出库导出excel

pang.jiabao

2025-10-23 c0a718538ba8661f235d524ed335cbf7b1919962

 src/main/java/com/zy/common/config/AdminInterceptor.java

@@ -2,11 +2,13 @@

import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import com.core.annotations.AppAuth;
import com.core.annotations.ManagerAuth;
import com.core.common.BaseRes;
import com.core.common.Cools;
import com.zy.common.properties.SystemProperties;
import com.zy.common.utils.Http;
import com.zy.common.utils.SqlInjectionUtils;
import com.zy.system.entity.*;
import com.zy.system.service.*;
import org.springframework.beans.factory.annotation.Autowired;
@@ -21,6 +23,7 @@
import javax.servlet.http.HttpServletResponse;
import java.lang.reflect.Method;
import java.util.Date;
import java.util.Map;

/**
 * Created by vincent on 2019-06-13
@@ -49,17 +52,22 @@
        }
        // super账号
        String token = request.getHeader("token");
        if (token!=null) {
        if (token != null) {
            String deToken = Cools.deTokn(token, superPwd);
            if (deToken!=null){
            if (deToken != null) {
                long timestamp = Long.parseLong(deToken.substring(0, 13));
                // 1天后过期
                if (System.currentTimeMillis() - timestamp > 86400000){
                if (System.currentTimeMillis() - timestamp > 86400000) {
                    Http.response(response, BaseRes.DENIED);
                    return false;
                }
                if ("super".equals(deToken.substring(13))) {
                    request.setAttribute("userId", 9527);
                    Map<String, String[]> parameterMap = request.getParameterMap();
                    if (!Cools.isEmpty(parameterMap) && SqlInjectionUtils.check(JSON.toJSONString(parameterMap))) {
                        Http.response(response, "sql注入，请正规访问");
                        return false;
                    }
                    return true;
                }
            }
@@ -73,9 +81,15 @@
        // response.setHeader("Access-Control-Allow-Origin", "*");
        HandlerMethod handlerMethod = (HandlerMethod) handler;
        Method method = handlerMethod.getMethod();
        if (method.isAnnotationPresent(ManagerAuth.class)){
        if (method.isAnnotationPresent(AppAuth.class)) {
            AppAuth annotation = method.getAnnotation(AppAuth.class);
            if (annotation.value().equals(AppAuth.Auth.CHECK)) {
                request.setAttribute("appAuth", annotation.memo());
            }
        }
        if (method.isAnnotationPresent(ManagerAuth.class)) {
            ManagerAuth annotation = method.getAnnotation(ManagerAuth.class);
            if (annotation.value().equals(ManagerAuth.Auth.CHECK)){
            if (annotation.value().equals(ManagerAuth.Auth.CHECK)) {
                return check(request, response, annotation.memo());
            }
        }
@@ -92,19 +106,24 @@
        }
    }

    @Override
    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, @Nullable Exception ex) throws Exception {
//        Object r = request.getAttribute("cool-response");
    }

    private boolean check(HttpServletRequest request, HttpServletResponse response, String memo) {
        try {
            String token = request.getHeader("token");
            UserLogin userLogin = userLoginService.selectOne(new EntityWrapper<UserLogin>().eq("token", token));
            if (null == userLogin){
            if (null == userLogin) {
                Http.response(response, BaseRes.DENIED);
                return false;
            }
            User user = userService.selectById(userLogin.getUserId());
//            String deToken = Cools.deTokn(token, user.getPassword());
//            long timestamp = Long.parseLong(deToken.substring(0, 13));
            // 15分钟后过期
            if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 900000){
            // 15分钟后过期  一天
            if (System.currentTimeMillis() - userLogin.getCreateTime().getTime() > 86400000) {
                Http.response(response, BaseRes.DENIED);
                return false;
            }
@@ -113,6 +132,12 @@
                Http.response(response, BaseRes.LIMIT);
                return false;
            }
            Map<String, String[]> parameterMap = request.getParameterMap();
            if (!Cools.isEmpty(parameterMap) && SqlInjectionUtils.check(JSON.toJSONString(parameterMap))) {
                Http.response(response, "sql注入，请正规访问");
                return false;
            }

            // 请求缓存
            request.setAttribute("userId", user.getId());
            // 更新 token 有效期
@@ -127,14 +152,14 @@
                }
                // 记录操作日志
                OperateLog operateLog = new OperateLog();
                operateLog.setAction(Cools.isEmpty(memo)?request.getRequestURI():memo);
                operateLog.setAction(Cools.isEmpty(memo) ? request.getRequestURI() : memo);
                operateLog.setIp(request.getRemoteAddr());
                operateLog.setUserId(user.getId());
                operateLog.setRequest(JSON.toJSONString(request.getParameterMap()));
                request.setAttribute("operateLog", operateLog);
            }
            return true;
        } catch (Exception e){
        } catch (Exception e) {
            Http.response(response, BaseRes.DENIED);
            return false;
        }
@@ -143,6 +168,7 @@

    /**
     * 权限拦截
     *
     * @return false:无权限;   true:认证通过
     */
    private boolean limit(String action, User user) {
@@ -160,7 +186,7 @@
    /**
     * 跨域
     */
    public static void cors(HttpServletResponse response){
    public static void cors(HttpServletResponse response) {
        // 跨域设置
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Credentials", "true");