diff --git a/biji-houdaun/pom.xml b/biji-houdaun/pom.xml
index 6386854..a4ddcbc 100644
--- a/biji-houdaun/pom.xml
+++ b/biji-houdaun/pom.xml
@@ -126,13 +126,6 @@
org.springframework.boot
spring-boot-starter-validation
-
-
- org.bouncycastle
- bcprov-jdk18on
- 1.76
-
-
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/common/advice/GlobalExceptionHandler.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/common/advice/GlobalExceptionHandler.java
index 8c927c3..dafb899 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/common/advice/GlobalExceptionHandler.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/common/advice/GlobalExceptionHandler.java
@@ -84,4 +84,16 @@ public class GlobalExceptionHandler {
log.error("Unexpected error at {} - Error type: {}", request.getRequestURI(), e.getClass().getSimpleName());
return R.fail(ResultCode.FAILED.getCode(), "系统繁忙,请稍后再试");
}
+
+ // 修复:处理 IllegalStateException(getWriter() 已调用等问题)
+ @ExceptionHandler(IllegalStateException.class)
+ public R handleIllegalStateException(IllegalStateException e, HttpServletRequest request) {
+ log.warn("Illegal state at {}: {}", request.getRequestURI(), e.getMessage());
+ // 如果是图片预览相关请求,可能是响应已经提交
+ if (request.getRequestURI().contains("/api/images/preview")) {
+ // 响应可能已经提交,直接返回 null,避免再次写入响应
+ return null;
+ }
+ return R.fail(ResultCode.FAILED.getCode(), "请求处理失败");
+ }
}
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/GroupingController.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/GroupingController.java
index 47d54a9..8036ce3 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/GroupingController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/GroupingController.java
@@ -52,11 +52,9 @@ public class GroupingController {
@PreAuthorize("hasRole('ADMIN')")
@PutMapping("/{id}")
public R updateGrouping(
- @PathVariable String id,
+ @PathVariable Long id,
@RequestBody Grouping grouping) {
-
- long l = Long.parseLong(id);
- grouping.setId(l);
+ grouping.setId(id);
Grouping updated = groupingService.updateGrouping(grouping);
return R.success(updated);
}
@@ -64,9 +62,8 @@ public class GroupingController {
@Operation(summary = "删除分组")
@PreAuthorize("hasRole('ADMIN')")
@DeleteMapping("/{id}")
- public R deleteGrouping(@PathVariable String id) {
- Long idLong = Long.parseLong(id);
- groupingService.deleteGrouping(idLong);
+ public R deleteGrouping(@PathVariable Long id) {
+ groupingService.deleteGrouping(id);
return R.success();
}
}
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/ImageController.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/ImageController.java
index 81e8117..56015f0 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/ImageController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/ImageController.java
@@ -81,43 +81,48 @@ public class ImageController {
@Operation(summary = "在线预览", description = "浏览器直接打开文件流")
@GetMapping("/preview/{url}")
public void preview(@PathVariable String url, HttpServletResponse resp) throws IOException {
- // 修复:使用 try-with-resources 确保 PrintWriter 关闭
- try (PrintWriter writer = resp.getWriter()) {
- if (StrUtil.isBlank(url)) {
- resp.setStatus(404);
- writer.write("{\"code\":404,\"msg\":\"文件不存在\",\"data\":null}");
- return;
- }
-
- String sanitizedUrl = sanitizeFileName(url);
- if (sanitizedUrl == null) {
- resp.setStatus(403);
- writer.write("{\"code\":403,\"msg\":\"非法文件路径\",\"data\":null}");
- return;
- }
-
- Path basePath = Paths.get(rootPath).normalize().toAbsolutePath();
- Path filePath = basePath.resolve(sanitizedUrl).normalize();
-
- if (!filePath.startsWith(basePath)) {
- resp.setStatus(403);
- writer.write("{\"code\":403,\"msg\":\"非法文件路径\",\"data\":null}");
- return;
- }
-
- File file = filePath.toFile();
- if (!file.exists() || !file.isFile()) {
- resp.setStatus(404);
- writer.write("{\"code\":404,\"msg\":\"文件不存在\",\"data\":null}");
- return;
- }
-
- String contentTypeFromFileExtension = getContentTypeFromFileExtension(url);
- resp.setContentType(contentTypeFromFileExtension);
- resp.setContentLengthLong(file.length());
- try (FileInputStream in = new FileInputStream(file)) {
- StreamUtils.copy(in, resp.getOutputStream());
- }
+ // 注意:不能同时调用 resp.getWriter() 和 resp.getOutputStream()
+
+ if (StrUtil.isBlank(url)) {
+ resp.setStatus(404);
+ resp.setContentType("application/json;charset=UTF-8");
+ resp.getWriter().write("{\"code\":404,\"msg\":\"文件不存在\",\"data\":null}");
+ return;
+ }
+
+ String sanitizedUrl = sanitizeFileName(url);
+ if (sanitizedUrl == null) {
+ resp.setStatus(403);
+ resp.setContentType("application/json;charset=UTF-8");
+ resp.getWriter().write("{\"code\":403,\"msg\":\"非法文件路径\",\"data\":null}");
+ return;
+ }
+
+ Path basePath = Paths.get(rootPath).normalize().toAbsolutePath();
+ Path filePath = basePath.resolve(sanitizedUrl).normalize();
+
+ if (!filePath.startsWith(basePath)) {
+ resp.setStatus(403);
+ resp.setContentType("application/json;charset=UTF-8");
+ resp.getWriter().write("{\"code\":403,\"msg\":\"非法文件路径\",\"data\":null}");
+ return;
+ }
+
+ File file = filePath.toFile();
+ if (!file.exists() || !file.isFile()) {
+ resp.setStatus(404);
+ resp.setContentType("application/json;charset=UTF-8");
+ resp.getWriter().write("{\"code\":404,\"msg\":\"文件不存在\",\"data\":null}");
+ return;
+ }
+
+ String contentTypeFromFileExtension = getContentTypeFromFileExtension(url);
+ resp.setContentType(contentTypeFromFileExtension);
+ resp.setContentLengthLong(file.length());
+ // 文件流直接输出,不使用 try-with-resources 包装整个方法
+ try (FileInputStream in = new FileInputStream(file)) {
+ StreamUtils.copy(in, resp.getOutputStream());
+ resp.getOutputStream().flush();
}
}
@@ -125,7 +130,9 @@ public class ImageController {
if (StrUtil.isBlank(fileName)) {
return null;
}
- if (fileName.contains("..") || fileName.contains("/") || fileName.contains("\\") || fileName.contains(":")) {
+ // 修复:使用白名单验证文件名格式(只允许 UUID 格式)
+ // 例如:550e8400-e29b-41d4-a716-446655440000.jpg
+ if (!fileName.matches("^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}\\.[a-zA-Z0-9]+$")) {
return null;
}
return fileName;
@@ -162,6 +169,7 @@ public class ImageController {
}
String extension = fileName.substring(fileName.lastIndexOf('.') + 1).toLowerCase();
+ // 使用更安全的 MIME 类型映射,只允许图片类型
switch (extension) {
case "jpg":
case "jpeg":
@@ -177,8 +185,27 @@ public class ImageController {
case "svg":
return "image/svg+xml";
default:
+ // 对于未知的扩展名,返回通用的二进制流类型,避免执行风险
return "application/octet-stream";
}
}
+
+ /**
+ * 验证文件是否为允许的图片类型
+ * @param contentType 文件内容类型
+ * @return 是否允许
+ */
+ private boolean isAllowedImageType(String contentType) {
+ if (StrUtil.isBlank(contentType)) {
+ return false;
+ }
+ // 只允许标准的图片 MIME 类型
+ return contentType.equals("image/jpeg") ||
+ contentType.equals("image/png") ||
+ contentType.equals("image/gif") ||
+ contentType.equals("image/bmp") ||
+ contentType.equals("image/webp") ||
+ contentType.equals("image/svg+xml");
+ }
}
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
index 5f4c9da..ad96ed7 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
@@ -85,7 +85,7 @@ public class MarkdownController {
@Operation(summary = "根据分组ID获取Markdown文件")
@GetMapping("/grouping/{groupingId}")
- public R> getFilesByGroupingId(@PathVariable String groupingId) {
+ public R> getFilesByGroupingId(@PathVariable Long groupingId) {
List files = markdownFileService.getFilesByGroupingId(groupingId);
return R.success(files);
}
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
index 61ba17e..2f8ee6f 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/UserController.java
@@ -112,7 +112,7 @@ public class UserController {
return R.fail("无法获取用户信息,删除失败");
}
- userService.deleteUser(user.getId().intValue());
+ userService.deleteUser(user.getId());
return R.success("用户删除成功");
}
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/mapper/MarkdownFileMapper.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/mapper/MarkdownFileMapper.java
index 7e7db93..7fa8f3f 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/mapper/MarkdownFileMapper.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/mapper/MarkdownFileMapper.java
@@ -34,7 +34,7 @@ public interface MarkdownFileMapper extends BaseMapper {
"LEFT JOIN `grouping` g ON mf.grouping_id = g.id " +
"WHERE mf.grouping_id = #{groupingId} AND mf.is_deleted = 0 " +
"ORDER BY mf.updated_at DESC")
- List selectByGroupingIdWithGrouping(@Param("groupingId") String groupingId);
+ List selectByGroupingIdWithGrouping(@Param("groupingId") Long groupingId);
/**
* 查询已删除的笔记(不包含content大字段)
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/MarkdownFileService.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/MarkdownFileService.java
index bfb29f4..0c9b7b9 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/MarkdownFileService.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/MarkdownFileService.java
@@ -28,7 +28,7 @@ public interface MarkdownFileService extends IService {
* @param groupingId 分组ID
* @return 文件列表
*/
- List getFilesByGroupingId(String groupingId);
+ List getFilesByGroupingId(Long groupingId);
/**
* 删除Markdown文件
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/UserService.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/UserService.java
index 7f10596..0f73a77 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/UserService.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/UserService.java
@@ -27,7 +27,7 @@ public interface UserService extends IService {
* 用户删除
* @param id 用户id
*/
- void deleteUser(Integer id);
+ void deleteUser(Long id);
/**
* 查询用户token是否过期
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/GroupingServiceImpl.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/GroupingServiceImpl.java
index e2937d7..58b6424 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/GroupingServiceImpl.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/GroupingServiceImpl.java
@@ -40,11 +40,15 @@ public class GroupingServiceImpl
@Override
public List getAllGroupings(Long parentId) {
- if (ObjectUtil.isNull(parentId)){
- return groupingMapper.selectList(null);
+ LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>();
+ // 只查询未删除的分组
+ queryWrapper.eq(Grouping::getIsDeleted, 0);
+ if (ObjectUtil.isNotNull(parentId)){
+ queryWrapper.eq(Grouping::getParentId, parentId);
}
- return groupingMapper.selectList(new LambdaQueryWrapper()
- .eq(Grouping::getParentId, parentId));
+ // 限制最大返回数量,防止内存溢出
+ queryWrapper.last("LIMIT 1000");
+ return groupingMapper.selectList(queryWrapper);
}
@Override
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/ImageServiceImpl.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/ImageServiceImpl.java
index 4091921..48359d7 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/ImageServiceImpl.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/ImageServiceImpl.java
@@ -103,6 +103,7 @@ public class ImageServiceImpl
Image image = new Image();
image.setOriginalName(originalFilename);
image.setStoredName(storedName);
+ // 返回相对路径,前端会根据环境自动拼接 baseURL
image.setUrl("/api/images/preview/" + storedName);
image.setSize(file.getSize());
image.setContentType(contentType);
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/MarkdownFileServiceImpl.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/MarkdownFileServiceImpl.java
index 0fb1595..b741046 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/MarkdownFileServiceImpl.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/MarkdownFileServiceImpl.java
@@ -2,6 +2,7 @@ package com.test.bijihoudaun.service.impl;
import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.ObjectUtil;
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.conditions.update.LambdaUpdateWrapper;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
@@ -105,7 +106,7 @@ public class MarkdownFileServiceImpl
@Override
- public List getFilesByGroupingId(String groupingId) {
+ public List getFilesByGroupingId(Long groupingId) {
return markdownFileMapper.selectByGroupingIdWithGrouping(groupingId);
}
@@ -130,13 +131,12 @@ public class MarkdownFileServiceImpl
@Override
public List searchByTitle(String keyword) {
- // 修复:转义特殊字符防止 SQL 注入
+ // 修复:使用 LambdaQueryWrapper 避免 SQL 注入风险
if (keyword == null || keyword.trim().isEmpty()) {
return List.of();
}
- String escapedKeyword = keyword.replace("%", "\\%").replace("_", "\\_");
- QueryWrapper queryWrapper = new QueryWrapper<>();
- queryWrapper.like("title", escapedKeyword);
+ LambdaQueryWrapper queryWrapper = new LambdaQueryWrapper<>();
+ queryWrapper.like(MarkdownFile::getTitle, keyword);
return this.list(queryWrapper);
}
diff --git a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java
index 787f918..6e73581 100644
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/service/impl/UserServiceImpl.java
@@ -13,7 +13,6 @@ import com.test.bijihoudaun.service.UserService;
import com.test.bijihoudaun.util.JwtTokenUtil;
import com.test.bijihoudaun.util.LoginLockUtil;
import com.test.bijihoudaun.util.PasswordUtils;
-import com.test.bijihoudaun.util.UuidV7;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.GrantedAuthority;
@@ -126,7 +125,7 @@ public class UserServiceImpl extends ServiceImpl implements Us
}
@Override
- public void deleteUser(Integer id) {
+ public void deleteUser(Long id) {
userMapper.deleteById(id);
}
diff --git a/biji-houdaun/src/main/resources/application.yml b/biji-houdaun/src/main/resources/application.yml
index a81600d..4c28365 100644
--- a/biji-houdaun/src/main/resources/application.yml
+++ b/biji-houdaun/src/main/resources/application.yml
@@ -1,6 +1,6 @@
+# 服务器配置
server:
port: 8084
- forward-headers-strategy: framework
spring:
web:
@@ -12,13 +12,16 @@ spring:
active: dev
servlet:
multipart:
- max-file-size: 10MB # ???????5MB
- max-request-size: 10MB # ???????5MB
+ max-file-size: 10MB
+ max-request-size: 10MB
+
+# 文件上传路径
file:
upload-dir: uploads
-
-#??
+# 内存保护阈值 (MB)
+memory:
+ threshold: 100
## Snowflake ID?????
@@ -29,11 +32,20 @@ worker:
datacenter:
id: 1
-
-
# JWT 配置
jwt:
secret: ${JWT_SECRET:V2VsbCwgSSBzdXBwb3NlIHRoYXQgaWYgeW91J3JlIHJlYWRpbmcgdGhpcywgeW91J3JlIHByZXR0eSBjdXJpb3VzLg==}
expiration: 86400
header: Authorization
tokenHead: "Bearer "
+
+# 管理员用户名配置
+admin:
+ username: ${ADMIN_USERNAME:admin}
+
+# 日志配置
+logging:
+ level:
+ com.test.bijihoudaun: INFO
+ pattern:
+ console: "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n"
diff --git a/biji-qianduan/package-lock.json b/biji-qianduan/package-lock.json
index 5668fb1..275db52 100644
--- a/biji-qianduan/package-lock.json
+++ b/biji-qianduan/package-lock.json
@@ -10,6 +10,7 @@
"dependencies": {
"@kangc/v-md-editor": "^2.2.4",
"codemirror": "^6.0.1",
+ "dompurify": "^3.3.1",
"element-plus": "^2.7.6",
"highlight.js": "^11.11.1",
"html2canvas": "^1.4.1",
@@ -2585,10 +2586,13 @@
}
},
"node_modules/dompurify": {
- "version": "3.1.6",
- "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz",
- "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==",
- "license": "(MPL-2.0 OR Apache-2.0)"
+ "version": "3.3.1",
+ "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
+ "integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+ "license": "(MPL-2.0 OR Apache-2.0)",
+ "optionalDependencies": {
+ "@types/trusted-types": "^2.0.7"
+ }
},
"node_modules/element-plus": {
"version": "2.10.4",
@@ -3414,16 +3418,6 @@
"html2canvas": "^1.0.0-rc.5"
}
},
- "node_modules/jspdf/node_modules/dompurify": {
- "version": "3.2.6",
- "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.6.tgz",
- "integrity": "sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==",
- "license": "(MPL-2.0 OR Apache-2.0)",
- "optional": true,
- "optionalDependencies": {
- "@types/trusted-types": "^2.0.7"
- }
- },
"node_modules/katex": {
"version": "0.13.24",
"resolved": "https://registry.npmjs.org/katex/-/katex-0.13.24.tgz",
@@ -3705,6 +3699,12 @@
"web-worker": "^1.2.0"
}
},
+ "node_modules/mermaid/node_modules/dompurify": {
+ "version": "3.1.6",
+ "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz",
+ "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==",
+ "license": "(MPL-2.0 OR Apache-2.0)"
+ },
"node_modules/mermaid/node_modules/katex": {
"version": "0.16.22",
"resolved": "https://registry.npmjs.org/katex/-/katex-0.16.22.tgz",
diff --git a/biji-qianduan/package.json b/biji-qianduan/package.json
index 86dd32a..f76a31e 100644
--- a/biji-qianduan/package.json
+++ b/biji-qianduan/package.json
@@ -13,6 +13,7 @@
"dependencies": {
"@kangc/v-md-editor": "^2.2.4",
"codemirror": "^6.0.1",
+ "dompurify": "^3.3.1",
"element-plus": "^2.7.6",
"highlight.js": "^11.11.1",
"html2canvas": "^1.4.1",
@@ -24,7 +25,7 @@
},
"devDependencies": {
"@vitejs/plugin-vue": "^5.0.5",
- "vite": "^5.3.1",
- "terser": "^5.31.3"
+ "terser": "^5.31.3",
+ "vite": "^5.3.1"
}
}
diff --git a/biji-qianduan/src/api/CommonApi.js b/biji-qianduan/src/api/CommonApi.js
index 43cd4f1..7c11dec 100644
--- a/biji-qianduan/src/api/CommonApi.js
+++ b/biji-qianduan/src/api/CommonApi.js
@@ -2,8 +2,8 @@ import axiosApi from '@/utils/axios.js'
-// 修复:使用 encodeURIComponent 编码 URL 参数,防止注入
-export const groupingId = (data) => axiosApi.get(`/api/markdown/grouping/${encodeURIComponent(data)}`)
+// 根据分组ID获取Markdown文件列表
+export const groupingId = (groupingId) => axiosApi.get(`/api/markdown/grouping/${encodeURIComponent(groupingId)}`)
// 获取所有分组
export const groupingAll = (data) => {
if (data) {
@@ -71,16 +71,17 @@ export const register = (data) => {
const formData = new FormData()
formData.append('username', data.username)
formData.append('password', data.password)
+ formData.append('email', data.email || '') // 修复:添加 email 参数
formData.append('registrationCode', data.registrationCode)
return axiosApi.post('/api/user/register', formData, {
headers: {
'Content-Type': 'multipart/form-data'
}
-
})
}
// 更新分组名称
+// 修复:使用与后端 Grouping 实体类匹配的字段名
export const updateGroupingName = (id, newName) => {
return axiosApi.put(`/api/groupings/${id}`, { grouping: newName });
}
@@ -106,20 +107,6 @@ export const getRecentFiles = (limit = 16) => axiosApi.get(`/api/markdown/recent
-// MD5哈希
-export const MD5 = (data, file) => {
- const formData = new FormData()
- if (data) formData.append('input', data)
- if (file) formData.append('file', file)
- return axiosApi.post('/api/common/md5', formData, {
- headers: {
- 'Content-Type': 'multipart/form-data'
- }
- })
-}
-
-
-
diff --git a/biji-qianduan/src/components/HomePage.vue b/biji-qianduan/src/components/HomePage.vue
index 8f5becd..4081b8c 100644
--- a/biji-qianduan/src/components/HomePage.vue
+++ b/biji-qianduan/src/components/HomePage.vue
@@ -130,11 +130,12 @@
diff --git a/biji-qianduan/src/components/home/NoteEditor.vue b/biji-qianduan/src/components/home/NoteEditor.vue
index d506a2e..cb5fb80 100644
--- a/biji-qianduan/src/components/home/NoteEditor.vue
+++ b/biji-qianduan/src/components/home/NoteEditor.vue
@@ -32,9 +32,9 @@ const vditor = ref(null);
const currentId = ref(null);
const isInitialized = ref(false);
const saveStatus = ref('');
-let saveTimeout = null;
-let lastSavedContent = ref('');
-let isSaving = ref(false);
+const saveTimeout = ref(null); // 修复:使用 ref 替代 let,确保响应式追踪
+const lastSavedContent = ref('');
+const isSaving = ref(false);
// 维护当前最新的笔记数据
const currentData = ref({ ...props.editData });
@@ -63,9 +63,9 @@ const initVditor = () => {
input: (value) => {
if (!isInitialized.value) return;
- clearTimeout(saveTimeout);
+ clearTimeout(saveTimeout.value);
saveStatus.value = '正在输入...';
- saveTimeout = setTimeout(() => {
+ saveTimeout.value = setTimeout(() => {
if (!isSaving.value && value !== lastSavedContent.value) {
save(value);
}
@@ -78,9 +78,14 @@ const initVditor = () => {
if (!file) return;
uploadImage(file).then(res => {
- const url = res.url;
+ // 后端返回相对路径,拼接成完整 URL
+ const relativeUrl = res.url;
const baseUrl = import.meta.env.VITE_API_BASE_URL || '';
- vditor.value.insertValue(``);
+ // 确保 URL 格式正确,避免双斜杠
+ const fullUrl = baseUrl.endsWith('/') && relativeUrl.startsWith('/')
+ ? baseUrl + relativeUrl.substring(1)
+ : baseUrl + relativeUrl;
+ vditor.value.insertValue(``);
}).catch((error) => {
// 错误已在 axios 拦截器中显示,这里不再重复显示
console.error('图片上传失败:', error);
@@ -185,7 +190,11 @@ onMounted(() => {
});
onBeforeUnmount(() => {
- clearTimeout(saveTimeout);
+ // 修复:确保清理定时器
+ if (saveTimeout.value) {
+ clearTimeout(saveTimeout.value);
+ saveTimeout.value = null;
+ }
if (vditor.value) {
vditor.value.destroy();
vditor.value = null;
diff --git a/biji-qianduan/src/components/home/NotePreview.vue b/biji-qianduan/src/components/home/NotePreview.vue
index 37aad2b..488e74d 100644
--- a/biji-qianduan/src/components/home/NotePreview.vue
+++ b/biji-qianduan/src/components/home/NotePreview.vue
@@ -46,6 +46,11 @@
内容加载中...
+
+
+
+ 正在渲染...
+
diff --git a/biji-qianduan/src/stores/user.js b/biji-qianduan/src/stores/user.js
index a9250e0..13dd5a3 100644
--- a/biji-qianduan/src/stores/user.js
+++ b/biji-qianduan/src/stores/user.js
@@ -5,6 +5,7 @@ export const useUserStore = defineStore('user', {
state: () => ({
token: '',
userInfo: null,
+ tokenExpiry: null, // 添加 Token 过期时间
}),
actions: {
async login(username, password) {
@@ -12,6 +13,9 @@ export const useUserStore = defineStore('user', {
const response = await loginApi({ username, password });
if (response && response.token) {
this.token = response.token;
+ // 解析 JWT 获取过期时间
+ const payload = JSON.parse(atob(response.token.split('.')[1]));
+ this.tokenExpiry = payload.exp * 1000; // 转换为毫秒
if (response.userInfo) {
this.userInfo = response.userInfo;
}
@@ -26,10 +30,16 @@ export const useUserStore = defineStore('user', {
logout() {
this.token = '';
this.userInfo = null;
+ this.tokenExpiry = null;
+ },
+ // 检查 Token 是否过期
+ isTokenExpired() {
+ if (!this.tokenExpiry) return true;
+ return Date.now() >= this.tokenExpiry;
},
},
getters: {
- isLoggedIn: (state) => !!state.token,
+ isLoggedIn: (state) => !!state.token && Date.now() < (state.tokenExpiry || 0),
// 添加:判断是否为管理员
isAdmin: (state) => state.userInfo?.role === 'ADMIN',
},
@@ -38,7 +48,7 @@ export const useUserStore = defineStore('user', {
strategies: [
{
key: 'user-store',
- storage: sessionStorage,
+ storage: sessionStorage, // 使用 sessionStorage,比 localStorage 更安全
}
],
},
diff --git a/sql/mysql/all.sql b/sql/mysql/all.sql
index 7eacc2e..84ae701 100644
--- a/sql/mysql/all.sql
+++ b/sql/mysql/all.sql
@@ -6,7 +6,7 @@ SET FOREIGN_KEY_CHECKS = 0;
-- 1. 分组表
DROP TABLE IF EXISTS `grouping`;
CREATE TABLE `grouping` (
- `id` bigintBIGINT(20) NOT NULL AUTO_INCREMENT,
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
`grouping` VARCHAR(255) NOT NULL,
`parentId` BIGINT(20) DEFAULT NULL,
`is_deleted` TINYINT(1) DEFAULT 0,
diff --git a/uploads/8357c5d3-eaa4-4aed-8306-ae91da62340b.png b/uploads/8357c5d3-eaa4-4aed-8306-ae91da62340b.png
new file mode 100644
index 0000000..94d005b
Binary files /dev/null and b/uploads/8357c5d3-eaa4-4aed-8306-ae91da62340b.png differ