update 优化安全相关工具类,增加sm2验签

update 增加手机号和邮箱格式校验

ruoyi-common/ruoyi-common-encrypt/src/main/java/org/dromara/common/encrypt/utils/EncryptUtils.java

@@ -222,6 +222,50 @@ public class EncryptUtils {
         return sm2.decryptStr(data, KeyType.PrivateKey, StandardCharsets.UTF_8);
     }
 
+    /**
+     * SM2公钥验签（Base64编码）
+     *
+     * @param data      原文数据
+     * @param sign      签名值
+     * @param publicKey 公钥
+     * @return true-验签成功，false-验签失败
+     */
+    public static boolean verifySm2Sign(String data, String sign, String publicKey) {
+        if (StrUtil.isBlank(data)) {
+            throw new IllegalArgumentException("SM2验签需要传入原文数据");
+        }
+        if (StrUtil.isBlank(sign)) {
+            throw new IllegalArgumentException("SM2验签需要传入签名值");
+        }
+        if (StrUtil.isBlank(publicKey)) {
+            throw new IllegalArgumentException("SM2验签需要传入公钥");
+        }
+        SM2 sm2 = SmUtil.sm2(null, publicKey);
+        return sm2.verify(data.getBytes(StandardCharsets.UTF_8), sign.getBytes(StandardCharsets.UTF_8));
+    }
+
+    /**
+     * SM2公钥验签（Hex编码）
+     *
+     * @param dataHex    原文数据（Hex编码）
+     * @param signHex    签名值（Hex编码）
+     * @param publicKey  公钥
+     * @return true-验签成功，false-验签失败
+     */
+    public static boolean verifySm2SignHex(String dataHex, String signHex, String publicKey) {
+        if (StrUtil.isBlank(dataHex)) {
+            throw new IllegalArgumentException("SM2验签需要传入Hex格式的原文数据");
+        }
+        if (StrUtil.isBlank(signHex)) {
+            throw new IllegalArgumentException("SM2验签需要传入Hex格式的签名值");
+        }
+        if (StrUtil.isBlank(publicKey)) {
+            throw new IllegalArgumentException("SM2验签需要传入公钥");
+        }
+        SM2 sm2 = SmUtil.sm2(null, publicKey);
+        return sm2.verifyHex(dataHex, signHex);
+    }
+
     /**
      * 产生RSA加解密需要的公钥和私钥
      *

ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/controller/SysEmailController.java

@@ -9,6 +9,7 @@ import org.dromara.common.core.constant.GlobalConstants;
 import org.dromara.common.core.domain.R;
 import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.core.utils.SpringUtils;
+import org.dromara.common.core.utils.regex.RegexValidator;
 import org.dromara.common.redis.annotation.RateLimiter;
 import org.dromara.common.web.core.BaseController;
 import org.dromara.common.mail.config.properties.MailProperties;
@@ -37,7 +38,7 @@ public class SysEmailController extends BaseController {
     private final MailProperties mailProperties;
 
     /**
-     * 邮箱验证码
+     * 发送邮箱验证码
      *
      * @param email 邮箱
      */
@@ -46,6 +47,9 @@ public class SysEmailController extends BaseController {
         if (!mailProperties.getEnabled()) {
             return R.fail("当前系统没有开启邮箱功能！");
         }
+        if (!RegexValidator.isEmail(email)) {
+            return R.fail("请输入正确的邮箱地址！");
+        }
         SpringUtils.getAopProxy(this).emailCodeImpl(email);
         return R.ok();
     }

ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/controller/SysSmsController.java

@@ -8,6 +8,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.dromara.common.core.constant.Constants;
 import org.dromara.common.core.constant.GlobalConstants;
 import org.dromara.common.core.domain.R;
+import org.dromara.common.core.utils.regex.RegexValidator;
 import org.dromara.common.redis.annotation.RateLimiter;
 import org.dromara.common.redis.utils.RedisUtils;
 import org.dromara.common.web.core.BaseController;
@@ -42,6 +43,9 @@ public class SysSmsController extends BaseController {
     @RateLimiter(key = "#phonenumber", time = 60, count = 1)
     @GetMapping("/code")
     public R<Void> smsCaptcha(@NotBlank(message = "{user.phonenumber.not.blank}") String phoneNumber) {
+        if (!RegexValidator.isMobile(phoneNumber)) {
+            return R.fail("请输入正确的手机号！");
+        }
         String key = GlobalConstants.CAPTCHA_CODE_KEY + phoneNumber;
         String code = RandomUtil.randomNumbers(4);
         RedisUtils.setCacheObject(key, code, Duration.ofMinutes(Constants.CAPTCHA_EXPIRATION));

ruoyi-modules/ruoyi-resource/src/main/java/org/dromara/resource/dubbo/RemoteFileServiceImpl.java

@@ -8,9 +8,10 @@ import org.dromara.common.core.exception.ServiceException;
 import org.dromara.common.core.utils.MapstructUtils;
 import org.dromara.common.core.utils.StringUtils;
 import org.dromara.common.json.utils.JsonUtils;
-import org.dromara.common.oss.core.OssClient;
+import org.dromara.common.oss.client.OssClient;
-import org.dromara.common.oss.entity.UploadResult;
 import org.dromara.common.oss.factory.OssFactory;
+import org.dromara.common.oss.model.PutObjectResult;
+import org.dromara.common.oss.util.S3ObjectUtil;
 import org.dromara.resource.api.RemoteFileService;
 import org.dromara.resource.api.domain.RemoteFile;
 import org.dromara.resource.domain.SysOssExt;
@@ -43,15 +44,16 @@ public class RemoteFileServiceImpl implements RemoteFileService {
     public RemoteFile upload(String name, String originalFilename, String contentType, byte[] file) throws ServiceException {
         try {
             String suffix = StringUtils.substring(originalFilename, originalFilename.lastIndexOf("."), originalFilename.length());
-            OssClient storage = OssFactory.instance();
+            OssClient instance = OssFactory.instance();
-            UploadResult uploadResult = storage.uploadSuffix(file, suffix, contentType);
+            String pathKey = S3ObjectUtil.buildPathKey(originalFilename);
+            PutObjectResult result = instance.upload(pathKey, file);
             // 保存文件信息
             SysOssBo oss = new SysOssBo();
-            oss.setUrl(uploadResult.getUrl());
+            oss.setUrl(result.url());
             oss.setFileSuffix(suffix);
-            oss.setFileName(uploadResult.getFilename());
+            oss.setFileName(result.key());
             oss.setOriginalName(originalFilename);
-            oss.setService(storage.getConfigKey());
+            oss.setService(instance.clientId());
             SysOssExt ext1 = new SysOssExt();
             ext1.setFileSize((long) file.length);
             String extStr = JsonUtils.toJsonString(ext1);
@@ -59,8 +61,8 @@ public class RemoteFileServiceImpl implements RemoteFileService {
             sysOssService.insertByBo(oss);
             RemoteFile sysFile = new RemoteFile();
             sysFile.setOssId(oss.getOssId());
-            sysFile.setName(uploadResult.getFilename());
+            sysFile.setName(result.key());
-            sysFile.setUrl(uploadResult.getUrl());
+            sysFile.setUrl(result.url());
             sysFile.setOriginalName(originalFilename);
             sysFile.setFileSuffix(suffix);
             sysFile.setExt1(extStr);