优化用户查询的接口

2025-08-14 23:03:55 +08:00
parent 90c411a5fd
commit fbda24da30
2 changed files with 7 additions and 2 deletions
--- a/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/filter/LogCostFilter.java
@@ -38,7 +38,7 @@ public class LogCostFilter implements Filter {
        HttpServletRequest servletRequest = (HttpServletRequest) request;
        HttpServletResponse servletResponse = (HttpServletResponse) response;
        String requestUrl = servletRequest.getRequestURI();
-        if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e")) {
+        if(requestUrl.contains("../") || requestUrl.contains("..;/") || requestUrl.contains("%2e") || requestUrl.contains("%2E")) {
            servletResponse.setStatus(500);
            servletResponse.getWriter().write("loginOut");
            return;
--- a/jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java
@@ -65,7 +65,12 @@ public class UserService {
    public User getUser(long id)throws Exception {
        User result=null;
        try{
+            //先校验是否登录，然后才能查询用户数据
+            HttpServletRequest request = ((ServletRequestAttributes) Objects.requireNonNull(RequestContextHolder.getRequestAttributes())).getRequest();
+            Long userId = this.getUserId(request);
+            if(userId!=null) {
                result = userMapper.selectByPrimaryKey(id);
+            }
        }catch(Exception e){
            JshException.readFail(logger, e);
        }