feat: 实现笔记编辑器的自动保存功能与UI优化
refactor: 重构用户登录注册逻辑与数据验证 fix: 修复图片上传安全漏洞与路径处理问题 perf: 优化笔记列表分页加载与滚动性能 style: 改进侧边栏菜单的视觉设计与交互体验 chore: 更新环境变量与数据库连接配置 docs: 添加用户信息视图对象的Swagger文档 test: 增加用户注册登录的输入验证测试 ci: 配置JWT密钥环境变量与安全设置 build: 调整前端构建配置与模块加载方式
This commit is contained in:
ikmkj
@@ -17,81 +17,63 @@ import org.springframework.web.multipart.MaxUploadSizeExceededException;
|
||||
import java.util.List;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* 全局异常处理器
|
||||
*/
|
||||
@RestControllerAdvice
|
||||
public class GlobalExceptionHandler {
|
||||
// 打印日志
|
||||
private static final Logger log = LoggerFactory.getLogger(GlobalExceptionHandler.class);
|
||||
|
||||
/**
|
||||
* 处理业务异常
|
||||
*/
|
||||
@ExceptionHandler(BaseException.class)
|
||||
public R<Void> handleBaseException(BaseException e, HttpServletRequest request) {
|
||||
log.warn("Business exception at {}: {}", request.getRequestURI(), e.getMessage());
|
||||
return R.fail(e.getResultCode().getCode(), e.getMessage());
|
||||
}
|
||||
|
||||
/**
|
||||
* 处理注册异常
|
||||
*/
|
||||
@ExceptionHandler(RegistrationException.class)
|
||||
public R<String> handleRegistrationException(RegistrationException e) {
|
||||
log.warn("Registration attempt failed: {}", e.getMessage());
|
||||
public R<String> handleRegistrationException(RegistrationException e, HttpServletRequest request) {
|
||||
log.warn("Registration failed at {}: {}", request.getRequestURI(), e.getMessage());
|
||||
return R.fail(e.getMessage());
|
||||
}
|
||||
|
||||
/**
|
||||
* 处理文件大小超出限制异常
|
||||
*/
|
||||
@ExceptionHandler(MaxUploadSizeExceededException.class)
|
||||
public R<String> handleFileSizeLimitExceeded() {
|
||||
log.error("文件大小超出限制");
|
||||
public R<String> handleFileSizeLimitExceeded(HttpServletRequest request) {
|
||||
log.warn("File size exceeded at {}", request.getRequestURI());
|
||||
return R.fail("文件大小超过限制");
|
||||
}
|
||||
|
||||
/**
|
||||
* 处理参数校验异常
|
||||
*/
|
||||
@ExceptionHandler(MethodArgumentNotValidException.class)
|
||||
public R<List<String>> handleMethodArgumentNotValidException(MethodArgumentNotValidException e) {
|
||||
public R<List<String>> handleMethodArgumentNotValidException(MethodArgumentNotValidException e, HttpServletRequest request) {
|
||||
List<String> errors = e.getBindingResult().getFieldErrors()
|
||||
.stream()
|
||||
.map(FieldError::getDefaultMessage)
|
||||
.collect(Collectors.toList());
|
||||
log.error("参数校验异常:{}", errors.get(0));
|
||||
log.warn("Validation failed at {}: {}", request.getRequestURI(), errors.get(0));
|
||||
return R.fail(ResultCode.VALIDATE_FAILED.getCode(), errors.get(0));
|
||||
}
|
||||
|
||||
/**
|
||||
* 处理绑定异常
|
||||
*/
|
||||
@ExceptionHandler(BindException.class)
|
||||
public R<List<String>> handleBindException(BindException e) {
|
||||
public R<List<String>> handleBindException(BindException e, HttpServletRequest request) {
|
||||
List<String> errors = e.getBindingResult().getFieldErrors()
|
||||
.stream()
|
||||
.map(FieldError::getDefaultMessage)
|
||||
.collect(Collectors.toList());
|
||||
log.error("参数校验异常:{}", errors.get(0));
|
||||
log.warn("Bind exception at {}: {}", request.getRequestURI(), errors.get(0));
|
||||
return R.fail(ResultCode.VALIDATE_FAILED.getCode(), errors.get(0));
|
||||
}
|
||||
|
||||
/**
|
||||
* 处理请求体格式错误异常 (例如JSON格式错误)
|
||||
*/
|
||||
@ExceptionHandler(org.springframework.http.converter.HttpMessageNotReadableException.class)
|
||||
public R<String> handleHttpMessageNotReadableException(org.springframework.http.converter.HttpMessageNotReadableException e) {
|
||||
log.error("请求参数格式不正确: {}", e.getMessage());
|
||||
public R<String> handleHttpMessageNotReadableException(HttpServletRequest request) {
|
||||
log.warn("Invalid request body at {}", request.getRequestURI());
|
||||
return R.fail(ResultCode.VALIDATE_FAILED.getCode(), "请求参数格式不正确");
|
||||
}
|
||||
|
||||
/**
|
||||
* 处理其他所有未捕获的异常
|
||||
*/
|
||||
@ExceptionHandler(IllegalArgumentException.class)
|
||||
public R<Void> handleIllegalArgumentException(IllegalArgumentException e, HttpServletRequest request) {
|
||||
log.warn("Illegal argument at {}: {}", request.getRequestURI(), e.getMessage());
|
||||
return R.fail(ResultCode.VALIDATE_FAILED.getCode(), "参数错误");
|
||||
}
|
||||
|
||||
@ExceptionHandler(Exception.class)
|
||||
public R<Void> handleException(Exception e) {
|
||||
log.error("系统异常:", e); // 打印完整的堆栈信息
|
||||
public R<Void> handleException(Exception e, HttpServletRequest request) {
|
||||
log.error("Unexpected error at {} - Error type: {}", request.getRequestURI(), e.getClass().getSimpleName());
|
||||
return R.fail(ResultCode.FAILED.getCode(), "系统繁忙,请稍后再试");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -90,11 +90,7 @@ public class SecurityConfig {
|
||||
.requestMatchers(org.springframework.http.HttpMethod.GET,
|
||||
"/api/groupings/**", // 获取分组
|
||||
"/api/images/preview/**", // 预览图片
|
||||
"/api/markdown/files", // 获取所有文件
|
||||
"/api/markdown/search", // 搜索文件
|
||||
"/api/markdown/grouping/**", // 按分组获取文件
|
||||
"/api/markdown/recent", // 获取最近文件
|
||||
"/api/markdown/{id}", // 获取单个文件内容
|
||||
"/api/markdown/**", // 所有Markdown相关的GET请求
|
||||
"/api/system/registration/status" // 检查注册是否开启
|
||||
).permitAll()
|
||||
|
||||
|
||||
@@ -1,7 +1,10 @@
|
||||
package com.test.bijihoudaun.config;
|
||||
|
||||
import com.test.bijihoudaun.interceptor.RateLimitInterceptor;
|
||||
import com.test.bijihoudaun.interceptor.XSSInterceptor;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.CorsRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
@@ -11,24 +14,28 @@ public class WebConfig implements WebMvcConfigurer {
|
||||
@Override
|
||||
public void addCorsMappings(CorsRegistry registry) {
|
||||
registry.addMapping("/**")
|
||||
.allowedOriginPatterns("*") // 允许所有源
|
||||
.allowedOriginPatterns("*")
|
||||
.allowedMethods("*")
|
||||
.allowedHeaders("*")
|
||||
.allowCredentials(false) // 不允许凭证,否则与通配符冲突
|
||||
.maxAge(3600); // 预检请求缓存时间
|
||||
.allowCredentials(false)
|
||||
.maxAge(3600);
|
||||
}
|
||||
|
||||
/**
|
||||
* 重写父类方法,配置静态资源处理器
|
||||
* 该方法用于配置静态资源的访问路径和实际存储位置
|
||||
*
|
||||
* @param registry 资源处理器注册对象,用于注册静态资源处理器
|
||||
*/
|
||||
@Override
|
||||
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
||||
// 添加资源处理器,配置"/uploads/**"路径下的请求
|
||||
// 将这些请求映射到服务器的"uploads/"目录
|
||||
registry.addResourceHandler("/uploads/**")
|
||||
.addResourceLocations("file:uploads/");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
registry.addInterceptor(new RateLimitInterceptor())
|
||||
.addPathPatterns("/**")
|
||||
.order(1);
|
||||
|
||||
registry.addInterceptor(new XSSInterceptor())
|
||||
.addPathPatterns("/**")
|
||||
.excludePathPatterns("/api/markdown/**", "/api/images/**", "/doc.html", "/webjars/**", "/v3/api-docs/**")
|
||||
.order(2);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import cn.hutool.core.util.StrUtil;
|
||||
import com.test.bijihoudaun.common.response.R;
|
||||
import com.test.bijihoudaun.entity.Image;
|
||||
import com.test.bijihoudaun.service.ImageService;
|
||||
import com.test.bijihoudaun.util.SecurityUtil;
|
||||
import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
@@ -17,9 +18,11 @@ import org.springframework.web.multipart.MultipartFile;
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.util.List;
|
||||
|
||||
@Tag(name = "markdown接口")
|
||||
@Tag(name = "图片接口")
|
||||
@RestController
|
||||
@RequestMapping("/api/images")
|
||||
public class ImageController {
|
||||
@@ -48,6 +51,9 @@ public class ImageController {
|
||||
@Operation(summary = "根据id删除图片")
|
||||
@PostMapping("/{id}")
|
||||
public R<Void> deleteImage(@PathVariable Long id) {
|
||||
if (!SecurityUtil.isUserAuthenticated()) {
|
||||
return R.fail("请先登录");
|
||||
}
|
||||
boolean result = imageService.deleteImage(id);
|
||||
if (result) {
|
||||
return R.success();
|
||||
@@ -56,38 +62,63 @@ public class ImageController {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 在线预览(图片、视频、音频、pdf 等浏览器可直接识别的类型)
|
||||
*/
|
||||
@GetMapping("/preview/{url}")
|
||||
@Operation(summary = "在线预览", description = "浏览器直接打开文件流")
|
||||
@GetMapping("/preview/{url}")
|
||||
public void preview(@PathVariable String url, HttpServletResponse resp) throws IOException {
|
||||
if (StrUtil.isBlank(url)) {
|
||||
resp.setStatus(404);
|
||||
resp.getWriter().write("{\"code\":404,\"msg\":\"文件不存在\",\"data\":null}");
|
||||
return;
|
||||
}
|
||||
File file = new File(rootPath + File.separator + url);
|
||||
if (!file.exists()) {
|
||||
|
||||
String sanitizedUrl = sanitizeFileName(url);
|
||||
if (sanitizedUrl == null) {
|
||||
resp.setStatus(403);
|
||||
resp.getWriter().write("{\"code\":403,\"msg\":\"非法文件路径\",\"data\":null}");
|
||||
return;
|
||||
}
|
||||
|
||||
Path basePath = Paths.get(rootPath).normalize().toAbsolutePath();
|
||||
Path filePath = basePath.resolve(sanitizedUrl).normalize();
|
||||
|
||||
if (!filePath.startsWith(basePath)) {
|
||||
resp.setStatus(403);
|
||||
resp.getWriter().write("{\"code\":403,\"msg\":\"非法文件路径\",\"data\":null}");
|
||||
return;
|
||||
}
|
||||
|
||||
File file = filePath.toFile();
|
||||
if (!file.exists() || !file.isFile()) {
|
||||
resp.setStatus(404);
|
||||
resp.getWriter().write("{\"code\":404,\"msg\":\"文件不存在\",\"data\":null}");
|
||||
return;
|
||||
}
|
||||
|
||||
String contentTypeFromFileExtension = getContentTypeFromFileExtension(url);
|
||||
// 设置正确的 MIME
|
||||
resp.setContentType(contentTypeFromFileExtension);
|
||||
// 设置文件长度,支持断点续传
|
||||
resp.setContentLengthLong(file.length());
|
||||
// 写出文件流
|
||||
try (FileInputStream in = new FileInputStream(file)) {
|
||||
StreamUtils.copy(in, resp.getOutputStream());
|
||||
}
|
||||
}
|
||||
|
||||
private String sanitizeFileName(String fileName) {
|
||||
if (StrUtil.isBlank(fileName)) {
|
||||
return null;
|
||||
}
|
||||
if (fileName.contains("..") || fileName.contains("/") || fileName.contains("\\") || fileName.contains(":")) {
|
||||
return null;
|
||||
}
|
||||
return fileName;
|
||||
}
|
||||
|
||||
|
||||
@Operation(summary = "根据url删除图片")
|
||||
@PostMapping("/deleteByUrl")
|
||||
public R<Void> deleteImageByUrl(@RequestParam String url) {
|
||||
if (!SecurityUtil.isUserAuthenticated()) {
|
||||
return R.fail("请先登录");
|
||||
}
|
||||
boolean result = imageService.deleteImageByUrl(url);
|
||||
if (result) {
|
||||
return R.success();
|
||||
@@ -99,6 +130,9 @@ public class ImageController {
|
||||
@Operation(summary = "根据url批量删除图片")
|
||||
@PostMapping("/batch")
|
||||
public R<Void> deleteImageByUrls(@RequestBody List<String> urls) {
|
||||
if (!SecurityUtil.isUserAuthenticated()) {
|
||||
return R.fail("请先登录");
|
||||
}
|
||||
boolean result = imageService.deleteImageByUrls(urls);
|
||||
if (result) {
|
||||
return R.success();
|
||||
@@ -108,11 +142,6 @@ public class ImageController {
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* 根据文件扩展名获取内容类型
|
||||
* @param fileName 文件名
|
||||
* @return 对应的MIME类型
|
||||
*/
|
||||
private String getContentTypeFromFileExtension(String fileName) {
|
||||
if (StrUtil.isBlank(fileName) || !StrUtil.contains(fileName, '.')) {
|
||||
return "application/octet-stream";
|
||||
|
||||
@@ -108,8 +108,8 @@ public class MarkdownController {
|
||||
|
||||
@Operation(summary = "获取最近更新的笔记")
|
||||
@GetMapping("/recent")
|
||||
public R<List<MarkdownFileVO>> getRecentFiles() {
|
||||
List<MarkdownFileVO> files = markdownFileService.getRecentFiles(12);
|
||||
public R<List<MarkdownFileVO>> getRecentFiles(@RequestParam(defaultValue = "16") int limit) {
|
||||
List<MarkdownFileVO> files = markdownFileService.getRecentFiles(limit);
|
||||
return R.success(files);
|
||||
}
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ import com.test.bijihoudaun.bo.UpdatePasswordBo;
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import com.test.bijihoudaun.common.response.R;
|
||||
import com.test.bijihoudaun.entity.User;
|
||||
import com.test.bijihoudaun.entity.UserVO;
|
||||
import com.test.bijihoudaun.service.RegistrationCodeService;
|
||||
import com.test.bijihoudaun.service.SystemSettingService;
|
||||
import com.test.bijihoudaun.service.UserService;
|
||||
@@ -11,6 +12,7 @@ import io.swagger.v3.oas.annotations.Operation;
|
||||
import io.swagger.v3.oas.annotations.Parameter;
|
||||
import io.swagger.v3.oas.annotations.Parameters;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import org.springframework.beans.BeanUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.security.authentication.BadCredentialsException;
|
||||
@@ -41,14 +43,18 @@ public class UserController {
|
||||
@Parameter(name = "registrationCode", description = "注册码", required = true)
|
||||
})
|
||||
@PostMapping("/register")
|
||||
public R<User> register(String username, String password, String email, String registrationCode){
|
||||
public R<UserVO> register(String username, String password, String email, String registrationCode){
|
||||
if (!systemSettingService.isRegistrationEnabled()) {
|
||||
return R.fail("注册功能已关闭");
|
||||
}
|
||||
if (!registrationCodeService.validateCode(registrationCode)) {
|
||||
return R.fail("无效或已过期的注册码");
|
||||
}
|
||||
return R.success(userService.register(username,password,email));
|
||||
User user = userService.register(username, password, email);
|
||||
UserVO userVO = new UserVO();
|
||||
BeanUtils.copyProperties(user, userVO);
|
||||
userVO.setId(String.valueOf(user.getId()));
|
||||
return R.success(userVO);
|
||||
}
|
||||
|
||||
@Operation(summary = "用户登录")
|
||||
@@ -57,12 +63,21 @@ public class UserController {
|
||||
@Parameter(name = "password", description = "密码",required = true)
|
||||
})
|
||||
@PostMapping("/login")
|
||||
public R<Map<String, String>> login(String username, String password){
|
||||
public R<Map<String, Object>> login(String username, String password){
|
||||
try {
|
||||
String token = userService.login(username, password);
|
||||
Map<String, String> tokenMap = new HashMap<>();
|
||||
tokenMap.put("token", token);
|
||||
return R.success(tokenMap);
|
||||
User user = userService.getOne(new com.baomidou.mybatisplus.core.conditions.query.QueryWrapper<User>().eq("username", username));
|
||||
|
||||
Map<String, Object> result = new HashMap<>();
|
||||
result.put("token", token);
|
||||
|
||||
Map<String, Object> userInfo = new HashMap<>();
|
||||
userInfo.put("id", String.valueOf(user.getId()));
|
||||
userInfo.put("username", user.getUsername());
|
||||
userInfo.put("email", user.getEmail());
|
||||
result.put("userInfo", userInfo);
|
||||
|
||||
return R.success(result);
|
||||
} catch (BadCredentialsException e) {
|
||||
return R.fail("用户名或密码错误");
|
||||
}
|
||||
|
||||
@@ -0,0 +1,29 @@
|
||||
package com.test.bijihoudaun.entity;
|
||||
|
||||
import io.swagger.v3.oas.annotations.media.Schema;
|
||||
import lombok.Data;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Date;
|
||||
|
||||
@Data
|
||||
@Schema(description = "用户信息视图对象")
|
||||
public class UserVO implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
@Schema(description = "用户id")
|
||||
private String id;
|
||||
|
||||
@Schema(description = "用户名")
|
||||
private String username;
|
||||
|
||||
@Schema(description = "邮箱")
|
||||
private String email;
|
||||
|
||||
@Schema(description = "用户创建时间")
|
||||
private Date createdAt;
|
||||
|
||||
@Schema(description = "用户更新时间")
|
||||
private Date updatedAt;
|
||||
}
|
||||
@@ -0,0 +1,84 @@
|
||||
package com.test.bijihoudaun.interceptor;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.test.bijihoudaun.common.response.R;
|
||||
import com.test.bijihoudaun.common.response.ResultCode;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.web.servlet.HandlerInterceptor;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
|
||||
public class RateLimitInterceptor implements HandlerInterceptor {
|
||||
|
||||
private static final int MAX_REQUESTS_PER_MINUTE = 60;
|
||||
private static final int MAX_LOGIN_REQUESTS_PER_MINUTE = 5;
|
||||
private static final long WINDOW_SIZE_MS = 60_000;
|
||||
|
||||
private final Map<String, RequestCounter> requestCounters = new ConcurrentHashMap<>();
|
||||
private final Map<String, RequestCounter> loginCounters = new ConcurrentHashMap<>();
|
||||
|
||||
private static class RequestCounter {
|
||||
AtomicInteger count;
|
||||
long windowStart;
|
||||
|
||||
RequestCounter() {
|
||||
this.count = new AtomicInteger(1);
|
||||
this.windowStart = System.currentTimeMillis();
|
||||
}
|
||||
|
||||
boolean incrementAndCheck(int maxRequests) {
|
||||
long now = System.currentTimeMillis();
|
||||
if (now - windowStart > WINDOW_SIZE_MS) {
|
||||
synchronized (this) {
|
||||
if (now - windowStart > WINDOW_SIZE_MS) {
|
||||
count.set(1);
|
||||
windowStart = now;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return count.incrementAndGet() <= maxRequests;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
String clientIp = getClientIp(request);
|
||||
String requestUri = request.getRequestURI();
|
||||
|
||||
boolean isLoginRequest = "/api/user/login".equals(requestUri);
|
||||
Map<String, RequestCounter> counters = isLoginRequest ? loginCounters : requestCounters;
|
||||
int maxRequests = isLoginRequest ? MAX_LOGIN_REQUESTS_PER_MINUTE : MAX_REQUESTS_PER_MINUTE;
|
||||
|
||||
RequestCounter counter = counters.computeIfAbsent(clientIp, k -> new RequestCounter());
|
||||
|
||||
if (!counter.incrementAndCheck(maxRequests)) {
|
||||
response.setContentType("application/json;charset=UTF-8");
|
||||
response.setStatus(429);
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
response.getWriter().write(mapper.writeValueAsString(
|
||||
R.fail(ResultCode.FAILED.getCode(), isLoginRequest ? "登录请求过于频繁,请稍后再试" : "请求过于频繁,请稍后再试")
|
||||
));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private String getClientIp(HttpServletRequest request) {
|
||||
String ip = request.getHeader("X-Forwarded-For");
|
||||
if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) {
|
||||
ip = request.getHeader("X-Real-IP");
|
||||
}
|
||||
if (ip == null || ip.isEmpty() || "unknown".equalsIgnoreCase(ip)) {
|
||||
ip = request.getRemoteAddr();
|
||||
}
|
||||
if (ip != null && ip.contains(",")) {
|
||||
ip = ip.split(",")[0].trim();
|
||||
}
|
||||
return ip;
|
||||
}
|
||||
}
|
||||
@@ -48,6 +48,12 @@ public interface MarkdownFileMapper extends BaseMapper<MarkdownFile> {
|
||||
* 获取所有笔记ID
|
||||
* @return 所有笔记ID列表
|
||||
*/
|
||||
@Select("SELECT id FROM `markdown_file` WHERE is_deleted = 0")
|
||||
@Select("SELECT id, grouping_id, `title`, file_name, `content`, created_at, updated_at, is_deleted, deleted_at, deleted_by, is_private FROM `markdown_file` WHERE is_deleted = 0")
|
||||
List<Integer> findAllIds();
|
||||
|
||||
@Select("SELECT mf.id, mf.grouping_id, mf.`title`, mf.file_name, mf.`content`, mf.created_at, mf.updated_at, mf.is_deleted, mf.deleted_at, mf.deleted_by, mf.is_private, g.`grouping` as groupingName " +
|
||||
"FROM `markdown_file` mf " +
|
||||
"LEFT JOIN `grouping` g ON mf.grouping_id = g.id " +
|
||||
"WHERE mf.id = #{id} AND mf.is_deleted = 0")
|
||||
MarkdownFileVO selectByIdWithGrouping(@Param("id") Long id);
|
||||
}
|
||||
@@ -1,11 +1,11 @@
|
||||
package com.test.bijihoudaun.service.impl;
|
||||
|
||||
import cn.hutool.core.collection.CollUtil;
|
||||
import cn.hutool.core.stream.CollectorUtil;
|
||||
import cn.hutool.core.util.ObjectUtil;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
|
||||
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
|
||||
import com.test.bijihoudaun.common.exception.BusinessException;
|
||||
import com.test.bijihoudaun.entity.Image;
|
||||
import com.test.bijihoudaun.mapper.ImageMapper;
|
||||
import com.test.bijihoudaun.service.ImageService;
|
||||
@@ -19,9 +19,9 @@ import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.Paths;
|
||||
import java.time.LocalDateTime;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
@Service
|
||||
@@ -30,6 +30,12 @@ public class ImageServiceImpl
|
||||
extends ServiceImpl<ImageMapper, Image>
|
||||
implements ImageService {
|
||||
|
||||
private static final Set<String> ALLOWED_EXTENSIONS = Set.of(
|
||||
".jpg", ".jpeg", ".png", ".gif", ".bmp", ".webp", ".svg"
|
||||
);
|
||||
|
||||
private static final long MAX_FILE_SIZE = 10 * 1024 * 1024;
|
||||
|
||||
@Value("${file.upload-dir}")
|
||||
private String uploadDir;
|
||||
@Resource
|
||||
@@ -37,28 +43,50 @@ public class ImageServiceImpl
|
||||
|
||||
@Override
|
||||
public Image uploadImage( MultipartFile file, Long userId, Long markdownId) throws IOException {
|
||||
// 创建上传目录
|
||||
if (file == null || file.isEmpty()) {
|
||||
throw new BusinessException("上传文件不能为空");
|
||||
}
|
||||
|
||||
String originalFilename = file.getOriginalFilename();
|
||||
if (originalFilename == null || originalFilename.isEmpty()) {
|
||||
throw new BusinessException("文件名无效");
|
||||
}
|
||||
|
||||
if (file.getSize() > MAX_FILE_SIZE) {
|
||||
throw new BusinessException("文件大小超过限制(最大10MB)");
|
||||
}
|
||||
|
||||
int lastDotIndex = originalFilename.lastIndexOf(".");
|
||||
if (lastDotIndex == -1) {
|
||||
throw new BusinessException("文件缺少扩展名");
|
||||
}
|
||||
|
||||
String extension = originalFilename.substring(lastDotIndex).toLowerCase();
|
||||
if (!ALLOWED_EXTENSIONS.contains(extension)) {
|
||||
throw new BusinessException("不支持的文件类型,仅支持图片文件");
|
||||
}
|
||||
|
||||
String contentType = file.getContentType();
|
||||
if (contentType == null || !contentType.startsWith("image/")) {
|
||||
throw new BusinessException("文件内容类型无效");
|
||||
}
|
||||
|
||||
Path uploadPath = Paths.get(uploadDir);
|
||||
if (!Files.exists(uploadPath)) {
|
||||
Files.createDirectories(uploadPath);
|
||||
}
|
||||
|
||||
// 生成唯一文件名
|
||||
String originalFilename = file.getOriginalFilename();
|
||||
String extension = originalFilename.substring(originalFilename.lastIndexOf("."));
|
||||
String storedName = UUID.randomUUID() + extension;
|
||||
|
||||
// 保存文件
|
||||
Path filePath = uploadPath.resolve(storedName);
|
||||
Files.copy(file.getInputStream(), filePath);
|
||||
|
||||
// 创建图片实体
|
||||
Image image = new Image();
|
||||
image.setOriginalName(originalFilename);
|
||||
image.setStoredName(storedName);
|
||||
image.setUrl("/api/images/preview/" + storedName);
|
||||
image.setSize(file.getSize());
|
||||
image.setContentType(file.getContentType());
|
||||
image.setContentType(contentType);
|
||||
image.setCreatedAt(new Date());
|
||||
image.setMarkdownId(markdownId);
|
||||
|
||||
@@ -73,11 +101,9 @@ public class ImageServiceImpl
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
// 删除文件系统中的图片
|
||||
Path filePath = Paths.get(uploadDir, image.getStoredName());
|
||||
Files.deleteIfExists(filePath);
|
||||
|
||||
// 删除数据库记录
|
||||
this.removeById(id);
|
||||
return true;
|
||||
} catch (IOException e) {
|
||||
@@ -92,11 +118,9 @@ public class ImageServiceImpl
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
// 删除文件系统中的图片
|
||||
Path filePath = Paths.get(uploadDir, image.getStoredName());
|
||||
Files.deleteIfExists(filePath);
|
||||
|
||||
// 删除数据库记录
|
||||
this.removeById(image.getId());
|
||||
return true;
|
||||
} catch (IOException e) {
|
||||
|
||||
@@ -40,21 +40,24 @@ public class MarkdownFileServiceImpl
|
||||
public MarkdownFile updateMarkdownContent(MarkdownFile markdownFile) {
|
||||
long id;
|
||||
markdownFile.setUpdatedAt(new Date());
|
||||
// 如果ID为空或0,则视为新文件
|
||||
if (ObjectUtil.isNull(markdownFile.getId()) || markdownFile.getId() == 0L) {
|
||||
long l = snowflakeIdGenerator.nextId();
|
||||
markdownFile.setId(l);
|
||||
markdownFile.setCreatedAt(new Date());
|
||||
this.save(markdownFile); // 使用MyBatis-Plus的save方法
|
||||
this.save(markdownFile);
|
||||
id=l;
|
||||
} else {
|
||||
this.updateById(markdownFile); // 使用MyBatis-Plus的updateById方法
|
||||
this.updateById(markdownFile);
|
||||
id=markdownFile.getId();
|
||||
}
|
||||
|
||||
List<String> strings = MarkdownImageExtractor.extractImageFilenames(markdownFile.getContent());
|
||||
// 异步处理图片文件名同步
|
||||
syncImageNames(id, strings);
|
||||
|
||||
MarkdownFileVO result = markdownFileMapper.selectByIdWithGrouping(id);
|
||||
if (result != null) {
|
||||
return result;
|
||||
}
|
||||
return markdownFile;
|
||||
}
|
||||
|
||||
|
||||
@@ -22,38 +22,46 @@ import org.springframework.stereotype.Service;
|
||||
import org.springframework.transaction.annotation.Transactional;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Calendar;
|
||||
import java.util.Date;
|
||||
|
||||
@Service
|
||||
@Transactional
|
||||
public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements UserService, UserDetailsService {
|
||||
|
||||
private static final int MIN_USERNAME_LENGTH = 2;
|
||||
private static final int MAX_USERNAME_LENGTH = 8;
|
||||
private static final int MIN_PASSWORD_LENGTH = 6;
|
||||
private static final int MAX_PASSWORD_LENGTH = 12;
|
||||
|
||||
@Autowired
|
||||
private UserMapper userMapper;
|
||||
|
||||
/**
|
||||
* 重写Spring Security的loadUserByUsername方法,用于用户认证
|
||||
* @param username 用户名
|
||||
* @return UserDetails 用户详细信息
|
||||
* @throws UsernameNotFoundException 当用户未找到时抛出此异常
|
||||
*/
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
|
||||
// 根据用户名从数据库查询用户信息
|
||||
User user = userMapper.findByUsername(username);
|
||||
// 判断用户是否存在,如果不存在则抛出异常
|
||||
if (ObjectUtil.isNull(user)) {
|
||||
throw new UsernameNotFoundException("User not found with username: " + username);
|
||||
}
|
||||
// 返回UserDetails对象,包含用户名、密码和权限列表
|
||||
// 这里使用Spring Security提供的User类实现UserDetails接口
|
||||
// 参数分别为:用户名,密码,权限集合(这里使用空集合表示无额外权限)
|
||||
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>()); // 账号,密码,权限
|
||||
return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), new ArrayList<>());
|
||||
}
|
||||
|
||||
@Override
|
||||
public User register(String username, String password, String email) {
|
||||
if (username == null || username.trim().isEmpty()) {
|
||||
throw new RegistrationException("用户名不能为空");
|
||||
}
|
||||
username = username.trim();
|
||||
if (username.length() < MIN_USERNAME_LENGTH || username.length() > MAX_USERNAME_LENGTH) {
|
||||
throw new RegistrationException("用户名长度必须在" + MIN_USERNAME_LENGTH + "-" + MAX_USERNAME_LENGTH + "位之间");
|
||||
}
|
||||
|
||||
if (password == null || password.isEmpty()) {
|
||||
throw new RegistrationException("密码不能为空");
|
||||
}
|
||||
if (password.length() < MIN_PASSWORD_LENGTH || password.length() > MAX_PASSWORD_LENGTH) {
|
||||
throw new RegistrationException("密码长度必须在" + MIN_PASSWORD_LENGTH + "-" + MAX_PASSWORD_LENGTH + "位之间");
|
||||
}
|
||||
|
||||
String encrypt = PasswordUtils.encrypt(password);
|
||||
LambdaQueryWrapper<User> queryWrapper = new LambdaQueryWrapper<>();
|
||||
queryWrapper.eq(User::getUsername, username);
|
||||
@@ -69,7 +77,6 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
|
||||
user.setUsername(username);
|
||||
user.setPassword(encrypt);
|
||||
user.setEmail(email);
|
||||
// user.setCreatedAt(new Date()); // Let the database handle the default value
|
||||
userMapper.insert(user);
|
||||
return user;
|
||||
}
|
||||
@@ -97,7 +104,6 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
|
||||
queryWrapper.eq(User::getId, id)
|
||||
.eq(User::getToken, token);
|
||||
User user = getOne(queryWrapper);
|
||||
// 修改过期检查逻辑
|
||||
return ObjectUtil.isNotNull(user) && new Date().before(user.getTokenEnddata());
|
||||
}
|
||||
|
||||
@@ -107,11 +113,19 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
|
||||
if (ObjectUtil.isNull(user)) {
|
||||
throw new BusinessException("用户不存在");
|
||||
}
|
||||
|
||||
String newPassword = updatePasswordBo.getNewPassword();
|
||||
if (newPassword == null || newPassword.isEmpty()) {
|
||||
throw new BusinessException("新密码不能为空");
|
||||
}
|
||||
if (newPassword.length() < MIN_PASSWORD_LENGTH || newPassword.length() > MAX_PASSWORD_LENGTH) {
|
||||
throw new BusinessException("密码长度必须在" + MIN_PASSWORD_LENGTH + "-" + MAX_PASSWORD_LENGTH + "位之间");
|
||||
}
|
||||
|
||||
if (!PasswordUtils.verify(updatePasswordBo.getOldPassword(), user.getPassword())) {
|
||||
throw new BusinessException("旧密码不正确");
|
||||
}
|
||||
String newPassword = PasswordUtils.encrypt(updatePasswordBo.getNewPassword());
|
||||
user.setPassword(newPassword);
|
||||
user.setPassword(PasswordUtils.encrypt(newPassword));
|
||||
updateById(user);
|
||||
}
|
||||
}
|
||||
@@ -13,7 +13,7 @@ spring:
|
||||
#
|
||||
|
||||
driver-class-name: com.mysql.cj.jdbc.Driver
|
||||
url: jdbc:mysql://hdy16-16.311169.xyz:20001/biji_db?useSSL=false&serverTimezone=UTC&characterEncoding=utf8
|
||||
url: jdbc:mysql://hdy-hk-8-8.311169.xyz:3306/biji_db?useSSL=false&serverTimezone=UTC&characterEncoding=utf8
|
||||
username: biji_user
|
||||
password: Ll12331100
|
||||
jpa:
|
||||
|
||||
@@ -33,7 +33,7 @@ datacenter:
|
||||
|
||||
# JWT 配置
|
||||
jwt:
|
||||
secret: V2VsbCwgSSBzdXBwb3NlIHRoYXQgaWYgeW91J3JlIHJlYWRpbmcgdGhpcywgeW91J3JlIHByZXR0eSBjdXJpb3VzLg== # 这是一个足够长的Base64编码密钥,满足HS512的要求
|
||||
expiration: 86400 # token有效期,单位秒,这里是24小时
|
||||
header: Authorization # JWT存储的请求头
|
||||
tokenHead: "Bearer " # JWT负载中拿到开头
|
||||
secret: ${JWT_SECRET:V2VsbCwgSSBzdXBwb3NlIHRoYXQgaWYgeW91J3JlIHJlYWRpbmcgdGhpcywgeW91J3JlIHByZXR0eSBjdXJpb3VzLg==}
|
||||
expiration: 86400
|
||||
header: Authorization
|
||||
tokenHead: "Bearer "
|
||||
|
||||
Reference in New Issue
Block a user