Merge branch 'master' of https://gitee.com/antai-wuliu/ANTAI-API

pom.xml

@@ -108,16 +108,6 @@
             <version>2.9.2</version>
         </dependency>
 
-        <dependency>
-            <groupId>org.apache.poi</groupId>
-            <artifactId>poi</artifactId>
-            <version>3.17</version>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.poi</groupId>
-            <artifactId>poi-ooxml</artifactId>
-            <version>3.17</version>
-        </dependency>
         <!--steerinfo-->
         <dependency>
             <groupId>com.steerinfo</groupId>
@@ -180,6 +170,12 @@
             <version>5.5.11</version>
         </dependency>
 
+        <dependency>
+            <groupId>org.apache.poi</groupId>
+            <artifactId>ooxml-schemas</artifactId>
+            <version>1.3</version>
+        </dependency>
+
     </dependencies>
     <build>
         <plugins>

src/main/java/com/steerinfo/dil/config/RequestFilter.java

@@ -26,7 +26,6 @@ public class RequestFilter implements Filter {
     public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
        try{
            HttpServletRequest httpRequest = (HttpServletRequest) request;
-
            String url = httpRequest.getRequestURL().toString();
            //获取参数，并校验
            Cookie[] cookies = httpRequest.getCookies();

src/main/java/com/steerinfo/dil/config/SessionInterceptor.java

@@ -35,7 +35,7 @@ public class SessionInterceptor extends HandlerInterceptorAdapter {
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         HandlerMethod hm = (HandlerMethod) handler;
         String requestUrl = "" + request.getRequestURL();
-        if(!requestUrl.contains("/api/v1/bp/bpLogin") && (request.getAttribute("userId")==null || request.getAttribute("userName")==null)){
+        if(!requestUrl.contains("/api/v1/bp/bpLogin") && !requestUrl.contains("/api/v1/uc/getAppVersion") && (request.getAttribute("userId")==null || request.getAttribute("userName")==null)){
             //无权访问
             response.setCharacterEncoding("UTF-8");
             response.setContentType("application/json; charset=utf-8");

src/main/java/com/steerinfo/dil/config/SqlInjectFilter.java

@@ -0,0 +1,112 @@
+package com.steerinfo.filter;
+
+import java.io.IOException;
+import java.util.Enumeration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+import com.alibaba.fastjson.JSONArray;
+import com.steerinfo.framework.constant.RESTCodes;
+import com.steerinfo.framework.controller.RESTfulResult;
+
+/**
+ * SQL注入过滤器
+ *
+ * @author CL
+ *
+ */
+/*@Component
+@ConfigurationProperties(prefix = "security.sql")
+@WebFilter(filterName = "SqlInjectFilter", urlPatterns = "/*")*/
+public class SqlInjectFilter implements Filter {
+    private static final Logger log = LoggerFactory.getLogger(SqlInjectFilter.class);
+    /**
+     * 过滤器配置对象
+     */
+    FilterConfig filterConfig = null;
+
+    /**
+     * 初始化
+     */
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        this.filterConfig = filterConfig;
+    }
+
+    /**
+     * 拦截
+     */
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+        HttpServletRequest req = (HttpServletRequest) servletRequest;
+        HttpServletResponse res = (HttpServletResponse) servletResponse;
+        // 获得所有请求参数名
+        Enumeration params = req.getParameterNames();
+//        String requestUriMb= req.getRequestURI();
+        String sql = "";
+        String strparams = "";
+        while (params.hasMoreElements()) {
+            // 得到参数名
+            String name = params.nextElement().toString();
+            // 得到参数对应值
+            String[] value = req.getParameterValues(name);
+            for (int i = 0; i < value.length; i++) {
+                sql = sql + value[i];
+                strparams = strparams + " " + value[i];
+            }
+        }
+        if (sqlValidate(sql) ) { //&& !requestUriMb.contains("executeSqlDataWf")
+            // res.sendRedirect("error.jsp");
+            log.info("发现sql注入:" + strparams);
+            String msg = "非法请求参数,请检查后再进行操作";
+            RESTfulResult result = new RESTfulResult(RESTCodes.ERROR, msg);
+            res.setCharacterEncoding("UTF-8");
+            res.setHeader("Content-Type", "application/json");
+            res.setContentType("application/json;charset=UTF-8");
+            res.setStatus(HttpServletResponse.SC_OK);
+            res.getWriter().write(JSONArray.toJSON(result).toString());
+        } else {
+            filterChain.doFilter(req, res);
+        }
+    }
+
+    /**
+     * 销毁
+     */
+    @Override
+    public void destroy() {
+        this.filterConfig = null;
+    }
+
+    // 校验
+    protected static boolean sqlValidate(String str) {
+        str = str.toLowerCase();// 统一转为小写
+        // String badStr = "and|exec";
+        String badStr =
+                "'| and | exec | execute | insert | select | delete | update | count | drop | chr | mid | master | truncate | char | declare | sitename | net user | xp_cmdshell | or | like | - | -- | + | , | like | // | / | % | #|insert |select |delete |update";
+        /*
+         * String badStr =
+         * "'|and|exec|execute|insert|create|drop|table|from|grant|use|group_concat|column_name|" +
+         * "information_schema.columns|table_schema|union|where|select|delete|update|order|by|count|*|" +
+         * "chr|mid|master|truncate|char|declare|or|;|-|--|+|,|like|//|/|%|#";
+         */ // 过滤掉的sql关键字，可以手动添加
+        String[] badStrs = badStr.split("\\|");
+        for (int i = 0; i < badStrs.length; i++) {
+            if (str.indexOf(badStrs[i]) != -1) {
+                log.info("匹配到：" + badStrs[i]);
+                return true;
+            }
+        }
+        return false;
+    }
+}

src/main/java/com/steerinfo/dil/controller/AMScontroller.java

@@ -839,6 +839,11 @@ public class AMScontroller  extends BaseRESTfulController {
     @PostMapping("/selectUnitPrice")
     Map<String,Object> selectUnitPrice(@RequestBody Map<String,Object> map) {return amsFeign.selectUnitPrice(map);}
 
+    @ApiOperation("不分页查询派车证")
+    @PostMapping(value = "/amsScheduleDispatchNoPage")
+    public Map<String, Object> amsScheduleDispatchNoPage(@RequestBody HashMap<String,Object> parmas){
+        return amsFeign.amsScheduleDispatchNoPage(parmas);
+    }
     @ApiOperation("多拼派车")
     @PostMapping("/saleDispatchDuoPin")
     RESTfulResult saleDispatchDuoPin(@RequestBody Map<String,Object> map) {return amsFeign.saleDispatchDuoPin(map);}

src/main/java/com/steerinfo/dil/controller/BackgroundProcessingController.java

@@ -77,7 +77,7 @@ public class BackgroundProcessingController extends BaseRESTfulController {
 
     @ApiOperation("更新cid")
     @PostMapping("/insertAppCid")
-    public RESTfulResult  insertAppCid(DilAppCid dilAppCid) {
+    public RESTfulResult  insertAppCid(@RequestBody DilAppCid dilAppCid) {
         try {
             Map<String, Object> searchMap = new HashMap<>();
             searchMap.put("cid",dilAppCid.getCid());

src/main/java/com/steerinfo/dil/controller/ReportController.java

@@ -88,4 +88,10 @@ public class ReportController {
                                       Integer pageSize){
         return reportFeign.getTransferOrderDetails(mapValue == null ? new HashMap<>() : mapValue,apiId,pageNum,pageSize);
     }
+
+    @ApiOperation(value="查询发货四证")
+    @PostMapping(value = "/getSaleFourLicenceReport")
+    Map<String, Object> getSaleFourLicenceReport(@RequestBody(required=false) HashMap<String,Object> mapValue){
+        return reportFeign.getSaleFourLicenceReport(mapValue);
+    }
 }

src/main/java/com/steerinfo/dil/controller/UniversalController.java

@@ -282,4 +282,11 @@ public class UniversalController extends BaseRESTfulController {
         requireMap.put("requirementNo",requirementNo);
         return success(requireMap);
     }
+
+    @ApiOperation("查询APP版本更新")
+    @PostMapping("/getAppVersion")
+    public RESTfulResult getAppVersion() {
+        Map<String,Object> config = universalMapper.getConfigByName("APP最新版本");
+        return success(config.get("valueString"));
+    }
 }

src/main/java/com/steerinfo/dil/feign/AmsFeign.java

@@ -309,11 +309,11 @@ public interface AmsFeign {
     @PostMapping(value = "api/v1/ams/amstransrequirements/selectUnitPrice")
     Map<String, Object> selectUnitPrice(@RequestBody Map<String, Object> map);
 
+    @PostMapping(value = "api/v1/ams/amsscheduledispatchs/noPage")
+    Map<String, Object> amsScheduleDispatchNoPage(@RequestBody Map<String, Object> map);
     @PostMapping(value = "api/v1/ams/amstransrequirements/saleDispatchDuoPin")
     RESTfulResult saleDispatchDuoPin(@RequestBody Map<String, Object> map);
 
     @PostMapping(value = "api/v1/ams/amstransrequirements/getMaterialOperation")
     RESTfulResult getMaterialOperation(@RequestBody Map<String,Object> map);
-
-
 }

src/main/java/com/steerinfo/dil/feign/ReportFeign.java

@@ -38,4 +38,8 @@ public interface ReportFeign {
                                       @RequestParam Integer apiId,
                                       @RequestParam  Integer pageNum,
                                       @RequestParam  Integer pageSize);
+
+
+    @PostMapping(value = "api/v1/report/saleReports/getSaleFourLicenceReport")
+    Map<String, Object> getSaleFourLicenceReport(@RequestBody(required = false) HashMap<String, Object> map);
 }

src/main/java/com/steerinfo/dil/mapper/UniversalMapper.java

@@ -95,4 +95,5 @@ public interface UniversalMapper {
 
     List<Map<String, Object>> getDriverByLike(Map<String, Object> map);
 
+    Map<String,Object> getConfigByName(String configName);
 }

src/main/java/com/steerinfo/dil/util/DataChange.java

@@ -181,7 +181,7 @@ public class DataChange {
      * @return
      */
     public static String generateEightDigitsNumber(String start, Integer id){
-        id = id % 10000000; //保证不超过
+        id = id % 100000000; //保证不超过
         SimpleDateFormat sdf = new SimpleDateFormat("yyyyMMdd");
         StringBuilder sb = new StringBuilder(start + sdf.format(new Date()));
         sb.append(

src/main/java/com/steerinfo/dil/util/POIWordToHtml.java

@@ -174,17 +174,18 @@ public class POIWordToHtml {
             htmlData = htmlStream.toString();
             htmlStream.close();
             //获取word中的所有图片
-//            List<XWPFPictureData> picLists= document.getAllPictures();
-//            for(XWPFPictureData pic:picLists){
-//                System.out.println("图片名称:\t" + pic.getFileName());
-//                System.out.println("图片类型：\t" + pic.getPictureType());
-//                byte[] data = pic.getData();
-//                System.out.println(data);
-//                //字节流图片上传，并返回服务器地址
-//                String imgUrl = getImageUrl(data, pic.getFileName());
-//                System.out.println("图片服务器地址："+imgUrl);
-//                //组装img
-//                htmlText+="<p><img alt='' src='"+imgUrl+"'></p>";
+            List<XWPFPictureData> picLists= document.getAllPictures();
+            for(XWPFPictureData pic:picLists) {
+                System.out.println("图片名称:\t" + pic.getFileName());
+                System.out.println("图片类型：\t" + pic.getPictureType());
+                byte[] data = pic.getData();
+                System.out.println(data);
+                //字节流图片上传，并返回服务器地址
+                String imgUrl = getImageUrl(data, pic.getFileName());
+                System.out.println("图片服务器地址：" + imgUrl);
+                //组装img
+                htmlText += "<p><img alt='' src='" + imgUrl + "'></p>";
+            }
             }
         catch (Exception e) {
             e.printStackTrace();

src/main/resources/application-prod.yml

@@ -43,7 +43,8 @@ openfeign:
   WebSocketFeign:
     url: ${WEBSOCKETFEIGN_URL:172.16.90.202:80}
   REPORTFeign:
-    url: ${REPORTFEIGN_URL:172.16.90.202:80}
+    url: ${REPORTFEIGN_URL:172.16.90.202:8000}
+#    url: ${RMSFEIGN_URL:localhost:8055}
 
 
 #远程调用

src/main/resources/com/steerinfo/dil/mapper/UniversalMapper.xml

@@ -162,8 +162,7 @@
             </if>
             )
             <where>
-            <if test="companyType != null and companyType == '业务单位'">
-                <include refid="com.steerinfo.dil.mapper.CommonMapper.rootCompanyFilter"></include>
+            <if test="companyType != null and companyType == '业务单位' and isListed == null">
                 <include refid="com.steerinfo.dil.mapper.CommonMapper.filterCompanyData"></include>
             </if>
             </where>
@@ -294,10 +293,12 @@
         FETCH NEXT 10 ROWS ONLY
     </select>
     <select id="getOperationPointByLike" resultType="java.util.Map">
-    SELECT * FROM (
+    select * from (
+        SELECT * FROM (
         select
         OPERATION_POINT_ID "id",
         OPERATION_POINT_ID "value",
+        OPERATION_POINT_NAME "OPERATION_POINT_NAME",
         OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME "label",
         OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME "text"
         from RMS_OPERATION_POINT
@@ -319,21 +320,23 @@
                 AND ALTERNATE_FIELDS1 = #{sourceFlag}
             </if>
         </where>
-        order by LENGTH(OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME)
+        order by LENGTH(OPERATION_POINT_NAME)
         FETCH NEXT 10 ROWS ONLY
-    )
-    <if test="id!=null and id.size>0">
-        UNION select
-        OPERATION_POINT_ID "id",
-        OPERATION_POINT_ID "value",
-        OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME "label",
-        OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME "text"
-        from RMS_OPERATION_POINT
-        where  OPERATION_POINT_ID in
-        <foreach collection="id" item="item"  open="(" close=")" separator="," >
-            #{item}
-        </foreach>
-    </if>
+        )
+        <if test="id!=null and id.size>0">
+            UNION select
+            OPERATION_POINT_ID "id",
+            OPERATION_POINT_ID "value",
+            OPERATION_POINT_NAME "OPERATION_POINT_NAME",
+            OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME "label",
+            OPERATION_POINT_CODE || '-' || OPERATION_POINT_NAME "text"
+            from RMS_OPERATION_POINT
+            where  OPERATION_POINT_ID in
+            <foreach collection="id" item="item"  open="(" close=")" separator="," >
+                #{item}
+            </foreach>
+        </if>
+      )  order by LENGTH("OPERATION_POINT_NAME")
     </select>
 
     <select id="getPersonnelByLike" resultType="java.util.Map">
@@ -448,6 +451,11 @@
         RCA .CAPACITY_ID "capacityId",
         RCA .CAPACITY_ID "id",
         RCA .CAPACITY_ID "value",
+        RCA .CAPACITY_LICENCE_NUMBER "capacityLicenceNumber",
+        RCA. CAPACITY_OPERATE_NUMBER "capacityOperateNumber",
+        RCA. CAPACITY_AXIS_NUMBER "capacityAxisNumber",
+        RCA.CAPACITY_WEIGHT_MAIN "capacityWeightMain",
+        RCA.CAPACITY_WEIGHT_TRAILER "capacityWeightTrailer",
         CASE WHEN RC.COMPANY_TYPE = '业务单位'
         THEN RC.COMPANY_ID
         else -1
@@ -544,8 +552,6 @@
             <if test="!((driverId!=null and driverId!='') or (driverId2!=null and driverId2!=''))">
                 order by RCA.CAPACITY_ID desc
             </if>
-
-            FETCH NEXT 10 ROWS ONLY
         )
         <if test="id!=null and id.size>0">
             UNION
@@ -626,6 +632,7 @@
     <if test="(driverId!=null and driverId!='') or (driverId2!=null and driverId2!='')">
         ORDER BY "countNumber" DESC
     </if>
+    FETCH NEXT 10 ROWS ONLY
     </select>
 
     <select id="getCapacityByLikeSc" resultType="java.util.Map">
@@ -695,7 +702,6 @@
             <if test="(driverId!=null and driverId!='') or (driverId2!=null and driverId2!='')">
                 ORDER BY "countNumber" DESC
             </if>
-            FETCH NEXT 10 ROWS ONLY
         )
         <if test="id!=null and id.size>0">
             UNION
@@ -747,6 +753,7 @@
     <if test="(driverId!=null and driverId!='') or (driverId2!=null and driverId2!='')">
         ORDER BY "countNumber" DESC
     </if>
+    FETCH NEXT 10 ROWS ONLY
     </select>
 
     <select id="getrmsrmsjobinfosBylike" resultType="java.util.Map">
@@ -1647,4 +1654,18 @@
             ORDER BY "countNumber" DESC
         </if>
     </select>
+
+    <select id="getConfigByName" resultType="java.util.Map">
+        SELECT CONFIG_ID           "configId",
+               CONFIG_NAME         "configName",
+               CONFIG_VALUE_STRING "valueString",
+               CONFIG_VALUE_NUMBER "valueNumber",
+               CONFIG_VALUE_DATE   "valueDate",
+               CONFIG_DESCRIPTION  "configDescription",
+               DELETED             "deleted"
+        FROM DIL_CONFIG
+        WHERE DELETED!=1
+    AND CONFIG_NAME= #{configName}
+            FETCH NEXT 1 ROWS ONLY
+    </select>
 </mapper>