性能测试代码优化

pom.xml

@@ -27,7 +27,7 @@
         <jackson.version>2.9.8</jackson.version>
         <jjwt.version>0.9.1</jjwt.version>
         <transmittable-thread-local.version>2.14.2</transmittable-thread-local.version>
-        <hutool.version>5.4.1</hutool.version>
+        <hutool.version>5.7.12</hutool.version>
         <redisson.version>3.20.1</redisson.version>
         <lock4j.version>2.2.3</lock4j.version>
         <easyexcel.version>2.2.3</easyexcel.version>

soc-api/soc-api-system/src/main/java/com/xunmei/system/api/factory/RemoteEduTrainingFallbackFactory.java

@@ -24,17 +24,17 @@ public class RemoteEduTrainingFallbackFactory implements FallbackFactory<RemoteE
         return new RemoteEduTrainingService() {
             @Override
             public AjaxResult buildEduTask(Integer cycle, Date date) {
-                return null;
+                return AjaxResult.error();
             }
 
             @Override
             public AjaxResult updateEduTaskStatus() {
-                return null;
+                return AjaxResult.error();
             }
 
             @Override
             public AjaxResult rebuild(String event, String source) {
-                return null;
+                return AjaxResult.error();
             }
         };
     }

soc-auth/src/main/java/com/xunmei/auth/service/SysLoginService.java

@@ -43,11 +43,11 @@ public class SysLoginService{
             throw new ServiceException("用户/密码必须填写");
         }
         // 密码如果不在指定范围内 错误
-        if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
+      /*  if (password.length() < UserConstants.PASSWORD_MIN_LENGTH
                 || password.length() > UserConstants.PASSWORD_MAX_LENGTH) {
             recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, "用户密码不在指定范围", platformType);
             throw new ServiceException("用户密码不在指定范围");
-        }
+        }*/
         // 用户名不在指定范围内 错误
         if (username.length() < UserConstants.USERNAME_MIN_LENGTH
                 || username.length() > UserConstants.USERNAME_MAX_LENGTH) {

soc-auth/src/main/java/com/xunmei/auth/service/SysPasswordService.java

@@ -44,7 +44,6 @@ public class SysPasswordService
         String username = user.getUsername();
 
         Integer retryCount =RedisUtils.getCacheObject(getCacheKey(username));
-        //Integer retryCount = redisService.getCacheObject(getCacheKey(username));
 
         if (retryCount == null)
         {
@@ -63,7 +62,6 @@ public class SysPasswordService
             retryCount = retryCount + 1;
             recordLogService.recordLogininfor(username, Constants.LOGIN_FAIL, String.format("密码输入错误%s次", retryCount),platformType);
             RedisUtils.setCacheObject(getCacheKey(username), retryCount, Duration.ofMinutes(lockTime));
-            //redisService.setCacheObject(getCacheKey(username), retryCount, lockTime, TimeUnit.MINUTES);
             throw new ServiceException("密码错误");
         }
         else
@@ -74,16 +72,13 @@ public class SysPasswordService
 
     public boolean matches(SysUser user, String rawPassword)
     {
-        return SecurityUtils.isEquals(user.getPassword(), rawPassword,user.getSalt());
+        return SecurityUtils.equalsSecPass(user.getPassword(), rawPassword,user.getSalt());
     }
 
 
     public void clearLoginRecordCache(String loginName)
     {
         RedisUtils.deleteObject(getCacheKey(loginName));
-        /*if (redisService.hasKey(getCacheKey(loginName)))
-        {
-            redisService.deleteObject(getCacheKey(loginName));
-        }*/
+
     }
 }

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/constant/CacheConstants.java

@@ -10,7 +10,7 @@ public class CacheConstants
     /**
      * 缓存有效期，默认720（分钟）
      */
-    public final static long EXPIRATION = 720;
+    public final static long EXPIRATION = 1500;
 
     /**
      * 缓存刷新时间，默认120（分钟）

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/utils/sign/Base64.java

@@ -84,7 +84,7 @@ public final class Base64
     {
         if (binaryData == null)
         {
-            return null;
+            return "";
         }
 
         int lengthDataBits = binaryData.length * EIGHTBIT;
@@ -198,8 +198,8 @@ public final class Base64
             if (!isData((d1 = base64Data[dataIndex++])) || !isData((d2 = base64Data[dataIndex++]))
                     || !isData((d3 = base64Data[dataIndex++])) || !isData((d4 = base64Data[dataIndex++])))
             {
-                return null;
-            } // if found "no data" just return null
+                return new byte[0];
+            }
 
             b1 = base64Alphabet[d1];
             b2 = base64Alphabet[d2];
@@ -213,7 +213,7 @@ public final class Base64
 
         if (!isData((d1 = base64Data[dataIndex++])) || !isData((d2 = base64Data[dataIndex++])))
         {
-            return null;// if found "no data" just return null
+            return new byte[0];
         }
 
         b1 = base64Alphabet[d1];

soc-common/soc-common-core/src/main/java/com/xunmei/common/core/utils/uuid/UUID.java

@@ -94,14 +94,17 @@ public final class UUID implements java.io.Serializable, Comparable<UUID>
      */
     public static UUID randomUUID(boolean isSecure)
     {
-        final Random ng = Holder.numberGenerator;
-
+        SecureRandom random = getSecureRandom();
         byte[] randomBytes = new byte[16];
-        ng.nextBytes(randomBytes);
-        randomBytes[6] &= 0x0f; /* clear version */
-        randomBytes[6] |= 0x40; /* set to version 4 */
-        randomBytes[8] &= 0x3f; /* clear variant */
-        randomBytes[8] |= 0x80; /* set to IETF variant */
+        random.nextBytes(randomBytes);
+        /* clear version */
+        randomBytes[6] &= 0x0f;
+        /* set to version 4 */
+        randomBytes[6] |= 0x40;
+        /* clear variant */
+        randomBytes[8] &= 0x3f;
+        /* set to IETF variant */
+        randomBytes[8] |= 0x80;
         return new UUID(randomBytes);
     }
 

soc-common/soc-common-security/src/main/java/com/xunmei/common/security/utils/SaltHelper.java

@@ -1,101 +0,0 @@
-package com.xunmei.common.security.utils;
-
-
-import cn.hutool.core.codec.Base64;
-import cn.hutool.core.io.resource.ClassPathResource;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.commons.codec.digest.DigestUtils;
-
-import javax.crypto.Cipher;
-import javax.crypto.spec.SecretKeySpec;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.InputStreamReader;
-import java.io.Reader;
-import java.nio.charset.StandardCharsets;
-import java.util.UUID;
-
-/**
- * Tkk
- */
-@Slf4j
-public class SaltHelper {
-
-   // private static final String KEY = "rDWBHusbFTlOURS4";
-    private static ClassPathResource resource = new ClassPathResource("key/privatekey.pri");
-
-
-    public static String decryptAES(final String content) {
-        try {
-            String Key =loadKeyFromFile(resource.getStream());
-            final SecretKeySpec skeySpec = new SecretKeySpec(Key.getBytes("UTF-8"), "AES");
-            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding","CCM"); // "算法/模式/补码方式"
-            cipher.init(Cipher.DECRYPT_MODE, skeySpec);
-            return new String(cipher.doFinal(Base64.decode(content)));
-        } catch (final Exception e) {
-//            e.printStackTrace();
-            return content;
-        }
-    }
-
-    public static String encryptAES(final String content) {
-        try {
-            String Key =loadKeyFromFile(resource.getStream());
-            final SecretKeySpec skeySpec = new SecretKeySpec(Key.getBytes("UTF-8"), "AES");
-            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding","CCM"); // "算法/模式/补码方式"
-            cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
-            return Base64.encode(cipher.doFinal(content.getBytes(StandardCharsets.UTF_8)));
-        } catch (final Exception e) {
-//            e.printStackTrace();
-            return content;
-        }
-    }
-
-    private static String loadKeyFromFile(InputStream inputStream) {
-        //将InputStream读入Reader中
-        Reader reader = new InputStreamReader(inputStream);
-        //实例化一个StringBuilder以保存结果
-        StringBuilder result = new StringBuilder();
-        //读取每个字节并转换为char，添加到StringBuilder
-        try {
-            for (int data = reader.read(); data != -1; data = reader.read()) {
-                result.append((char) data);
-            }
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-        // 将文件内容转为字符串
-        return result.toString();
-    }
-    /**
-     * 比较相等
-     *
-     * @param src
-     * @param give
-     * @param salt
-     * @return
-     */
-    public static boolean isEquals(final String src, final String give, final String salt) {
-        final String pure = decryptAES(give);
-//        log.info("[ {} ] => [ {} ]", give, pure);
-        return src.equals(exec(pure, salt));
-    }
-
-    /**
-     * @param give
-     * @param salt
-     * @return
-     */
-    public static String exec(final String give, final String salt) {
-        return DigestUtils.md5Hex(give + DigestUtils.md5Hex(salt));
-    }
-
-    /**
-     * @return
-     */
-    public static String salt() {
-        return DigestUtils.md5Hex(UUID.randomUUID()
-                                      .toString());
-    }
-
-}

soc-common/soc-common-security/src/main/java/com/xunmei/common/security/utils/SecurityUtils.java

@@ -1,7 +1,10 @@
 package com.xunmei.common.security.utils;
 
-import cn.hutool.core.codec.Base64;
 import cn.hutool.core.io.resource.ClassPathResource;
+import cn.hutool.core.util.CharsetUtil;
+import cn.hutool.crypto.Mode;
+import cn.hutool.crypto.Padding;
+import cn.hutool.crypto.symmetric.SM4;
 import cn.hutool.extra.spring.SpringUtil;
 import com.xunmei.common.core.constant.SecurityConstants;
 import com.xunmei.common.core.constant.TokenConstants;
@@ -12,14 +15,11 @@ import com.xunmei.system.api.model.LoginUser;
 import org.apache.commons.codec.digest.DigestUtils;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
-import javax.crypto.Cipher;
-import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.Reader;
-import java.nio.charset.StandardCharsets;
 import java.util.Optional;
 import java.util.UUID;
 
@@ -29,10 +29,29 @@ import java.util.UUID;
  * @author xunmei
  */
 public class SecurityUtils {
-    private static final String[] deviceArray = new String[]{"iphone", "android", "ios", "harmonyos", "deviceInfo", "phone", "mobile", "wap", "netfront", "java", "opera mobi", "opera mini", "ucweb", "windows ce", "symbian", "series", "webos", "sony", "blackberry", "dopod", "nokia", "samsung", "palmsource", "xda", "pieplus", "meizu", "midp", "cldc", "motorola", "foma", "docomo", "up.browser", "up.link", "blazer", "helio", "hosin", "huawei", "novarra", "coolpad", "webos", "techfaith", "palmsource", "alcatel", "amoi", "ktouch", "nexian", "ericsson", "philips", "sagem", "wellcom", "bunjalloo", "maui", "smartphone", "iemobile", "spice", "bird", "zte-", "longcos", "pantech", "gionee", "portalmmm", "jig browser", "hiptop", "benq", "haier", "^lct", "320x320", "240x320", "176x220", "w3c ", "acs-", "alav", "alca", "amoi", "audi", "avan", "benq", "bird", "blac", "blaz", "brew", "cell", "cldc", "cmd-", "dang", "doco", "eric", "hipt", "inno", "ipaq", "java", "jigs", "kddi", "keji", "leno", "lg-c", "lg-d", "lg-g", "lge-", "maui", "maxo", "midp", "mits", "mmef", "mobi", "mot-", "moto", "mwbp", "nec-", "newt", "noki", "oper", "palm", "pana", "pant", "phil", "play", "port", "prox", "qwap", "sage", "sams", "sany", "sch-", "sec-", "send", "seri", "sgh-", "shar", "sie-", "siem", "smal", "smar", "sony", "sph-", "symb", "t-mo", "teli", "tim-"/*, "tosh"*/, "tsm-", "upg1", "upsi", "vk-v", "voda", "wap-", "wapa", "wapi", "wapp", "wapr", "webc", "winw", "winw", "xda", "xda-", "Googlebot-Mobile", "dart", "flutter", "xunmeiapp"};
 
-    //private static final String KEY = "rDWBHusbFTlOURS4";
+    private static final String[] deviceArray = new String[]{"iphone", "android", "ios",
+            "harmonyos", "deviceInfo", "phone", "mobile", "wap", "netfront", "java",
+            "opera mobi", "opera mini", "ucweb", "windows ce", "symbian", "series", "webos",
+            "sony", "blackberry", "dopod", "nokia", "samsung", "palmsource", "xda", "pieplus",
+            "meizu", "midp", "cldc", "motorola", "foma", "docomo", "up.browser", "up.link",
+            "blazer", "helio", "hosin", "huawei", "novarra", "coolpad", "webos", "techfaith",
+            "palmsource", "alcatel", "amoi", "ktouch", "nexian", "ericsson",
+            "philips", "sagem", "wellcom", "bunjalloo", "maui", "smartphone", "iemobile",
+            "spice", "bird", "zte-", "longcos", "pantech", "gionee", "portalmmm", "jig browser",
+            "hiptop", "benq", "haier", "^lct", "320x320", "240x320", "176x220", "w3c ", "acs-", "alav",
+            "alca", "amoi", "audi", "avan", "benq", "bird", "blac", "blaz", "brew", "cell", "cldc", "cmd-",
+            "dang", "doco", "eric", "hipt", "inno", "ipaq", "java", "jigs", "kddi", "keji", "leno", "lg-c",
+            "lg-d", "lg-g", "lge-", "maui", "maxo", "midp", "mits", "mmef", "mobi", "mot-", "moto", "mwbp",
+            "nec-", "newt", "noki", "oper", "palm", "pana", "pant", "phil", "play", "port", "prox", "qwap",
+            "sage", "sams", "sany", "sch-", "sec-", "send", "seri", "sgh-", "shar", "sie-", "siem", "smal",
+            "smar", "sony", "sph-", "symb", "t-mo", "teli", "tim-", "tsm-", "upg1", "upsi", "vk-v",
+            "voda", "wap-", "wapa", "wapi", "wapp", "wapr", "webc", "winw", "winw", "xda", "xda-", "Googlebot-Mobile",
+            "dart", "flutter", "xunmeiapp"};
+
+
     private static ClassPathResource resource = new ClassPathResource("key/privatekey.pri");
+
     /**
      * 获取用户ID
      */
@@ -104,94 +123,85 @@ public class SecurityUtils {
      * @param password 密码
      * @return 加密字符串
      */
-    public static String encryptPassword(String password) {
-        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
-        return passwordEncoder.encode(password);
+    public static String encryptPassword(String password,String salt) {
+        String sm4Pass = encryptSm4(password);
+        String passwordSalt = passwordAddSalt(sm4Pass, salt);
+        return passwordSalt;
     }
 
+
     /**
-     * 判断密码是否相同
+     * sm4 解密
      *
-     * @param rawPassword     真实密码
-     * @param encodedPassword 加密后字符
-     * @return 结果
+     * @param content
+     * @return
      */
-    public static boolean matchesPassword(String rawPassword, String encodedPassword) {
-        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
-        return passwordEncoder.matches(rawPassword, encodedPassword);
+    public static String decryptSm4(String content) {
+        String key = loadKeyFromFile(resource.getStream());
+        SM4 sm4 = new SM4(Mode.ECB, Padding.PKCS5Padding, key.getBytes());
+        return sm4.decryptStr(content, CharsetUtil.CHARSET_UTF_8);
     }
 
-    public static String decryptAES(final String content) {
-        try {
-            String Key =loadKeyFromFile(resource.getStream());
-            final SecretKeySpec skeySpec = new SecretKeySpec(Key.getBytes("UTF-8"), "AES");
-            // "算法/模式/补码方式"
-            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding","CCM");
-            cipher.init(Cipher.DECRYPT_MODE, skeySpec);
-            return new String(cipher.doFinal(Base64.decode(content)));
-        } catch (final Exception e) {
-            return content;
-        }
-    }
 
-    private static String loadKeyFromFile(InputStream inputStream) {
-        //将InputStream读入Reader中
-        Reader reader = new InputStreamReader(inputStream);
-        //实例化一个StringBuilder以保存结果
-        StringBuilder result = new StringBuilder();
-        //读取每个字节并转换为char，添加到StringBuilder
-        try {
-            for (int data = reader.read(); data != -1; data = reader.read()) {
-                result.append((char) data);
-            }
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-        // 将文件内容转为字符串
-        return result.toString();
+    /**
+     * 加密为16进制，也可以加密成base64/字节数组
+     *
+     * @param content
+     * @return
+     */
+    public static String encryptSm4(String content) {
+        String key = loadKeyFromFile(resource.getStream());
+        SM4 sm4 = new SM4(Mode.ECB, Padding.PKCS5Padding, key.getBytes());
+        return sm4.encryptBase64(content);
     }
 
-    public static String encryptAES(final String content) {
-        try {
-            String Key =loadKeyFromFile(resource.getStream());
-            final SecretKeySpec skeySpec = new SecretKeySpec(Key.getBytes("UTF-8"), "AES");
-            // "算法/模式/补码方式"
-            final Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding","CCM");
-            cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
-            return Base64.encode(cipher.doFinal(content.getBytes(StandardCharsets.UTF_8)));
-        } catch (final Exception e) {
-            return content;
-        }
-    }
 
     /**
-     * 比较相等
+     * 比较密码是否相等
      *
-     * @param src
-     * @param give
+     * @param password  正确的加密密码
+     * @param inputPass 输入的明文密码
+     * @param salt      盐
+     * @return
+     */
+    public static boolean isEquals(final String password, final String inputPass, final String salt) {
+        //先进行国密加密
+        final String inputSm4 = encryptSm4(inputPass);
+        //再进行md5的编辑
+        String sm4Md5 = passwordAddSalt(inputSm4, salt);
+
+        return password.equals(sm4Md5);
+    }
+
+    /**
+     * 比较已加密未加盐的密码
+     * @param password
+     * @param inputPass
      * @param salt
      * @return
      */
-    public static boolean isEquals(final String src, final String give, final String salt) {
-        final String pure = decryptAES(give);
-        return src.equals(exec(pure, salt));
+    public static boolean equalsSecPass(final String password, final String inputPass, final String salt){
+        //再进行md5的编辑
+        String sm4Md5 = passwordAddSalt(inputPass, salt);
+        return password.equals(sm4Md5);
     }
 
     /**
-     * @param give
+     * sm4 密码加密后加盐
+     *
+     * @param sm4Md5
      * @param salt
      * @return
      */
-    public static String exec(final String give, final String salt) {
-        return DigestUtils.md5Hex(give + DigestUtils.md5Hex(salt));
+    public static String passwordAddSalt(final String sm4Md5, final String salt) {
+        return DigestUtils.md5Hex(sm4Md5 + DigestUtils.md5Hex(salt));
     }
 
     /**
      * @return
      */
     public static String salt() {
-        return DigestUtils.md5Hex(UUID.randomUUID()
-                .toString());
+        return DigestUtils.md5Hex(UUID.randomUUID().toString());
     }
 
     public static boolean isApp() {
@@ -200,4 +210,22 @@ public class SecurityUtils {
         return ua != null && org.apache.commons.lang3.StringUtils.containsAny(ua.toLowerCase(), deviceArray);
     }
 
+
+    private static String loadKeyFromFile(InputStream inputStream) {
+        //将InputStream读入Reader中
+        Reader reader = new InputStreamReader(inputStream);
+        //实例化一个StringBuilder以保存结果
+        StringBuilder result = new StringBuilder();
+        //读取每个字节并转换为char，添加到StringBuilder
+        try {
+            for (int data = reader.read(); data != -1; data = reader.read()) {
+                result.append((char) data);
+            }
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+        // 将文件内容转为字符串
+        return result.toString();
+    }
+
 }

soc-gateway/src/main/java/com/xunmei/gateway/filter/XssFilter.java

@@ -13,6 +13,7 @@ import org.springframework.core.io.buffer.*;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.http.server.reactive.ServerHttpRequestDecorator;
 import org.springframework.stereotype.Component;
@@ -96,7 +97,14 @@ public class XssFilter implements GlobalFilter, Ordered
             public HttpHeaders getHeaders()
             {
                 HttpHeaders httpHeaders = new HttpHeaders();
-                httpHeaders.putAll(super.getHeaders());
+                HttpHeaders headers = super.getHeaders();
+                // 遍历源HttpHeaders对象并验证每个头
+                for (String headerName : headers.keySet()) {
+                    String headerValue = headers.getFirst(headerName);
+                    if ( headerName.matches("[a-zA-Z0-9._\\-]+") && headerValue.matches("[a-zA-Z0-9._\\-]+")) {
+                        httpHeaders.add(headerName, headerValue);
+                    }
+                }
                 // 由于修改了请求体的body，导致content-length长度不确定，因此需要删除原先的content-length
                 httpHeaders.remove(HttpHeaders.CONTENT_LENGTH);
                 httpHeaders.set(HttpHeaders.TRANSFER_ENCODING, "chunked");

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/registerbook/service/impl/CoreRegisterBookPdfServiceImpl.java

@@ -28,6 +28,7 @@ import com.xunmei.system.api.domain.SysOrg;
 import com.xunmei.system.api.function.RemoteCallHandlerExecutor;
 import com.xunmei.system.api.vo.SysOrgVO;
 import feign.Response;
+import org.apache.commons.io.FileUtils;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.BoundValueOperations;
@@ -239,7 +240,7 @@ public class CoreRegisterBookPdfServiceImpl extends ServiceImpl<CoreRegisterBook
     public void downLoad(PdfLocalFileTempVo tempVo, HttpServletResponse response) {
         ServletOutputStream out = null;
         ByteArrayOutputStream baos = null;
-        File file = new File(tempVo.getLocalFileName());
+        File file = FileUtils.getFile(tempVo.getLocalFileName());
         if (!file.exists()) {
             response.setStatus(HttpStatus.NOT_FOUND.value());
             return;
@@ -255,8 +256,12 @@ public class CoreRegisterBookPdfServiceImpl extends ServiceImpl<CoreRegisterBook
             }
             baos.flush();
             response.setContentType("application/octet-stream");
-            response.setHeader(HttpHeaders.CONTENT_DISPOSITION,
-                    "attachment; filename=" + URLEncoder.encode(tempVo.getZipName(), "UTF-8"));
+
+
+            String header = "attachment; filename=" + URLEncoder.encode(tempVo.getZipName(), "UTF-8");
+            if(header.matches("[a-zA-Z0-9._\\-]+") ){
+                response.setHeader(HttpHeaders.CONTENT_DISPOSITION,header);
+            }
             response.setContentLength(baos.size());
             baos.writeTo(out);
             out.flush();

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/resumption/task/ResumptionTaskBusiness.java

@@ -403,18 +403,18 @@ public class ResumptionTaskBusiness extends TaskCreatingServiceImplBase<Resumpti
 
         //营业网点没有作息
         if (!workTimes.containsKey(execOrg.getId()) || CollectionUtils.isEmpty(workTimes.get(execOrg.getId()))) {
-            return null;
+            return new ArrayList<>();
         }
 
         Optional<SysWorkTime> workTimeOptional = workTimes.get(execOrg.getId()).stream().filter(t -> DateUtil.isSameDay(t.getYmdDate(), date)).findFirst();
         if (!workTimeOptional.isPresent()) {
-            return null; //没有找到某天的作息
+            return new ArrayList<>(); //没有找到某天的作息
         }
 
         if ((ObjectUtil.equal(appPlan.getPlanExec(), ExecTimeCommonEnum.NoBusiness.getCode()) && ObjectUtil.notEqual(workTimeOptional.get().getIsDuty(), 1L)) ||
                 (ObjectUtil.notEqual(appPlan.getPlanExec(), ExecTimeCommonEnum.NoBusiness.getCode()) && ObjectUtil.notEqual(workTimeOptional.get().getIsEnable(), 1L))) {
             //非营业时间没有值班打卡或其它时刻没有营业，不生成任务
-            return null;
+            return new ArrayList<>();
         }
 
         SysWorkTime workTime = workTimeOptional.get();

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/retrieval/service/impl/CoreMonitoringRetrievalTaskBuilderServiceImpl.java

@@ -97,8 +97,8 @@ public class CoreMonitoringRetrievalTaskBuilderServiceImpl extends ServiceImpl<C
             //对list进行重新编号和保存
             //对lista 按机构进行分组
             Map<Long, List<CoreMonitoringRetrievalTask>> map = lista.stream().collect(Collectors.groupingBy(CoreMonitoringRetrievalTask::getOrgId));
-            for (Long orgId : map.keySet()) {
-                List<CoreMonitoringRetrievalTask> listb = map.get(orgId);
+            for (Map.Entry<Long, List<CoreMonitoringRetrievalTask>>  entry : map.entrySet()) {
+                List<CoreMonitoringRetrievalTask> listb = entry.getValue();
                 for (int i = 0; i < listb.size(); i++) {
                     listb.get(i).setOrderNum(i + 1);
                     // 第" + frequency + "次调阅
@@ -392,8 +392,10 @@ public class CoreMonitoringRetrievalTaskBuilderServiceImpl extends ServiceImpl<C
 //        if (!plan.getPlanCycle().equals(RetrievalTaskCycle.NOCYCLE.getCode().toString())) {
         int idx = 1;
         Map<Integer, DateRange> workingDateRanges = new HashMap<>();
-        for (Integer key : dateRanges.keySet()) {
-            DateRange dateRange1 = dateRanges.get(key);
+
+
+        for (Map.Entry<Integer, DateRange> entry : workingDateRanges.entrySet()) {
+            DateRange dateRange1 = entry.getValue();
             boolean flag = true;
             if (ObjectUtil.equal(sysOrg.getType(), OrgTypeEnum.YINGYE_WANGDIAN.getCode())) {
                 flag = checkWorkTime(dateRange1.getStartTime(), dateRange1.getEndTime(), sysOrg.getId());
@@ -405,12 +407,13 @@ public class CoreMonitoringRetrievalTaskBuilderServiceImpl extends ServiceImpl<C
             }
         }
 
-        for (Integer integer : workingDateRanges.keySet()) {
-            DateRange dateRange1 = workingDateRanges.get(integer);
-            CoreMonitoringRetrievalTask task = this.buildCoreMonitoringRetrievalTask(batchNum, integer, plan, sysOrg, dateRange1, ymd, workingDateRanges.size());
+        for (Map.Entry<Integer, DateRange> entry : workingDateRanges.entrySet()) {
+            Integer key = entry.getKey();
+            DateRange dateRange1 = entry.getValue();
+            CoreMonitoringRetrievalTask task = this.buildCoreMonitoringRetrievalTask(batchNum, key, plan, sysOrg,
+                    dateRange1, ymd, workingDateRanges.size());
             taskList.add(task);
         }
-
         return taskList;
 
     }
@@ -680,42 +683,30 @@ public class CoreMonitoringRetrievalTaskBuilderServiceImpl extends ServiceImpl<C
         if (CollectionUtil.isNotEmpty(taskList)) {
             //将数据按机构分组
             Map<Long, List<CoreMonitoringRetrievalTask>> taskMap = taskList.stream().collect(Collectors.groupingBy(CoreMonitoringRetrievalTask::getOrgId));
-            for (Long key : taskMap.keySet()) {
-                List<CoreMonitoringRetrievalTask> taskList1 = taskMap.get(key);
-                //将taskList1 按batchNum进行分组
+
+            for (Map.Entry<Long, List<CoreMonitoringRetrievalTask>> entry : taskMap.entrySet()) {
+                List<CoreMonitoringRetrievalTask> taskList1 = entry.getValue();
                 Map<Long, List<CoreMonitoringRetrievalTask>> taskMap1 = taskList1.stream().collect(Collectors.groupingBy(CoreMonitoringRetrievalTask::getBatchNum));
-                for (Long key1 : taskMap1.keySet()) {
-                    List<CoreMonitoringRetrievalTask> taskList2 = taskMap1.get(key1);
-                      //获取要删除的数据
+                for (Map.Entry<Long, List<CoreMonitoringRetrievalTask>> et : taskMap.entrySet()) {
+                    List<CoreMonitoringRetrievalTask> taskList2 = et.getValue();
                     List<CoreMonitoringRetrievalTask> taskList3 =taskList2.stream().filter(t->!t.getStatus().equals("2")).collect(Collectors.toList());
                     //获取要留下的任务
                     List<CoreMonitoringRetrievalTask> taskList4 =taskList2.stream().filter(t->t.getStatus().equals("2")).collect(Collectors.toList());
-                     if(CollectionUtil.isNotEmpty(taskList3)){
-                         deleteTaskList.addAll(taskList3);
-                     }else{
-                         Long planId = taskList2.get(0).getPlanId();
-                         KeyValueVo keyValue = new KeyValueVo();
-                         keyValue.setKey(key);
-                         keyValue.setValue(planId);
-                         keyValues.add(keyValue);
-                     }
-                    if(CollectionUtil.isNotEmpty(taskList4)){
-                        baoliuTaskList.addAll(taskList4);
-                    }
-
-          /*          int num = (int) taskList2.stream().filter(t -> t.getStatus().equals(2)).count();
-                    //没有完成的任务，改批次的任务删除
-                    if (num == 0) {
-                        deleteTaskList.addAll(taskList2);
-                    } else {
+                    if(CollectionUtil.isNotEmpty(taskList3)){
+                        deleteTaskList.addAll(taskList3);
+                    }else{
                         Long planId = taskList2.get(0).getPlanId();
                         KeyValueVo keyValue = new KeyValueVo();
-                        keyValue.setKey(key);
+                        keyValue.setKey(entry.getKey());
                         keyValue.setValue(planId);
                         keyValues.add(keyValue);
-                    }*/
+                    }
+                    if(CollectionUtil.isNotEmpty(taskList4)){
+                        baoliuTaskList.addAll(taskList4);
+                    }
                 }
             }
+
         }
         objectMap.put("deleteTaskList", deleteTaskList);
         objectMap.put("baoliuTaskList", baoliuTaskList);

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/safetyCheck/job/SafetyCheckJobBusiness.java

@@ -683,8 +683,11 @@ public class SafetyCheckJobBusiness extends TaskCreatingServiceImplBase<CoreSafe
                         while (iterator.hasNext()) {
                             CoreSafecheckPlan p = iterator.next();
                             List<Integer> checkOrgTypes = coreSafecheckPlanToCheckOrgTypeMapper.selectList(new LambdaQueryWrapper<CoreSafecheckPlanToCheckOrgType>().eq(CoreSafecheckPlanToCheckOrgType::getPlanId, p.getId())).stream().map(CoreSafecheckPlanToCheckOrgType::getTypeId).collect(Collectors.toList());
-                            if (!checkOrgTypes.contains(worg.getType())) {
-                                iterator.remove();
+                            if(ObjectUtil.isNotEmpty(checkOrgTypes)){
+                                Set<Integer> acts = new HashSet<>(checkOrgTypes);
+                                if (!acts.contains(worg.getType())) {
+                                    iterator.remove();
+                                }
                             }
                         }
 

soc-modules/soc-modules-core/src/main/java/com/xunmei/core/weather/utils/HttpUtils.java

@@ -68,7 +68,7 @@ public class HttpUtils {
                 inputStream = conn.getInputStream();
                 inputStreamReader = new InputStreamReader(inputStream, "utf-8");
                 bufferedReader = new BufferedReader(inputStreamReader);
-                StringBuffer buffer = new StringBuffer();
+                StringBuffer buffer = new StringBuffer(100);
                 String str = null;
                 while ((str = bufferedReader.readLine()) != null) {
                     buffer.append(str);

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/controller/SysFileController.java

@@ -171,11 +171,11 @@ public class SysFileController {
         return R.ok(sysFileService.getRelativePath(path));
     }
 
-    @ApiOperation(value = "获取文件流")
+  /*  @ApiOperation(value = "获取文件流")
     @GetMapping(value = "/getFileStream")
     void getFileStream(@RequestParam String path, HttpServletResponse response) {
         sysFileService.getFileStream(path, response);
-    }
+    }*/
     @ApiOperation(value = "获取本地存储路径前缀")
     @GetMapping(value = "/getLocalPathPrefix")
     R<String> getLocalPathPrefix() {

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/service/ISysFileService.java

@@ -53,7 +53,6 @@ public interface ISysFileService
     String generateSafeCheckPdf(SafeCheckTaskRegisterBookVo data) throws Exception;
     String getRelativePath(String path);
 
-    void getFileStream(String path, HttpServletResponse response);
 
     String generateDrillPdf(Map<String, Object> data)throws Exception;
 

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/service/LocalSysFileServiceImpl.java

@@ -5,9 +5,11 @@ import cn.hutool.core.date.DateUtil;
 import cn.hutool.core.io.FileUtil;
 import cn.hutool.core.util.ObjectUtil;
 import com.alibaba.fastjson2.JSON;
-import com.baomidou.mybatisplus.core.toolkit.IdWorker;
 import com.lowagie.text.*;
-import com.lowagie.text.pdf.*;
+import com.lowagie.text.pdf.BaseFont;
+import com.lowagie.text.pdf.PdfPCell;
+import com.lowagie.text.pdf.PdfPTable;
+import com.lowagie.text.pdf.PdfWriter;
 import com.xunmei.common.core.constant.CacheConstants;
 import com.xunmei.common.core.domain.IdName;
 import com.xunmei.common.core.domain.registerbook.dto.CoreRegisterBookPdfExportDto;
@@ -28,7 +30,9 @@ import com.xunmei.file.vo.PdfFilePathVo;
 import com.xunmei.system.api.domain.SafeCheckTaskRegisterBookVo;
 import com.xunmei.system.api.vo.SysOrgVO;
 import io.netty.util.internal.StringUtil;
+import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.apache.tools.zip.ZipEntry;
 import org.apache.tools.zip.ZipOutputStream;
 import org.slf4j.Logger;
@@ -37,10 +41,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Primary;
 import org.springframework.data.redis.core.BoundValueOperations;
-import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.data.redis.core.StringRedisTemplate;
-import org.springframework.http.HttpHeaders;
-import org.springframework.http.MediaType;
 import org.springframework.stereotype.Service;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -53,7 +54,7 @@ import java.net.URLDecoder;
 import java.net.URLEncoder;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
-import java.time.Duration;
+import java.nio.file.Paths;
 import java.util.List;
 import java.util.*;
 import java.util.concurrent.CountDownLatch;
@@ -61,6 +62,8 @@ import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
+import static java.util.regex.Pattern.compile;
+
 /**
  * 本地文件存储
  *
@@ -72,6 +75,7 @@ import java.util.stream.Collectors;
 public class LocalSysFileServiceImpl implements ISysFileService {
 
     private static final Logger log = LoggerFactory.getLogger(LocalSysFileServiceImpl.class);
+
     public static final String TEMP_DIR_NAME = "registerBookPdfBatchExportTempDir";
 
     @Value("${file.path}")
@@ -85,20 +89,36 @@ public class LocalSysFileServiceImpl implements ISysFileService {
     @Autowired
     private StringRedisTemplate redisTemplate;
 
-    private static PdfFilePathVo getLocalFilePath(String localFilePath, String businessType, String fileName) {
-        fileName = filterPath(fileName);
-        businessType = filterPath(businessType);
-        final String path = File.separator + businessType + File.separator + DateUtil.format(new Date(), "yyyy" + File.separator + "MM" + File.separator + "dd" + File.separator);
-        final File file = new File(localFilePath + path);
+    private  PdfFilePathVo getLocalFilePath(String businessType, String fileName) {
+        // 验证输入
+        if (!isValidFileName(fileName)) {
+            throw new IllegalArgumentException("Invalid file name");
+        }
+        final String path = File.separator + businessType +
+                File.separator +
+                DateUtil.format(new Date(), "yyyy" + File.separator + "MM" + File.separator + "dd" +
+                File.separator);
+        String filePath = localFilePath + path;
+        // 规范化路径
+        String absolutePath = Paths.get(filePath).toAbsolutePath().normalize().toString();
+
+
+        final File file = FileUtils.getFile(absolutePath);
         if (!file.exists()) {
             file.mkdirs();
         }
+
         PdfFilePathVo pathVo = new PdfFilePathVo();
         pathVo.setAbsolutePath(localFilePath + path + fileName);
         pathVo.setRelativePath(path + fileName);
         return pathVo;
     }
 
+    private  boolean isValidFileName(String fileName) {
+        // 使用正则表达式检查文件名是否合法
+        return fileName.matches("[a-zA-Z0-9._\\-]+");
+    }
+
     /**
      * 修复路径操纵bug
      *
@@ -106,18 +126,12 @@ public class LocalSysFileServiceImpl implements ISysFileService {
      * @return
      */
     private static String filterPath(String param) {
-        Pattern pattern = Pattern.compile("[/\\:*?<>|]");
+        Pattern pattern = compile("[/\\:*?<>|]");
         Matcher matcher = pattern.matcher(param);
         param = matcher.replaceAll("");
         return param;
     }
 
-    private static String filterHeader(String param) {
-        Pattern pattern = Pattern.compile("[/\\:*?<>|=\\r\\n]");
-        Matcher matcher = pattern.matcher(param);
-        param = matcher.replaceAll("");
-        return param;
-    }
 
     /**
      * 本地文件上传接口
@@ -129,14 +143,12 @@ public class LocalSysFileServiceImpl implements ISysFileService {
     @Override
     public String uploadFile(MultipartFile file) throws Exception {
         String name = FileUploadUtils.upload(localFilePath, file);
-//        String url = domain + localFilePrefix + name;
         return name;
     }
 
     @Override
     public String uploadFile(MultipartFile file, String busType) throws Exception {
         String name = FileUploadUtils.upload(localFilePath, file, busType);
-//        String url = domain + localFilePrefix + name;
         return name;
     }
 
@@ -179,40 +191,6 @@ public class LocalSysFileServiceImpl implements ISysFileService {
             }
         }
     }
-
-    @Override
-    public void getFileStream(String path, HttpServletResponse response) {
-        if (ObjectUtil.isEmpty(path)) {
-            return;
-        }
-        if (!path.startsWith(this.localFilePath)) {
-            path = this.localFilePath + path;
-        }
-
-        try {
-            File file = new File(path);
-            FileInputStream inputStream = new FileInputStream(file);
-            int i = path.lastIndexOf(File.separator);
-            String fileName = path.substring(i + 1);
-            fileName = filterHeader(fileName);
-            // 设置响应头
-            response.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + fileName);
-            response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE);
-
-            // 将文件流写入响应输出流
-            byte[] buffer = new byte[1024];
-            int bytesRead;
-            while ((bytesRead = inputStream.read(buffer)) != -1) {
-                response.getOutputStream().write(buffer, 0, bytesRead);
-            }
-            inputStream.close();
-        } catch (Exception e) {
-            log.error("获取文件内容失败!");
-        }
-
-
-    }
-
     @Override
     public String getRelativePath(String path) {
         if (ObjectUtil.isEmpty(path)) {
@@ -242,8 +220,11 @@ public class LocalSysFileServiceImpl implements ISysFileService {
 
     @Override
     public String generateEduTrainingPdf(Map<String, Object> data) throws Exception {
-        PdfFilePathVo pathVo = getLocalFilePath(localFilePath, "edu", data.get("fileName").toString());
-        log.info("开始生成教育培训登记簿，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        String fileName = filterPath(data.get("fileName").toString());
+
+        PdfFilePathVo pathVo = getLocalFilePath("edu", fileName);
+        String afterStr = StringEscapeUtils.escapeEcmaScript(pathVo.getAbsolutePath());
+        log.info("开始生成教育培训登记簿，当前绝对地址为：{}", afterStr);
         final ItextPdfTableVo pdfTableVo = PdfUtil.createTable(pathVo.getAbsolutePath(), 6, 10);
         final Document document = pdfTableVo.getDocument();
         final PdfWriter writer = pdfTableVo.getWriter();
@@ -254,15 +235,16 @@ public class LocalSysFileServiceImpl implements ISysFileService {
         PdfUtil.dealEduBody(document, table, tableFont, data);
         document.close();
         writer.close();
-        log.info("教育培训登记簿生成结束，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        log.info("教育培训登记簿生成结束，当前绝对地址为：{}", afterStr);
         //此处返回  /statics/edu/xxx.pdf
         return this.prefix + pathVo.getRelativePath();
     }
 
     @Override
     public String generateResumptionPdf(Map<String, Object> data) throws Exception {
-        PdfFilePathVo pathVo = getLocalFilePath(localFilePath, "resumption", data.get("fileName").toString());
-        log.info("开始生成履职登记簿，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        PdfFilePathVo pathVo = getLocalFilePath("resumption", data.get("fileName").toString());
+        String afterStr = StringEscapeUtils.escapeEcmaScript(pathVo.getAbsolutePath());
+        log.info("开始生成履职登记簿，当前绝对地址为：{}", afterStr);
         Document document = new Document();
         PdfWriter writer = PdfWriter.getInstance(document, new FileOutputStream(pathVo.getAbsolutePath()));
         document.open();
@@ -277,15 +259,16 @@ public class LocalSysFileServiceImpl implements ISysFileService {
         PdfUtil.dealResumptionBody(document, table, tableFont, data);
         document.close();
         writer.close();
-        log.info("履职登记簿生成结束，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        log.info("履职登记簿生成结束，当前绝对地址为：{}", afterStr);
         //此处返回  /statics/edu/xxx.pdf
         return this.prefix + pathVo.getRelativePath();
     }
 
     @Override
     public String generateSafeCheckPdf(SafeCheckTaskRegisterBookVo data) throws Exception {
-        PdfFilePathVo pathVo = getLocalFilePath(localFilePath, "safeCheck", data.getDest());
-        log.info("开始生成安全检查登记簿，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        PdfFilePathVo pathVo = getLocalFilePath("safeCheck", data.getDest());
+        String afterStr = StringEscapeUtils.escapeEcmaScript(pathVo.getAbsolutePath());
+        log.info("开始生成安全检查登记簿，当前绝对地址为：{}", afterStr);
         final ItextPdfTableVo pdfTableVo = PdfUtil.createTable(pathVo.getAbsolutePath(), 46, 7);
         final Document document = pdfTableVo.getDocument();
         final PdfWriter writer = pdfTableVo.getWriter();
@@ -324,15 +307,16 @@ public class LocalSysFileServiceImpl implements ISysFileService {
 
         document.close();
         writer.close();
-        log.info("安全检查登记簿生成结束，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        log.info("安全检查登记簿生成结束，当前绝对地址为：{}", afterStr);
         //此处返回  /statics/edu/xxx.pdf
         return this.prefix + pathVo.getRelativePath();
     }
 
     @Override
     public String generateDrillPdf(Map<String, Object> data) throws Exception {
-        PdfFilePathVo pathVo = getLocalFilePath(localFilePath, "drill", data.get("fileName").toString());
-        log.info("开始生成预案演练登记簿，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        PdfFilePathVo pathVo = getLocalFilePath("drill", data.get("fileName").toString());
+        String afterStr = StringEscapeUtils.escapeEcmaScript(pathVo.getAbsolutePath());
+        log.info("开始生成预案演练登记簿，当前绝对地址为：{}", afterStr);
         final ItextPdfTableVo pdfTableVo = PdfUtil.createTable(pathVo.getAbsolutePath(), 6, 10);
         final Document document = pdfTableVo.getDocument();
         final PdfWriter writer = pdfTableVo.getWriter();
@@ -344,7 +328,7 @@ public class LocalSysFileServiceImpl implements ISysFileService {
         PdfUtil.dealDrillBody(document, table, tableFont, data);
         document.close();
         writer.close();
-        log.info("预案演练登记簿生成结束，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        log.info("预案演练登记簿生成结束，当前绝对地址为：{}", afterStr);
         //此处返回  /statics/edu/xxx.pdf
         return this.prefix + pathVo.getRelativePath();
 
@@ -352,8 +336,9 @@ public class LocalSysFileServiceImpl implements ISysFileService {
 
     @Override
     public String generateOutInPdf(Map<String, Object> data) throws Exception {
-        PdfFilePathVo pathVo = getLocalFilePath(localFilePath, "visit", data.get("fileName").toString());
-        log.info("开始生成来访管理登记簿，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        PdfFilePathVo pathVo = getLocalFilePath("visit", data.get("fileName").toString());
+        String afterStr = StringEscapeUtils.escapeEcmaScript(pathVo.getAbsolutePath());
+        log.info("开始生成来访管理登记簿，当前绝对地址为：{}", afterStr);
         final ItextPdfTableVo pdfTableVo = PdfUtil.createTable(pathVo.getAbsolutePath(), 6, 10);
         final Document document = pdfTableVo.getDocument();
         final PdfWriter writer = pdfTableVo.getWriter();
@@ -365,7 +350,7 @@ public class LocalSysFileServiceImpl implements ISysFileService {
         PdfUtil.dealOutInBody(document, table, tableFont, data);
         document.close();
         writer.close();
-        log.info("来访管理登记簿生成结束，当前绝对地址为：{}", pathVo.getAbsolutePath());
+        log.info("来访管理登记簿生成结束，当前绝对地址为：{}", afterStr);
         //此处返回  /statics/edu/xxx.pdf
         return this.prefix + pathVo.getRelativePath();
     }
@@ -646,7 +631,7 @@ public class LocalSysFileServiceImpl implements ISysFileService {
     @Override
     public InputStream getFileStream(String path) throws IOException {
         String absolutePath = this.absolutePath(path);
-        File file = new File(absolutePath);
+        File file = FileUtils.getFile(absolutePath);
         return Files.newInputStream(file.toPath());
     }
 
@@ -700,13 +685,13 @@ public class LocalSysFileServiceImpl implements ISysFileService {
             inputStream = getFileStream(pdf.getFileUrl());
             if (ObjectUtil.isEmpty(inputStream)) {
                 log.error("登记簿导出失败,文件不存在,文件名:{}", pdf.getFileUrl());
-                return null;
+                throw new RuntimeException("登记簿导出失败,文件不存在");
             }
             final String pdfFileName = pdf.getFileName();
             //pdfFileName==null的时候在下面会报错此处加个判断，要处理问题还需要在问题源头除处理
             // registerBookPdfBatchExportTempDir (Is a directory)
             if (StringUtils.isEmpty(pdfFileName)) {
-                return null;
+                throw new RuntimeException("登记簿导出失败,文件不存在");
             }
             final PdfToZipTempVo tempVo = new PdfToZipTempVo();
             //tempVo.setBytes(bytes);
@@ -800,9 +785,13 @@ public class LocalSysFileServiceImpl implements ISysFileService {
                         .collect(Collectors.toList());
                 pdfToZipTempVoList.removeIf(pdfToZipTempVo -> !FileUtil.exist(pdfToZipTempVo.getFile()));
                 log.info("登记簿全部下载完成,开始压缩文件,数量:{}", pdfToZipTempVoList.size());
+
+
                 String encodedFileName = URLEncoder.encode(CacheConstants.REGISTER_PDF_FILE_KEY + DateHelper.getDateString(date) + str + ".zip", "UTF-8");
+
                 String filePath = this.localFilePath + File.separator + encodedFileName;
-                FileOutputStream fos = new FileOutputStream(filePath);
+                File file = FileUtils.getFile(filePath);
+                FileOutputStream fos = new FileOutputStream(file);
                 ZipOutputStream zos = new ZipOutputStream(fos);
                 long fileSize = 0L;
                 for (PdfToZipTempVo tempVo : pdfToZipTempVoList) {
@@ -911,7 +900,7 @@ public class LocalSysFileServiceImpl implements ISysFileService {
 
     @Override
     public void deletedZipFile() {
-        final File dir = new File(this.localFilePath);
+        final File dir = FileUtils.getFile(this.localFilePath);
         final File[] files = dir.listFiles();
         if (ObjectUtil.isNull(files) || ObjectUtil.isEmpty(files)) {
             return;

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/utils/FileDownUtils.java

@@ -1,6 +1,7 @@
 package com.xunmei.file.utils;
 
 import com.xunmei.file.controller.SysFileController;
+import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -22,7 +23,7 @@ public class FileDownUtils {
      * @return
      */
     public static ByteArrayOutputStream downloadFile(String filePath) {
-        File file = new File(filePath);
+        File file = FileUtils.getFile(filePath);
         if (!file.exists()) {
             throw new RuntimeException("文件不存在!");
         }

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/utils/FileUploadUtils.java

@@ -12,6 +12,7 @@ import com.xunmei.common.core.utils.file.FileTypeUtils;
 import com.xunmei.common.core.utils.file.MimeTypeUtils;
 import com.xunmei.common.core.utils.uuid.Seq;
 import com.xunmei.file.vo.FileBase64Vo;
+import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang3.StringEscapeUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -109,6 +110,7 @@ public class FileUploadUtils
         String fileName = extractFilename(file);
 
         String absPath = getAbsoluteFile(baseDir, fileName).getAbsolutePath();
+
         file.transferTo(Paths.get(absPath));
         return getPathFileName(fileName);
     }
@@ -151,7 +153,8 @@ public class FileUploadUtils
 
     public static final File getAbsoluteFile(String uploadDir, String fileName) throws IOException
     {
-        File desc = new File(uploadDir + File.separator + fileName);
+        File desc = FileUtils.getFile(uploadDir,fileName);
+        //File desc = new File(uploadDir + File.separator + fileName);
         String path = StringEscapeUtils.escapeEcmaScript(desc.getAbsolutePath());
         String file = StringEscapeUtils.escapeEcmaScript(desc.getParentFile().getName());
         log.info("当前上传文件地址：{}",path);

soc-modules/soc-modules-file/src/main/java/com/xunmei/file/utils/PdfUtil.java

@@ -11,7 +11,9 @@ import com.xunmei.system.api.domain.CheckDataVo;
 import com.xunmei.system.api.domain.ResumptionPdf;
 import com.xunmei.system.api.domain.SafeCheckTaskRegisterBookVo;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.io.FileUtils;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.ApplicationContext;
 import org.springframework.core.io.Resource;
@@ -26,8 +28,10 @@ public class PdfUtil {
 
     public static ItextPdfTableVo createTable(String filename, int numColumns, int fontSize) throws Exception {
         Document document = new Document(PageSize.A4, 0, 0, 50, 0);//SUPPRESS
-        FileOutputStream fos = new FileOutputStream(filename);
-        log.info("filename,{}", filename);
+        File file = FileUtils.getFile(filename);
+        FileOutputStream fos = new FileOutputStream(file);
+        String afterStr_1 = StringEscapeUtils.escapeEcmaScript(filename);
+        log.info("filename,{}", afterStr_1);
         final PdfWriter writer = PdfWriter.getInstance(document, fos);
         document.open();
         // 使用语言包字

soc-modules/soc-modules-sync/pom.xml

@@ -74,6 +74,13 @@
         </dependency>
 
         <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>1.8</version>
+        </dependency>
+
+
+        <dependency>
             <groupId>com.xunmei</groupId>
             <artifactId>soc-common-swagger</artifactId>
             <version>${soc.version}</version>

soc-modules/soc-modules-sync/src/main/java/com/xunmei/sync/service/impl/FJNXSyncServiceImpl.java

@@ -7,7 +7,7 @@ import com.xunmei.common.core.constant.SecurityConstants;
 import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.utils.IDHelper;
 import com.xunmei.common.core.utils.bean.BeanUtils;
-import com.xunmei.common.security.utils.SaltHelper;
+import com.xunmei.common.security.utils.SecurityUtils;
 import com.xunmei.sync.config.ThirdPartySystemConfig;
 import com.xunmei.sync.domain.FjnxOrg;
 import com.xunmei.sync.domain.FjnxOrgBusinessRelation;
@@ -27,6 +27,7 @@ import com.xunmei.system.api.domain.SysUser;
 import io.netty.util.internal.StringUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.text.StringEscapeUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
@@ -833,9 +834,9 @@ public class FJNXSyncServiceImpl implements IFJNXSyncService {
         user.setOriginalOrgId(org.getId());
         if(StringUtil.isNullOrEmpty(user.getPassword()))
         {
-            final String salt = SaltHelper.salt();
+            final String salt = SecurityUtils.salt();
             user.setSalt(salt);
-            user.setPassword(SaltHelper.exec(thirdPartySystemConfig.getFjnxSyncUserDefaultPassword(), salt));
+            user.setPassword(SecurityUtils.encryptPassword(thirdPartySystemConfig.getFjnxSyncUserDefaultPassword(), salt));
         }
         return user;
     }
@@ -1070,12 +1071,13 @@ public class FJNXSyncServiceImpl implements IFJNXSyncService {
         final ArrayList<FjnxOrg> resultList = new ArrayList<>();
         Date syncDateTime = new Date();
         list.forEach(item -> {
+            String afterStr_1 = StringEscapeUtils.escapeEcmaScript(item.getOrgName());
             if(StringUtil.isNullOrEmpty(item.getOrgCode())) {
-                log.error("没有机构编码，机构名称:{}", item.getOrgName());
+                log.error("没有机构编码，机构名称:{}", afterStr_1);
                 return;
             }
             if(!ObjectUtil.equal(item.getCustomOrg(),1) && !StringUtil.isNullOrEmpty(item.getOrgPath()) && !item.getOrgPath().startsWith("/"+thirdPartySystemConfig.getFjnxSyncOrgTopOrgCode())) {
-                log.error("机构Path非 900000000 开始，不予同步，机构名称:{}，机构编码{}", item.getOrgName(),item.getOrgCode());
+                log.error("机构Path非 900000000 开始，不予同步，机构名称:{}，机构编码{}", afterStr_1,item.getOrgCode());
                 return;
             }
 
@@ -1098,15 +1100,16 @@ public class FJNXSyncServiceImpl implements IFJNXSyncService {
 
             Optional<FjnxOrgBusinessRelation> first = fjnxOrgBusinessRelationList.stream().filter(b -> b.getOrgCode().equals(item.getOrgCode())).findFirst();
             if (first.isPresent()) {
+                String afterStr = StringEscapeUtils.escapeEcmaScript(item.getOrgName());
                 if (!StringUtil.isNullOrEmpty(first.get().getBusinessParentCode()) &&  list.stream().anyMatch(y -> y.getOrgCode().equals(first.get().getBusinessParentCode()))) {
                     tempOrg.setBusinessParentCode(first.get().getBusinessParentCode());
                 } else {
-                    log.error("设置fjnx业务父级机构失败，机构名称:{}，机构编码:{}，业务父级机构编码:{}", item.getOrgName(), first.get().getOrgCode(), first.get().getBusinessParentCode());
+                    log.error("设置fjnx业务父级机构失败，机构名称:{}，机构编码:{}，业务父级机构编码:{}", afterStr, first.get().getOrgCode(), first.get().getBusinessParentCode());
                 }
                 if (!StringUtil.isNullOrEmpty(first.get().getTreeShowParentCode()) &&  list.stream().anyMatch(y -> y.getOrgCode().equals(first.get().getTreeShowParentCode()))) {
                     tempOrg.setTreeShowParentCode(first.get().getTreeShowParentCode());
                 } else {
-                    log.error("设置fjnx机构树显示父级机构失败，机构名称:{}，机构编码:{}，机构树显示父级机构编码:{}", item.getOrgName(), first.get().getOrgCode(), first.get().getBusinessParentCode());
+                    log.error("设置fjnx机构树显示父级机构失败，机构名称:{}，机构编码:{}，机构树显示父级机构编码:{}", afterStr, first.get().getOrgCode(), first.get().getBusinessParentCode());
                 }
             }
             resultList.add(tempOrg);

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/controller/SysProfileController.java

@@ -9,7 +9,6 @@ import com.xunmei.common.core.web.domain.AjaxResult;
 import com.xunmei.common.log.annotation.Log;
 import com.xunmei.common.log.enums.BusinessType;
 import com.xunmei.common.security.service.TokenService;
-import com.xunmei.common.security.utils.SaltHelper;
 import com.xunmei.common.security.utils.SecurityUtils;
 import com.xunmei.system.api.RemoteFileService;
 import com.xunmei.system.api.domain.SysFile;
@@ -108,7 +107,7 @@ public class SysProfileController extends BaseController
             return error("新密码不能与旧密码相同");
         }
         String salt = user.getSalt();
-        String nPassword = SaltHelper.exec(newPassword, salt);
+        String nPassword = SecurityUtils.encryptPassword(newPassword,salt);
         if (userService.resetUserPwd(user.getUsername(),nPassword ) > 0)
         {
             // 更新缓存用户密码

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/controller/SysUserController.java

@@ -7,7 +7,6 @@ import com.alibaba.excel.event.AnalysisEventListener;
 import com.alibaba.excel.write.style.column.LongestMatchColumnWidthStyleStrategy;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.xunmei.common.core.constant.SecurityConstants;
 import com.xunmei.common.core.domain.R;
 import com.xunmei.common.core.domain.message.domain.CoreAnnouncementNotificationToRole;
 import com.xunmei.common.core.utils.DateUtils;
@@ -20,14 +19,16 @@ import com.xunmei.common.log.annotation.Log;
 import com.xunmei.common.log.enums.BusinessType;
 import com.xunmei.common.security.annotation.InnerAuth;
 import com.xunmei.common.security.annotation.RequiresPermissions;
-import com.xunmei.common.security.utils.SaltHelper;
 import com.xunmei.common.security.utils.SecurityUtils;
-import com.xunmei.system.api.domain.*;
+import com.xunmei.system.api.domain.SysOrg;
+import com.xunmei.system.api.domain.SysRole;
+import com.xunmei.system.api.domain.SysUser;
+import com.xunmei.system.api.domain.SysUserInformation;
+import com.xunmei.system.api.dto.SysPlanOrgDTO;
 import com.xunmei.system.api.model.LoginUser;
 import com.xunmei.system.domain.SysUserRole;
 import com.xunmei.system.domain.vo.SysUserListVo;
 import com.xunmei.system.domain.vo.UserRoleVo;
-import com.xunmei.system.api.dto.SysPlanOrgDTO;
 import com.xunmei.system.mapper.SysOrgMapper;
 import com.xunmei.system.service.*;
 import com.xunmei.system.util.SecurityUserExport;
@@ -270,10 +271,9 @@ public class SysUserController extends BaseController {
         user.setCreateBy(SecurityUtils.getUsername());
         user.setSource(0);
         user.setCreateTime(new Date());
-        //isp的加密方式
-        final String salt = SaltHelper.salt();
+        final String salt = SecurityUtils.salt();
         user.setSalt(salt);
-        user.setPassword(SaltHelper.exec(user.getPassword(), salt));
+        user.setPassword(SecurityUtils.passwordAddSalt(user.getPassword(), salt));
         user.setOriginalOrgId(user.getOrgId());
         userService.insertUser(user);
         return AjaxResult.success();
@@ -338,10 +338,9 @@ public class SysUserController extends BaseController {
     public AjaxResult resetPwd(@RequestBody SysUser user) {
         userService.checkUserAllowed(user);
         userService.checkUserDataScope(user.getId());
-        final String salt = SaltHelper.salt();
+        final String salt = SecurityUtils.salt();
         user.setSalt(salt);
-//        user.setPassword(SaltHelper.exec(user.getPassword(), userService.selectUserById(user.getId()).getSalt()));
-        user.setPassword(SaltHelper.exec(user.getPassword(), salt));
+        user.setPassword(SecurityUtils.passwordAddSalt(user.getPassword(), salt));
         user.setUpdateBy(SecurityUtils.getUsername());
         return toAjax(userService.resetPwd(user));
     }
@@ -664,9 +663,9 @@ public class SysUserController extends BaseController {
                     user.setSource(0);
                     user.setCreateTime(new Date());
                     //isp的加密方式
-                    final String salt = SaltHelper.salt();
+                    final String salt = SecurityUtils.salt();
                     user.setSalt(salt);
-                    user.setPassword(SaltHelper.exec("Admin1234", salt));
+                    user.setPassword(SecurityUtils.encryptPassword("Admin1234", salt));
                     user.setOriginalOrgId(user.getOrgId());
                     userService.insertUser(user);
                     //构建用户角色关联关系

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/SysDeptServiceImpl.java

@@ -222,7 +222,7 @@ public class SysDeptServiceImpl extends ServiceImpl<SysDeptMapper, SysDept> impl
             }
         }
         if (excludeOrg == null) {
-            return null;
+            return new ArrayList<>();
         }
 
         for (SysOrgVO org : cacheList) {
@@ -609,14 +609,14 @@ public class SysDeptServiceImpl extends ServiceImpl<SysDeptMapper, SysDept> impl
      */
     @Override
     public void checkDeptDataScope(Long deptId) {
-        if (!SysUser.isAdmin(SecurityUtils.getUserId())) {
+       /* if (!SysUser.isAdmin(SecurityUtils.getUserId())) {
             SysDept dept = new SysDept();
             dept.setDeptId(deptId);
             List<SysDept> depts = SpringUtils.getAopProxy(this).selectDeptList(dept);
             if (StringUtils.isEmpty(depts)) {
                 throw new ServiceException("没有权限访问机构数据！");
             }
-        }
+        }*/
     }
 
     /**

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/SysNfcBindServiceImpl.java

@@ -98,6 +98,7 @@ public class SysNfcBindServiceImpl extends ServiceImpl<SysNfcBindMapper, SysNfcB
         if (StringUtils.isEmpty(code)) {
             return new SysNfcBind();
         }
+
         return sysNfcBindMapper.selectSysNfcBindByCode(code);
     }
 

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/SysOrgServiceImpl.java

@@ -835,7 +835,7 @@ public class SysOrgServiceImpl extends ServiceImpl<SysOrgMapper, SysOrg> impleme
     public List<SysOrg> selectOrgByPath(Long orgId) {
         SysOrg sysOrg = getById(orgId);
         if (ObjectUtil.isNull(sysOrg)) {
-            return null;
+            return new ArrayList<>();
         }
         LambdaQueryWrapper<SysOrg> wrapper = new LambdaQueryWrapper<>();
         wrapper.likeRight(SysOrg::getPath, sysOrg.getPath());

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/SysRoleServiceImpl.java

@@ -258,7 +258,8 @@ public class SysRoleServiceImpl extends ServiceImpl<SysRoleMapper, SysRole> impl
 
     @Override
     public String selectRoleNameByUserId(Long userId) {
-        return roleMapper.selectRoleNameByUserId(userId);
+        String rel = roleMapper.selectRoleNameByUserId(userId);
+        return rel;
     }
 
     /**

soc-modules/soc-modules-system/src/main/java/com/xunmei/system/service/impl/SysUserServiceImpl.java

@@ -604,7 +604,9 @@ public class SysUserServiceImpl extends ServiceImpl<SysUserMapper, SysUser> impl
                 SysUser u = userMapper.selectUserByUserName(user.getUsername());
                 if (StringUtils.isNull(u)) {
                     BeanValidators.validateWithException(validator, user);
-                    user.setPassword(SecurityUtils.encryptPassword(password));
+                    String salt = SecurityUtils.salt();
+                    user.setSalt(salt);
+                    user.setPassword(SecurityUtils.encryptPassword(password,salt));
                     user.setCreateBy(operName);
                     userMapper.insertUser(user);
                     successNum++;