add 增加 自定义 Xss 校验注解 用户导入增加 Bean 校验

ruoyi-common/src/main/java/com/ruoyi/common/utils/ValidatorUtils.java

@@ -1,11 +1,11 @@
 package com.ruoyi.common.utils;
 
+import com.ruoyi.common.utils.spring.SpringUtils;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 
 import javax.validation.ConstraintViolation;
 import javax.validation.ConstraintViolationException;
-import javax.validation.Validation;
 import javax.validation.Validator;
 import java.util.Set;
 
@@ -17,7 +17,7 @@ import java.util.Set;
 @NoArgsConstructor(access = AccessLevel.PRIVATE)
 public class ValidatorUtils {
 
-	private static final Validator VALID = Validation.buildDefaultValidatorFactory().getValidator();
+	private static final Validator VALID = SpringUtils.getBean(Validator.class);
 
 	public static <T> void validate(T object, Class<?>... groups) {
         Set<ConstraintViolation<T>> validate = VALID.validate(object, groups);

ruoyi-common/src/main/java/com/ruoyi/common/utils/bean/BeanValidators.java

@@ -1,24 +0,0 @@
-package com.ruoyi.common.utils.bean;
-
-import java.util.Set;
-import javax.validation.ConstraintViolation;
-import javax.validation.ConstraintViolationException;
-import javax.validation.Validator;
-
-/**
- * bean对象属性验证
- * 
- * @author ruoyi
- */
-public class BeanValidators
-{
-    public static void validateWithException(Validator validator, Object object, Class<?>... groups)
-            throws ConstraintViolationException
-    {
-        Set<ConstraintViolation<Object>> constraintViolations = validator.validate(object, groups);
-        if (!constraintViolations.isEmpty())
-        {
-            throw new ConstraintViolationException(constraintViolations);
-        }
-    }
-}

ruoyi-common/src/main/java/com/ruoyi/common/xss/Xss.java

@@ -1,27 +1,26 @@
-package com.ruoyi.common.xss;
-
-import javax.validation.Constraint;
-import javax.validation.Payload;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * 自定义xss校验注解
- * 
- * @author ruoyi
- */
-@Retention(RetentionPolicy.RUNTIME)
-@Target(value = { ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER })
-@Constraint(validatedBy = { XssValidator.class })
-public @interface Xss
-{
-    String message()
-
-    default "不允许任何脚本运行";
-
-    Class<?>[] groups() default {};
-
-    Class<? extends Payload>[] payload() default {};
-}
+package com.ruoyi.common.xss;
+
+import javax.validation.Constraint;
+import javax.validation.Payload;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 自定义xss校验注解
+ *
+ * @author Lion Li
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(value = {ElementType.METHOD, ElementType.FIELD, ElementType.CONSTRUCTOR, ElementType.PARAMETER})
+@Constraint(validatedBy = {XssValidator.class})
+public @interface Xss {
+
+    String message() default "不允许任何脚本运行";
+
+    Class<?>[] groups() default {};
+
+    Class<? extends Payload>[] payload() default {};
+
+}

ruoyi-common/src/main/java/com/ruoyi/common/xss/XssValidator.java

@@ -1,29 +1,21 @@
-package com.ruoyi.common.xss;
-
-import javax.validation.ConstraintValidator;
-import javax.validation.ConstraintValidatorContext;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-/**
- * 自定义xss校验注解实现
- * 
- * @author ruoyi
- */
-public class XssValidator implements ConstraintValidator<Xss, String>
-{
-    private final String HTML_PATTERN = "<(\\S*?)[^>]*>.*?|<.*? />";
-
-    @Override
-    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext)
-    {
-        return !containsHtml(value);
-    }
-
-    public boolean containsHtml(String value)
-    {
-        Pattern pattern = Pattern.compile(HTML_PATTERN);
-        Matcher matcher = pattern.matcher(value);
-        return matcher.matches();
-    }
-}
+package com.ruoyi.common.xss;
+
+import cn.hutool.core.util.ReUtil;
+import cn.hutool.http.HtmlUtil;
+
+import javax.validation.ConstraintValidator;
+import javax.validation.ConstraintValidatorContext;
+
+/**
+ * 自定义xss校验注解实现
+ *
+ * @author Lion Li
+ */
+public class XssValidator implements ConstraintValidator<Xss, String> {
+
+    @Override
+    public boolean isValid(String value, ConstraintValidatorContext constraintValidatorContext) {
+        return !ReUtil.contains(HtmlUtil.RE_HTML_MARK, value);
+    }
+
+}

ruoyi-system/src/main/java/com/ruoyi/system/listener/SysUserImportListener.java

@@ -9,6 +9,7 @@ import com.ruoyi.common.excel.ExcelResult;
 import com.ruoyi.common.exception.ServiceException;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.StringUtils;
+import com.ruoyi.common.utils.ValidatorUtils;
 import com.ruoyi.common.utils.spring.SpringUtils;
 import com.ruoyi.system.domain.vo.SysUserImportVo;
 import com.ruoyi.system.service.ISysConfigService;
@@ -53,12 +54,14 @@ public class SysUserImportListener extends AnalysisEventListener<SysUserImportVo
             // 验证是否存在这个用户
             if (StringUtils.isNull(user)) {
                 user = BeanUtil.toBean(userVo, SysUser.class);
+                ValidatorUtils.validate(user);
                 user.setPassword(password);
                 user.setCreateBy(operName);
                 userService.insertUser(user);
                 successNum++;
                 successMsg.append("<br/>").append(successNum).append("、账号 ").append(user.getUserName()).append(" 导入成功");
             } else if (isUpdateSupport) {
+                ValidatorUtils.validate(user);
                 user.setUpdateBy(operName);
                 userService.updateUser(user);
                 successNum++;