代码修改

svr/svr-cloud-care/src/main/java/com/yihu/jw/care/util/GetuiUtil.java

@@ -7,9 +7,17 @@ import com.getui.push.v2.sdk.api.PushApi;
import com.getui.push.v2.sdk.common.ApiResult;
import com.getui.push.v2.sdk.dto.req.Audience;
import com.getui.push.v2.sdk.dto.req.Settings;
import com.getui.push.v2.sdk.dto.req.Strategy;
import com.getui.push.v2.sdk.dto.req.message.PushChannel;
import com.getui.push.v2.sdk.dto.req.message.PushDTO;
import com.getui.push.v2.sdk.dto.req.message.PushMessage;
import com.getui.push.v2.sdk.dto.req.message.android.AndroidDTO;
import com.getui.push.v2.sdk.dto.req.message.android.GTNotification;
import com.getui.push.v2.sdk.dto.req.message.android.ThirdNotification;
import com.getui.push.v2.sdk.dto.req.message.android.Ups;
import com.getui.push.v2.sdk.dto.req.message.ios.Alert;
import com.getui.push.v2.sdk.dto.req.message.ios.Aps;
import com.getui.push.v2.sdk.dto.req.message.ios.IosDTO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -26,10 +34,11 @@ public class GetuiUtil {
    private static final Logger logger = LoggerFactory.getLogger(GetuiUtil.class);
    public static String AppID = "GjGtBQUgSbASF0F9svJ6b7";
    public static String AppKey = "LcDj4vwtE29Q88KyPjJEj9";
    public static String AppSecret = "0VAMmhF1F76oGjheYWATM3";
    public static String MasterSecret = "hB6swhmr0mAeaJgyoLMkC5";
    public static String AppID = "I6JAs97T818HD0hGzG1EH4";
    public static String AppKey = "JC2LAW9IK27pansBB4jN87";
    public static String AppSecret = "Sn9PLz1hA6NNgyb7WHx45";
    public static String MasterSecret = "Rd86CP8bOy7RHyTf4ZE3R4";
    private static PushApi getPushApi(){
        GtApiConfiguration apiConfiguration = new GtApiConfiguration();
@@ -46,6 +55,112 @@ public class GetuiUtil {
        return pushApi;
    }
    public static void main(String[] args) {
//        JSONObject jsonObject = new JSONObject();
//        jsonObject.put("title","title");
//        jsonObject.put("body","body");
//        jsonObject.put("url","https://www.baidu.com/");
//        jsonObject.put("clickType","url");
//        String cid = "d0e395d2e04b1da6f45a4f700883297d";
//        ApiResult<Map<String, Map<String, String>>> apiResult = GetuiUtil.pushToSingleByCid(cid,jsonObject);
//        if (apiResult.isSuccess()) {
//            System.out.println("个推推送成功："+apiResult.getData());
//        } else {
//            System.out.println("个推推送失败：code:" + apiResult.getCode() + ", msg: " + apiResult.getMsg());
//        }
        String cid = "d0e395d2e04b1da6f45a4f700883297d";
        JSONObject json = new JSONObject();
        json.put("title","安卓11:38标题");
        json.put("body","安卓离线展示的内容");
        json.put("url","https://www.baidu.com/");
        json.put("clickType","url");
        json.put("platform","patient");
        json.put("payload","payload");
        push2(cid,1,json);
    }
    /**
     * Rest-V2厂商推送
     * type 1 安卓 2 ios
     */
    public static void push2(String cid,int type,JSONObject json){
        PushApi pushApi = getPushApi();
        //根据cid进行单推
        PushDTO<Audience> pushDTO = new PushDTO<Audience>();
        // 设置推送参数
        pushDTO.setRequestId(System.currentTimeMillis() + "");//requestid需要每次变化唯一
        //配置推送条件
        // 1: 表示该消息在用户在线时推送个推通道，用户离线时推送厂商通道;
        // 2: 表示该消息只通过厂商通道策略下发，不考虑用户是否在线;
        // 3: 表示该消息只通过个推通道下发，不考虑用户是否在线；
        // 4: 表示该消息优先从厂商通道下发，若消息内容在厂商通道代发失败后会从个推通道下发。
        Strategy strategy=new Strategy();
        strategy.setDef(1);
        Settings settings=new Settings();
        settings.setStrategy(strategy);
        pushDTO.setSettings(settings);
        settings.setTtl(3600000);//消息有效期，走厂商消息需要设置该值
        PushChannel pushChannel = new PushChannel();
        if(type == 1){
            //安卓离线厂商通道推送消息体
            AndroidDTO androidDTO = new AndroidDTO();
            Ups ups = new Ups();
            ThirdNotification notification1 = new ThirdNotification();;
            ups.setNotification(notification1);
            notification1.setTitle("安卓11:38标题");
            notification1.setBody("安卓离线展示的内容");
            notification1.setClickType("intent");
            String intent = "intent:#Intent;launchFlags=0x04000000;action=android.intent.action.oppopush;" +
                    "component=com.xmeye.ehospital."+json.getString("platform")+"/io.dcloud.PandoraEntry;S.UP-OL-SU=true;" +
                    "S.title="+json.getString("title")+";" +
                    "S.content="+json.getString("body")+";" +
                    "S.payload="+json.getString("payload")+";end";
            notification1.setIntent(intent);
            //各厂商自有功能单项设置
            //ups.addOption("HW", "/message/android/notification/badge/class", "io.dcloud.PandoraEntry ");
            //ups.addOption("HW", "/message/android/notification/badge/add_num", 1);
            //ups.addOption("HW", "/message/android/notification/importance", "HIGH");
            //ups.addOption("VV","classification",1);
            androidDTO.setUps(ups);
            pushChannel.setAndroid(androidDTO);
        } else{
            //推送苹果离线通知标题内容
            Alert alert=new Alert();
            alert.setTitle(json.getString("title"));
            alert.setBody(json.getString("body"));
            Aps aps = new Aps();
            //1表示静默推送(无通知栏消息)，静默推送时不需要填写其他参数。
            //苹果建议1小时最多推送3条静默消息
            aps.setContentAvailable(0);
            aps.setSound("default");
            aps.setAlert(alert);
            IosDTO iosDTO = new IosDTO();
            iosDTO.setAps(aps);
            iosDTO.setType("notify");
            pushChannel.setIos(iosDTO);
        }
        pushDTO.setPushChannel(pushChannel);
        // PushMessage在线走个推通道才会起作用的消息体
        PushMessage pushMessage = new PushMessage();
        pushDTO.setPushMessage(pushMessage);
        pushMessage.setTransmission(" {title:\""+json.getString("title")+"\",content:\""+json.getString("body")+"\",payload:\""+json.getString("payload")+"\"}");
        // 设置接收人信息
        Audience audience = new Audience();
        pushDTO.setAudience(audience);
        audience.addCid(cid);
        // 进行cid单推
        ApiResult<Map<String, Map<String, String>>> apiResult = pushApi.pushToSingleByCid(pushDTO);
        if (apiResult.isSuccess()) {
            // success
            System.out.println("发送成功："+apiResult.getData());
        } else {
            // failed
            System.out.println("code:" + apiResult.getCode() + ", msg: " + apiResult.getMsg());
        }
    }
    /**
     * 单推
     */

svr/svr-wlyy-health-bank/src/main/java/com/yihu/jw/config/jpa/WlyyHealthBankJpa.java

@@ -1,8 +1,10 @@
package com.yihu.jw.config.jpa;
import com.yihu.jw.filter.XssFiter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
@@ -55,4 +57,17 @@ public class WlyyHealthBankJpa {
            @Qualifier("wlyyHealthBankEntityManagerFactory") EntityManagerFactory builder) {
        return new JpaTransactionManager(builder);
    }
    /**
     * xxs过滤
     */
    @Bean
    public FilterRegistrationBean testFilterRegistration2() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new XssFiter());
        registration.addUrlPatterns("/*");
        registration.setName("XssFiter");
        registration.setOrder(2);
        return registration;
    }
}

svr/svr-wlyy-health-bank/src/main/java/com/yihu/jw/filter/XssAndHttpServletRequestWrapper.java

@@ -0,0 +1,55 @@
package com.yihu.jw.filter;
import com.yihu.jw.util.XssUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
 * Created by yeshijie on 2020/8/27.
 */
public class XssAndHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest request;
    public XssAndHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        this.request = request;
    }
    @Override
    public String getParameter(String name) {
        String value = super.getParameter(name);
        // System.out.println("name:" + name + "," + value);
        if (value != null) {
            // 转换Html
            value = XssUtil.cleanXss(value);
        }
        return value;
    }
    @Override
    public String getHeader(String name) {
        return XssUtil.cleanXss(super.getHeader(name));
    }
    @Override
    public String getQueryString() {
        return XssUtil.cleanXss(super.getQueryString());
    }
    @Override
    public String[] getParameterValues(String parameter) {
        String[] values = super.getParameterValues(parameter);
        if (values == null) {
            return null;
        }
        int count = values.length;
        String[] encodedValues = new String[count];
        for (int i = 0; i < count; i++) {
            encodedValues[i] = XssUtil.cleanXss(values[i]);
        }
        return encodedValues;
    }
}

svr/svr-wlyy-health-bank/src/main/java/com/yihu/jw/filter/XssFiter.java

@@ -0,0 +1,25 @@
package com.yihu.jw.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
 * Created by yeshijie on 2020/8/27.
 */
public class XssFiter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        XssAndHttpServletRequestWrapper xssRequestWrapper = new XssAndHttpServletRequestWrapper(req);
        chain.doFilter(xssRequestWrapper, response);
    }
    public void destroy() {
    }
}

svr/svr-wlyy-health-bank/src/main/java/com/yihu/jw/util/XssUtil.java

@@ -0,0 +1,91 @@
package com.yihu.jw.util;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
 * Created by yeshijie on 2020/8/27.
 */
public class XssUtil {
    private static final String REGEX_SCRIPT = "<script[^>]*?>[\\s\\S]*?<\\/script>"; // 定义script的正则表达式
    private static final String REGEX_STYLE = "<style[^>]*?>[\\s\\S]*?<\\/style>"; // 定义style的正则表达式
    private static final String REGEX_HTML = "<[^>]+>"; // 定义HTML标签的正则表达式
    // private static final String REGEX_SPACE = "\\s*|\t|\r|\n";// 定义空格回车换行符
    /**
     * 过滤掉script标签
     *
     * @param htmlStr
     * @return
     */
    public static String delScriptTag(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_script = Pattern.compile(REGEX_SCRIPT, Pattern.CASE_INSENSITIVE);
        Matcher m_script = p_script.matcher(htmlStr);
        htmlStr = m_script.replaceAll(""); // 过滤script标签
        return htmlStr;
    }
    /**
     * 过滤掉style标签
     *
     * @param htmlStr
     * @return
     */
    public static String delStyleTag(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_style = Pattern.compile(REGEX_STYLE, Pattern.CASE_INSENSITIVE);
        Matcher m_style = p_style.matcher(htmlStr);
        htmlStr = m_style.replaceAll(""); // 过滤style标签*/
        return htmlStr;
    }
    /**
     * @param htmlStr
     * @return 删除Html标签
     */
    public static String delHTMLTag(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_html = Pattern.compile(REGEX_HTML, Pattern.CASE_INSENSITIVE);
        Matcher m_html = p_html.matcher(htmlStr);
        htmlStr = m_html.replaceAll(""); // 过滤html标签
        return htmlStr; // 返回文本字符串
    }
    /**
     * 将html标签中的<>进行转义，如只有"<"或者">"则不进行转义
     */
    public static String escapeHtml(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_script = Pattern.compile(REGEX_HTML, Pattern.CASE_INSENSITIVE);
        Matcher m_script = p_script.matcher(htmlStr);
        while (m_script.find()) {
            String str = m_script.group();
            String str_target = str.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
            htmlStr = htmlStr.replaceAll(str, str_target);
        }
        return htmlStr;
    }
    /**
     * 转义html标签
     *
     * @param input
     * @return
     */
    public static String cleanXss(String input) {
        if (input == null)
            return null;
        return escapeHtml(delStyleTag(delScriptTag(input)));
    }
    public static void main(String[] args) {
        System.out.println(cleanXss("<'script>"));
    }
}

svr/svr-wlyy-specialist/src/main/java/com/yihu/jw/config/jpa/WlyySpecialistJpa.java

@@ -1,8 +1,10 @@
package com.yihu.jw.config.jpa;
import com.yihu.jw.filter.XssFiter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
@@ -55,4 +57,17 @@ public class WlyySpecialistJpa {
            @Qualifier("wlyySpecialistEntityManagerFactory") EntityManagerFactory builder) {
        return new JpaTransactionManager(builder);
    }
    /**
     * xxs过滤
     */
    @Bean
    public FilterRegistrationBean testFilterRegistration2() {
        FilterRegistrationBean registration = new FilterRegistrationBean();
        registration.setFilter(new XssFiter());
        registration.addUrlPatterns("/*");
        registration.setName("XssFiter");
        registration.setOrder(2);
        return registration;
    }
}

svr/svr-wlyy-specialist/src/main/java/com/yihu/jw/filter/XssAndHttpServletRequestWrapper.java

@@ -0,0 +1,55 @@
package com.yihu.jw.filter;
import com.yihu.jw.util.XssUtil;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
/**
 * Created by yeshijie on 2020/8/27.
 */
public class XssAndHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest request;
    public XssAndHttpServletRequestWrapper(HttpServletRequest request) {
        super(request);
        this.request = request;
    }
    @Override
    public String getParameter(String name) {
        String value = super.getParameter(name);
        // System.out.println("name:" + name + "," + value);
        if (value != null) {
            // 转换Html
            value = XssUtil.cleanXss(value);
        }
        return value;
    }
    @Override
    public String getHeader(String name) {
        return XssUtil.cleanXss(super.getHeader(name));
    }
    @Override
    public String getQueryString() {
        return XssUtil.cleanXss(super.getQueryString());
    }
    @Override
    public String[] getParameterValues(String parameter) {
        String[] values = super.getParameterValues(parameter);
        if (values == null) {
            return null;
        }
        int count = values.length;
        String[] encodedValues = new String[count];
        for (int i = 0; i < count; i++) {
            encodedValues[i] = XssUtil.cleanXss(values[i]);
        }
        return encodedValues;
    }
}

svr/svr-wlyy-specialist/src/main/java/com/yihu/jw/filter/XssFiter.java

@@ -0,0 +1,25 @@
package com.yihu.jw.filter;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
/**
 * Created by yeshijie on 2020/8/27.
 */
public class XssFiter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        XssAndHttpServletRequestWrapper xssRequestWrapper = new XssAndHttpServletRequestWrapper(req);
        chain.doFilter(xssRequestWrapper, response);
    }
    public void destroy() {
    }
}

svr/svr-wlyy-specialist/src/main/java/com/yihu/jw/util/XssUtil.java

@@ -0,0 +1,91 @@
package com.yihu.jw.util;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
 * Created by yeshijie on 2020/8/27.
 */
public class XssUtil {
    private static final String REGEX_SCRIPT = "<script[^>]*?>[\\s\\S]*?<\\/script>"; // 定义script的正则表达式
    private static final String REGEX_STYLE = "<style[^>]*?>[\\s\\S]*?<\\/style>"; // 定义style的正则表达式
    private static final String REGEX_HTML = "<[^>]+>"; // 定义HTML标签的正则表达式
    // private static final String REGEX_SPACE = "\\s*|\t|\r|\n";// 定义空格回车换行符
    /**
     * 过滤掉script标签
     *
     * @param htmlStr
     * @return
     */
    public static String delScriptTag(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_script = Pattern.compile(REGEX_SCRIPT, Pattern.CASE_INSENSITIVE);
        Matcher m_script = p_script.matcher(htmlStr);
        htmlStr = m_script.replaceAll(""); // 过滤script标签
        return htmlStr;
    }
    /**
     * 过滤掉style标签
     *
     * @param htmlStr
     * @return
     */
    public static String delStyleTag(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_style = Pattern.compile(REGEX_STYLE, Pattern.CASE_INSENSITIVE);
        Matcher m_style = p_style.matcher(htmlStr);
        htmlStr = m_style.replaceAll(""); // 过滤style标签*/
        return htmlStr;
    }
    /**
     * @param htmlStr
     * @return 删除Html标签
     */
    public static String delHTMLTag(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_html = Pattern.compile(REGEX_HTML, Pattern.CASE_INSENSITIVE);
        Matcher m_html = p_html.matcher(htmlStr);
        htmlStr = m_html.replaceAll(""); // 过滤html标签
        return htmlStr; // 返回文本字符串
    }
    /**
     * 将html标签中的<>进行转义，如只有"<"或者">"则不进行转义
     */
    public static String escapeHtml(String htmlStr) {
        if (htmlStr == null)
            return null;
        Pattern p_script = Pattern.compile(REGEX_HTML, Pattern.CASE_INSENSITIVE);
        Matcher m_script = p_script.matcher(htmlStr);
        while (m_script.find()) {
            String str = m_script.group();
            String str_target = str.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
            htmlStr = htmlStr.replaceAll(str, str_target);
        }
        return htmlStr;
    }
    /**
     * 转义html标签
     *
     * @param input
     * @return
     */
    public static String cleanXss(String input) {
        if (input == null)
            return null;
        return escapeHtml(delStyleTag(delScriptTag(input)));
    }
    public static void main(String[] args) {
        System.out.println(cleanXss("<'script>"));
    }
}