From 5d9101e8627bca8e1ec25739777bfc2bdc8c104e Mon Sep 17 00:00:00 2001
From: xuefei <564615061@qq.cm>
Date: 星期五, 28 四月 2023 10:38:55 +0800
Subject: [PATCH] 测试漏洞修复
---
xboot-modules/xboot-base/src/main/java/cn/exrick/xboot/base/controller/common/CaptchaController.java | 283 ++++++++++++++++++++++++++++---------------------------
1 files changed, 144 insertions(+), 139 deletions(-)
diff --git a/xboot-modules/xboot-base/src/main/java/cn/exrick/xboot/base/controller/common/CaptchaController.java b/xboot-modules/xboot-base/src/main/java/cn/exrick/xboot/base/controller/common/CaptchaController.java
index c7f4f0d..413b474 100644
--- a/xboot-modules/xboot-base/src/main/java/cn/exrick/xboot/base/controller/common/CaptchaController.java
+++ b/xboot-modules/xboot-base/src/main/java/cn/exrick/xboot/base/controller/common/CaptchaController.java
@@ -1,139 +1,144 @@
-//package cn.exrick.xboot.base.controller.common;
-//
-//import cn.exrick.xboot.core.common.annotation.RateLimiter;
-//import cn.exrick.xboot.core.common.constant.CommonConstant;
-//import cn.exrick.xboot.core.common.redis.RedisTemplateHelper;
-//import cn.exrick.xboot.core.common.sms.SmsUtil;
-//import cn.exrick.xboot.core.common.utils.CommonUtil;
-//import cn.exrick.xboot.core.common.utils.CreateVerifyCode;
-//import cn.exrick.xboot.core.common.utils.IpInfoUtil;
-//import cn.exrick.xboot.core.common.utils.ResultUtil;
-//import cn.exrick.xboot.core.common.vo.Result;
-//import cn.exrick.xboot.core.service.SettingService;
-//import cn.exrick.xboot.core.service.UserService;
-//import cn.hutool.core.util.IdUtil;
-//import cn.hutool.core.util.StrUtil;
-//import io.swagger.annotations.Api;
-//import io.swagger.annotations.ApiOperation;
-//import lombok.extern.slf4j.Slf4j;
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.transaction.annotation.Transactional;
-//import org.springframework.web.bind.annotation.PathVariable;
-//import org.springframework.web.bind.annotation.RequestMapping;
-//import org.springframework.web.bind.annotation.RequestMethod;
-//import org.springframework.web.bind.annotation.RestController;
-//
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//import java.io.IOException;
-//import java.util.concurrent.TimeUnit;
-//
-///**
-// * @author Exrickx
-// */
-//@Api(tags = "楠岃瘉鐮佹帴鍙�")
-//@RequestMapping("/xboot/common/captcha")
-//@RestController
-//@Transactional
-//@Slf4j
-//public class CaptchaController {
-//
-// @Autowired
-// private SmsUtil smsUtil;
-//
-// @Autowired
-// private RedisTemplateHelper redisTemplate;
-//
-// @Autowired
-// private IpInfoUtil ipInfoUtil;
-//
-// @Autowired
-// private UserService userService;
-//
-// @Autowired
-// private SettingService settingService;
-//
-// @RequestMapping(value = "/init", method = RequestMethod.GET)
-// @ApiOperation(value = "鍒濆鍖栭獙璇佺爜")
-// public Result<Object> initCaptcha() {
-//
-// String captchaId = IdUtil.simpleUUID();
-// String code = new CreateVerifyCode().randomStr(4);
-// // 缂撳瓨楠岃瘉鐮�
-// redisTemplate.set(captchaId, code, 2L, TimeUnit.MINUTES);
-// return ResultUtil.data(captchaId);
-// }
-//
-// @RequestMapping(value = "/draw/{captchaId}", method = RequestMethod.GET)
-// @ApiOperation(value = "鏍规嵁楠岃瘉鐮両D鑾峰彇鍥剧墖")
-// public void drawCaptcha(@PathVariable("captchaId") String captchaId,
-// HttpServletResponse response) throws IOException {
-//
-// // 寰楀埌楠岃瘉鐮� 鐢熸垚鎸囧畾楠岃瘉鐮�
-// String code = redisTemplate.get(captchaId);
-// CreateVerifyCode vCode = new CreateVerifyCode(116, 36, 4, 10, code);
-// response.setContentType("image/png");
-// vCode.write(response.getOutputStream());
-// }
-//
-// @RequestMapping(value = "/sendRegistSms/{mobile}", method = RequestMethod.GET)
-// @ApiOperation(value = "鍙戦�佹敞鍐岀煭淇¢獙璇佺爜")
-// public Result<Object> sendRegistSmsCode(@PathVariable String mobile, HttpServletRequest request) {
-//
-// return sendSms(mobile, 2, 0, request);
-// }
-//
-// @RequestMapping(value = "/sendLoginSms/{mobile}", method = RequestMethod.GET)
-// @ApiOperation(value = "鍙戦�佺櫥褰曠煭淇¢獙璇佺爜")
-// @RateLimiter(name="sendLoginSms", rate = 1, ipLimit = true)
-// public Result<Object> sendLoginSmsCode(@PathVariable String mobile, HttpServletRequest request) {
-//
-// return sendSms(mobile, 1, 0, request);
-// }
-//
-// @RequestMapping(value = "/sendResetSms/{mobile}", method = RequestMethod.GET)
-// @ApiOperation(value = "鍙戦�侀噸缃瘑鐮佺煭淇¢獙璇佺爜")
-// public Result<Object> sendResetSmsCode(@PathVariable String mobile, HttpServletRequest request) {
-//
-// return sendSms(mobile, 1, 5, request);
-// }
-//
-// @RequestMapping(value = "/sendEditMobileSms/{mobile}", method = RequestMethod.GET)
-// @ApiOperation(value = "鍙戦�佷慨鏀规墜鏈虹煭淇¢獙璇佺爜")
-// public Result<Object> sendEditMobileSmsCode(@PathVariable String mobile, HttpServletRequest request) {
-//
-// if (userService.findByMobile(mobile) != null) {
-// return ResultUtil.error("璇ユ墜鏈哄彿宸茬粦瀹氳处鎴�");
-// }
-// return sendSms(mobile, 0, 0, request);
-// }
-//
-// /**
-// * @param mobile 鎵嬫満鍙�
-// * @param range 鍙戦�佽寖鍥� 0鍙戦�佺粰鎵�鏈夋墜鏈哄彿 1鍙彂閫佺粰娉ㄥ唽鎵嬫満 2鍙彂閫佺粰鏈敞鍐屾墜鏈�
-// * @param templateType 0閫氱敤妯$増 1娉ㄥ唽 2鐧诲綍 3淇敼鎵嬫満 4淇敼瀵嗙爜 5閲嶇疆瀵嗙爜 6宸ヤ綔娴佹ā鐗�
-// */
-// public Result<Object> sendSms(String mobile, Integer range, Integer templateType, HttpServletRequest request) {
-//
-// if (range == 1 && userService.findByMobile(mobile) == null) {
-// return ResultUtil.error("鎵嬫満鍙锋湭娉ㄥ唽");
-// } else if (range == 2 && userService.findByMobile(mobile) != null) {
-// return ResultUtil.error("鎵嬫満鍙峰凡娉ㄥ唽");
-// }
-// // IP闄愭祦 1鍒嗛挓闄�1涓姹�
-// String key = "sendSms:" + ipInfoUtil.getIpAddr(request);
-// String value = redisTemplate.get(key);
-// if (StrUtil.isNotBlank(value)) {
-// return ResultUtil.error("鎮ㄥ彂閫佺殑澶绻佸暒锛岃绋嶅悗鍐嶈瘯");
-// }
-// // 鐢熸垚6浣嶆暟楠岃瘉鐮�
-// String code = CommonUtil.getRandomNum();
-// // 缂撳瓨楠岃瘉鐮�
-// redisTemplate.set(CommonConstant.PRE_SMS + mobile, code, 5L, TimeUnit.MINUTES);
-// // 鍙戦�侀獙璇佺爜
-// smsUtil.sendCode(mobile, code, templateType);
-// // 璇锋眰鎴愬姛 鏍囪闄愭祦
-// redisTemplate.set(key, "sended", 1L, TimeUnit.MINUTES);
-// return ResultUtil.success("鍙戦�佺煭淇¢獙璇佺爜鎴愬姛");
-// }
-//}
+package cn.exrick.xboot.base.controller.common;
+
+import cn.exrick.xboot.core.common.annotation.RateLimiter;
+import cn.exrick.xboot.core.common.constant.CommonConstant;
+import cn.exrick.xboot.core.common.redis.RedisTemplateHelper;
+import cn.exrick.xboot.core.common.sms.SmsUtil;
+import cn.exrick.xboot.core.common.utils.CommonUtil;
+import cn.exrick.xboot.core.common.utils.CreateVerifyCode;
+import cn.exrick.xboot.core.common.utils.IpInfoUtil;
+import cn.exrick.xboot.core.common.utils.ResultUtil;
+import cn.exrick.xboot.core.common.vo.Result;
+import cn.exrick.xboot.core.service.SettingService;
+import cn.exrick.xboot.core.service.UserService;
+import cn.hutool.core.util.IdUtil;
+import cn.hutool.core.util.StrUtil;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.transaction.annotation.Transactional;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * @author Exrickx
+ */
+@Api(tags = "楠岃瘉鐮佹帴鍙�")
+@RequestMapping("/xboot/common/captcha")
+@RestController
+@Transactional
+@Slf4j
+public class CaptchaController {
+
+ @Autowired
+ private SmsUtil smsUtil;
+
+ @Autowired
+ private RedisTemplateHelper redisTemplate;
+
+ @Autowired
+ private IpInfoUtil ipInfoUtil;
+
+ @Autowired
+ private UserService userService;
+
+ @Autowired
+ private SettingService settingService;
+
+ @RequestMapping(value = "/init", method = RequestMethod.GET)
+ @ApiOperation(value = "鍒濆鍖栭獙璇佺爜")
+ public Result<Object> initCaptcha() {
+
+ String captchaId = IdUtil.simpleUUID();
+ String code = new CreateVerifyCode().randomStr(4);
+ // 缂撳瓨楠岃瘉鐮�
+ redisTemplate.set(captchaId, code, 2L, TimeUnit.MINUTES);
+ Map<String,String> map = new HashMap<String,String>();
+ map.put("captchaId",captchaId);
+ map.put("code",code);
+ return ResultUtil.data(map);
+ }
+
+ @RequestMapping(value = "/draw/{captchaId}", method = RequestMethod.GET)
+ @ApiOperation(value = "鏍规嵁楠岃瘉鐮両D鑾峰彇鍥剧墖")
+ public void drawCaptcha(@PathVariable("captchaId") String captchaId,
+ HttpServletResponse response) throws IOException {
+
+ // 寰楀埌楠岃瘉鐮� 鐢熸垚鎸囧畾楠岃瘉鐮�
+ String code = redisTemplate.get(captchaId);
+ CreateVerifyCode vCode = new CreateVerifyCode(116, 36, 4, 10, code);
+ response.setContentType("image/png");
+ vCode.write(response.getOutputStream());
+ }
+
+ @RequestMapping(value = "/sendRegistSms/{mobile}", method = RequestMethod.GET)
+ @ApiOperation(value = "鍙戦�佹敞鍐岀煭淇¢獙璇佺爜")
+ public Result<Object> sendRegistSmsCode(@PathVariable String mobile, HttpServletRequest request) {
+
+ return sendSms(mobile, 2, 0, request);
+ }
+
+ @RequestMapping(value = "/sendLoginSms/{mobile}", method = RequestMethod.GET)
+ @ApiOperation(value = "鍙戦�佺櫥褰曠煭淇¢獙璇佺爜")
+ @RateLimiter(name="sendLoginSms", rate = 1, ipLimit = true)
+ public Result<Object> sendLoginSmsCode(@PathVariable String mobile, HttpServletRequest request) {
+
+ return sendSms(mobile, 1, 0, request);
+ }
+
+ @RequestMapping(value = "/sendResetSms/{mobile}", method = RequestMethod.GET)
+ @ApiOperation(value = "鍙戦�侀噸缃瘑鐮佺煭淇¢獙璇佺爜")
+ public Result<Object> sendResetSmsCode(@PathVariable String mobile, HttpServletRequest request) {
+
+ return sendSms(mobile, 1, 5, request);
+ }
+
+ @RequestMapping(value = "/sendEditMobileSms/{mobile}", method = RequestMethod.GET)
+ @ApiOperation(value = "鍙戦�佷慨鏀规墜鏈虹煭淇¢獙璇佺爜")
+ public Result<Object> sendEditMobileSmsCode(@PathVariable String mobile, HttpServletRequest request) {
+
+ if (userService.findByMobile(mobile) != null) {
+ return ResultUtil.error("璇ユ墜鏈哄彿宸茬粦瀹氳处鎴�");
+ }
+ return sendSms(mobile, 0, 0, request);
+ }
+
+ /**
+ * @param mobile 鎵嬫満鍙�
+ * @param range 鍙戦�佽寖鍥� 0鍙戦�佺粰鎵�鏈夋墜鏈哄彿 1鍙彂閫佺粰娉ㄥ唽鎵嬫満 2鍙彂閫佺粰鏈敞鍐屾墜鏈�
+ * @param templateType 0閫氱敤妯$増 1娉ㄥ唽 2鐧诲綍 3淇敼鎵嬫満 4淇敼瀵嗙爜 5閲嶇疆瀵嗙爜 6宸ヤ綔娴佹ā鐗�
+ */
+ public Result<Object> sendSms(String mobile, Integer range, Integer templateType, HttpServletRequest request) {
+
+ if (range == 1 && userService.findByMobile(mobile) == null) {
+ return ResultUtil.error("鎵嬫満鍙锋湭娉ㄥ唽");
+ } else if (range == 2 && userService.findByMobile(mobile) != null) {
+ return ResultUtil.error("鎵嬫満鍙峰凡娉ㄥ唽");
+ }
+ // IP闄愭祦 1鍒嗛挓闄�1涓姹�
+ String key = "sendSms:" + ipInfoUtil.getIpAddr(request);
+ String value = redisTemplate.get(key);
+ if (StrUtil.isNotBlank(value)) {
+ return ResultUtil.error("鎮ㄥ彂閫佺殑澶绻佸暒锛岃绋嶅悗鍐嶈瘯");
+ }
+ // 鐢熸垚6浣嶆暟楠岃瘉鐮�
+ String code = CommonUtil.getRandomNum();
+ // 缂撳瓨楠岃瘉鐮�
+ redisTemplate.set(CommonConstant.PRE_SMS + mobile, code, 5L, TimeUnit.MINUTES);
+ // 鍙戦�侀獙璇佺爜
+ smsUtil.sendCode(mobile, code, templateType);
+ // 璇锋眰鎴愬姛 鏍囪闄愭祦
+ redisTemplate.set(key, "sended", 1L, TimeUnit.MINUTES);
+ return ResultUtil.success("鍙戦�佺煭淇¢獙璇佺爜鎴愬姛");
+ }
+}
--
Gitblit v1.9.1