修复漏洞问题

2026-05-02 20:41:29 +08:00
parent 0b3a3b4da6
commit 35feb9a147
7 changed files with 235 additions and 10 deletions
--- a/ruoyi-common/src/main/java/com/ruoyi/common/constant/EncryptConstants.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/constant/EncryptConstants.java
@@ -52,6 +52,19 @@ public class EncryptConstants {
        "/cms/appUser/getUserInfo",
        "/cms/job/getAppUserYhsc",
        "/app/idCardLogin",
-        "/app/phoneLogin"
+        "/app/phoneLogin",
+        "/getInfo",
+        "/registerUser"
+    );
+
+    /**
+     * 不需要加密的返回URL路径模式
+     */
+    public static final List<String> NOT_URL_PATTERNS = Arrays.asList(
+        "/app/user/list",
+        "/app/appskill/list",
+        "/app/userworkexperiences/list",
+        "/app/company/list",
+        "/app/companycontact/list"
    );
 }
--- a/ruoyi-common/src/main/java/com/ruoyi/common/filter/EncryptResponseFilter.java
+++ b/ruoyi-common/src/main/java/com/ruoyi/common/filter/EncryptResponseFilter.java
@@ -84,6 +84,13 @@ public class EncryptResponseFilter implements Filter {
    private boolean needProcess(HttpServletRequest request) {
        String requestURI = request.getRequestURI();

+        //不加密返回
+        for (String pattern : EncryptConstants.NOT_URL_PATTERNS) {
+            if (pathMatcher.match(pattern, requestURI)) {
+                return false;
+            }
+        }
+
        // 检查URL是否匹配需要加解密的模式
        for (String pattern : EncryptConstants.URL_PATTERNS) {
            if (pathMatcher.match(pattern, requestURI)) {