탐색 도움말
가입하기 로그인
zxc5659151
/
wlyy2.0
원본 프로젝트 : Amoy2/wlyy2.0
Watch 1
Star 0
포크 0
파일
소스 검색

Merge branch 'dev' of http://192.168.1.220:10080/Amoy2/wlyy2.0 into dev

liubing 3 년 전
부모
868c2cc02e 506b2dffd0
커밋
368b1a5d63
18개의 변경된 파일423개의 추가작업 그리고 25개의 파일을 삭제
분할 보기 변경상태 보기
  1. 17 0
      gateway/ag-basic/src/main/java/com/yihu/jw/gateway/config/MultipartConfig.java
  2. 114 0
      gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/CsrfFilter.java
  3. 5 0
      gateway/ag-basic/src/main/resources/application.yml
  4. 11 4
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/config/MvcConfig.java
  5. 7 1
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/assistance/EmergencyAssistanceEndpoint.java
  6. 5 2
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/consult/DoctorConsultController.java
  7. 27 1
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/consult/DoctorConsultEndpoint.java
  8. 13 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/course/DoctorCourseEndpoint.java
  9. 18 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/course/RecruitStudentsEndpoint.java
  10. 28 5
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/doorCoach/DoctorDoorCoachOrderController.java
  11. 3 3
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/label/PatientLabelEndpoint.java
  12. 34 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/interceptors/CrosXssFilter.java
  13. 120 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/interceptors/XssHttpServletRequestWrapper.java
  14. 8 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/assistance/EmergencyAssistanceService.java
  15. 1 1
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/common/PermissionService.java
  16. 4 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/consult/ConsultService.java
  17. 5 8
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/consult/ConsultTeamService.java
  18. 3 0
      svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/doorCoach/DoctorDoorCoachOrderService.java

+ 17 - 0
gateway/ag-basic/src/main/java/com/yihu/jw/gateway/config/MultipartConfig.java
파일 보기 

@ -1,5 +1,8 @@
 
package com.yihu.jw.gateway.config;
 
import com.yihu.jw.gateway.filter.CsrfFilter;
 
import org.springframework.beans.factory.annotation.Autowired;
 
import org.springframework.boot.web.servlet.FilterRegistrationBean;
 
import org.springframework.boot.web.servlet.MultipartConfigFactory;
 
import org.springframework.context.annotation.Bean;
 
import org.springframework.context.annotation.Configuration;
 
@ -12,6 +15,10 @@ import java.io.*;
 
@Configuration
 
public class MultipartConfig {
 
    @Autowired
 
    CsrfFilter csrfFilter;
 
    @Bean
 
    MultipartConfigElement multipartConfigElement() {
 
        MultipartConfigFactory factory = new MultipartConfigFactory();
 
@ -24,4 +31,14 @@ public class MultipartConfig {
 
        return factory.createMultipartConfig();
 
    }
 
    @Bean
 
    public FilterRegistrationBean testFilterRegistration4() {
 
        FilterRegistrationBean registration = new FilterRegistrationBean();
 
        registration.setFilter(csrfFilter);
 
        registration.addUrlPatterns("/*");
 
        registration.setName("CsrfFilter");
 
        registration.setOrder(3);
 
        return registration;
 
    }
 
}

+ 114 - 0
gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/CsrfFilter.java
파일 보기 

@ -0,0 +1,114 @@
 
package com.yihu.jw.gateway.filter;
 
import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
import org.springframework.beans.factory.annotation.Value;
 
import org.springframework.stereotype.Component;
 
import javax.servlet.*;
 
import javax.servlet.http.HttpServletRequest;
 
import javax.servlet.http.HttpServletResponse;
 
import java.io.IOException;
 
import java.net.MalformedURLException;
 
import java.util.ArrayList;
 
import java.util.List;
 
import java.util.regex.Matcher;
 
import java.util.regex.Pattern;
 
/**
 
 * Created by yeshijie on 2022/3/15.
 
 */
 
@Component
 
public class CsrfFilter implements Filter {
 
    private Logger log = LoggerFactory.getLogger(CsrfFilter.class);
 
    /**
 
     * 过滤器配置对象
 
     */
 
    FilterConfig filterConfig = null;
 
    /**
 
     * 是否启用
 
     */
 
    @Value("${security.csrf.enable}")
 
    private boolean enable;
 
    /**
 
     * 忽略的URL
 
     */
 
    private List<String> excludes = new ArrayList<>();
 
    public void setExcludes(List<String> excludes) {
 
        this.excludes = excludes;
 
    }
 
    /**
 
     * 初始化
 
     */
 
    @Override
 
    public void init(FilterConfig filterConfig) throws ServletException {
 
        this.filterConfig = filterConfig;
 
    }
 
    /**
 
     * 拦截
 
     */
 
    @Override
 
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
 
            throws IOException, ServletException {
 
        HttpServletRequest request = (HttpServletRequest) servletRequest;
 
        HttpServletResponse response = (HttpServletResponse) servletResponse;
 
        String referer = request.getHeader("Referer");
 
        String host = request.getServerName();
 
        // 不启用或者已忽略的URL不拦截
 
        if(!enable ||referer == null||referer.indexOf("http://ehr.yihu.com")==0
 
                ||referer.indexOf("https://zhyzh.gongshu.gov.cn")==0
 
                ||referer.indexOf("27.154.233.186")>0
 
                ||referer.indexOf(host)>0){
 
            filterChain.doFilter(servletRequest, servletResponse);
 
            return;
 
        }
 
        java.net.URL url = null;
 
        try {
 
            url = new java.net.URL(referer);
 
        } catch (MalformedURLException e) {
 
            // URL解析异常,也置为404
 
            response.setStatus(HttpServletResponse.SC_NOT_FOUND);
 
            return;
 
        }
 
        // 判断是否存在外链请求本站
 
        if (!host.equals(url.getHost())) {
 
            log.error("CSRF过滤器 => 服务器:{} => 当前域名:{}", host, referer);
 
            servletResponse.setContentType("text/html; charset=utf-8");
 
            servletResponse.getWriter().write("系统不支持当前域名的访问!");
 
        } else {
 
            filterChain.doFilter(servletRequest, servletResponse);
 
        }
 
    }
 
    /**
 
     * 销毁
 
     */
 
    @Override
 
    public void destroy() {
 
        this.filterConfig = null;
 
    }
 
    /**
 
     * 判断是否为忽略的URL
 
     *
 
     * @param url URL路径
 
     * @return true-忽略,false-过滤
 
     */
 
    private boolean isExcludeUrl(String url) {
 
        if (excludes == null || excludes.isEmpty()) {
 
            return false;
 
        }
 
        return excludes.stream().map(pattern -> Pattern.compile("^" + pattern)).map(p -> p.matcher(url))
 
                .anyMatch(Matcher::find);
 
    }
 
}

+ 5 - 0
gateway/ag-basic/src/main/resources/application.yml
파일 보기 

@ -116,6 +116,11 @@ endpoints:
 
  heapdump:
 
    enabled: false
 
# 信息安全
 
security:
 
  csrf:
 
    enable: true
 
#---
 
#spring:
 
#  profiles: jwdev

+ 11 - 4
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/config/MvcConfig.java
파일 보기 

@ -1,7 +1,7 @@
 
package com.yihu.jw.care.config;
 
import com.tencentcloudapi.cdn.v20180606.models.UserAgentFilter;
 
import com.yihu.jw.care.interceptors.CrosXssFilter;
 
import com.yihu.jw.care.interceptors.GateWayInterceptor;
 
import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
@ -9,9 +9,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 
import org.springframework.boot.web.servlet.FilterRegistrationBean;
 
import org.springframework.context.annotation.Bean;
 
import org.springframework.context.annotation.Configuration;
 
import org.springframework.context.annotation.Profile;
 
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
/**
 
@ -32,9 +30,18 @@ public class MvcConfig extends WebMvcConfigurerAdapter {
 
//         excludePathPatterns 用户排除拦截 ,/third/juye/kit/**
 
        registry.addInterceptor(gateWayInterceptor).addPathPatterns("/open/gc/**").excludePathPatterns(
 
                "/open/gc/accesstoken");
 
        super.addInterceptors(registry);
 
        logger.info("init gateWayInterceptor");
 
    }
 
    @Bean
 
    public FilterRegistrationBean testFilterRegistration() {
 
        FilterRegistrationBean registration = new FilterRegistrationBean();
 
        registration.setFilter(new CrosXssFilter());
 
        registration.addUrlPatterns("/*");
 
        registration.setName("CrosXssFilter");
 
        registration.setOrder(1);
 
        return registration;
 
    }
 
}

+ 7 - 1
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/assistance/EmergencyAssistanceEndpoint.java
파일 보기 

@ -352,7 +352,8 @@ public class EmergencyAssistanceEndpoint extends EnvelopRestEndpoint {
 
                                   @ApiParam(value = "误报警类型 字典emergency_cancel的code", name = "emergencyCancel", required = true)
 
                                   @RequestParam(value = "emergencyCancel", defaultValue = "4") Integer emergencyCancel){
 
        try {
 
            JSONObject result = assistanceService.errorWarning(orderId,emergencyCancel,getUID());
 
            String uid = permissionService.getUID();
 
            JSONObject result = assistanceService.errorWarning(orderId,emergencyCancel,uid);
 
            if (result.getIntValue("resultFlag") == 0) {
 
                return ObjEnvelop.getError(result.getString("resultMsg"));
 
            }
 
@ -371,6 +372,11 @@ public class EmergencyAssistanceEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name="message",value = "发送内容")@RequestParam(value = "message")String message,
 
            @ApiParam(name="session_id",value = "im会话对应id")@RequestParam(value = "session_id")String session_id){
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctor);
 
            if(permissionService.noPermission(1,param)){
 
                return ObjEnvelop.getError("该操作没有权限");
 
            }
 
            return ObjEnvelop.getSuccess("success",assistanceService.doctorSendMessageLog(doctor,type,session_id,message));
 
        }catch (Exception e){
 
            return failedObjEnvelopException2(e);

+ 5 - 2
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/consult/DoctorConsultController.java
파일 보기 

@ -1,6 +1,7 @@
 
package com.yihu.jw.care.endpoint.consult;
 
import com.yihu.jw.care.aop.ObserverRequired;
 
import com.yihu.jw.care.service.common.PermissionService;
 
import com.yihu.jw.care.service.consult.ConsultTeamService;
 
import com.yihu.jw.restmodel.web.Envelop;
 
import com.yihu.jw.restmodel.web.endpoint.EnvelopRestEndpoint;
 
@ -24,6 +25,8 @@ public class DoctorConsultController extends EnvelopRestEndpoint {
 
    @Autowired
 
    private ConsultTeamService consultTeamService;
 
    @Autowired
 
    private PermissionService permissionService;
 
    /**
 
     * 结束咨询接口
 
@ -35,8 +38,8 @@ public class DoctorConsultController extends EnvelopRestEndpoint {
 
    @ObserverRequired
 
    public Envelop finishConsult(@RequestParam(required = false) String consult) {
 
        try {
 
            int flag = consultTeamService.finishConsult(consult, getUID(), 2);
 
//            int flag = consultTeamService.finishConsult(consult, "admin", 2);
 
            String uid = permissionService.getUID();
 
            int flag = consultTeamService.finishConsult(consult, uid, 2);
 
            if (flag > 0) {
 
                return success("咨询已关闭");
 
            } else if(flag == -1) {

+ 27 - 1
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/consult/DoctorConsultEndpoint.java
파일 보기 

@ -2,16 +2,19 @@ package com.yihu.jw.care.endpoint.consult;
 
import com.alibaba.fastjson.JSONObject;
 
import com.yihu.jw.care.aop.ObserverRequired;
 
import com.yihu.jw.care.service.common.PermissionService;
 
import com.yihu.jw.care.service.consult.ConsultService;
 
import com.yihu.jw.doctor.dao.BaseDoctorDao;
 
import com.yihu.jw.entity.base.doctor.BaseDoctorDO;
 
import com.yihu.jw.im.service.ImService;
 
import com.yihu.jw.restmodel.web.Envelop;
 
import com.yihu.jw.restmodel.web.ObjEnvelop;
 
import com.yihu.jw.restmodel.web.endpoint.EnvelopRestEndpoint;
 
import com.yihu.jw.rm.hospital.BaseHospitalRequestMapping;
 
import io.swagger.annotations.Api;
 
import io.swagger.annotations.ApiOperation;
 
import io.swagger.annotations.ApiParam;
 
import org.apache.commons.lang3.StringUtils;
 
import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
import org.springframework.beans.factory.annotation.Autowired;
 
@ -41,6 +44,8 @@ public class DoctorConsultEndpoint extends EnvelopRestEndpoint {
 
    private BaseDoctorDao baseDoctorDao;
 
    @Autowired
 
    private ImService imService;
 
    @Autowired
 
    private PermissionService permissionService;
 
    @PostMapping(value = "finish")
 
    @ApiOperation(value = "医生结束咨询", notes = "医生结束咨询")
 
@ -51,6 +56,12 @@ public class DoctorConsultEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "doctorCode", value = "医生COEE")
 
            @RequestParam(value = "doctorCode",required = true) String doctorCode) {
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctorCode);
 
            if(permissionService.noPermission(1,param)){
 
                return Envelop.getError("该操作没有权限");
 
            }
 
            int resutl = consultService.finish(consult,doctorCode,2);
 
            BaseDoctorDO baseDoctorDO = baseDoctorDao.findById(doctorCode);
 
            JSONObject msgObj = new JSONObject();
 
@ -60,8 +71,10 @@ public class DoctorConsultEndpoint extends EnvelopRestEndpoint {
 
            if(1 == resutl){
 
                jsonStr = "{\"id\":\""+ UUID.randomUUID().toString()+"\",\"sender_id\":\""+doctorCode+"\",\"sender_name\":\"系统\",\"timestamp\":"+System.currentTimeMillis()+",\"content_type\":7,\"content\":"+msgObj.toString()+",\"business_type\":1}";
 
                return success(jsonStr);
 
            }else {
 
                return Envelop.getError("关闭失败");
 
            }
 
            return success(jsonStr);
 
        }catch (Exception e){
 
           return failedException2(e);
 
        }
 
@ -108,6 +121,14 @@ public class DoctorConsultEndpoint extends EnvelopRestEndpoint {
 
    ){
 
        try {
 
            if(StringUtils.isNotBlank(doctor)){
 
                JSONObject param = new JSONObject();
 
                param.put("doctorId",doctor);
 
                if(permissionService.noPermission(1,param)){
 
                    return Envelop.getError("该操作没有权限");
 
                }
 
            }
 
            List<Map<String,Object>>  data = consultService.findConsultRecordByDoctor(doctor, id,type,status, page,pagesize, symptoms,start_time,end_time,name);
 
            Long total = consultService.countConsultRecordByDoctor(doctor, id,type,symptoms,status,start_time,end_time,name);
 
@ -137,6 +158,11 @@ public class DoctorConsultEndpoint extends EnvelopRestEndpoint {
 
                                          @RequestParam(value = "session_id",required = false) String session_id
 
    ){
 
        try{
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",sender_id);
 
            if(permissionService.noPermission(1,param)){
 
                return Envelop.getError("该操作没有权限");
 
            }
 
            consultService.sendWeTempMesMiniProgram(sender_id,reciver_id,session_id,token,channelName);
 
            return success("操作成功");
 
        }catch (Exception e){

+ 13 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/course/DoctorCourseEndpoint.java
파일 보기 

@ -2,6 +2,7 @@ package com.yihu.jw.care.endpoint.course;
 
import com.alibaba.fastjson.JSONObject;
 
import com.yihu.jw.care.aop.ObserverRequired;
 
import com.yihu.jw.care.service.common.PermissionService;
 
import com.yihu.jw.care.service.course.CourseService;
 
import com.yihu.jw.entity.care.course.CourseDO;
 
import com.yihu.jw.restmodel.ResponseContant;
 
@ -37,6 +38,8 @@ public class DoctorCourseEndpoint extends EnvelopRestEndpoint {
 
    private String secretId;
 
    @Value("${tencent.secretKey}")
 
    private String secretKey;
 
    @Autowired
 
    private PermissionService permissionService;
 
    @GetMapping(value = "myCourseList")
 
    @ApiOperation(value = "我的课程列表")
 
@ -46,6 +49,11 @@ public class DoctorCourseEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "page", value = "分页大小", required = true, defaultValue = "1") @RequestParam(value = "page") int page,
 
            @ApiParam(name = "size", value = "页码", required = true, defaultValue = "3") @RequestParam(value = "size") int size) {
 
        try{
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctor);
 
            if(permissionService.noPermission(1,param)){
 
                return PageEnvelop.getError("该操作没有权限");
 
            }
 
            JSONObject result = courseService.myCourseList(doctor, type, page, size);
 
            if (result.getIntValue(ResponseContant.resultFlag) == ResponseContant.fail) {
 
                return PageEnvelop.getError(result.getString(ResponseContant.resultMsg));
 
@ -76,6 +84,11 @@ public class DoctorCourseEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "doctorId", value = "doctorId") @RequestParam(value = "doctorId", required = true) String doctorId,
 
            @ApiParam(name = "jsonData", value = "jsonData") @RequestParam(value = "jsonData", required = true) String jsonData) {
 
        try{
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctorId);
 
            if(permissionService.noPermission(1,param)){
 
                return ObjEnvelop.getError("该操作没有权限");
 
            }
 
            JSONObject result = courseService.addCourse(doctorId, jsonData);
 
            if (result.getIntValue(ResponseContant.resultFlag) == ResponseContant.fail) {
 
                return ObjEnvelop.getError(result.getString(ResponseContant.resultMsg));

+ 18 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/course/RecruitStudentsEndpoint.java
파일 보기 

@ -2,6 +2,7 @@ package com.yihu.jw.care.endpoint.course;
 
import com.alibaba.fastjson.JSONObject;
 
import com.yihu.jw.care.aop.ObserverRequired;
 
import com.yihu.jw.care.service.common.PermissionService;
 
import com.yihu.jw.care.service.course.RecruitStudentService;
 
import com.yihu.jw.restmodel.ResponseContant;
 
import com.yihu.jw.restmodel.web.Envelop;
 
@ -30,12 +31,19 @@ public class RecruitStudentsEndpoint extends EnvelopRestEndpoint {
 
    @Autowired
 
    private RecruitStudentService recruitStudentService;
 
    @Autowired
 
    private PermissionService permissionService;
 
    @GetMapping(value = "onlineRegisterCount")
 
    @ApiOperation("在线报名-已报名数量")
 
    public ObjEnvelop onlineRegisterCount(@ApiParam(name = "doctorId", value = "doctorId")
 
                                          @RequestParam(value = "doctorId", required = true) String doctorId){
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctorId);
 
            if(permissionService.noPermission(1,param)){
 
                return ObjEnvelop.getError("该操作没有权限");
 
            }
 
            return ObjEnvelop.getSuccess("查询成功",recruitStudentService.onlineRegisterCount(doctorId));
 
        }catch (Exception e){
 
            return failedObjEnvelopException2(e);
 
@ -50,6 +58,11 @@ public class RecruitStudentsEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "page", value = "分页大小", required = true, defaultValue = "1") @RequestParam(value = "page") int page,
 
            @ApiParam(name = "size", value = "页码", required = true, defaultValue = "15") @RequestParam(value = "size") int size) {
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctorId);
 
            if(permissionService.noPermission(1,param)){
 
                return PageEnvelop.getError("该操作没有权限");
 
            }
 
            JSONObject result = recruitStudentService.queryInfoList(doctorId, status, page, size);
 
            if (result.getIntValue(ResponseContant.resultFlag) == ResponseContant.fail) {
 
                return PageEnvelop.getError(result.getString(ResponseContant.resultMsg), -1);
 
@ -67,6 +80,11 @@ public class RecruitStudentsEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "doctorId", value = "教师id")
 
            @RequestParam(value = "doctorId", required = true) String doctorId) {
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctorId);
 
            if(permissionService.noPermission(1,param)){
 
                return PageEnvelop.getError("该操作没有权限");
 
            }
 
            JSONObject result = recruitStudentService.onlineRegisterStatusCount(doctorId);
 
            if (result.getIntValue(ResponseContant.resultFlag) == ResponseContant.fail) {
 
                return Envelop.getError(result.getString(ResponseContant.resultMsg),-1);

+ 28 - 5
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/doorCoach/DoctorDoorCoachOrderController.java
파일 보기 

@ -6,6 +6,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 
import com.yihu.jw.care.aop.ObserverRequired;
 
import com.yihu.jw.care.endpoint.BaseController;
 
import com.yihu.jw.care.service.common.PermissionService;
 
import com.yihu.jw.care.service.consult.ConsultTeamService;
 
import com.yihu.jw.care.service.doorCoach.DoctorDoorCoachOrderService;
 
import com.yihu.jw.care.service.doorCoach.PatientDoorCoachOrderService;
 
@ -47,6 +48,9 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
    private ImService imService;
 
    @Autowired
 
    private ConsultTeamService consultTeamService;
 
    @Autowired
 
    private PermissionService permissionService;
 
    private BaseController baseController = new BaseController();
 
    @PostMapping(value = "proxyCreate")
 
@ -54,7 +58,8 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
    @ObserverRequired
 
    public String create(@ApiParam(name = "jsonData", value = "Json数据", required = true) @RequestParam String jsonData) {
 
        try{
 
            JSONObject result = patientDoorCoachOrderService.proxyCreate(jsonData,getUID());
 
            String uid = permissionService.getUID();
 
            JSONObject result = patientDoorCoachOrderService.proxyCreate(jsonData,uid);
 
            if (result.getIntValue(ResponseContant.resultFlag) == ResponseContant.fail) {
 
                return baseController.error(-1, result.getString(ResponseContant.resultMsg));
 
            }
 
@ -70,6 +75,11 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            @ApiParam(name = "doctor", value = "医生codedoctor")
 
            @RequestParam(value = "doctor", required = true) String doctor) {
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctor);
 
            if(permissionService.noPermission(1,param)){
 
                return baseController.error(-1,"该操作没有权限");
 
            }
 
            return  baseController.write(200, "获取成功", "data",doctorDoorCoachOrderService.getDoorOrderNum(doctor));
 
        } catch (Exception e) {
 
            return baseController.errorResult(e);
 
@ -171,7 +181,8 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            @ApiParam(value = "拒绝原因", name = "reason", required = false)
 
            @RequestParam(value = "reason", required = false) String reason) {
 
        try {
 
            doctorDoorCoachOrderService.refuseOrder(getUID(),orderId, reason);
 
            String uid = permissionService.getUID();
 
            doctorDoorCoachOrderService.refuseOrder(uid,orderId, reason);
 
            return baseController.write(200, "操作成功");
 
        } catch (Exception e) {
 
            return baseController.errorResult(e);
 
@ -216,7 +227,8 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            @ApiParam(value = "二维码内容", name = "twoDimensionalCode")
 
            @RequestParam(value = "twoDimensionalCode", required = false) String twoDimensionalCode) {
 
        try {
 
            BaseDoorCoachOrderDO baseDoorCoachOrderDO = doctorDoorCoachOrderService.signIn(orderId, signTime, signWay, signLocation, signImg,twoDimensionalCode,getUID());
 
            String uid = permissionService.getUID();
 
            BaseDoorCoachOrderDO baseDoorCoachOrderDO = doctorDoorCoachOrderService.signIn(orderId, signTime, signWay, signLocation, signImg,twoDimensionalCode,uid);
 
            if (baseDoorCoachOrderDO != null){
 
                return baseController.write(200, "操作成功", "data", baseDoorCoachOrderDO);
 
            }else {
 
@ -310,6 +322,11 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            @ApiParam(name = "doctor", value = "医生code")
 
            @RequestParam(value = "doctor", required = true) String doctor) {
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctor);
 
            if(permissionService.noPermission(1,param)){
 
                return baseController.error(-1,"该操作没有权限");
 
            }
 
            Map<String, Integer> map = doctorDoorCoachOrderService.getNumGroupByStatus(doctor);
 
            return baseController.write(200, "获取成功", "data", map);
 
        } catch (Exception e) {
 
@ -328,6 +345,7 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            @RequestParam(value="page",required = true) String page,
 
            @ApiParam(name="pageSize",value="",defaultValue = "10")
 
            @RequestParam(value="pageSize",required = true) String pageSize){
 
        String uid = permissionService.getUID();
 
        if (org.apache.commons.lang3.StringUtils.isBlank(pageSize)) {
 
            pageSize = "10";
 
        }
 
@ -343,7 +361,7 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
        com.alibaba.fastjson.JSONObject object = JSON.parseObject(message);
 
        message1.setOver(object.getString("over"));
 
        message1.setIsRead(object.get("read")+"");
 
        message1.setReceiver(getUID());
 
        message1.setReceiver(uid);
 
        try {
 
            org.json.JSONObject waitingMessages = doctorDoorCoachOrderService.getWaitingMessages(message1, types, Integer.valueOf(page), Integer.valueOf(pageSize));
 
            return baseController.write(200, "查询成功","data",waitingMessages);
 
@ -387,7 +405,7 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            }
 
            if("0".equals(isManage)){
 
                if(StringUtils.isEmpty(doctorCode)){
 
                    doctorCode=getUID();
 
                    doctorCode = permissionService.getUID();
 
                }
 
            }else if ("1".equals(isManage) && StringUtils.isBlank(hospitalCode)){
 
                //如果是管理员并且未筛选机构,就默认展示其管理下所有机构
 
@ -584,6 +602,11 @@ public class DoctorDoorCoachOrderController extends EnvelopRestEndpoint {
 
            @ApiParam(value = "开关值,5关闭 1开启", name = "value")
 
            @RequestParam(value = "value", required = true) Integer value) {
 
        try {
 
            JSONObject param = new JSONObject();
 
            param.put("doctorId",doctor);
 
            if(permissionService.noPermission(1,param)){
 
                return baseController.error(-1,"该操作没有权限");
 
            }
 
            doctorDoorCoachOrderService.updateDispatchStatusByDoctor(doctor, value);
 
            return baseController.write(200, "修改成功");
 
        } catch (Exception e) {

+ 3 - 3
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/endpoint/label/PatientLabelEndpoint.java
파일 보기 

@ -32,7 +32,7 @@ public class PatientLabelEndpoint extends EnvelopRestEndpoint {
 
    @ApiOperation(value = "按团队查找签约居民的标签统计")
 
    public ListEnvelop findSignPatientLabelNumByTeamCode (
 
            @ApiParam(name = "teamCode", value = "团队code", required = true)
 
            @RequestParam(value = "teamCode",required = true) String teamCode) throws Exception {
 
            @RequestParam(value = "teamCode",required = true) String teamCode){
 
        try{
 
            return ListEnvelop.getSuccess("查询成功",patientLableService.findSignPatientLabelNumByTeamCode(teamCode));
 
        }catch (Exception e){
 
@ -54,7 +54,7 @@ public class PatientLabelEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "page", value = "分页大小", required = true, defaultValue = "1")
 
            @RequestParam(value = "page") int page,
 
            @ApiParam(name = "size", value = "页码", required = true, defaultValue = "15")
 
            @RequestParam(value = "size") int size) throws Exception {
 
            @RequestParam(value = "size") int size) {
 
        try{
 
            return patientLableService.findSignPatientLabelListByTeamCode(teamCode, labelCode, name,topicItem, page, size);
 
        }catch (Exception e){
 
@ -78,7 +78,7 @@ public class PatientLabelEndpoint extends EnvelopRestEndpoint {
 
            @ApiParam(name = "page", value = "分页大小", required = true, defaultValue = "1")
 
            @RequestParam(value = "page") int page,
 
            @ApiParam(name = "size", value = "页码", required = true, defaultValue = "15")
 
            @RequestParam(value = "size") int size) throws Exception {
 
            @RequestParam(value = "size") int size) {
 
        try{
 
            return patientLableService.findSignPatientLabelList(doctor,labelCode, name,topicItem, page, size);
 
        }catch (Exception e){

+ 34 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/interceptors/CrosXssFilter.java
파일 보기 

@ -0,0 +1,34 @@
 
package com.yihu.jw.care.interceptors;
 
import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
import javax.servlet.*;
 
import javax.servlet.http.HttpServletRequest;
 
import java.io.IOException;
 
/**
 
 * Created by yeshijie on 2020/9/2.
 
 */
 
public class CrosXssFilter implements Filter {
 
    private static final Logger logger = LoggerFactory.getLogger(CrosXssFilter.class);
 
    @Override
 
    public void init(FilterConfig filterConfig) throws ServletException {
 
    }
 
    @Override
 
    public void doFilter(ServletRequest request, ServletResponse response,
 
                         FilterChain chain) throws IOException, ServletException {
 
        request.setCharacterEncoding("utf-8");
 
        response.setContentType("text/html;charset=utf-8");
 
        //sql,xss过滤
 
        HttpServletRequest httpServletRequest=(HttpServletRequest)request;
 
        XssHttpServletRequestWrapper xssHttpServletRequestWrapper=new XssHttpServletRequestWrapper(
 
                httpServletRequest);
 
        chain.doFilter(xssHttpServletRequestWrapper, response);
 
    }
 
    @Override
 
    public void destroy() {
 
    }
 
}

+ 120 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/interceptors/XssHttpServletRequestWrapper.java
파일 보기 

@ -0,0 +1,120 @@
 
package com.yihu.jw.care.interceptors;
 
import org.apache.commons.lang.StringUtils;
 
import org.slf4j.Logger;
 
import org.slf4j.LoggerFactory;
 
import javax.servlet.http.HttpServletRequest;
 
import javax.servlet.http.HttpServletRequestWrapper;
 
import java.util.HashMap;
 
import java.util.HashSet;
 
import java.util.Map;
 
import java.util.Set;
 
/**
 
 * Created by yeshijie on 2020/9/1.
 
 */
 
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
 
    private final Logger log = LoggerFactory.getLogger(getClass());
 
    private static String key = "select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|into|drop|execute|*|%";
 
    private static Set<String> notAllowedKeyWords = new HashSet<String>(0);
 
    private static String replacedString="INVALID";
 
    static {
 
        String keyStr[] = key.split("\\|");
 
        for (String str : keyStr) {
 
            notAllowedKeyWords.add(str);
 
        }
 
    }
 
    private String currentUrl;
 
    public XssHttpServletRequestWrapper(HttpServletRequest servletRequest) {
 
        super(servletRequest);
 
        currentUrl = servletRequest.getRequestURI();
 
    }
 
    /**覆盖getParameter方法,将参数名和参数值都做xss过滤。
 
     * 如果需要获得原始的值,则通过super.getParameterValues(name)来获取
 
     * getParameterNames,getParameterValues和getParameterMap也可能需要覆盖
 
     */
 
    @Override
 
    public String getParameter(String parameter) {
 
        String value = super.getParameter(parameter);
 
        if (value == null) {
 
            return null;
 
        }
 
        return cleanXSS(value);
 
    }
 
    @Override
 
    public String[] getParameterValues(String parameter) {
 
        String[] values = super.getParameterValues(parameter);
 
        if (values == null) {
 
            return null;
 
        }
 
        int count = values.length;
 
        String[] encodedValues = new String[count];
 
        for (int i = 0; i < count; i++) {
 
            encodedValues[i] = cleanXSS(values[i]);
 
        }
 
        return encodedValues;
 
    }
 
    @Override
 
    public Map<String, String[]> getParameterMap(){
 
        Map<String, String[]> values=super.getParameterMap();
 
        if (values == null) {
 
            return null;
 
        }
 
        Map<String, String[]> result=new HashMap<>();
 
        for(String key:values.keySet()){
 
            String encodedKey=cleanXSS(key);
 
            int count=values.get(key).length;
 
            String[] encodedValues = new String[count];
 
            for (int i = 0; i < count; i++){
 
                encodedValues[i]=cleanXSS(values.get(key)[i]);
 
            }
 
            result.put(encodedKey,encodedValues);
 
        }
 
        return result;
 
    }
 
    /**
 
     * 覆盖getHeader方法,将参数名和参数值都做xss过滤。
 
     * 如果需要获得原始的值,则通过super.getHeaders(name)来获取
 
     * getHeaderNames 也可能需要覆盖
 
     */
 
    @Override
 
    public String getHeader(String name) {
 
//        String value = super.getHeader(name);
 
//        if (value == null) {
 
//            return null;
 
//        }
 
//        return cleanXSS(value);
 
        return super.getHeader(name);
 
    }
 
    private String cleanXSS(String valueP) {
 
        // You'll need to remove the spaces from the html entities below
 
        String value = valueP.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
 
        value = value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
 
        value = value.replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41;");
 
        value = value.replaceAll("'", "& #39;");
 
        value = value.replaceAll("eval\\((.*)\\)", "");
 
        value = value.replaceAll("[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']", "\"\"");
 
        value = value.replaceAll("script", "");
 
        value = cleanSqlKeyWords(value);
 
        return value;
 
    }
 
    private String cleanSqlKeyWords(String value) {
 
        String paramValue = value;
 
        for (String keyword : notAllowedKeyWords) {
 
            if (paramValue.length() > keyword.length() + 4
 
                    && (paramValue.contains(" "+keyword)||paramValue.contains(keyword+" ")||paramValue.contains(" "+keyword+" "))) {
 
                paramValue = StringUtils.replace(paramValue, keyword, replacedString);
 
                log.error(this.currentUrl + "已被过滤,因为参数中包含不允许sql的关键词(" + keyword
 
                        + ")"+";参数:"+value+";过滤后的参数:"+paramValue);
 
            }
 
        }
 
        return paramValue;
 
    }
 
}

+ 8 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/assistance/EmergencyAssistanceService.java
파일 보기 

@ -1100,6 +1100,14 @@ public class EmergencyAssistanceService extends BaseJpaService<EmergencyAssistan
 
            result.put("resultMsg", failMsg);
 
            return result;
 
        }
 
        String orgCodeTmp = permissionService.getDoctorOrg(doctor);
 
        if(!orgCodeTmp.equals(assistanceDO.getOrgCode())){
 
            String failMsg = "该操作没权限" ;
 
            result.put("resultFlag", 0);
 
            result.put("resultMsg", failMsg);
 
            return result;
 
        }
 
        BaseDoctorDO doctorDO = doctorDao.findById(doctor);
 
        assistanceDO.setStatus(-2);
 
        assistanceDO.setUpdateTime(new Date());

+ 1 - 1
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/common/PermissionService.java
파일 보기 

@ -121,7 +121,7 @@ public class PermissionService {
 
            }
 
            if(type == 1){
 
                String doctorId = param.getString("doctorId");
 
                if(!"doctorId".equals(doctorId)){
 
                if(!userId.equals(doctorId)){
 
                    return true;
 
                }
 
            }

+ 4 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/consult/ConsultService.java
파일 보기 

@ -204,6 +204,10 @@ public class ConsultService {
 
            } else {
 
                endId = d.getId();
 
                endName = d.getName();
 
                if(org.apache.commons.lang3.StringUtils.isNotBlank(consultTeam.getDoctor())&&!endOperator.equals(consultTeam.getDoctor())){
 
                    //没权限关闭
 
                    return -3;
 
                }
 
            }
 
            obj = imUtil.endTopics(consultTeam.getDoctor(), endId, endName, consultTeam.getConsult());
 
        }

+ 5 - 8
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/consult/ConsultTeamService.java
파일 보기 

@ -549,14 +549,6 @@ public class ConsultTeamService {
 
            return -1;
 
        }
 
//        //新增续方咨询结束判断 (续方未审核时不可由医生或居民关闭)
 
//        if (consultTeam.getType() == 8) {
 
//            Prescription prescription = prescriptionDao.findByCode(consultTeam.getRelationCode());
 
//            if (prescription.getStatus() == 0) {
 
//                return -2;
 
//            }
 
//        }
 
        String endName = "";
 
        String endId = "";
 
        //结束咨询才发送推送给IM文字消息
 
@ -575,6 +567,11 @@ public class ConsultTeamService {
 
            }
 
        }
 
        if(StringUtils.isNotBlank(consultTeam.getDoctor())&&!endOperator.equals(consultTeam.getDoctor())){
 
            //没权限关闭
 
            return -3;
 
        }
 
        JSONObject obj = imUtill.endTopics(consultTeam.getPatient(), endId, endName, consultTeam.getConsult());
 
        if (obj == null) {
 
            throw new RuntimeException("IM消息结束异常!");

+ 3 - 0
svr/svr-cloud-care/src/main/java/com/yihu/jw/care/service/doorCoach/DoctorDoorCoachOrderService.java
파일 보기 

@ -495,6 +495,9 @@ public class DoctorDoorCoachOrderService {
 
        if (null == doorServiceOrder) {
 
            throw new Exception("该工单不存在");
 
        }
 
        if(!receiver.equals(doorServiceOrder.getDoctor())){
 
            throw new Exception("该操作没有权限");
 
        }
 
        //给代预约医生发消息
 
        if (doorServiceOrder.getType() != null && doorServiceOrder.getType() == 3) {
 
            BaseDoctorDO baseDoctorDO = baseDoctorDao.findById(doorServiceOrder.getProxyPatient());//·