perye / dokit Goto Github PK

基于 Spring Boot2、 Jpa、 Spring Security、JWT、redis、Vue的前后端分离的后台管理系统开发平台，用户管理、菜单管理、角色管理、字典管理、权限控制的方式为RBAC，操作日志、异常日志、接口限流、项目支持数据权限管理，支持一键生成前后端代码（支持在线预览及打包下载），支持前端菜单动态路由可一键部署服务器应用，数据库。系统中活跃用户状态监控，监视当前系统CPU、内存、磁盘、堆栈等相关信息,基于Element UI在线表单设计及生成Vue代码。

Java 50.41% FreeMarker 2.24% JavaScript 9.06% HTML 0.04% Vue 32.70% PLpgSQL 4.36% SCSS 1.20%

springboot jpa springsecurity redis vue rbac jwt druid swagger2 mapstruct

dokit's Issues

XSS过滤器和富文本编辑器的矛盾

Xss过滤器本意是防止恶意html，但是富文本的提交恰好又是html，提交失败

老哥本地部署需要注意点啥呀？

clone到本地使用需要什么组件呢？我这边localhost:8080/ 只有你后台打印的一句话

RedisUtils.delByKeys

       Set<Object> keys = new HashSet<>();
        for (Long id : ids) {
685            keys.addAll(redisTemplate.keys(new StringBuffer(prefix).append(id).toString()));
686        }
687        redisTemplate.delete(keys);
688        long count = redisTemplate.delete(keys);
        log.debug("--------------------------------------------");
        log.debug("成功删除缓存：" + keys.toString());
        log.debug("缓存删除数量：" + count + "个");
        log.debug("--------------------------------------------");

685 行，redisTemplate.keys 是否必要？

687行已进行删除，688行 count 始终为0

权限管理这一块的功能无法查看

发现一个小bug，也不知道是不是我使用不当，重置时候搜索内容和类型不会重置

开发文档

您好~
现在我本地已经搭建了这套系统，但是想更深一步的了解开发的规范和开发的代码对应的功能模块，您这边有开发时候产出的文档吗？

验证码无法加载

演示平台不能登入，原因是验证码无法加载

点击新增外链菜单怎么不跳出当前页面？

点击新增外链菜单怎么不跳出当前页面？~ 只在当前页面的右侧展示呢？这个怎么改呢？谢谢~

Dependency org.springframework.security:spring-security-core, leading to CVE problem

Hi, there is a dependency org.springframework.security:spring-security-core:5.1.6.RELEASE that calls the risk method.

CVE-2020-5408

The scope of this CVE affected version is [5.3.0.RELEASE, 5.3.2.RELEASE),[5.2.0.RELEASE, 5.2.4.RELEASE),[5.1.0.RELEASE, 5.1.10.RELEASE),[5.0.0.RELEASE, 5.0.16.RELEASE),[4.2.0.RELEASE, 4.2.16.RELEASE)

After further analysis, in this project, the main Api called is org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder: matches(java.lang.CharSequence,java.lang.String)

Risk method repair link : GitHub

CVE Bug Invocation Path--

Path Length : 2

com.perye.dokit.controller.UserController:updatePass(com.perye.dokit.vo.UserPassVo)Lorg.springframework.http.ResponseEntity; .m2/repository/org/hibernate/hibernate-core/5.3.12.Final/hibernate-core-5.3.12.Final.jar
org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder: matches(java.lang.CharSequence,java.lang.String)

Dependency tree--

[INFO] com.perye:dokit:jar:1.0
[INFO] +- org.springframework.boot:spring-boot-starter:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot:jar:2.1.9.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-context:jar:5.1.10.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-autoconfigure:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-logging:jar:2.1.9.RELEASE:compile
[INFO] |  |  +- ch.qos.logback:logback-classic:jar:1.2.3:compile
[INFO] |  |  |  \- ch.qos.logback:logback-core:jar:1.2.3:compile
[INFO] |  |  +- org.apache.logging.log4j:log4j-to-slf4j:jar:2.11.2:compile
[INFO] |  |  |  \- org.apache.logging.log4j:log4j-api:jar:2.11.2:compile
[INFO] |  |  \- org.slf4j:jul-to-slf4j:jar:1.7.28:compile
[INFO] |  +- javax.annotation:javax.annotation-api:jar:1.3.2:compile
[INFO] |  +- org.springframework:spring-core:jar:5.1.10.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-jcl:jar:5.1.10.RELEASE:compile
[INFO] |  \- org.yaml:snakeyaml:jar:1.23:runtime
[INFO] +- org.springframework.boot:spring-boot-starter-data-jpa:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-aop:jar:2.1.9.RELEASE:compile
[INFO] |  |  \- org.aspectj:aspectjweaver:jar:1.9.4:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-jdbc:jar:2.1.9.RELEASE:compile
[INFO] |  |  +- com.zaxxer:HikariCP:jar:3.2.0:compile
[INFO] |  |  \- org.springframework:spring-jdbc:jar:5.1.10.RELEASE:compile
[INFO] |  +- javax.transaction:javax.transaction-api:jar:1.3:compile
[INFO] |  +- javax.xml.bind:jaxb-api:jar:2.3.1:compile
[INFO] |  |  \- javax.activation:javax.activation-api:jar:1.2.0:compile
[INFO] |  +- org.hibernate:hibernate-core:jar:5.3.12.Final:compile
[INFO] |  |  +- org.jboss.logging:jboss-logging:jar:3.3.3.Final:compile
[INFO] |  |  +- javax.persistence:javax.persistence-api:jar:2.2:compile
[INFO] |  |  +- org.javassist:javassist:jar:3.23.2-GA:compile
[INFO] |  |  +- net.bytebuddy:byte-buddy:jar:1.9.16:compile
[INFO] |  |  +- antlr:antlr:jar:2.7.7:compile
[INFO] |  |  +- org.jboss:jandex:jar:2.0.5.Final:compile
[INFO] |  |  +- org.dom4j:dom4j:jar:2.1.1:compile
[INFO] |  |  +- org.hibernate.common:hibernate-commons-annotations:jar:5.0.4.Final:compile
[INFO] |  |  \- org.glassfish.jaxb:jaxb-runtime:jar:2.3.1:compile
[INFO] |  |     +- org.glassfish.jaxb:txw2:jar:2.3.1:compile
[INFO] |  |     +- com.sun.istack:istack-commons-runtime:jar:3.0.7:compile
[INFO] |  |     +- org.jvnet.staxex:stax-ex:jar:1.8:compile
[INFO] |  |     \- com.sun.xml.fastinfoset:FastInfoset:jar:1.2.15:compile
[INFO] |  +- org.springframework.data:spring-data-jpa:jar:2.1.11.RELEASE:compile
[INFO] |  |  +- org.springframework.data:spring-data-commons:jar:2.1.11.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-orm:jar:5.1.10.RELEASE:compile
[INFO] |  |  +- org.springframework:spring-tx:jar:5.1.10.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-beans:jar:5.1.10.RELEASE:compile
[INFO] |  \- org.springframework:spring-aspects:jar:5.1.10.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-web:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-json:jar:2.1.9.RELEASE:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.9:compile
[INFO] |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.9:compile
[INFO] |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.9:compile
[INFO] |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.1.9.RELEASE:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-core:jar:9.0.26:compile
[INFO] |  |  +- org.apache.tomcat.embed:tomcat-embed-el:jar:9.0.26:compile
[INFO] |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:9.0.26:compile
[INFO] |  +- org.hibernate.validator:hibernate-validator:jar:6.0.17.Final:compile
[INFO] |  |  \- javax.validation:validation-api:jar:2.0.1.Final:compile
[INFO] |  +- org.springframework:spring-web:jar:5.1.10.RELEASE:compile
[INFO] |  \- org.springframework:spring-webmvc:jar:5.1.10.RELEASE:compile
[INFO] |     \- org.springframework:spring-expression:jar:5.1.10.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-security:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework:spring-aop:jar:5.1.10.RELEASE:compile
[INFO] |  +- org.springframework.security:spring-security-config:jar:5.1.6.RELEASE:compile
[INFO] |  |  \- org.springframework.security:spring-security-core:jar:5.1.6.RELEASE:compile
[INFO] |  \- org.springframework.security:spring-security-web:jar:5.1.6.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-cache:jar:2.1.9.RELEASE:compile
[INFO] |  \- org.springframework:spring-context-support:jar:5.1.10.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter-data-redis:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework.data:spring-data-redis:jar:2.1.11.RELEASE:compile
[INFO] |  |  +- org.springframework.data:spring-data-keyvalue:jar:2.1.11.RELEASE:compile
[INFO] |  |  \- org.springframework:spring-oxm:jar:5.1.10.RELEASE:compile
[INFO] |  \- io.lettuce:lettuce-core:jar:5.1.8.RELEASE:compile
[INFO] |     +- io.netty:netty-common:jar:4.1.39.Final:compile
[INFO] |     +- io.netty:netty-handler:jar:4.1.39.Final:compile
[INFO] |     |  +- io.netty:netty-buffer:jar:4.1.39.Final:compile
[INFO] |     |  \- io.netty:netty-codec:jar:4.1.39.Final:compile
[INFO] |     +- io.netty:netty-transport:jar:4.1.39.Final:compile
[INFO] |     |  \- io.netty:netty-resolver:jar:4.1.39.Final:compile
[INFO] |     \- io.projectreactor:reactor-core:jar:3.2.12.RELEASE:compile
[INFO] |        \- org.reactivestreams:reactive-streams:jar:1.0.3:compile
[INFO] +- org.apache.commons:commons-pool2:jar:2.5.0:compile
[INFO] +- org.apache.commons:commons-lang3:jar:3.8.1:compile
[INFO] +- org.bgee.log4jdbc-log4j2:log4jdbc-log4j2-jdbc4.1:jar:1.16:compile
[INFO] +- io.springfox:springfox-swagger2:jar:2.9.2:compile
[INFO] |  +- io.springfox:springfox-spi:jar:2.9.2:compile
[INFO] |  |  \- io.springfox:springfox-core:jar:2.9.2:compile
[INFO] |  +- io.springfox:springfox-schema:jar:2.9.2:compile
[INFO] |  +- io.springfox:springfox-swagger-common:jar:2.9.2:compile
[INFO] |  +- io.springfox:springfox-spring-web:jar:2.9.2:compile
[INFO] |  +- com.google.guava:guava:jar:20.0:compile
[INFO] |  +- com.fasterxml:classmate:jar:1.4.0:compile
[INFO] |  +- org.slf4j:slf4j-api:jar:1.7.28:compile
[INFO] |  +- org.springframework.plugin:spring-plugin-core:jar:1.2.0.RELEASE:compile
[INFO] |  \- org.springframework.plugin:spring-plugin-metadata:jar:1.2.0.RELEASE:compile
[INFO] +- io.springfox:springfox-swagger-ui:jar:2.9.2:compile
[INFO] +- io.swagger:swagger-annotations:jar:1.5.21:compile
[INFO] +- io.swagger:swagger-models:jar:1.5.21:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-annotations:jar:2.9.0:compile
[INFO] +- mysql:mysql-connector-java:jar:8.0.17:runtime
[INFO] +- com.alibaba:druid-spring-boot-starter:jar:1.1.22:compile
[INFO] |  \- com.alibaba:druid:jar:1.1.22:compile
[INFO] +- org.lionsoul:ip2region:jar:1.7.2:compile
[INFO] +- org.projectlombok:lombok:jar:1.18.10:compile (optional) 
[INFO] +- cn.hutool:hutool-all:jar:5.3.4:compile
[INFO] +- org.apache.poi:poi:jar:3.17:compile
[INFO] |  +- commons-codec:commons-codec:jar:1.11:compile
[INFO] |  \- org.apache.commons:commons-collections4:jar:4.1:compile
[INFO] +- org.apache.poi:poi-ooxml:jar:3.17:compile
[INFO] |  +- org.apache.poi:poi-ooxml-schemas:jar:3.17:compile
[INFO] |  |  \- org.apache.xmlbeans:xmlbeans:jar:2.6.0:compile
[INFO] |  |     \- stax:stax-api:jar:1.0.1:compile
[INFO] |  \- com.github.virtuald:curvesapi:jar:1.04:compile
[INFO] +- xerces:xercesImpl:jar:2.12.2:compile
[INFO] |  \- xml-apis:xml-apis:jar:1.4.01:compile
[INFO] +- com.alibaba:fastjson:jar:1.2.70:compile
[INFO] +- org.mapstruct:mapstruct:jar:1.3.1.Final:compile
[INFO] +- org.mapstruct:mapstruct-processor:jar:1.3.1.Final:provided
[INFO] +- javax.inject:javax.inject:jar:1:compile
[INFO] +- io.jsonwebtoken:jjwt-api:jar:0.11.1:compile
[INFO] +- io.jsonwebtoken:jjwt-impl:jar:0.11.1:compile
[INFO] +- io.jsonwebtoken:jjwt-jackson:jar:0.11.1:compile
[INFO] |  \- com.fasterxml.jackson.core:jackson-databind:jar:2.9.9.3:compile
[INFO] |     \- com.fasterxml.jackson.core:jackson-core:jar:2.9.9:compile
[INFO] +- org.quartz-scheduler:quartz:jar:2.3.1:compile
[INFO] |  \- com.mchange:mchange-commons-java:jar:0.2.15:compile
[INFO] +- org.springframework.boot:spring-boot-starter-freemarker:jar:2.1.9.RELEASE:compile
[INFO] |  \- org.freemarker:freemarker:jar:2.3.29:compile
[INFO] +- commons-configuration:commons-configuration:jar:1.9:compile
[INFO] |  +- commons-lang:commons-lang:jar:2.6:compile
[INFO] |  \- commons-logging:commons-logging:jar:1.1.1:compile
[INFO] +- javax.mail:mail:jar:1.5.0-b01:compile
[INFO] |  \- javax.activation:activation:jar:1.1:compile
[INFO] +- com.qiniu:qiniu-java-sdk:jar:7.2.29:compile
[INFO] |  +- com.squareup.okhttp3:okhttp:jar:3.14.4:runtime
[INFO] |  |  \- com.squareup.okio:okio:jar:1.17.2:runtime
[INFO] |  \- com.google.code.gson:gson:jar:2.8.5:runtime
[INFO] +- org.springframework.boot:spring-boot-starter-test:jar:2.1.9.RELEASE:test
[INFO] |  +- org.springframework.boot:spring-boot-test:jar:2.1.9.RELEASE:test
[INFO] |  +- org.springframework.boot:spring-boot-test-autoconfigure:jar:2.1.9.RELEASE:test
[INFO] |  +- com.jayway.jsonpath:json-path:jar:2.4.0:test
[INFO] |  |  \- net.minidev:json-smart:jar:2.3:test
[INFO] |  |     \- net.minidev:accessors-smart:jar:1.2:test
[INFO] |  |        \- org.ow2.asm:asm:jar:5.0.4:test
[INFO] |  +- junit:junit:jar:4.12:test
[INFO] |  +- org.assertj:assertj-core:jar:3.11.1:test
[INFO] |  +- org.mockito:mockito-core:jar:2.23.4:test
[INFO] |  |  +- net.bytebuddy:byte-buddy-agent:jar:1.9.16:test
[INFO] |  |  \- org.objenesis:objenesis:jar:2.6:test
[INFO] |  +- org.hamcrest:hamcrest-core:jar:1.3:test
[INFO] |  +- org.hamcrest:hamcrest-library:jar:1.3:test
[INFO] |  +- org.skyscreamer:jsonassert:jar:1.5.0:test
[INFO] |  |  \- com.vaadin.external.google:android-json:jar:0.0.20131108.vaadin1:test
[INFO] |  +- org.springframework:spring-test:jar:5.1.10.RELEASE:test
[INFO] |  \- org.xmlunit:xmlunit-core:jar:2.6.3:test
[INFO] +- com.github.whvcse:easy-captcha:jar:1.6.2:compile
[INFO] +- eu.bitwalker:UserAgentUtils:jar:1.21:compile
[INFO] +- org.springframework.boot:spring-boot-starter-websocket:jar:2.1.9.RELEASE:compile
[INFO] |  +- org.springframework:spring-messaging:jar:5.1.10.RELEASE:compile
[INFO] |  \- org.springframework:spring-websocket:jar:5.1.10.RELEASE:compile
[INFO] +- ch.ethz.ganymed:ganymed-ssh2:jar:build210:compile
[INFO] +- com.jcraft:jsch:jar:0.1.55:compile
[INFO] +- commons-io:commons-io:jar:2.7:compile
[INFO] \- com.github.oshi:oshi-core:jar:5.0.1:compile
[INFO]    +- net.java.dev.jna:jna:jar:5.5.0:compile
[INFO]    \- net.java.dev.jna:jna-platform:jar:5.5.0:compile

Suggested solutions:

Update dependency version

Thank you very much.

您好, 为什么我用代码生产功能生成的代码访问后台是 404 呢? 我已经在菜单中添加了相关权限了

问下登录时报 bound must be positive 是哪里配置错了吗

http://localhost:8000/sockjs-node/info?t=1671697918396请求401

这个请求一直是401，请问是部署的不对么

Add SECURITY.md

Hey there!

I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.