lsd/ks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复高危漏洞接口——对外放行的,把岗位id加密

Browse Source
This commit is contained in:
sh
2026-04-21 12:59:36 +08:00
parent 6c6e61cb87
commit c85ff33840
6 changed files with 164 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/app/AppJobController.java
View File

@@ -8,10 +8,12 @@ import com.ruoyi.cms.service.*;
import com.ruoyi.cms.util.RoleUtils; import com.ruoyi.cms.util.RoleUtils;
import com.ruoyi.cms.util.sensitiveWord.SensitiveWordChecker; import com.ruoyi.cms.util.sensitiveWord.SensitiveWordChecker;
import com.ruoyi.common.annotation.BussinessLog; import com.ruoyi.common.annotation.BussinessLog;
import com.ruoyi.common.constant.SM4Constants;
import com.ruoyi.common.core.controller.BaseController; import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.utils.DateUtils; import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.SM4Utils;
import com.ruoyi.common.utils.SiteSecurityUtils; import com.ruoyi.common.utils.SiteSecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
@@ -167,52 +169,94 @@ public class AppJobController extends BaseController
* 获取岗位详细信息 * 获取岗位详细信息
*/ */
@ApiOperation("获取岗位详细信息") @ApiOperation("获取岗位详细信息")
@GetMapping(value = "/{jobId}") @GetMapping(value = "/{encryptJobId}")
public AjaxResult getInfo(@PathVariable("jobId") Long jobId, HttpServletRequest request) public AjaxResult getInfo(@PathVariable("encryptJobId") String encryptJobId, HttpServletRequest request)
{ {
if (jobId == null) { if(StringUtils.isBlank(encryptJobId)){
return AjaxResult.error("jobId不能为空"); return error("岗位id为空!");
}
try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
//Job job = jobService.selectJobByJobIdApp(jobId);
Job job = jobService.selectHttpJobByJobIdApp(jobId,request);
return success(job);
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
} }
//Job job = jobService.selectJobByJobIdApp(jobId);
Job job = jobService.selectHttpJobByJobIdApp(jobId,request);
return success(job);
} }
/** /**
* 用户收藏岗位 * 用户收藏岗位
*/ */
@BussinessLog(title = "用户收藏岗位") @BussinessLog(title = "用户收藏岗位")
@PostMapping("/collection/{jobId}") @PostMapping("/collection/{encryptJobId}")
@ApiOperation("用户收藏") @ApiOperation("用户收藏")
public AjaxResult jobCollection(@ApiParam("岗位id") @PathVariable Long jobId) public AjaxResult jobCollection(@ApiParam("岗位id") @PathVariable String encryptJobId)
{ {
return toAjax(jobCollectionService.jobCollection(jobId)); if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空!");
}
try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobCollectionService.jobCollection(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
/** /**
* 用户取消收藏岗位 * 用户取消收藏岗位
*/ */
@BussinessLog(title = "用户取消收藏岗位") @BussinessLog(title = "用户取消收藏岗位")
@DeleteMapping("/collection/{jobId}") @DeleteMapping("/collection/{encryptJobId}")
@ApiOperation("用户取消收藏岗位") @ApiOperation("用户取消收藏岗位")
public AjaxResult cancel(@ApiParam("岗位id") @PathVariable Long jobId) public AjaxResult cancel(@ApiParam("岗位id") @PathVariable String encryptJobId)
{ {
return toAjax(jobCollectionService.cancel(jobId)); if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空!");
}
try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobCollectionService.cancel(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
/** /**
* 用户申请岗位 * 用户申请岗位
*/ */
@BussinessLog(title = "用户申请岗位") @BussinessLog(title = "用户申请岗位")
@GetMapping("/apply/{jobId}") @GetMapping("/apply/{encryptJobId}")
@ApiOperation("用户申请岗位") @ApiOperation("用户申请岗位")
public AjaxResult apply(@ApiParam("岗位id") @PathVariable Long jobId) public AjaxResult apply(@ApiParam("岗位id") @PathVariable String encryptJobId)
{ {
return toAjax(jobCollectionService.apply(jobId)); if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空!");
}
try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobCollectionService.apply(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
@GetMapping("/competitiveness/{jobId}") @GetMapping("/competitiveness/{encryptJobId}")
@ApiOperation("竞争力分析") @ApiOperation("竞争力分析")
public AjaxResult competitiveness(@ApiParam("岗位id") @PathVariable Long jobId) { public AjaxResult competitiveness(@ApiParam("岗位id") @PathVariable String encryptJobId) {
return success(jobCollectionService.competitiveness(jobId)); if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空!");
}
try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return success(jobCollectionService.competitiveness(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
private TableDataInfo getTableDataInfo(EsPageInfo<ESJobDocument> result){ private TableDataInfo getTableDataInfo(EsPageInfo<ESJobDocument> result){
long total = result.getTotal(); long total = result.getTotal();
@@ -291,20 +335,32 @@ public class AppJobController extends BaseController
} }
@ApiOperation("岗位下架") @ApiOperation("岗位下架")
@PutMapping("/jobDown/{jobId}") @PutMapping("/jobDown/{encryptJobId}")
public AjaxResult jobDown(@ApiParam("岗位id") @PathVariable Long jobId){ public AjaxResult jobDown(@ApiParam("岗位id") @PathVariable String encryptJobId){
if(jobId==null){ if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空"); return error("岗位id为空");
} }
return toAjax(jobService.jobDown(jobId)); try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobService.jobDown(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
@ApiOperation("岗位上架") @ApiOperation("岗位上架")
@PutMapping("/jobUp/{jobId}") @PutMapping("/jobUp/{encryptJobId}")
public AjaxResult jobUp(@ApiParam("岗位id") @PathVariable Long jobId){ public AjaxResult jobUp(@ApiParam("岗位id") @PathVariable String encryptJobId){
if(jobId==null){ if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空"); return error("岗位id为空");
} }
return toAjax(jobService.jobUp(jobId)); try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobService.jobUp(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
} }

49
ruoyi-bussiness/src/main/java/com/ruoyi/cms/controller/cms/CmsJobController.java
View File

@@ -14,6 +14,7 @@ import com.ruoyi.cms.util.excel.JobExcelListener;
import com.ruoyi.cms.util.sensitiveWord.SensitiveWordChecker; import com.ruoyi.cms.util.sensitiveWord.SensitiveWordChecker;
import com.ruoyi.common.annotation.Anonymous; import com.ruoyi.common.annotation.Anonymous;
import com.ruoyi.common.annotation.Log; import com.ruoyi.common.annotation.Log;
import com.ruoyi.common.constant.SM4Constants;
import com.ruoyi.common.core.controller.BaseController; import com.ruoyi.common.core.controller.BaseController;
import com.ruoyi.common.core.domain.AjaxResult; import com.ruoyi.common.core.domain.AjaxResult;
import com.ruoyi.common.core.domain.entity.AppUser; import com.ruoyi.common.core.domain.entity.AppUser;
@@ -21,6 +22,7 @@ import com.ruoyi.common.core.domain.entity.Company;
import com.ruoyi.common.core.page.TableDataInfo; import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.enums.BusinessType; import com.ruoyi.common.enums.BusinessType;
import com.ruoyi.common.utils.DateUtils; import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.SM4Utils;
import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.bean.BeanUtils; import com.ruoyi.common.utils.bean.BeanUtils;
@@ -92,14 +94,20 @@ public class CmsJobController extends BaseController
*/ */
@ApiOperation("获取岗位详细信息") @ApiOperation("获取岗位详细信息")
// @PreAuthorize("@ss.hasPermi('bussiness:job:query')") // @PreAuthorize("@ss.hasPermi('bussiness:job:query')")
@GetMapping(value = "/{jobId}") @GetMapping(value = "/{encryptJobId}")
public AjaxResult getInfo(@PathVariable("jobId") Long jobId, HttpServletRequest request) public AjaxResult getInfo(@PathVariable("encryptJobId") String encryptJobId, HttpServletRequest request)
{ {
if (jobId == null) { if(StringUtils.isBlank(encryptJobId)){
return AjaxResult.error("jobId不能为空"); return error("jobId不能为空");
}
try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
//return success(jobService.selectJobByJobId(jobId));
return success(jobService.selectHttpJobByJobId(jobId,request));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
} }
//return success(jobService.selectJobByJobId(jobId));
return success(jobService.selectHttpJobByJobId(jobId,request));
} }
/** /**
@@ -481,21 +489,34 @@ public class CmsJobController extends BaseController
} }
@ApiOperation("岗位下架") @ApiOperation("岗位下架")
@PutMapping("/jobDown/{jobId}") @PutMapping("/jobDown/{encryptJobId}")
public AjaxResult jobDown(@PathVariable("jobId") Long jobId){ public AjaxResult jobDown(@PathVariable("encryptJobId") String encryptJobId){
if(jobId==null){ if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空"); return error("岗位id为空");
} }
return toAjax(jobService.jobDown(jobId)); try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobService.jobDown(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
@ApiOperation("岗位上架") @ApiOperation("岗位上架")
@PutMapping("/jobUp/{jobId}") @PutMapping("/jobUp/{encryptJobId}")
public AjaxResult jobUp(@PathVariable("jobId") Long jobId) throws CryptoClient.CryptoException { public AjaxResult jobUp(@PathVariable("encryptJobId") String encryptJobId) throws CryptoClient.CryptoException {
if(jobId==null){ if(StringUtils.isBlank(encryptJobId)){
return error("岗位id为空"); return error("岗位id为空");
} }
return toAjax(jobService.jobUp(jobId)); try {
Long jobId=Long.parseLong(SM4Utils.decryptEcb(SM4Constants.SM4_KET, encryptJobId));
return toAjax(jobService.jobUp(jobId));
}catch (Exception e){
e.printStackTrace();
return error("参数不正确!");
}
} }
/** /**

3
ruoyi-bussiness/src/main/java/com/ruoyi/cms/domain/ESJobDocument.java
View File

@@ -181,4 +181,7 @@ public class ESJobDocument
@ApiModelProperty("区划名称") @ApiModelProperty("区划名称")
private String regionName; private String regionName;
@ApiModelProperty("加密jobid")
private String encryptJobId;
} }

4
ruoyi-bussiness/src/main/java/com/ruoyi/cms/domain/Job.java
View File

@@ -215,4 +215,8 @@ public class Job extends BaseEntity
@TableField(exist = false) @TableField(exist = false)
@ApiModelProperty("区划名称") @ApiModelProperty("区划名称")
private String regionName; private String regionName;
@TableField(exist = false)
@ApiModelProperty("加密jobid")
private String encryptJobId;
} }

4
ruoyi-bussiness/src/main/java/com/ruoyi/cms/service/impl/ESJobSearchImpl.java
View File

@@ -3,6 +3,7 @@ package com.ruoyi.cms.service.impl;
import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSON;
import com.ruoyi.cms.domain.vo.CompanyVo; import com.ruoyi.cms.domain.vo.CompanyVo;
import com.ruoyi.cms.service.ICompanyService; import com.ruoyi.cms.service.ICompanyService;
import com.ruoyi.common.constant.SM4Constants;
import com.ruoyi.common.core.domain.entity.AppUser; import com.ruoyi.common.core.domain.entity.AppUser;
import com.ruoyi.cms.domain.ESJobDocument; import com.ruoyi.cms.domain.ESJobDocument;
import com.ruoyi.cms.domain.Job; import com.ruoyi.cms.domain.Job;
@@ -16,6 +17,7 @@ import com.ruoyi.common.core.domain.entity.Company;
import com.ruoyi.common.core.redis.RedisCache; import com.ruoyi.common.core.redis.RedisCache;
import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.core.text.Convert;
import com.ruoyi.common.utils.DateUtils; import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.SM4Utils;
import com.ruoyi.common.utils.SiteSecurityUtils; import com.ruoyi.common.utils.SiteSecurityUtils;
import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.bean.BeanUtils; import com.ruoyi.common.utils.bean.BeanUtils;
@@ -178,6 +180,8 @@ public class ESJobSearchImpl implements IESJobSearchService
for (Job job : jobList) { for (Job job : jobList) {
ESJobDocument esJobDocument = new ESJobDocument(); ESJobDocument esJobDocument = new ESJobDocument();
BeanUtils.copyBeanProp(esJobDocument, job); BeanUtils.copyBeanProp(esJobDocument, job);
String encryptJobId= SM4Utils.encryptEcb(SM4Constants.SM4_KET, String.valueOf(job.getJobId()));
esJobDocument.setEncryptJobId(encryptJobId);
CompanyVo vo=job.getCompanyVo(); CompanyVo vo=job.getCompanyVo();
esJobDocument.setCompanyVoJson(JSON.toJSONString(vo)); esJobDocument.setCompanyVoJson(JSON.toJSONString(vo));
esJobDocument.setAppJobUrl("https://www.xjksly.cn/app#/packageA/pages/post/post?jobId="+ Base64.getEncoder().encodeToString(String.valueOf(job.getJobId()).getBytes())); esJobDocument.setAppJobUrl("https://www.xjksly.cn/app#/packageA/pages/post/post?jobId="+ Base64.getEncoder().encodeToString(String.valueOf(job.getJobId()).getBytes()));

35
ruoyi-common/src/main/java/com/ruoyi/common/core/redis/RedisCache.java
View File

@@ -278,4 +278,39 @@ public class RedisCache
Boolean result = redisTemplate.opsForValue().setIfAbsent(key, value, timeout, unit); Boolean result = redisTemplate.opsForValue().setIfAbsent(key, value, timeout, unit);
return Boolean.TRUE.equals(result); return Boolean.TRUE.equals(result);
} }
/**
* 新增自增方法
* @param key 键
* @return 自增后的值
*/
public Long increment(String key) {
return redisTemplate.opsForValue().increment(key);
}
/**
* 重载:指定步长自增
* @param key 键
* @param step 步长
* @return 自增后的值
*/
public Long increment(String key, long step) {
return redisTemplate.opsForValue().increment(key, step);
}
/**
* 重载:自增并设置过期时间
* @param key 键
* @param step 步长
* @param expireTime 过期时间
* @param timeUnit 时间单位
* @return 自增后的值
*/
public Long increment(String key, long step, long expireTime, TimeUnit timeUnit) {
Long value = redisTemplate.opsForValue().increment(key, step);
if (value != null) {
redisTemplate.expire(key, expireTime, timeUnit);
}
return value;
}
} }