Merge branch 'dev' of http://192.168.1.220:10080/Amoy2/wlyy2.0 into dev

gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/CsrfFilter.java

@@ -1,8 +1,11 @@
package com.yihu.jw.gateway.filter;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import javax.servlet.*;
@@ -20,19 +23,24 @@ import java.util.regex.Pattern;
 */
@Component
public class CsrfFilter implements Filter {
    @Autowired
    private StringRedisTemplate redisTemplate;
    private Logger log = LoggerFactory.getLogger(CsrfFilter.class);
    /**
     * 过滤器配置对象
     */
    FilterConfig filterConfig = null;
    /**
     * 是否启用
     */
    @Value("${security.csrf.enable}")
    private boolean enable;
    private boolean getEnable(){
        String strEnable = redisTemplate.opsForValue().get("security:csrf:enable");
        if(StringUtils.isNotBlank(strEnable)){
            return "1".equals(strEnable);
        }
        redisTemplate.opsForValue().set("security:csrf:enable","0");
        return false;
    }
    /**
     * 忽略的URL
@@ -63,7 +71,7 @@ public class CsrfFilter implements Filter {
        String referer = request.getHeader("Referer");
        String host = request.getServerName();
        // 不启用或者已忽略的URL不拦截
        if(!enable ||referer == null||referer.indexOf("http://ehr.yihu.com")==0
        if(!getEnable() ||referer == null||referer.indexOf("http://ehr.yihu.com")==0
                ||referer.indexOf("https://zhyzh.gongshu.gov.cn")==0
                ||referer.indexOf("27.154.233.186")>0
                ||referer.indexOf(host)>0){

svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/admin/CommonEndpoint.java

@@ -15,6 +15,7 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.MediaType;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.bind.annotation.GetMapping;
@@ -35,13 +36,25 @@ public class CommonEndpoint extends EnvelopRestEndpoint {
    private static final Logger logger = LoggerFactory.getLogger(CommonEndpoint.class);
    @Autowired
    private JdbcTemplate jdbcTemplate;
    @Autowired
    private BaseCapacityLabelDao baseCapacityLabelDao;
    @Autowired
    private BasePatientDao patientDao;
    @Autowired
    private StringRedisTemplate redisTemplate;
    @GetMapping(value = "open/setRedisEnable")
    @ApiOperation(value = "设置是否开启拦截security:csrf:enable 1拦截")
    public Envelop setRedisEnable(String str) {
        try {
            redisTemplate.opsForValue().set("security:csrf:enable",str);
            return success("导入成功");
        } catch (Exception e) {
            return failedException2(e);
        }
    }
    @GetMapping(value = "open/importCapLabel")
    @ApiOperation(value = "导入居民能力状况")