feat(安全): 添加验证码和登录安全增强功能
新增验证码功能用于敏感操作,包括删除账号、修改密码等 添加登录失败锁定机制和限流策略 实现防重放攻击和XSS防护增强 重构XSS拦截器使用请求包装器
This commit is contained in:
ikmkj
@@ -0,0 +1,33 @@
|
||||
package com.test.bijihoudaun.controller;
|
||||
|
||||
import com.test.bijihoudaun.common.response.R;
|
||||
import com.test.bijihoudaun.util.CaptchaUtil;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* 验证码接口
|
||||
*/
|
||||
@Tag(name = "验证码接口")
|
||||
@RestController
|
||||
@RequestMapping("/api/captcha")
|
||||
public class CaptchaController {
|
||||
|
||||
@Operation(summary = "获取图形验证码")
|
||||
@GetMapping("/generate")
|
||||
public R<Map<String, String>> generateCaptcha() {
|
||||
CaptchaUtil.CaptchaResult result = CaptchaUtil.generateCaptcha();
|
||||
|
||||
Map<String, String> data = new HashMap<>();
|
||||
data.put("captchaId", result.getCaptchaId());
|
||||
data.put("captchaImage", result.getBase64Image());
|
||||
|
||||
return R.success(data);
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,6 @@
|
||||
package com.test.bijihoudaun.controller;
|
||||
|
||||
import com.test.bijihoudaun.annotation.RequireCaptcha;
|
||||
import com.test.bijihoudaun.common.response.R;
|
||||
import com.test.bijihoudaun.entity.TrashItemVo;
|
||||
import com.test.bijihoudaun.service.TrashService;
|
||||
@@ -32,6 +33,7 @@ public class TrashController {
|
||||
}
|
||||
|
||||
@DeleteMapping("/permanently/{type}/{id}")
|
||||
@RequireCaptcha("永久删除")
|
||||
@Operation(summary = "永久删除项目")
|
||||
public R<Void> permanentlyDeleteItem(@PathVariable String type, @PathVariable String id) {
|
||||
trashService.permanentlyDeleteItem(id, type);
|
||||
@@ -39,6 +41,7 @@ public class TrashController {
|
||||
}
|
||||
|
||||
@DeleteMapping("/clean")
|
||||
@RequireCaptcha("清空回收站")
|
||||
@Operation(summary = "清空回收站")
|
||||
public R<Void> cleanTrash() {
|
||||
trashService.cleanTrash();
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
package com.test.bijihoudaun.controller;
|
||||
|
||||
import com.test.bijihoudaun.annotation.RequireCaptcha;
|
||||
import com.test.bijihoudaun.bo.UpdatePasswordBo;
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import com.test.bijihoudaun.common.response.R;
|
||||
@@ -84,6 +85,7 @@ public class UserController {
|
||||
}
|
||||
|
||||
@Operation(summary = "删除当前登录的用户")
|
||||
@RequireCaptcha("删除账号")
|
||||
@DeleteMapping("/deleteUser")
|
||||
public R<String> deleteUser(){
|
||||
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
@@ -105,6 +107,7 @@ public class UserController {
|
||||
}
|
||||
|
||||
@Operation(summary = "更新用户密码")
|
||||
@RequireCaptcha("修改密码")
|
||||
@PutMapping("/password")
|
||||
public R<String> updatePassword(@RequestBody UpdatePasswordBo updatePasswordBo) {
|
||||
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
|
||||
|
||||
Reference in New Issue
Block a user