yangzongzhuan / ruoyi-vue Goto Github PK

:tada: (RuoYi)官方仓库基于SpringBoot，Spring Security，JWT，Vue & Element 的前后端分离权限管理系统，同时提供了 Vue3 的版本

License: MIT License

JavaScript 9.10% Batchfile 0.15% HTML 1.71% Vue 33.71% Shell 0.10% Java 54.16% SCSS 1.09%

java vue spring druid springboot mybatis swagger2 springsecurity jwt element vue-element-admin admin vuex vue-cli axios element-ui quill vue-admin vue-element quartz

ruoyi-vue's Introduction

RuoYi v3.8.7

基于SpringBoot+Vue前后端分离的Java快速开发框架

平台简介

若依是一套全部开源的快速开发平台，毫无保留给个人及企业免费使用。

前端采用Vue、Element UI。
后端采用Spring Boot、Spring Security、Redis & Jwt。
权限认证使用Jwt，支持多终端认证系统。
支持加载动态权限菜单，多方式轻松权限控制。
高效率开发，使用代码生成器可以一键生成前后端代码。
提供了技术栈（Vue3 Element Plus Vite）版本RuoYi-Vue3，保持同步更新。
提供了单应用版本RuoYi-Vue-fast，Oracle版本RuoYi-Vue-Oracle，保持同步更新。
不分离版本，请移步RuoYi，微服务版本，请移步RuoYi-Cloud
阿里云折扣场：点我进入，腾讯云秒杀场：点我进入
阿里云优惠券：点我领取，腾讯云优惠券：点我领取

内置功能

用户管理：用户是系统操作者，该功能主要完成系统用户配置。
部门管理：配置系统组织机构（公司、部门、小组），树结构展现支持数据权限。
岗位管理：配置系统用户所属担任职务。
菜单管理：配置系统菜单，操作权限，按钮权限标识等。
角色管理：角色菜单权限分配、设置角色按机构进行数据范围权限划分。
字典管理：对系统中经常使用的一些较为固定的数据进行维护。
参数管理：对系统动态配置常用参数。
通知公告：系统通知公告信息发布维护。
操作日志：系统正常操作日志记录和查询；系统异常信息日志记录和查询。
登录日志：系统登录日志记录查询包含登录异常。
在线用户：当前系统中活跃用户状态监控。
定时任务：在线（添加、修改、删除)任务调度包含执行结果日志。
代码生成：前后端代码的生成（java、html、xml、sql）支持CRUD下载。
系统接口：根据业务代码自动生成相关的api接口文档。
服务监控：监视当前系统CPU、内存、磁盘、堆栈等相关信息。
缓存监控：对系统的缓存信息查询，命令统计等。
在线构建器：拖动表单元素生成相应的HTML代码。
连接池监视：监视当前系统数据库连接池状态，可进行分析SQL找出系统性能瓶颈。

在线体验

admin/admin123
陆陆续续收到一些打赏，为了更好的体验已用于演示服务器升级。谢谢各位小伙伴。

演示地址：http://vue.ruoyi.vip
文档地址：http://doc.ruoyi.vip

演示图

若依前后端分离交流群

QQ群：点击按钮入群。

ruoyi-vue's People

Contributors

Stargazers

Watchers

Forkers

wukk0625 2644783865 esinhee wujid chenzheonepiece shungdawei velkoztan eixxie lvycc miemer yunaiv mamaolu ray-gml wwjiang007 dajinbao111 xiaomumk itcrazy0717 mydiycode money461 scott0809 catyee evai 2767321434 wfl123 lovepli amyzhengyp qiuguoqiang wangfei0 testerwang11 voidcup wangyang005 tellerattack gdnireus zzp495888462 hfutxk james20200909 ytghost thinkmore liuhao198571 wushicanasl binbin0915 clrsdream hb0730 flyingjiang nullpointexception6 liupeng826 pengliang56 suo10068 jesley-sun brianzrk gspandy dragonv96 corwien junqiangni beitabeitakaitankedebeita treasureling dumplingbao jiangjianhua123 cnahyz echorocket xiaoxinwt altafyanto haohj iissnans yeqizhang liuzyong andy8686 samuelyi lyy289065406 raydenwu kkbrahm caianheng123 wujianming0415 wangqi880 ruankaze liduoxuan wu-peng shawnyang91 shenzulun linzixiang isolatelearn initialduku fighting20xx bbzhengcheng markhuang2016 heckjiang 280455936 zhouxiaopin sunny360 cxyeclipse zy20190320 4izanagi ceileics icebergcode eason1010 anwenbiao thepastjun mengxiangtong rickychan1186 weixiaodeyanlei

ruoyi-vue's Issues

父pom文件冗余配置

<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
    <java.version>1.8</java.version>
</properties>
和
    <build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>3.1</version>
            <configuration>
                <source>${java.version}</source>
                <target>${java.version}</target>
                <encoding>${project.build.sourceEncoding}</encoding>
            </configuration>
        </plugin>
    </plugins>
</build>
里的<source><target><encoding>三项应该是重复配置了.可以去掉plugins当中的这三个配置.
虽然问题不大,只是细究了下pom文件,想验证下自己的理解.

另外,想请教下,spring-boot-devtools这个依赖实际中用的多吗,我感觉我不依赖它,idea中方法内部修改了代码点那个小锤子貌似也好使. 而且这个依赖感觉有时候修改了代码,实际项目中也不能顺利热加载新的, 想请教下这个项目现在开发中还有使用它去调试吗

导航栏的内容，如果过多，会超出屏幕，不能自动定位到当前页面的导航，且无法滚动，没有左右移动的按钮

配置多嵌套路由最后一层路由的path只有当前路由path==上一级path+当前path报 404 路径访问失败

集成第三方登录回调有问题，不能通过request获取到当前绑定的用户信息

如果说先去查询数据库的话那么就没办法知道当前登录用户是谁并且绑定谁

spring security配置多个WebSecurityConfigurerAdapter后，如何在service层获得AuthenticationManager实例？

@Override
protected void configure(AuthenticationManagerBuilder auth) {
    DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
    daoAuthenticationProvider.setUserDetailsService(userDetailsService);
    daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
    auth.authenticationProvider(daoAuthenticationProvider);
}

如果向若依一样注入bean会导致启动失败

@Bean(name = "sellerAuthenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

所以这段代码只好删除。

那么如何在service层注入生效的AuthenticationManager呢？请大佬指点不胜感激

项目启动后，其它浏览器都OK，Safari浏览器打开后不断的加载

Safari 5.1.7

ie，360，chrome，火狐这些浏览器都可以正常访问和使用，Safari浏览器打开就只有loading在不停的转
一开始提示sockjs-client问题，应该是ES6语法兼容问题，

然后我在vue.config.js中添加了transpileDependencies: ['sockjs-client'],
然后又有新的错误出现了！
这下我蒙了yntaxError: Cannot name a function proto chunk-vendors.js:4488S
当前框架部兼容Safari5.1.7吗？

图片回显问题（404 静态资源映射）

没有改任何文件上传下载路径的情况下，图片上传过后发送的get请求报404错误，请问需要改什么地方吗

图片不能回显（404 静态资源不能映射）

没有改任何文件上传下载路径的情况下，图片上传过后发送的get请求报404错误，请问需要改什么地方吗

Why ignore .js and .vue in .eslintignore ?

RuoYi-Vue/ruoyi-ui/.eslintignore

Line 8 in 81630a0

*.js

RuoYi-Vue/ruoyi-ui/.eslintignore

Line 10 in 81630a0

*.vue

我在本地部署docker的compose可以merge到这里么?

如题, 如果需要, 可以PR给大佬么?

About node version

I use node version > 18.8.0
npm install

it.

up to date, audited 1603 packages in 1m

36 vulnerabilities (9 moderate, 19 high, 8 critical)

To address issues that do not require attention, run:
npm audit fix

To address all issues possible (including breaking changes), run:
npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.

关于盐加密

请问RuoYi-Vue的用户管理还没有实现加盐加密吗？为什么我看SysUser.getSalt()方法没有被调用过呀？

【bug】druid从1.2.4升级到1.2.6，导致maven依赖错误

运行环境

Ruoyi-Vue版本：3.6.0
maven版本：3.8.2
java版本：1.8.0_302

出现的问题

运行mvn package，提示maven依赖错误，错误内容如下：

 Could not resolve dependencies for project com.ruoyi:ruoyi-framework:jar:3.5.0: The following artifacts could not be resolved: com.sun:tools:jar:1.8, com.sun:jconsole:jar:1.8: Could not find artifact com.sun:tools:jar:1.8 at specified path /home/mj/.m2/repository/com/alibaba/druid/1.2.6/lib/openjdk-1.8-tools.jar

问题原因

我将版本切换到v3.4.0之后就可以顺利编译了。比较v3.4.0和之后的版本，发现druid从1.2.4升级到1.2.6。之后我将druid的版本改为1.2.4之后就可以顺利编译了。因此我认为这是升级druid导致的问题。

解决方案

暂时除了降低druid的版本号外，还没有找到更好的办法。希望有人可以解决这个问题，欢迎大家探讨。

There is arbitrary file upload vulnerability

RuoYi-Vue/ruoyi-common/src/main/java/com/ruoyi/common/utils/file/FileUploadUtils.java

Line 111 in c3a727b

assertAllowed(file, allowedExtension);

Only the suffix name of the uploaded file is verified here. Users can forge the requested data body and upload any file, which has potential risks to the server. The simulated sending request is as follows:

Request Header:
Content-Type: multipart/form-data; boundary=-------------------------acebdf13572468 Host: localhost Connection: keep-alive Content-Length: 63135 sec-ch-ua: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110" Accept: application/json, text/plain, */* sec-ch-ua-mobile: ?0 Authorization: Bearer eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6ImNhNDQ3N2YyLTM5ZDktNGU3Zi1iNjc3LTU5NDhlZTZmMWFiYSJ9.cFEYvyKY9yBnoeR15Li3s8h9B505SIgpGLwhruV0jZjjkmJjjKPxUJz-5eNxeTbu1epWLFO50fXy23zHvTON0Q User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/user/profile Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9 Cookie: Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6ImNhNDQ3N2YyLTM5ZDktNGU3Zi1iNjc3LTU5NDhlZTZmMWFiYSJ9.cFEYvyKY9yBnoeR15Li3s8h9B505SIgpGLwhruV0jZjjkmJjjKPxUJz-5eNxeTbu1epWLFO50fXy23zHvTON0Q

Request Body:
`---------------------------acebdf13572468
Content-Disposition: form-data; name="avatarfile"; filename="demo.png"
Content-Type: application/zip

<@include C:\Users\admin\Desktop\demo.zip@>
---------------------------acebdf13572468--`

请在 https://gitee.com/y_project/RuoYi-Vue/issues 里提问

请在issues里提问，方便统一处理。

请问 User、Role这些实体，为什么放在common里面

请问 User、Role这些实体，为什么放在common里面？不太好理解

项目启动成功，登录的时候提示Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter

org.springframework.web.util.NestedServletException: Handler dispatch failed; nested exception is java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1053)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.ruoyi.common.filter.RepeatableFilter.doFilter(RepeatableFilter.java:43)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter.doFilterInternal(JwtAuthenticationTokenFilter.java:42)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:791)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1417)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter
at io.jsonwebtoken.impl.Base64Codec.decode(Base64Codec.java:26)
at io.jsonwebtoken.impl.DefaultJwtBuilder.signWith(DefaultJwtBuilder.java:99)
at com.ruoyi.framework.security.service.TokenService.createToken(TokenService.java:169)
at com.ruoyi.framework.security.service.TokenService.createToken(TokenService.java:111)
at com.ruoyi.framework.security.service.SysLoginService.login(SysLoginService.java:86)
at com.ruoyi.project.system.controller.SysLoginController.login(SysLoginController.java:56)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:189)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:102)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:800)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1038)
... 85 common frames omitted
00:50:38.854 [schedule-pool-3] INFO sys-user - [run,54] - [127.0.0.1]内网IP[admin][Success][登录成功]