lsd/ks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复漏洞问题

Browse Source
This commit is contained in:
sh
2026-05-02 20:41:29 +08:00
parent 0b3a3b4da6
commit 35feb9a147
7 changed files with 235 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
ruoyi-admin/src/main/java/com/ruoyi/web/controller/system/SysLoginController.java
View File

@@ -2,16 +2,23 @@ package com.ruoyi.web.controller.system;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import com.ruoyi.cms.util.StringUtil;
import com.ruoyi.common.core.domain.entity.AppUser;
import com.ruoyi.common.core.domain.entity.tymh.wwToken.WwTokenResult;
import com.ruoyi.common.core.domain.entity.tymh.wwToken.WwUserLogin;
import com.ruoyi.common.core.domain.model.RegisterBody;
import com.ruoyi.common.core.redis.RedisCache;
import com.ruoyi.common.utils.SiteSecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.IpUtils;
import com.ruoyi.framework.web.service.OauthLoginHlwService;
import com.ruoyi.framework.web.service.OauthLoginService;
import io.swagger.annotations.ApiOperation;
import org.apache.commons.collections4.CollectionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.AjaxResult;
@@ -22,8 +29,11 @@ import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.framework.web.service.SysLoginService;
import com.ruoyi.framework.web.service.SysPermissionService;
import com.ruoyi.system.service.ISysMenuService;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
/**
@@ -46,6 +56,8 @@ public class SysLoginController
private OauthLoginService oauthLoginService;
@Autowired
private OauthLoginHlwService oauthLoginHlwService;
@Autowired
private RedisCache redisCache;
/**
* 登录方法
@@ -229,12 +241,43 @@ public class SysLoginController
*/
@ApiOperation("保存注册信息")
@PostMapping("/registerUser")
public AjaxResult registerUser(@RequestBody RegisterBody registerBody)
public AjaxResult registerUser(@RequestBody RegisterBody registerBody,HttpServletRequest request)
{
//限流
if (!checkLimit(request)) {
return AjaxResult.error("请求过于频繁,请稍后再试");
}
String token=loginService.registerAppUser(registerBody);
return AjaxResult.success().put("token",token);
}
/**
* 限流
* @return
*/
public boolean checkLimit(HttpServletRequest request) {
String ip = IpUtils.getIpAddr(request);;
Long userId = SiteSecurityUtils.getUserId();
//用户限流
String userKey = "limit:registerUser:uid:" + userId;
Long userCnt = redisCache.increment(userKey);
if (userCnt == null || userCnt > 1) {
return false;
}
redisCache.expire(userKey, 60, TimeUnit.SECONDS);
// IP 限流
String ipKey = "limit:registerUser:ip:" + ip;
Long ipCnt = redisCache.increment(ipKey);
if (ipCnt == null || ipCnt > 3) {
return false;
}
redisCache.expire(ipKey, 60, TimeUnit.SECONDS);
return true;
}
/**
* 获取统一门户token
*/
@@ -285,4 +328,26 @@ public class SysLoginController
}
}
/**
* 退出
* @return
*/
@PostMapping("/logout")
public AjaxResult logout() {
try {
SecurityContextHolder.clearContext();
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
if (attributes != null) {
HttpSession session = attributes.getRequest().getSession(false);
if (session != null) {
session.invalidate(); // 服务器端直接销毁
}
}
return AjaxResult.success("退出成功,登录已失效");
} catch (Exception e) {
return AjaxResult.error("退出失败");
}
}
}