Merge branch 'master' of https://gitee.com/y_project/RuoYi-Vue into dev

Conflicts: pom.xml ruoyi-admin/src/main/resources/application.yml ruoyi-admin/src/main/resources/i18n/messages.properties ruoyi-common/src/main/java/com/ruoyi/common/constant/Constants.java ruoyi-common/src/main/java/com/ruoyi/common/constant/UserConstants.java ruoyi-common/src/main/java/com/ruoyi/common/core/domain/entity/SysUser.java ruoyi-common/src/main/java/com/ruoyi/common/filter/XssFilter.java ruoyi-common/src/main/java/com/ruoyi/common/utils/StringUtils.java ruoyi-framework/src/main/java/com/ruoyi/framework/config/FilterConfig.java ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java ruoyi-framework/src/main/java/com/ruoyi/framework/manager/factory/AsyncFactory.java ruoyi-framework/src/main/java/com/ruoyi/framework/web/service/TokenService.java ruoyi-generator/src/main/java/com/ruoyi/generator/util/VelocityUtils.java ruoyi-generator/src/main/resources/vm/java/controller.java.vm ruoyi-generator/src/main/resources/vm/java/mapper.java.vm ruoyi-generator/src/main/resources/vm/java/service.java.vm ruoyi-generator/src/main/resources/vm/java/serviceImpl.java.vm ruoyi-generator/src/main/resources/vm/xml/mapper.xml.vm ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysDeptServiceImpl.java ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserServiceImpl.java ruoyi-ui/src/api/login.js ruoyi-ui/src/router/index.js ruoyi-ui/src/utils/zipdownload.js ruoyi-ui/src/views/index.vue ruoyi-ui/src/views/login.vue ruoyi-ui/src/views/system/user/index.vue
2025-09-24 07:19:46 +08:00 · 2021-08-02 11:21:09 +08:00
parent 210b5af1c7 68ae4df2dc
commit cfdeada3fd
28 changed files with 1134 additions and 70 deletions
--- a/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
+++ b/ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/SysJobController.java
@ -71,18 +71,22 @@ public class SysJobController extends BaseController
    @PreAuthorize("@ss.hasPermi('monitor:job:add')")
    @Log(title = "定时任务", businessType = BusinessType.INSERT)
    @PostMapping
-    public AjaxResult add(@RequestBody SysJob sysJob) throws SchedulerException, TaskException
+    public AjaxResult add(@RequestBody SysJob job) throws SchedulerException, TaskException
    {
-        if (!CronUtils.isValid(sysJob.getCronExpression()))
+        if (!CronUtils.isValid(job.getCronExpression()))
        {
-            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败，Cron表达式不正确");
+            return error("新增任务'" + job.getJobName() + "'失败，Cron表达式不正确");
        }
-        else if (StrUtil.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
+        else if (StrUtil.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
        {
-            return AjaxResult.error("新增任务'" + sysJob.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
        }
-        sysJob.setCreateBy(SecurityUtils.getUsername());
-        return toAjax(jobService.insertJob(sysJob));
+        else if (StrUtil.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
+        {
+            return error("新增任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
+        }
+        job.setCreateBy(SecurityUtils.getUsername());
+        return toAjax(jobService.insertJob(job));
    }

    /**
@ -91,18 +95,22 @@ public class SysJobController extends BaseController
    @PreAuthorize("@ss.hasPermi('monitor:job:edit')")
    @Log(title = "定时任务", businessType = BusinessType.UPDATE)
    @PutMapping
-    public AjaxResult edit(@RequestBody SysJob sysJob) throws SchedulerException, TaskException
+    public AjaxResult edit(@RequestBody SysJob job) throws SchedulerException, TaskException
    {
-        if (!CronUtils.isValid(sysJob.getCronExpression()))
+        if (!CronUtils.isValid(job.getCronExpression()))
        {
-            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败，Cron表达式不正确");
+            return error("修改任务'" + job.getJobName() + "'失败，Cron表达式不正确");
        }
-        else if (StrUtil.containsIgnoreCase(sysJob.getInvokeTarget(), Constants.LOOKUP_RMI))
+        else if (StringUtils.containsIgnoreCase(job.getInvokeTarget(), Constants.LOOKUP_RMI))
        {
-            return AjaxResult.error("修改任务'" + sysJob.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'rmi://'调用");
        }
-        sysJob.setUpdateBy(SecurityUtils.getUsername());
-        return toAjax(jobService.updateJob(sysJob));
+        else if (StrUtil.containsAnyIgnoreCase(job.getInvokeTarget(), new String[] { Constants.HTTP, Constants.HTTPS }))
+        {
+            return error("修改任务'" + job.getJobName() + "'失败，目标字符串不允许'http(s)//'调用");
+        }
+        job.setUpdateBy(SecurityUtils.getUsername());
+        return toAjax(jobService.updateJob(job));
    }

    /**