Skip to content

Commit 34e9138

Browse files
authored
Fix 3.1.1 (#544)
* fix: checkInstalled and clearAllCache * enh: api * enh: rbcolor * fix: fieldParent del * enh: table chart mergeCell * J_menuUrl * enh: form _maximize * fix: query VF_ACU * fix: form getValue * fix: SK_DAVATAR * enh: copy detail * $empty * func: SQLQUERY * feat: ProxyTriggerAction * fix: CNVD-C-2022-425724 * fix: putx * data-v
1 parent c010f49 commit 34e9138

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

51 files changed

+544
-303
lines changed

@rbv

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
Subproject commit 017c99f7496cc86adb2e0b5cc4ca277f0dcc6d61
1+
Subproject commit f256231e8f0d67ee326d47b65ed9408a0ce9320f

SECURITY.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,10 @@
44

55
| Version | Supported |
66
| ------- | ------------------ |
7-
| 2.x | :white_check_mark: |
7+
| 3.x | :white_check_mark: |
88
| 1.x | :x: |
9+
| 2.x | :x: |
910

1011
## Reporting a Vulnerability
1112

12-
Please report security issues to `[email protected]`
13+
Please report security issues to `[email protected]`

pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
</parent>
1111
<groupId>com.rebuild</groupId>
1212
<artifactId>rebuild</artifactId>
13-
<version>3.1.0</version>
13+
<version>3.1.1</version>
1414
<name>rebuild</name>
1515
<description>Building your business-systems freely!</description>
1616
<!-- UNCOMMENT USE TOMCAT -->

src/main/java/com/rebuild/api/ApiGateway.java

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,16 @@ protected ApiContext verfiy(HttpServletRequest request, @SuppressWarnings("unuse
156156

157157
final ConfigBean apiConfig = RebuildApiManager.instance.getApp(appid);
158158
if (apiConfig == null) {
159-
throw new ApiInvokeException(ApiInvokeException.ERR_BADAUTH, "Invalid [appid] " + appid);
159+
throw new ApiInvokeException(ApiInvokeException.ERR_BADAUTH, "Invalid [appid] : " + appid);
160+
}
161+
162+
// v3.1.1
163+
final String bindIps = apiConfig.getString("bindIps");
164+
if (StringUtils.isNotBlank(bindIps)) {
165+
String clientIp = ServletUtils.getRemoteAddr(request);
166+
if (!bindIps.contains(clientIp)) {
167+
throw new ApiInvokeException(ApiInvokeException.ERR_BADAUTH, "Client ip not in whitelist : " + clientIp);
168+
}
160169
}
161170

162171
// 验证签名

src/main/java/com/rebuild/api/user/AuthTokenManager.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@ protected static String generateToken(ID user, int expires, String type) {
6161
System.nanoTime());
6262
String token = EncryptUtils.toSHA1Hex(desc);
6363

64-
Application.getCommonsCache().putx(TOKEN_PREFIX + token, desc, expires);
64+
Application.getCommonsCache().put(TOKEN_PREFIX + token, desc, expires);
6565
return token;
6666
}
6767

src/main/java/com/rebuild/core/Application.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,11 +67,11 @@ public class Application implements ApplicationListener<ApplicationStartedEvent>
6767
/**
6868
* Rebuild Version
6969
*/
70-
public static final String VER = "3.1.0";
70+
public static final String VER = "3.1.1";
7171
/**
7272
* Rebuild Build [MAJOR]{1}[MINOR]{2}[PATCH]{2}[BUILD]{2}
7373
*/
74-
public static final int BUILD = 3010008;
74+
public static final int BUILD = 3010109;
7575

7676
static {
7777
// Driver for DB

src/main/java/com/rebuild/core/configuration/RebuildApiService.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,14 @@
77

88
package com.rebuild.core.configuration;
99

10+
import cn.devezhao.commons.CodecUtils;
1011
import cn.devezhao.persist4j.PersistManagerFactory;
12+
import cn.devezhao.persist4j.Record;
1113
import cn.devezhao.persist4j.engine.ID;
1214
import com.rebuild.core.Application;
1315
import com.rebuild.core.metadata.EntityHelper;
1416
import com.rebuild.core.privileges.AdminGuard;
17+
import org.apache.commons.lang.math.RandomUtils;
1518
import org.springframework.stereotype.Service;
1619

1720
/**
@@ -32,6 +35,20 @@ public int getEntityCode() {
3235
return EntityHelper.RebuildApi;
3336
}
3437

38+
@Override
39+
public Record create(Record record) {
40+
record.setString("appId", (100000000 + RandomUtils.nextInt(899999999)) + "");
41+
record.setString("appSecret", CodecUtils.randomCode(40));
42+
return super.create(record);
43+
}
44+
45+
@Override
46+
public Record update(Record record) {
47+
record.removeValue("appId");
48+
record.removeValue("appSecret");
49+
return super.update(record);
50+
}
51+
3552
@Override
3653
protected void cleanCache(ID cfgid) {
3754
Object[] cfg = Application.createQueryNoFilter(

src/main/java/com/rebuild/core/configuration/general/FormsBuilder.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -678,6 +678,13 @@ private ID getCascadingFieldParentValue(EasyField field, ID record, boolean reco
678678
fieldParent = dtf.getName() + "." + pfs[0].split("\\.")[1];
679679
}
680680

681+
// v3.1.1 父级已删除
682+
Entity entity = MetadataHelper.getEntity(record.getEntityCode());
683+
if (MetadataHelper.getLastJoinField(entity, fieldParent) == null) {
684+
log.warn("Unknow field : {} in {}", fieldParent, entity.getName());
685+
return null;
686+
}
687+
681688
Object[] o = Application.getQueryFactory().uniqueNoFilter(record, fieldParent);
682689
return o == null ? null : (ID) o[0];
683690
}

src/main/java/com/rebuild/core/metadata/EntityRecordCreator.java

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ public boolean onSetFieldValueWarn(Field field, String value, Record record) {
5858
final boolean isNew = record.getPrimary() == null;
5959

6060
// 明细关联主记录
61-
if (isNew && isDTF(field)) return true;
61+
if (isNew && isDtmField(field)) return true;
6262

6363
// 公共字段前台可能会布局出来
6464
// 此处忽略检查没问题,因为最后还会复写,即 #bindCommonsFieldsValue
@@ -107,7 +107,7 @@ public void verify(Record record) {
107107
}
108108
} else {
109109
if (field.isCreatable()) {
110-
if (!matchsPattern(easyField, hasVal)) {
110+
if (!patternMatches(easyField, hasVal)) {
111111
notWells.add(easyField.getLabel());
112112
}
113113
} else {
@@ -135,7 +135,7 @@ public void verify(Record record) {
135135
}
136136
} else {
137137
if (field.isUpdatable()) {
138-
if (!matchsPattern(easyField, hasVal)) {
138+
if (!patternMatches(easyField, hasVal)) {
139139
notWells.add(easyField.getLabel());
140140
}
141141
} else {
@@ -157,7 +157,7 @@ public void verify(Record record) {
157157
}
158158

159159
// 明细关联主记录字段
160-
private boolean isDTF(Field field) {
160+
private boolean isDtmField(Field field) {
161161
if (field.getType() == FieldType.REFERENCE && entity.getMainEntity() != null) {
162162
return field.equals(MetadataHelper.getDetailToMainField(entity));
163163
}
@@ -166,7 +166,7 @@ private boolean isDTF(Field field) {
166166

167167
// 强制可新建
168168
private boolean isForceCreateable(Field field) {
169-
if (isDTF(field)) return true;
169+
if (isDtmField(field)) return true;
170170

171171
// 自定定位
172172
EasyField easyField = EasyMetaFactory.valueOf(field);
@@ -178,7 +178,8 @@ private boolean isForceCreateable(Field field) {
178178
}
179179

180180
// 正则匹配
181-
private boolean matchsPattern(EasyField easyField, Object val) {
181+
@SuppressWarnings("BooleanMethodIsAlwaysInverted")
182+
private boolean patternMatches(EasyField easyField, Object val) {
182183
if (!(easyField instanceof EasyText)) return true;
183184

184185
Pattern patt = ((EasyText) easyField).getPattern();

src/main/java/com/rebuild/core/privileges/UserHelper.java

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -314,18 +314,17 @@ public static Set<ID> parseUsers(Collection<String> userDefs, ID recordId, boole
314314
*/
315315
public static File generateAvatar(String name, boolean forceMake) {
316316
if (StringUtils.isBlank(name)) name = "RB";
317-
File avatarFile = RebuildConfiguration.getFileOfData("avatar-" + name + "29.jpg");
318-
if (avatarFile.exists()) {
317+
318+
File avatar = RebuildConfiguration.getFileOfData("avatar-" + name + "29.jpg");
319+
if (avatar.exists()) {
319320
if (forceMake) {
320-
FileUtils.deleteQuietly(avatarFile);
321+
FileUtils.deleteQuietly(avatar);
321322
} else {
322-
return avatarFile;
323+
return avatar;
323324
}
324325
}
325326

326-
if (name.length() > 2) {
327-
name = name.substring(name.length() - 2);
328-
}
327+
if (name.length() > 2) name = name.substring(name.length() - 2);
329328
name = name.toUpperCase();
330329

331330
BufferedImage bi = new BufferedImage(200, 200, BufferedImage.TYPE_INT_RGB);
@@ -347,7 +346,7 @@ public static File generateAvatar(String name, boolean forceMake) {
347346
g2d.drawString("wbr", 0, 62);
348347
g2d.dispose();
349348

350-
try (FileOutputStream fos = new FileOutputStream(avatarFile)) {
349+
try (FileOutputStream fos = new FileOutputStream(avatar)) {
351350
ImageIO.write(bi, "png", fos);
352351
fos.flush();
353352
}
@@ -360,7 +359,7 @@ public static File generateAvatar(String name, boolean forceMake) {
360359
is = CommonsUtils.getStreamOfRes("/web" + DEFAULT_AVATAR);
361360

362361
bi = ImageIO.read(is);
363-
try (FileOutputStream fos = new FileOutputStream(avatarFile)) {
362+
try (FileOutputStream fos = new FileOutputStream(avatar)) {
364363
ImageIO.write(bi, "png", fos);
365364
fos.flush();
366365
}
@@ -370,7 +369,7 @@ public static File generateAvatar(String name, boolean forceMake) {
370369
}
371370
}
372371

373-
return avatarFile;
372+
return avatar;
374373
}
375374

376375
private static Font createFont() {
@@ -408,7 +407,7 @@ public static ID findUserByFullName(String fullName) {
408407
* @see #sortUsers(boolean)
409408
*/
410409
public static User[] sortUsers() {
411-
return sortUsers(false);
410+
return sortUsers(Boolean.FALSE);
412411
}
413412

414413
/**

0 commit comments

Comments
 (0)