diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java index d02baeb05..7e790ff96 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java @@ -20,7 +20,7 @@ public class SecurityConstants /** * 授权信息字段 */ - public static final String AUTHORIZATION_HEADER = "authorization"; + public static final String AUTHORIZATION_HEADER = "Authorization"; /** * 请求来源 diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java index ddbc28bfe..ac766578e 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/TokenConstants.java @@ -7,11 +7,6 @@ package com.ruoyi.common.core.constant; */ public class TokenConstants { - /** - * 令牌自定义标识 - */ - public static final String AUTHENTICATION = "Authorization"; - /** * 令牌前缀 */ diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java index 78a53932d..149dd8a2d 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java @@ -62,7 +62,7 @@ public class SecurityUtils public static String getToken(HttpServletRequest request) { // 从header获取token标识 - String token = request.getHeader(TokenConstants.AUTHENTICATION); + String token = request.getHeader(SecurityConstants.AUTHORIZATION_HEADER); return replaceTokenPrefix(token); } diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java index 854490b48..78e98803e 100644 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java +++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/AuthFilter.java @@ -119,7 +119,7 @@ public class AuthFilter implements GlobalFilter, Ordered */ private String getToken(ServerHttpRequest request) { - String token = ObjectUtils.isNotEmpty(request.getHeaders().getFirst(TokenConstants.WEBSOCKET_HEADER)) ? request.getQueryParams().getFirst(TokenConstants.AUTHENTICATION) : request.getHeaders().getFirst(TokenConstants.AUTHENTICATION); + String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_HEADER); // 如果前端设置了令牌前缀,则裁剪掉前缀 if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) { diff --git a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java index 32d2f170c..a43361cc1 100644 --- a/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java +++ b/ruoyi-modules/ruoyi-system/src/main/java/com/ruoyi/system/controller/SysUserController.java @@ -196,18 +196,18 @@ public class SysUserController extends BaseController @GetMapping(value = { "/", "/{userId}" }) public AjaxResult getInfo(@PathVariable(value = "userId", required = false) Long userId) { - userService.checkUserDataScope(userId); AjaxResult ajax = AjaxResult.success(); - List roles = roleService.selectRoleAll(); - ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList())); - ajax.put("posts", postService.selectPostAll()); if (StringUtils.isNotNull(userId)) { + userService.checkUserDataScope(userId); SysUser sysUser = userService.selectUserById(userId); ajax.put(AjaxResult.DATA_TAG, sysUser); ajax.put("postIds", postService.selectPostListByUserId(userId)); ajax.put("roleIds", sysUser.getRoles().stream().map(SysRole::getRoleId).collect(Collectors.toList())); } + List roles = roleService.selectRoleAll(); + ajax.put("roles", SysUser.isAdmin(userId) ? roles : roles.stream().filter(r -> !r.isAdmin()).collect(Collectors.toList())); + ajax.put("posts", postService.selectPostAll()); return ajax; } diff --git a/ruoyi-ui/src/components/FileUpload/index.vue b/ruoyi-ui/src/components/FileUpload/index.vue index 1fab17327..7db68b51a 100644 --- a/ruoyi-ui/src/components/FileUpload/index.vue +++ b/ruoyi-ui/src/components/FileUpload/index.vue @@ -118,10 +118,15 @@ export default { const fileExt = fileName[fileName.length - 1]; const isTypeOk = this.fileType.indexOf(fileExt) >= 0; if (!isTypeOk) { - this.$modal.msgError(`文件格式不正确, 请上传${this.fileType.join("/")}格式文件!`); + this.$modal.msgError(`文件格式不正确,请上传${this.fileType.join("/")}格式文件!`); return false; } } + // 校检文件名是否包含特殊字符 + if (file.name.includes(',')) { + this.$modal.msgError('文件名不正确,不能包含英文逗号!'); + return false; + } // 校检文件大小 if (this.fileSize) { const isLt = file.size / 1024 / 1024 < this.fileSize; diff --git a/ruoyi-ui/src/components/ImageUpload/index.vue b/ruoyi-ui/src/components/ImageUpload/index.vue index f3370dfb9..7da56eb07 100644 --- a/ruoyi-ui/src/components/ImageUpload/index.vue +++ b/ruoyi-ui/src/components/ImageUpload/index.vue @@ -130,7 +130,11 @@ export default { } if (!isImg) { - this.$modal.msgError(`文件格式不正确, 请上传${this.fileType.join("/")}图片格式文件!`); + this.$modal.msgError(`文件格式不正确,请上传${this.fileType.join("/")}图片格式文件!`); + return false; + } + if (file.name.includes(',')) { + this.$modal.msgError('文件名不正确,不能包含英文逗号!'); return false; } if (this.fileSize) {