavy(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId,
+    public R checkForHeavy(
-                           @ApiParam(name = "classificationName", value = "分类名称", required = true) @RequestParam String classificationName,
+            @RequestBody CheckForHeavy checkForHeavy) {
-                           @ApiParam(name = "classificationId", value = "分类id(新增不传，编辑传)", required = false) @RequestParam Integer classificationId) {
 
-        QueryWrapper<SysContentClassification> queryWrapper = new QueryWrapper<SysContentClassification>().eq("site_id", siteId).
+        QueryWrapper<SysContentClassification> queryWrapper = new QueryWrapper<SysContentClassification>().eq("site_id", checkForHeavy.getSiteId()).
-                eq("classification_name", classificationName);
+                eq("classification_name", checkForHeavy.getClassificationName());
 
         //id不得空表示编辑校验
-        if (classificationId != null) {
+        if (checkForHeavy.getClassificationId() != null) {
-            queryWrapper.last(" and id != " + classificationId);
+            queryWrapper.last(" and id != " + checkForHeavy.getClassificationId());
         }
         SysContentClassification sysContentClassification = service.getOne(queryWrapper);
         if (sysContentClassification != null) {
@@ -82,6 +86,7 @@ public class SysContentClassificationController {
 
 
     @PostMapping("/save")
+    @Decrypt
     @ApiOperation(value = "新增", response = SysContentClassification.class)
     public R save(@RequestBody @Valid @ApiParam(name = "文章所属分类对象", value = "传入json格式", required = true) SysContentClassification sysContentClassification) {
         boolean addState = service.save(sysContentClassification);
@@ -90,6 +95,7 @@ public class SysContentClassificationController {
 
 
     @PostMapping("/update")
+    @Decrypt
     @ApiOperation(value = "修改", response = SysContentClassification.class)
     public R update(@RequestBody @ApiParam(name = "文章所属分类对象", value = "传入json格式", required = true) SysContentClassification sysContentClassification) {
         boolean updateState = service.updateById(sysContentClassification);
@@ -98,15 +104,17 @@ public class SysContentClassificationController {
 
 
     @PostMapping("/delete")
+    @Decrypt
     @ApiOperation(value = "删除", response = SysContentClassification.class)
-    public R delete(@ApiParam(name = "id", value = "主键", required = true) @RequestParam Integer id) {
+    public R delete(@ApiParam(name = "id", value = "主键", required = true) @RequestBody Integer id) {
         boolean delState = service.removeById(id);
         return delState ? R.success() : R.fail("删除失败");
     }
 
     @PostMapping("/batchDeletion")
+    @Decrypt
     @ApiOperation(value = "批量删除", response = SysContentClassification.class)
-    public R batchDeletion(@ApiParam(name = "id", value = "主键", required = true) @RequestParam List<Integer> ids) {
+    public R batchDeletion(@ApiParam(name = "id", value = "主键", required = true) @RequestBody List<Integer> ids) {
         boolean delState = service.removeByIds(ids);
         return delState ? R.success() : R.fail("删除失败");
         //

src/main/java/com/huoran/iasf/controller/SysContentController.java

@@ -6,6 +6,7 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.baomidou.mybatisplus.extension.toolkit.SqlHelper;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.exception.NotFoundException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
 import com.huoran.iasf.entity.SysColumn;
@@ -14,14 +15,12 @@ import com.huoran.iasf.entity.SysFilesEntity;
 import com.huoran.iasf.service.SysColumnService;
 import com.huoran.iasf.service.SysContentFileService;
 import com.huoran.iasf.service.SysFilesService;
-import com.huoran.iasf.vo.req.ArticleModifiedSortReq;
+import com.huoran.iasf.vo.req.*;
-import com.huoran.iasf.vo.req.ContentHeavyTitleReqVO;
-import com.huoran.iasf.vo.req.ContentReq;
-import com.huoran.iasf.vo.req.PageContentReqVO;
 import com.huoran.iasf.vo.resp.PageContentRespVO;
 import io.swagger.annotations.*;
 import com.huoran.iasf.common.utils.R;
 import org.apache.ibatis.annotations.Update;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.StringRedisTemplate;
 import org.springframework.web.bind.annotation.*;
@@ -63,6 +62,7 @@ public class SysContentController {
 
 
     @PostMapping("/pagingQuery")
+    @Decrypt
     @ApiOperation(value = "分页查询文章列表", response = PageContentRespVO.class)
     public R pagingQuery(@RequestBody @Valid @ApiParam(name = "分页查询参数", value = "传入json格式", required = true) PageContentReqVO sysContent) {
         return service.articlePaginationList(sysContent);
@@ -70,8 +70,9 @@ public class SysContentController {
 
 
     @PostMapping("/findById")
+    @Decrypt
     @ApiOperation(value = "查询详情", response = SysContent.class)
-    public R findById(@ApiParam(name = "id", value = "主键", required = true) @RequestParam Integer id) {
+    public R findById(@ApiParam(name = "id", value = "主键", required = true) @RequestBody Integer id) {
 
 
         SysContent sysContent = service.getById(id);
@@ -97,8 +98,11 @@ public class SysContentController {
     }
 
     @PostMapping("/save")
+    @RequiresPermissions("sys:article:save")
     @ApiOperation(value = "新增", response = SysContent.class)
-    public R save(@RequestBody @Valid @ApiParam(name = "文章管理对象", value = "传入json格式", required = true) SysContent sysContent) {
+    public R save(
+            @ApiParam(name = "文章管理对象", value = "传入json格式", required = true)
+            @RequestBody @Valid SysContent sysContent) {
 
       /*  QueryWrapper<SysContent> queryWrap = new QueryWrapper<>();
         queryWrap.eq("column_id", sysContent.getColumnId());
@@ -116,6 +120,7 @@ public class SysContentController {
 
 
     @PostMapping("/update")
+    @RequiresPermissions("sys:article:update")
     @ApiOperation(value = "修改", response = SysContent.class)
     public R update(@RequestBody @ApiParam(name = "文章管理对象", value = "传入json格式", required = true) SysContent sysContent) {
         boolean updateState = service.updateById(sysContent);
@@ -124,8 +129,10 @@ public class SysContentController {
 
 
     @PostMapping("/delete")
+    @Decrypt
+    @RequiresPermissions("sys:article:delete")
     @ApiOperation(value = "删除", response = SysContent.class)
-    public R delete(@ApiParam(name = "id", value = "主键", required = true) @RequestParam Integer id) {
+    public R delete(@ApiParam(name = "id", value = "主键", required = true) @RequestBody Integer id) {
         UpdateWrapper<SysFilesEntity> queryWrapper = new UpdateWrapper<>();
         queryWrapper.eq("quote_id", id);
         queryWrapper.eq("quote_type", 0);
@@ -137,8 +144,9 @@ public class SysContentController {
 
 
     @PostMapping("/batchDeletion")
+    @Decrypt
     @ApiOperation(value = "批量删除文章", response = SysContent.class)
-    public R batchDeletion(@ApiParam(name = "ids", value = "主键", required = true) @RequestParam List<Integer> ids) {
+    public R batchDeletion(@ApiParam(name = "ids", value = "主键", required = true) @RequestBody List<Integer> ids) {
         for (Integer id : ids) {
             UpdateWrapper<SysFilesEntity> queryWrapper = new UpdateWrapper<>();
             queryWrapper.eq("quote_id", id);
@@ -151,12 +159,14 @@ public class SysContentController {
     }
 
     @PostMapping("/checkIfTheTitleIsRepeat")
+    @Decrypt
     @ApiOperation(value = "标题判重——只对已发布的判重(新增，编辑，点击发布时候都要调用判断))", response = ContentHeavyTitleReqVO.class)
     public R checkIfTheTitleIsRepeat(@RequestBody @Valid ContentHeavyTitleReqVO content) {
         return service.checkIfTheTitleIsRepeat(content) ? R.success() : R.fail("该标题已重复!");
     }
 
     @PostMapping("/newlyPublishedArticles")
+    @Decrypt
     @ApiOperation(value = "站点最新发布的文章", response = PageContentReqVO.class)
     public R newlyPublishedArticles(@Valid @RequestBody PageContentReqVO content) {
         return service.newlyPublishedArticles(content);
@@ -189,26 +199,35 @@ public class SysContentController {
 
 
     @PostMapping("/articleEnableOrDisable")
+    @Decrypt
+    @RequiresPermissions("sys:article:enable")
     @ApiOperation(value = "文章启用禁用", response = SysContent.class)
-    public R articleEnableOrDisable(@ApiParam(name = "id", value = "文章id", required = true) @RequestParam Integer id, @ApiParam(name = "isDisable", value = "是否禁用(0默认，0启用 1禁用)", required = true) @RequestParam Integer isDisable) {
+    public R articleEnableOrDisable(
+            @RequestBody ArticleEnableOrDisable articleEnableOrDisable) {
         UpdateWrapper<SysContent> updateWrapper = new UpdateWrapper<>();
-        updateWrapper.set("is_disable", isDisable);
+        updateWrapper.set("is_disable", articleEnableOrDisable.getIsDisable());
-        updateWrapper.eq("id", id);
+        updateWrapper.eq("id", articleEnableOrDisable.getId());
         boolean ret = service.update(updateWrapper);
         return ret ? R.success() : R.fail("禁用/启用失败");
     }
 
     @PostMapping("/articlePreview")
+    @Decrypt
     @ApiOperation(value = "增加文章浏览量(点击一次算一次)", response = SysContent.class)
-    public R articlePreview(@ApiParam(name = "contentId", value = "文章id", required = true) @RequestParam Integer contentId) {
+    public R articlePreview(
+            @ApiParam(name = "contentId", value = "文章id", required = true)
+            @RequestBody Integer contentId) {
         return R.success(service.statisticsOfPageViews(contentId));
 
     }
 
 
     @PostMapping("/hotContent")
+    @Decrypt
     @ApiOperation(value = "热点内容", response = SysContent.class)
-    public R hotContent(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId) {
+    public R hotContent(
+            @ApiParam(name = "siteId", value = "站点id", required = true)
+            @RequestBody Integer siteId) {
         return R.success(service.hotContent(siteId));
 
     }
@@ -222,19 +241,22 @@ public class SysContentController {
 
 
     @PostMapping("/articleTopOperation")
+    @Decrypt
+    @RequiresPermissions("sys:article:top")
     @ApiOperation(value = "文章置顶/取消置顶", response = SysContent.class)
-    public R articleTopOperation(@ApiParam(name = "isTop", value = "是否置顶(默认为0 不置顶 1为置顶)", required = true) @RequestParam Integer isTop, @ApiParam(name = "articleId", value = "文章Id", required = true) @RequestParam Integer articleId) {
+    public R articleTopOperation(
+            @RequestBody ArticleTopOperation articleTopOperation) {
         //是否置顶(默认为0 不置顶 1为置顶)
         UpdateWrapper<SysContent> updateWrap = new UpdateWrapper<>();
 
-        if (isTop == 1) {
+        if (articleTopOperation.getIsTop() == 1) {
             //置顶时间(置顶一次更新一次)
             updateWrap.set("top_time", new Date());
         } else {
             updateWrap.set("top_time", null);
         }
-        updateWrap.set("is_top", isTop);
+        updateWrap.set("is_top", articleTopOperation.getIsTop());
-        updateWrap.eq("id", articleId);
+        updateWrap.eq("id", articleTopOperation.getArticleId());
         updateWrap.eq("deleted", 1);
         boolean ret = service.update(updateWrap);
         return ret ? R.success() : R.fail("操作失败");

src/main/java/com/huoran/iasf/controller/SysContentLabelController.java

@@ -1,12 +1,14 @@
 package com.huoran.iasf.controller;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.exception.NotFoundException;
 import com.huoran.iasf.common.exception.code.BaseResponseCode;
 import com.huoran.iasf.common.utils.R;
 import com.huoran.iasf.entity.SysContentClassification;
 import com.huoran.iasf.entity.SysContentLabel;
 import com.huoran.iasf.service.SysContentLabelService;
+import com.huoran.iasf.vo.req.LabelCheckForHeavy;
 import io.swagger.annotations.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.apache.commons.lang.StringUtils;
@@ -37,8 +39,11 @@ public class SysContentLabelController {
 
 
     @PostMapping("/queryAllArticleSubjectTags")
+    @Decrypt
     @ApiOperation(value = "查询全部文章主题标签", response = SysContentLabel.class)
-    public R queryAllArticleSubjectTags(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId) {
+    public R queryAllArticleSubjectTags(
+            @ApiParam(name = "siteId", value = "站点id", required = true)
+            @RequestBody Integer siteId) {
         List<SysContentLabel> list = service.list(new QueryWrapper<SysContentLabel>().eq("site_id", siteId));
         return R.success(list);
     }
@@ -56,6 +61,7 @@ public class SysContentLabelController {
 
 
     @PostMapping("/save")
+    @Decrypt
     @ApiOperation(value = "新增", response = SysContentLabel.class)
     public R save(@RequestBody @Valid @ApiParam(name = "文章主题标签对象", value = "传入json格式", required = true) SysContentLabel sysContentLabel) {
         boolean addState = service.save(sysContentLabel);
@@ -64,14 +70,17 @@ public class SysContentLabelController {
 
 
     @PostMapping("/checkForHeavy")
+    @Decrypt
     @ApiOperation(value = "标签校验判重", response = SysContentLabel.class)
-    public R checkForHeavy(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId, @ApiParam(name = "labelName", value = "标签名称", required = true) @RequestParam String labelName, @ApiParam(name = "labelId", value = "标签id(新增不传，编辑传)", required = false) @RequestParam Integer labelId) {
+    public R checkForHeavy(
+            @RequestBody LabelCheckForHeavy labelCheckForHeavy) {
 
-        QueryWrapper<SysContentLabel> queryWrapper = new QueryWrapper<SysContentLabel>().eq("site_id", siteId).eq("label_name", labelName);
+        QueryWrapper<SysContentLabel> queryWrapper = new QueryWrapper<SysContentLabel>().
+                eq("site_id", labelCheckForHeavy.getSiteId()).eq("label_name", labelCheckForHeavy.getLabelName());
 
         //id不得空表示编辑校验
-        if (labelId != null) {
+        if (labelCheckForHeavy.getLabelId() != null) {
-            queryWrapper.last(" and id != " + labelId);
+            queryWrapper.last(" and id != " + labelCheckForHeavy.getLabelId());
         }
         SysContentLabel contentLabel = service.getOne(queryWrapper);
         if (contentLabel != null) {
@@ -83,6 +92,7 @@ public class SysContentLabelController {
 
 
     @PostMapping("/update")
+    @Decrypt
     @ApiOperation(value = "修改", response = SysContentLabel.class)
     public R update(@RequestBody @ApiParam(name = "文章主题标签对象", value = "传入json格式", required = true) SysContentLabel sysContentLabel) {
         boolean updateState = service.updateById(sysContentLabel);
@@ -91,8 +101,9 @@ public class SysContentLabelController {
 
 
     @PostMapping("/delete")
+    @Decrypt
     @ApiOperation(value = "删除", response = SysContentLabel.class)
-    public R delete(@ApiParam(name = "id", value = "主键", required = true) @RequestParam Integer id) {
+    public R delete(@ApiParam(name = "id", value = "主键", required = true) @RequestBody Integer id) {
         boolean delState = service.removeById(id);
         return delState ? R.success() : R.fail("删除失败");
     }

src/main/java/com/huoran/iasf/controller/SysFilesController.java

@@ -6,9 +6,11 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.aop.annotation.NoRepeatSubmit;
 import com.huoran.iasf.common.config.NonStaticResourceHttpRequestConfig;
 import com.huoran.iasf.common.utils.R;
+import com.huoran.iasf.common.utils.fileUploadUtils;
 import com.huoran.iasf.entity.SysFilesEntity;
 import com.huoran.iasf.entity.SysUser;
 import com.huoran.iasf.service.HttpSessionService;
@@ -75,7 +77,7 @@ public class SysFilesController {
     // @RequiresPermissions(value = {"sysFiles:add", "sysContent:update", "sysContent:add"}, logical = Logical.OR)
     public UEditorResultVO add(
             @RequestParam(required = false) String action,
-            @RequestParam(value = "file") MultipartFile file, FileParameters fileParameters) {
+            @RequestParam(value = "file") MultipartFile file, FileParameters fileParameters) throws Exception {
         Integer userId = httpSessionService.getCurrentUserId();
         fileParameters.setUploader(userId.toString());
         //判断文件是否空
@@ -84,6 +86,8 @@ public class SysFilesController {
             uEditorResult.setState("error");
             return uEditorResult;
         }
+        String[] allowedExtension = new String[]{"jpg", "png", "gif", "doc", "xls", "xlsx", "docx", "pdf", "mov","mp4","MP3"};
+        fileUploadUtils.assertAllowed(file,allowedExtension);
         return sysFilesService.saveFile(file,fileParameters);
     }
 
@@ -113,7 +117,8 @@ public class SysFilesController {
     }
 
     @ApiOperation(value = "删除")
-    @DeleteMapping("/delete")
+    @PostMapping("/delete")
+    @Decrypt
     @RequiresPermissions("sysFiles:delete")
     public R delete(@RequestBody @ApiParam(value = "id集合") List<String> ids) {
         sysFilesService.removeByIdsAndFiles(ids);

src/main/java/com/huoran/iasf/controller/SysNavigationStyleController.java

@@ -1,6 +1,7 @@
 package com.huoran.iasf.controller;
 
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
+import com.huoran.iasf.common.annotation.Decrypt;
 import io.swagger.annotations.*;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.huoran.iasf.common.utils.R;
@@ -36,8 +37,9 @@ public class SysNavigationStyleController {
 
 
     @PostMapping("/searchAllBySite")
+    @Decrypt
     @ApiOperation(value = "按站点搜索所有", response = SysNavigationStyle.class)
-    public R listByEntity(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestParam Integer siteId) {
+    public R listByEntity(@ApiParam(name = "siteId", value = "站点id", required = true) @RequestBody Integer siteId) {
         QueryWrapper<SysNavigationStyle> queryWrapper = new QueryWrapper<>();
         queryWrapper.eq("site_id", siteId);
         List<SysNavigationStyle> pageList = service.list(queryWrapper);

src/main/java/com/huoran/iasf/controller/UserController.java

@@ -1,10 +1,13 @@
 package com.huoran.iasf.controller;
 
+
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.aop.annotation.LogAnnotation;
 import com.huoran.iasf.common.aop.annotation.NoRepeatSubmit;
 import com.huoran.iasf.common.utils.R;
+import com.huoran.iasf.common.utils.fileUploadUtils;
 import com.huoran.iasf.entity.SysUser;
 import com.huoran.iasf.entity.UserDept;
 import com.huoran.iasf.mapper.UserDeptMapper;
@@ -56,6 +59,7 @@ public class UserController {
     private HttpSessionService httpSessionService;
 
     @PostMapping(value = "/user/login")
+    @Decrypt
     @ApiOperation(value = "用户登录接口")
     public R login(@RequestBody @Valid SysUser vo) {
         return R.success(userService.login(vo));
@@ -68,10 +72,11 @@ public class UserController {
         return R.success();
     }*/
 
-    @PutMapping("/user")
+    @PostMapping("/updateUser")
     @ApiOperation(value = "更新用户信息接口")
     @LogAnnotation(title = "用户管理", action = "更新用户信息")
-//    @RequiresPermissions("sys:user:update")
+    @Decrypt
+    @RequiresPermissions("sys:user:update")
     public R updateUserInfo(@RequestBody SysUser vo) {
         if (StringUtils.isEmpty(vo.getId())) {
             return R.fail("id不能为空");
@@ -80,18 +85,20 @@ public class UserController {
         return R.success();
     }
 
-    @GetMapping("/user/{id}")
+    @PostMapping("/queryUser")
     @ApiOperation(value = "查询用户详情接口")
+    @Decrypt
     @LogAnnotation(title = "用户管理", action = "查询用户详情")
-//    @RequiresPermissions("sys:user:detail")
+    @RequiresPermissions("sys:user:detail")
-    public R detailInfo(@PathVariable("id") String id) {
+    public R detailInfo(@RequestBody Integer id) {
         UserListResp userResp = userService.detailInfo(id);
         return R.success(userResp);
     }
 
     @PostMapping("/users")
     @ApiOperation(value = "分页获取用户列表接口")
-//    @RequiresPermissions("sys:user:list")
+    @RequiresPermissions("sys:user:list")
+    @Decrypt
     @LogAnnotation(title = "用户管理", action = "分页获取用户列表")
     public R pageInfo(@RequestBody UserListReq userListReq) {
         return userService.pageInfo(userListReq);
@@ -99,7 +106,8 @@ public class UserController {
 
     @PostMapping("/user")
     @ApiOperation(value = "新增用户接口")
-//    @RequiresPermissions("sys:user:add")
+    @RequiresPermissions("sys:user:add")
+    @Decrypt
     @LogAnnotation(title = "用户管理", action = "新增用户")
     public R addUser(@RequestBody @Valid SysUser vo) {
         userService.addUser(vo);
@@ -147,8 +155,14 @@ public class UserController {
     }
     @NoRepeatSubmit
     @ApiOperation(value = "密码重置", notes = "密码重置")
-    @GetMapping("/resetPwd")
+    @Decrypt
-    public R resetPwd(@RequestParam("userId") String userId) {
+    @PostMapping("/resetPwd")
+    @RequiresPermissions("sys:user:resetPwd")
+    public R resetPwd(@RequestBody String userId) {
+//        Integer currentUserId = httpSessionService.getCurrentUserId();
+//        if (!userId.equals(currentUserId.toString())){
+//            return R.fail("只能修改自己的密码");
+//        }
         return userService.resetPwd(userId);
     }
 
@@ -162,24 +176,32 @@ public class UserController {
         return R.success();
     }
     @NoRepeatSubmit
-    @PutMapping("/user/pwd")
+    @Decrypt
+    @PostMapping("/user/pwd")
     @ApiOperation(value = "修改密码接口")
     @LogAnnotation(title = "用户管理", action = "更新密码")
     public R updatePwd(@RequestBody SysUser vo) {
         if (StringUtils.isEmpty(vo.getOldPwd()) || StringUtils.isEmpty(vo.getNewPwd())) {
             return R.fail("旧密码与新密码不能为空");
         }
-        // Integer userId = httpSessionService.getCurrentUserId();
+         Integer userId = httpSessionService.getCurrentUserId();
-        // vo.setId(userId);
+         if (!userId.equals(vo.getId())){
+             return R.fail("只能修改自己的密码");
+         }
+        boolean password = userService.checkPassword(vo.getNewPwd());
+         if (!password){
+             return R.fail("密码长度不小于8位,至少包含数字、大小写字母和特殊字符");
+         }
         userService.updatePwd(vo);
         return R.success();
     }
     @NoRepeatSubmit
-    @DeleteMapping("/user")
+    @PostMapping("/deletedUser")
     @ApiOperation(value = "删除用户接口")
+    @Decrypt
     @LogAnnotation(title = "用户管理", action = "删除用户")
-//    @RequiresPermissions("sys:user:deleted")
+    @RequiresPermissions("sys:user:deleted")
-    public R deletedUser(@RequestBody @ApiParam(value = "用户id集合") List<Integer> userIds) {
+    public R deletedUser(@RequestBody @ApiParam(value = "用户id集合") List<String> userIds) {
         //删除用户， 删除redis的绑定的角色跟权限
         httpSessionService.abortUserByUserIds(userIds);
         LambdaQueryWrapper<SysUser> queryWrapper = Wrappers.lambdaQuery();
@@ -192,6 +214,7 @@ public class UserController {
 
     @PostMapping("/importStaff")
     @ApiOperation("批量导入员工")
+    @RequiresPermissions("sys:user:import")
     public R importStaff(@RequestParam(name = "file") MultipartFile file, HttpServletRequest request) throws IOException {
         Map<String, String> map = userService.importStaff(file);
         return R.success(map);
@@ -220,8 +243,11 @@ public class UserController {
 
     @ApiOperation(value = "修改用户头像")
     @PostMapping("/updateUserAvatars")
-    public R updateUserAvatars(@RequestParam String userId, MultipartFile file) {
+    public R updateUserAvatars(MultipartFile file) throws Exception {
-        return userService.updateUserAvatars(userId, file);
+        String[] allowedExtension = new String[]{"jpg", "png", "gif"};
+        fileUploadUtils.assertAllowed(file,allowedExtension);
+        Integer currentUserId = httpSessionService.getCurrentUserId();
+        return userService.updateUserAvatars(currentUserId.toString(), file);
     }
 
 }

src/main/java/com/huoran/iasf/controller/UserGroupController.java

@@ -5,6 +5,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
+import com.huoran.iasf.common.annotation.Decrypt;
 import com.huoran.iasf.common.aop.annotation.LogAnnotation;
 import com.huoran.iasf.common.aop.annotation.NoRepeatSubmit;
 import com.huoran.iasf.common.utils.R;
@@ -37,6 +38,7 @@ public class UserGroupController {
     @Autowired
     private UserGroupService userGroupService;
     @NoRepeatSubmit
+    @Decrypt
     @PostMapping("/add")
     @ApiOperation(value = "新增用户组")
     @LogAnnotation(title = "用户组管理", action = "新增用户组")
@@ -51,16 +53,18 @@ public class UserGroupController {
         return R.success();
     }
     @NoRepeatSubmit
-    @DeleteMapping("/delete/{id}")
+    @Decrypt
+    @PostMapping("/deleteUserGroup")
     @ApiOperation(value = "删除用户组")
     @LogAnnotation(title = "用户组管理", action = "删除用户组")
     @RequiresPermissions("sys:userGroup:deleted")
-    public R deleted(@PathVariable("id") Integer id) {
+    public R deleted(@RequestBody String id) {
         userGroupService.removeById(id);
         return R.success();
     }
 
-    @PutMapping("/update")
+    @PostMapping("/updateUserGroup")
+    @Decrypt
     @ApiOperation(value = "更新用户组信息")
     @LogAnnotation(title = "用户组管理", action = "更新用户组信息")
     @RequiresPermissions("sys:userGroup:update")
@@ -89,6 +93,7 @@ public class UserGroupController {
 
 
     @PostMapping("/list")
+    @Decrypt
     @ApiOperation(value = "用户组列表")
     @LogAnnotation(title = "用户组管理", action = "获取所有用户组机构")
     @RequiresPermissions("sys:userGroup:list")

src/main/java/com/huoran/iasf/entity/Seo.java

@@ -0,0 +1,44 @@
+package com.huoran.iasf.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import java.io.Serializable;
+import io.swagger.annotations.ApiModel;
+import io.swagger.annotations.ApiModelProperty;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * <p>
+ * 
+ * </p>
+ *
+ * @author cheney
+ * @since 2023-08-24
+ */
+@Data
+  @EqualsAndHashCode(callSuper = false)
+    @TableName("sys_seo")
+@ApiModel(value="Seo对象", description="")
+public class Seo implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+      @ApiModelProperty(value = "主键")
+        @TableId(value = "id", type = IdType.AUTO)
+      private Integer id;
+
+      @ApiModelProperty(value = "标题")
+      private String title;
+
+      @ApiModelProperty(value = "关键词")
+      private String keyword;
+
+      @ApiModelProperty(value = "描述")
+      private String description;
+
+      @ApiModelProperty(value = "站点")
+      private Integer siteId;
+
+}

src/main/java/com/huoran/iasf/mapper/SeoMapper.java

@@ -0,0 +1,16 @@
+package com.huoran.iasf.mapper;
+
+import com.huoran.iasf.entity.Seo;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+
+/**
+ * <p>
+ *  Mapper 接口
+ * </p>
+ *
+ * @author cheney
+ * @since 2023-08-24
+ */
+public interface SeoMapper extends BaseMapper<Seo> {
+
+}

src/main/java/com/huoran/iasf/mapper/SysUserMapper.java

@@ -19,5 +19,5 @@ public interface SysUserMapper extends BaseMapper<SysUser> {
 
     IPage<UserListResp> userList(Page<UserListResp> page,@Param("req") UserListReq userListReq);
 
-    UserListResp detailInfo(String id);
+    UserListResp detailInfo(Integer id);
 }

src/main/java/com/huoran/iasf/mapper/xml/SeoMapper.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.huoran.iasf.mapper.SeoMapper">
+
+</mapper>

src/main/java/com/huoran/iasf/mapper/xml/SysFilesMapper.xml

@@ -9,7 +9,6 @@
             f.url,
             f.file_name,
             f.format,
-            f.file_path,
             f.file_size,
             f.type,
             f.deleted,

src/main/java/com/huoran/iasf/service/HttpSessionService.java

@@ -171,9 +171,9 @@ public class HttpSessionService {
     /**
      * 使多个用户的token失效
      */
-    public void abortUserByUserIds(List<Integer> userIds) {
+    public void abortUserByUserIds(List<String> userIds) {
         if (CollectionUtils.isNotEmpty(userIds)) {
-            for (Integer id : userIds) {
+            for (String id : userIds) {
                 redisService.delKeys(userTokenPrefix + "*#" + id);
             }
 

src/main/java/com/huoran/iasf/service/RoleService.java

@@ -33,7 +33,7 @@ public interface RoleService extends IService<SysRole> {
      *
      * @param id id
      */
-    void deletedRole(List<Integer> ids);
+    void deletedRole(List<String> ids);
 
     /**
      * 根据userId获取绑定的角色

src/main/java/com/huoran/iasf/service/SeoService.java

@@ -0,0 +1,16 @@
+package com.huoran.iasf.service;
+
+import com.huoran.iasf.entity.Seo;
+import com.baomidou.mybatisplus.extension.service.IService;
+
+/**
+ * <p>
+ *  服务类
+ * </p>
+ *
+ * @author cheney
+ * @since 2023-08-24
+ */
+public interface SeoService extends IService<Seo> {
+
+}

src/main/java/com/huoran/iasf/service/UserService.java

@@ -53,7 +53,7 @@ public interface UserService extends IService<SysUser> {
      */
     void updatePwd(SysUser vo);
 
-    UserListResp detailInfo(String id);
+    UserListResp detailInfo(Integer id);
 
     R resetPwd(String userId);
 
@@ -66,4 +66,6 @@ public interface UserService extends IService<SysUser> {
     R updatePhoneOrEmail(UpdatePhoneOrEmailReq updatePhoneOrEmailReq);
 
     R updateUserAvatars(String userId, MultipartFile file);
+
+    boolean checkPassword(String password);
 }

src/main/java/com/huoran/iasf/service/impl/PermissionServiceImpl.java

@@ -238,7 +238,7 @@ public class PermissionServiceImpl extends ServiceImpl<SysPermissionMapper, SysP
      * 获取所有菜单权限按钮
      */
     @Override
-    @Cacheable(value = {"permission"},key = "#root.methodName")
+//    @Cacheable(value = {"permission"},key = "#root.methodName")
     public List<SysPermission> selectAllByTree() {
         List<SysPermission> permissionList = baseMapper.selectList(null);
         return build(permissionList);

src/main/java/com/huoran/iasf/service/impl/RoleServiceImpl.java

@@ -104,11 +104,11 @@ public class RoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impleme
 
     @Transactional(rollbackFor = Exception.class)
     @Override
-    public void deletedRole(List<Integer> ids) {
+    public void deletedRole(List<String> ids) {
 
-        for (Integer id : ids) {
+        for (String id : ids) {
             //获取关联userId
-            List<Integer> userIds = userRoleService.getUserIdsByRoleId(id);
+            List<Integer> userIds = userRoleService.getUserIdsByRoleId(Integer.valueOf(id));
             //删除角色
             sysRoleMapper.deleteById(id);
             //删除角色权限关联

src/main/java/com/huoran/iasf/service/impl/SeoServiceImpl.java

@@ -0,0 +1,20 @@
+package com.huoran.iasf.service.impl;
+
+import com.huoran.iasf.entity.Seo;
+import com.huoran.iasf.mapper.SeoMapper;
+import com.huoran.iasf.service.SeoService;
+import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import org.springframework.stereotype.Service;
+
+/**
+ * <p>
+ *  服务实现类
+ * </p>
+ *
+ * @author cheney
+ * @since 2023-08-24
+ */
+@Service
+public class SeoServiceImpl extends ServiceImpl<SeoMapper, Seo> implements SeoService {
+
+}

src/main/java/com/huoran/iasf/service/impl/UserServiceImpl.java

@@ -131,13 +131,45 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
         }
         List<SysPermission> menus = permissionService.permissionList(sysUser.getId());
 
+        boolean b = checkUserPassword(vo.getPassword());
         String token = httpSessionService.createTokenAndUser(sysUser, roleService.getRoleNames(sysUser.getId()), permissionService.getPermissionsByUserId(sysUser.getId()));
         respVO.setAccessToken(token);
         respVO.setPermissionList(menus);
         respVO.setUsername(sysUser.getRealName());
+        respVO.setStrong(b);
         return respVO;
     }
 
+
+    @Override
+    public boolean checkPassword(String password) {
+        return checkUserPassword(password);
+    }
+
+    public static boolean checkUserPassword(String password){
+        Map<String, String> map = new HashMap<String, String>();
+        for (int i = 0; i < password.length(); i++) {
+            int A = password.charAt(i);
+            if (A >= 48 && A <= 57) {// 数字
+                map.put("数字", "数字");
+            } else if (A >= 65 && A <= 90) {// 大写
+                map.put("大写", "大写");
+            } else if (A >= 97 && A <= 122) {// 小写
+                map.put("小写", "小写");
+            } else {
+                map.put("特殊", "特殊");
+            }
+        }
+        Set<String> sets = map.keySet();
+        int pwdSize = sets.size();// 密码字符种类数
+        int pwdLength = password.length();// 密码长度
+        if (pwdSize >= 4 && pwdLength >= 8) {
+            return true;// 强密码
+        } else {
+            return false;// 弱密码
+        }
+    }
+
     /**
      * 校验验证码
      *
@@ -231,7 +263,7 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
     }
 
     @Override
-    public UserListResp detailInfo(String id) {
+    public UserListResp detailInfo(Integer id) {
         return baseMapper.detailInfo(id);
     }
 
@@ -239,7 +271,7 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
     public R resetPwd(String userId) {
         SysUser sysUser = baseMapper.selectById(userId);
         sysUser.setSalt(PasswordUtils.getSalt());
-        String encode = PasswordUtils.encode("111aaa", sysUser.getSalt());
+        String encode = PasswordUtils.encode("Iasf#2024", sysUser.getSalt());
         sysUser.setPassword(encode);
         int update = baseMapper.updateById(sysUser);
         return update>0 ? R.success("重置成功") : R.fail("重置失败");
@@ -261,7 +293,7 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
     public void addUser(SysUser vo) {
 
         vo.setSalt(PasswordUtils.getSalt());
-        String encode = PasswordUtils.encode("111aaa", vo.getSalt());
+        String encode = PasswordUtils.encode("Iasf#2024", vo.getSalt());
         vo.setPassword(encode);
         vo.setStatus(1);
         vo.setCreateWhere(1);
@@ -605,7 +637,7 @@ public class UserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impleme
                     if (0==usernameId){
                         SysUser vo = new SysUser();
                         vo.setSalt(PasswordUtils.getSalt());
-                        String encode = PasswordUtils.encode("111aaa", vo.getSalt());
+                        String encode = PasswordUtils.encode("Iasf#2024", vo.getSalt());
                         vo.setRealName(realName);
                         vo.setPhone(getPhone);
                         vo.setJobNumber(jobNumber);

src/main/java/com/huoran/iasf/vo/req/AllTheQuery.java

@@ -0,0 +1,13 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+import org.springframework.web.bind.annotation.RequestParam;
+@Data
+public class AllTheQuery {
+
+    @ApiParam(name = "siteId", value = "站点id", required = true)
+    Integer siteId;
+    @ApiParam(name = "templateId", value = "模板id", required = true)
+    Integer templateId;
+}

src/main/java/com/huoran/iasf/vo/req/ArticleEnableOrDisable.java

@@ -0,0 +1,12 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+
+@Data
+public class ArticleEnableOrDisable {
+    @ApiParam(name = "id", value = "文章id", required = true)
+    String id;
+    @ApiParam(name = "isDisable", value = "是否禁用(0默认，0启用 1禁用)", required = true)
+    String isDisable;
+}

src/main/java/com/huoran/iasf/vo/req/ArticleTopOperation.java

@@ -0,0 +1,12 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+
+@Data
+public class ArticleTopOperation {
+    @ApiParam(name = "isTop", value = "是否置顶(默认为0 不置顶 1为置顶)", required = true)
+    Integer isTop;
+    @ApiParam(name = "articleId", value = "文章Id", required = true)
+    Integer articleId;
+}

src/main/java/com/huoran/iasf/vo/req/CheckForHeavy.java

@@ -0,0 +1,15 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+import org.springframework.web.bind.annotation.RequestParam;
+@Data
+public class CheckForHeavy {
+
+    @ApiParam(name = "siteId", value = "站点id", required = true)
+    Integer siteId;
+    @ApiParam(name = "classificationName", value = "分类名称", required = true)
+    String classificationName;
+    @ApiParam(name = "classificationId", value = "分类id(新增不传，编辑传)", required = false)
+    Integer classificationId;
+}

src/main/java/com/huoran/iasf/vo/req/LabelCheckForHeavy.java

@@ -0,0 +1,16 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Data
+public class LabelCheckForHeavy {
+
+    @ApiParam(name = "siteId", value = "站点id", required = true)
+    Integer siteId;
+    @ApiParam(name = "labelName", value = "标签名称", required = true)
+    String labelName;
+    @ApiParam(name = "labelId", value = "标签id(新增不传，编辑传)", required = false)
+    Integer labelId;
+}

src/main/java/com/huoran/iasf/vo/req/OneLevelChecksThemAll.java

@@ -0,0 +1,18 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Data
+public class OneLevelChecksThemAll {
+
+    @ApiParam(name = "id", value = "栏目id", required = true)
+    Integer id;
+
+    @ApiParam(name = "isSort", value = "判断是否为排序接口调用(1为排序接口调用 0我栏目管理列表调用)", required = true)
+    Integer isSort;
+
+    @ApiParam(name = "ids", value = "主键", required = true)
+    Integer siteId;
+}

src/main/java/com/huoran/iasf/vo/req/SubLevelColumnsUnderALevel.java

@@ -0,0 +1,13 @@
+package com.huoran.iasf.vo.req;
+
+import io.swagger.annotations.ApiParam;
+import lombok.Data;
+
+@Data
+public class SubLevelColumnsUnderALevel {
+
+    @ApiParam(name = "id", value = "id", required = true)
+    Integer id;
+    @ApiParam(name = "siteId", value = "站点id", required = true)
+    Integer siteId;
+}

src/main/java/com/huoran/iasf/vo/resp/LoginRespVO.java

@@ -23,6 +23,7 @@ public class LoginRespVO {
     private Integer id;
     @ApiModelProperty(value = "电话")
     private String phone;
+    private boolean isStrong;
     @ApiModelProperty(value = "用户头像路径")
     private String userAvatars;
     @ApiModelProperty(value = "用户所拥有的菜单权限")

src/main/resources/application-dev.yml

@@ -6,8 +6,8 @@ spring:
       datasource:
         master:
           username: root
-#          password: 123456
+          password: 123456
-          password: iasf#2022
+#          password: iasf#2022
 #          password: HuoRan@2021
           driver-class-name: com.mysql.cj.jdbc.Driver
 #          url: jdbc:mysql://127.0.0.1:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
@@ -37,7 +37,10 @@ file:
   path: C:/files/
   #文件预览url
   url: /iasf/sysFiles/preview/
-  ip: http://10.10.11.7
+#  ip: http://10.10.11.7
+  ip: https://new.iasf.ac.cn
+#knife4j:
+#  production: true #生成环境禁用查看文档
 
   #本地开启
 #  url: :10000/iasf/sysFiles/preview/

src/main/resources/application-prod.yml

@@ -8,12 +8,12 @@ spring:
           username: root
           password: HuoRan@2021
           driver-class-name: com.mysql.cj.jdbc.Driver
-          url: jdbc:mysql://139.9.47.170:3306/iasf?serverTimezone=GMT%2B8
+          url: jdbc:mysql://139.9.47.170:3306/tmp_iasf?serverTimezone=GMT%2B8
   cache:
     type: redis
   redis:
     host: 127.0.0.1 # Redis服务器地址
-    database: 0 # Redis数据库索引（默认为0）
+    database: 1 # Redis数据库索引（默认为0）
     port: 6379 # Redis服务器连接端口
     password: HuoRan@2021 # Redis服务器连接密码（默认为空）
     jedis:
@@ -30,10 +30,10 @@ singleServerConfig:
 
 file:
   #文件上传目录 绝对路径 末尾请加 / linux
-  path: /usr/local/huoran/huorantech_website/files/
+  path: /usr/local/huoran/tmp_website/files/
   #文件预览url
   url: /iasf/sysFiles/preview/
-  ip: https://huorantech.com
+  ip: http://139.159.254.212
 
 knife4j:
   production: true #生成环境禁用查看文档

src/main/resources/application.yml

@@ -4,6 +4,13 @@ server:
   servlet:
     context-path: /iasf
 
+rsa:
+  encrypt:
+    timestampCheck: false #是否开启超过指定时间的数据认定为伪造
+    open: true # 是否开启加密 true  or  false
+    showLog: true # 是否打印加解密log true  or  false
+    publicKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08Nz0zscnWtddmaNylIPt9v5ZO6U6pYyGochRrbpI+ocwoyV4E1uUu3J9/mmR8pyMBcYzE5KkBytlaiLnd6dMqo4R60aihN/TqfuI/03LzgAS/egT/Q4VB9yZSyZCmJhrgTtSX5kxotAbewp0gqsWpi+6BUYDuiwJ0WNlhDVV4FOQIppmvHh0RqYDhjiPNAuy7fEtytT+IY4rxm6LggvmNtIq5k2oLbDxEeI1GOyFHT6sLGMkmBLmHu7JYcrlyUGyGWsxh8hVame1zQsScivrZu757BTGhN4xObTivIdAbR7uFeeX4lp0X1JNtIe9TwB/aZzKJjZMPXeV7BJ01g3MQIDAQAB
+    privateKey: MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTw3PTOxyda112Zo3KUg+32/lk7pTqljIahyFGtukj6hzCjJXgTW5S7cn3+aZHynIwFxjMTkqQHK2VqIud3p0yqjhHrRqKE39Op+4j/TcvOABL96BP9DhUH3JlLJkKYmGuBO1JfmTGi0Bt7CnSCqxamL7oFRgO6LAnRY2WENVXgU5Aimma8eHRGpgOGOI80C7Lt8S3K1P4hjivGbouCC+Y20irmTagtsPER4jUY7IUdPqwsYySYEuYe7slhyuXJQbIZazGHyFVqZ7XNCxJyK+tm7vnsFMaE3jE5tOK8h0BtHu4V55fiWnRfUk20h71PAH9pnMomNkw9d5XsEnTWDcxAgMBAAECggEAUm5n3NbKycBsblV3ZkVRVwmq6A4zK6nxsP/fBS7YTCGqtlSRVvHtOxzTHNMyVgnJL00eWxEy1yxCqdolFvv8ByfZppUMmqkCSnT2L043OAs9mlS3M8hmUOC44AdfP3qSeXHziENKKTs1hlSC5v8+njmNPrxPVCZhw7fAaKT+1wOKE353QTNxacNua+dDx8zVO0xEznW+FKnYZ+ft2rHkiu1NkPRrWCpGHXZLXINT2FoQ7ECHkQUjD5IoRg2lvXNvjQPhs9BwnNsl3ODe/8PWbB0Lgtg9dLEmivyaNpTx/2Nl0QmFflIfp0rZs4SMnsJK56hQ8d5uhYbcpnn/gSbcAQKBgQD1gN/5oBxJAw2MVv3N8VcC/CWPHI4Er9vEVgrQSrO9QYBHSRX9/aoHmI4iK5opjHq6LYEt9JoGSdMPbRL2o16pkyZchuB/7Q5no9AD7iDSvvvt7qNqo2qkWpPA9pjodoWQaLAmC6M39ypNo3aSvrkuN11tOmU5bnaa94bofjoFcQKBgQDc0UgWiD0uTXSYCi1/GHCUuWi5X/HtsMS8Mz5SIln7x+X2rM0OECSQqYR4AGUZv81xh5mJetYDwJUvQXYGdaon8DP08VKD7uVEELF6SVf7woGVUSYxZdMss21cqksM3MXhyJ8QxO+eJSjGqwHf5AkB0KtMfnMKZqJIfXJsoVltwQKBgQDM3skJpSU1gIizznxqebWk1gn5zVhubNq2kx7fBxfLHXgRBNqHZEGZqSMjPMOfXI2mBAdC9FX8XWr1+o3SqC580EE5AY0i9A4LStZyESvu8lWGDpjsioaZtMSMSLz9cLqw8cvdU+TW9TmmJHz0pJggCy+50Ptb2+S6GUnJhlyg4QKBgDgiK4Uu1P60SfNsguxQNi5Yg7q8HTAjQ5/kFu+iM+XBh0AR5X6xs9niff5Te1/0VjGKGwnL5CPIDSSaK3qw5rSIZ2zY+/T2AeovpC5F/svNQkvG+UKNdAVlB2QLFlEKvnMLIQSOS6uUHq2CQ1O7EF8ZwLINYwk91fs/iJr82VMBAoGAEq3LN/LmOlB1OL6MaTTCEkvQq/wROt8poeLebycFcmZrsovR3MQKYuoY7IEjRw+ZvOauCJNM7mCpmeUVWAc3TPgWeQMzGALdb1X5u9xK8eq9WTutlSS/OSNGIYRJuSpO9efDdfoMHuR2Mleibs1yvxD4A2CXC10bSHE5huM07rY=
 spring:
   profiles:
     active: dev
@@ -16,6 +23,13 @@ spring:
   jackson:
     date-format: yyyy-MM-dd HH:mm:ss
     time-zone: GMT+8
+    # 解决API 成批分配问题
+    serialization:
+      # 某些类对象无法序列化的时候，是否报错
+      fail_on_empty_beans: true
+    deserialization:
+        # json对象中有不存在的属性时候，是否报错
+      fail_on_unknown_properties: true
   # 文件大小限制
   servlet:
     multipart:

src/test/java/com/company/project/CodeGenerator.java

@@ -41,10 +41,10 @@ public class CodeGenerator {
 
         // 3、数据源配置
         DataSourceConfig dsc = new DataSourceConfig();
-        dsc.setUrl("jdbc:mysql://192.168.31.136:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8");
+        dsc.setUrl("jdbc:mysql://139.9.47.170:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8");
         dsc.setDriverName("com.mysql.cj.jdbc.Driver");
         dsc.setUsername("root");
-        dsc.setPassword("123456");
+        dsc.setPassword("HuoRan@2021");
         dsc.setDbType(DbType.MYSQL);
         mpg.setDataSource(dsc);
 
@@ -61,9 +61,9 @@ public class CodeGenerator {
 
         // 5、策略配置
         StrategyConfig strategy = new StrategyConfig();
-        strategy.setInclude("sys_template_style_configuration");
+        strategy.setInclude("sys_seo");
         strategy.setNaming(NamingStrategy.underline_to_camel);//数据库表映射到实体的命名策略
-//        strategy.setTablePrefix("sys_"); //生成实体时去掉表前缀
+        strategy.setTablePrefix("sys_"); //生成实体时去掉表前缀
 
         strategy.setColumnNaming(NamingStrategy.underline_to_camel);//数据库表字段映射到实体的命名策略
         strategy.setEntityLombokModel(true); // lombok 模型 @Accessors(chain = true) setter链式操作

target/classes/META-INF/spring-configuration-metadata.json

@@ -0,0 +1,67 @@
+{
+  "groups": [
+    {
+      "name": "file",
+      "type": "com.huoran.iasf.common.config.FileUploadProperties",
+      "sourceType": "com.huoran.iasf.common.config.FileUploadProperties"
+    },
+    {
+      "name": "rsa.encrypt",
+      "type": "com.huoran.iasf.common.config.SecretKeyConfig",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig"
+    }
+  ],
+  "properties": [
+    {
+      "name": "file.ip",
+      "type": "java.lang.String",
+      "sourceType": "com.huoran.iasf.common.config.FileUploadProperties"
+    },
+    {
+      "name": "file.path",
+      "type": "java.lang.String",
+      "sourceType": "com.huoran.iasf.common.config.FileUploadProperties"
+    },
+    {
+      "name": "file.url",
+      "type": "java.lang.String",
+      "sourceType": "com.huoran.iasf.common.config.FileUploadProperties"
+    },
+    {
+      "name": "rsa.encrypt.charset",
+      "type": "java.lang.String",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig",
+      "defaultValue": "UTF-8"
+    },
+    {
+      "name": "rsa.encrypt.open",
+      "type": "java.lang.Boolean",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig",
+      "defaultValue": true
+    },
+    {
+      "name": "rsa.encrypt.private-key",
+      "type": "java.lang.String",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig"
+    },
+    {
+      "name": "rsa.encrypt.public-key",
+      "type": "java.lang.String",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig"
+    },
+    {
+      "name": "rsa.encrypt.show-log",
+      "type": "java.lang.Boolean",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig",
+      "defaultValue": false
+    },
+    {
+      "name": "rsa.encrypt.timestamp-check",
+      "type": "java.lang.Boolean",
+      "description": "请求数据时间戳校验时间差 超过指定时间的数据认定为伪造",
+      "sourceType": "com.huoran.iasf.common.config.SecretKeyConfig",
+      "defaultValue": false
+    }
+  ],
+  "hints": []
+}

target/classes/application-dev.yml

@@ -0,0 +1,46 @@
+# 开发环境配置
+spring:
+  datasource:
+    dynamic:
+      primary: master #设置默认的数据源或者数据源组,默认值即为master
+      datasource:
+        master:
+          username: root
+          password: 123456
+#          password: iasf#2022
+#          password: HuoRan@2021
+          driver-class-name: com.mysql.cj.jdbc.Driver
+#          url: jdbc:mysql://127.0.0.1:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
+          url: jdbc:mysql://192.168.31.136:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
+#          url: jdbc:mysql://139.9.47.170:3306/iasf?serverTimezone=GMT%2B8
+  cache:
+    type: redis
+  redis:
+    host: 127.0.0.1 # Redis服务器地址
+    database: 0 # Redis数据库索引（默认为0）
+    port: 6379 # Redis服务器连接端口
+    password: # Redis服务器连接密码（默认为空）
+    jedis:
+      pool:
+        max-active: 8 # 连接池最大连接数（使用负值表示没有限制）
+        max-wait: -1ms # 连接池最大阻塞等待时间（使用负值表示没有限制）
+        max-idle: 8 # 连接池中的最大空闲连接
+        min-idle: 0 # 连接池中的最小空闲连接
+    timeout: 3000ms # 连接超时时间（毫秒）
+
+singleServerConfig:
+  address: "redis://127.0.0.1:6379"
+  password:
+
+file:
+  #文件上传目录 绝对路径 末尾请加 / windows
+  path: C:/files/
+  #文件预览url
+  url: /iasf/sysFiles/preview/
+#  ip: http://10.10.11.7
+  ip: https://new.iasf.ac.cn
+#knife4j:
+#  production: true #生成环境禁用查看文档
+
+  #本地开启
+#  url: :10000/iasf/sysFiles/preview/

target/classes/application-prod.yml

@@ -0,0 +1,39 @@
+# 生产环境配置
+spring:
+  datasource:
+    dynamic:
+      primary: master #设置默认的数据源或者数据源组,默认值即为master
+      datasource:
+        master:
+          username: root
+          password: HuoRan@2021
+          driver-class-name: com.mysql.cj.jdbc.Driver
+          url: jdbc:mysql://139.9.47.170:3306/tmp_iasf?serverTimezone=GMT%2B8
+  cache:
+    type: redis
+  redis:
+    host: 127.0.0.1 # Redis服务器地址
+    database: 1 # Redis数据库索引（默认为0）
+    port: 6379 # Redis服务器连接端口
+    password: HuoRan@2021 # Redis服务器连接密码（默认为空）
+    jedis:
+      pool:
+        max-active: 8 # 连接池最大连接数（使用负值表示没有限制）
+        max-wait: -1ms # 连接池最大阻塞等待时间（使用负值表示没有限制）
+        max-idle: 8 # 连接池中的最大空闲连接
+        min-idle: 0 # 连接池中的最小空闲连接
+    timeout: 3000ms # 连接超时时间（毫秒）
+
+singleServerConfig:
+  address: "redis://127.0.0.1:6379"
+  password: HuoRan@2021
+
+file:
+  #文件上传目录 绝对路径 末尾请加 / linux
+  path: /usr/local/huoran/tmp_website/files/
+  #文件预览url
+  url: /iasf/sysFiles/preview/
+  ip: http://139.159.254.212
+
+knife4j:
+  production: true #生成环境禁用查看文档

target/classes/application-test.yml

@@ -0,0 +1,30 @@
+# 开发环境配置
+spring:
+  datasource:
+    dynamic:
+      primary: master #设置默认的数据源或者数据源组,默认值即为master
+      datasource:
+        master:
+          username: root
+          password: HuoRan@2021
+          driver-class-name: com.mysql.cj.jdbc.Driver
+          url: jdbc:mysql://139.9.47.170:3306/iasf?useUnicode=true&useSSL=false&characterEncoding=utf8&serverTimezone=GMT%2b8
+  redis:
+    host: localhost # Redis服务器地址
+    database: 0 # Redis数据库索引（默认为0）
+    port: 6379 # Redis服务器连接端口
+    password: # Redis服务器连接密码（默认为空）
+    jedis:
+      pool:
+        max-active: 8 # 连接池最大连接数（使用负值表示没有限制）
+        max-wait: -1ms # 连接池最大阻塞等待时间（使用负值表示没有限制）
+        max-idle: 8 # 连接池中的最大空闲连接
+        min-idle: 0 # 连接池中的最小空闲连接
+    timeout: 3000ms # 连接超时时间（毫秒
+
+file:
+  #文件上传目录 绝对路径 末尾请加 /
+  path: D:/files/ #windows
+  #path: /data/files/ #linux
+  #文件预览、下载的url, 末尾请勿加 /
+  url: :10000/iasf/sysFiles/preview/

target/classes/application.yml

@@ -0,0 +1,59 @@
+# 端口
+server:
+  port: 10000
+  servlet:
+    context-path: /iasf
+
+rsa:
+  encrypt:
+    timestampCheck: false #是否开启超过指定时间的数据认定为伪造
+    open: true # 是否开启加密 true  or  false
+    showLog: true # 是否打印加解密log true  or  false
+    publicKey: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08Nz0zscnWtddmaNylIPt9v5ZO6U6pYyGochRrbpI+ocwoyV4E1uUu3J9/mmR8pyMBcYzE5KkBytlaiLnd6dMqo4R60aihN/TqfuI/03LzgAS/egT/Q4VB9yZSyZCmJhrgTtSX5kxotAbewp0gqsWpi+6BUYDuiwJ0WNlhDVV4FOQIppmvHh0RqYDhjiPNAuy7fEtytT+IY4rxm6LggvmNtIq5k2oLbDxEeI1GOyFHT6sLGMkmBLmHu7JYcrlyUGyGWsxh8hVame1zQsScivrZu757BTGhN4xObTivIdAbR7uFeeX4lp0X1JNtIe9TwB/aZzKJjZMPXeV7BJ01g3MQIDAQAB
+    privateKey: MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTw3PTOxyda112Zo3KUg+32/lk7pTqljIahyFGtukj6hzCjJXgTW5S7cn3+aZHynIwFxjMTkqQHK2VqIud3p0yqjhHrRqKE39Op+4j/TcvOABL96BP9DhUH3JlLJkKYmGuBO1JfmTGi0Bt7CnSCqxamL7oFRgO6LAnRY2WENVXgU5Aimma8eHRGpgOGOI80C7Lt8S3K1P4hjivGbouCC+Y20irmTagtsPER4jUY7IUdPqwsYySYEuYe7slhyuXJQbIZazGHyFVqZ7XNCxJyK+tm7vnsFMaE3jE5tOK8h0BtHu4V55fiWnRfUk20h71PAH9pnMomNkw9d5XsEnTWDcxAgMBAAECggEAUm5n3NbKycBsblV3ZkVRVwmq6A4zK6nxsP/fBS7YTCGqtlSRVvHtOxzTHNMyVgnJL00eWxEy1yxCqdolFvv8ByfZppUMmqkCSnT2L043OAs9mlS3M8hmUOC44AdfP3qSeXHziENKKTs1hlSC5v8+njmNPrxPVCZhw7fAaKT+1wOKE353QTNxacNua+dDx8zVO0xEznW+FKnYZ+ft2rHkiu1NkPRrWCpGHXZLXINT2FoQ7ECHkQUjD5IoRg2lvXNvjQPhs9BwnNsl3ODe/8PWbB0Lgtg9dLEmivyaNpTx/2Nl0QmFflIfp0rZs4SMnsJK56hQ8d5uhYbcpnn/gSbcAQKBgQD1gN/5oBxJAw2MVv3N8VcC/CWPHI4Er9vEVgrQSrO9QYBHSRX9/aoHmI4iK5opjHq6LYEt9JoGSdMPbRL2o16pkyZchuB/7Q5no9AD7iDSvvvt7qNqo2qkWpPA9pjodoWQaLAmC6M39ypNo3aSvrkuN11tOmU5bnaa94bofjoFcQKBgQDc0UgWiD0uTXSYCi1/GHCUuWi5X/HtsMS8Mz5SIln7x+X2rM0OECSQqYR4AGUZv81xh5mJetYDwJUvQXYGdaon8DP08VKD7uVEELF6SVf7woGVUSYxZdMss21cqksM3MXhyJ8QxO+eJSjGqwHf5AkB0KtMfnMKZqJIfXJsoVltwQKBgQDM3skJpSU1gIizznxqebWk1gn5zVhubNq2kx7fBxfLHXgRBNqHZEGZqSMjPMOfXI2mBAdC9FX8XWr1+o3SqC580EE5AY0i9A4LStZyESvu8lWGDpjsioaZtMSMSLz9cLqw8cvdU+TW9TmmJHz0pJggCy+50Ptb2+S6GUnJhlyg4QKBgDgiK4Uu1P60SfNsguxQNi5Yg7q8HTAjQ5/kFu+iM+XBh0AR5X6xs9niff5Te1/0VjGKGwnL5CPIDSSaK3qw5rSIZ2zY+/T2AeovpC5F/svNQkvG+UKNdAVlB2QLFlEKvnMLIQSOS6uUHq2CQ1O7EF8ZwLINYwk91fs/iJr82VMBAoGAEq3LN/LmOlB1OL6MaTTCEkvQq/wROt8poeLebycFcmZrsovR3MQKYuoY7IEjRw+ZvOauCJNM7mCpmeUVWAc3TPgWeQMzGALdb1X5u9xK8eq9WTutlSS/OSNGIYRJuSpO9efDdfoMHuR2Mleibs1yvxD4A2CXC10bSHE5huM07rY=
+spring:
+  profiles:
+    active: dev
+  mvc:
+    throw-exception-if-no-handler-found: true
+  resources:
+    add-mappings: false
+  application:
+    name: iasf
+  jackson:
+    date-format: yyyy-MM-dd HH:mm:ss
+    time-zone: GMT+8
+    # 解决API 成批分配问题
+    serialization:
+      # 某些类对象无法序列化的时候，是否报错
+      fail_on_empty_beans: true
+    deserialization:
+        # json对象中有不存在的属性时候，是否报错
+      fail_on_unknown_properties: true
+  # 文件大小限制
+  servlet:
+    multipart:
+      max-file-size: 100MB
+      max-request-size: 100MB
+  # redis token信息
+  redis:
+    key:
+      prefix:
+        userToken: "user:token:"
+        passwordError: "user:password:error:"
+        permissionRefresh: "user:token:permissionRefresh:"
+      expire:
+        userToken: 86400 # 1天 7*24*3600
+        passwordError: 360000 # 一个小时
+        permissionRefresh: 86400 # 1天 7*24*3600
+    allowMultipleLogin: true # 允许多处登陆
+
+mybatis-plus:
+  configuration:
+    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
+  mapper-locations: classpath*:com/huoran/iasf/mapper/xml/*.xml
+  global-config:
+    db-config:
+      logic-delete-value: 0
+      logic-not-delete-value: 1
+      logic-delete-field: deleted