purovps/jshERP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

增加防御代码,防止恶意攻击

Browse Source
This commit is contained in:
季圣华
2021-08-21 23:57:59 +08:00
parent 7ac14d49fd
commit 56dbc071ee
5 changed files with 47 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
jshERP-boot/src/main/java/com/jsh/erp/service/log/LogService.java
View File

@@ -148,15 +148,23 @@ public class LogService {
try{
Long userId = userService.getUserId(request);
if(userId!=null) {
Log log = new Log();
log.setUserId(userId);
log.setOperation(moduleName);
log.setClientIp(getLocalIp(request));
log.setCreateTime(new Date());
Byte status = 0;
log.setStatus(status);
log.setContent(content);
logMapper.insertSelective(log);
String clientIp = getLocalIp(request);
String createTime = Tools.getNow3();
Long count = logMapperEx.getCountByIpAndDate(clientIp, createTime);
if(count > 0) {
//如果某1个IP在同1秒内连续操作两遍此时需要删除该redis记录使其退出防止恶意攻击
redisService.deleteObjectByKeyAndIp("clientIp", clientIp, "userId");
} else {
Log log = new Log();
log.setUserId(userId);
log.setOperation(moduleName);
log.setClientIp(getLocalIp(request));
log.setCreateTime(new Date());
Byte status = 0;
log.setStatus(status);
log.setContent(content);
logMapper.insertSelective(log);
}
}
}catch(Exception e){
JshException.writeFail(logger, e);

24
jshERP-boot/src/main/java/com/jsh/erp/service/redis/RedisService.java
View File

@@ -10,6 +10,7 @@ import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import java.util.Set;
import java.util.concurrent.TimeUnit;
/**
@@ -96,11 +97,24 @@ public class RedisService {
}
}
public Long getTenantId(HttpServletRequest request) {
if(getObjectFromSessionByKey(request,"tenantId")!=null) {
return Long.parseLong(getObjectFromSessionByKey(request, "tenantId").toString());
} else {
return null;
/**
* @author jisheng hua
* description:
* 将信息从redis中移除比对key和ip
*@date: 2021/08/21 22:10
* @Param: request
* @Param: key
* @Param: ip
* @Param: deleteKey
* @return Object
*/
public void deleteObjectByKeyAndIp(String key, String ip, String deleteKey){
Set<String> tokens = redisTemplate.keys("*");
for(String token : tokens) {
Object value = redisTemplate.opsForHash().get(token, key);
if(value!=null && value.equals(ip)) {
redisTemplate.opsForHash().delete(token, deleteKey);
}
}
}
}