SYNC：同步 boot 最新的变动

2024-03-30 20:13:03 +08:00
parent ad0a533afb
commit 9258b67097
18 changed files with 92 additions and 37 deletions
--- a/yudao-framework/yudao-spring-boot-starter-biz-ip/src/main/resources/area.csv
+++ b/yudao-framework/yudao-spring-boot-starter-biz-ip/src/main/resources/area.csv
@@ -522,6 +522,29 @@ id,name,type,parentId
 441931,凤岗镇,4,441900
 441932,长安镇,4,441900
 442000,中山市,3,440000
+442001,石岐街道,4,442000
+442002,东区街道,4,442000
+442003,中山港街道,4,442000
+442004,西区街道,4,442000
+442005,南区街道,4,442000
+442006,五桂山街道,4,442000
+442007,民众街道,4,442000
+442008,南朗街道,4,442000
+442009,黄圃镇,4,442000
+442010,东凤镇,4,442000
+442011,古镇镇,4,442000
+442012,沙溪镇,4,442000
+442013,坦洲镇,4,442000
+442014,港口镇,4,442000
+442015,三角镇,4,442000
+442016,横栏镇,4,442000
+442017,南头镇,4,442000
+442018,阜沙镇,4,442000
+442019,三乡镇,4,442000
+442020,板芙镇,4,442000
+442021,大涌镇,4,442000
+442022,神湾镇,4,442000
+442023,小榄镇,4,442000
 445100,潮州市,3,440000
 445200,揭阳市,3,440000
 445300,云浮市,3,440000
--- a/yudao-framework/yudao-spring-boot-starter-biz-tenant/src/main/java/cn/iocoder/yudao/framework/tenant/core/context/TenantContextHolder.java
+++ b/yudao-framework/yudao-spring-boot-starter-biz-tenant/src/main/java/cn/iocoder/yudao/framework/tenant/core/context/TenantContextHolder.java
@@ -30,16 +30,6 @@ public class TenantContextHolder {
        return TENANT_ID.get();
    }

-    /**
-     * 获得租户编号 String
-     *
-     * @return 租户编号
-     */
-    public static String getTenantIdStr() {
-        Long tenantId = getTenantId();
-        return StrUtil.toStringOrNull(tenantId);
-    }
-
    /**
     * 获得租户编号。如果不存在，则抛出 NullPointerException 异常
     *
--- a/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/xss/config/YudaoXssAutoConfiguration.java
+++ b/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/xss/config/YudaoXssAutoConfiguration.java
@@ -44,9 +44,11 @@ public class YudaoXssAutoConfiguration implements WebMvcConfigurer {
    @ConditionalOnMissingBean(name = "xssJacksonCustomizer")
    @ConditionalOnBean(ObjectMapper.class)
    @ConditionalOnProperty(value = "yudao.xss.enable", havingValue = "true")
-    public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(XssCleaner xssCleaner) {
+    public Jackson2ObjectMapperBuilderCustomizer xssJacksonCustomizer(XssProperties properties,
+                                                                      PathMatcher pathMatcher,
+                                                                      XssCleaner xssCleaner) {
        // 在反序列化时进行 xss 过滤，可以替换使用 XssStringJsonSerializer，在序列化时进行处理
-        return builder -> builder.deserializerByType(String.class, new XssStringJsonDeserializer(xssCleaner));
+        return builder -> builder.deserializerByType(String.class, new XssStringJsonDeserializer(properties, pathMatcher, xssCleaner));
    }

    /**
--- a/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/xss/core/json/XssStringJsonDeserializer.java
+++ b/yudao-framework/yudao-spring-boot-starter-web/src/main/java/cn/iocoder/yudao/framework/xss/core/json/XssStringJsonDeserializer.java
@@ -1,12 +1,16 @@
 package cn.iocoder.yudao.framework.xss.core.json;

+import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils;
+import cn.iocoder.yudao.framework.xss.config.XssProperties;
 import cn.iocoder.yudao.framework.xss.core.clean.XssCleaner;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.core.JsonToken;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.deser.std.StringDeserializer;
+import jakarta.servlet.http.HttpServletRequest;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.util.PathMatcher;

 import java.io.IOException;

@@ -20,10 +24,29 @@ import java.io.IOException;
@AllArgsConstructor
 public class XssStringJsonDeserializer extends StringDeserializer {

+    /**
+     * 属性
+     */
+    private final XssProperties properties;
+    /**
+     * 路径匹配器
+     */
+    private final PathMatcher pathMatcher;
+
    private final XssCleaner xssCleaner;

    @Override
    public String deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
+        // 1. 白名单 URL 的处理
+        HttpServletRequest request = ServletUtils.getRequest();
+        if (request != null) {
+            String uri = ServletUtils.getRequest().getRequestURI();
+            if (properties.getExcludeUrls().stream().anyMatch(excludeUrl -> pathMatcher.match(excludeUrl, uri))) {
+                return p.getText();
+            }
+        }
+
+        // 2. 真正使用 xssCleaner 进行过滤
        if (p.hasToken(JsonToken.VALUE_STRING)) {
            return xssCleaner.clean(p.getText());
        }