update 优化安全相关工具类,增加sm2验签

update 增加手机号和邮箱格式校验
2026-04-23 10:58:34 +08:00 · 2026-03-26 10:44:16 +08:00
parent 345746bcef
commit d4b3df87d7
4 changed files with 64 additions and 10 deletions
--- a/ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/controller/SysEmailController.java
+++ b/ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/controller/SysEmailController.java
@@ -9,6 +9,7 @@ import org.dromara.common.core.constant.GlobalConstants;
 import org.dromara.common.core.domain.R;
 import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.core.utils.SpringUtils;
+import org.dromara.common.core.utils.regex.RegexValidator;
 import org.dromara.common.redis.annotation.RateLimiter;
 import org.dromara.common.web.core.BaseController;
 import org.dromara.common.mail.config.properties.MailProperties;
@@ -37,7 +38,7 @@ public class SysEmailController extends BaseController {
    private final MailProperties mailProperties;

    /**
-     * 邮箱验证码
+     * 发送邮箱验证码
     *
     * @param email 邮箱
     */
@@ -46,6 +47,9 @@ public class SysEmailController extends BaseController {
        if (!mailProperties.getEnabled()) {
            return R.fail("当前系统没有开启邮箱功能！");
        }
+        if (!RegexValidator.isEmail(email)) {
+            return R.fail("请输入正确的邮箱地址！");
+        }
        SpringUtils.getAopProxy(this).emailCodeImpl(email);
        return R.ok();
    }
--- a/ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/controller/SysSmsController.java
+++ b/ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/controller/SysSmsController.java
@@ -8,6 +8,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.dromara.common.core.constant.Constants;
 import org.dromara.common.core.constant.GlobalConstants;
 import org.dromara.common.core.domain.R;
+import org.dromara.common.core.utils.regex.RegexValidator;
 import org.dromara.common.redis.annotation.RateLimiter;
 import org.dromara.common.redis.utils.RedisUtils;
 import org.dromara.common.web.core.BaseController;
@@ -42,6 +43,9 @@ public class SysSmsController extends BaseController {
    @RateLimiter(key = "#phonenumber", time = 60, count = 1)
    @GetMapping("/code")
    public R<Void> smsCaptcha(@NotBlank(message = "{user.phonenumber.not.blank}") String phoneNumber) {
+        if (!RegexValidator.isMobile(phoneNumber)) {
+            return R.fail("请输入正确的手机号！");
+        }
        String key = GlobalConstants.CAPTCHA_CODE_KEY + phoneNumber;
        String code = RandomUtil.randomNumbers(4);
        RedisUtils.setCacheObject(key, code, Duration.ofMinutes(Constants.CAPTCHA_EXPIRATION));
--- a/ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/dubbo/RemoteFileServiceImpl.java
+++ b/ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/dubbo/RemoteFileServiceImpl.java
@@ -8,9 +8,10 @@ import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.core.utils.MapstructUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.json.utils.JsonUtils;
-import org.dromara.common.oss.core.OssClient;
-import org.dromara.common.oss.entity.UploadResult;
+import org.dromara.common.oss.client.OssClient;
 import org.dromara.common.oss.factory.OssFactory;
+import org.dromara.common.oss.model.PutObjectResult;
+import org.dromara.common.oss.util.S3ObjectUtil;
 import org.dromara.resource.api.RemoteFileService;
 import org.dromara.resource.api.domain.RemoteFile;
 import org.dromara.resource.domain.SysOssExt;
@@ -43,15 +44,16 @@ public class RemoteFileServiceImpl implements RemoteFileService {
    public RemoteFile upload(String name, String originalFilename, String contentType, byte[] file) throws ServiceException {
        try {
            String suffix = StringUtils.substring(originalFilename, originalFilename.lastIndexOf("."), originalFilename.length());
-            OssClient storage = OssFactory.instance();
-            UploadResult uploadResult = storage.uploadSuffix(file, suffix, contentType);
+            OssClient instance = OssFactory.instance();
+            String pathKey = S3ObjectUtil.buildPathKey(originalFilename);
+            PutObjectResult result = instance.upload(pathKey, file);
            // 保存文件信息
            SysOssBo oss = new SysOssBo();
-            oss.setUrl(uploadResult.getUrl());
+            oss.setUrl(result.url());
            oss.setFileSuffix(suffix);
-            oss.setFileName(uploadResult.getFilename());
+            oss.setFileName(result.key());
            oss.setOriginalName(originalFilename);
-            oss.setService(storage.getConfigKey());
+            oss.setService(instance.clientId());
            SysOssExt ext1 = new SysOssExt();
            ext1.setFileSize((long) file.length);
            String extStr = JsonUtils.toJsonString(ext1);
@@ -59,8 +61,8 @@ public class RemoteFileServiceImpl implements RemoteFileService {
            sysOssService.insertByBo(oss);
            RemoteFile sysFile = new RemoteFile();
            sysFile.setOssId(oss.getOssId());
-            sysFile.setName(uploadResult.getFilename());
-            sysFile.setUrl(uploadResult.getUrl());
+            sysFile.setName(result.key());
+            sysFile.setUrl(result.url());
            sysFile.setOriginalName(originalFilename);
            sysFile.setFileSuffix(suffix);
            sysFile.setExt1(extStr);