项目添加封面，项目列表泄露密码bug

EhsanTang · Nov 20, 2016 · 075d524 · 075d524
1 parent 351de99
commit 075d524
Show file tree

Hide file tree

Showing 22 changed files with 126 additions and 167 deletions.
diff --git a/api/CrapApi.V7.3.2016-11-20.sql b/api/CrapApi.V7.3.2016-11-20.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `project` 
+ADD COLUMN `cover` VARCHAR(200) NOT NULL DEFAULT 'resources/images/cover.png' COMMENT '项目封面' AFTER `password`;
diff --git a/api/src/main/java/cn/crap/controller/admin/FileController.java b/api/src/main/java/cn/crap/controller/admin/FileController.java
@@ -26,7 +26,8 @@ public class FileController extends BaseController <User>{
 	@RequestMapping(value="/file/upload.do")
 	@ResponseBody
 	@AuthPassport
-	public void upload(@RequestParam(value = "img", required = false) MultipartFile file,@RequestParam(defaultValue="") String callBack) {
+	public void upload(@RequestParam(value = "img", required = false) MultipartFile file,@RequestParam(defaultValue="") String callBack,
+			String property) {
 		String result = "";
 	    String realFileName = file.getOriginalFilename();    
 	    String destDir = Tools.getServicePath(request);
@@ -83,7 +84,7 @@ public void upload(@RequestParam(value = "img", required = false) MultipartFile
 	    }
 	    if(!callBack.equals("")){
 	       if(result.indexOf("[ERROR]")<0){
-	    	   printMsg("<script>parent."+callBack+"('[OK]上传成功','"+result+"')</script>");
+	    	   printMsg("<script>parent."+callBack+"('[OK]上传成功','"+result+"','"+property+"')</script>");
 	       }else{
 	    	   printMsg("<script>parent.uploadImgCallBack('[ERROR]上传失败','"+result+"')</script>");
 	       }

diff --git a/api/src/main/java/cn/crap/controller/front/ModuleController.java b/api/src/main/java/cn/crap/controller/front/ModuleController.java
@@ -1,5 +1,6 @@
 package cn.crap.controller.front;
 
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -65,9 +66,13 @@ public JsonResult menu(@RequestParam String projectId) throws MyException{
 			}
 		}
 
+		Project returnProject = new Project();
+		BeanUtils.copyProperties(project, returnProject);
+		returnProject.setPassword("");
+
 		return new JsonResult(1, 
 					moduleService.findByMap(Tools.getMap("projectId", projectId),
 							"new  Module( id, name,  url,  remark,  userId,  createTime,  projectId, canDelete)",
-							null, null), null, Tools.getMap("project",  cacheService.getProject(projectId)) );
+							null, null), null, Tools.getMap("project",  returnProject) );
 	}	
 }
diff --git a/api/src/main/java/cn/crap/controller/front/ProjectController.java b/api/src/main/java/cn/crap/controller/front/ProjectController.java
@@ -38,13 +38,13 @@ public JsonResult list(@RequestParam(defaultValue="1") int currentPage,
 		if(user != null && myself){
 			if(MyString.isEmpty(name)){
 				return new JsonResult(1, 
-						projectService.queryByHql("from Project where userId=:userId or id in (select projectId from ProjectUser where userId=:userId)", 
+						projectService.queryByHql("select new Project(id, name, type, remark, userId, createTime, cover) from Project where userId=:userId or id in (select projectId from ProjectUser where userId=:userId)", 
 								Tools.getMap("userId", user.getId()), page)
 						, page);
 
 			}else{
 				return new JsonResult(1, 
-						projectService.queryByHql("from Project where (userId=:userId or id in (select projectId from ProjectUser where userId=:userId)) and name like :name", 
+						projectService.queryByHql("select new Project(id, name, type, remark, userId, createTime, cover) from Project where (userId=:userId or id in (select projectId from ProjectUser where userId=:userId)) and name like :name", 
 						Tools.getMap("userId", user.getId(), "name|like", name), page)
 						, page);
 
@@ -54,7 +54,7 @@ public JsonResult list(@RequestParam(defaultValue="1") int currentPage,
 		else{
 			return new JsonResult(1,
 				projectService.findByMap(Tools.getMap("status", ProjectStatus.RECOMMEND.getStatus(), "name|like", name),
-						"new Project(id, name, type, remark, userId, createTime)" ,page, null), page);
+						"new Project(id, name, type, remark, userId, createTime, cover)" ,page, null), page);
 		}
 
 	}

diff --git a/api/src/main/java/cn/crap/controller/user/ProjectController.java b/api/src/main/java/cn/crap/controller/user/ProjectController.java
@@ -324,7 +324,16 @@ public JsonResult staticize(HttpServletRequest req, @RequestParam String project
 			// 静态化文章
 			for(Article article: articleService.findByMap(Tools.getMap("moduleId", module.getId()), null, null)){
 				html = HttpPostGet.get(config.getDomain()+ "/user/project/staticizeArticle.do?articleId="+ article.getId(), null, null, 10 * 1000);
-				Tools.staticize(html, path + "/" +  module.getId() +"/"+article.getId()+".html");
+				Tools.staticize(html, path + "/" + module.getId() +"/"+article.getId()+".html");
+				// 临时解决域名解析目录问题
+				Tools.staticize(html, path + "/" + article.getId()+".html");
+			}
+			// 推送给百度
+			try{
+				if( !config.getBaidu().equals("") )
+					HttpPostGet.postBody(config.getBaidu(), config.getDomain()+"/resources/html/staticize/"+project.getId()+"/"+module.getId()+"/list.html", null);
+			}catch(Exception e){
+				e.printStackTrace();
 			}
 		}
 		return new JsonResult(1, null );

diff --git a/api/src/main/java/cn/crap/model/Project.java b/api/src/main/java/cn/crap/model/Project.java
@@ -31,14 +31,16 @@ public class Project extends BaseModel implements Serializable{
 	private String remark;
 	private String userId;
 	private String password;
+	private String cover = "resources/images/cover.png";
 
-	public Project(String id,String name, int type, String remark, String userId, String createTime){
+	public Project(String id,String name, int type, String remark, String userId, String createTime, String cover){
 		this.id = id;
 		this.name = name;
 		this.type = type;
 		this.remark = remark;
 		this.userId = userId;
 		this.createTime = createTime;
+		this.cover = cover;
 	}
 
 	public Project(){};
@@ -83,6 +85,14 @@ public void setPassword(String password) {
 		this.password = password;
 	}
 
+	@Column(name="cover")
+	public String getCover() {
+		return cover;
+	}
+	public void setCover(String cover) {
+		this.cover = cover;
+	}
+
 	@Transient
 	public String getTypeName(){
 		return ProjectType.getNameByValue(type);

diff --git a/api/src/main/java/cn/crap/service/tool/CacheService.java b/api/src/main/java/cn/crap/service/tool/CacheService.java
@@ -4,6 +4,7 @@
 
 import javax.annotation.Resource;
 
+import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Repository;
 import org.springframework.stereotype.Service;
@@ -132,16 +133,19 @@ public Project getProject(String projectId){
 			return new Project();
 		}
 
-		Object obj = getDao().getObj(Const.CACHE_PROJECT + projectId);
-		if(obj == null){
-			Project project = projectDao.get(projectId);
+		Project project = (Project) getDao().getObj(Const.CACHE_PROJECT + projectId);
+		if(project == null){
+			project = projectDao.get(projectId);
 			if(project == null)
 				project = new Project();
 			getDao().setObj(Const.CACHE_PROJECT + projectId, project, config.getCacheTime());
-			return project;
 
 		}
-		return (Project) obj;
+		return project;
+// 		内存缓存时拷贝对象，防止在Controller中将密码修改为空时导致问题
+//		Project p = new Project();
+//		BeanUtils.copyProperties(project, p);
+//		return p;
 	}
 
 	@Override

diff --git a/api/src/main/java/cn/crap/springbeans/Config.java b/api/src/main/java/cn/crap/springbeans/Config.java
@@ -3,6 +3,8 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import cn.crap.utils.MyString;
+
 @Component
 public class Config{
 
@@ -81,6 +83,15 @@ public class Config{
 	@Value("${web.luceneSearchNeedLogin}")
 	private boolean luceneSearchNeedLogin;
 
+	@Value("${web.baidu}")
+	private String baidu;
+
+	public String getBaidu() {
+		if(MyString.isEmpty(baidu))
+			return "";
+		return baidu;
+	}
+
 	public boolean isPrivateProjectNeedCreateIndex() {
 		return privateProjectNeedCreateIndex;
 	}

diff --git a/api/src/main/resources/config.properties b/api/src/main/resources/config.properties
@@ -12,6 +12,8 @@ web.openRegister=true
 web.luceneSearchNeedLogin=false
 #私有项目是否建立索引
 web.privateProjectNeedCreateIndex=false
+#百度推送地址，静态化站点时发送，为空串则不推送
+web.baidu=
 
 #ip为空，则使用内存缓存，否则使用reids缓存
 web.redisIp=

diff --git a/api/src/main/webapp/resources/css/crapApi.css b/api/src/main/webapp/resources/css/crapApi.css
@@ -312,6 +312,14 @@ blockquote{
 	background: rgba(0, 0, 0, 0.1); 
 	padding-top:20%; text-align:center;
 }
+.float-close{
+  position: absolute;
+  top: 20px;
+  right: 20px;
+  font-size: 30px;
+  cursor: pointer;
+  color:red;
+}
 .look-up {
   position: absolute;
   top: 40%;

diff --git a/api/src/main/webapp/resources/html/backHtml/settingDetail_IMAGE.tpl.html b/api/src/main/webapp/resources/html/backHtml/settingDetail_IMAGE.tpl.html
@@ -37,7 +37,7 @@
 		</form>
 		<form enctype="multipart/form-data" name="imageForm" style="margin-top:-21px"
 			target="hiddenFrame"
-			action="file/upload.do?callBack=uploadImgCallBack" method="post">
+			action="file/upload.do?callBack=uploadImgCallBack&property=value" method="post">
 			<table class="table table-bordered">
 				<tr>
 					<td class="tc w200">上传图片</td>

diff --git a/api/src/main/webapp/resources/html/backHtml/sourceDetail.tpl.html b/api/src/main/webapp/resources/html/backHtml/sourceDetail.tpl.html
diff --git a/api/src/main/webapp/resources/html/backHtml/sourceList.tpl.html b/api/src/main/webapp/resources/html/backHtml/sourceList.tpl.html
diff --git a/api/src/main/webapp/resources/html/frontHtml/moduleList.tpl.html b/api/src/main/webapp/resources/html/frontHtml/moduleList.tpl.html
@@ -10,7 +10,7 @@
 	</div>
 
 	<div ng-repeat="item in moduleList" class="dashed-t col-xs-12 pl0"  ng-if="moduleList.length>0">
-		<span class="p10 pl0 f14 fb dis w C000 no_unl">{{item.name}}</span>
+		<a class="p10 pl0 f16 fb dis w C000 no_unl cursor" ng-href="#/{{item.projectId}}/interface/list/{{item.id}}">{{item.name}}</a>
 		<div class ="f14 C555" ng-bind="item.remark|cut:true:100:' ...'"></div>
 		<div class="tr C999 f12 p10">
 			<a class="f12 text-primary mr5 cursor" ng-href="#/{{item.projectId}}/interface/list/{{item.id}}"> 

diff --git a/api/src/main/webapp/resources/html/frontHtml/projectIndex.html b/api/src/main/webapp/resources/html/frontHtml/projectIndex.html
@@ -32,18 +32,22 @@
 			<!-- leftMenu -->
 			<div class="col-xs-3 p0 m0" ng-controller="frontModuleMenuCtrl">
 				<div class="r2 BGFFF p20 C555 mr15">
-					<div class=" fb f18 adorn-color fl">
-						<i class="iconfont">&#xe61f;</i>
-					</div>
-					<a class="fl dis C000 f16 mt2 ml10" ng-href="#/{{project.id}}/module/list" ng-bind="project.name"></a>
-					<div class="cb"></div>
+					<table>
+						<tr>
+							<td class="w50">
+								<img class="w50" ng-src="{{project.cover}}"/>
+							</td>
+							<td class="pl10">
+								<a class="C000 f16 mt2" ng-href="#/{{project.id}}/module/list" ng-bind="project.name"></a>
+							</td>
+						</tr>
+					</table>
 					<div class="f12 C999 lh20 mt10" ng-bind="project.remark"></div>
-
 				</div>
 
 				<div class="mb0 r2 f14 mr15 mt20 BGFFF pt20 pb20" id="accordion" role="tablist">
 					<div class="ml10 pl10 adorn-bl-3 pl10">
-						<a class="C555 cursor" href="#{{project.id}}/error/list">错误码</a>
+						<a class="C555 cursor" ng-href="#{{project.id}}/error/list">错误码</a>
 					</div>
 					<div class="no-radius b0 mt0" ng-repeat="item in projectMenu">
 						<div class="no-radius p10" data-parent="#accordion">