add - 新增一些安全优化

2024-04-11 11:29:33 +08:00 · 2024-04-11 11:29:33 +08:00 · 9bd34e118f
commit 9bd34e118f
parent 800e689618
4 changed files with 57 additions and 11 deletions
--- a/workflow-engine-core/src/main/java/cn/axzo/workflow/core/common/event/ApiLogListener.java
+++ b/workflow-engine-core/src/main/java/cn/axzo/workflow/core/common/event/ApiLogListener.java
@ -2,7 +2,7 @@ package cn.axzo.workflow.core.common.event;

 import cn.axzo.workflow.core.repository.entity.ExtAxApiLog;
 import cn.axzo.workflow.core.service.ExtAxApiLogService;
-import com.alibaba.fastjson.JSON;
+import cn.hutool.json.JSONUtil;
 import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.ApplicationListener;
@ -41,8 +41,8 @@ public class ApiLogListener implements ApplicationListener<ApiLogEvent> {
        ExtAxApiLog apiLog = new ExtAxApiLog();
        apiLog.setTraceId(event.getTraceId());
        apiLog.setApiUrl(event.getApiUrl());
-        apiLog.setRequestBody(JSON.toJSONString(event.getRequestBody()));
-        apiLog.setResponseBody(JSON.toJSONString(event.getResponseBody()));
+        apiLog.setRequestBody(JSONUtil.toJsonStr(event.getRequestBody()));
+        apiLog.setResponseBody(JSONUtil.toJsonStr(event.getResponseBody()));
        apiLog.setTakeTime(event.getTakeTime());
        apiLog.setType(event.getType());
        apiLogService.insert(apiLog);
--- a/workflow-engine-core/src/main/java/cn/axzo/workflow/core/service/impl/ExtAxApiLogServiceImpl.java
+++ b/workflow-engine-core/src/main/java/cn/axzo/workflow/core/service/impl/ExtAxApiLogServiceImpl.java
@ -7,6 +7,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Service;

 import javax.annotation.Resource;
+import java.util.Objects;

 /**
 * Api Log 表操服务实现
@ -22,6 +23,12 @@ public class ExtAxApiLogServiceImpl implements ExtAxApiLogService {

    @Override
    public Long insert(ExtAxApiLog apiLog) {
+        if (Objects.isNull(apiLog.getRequestBody())) {
+            apiLog.setRequestBody("");
+        }
+        if (Objects.isNull(apiLog.getResponseBody())) {
+            apiLog.setResponseBody("");
+        }
        apiLogMapper.insert(apiLog);
        return apiLog.getId();
    }
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/listener/process/MessagePushProcessEventListener.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/listener/process/MessagePushProcessEventListener.java
@ -21,6 +21,7 @@ import org.springframework.core.Ordered;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;

+import java.util.Objects;
 import java.util.Optional;

 /**
@ -89,18 +90,24 @@ public class MessagePushProcessEventListener implements BpmnProcessEventListener
                    MessagePushEventBuilder.createEvent(MessagePushEventType.PENDING_COMPLETE, null, noticeConfig,
                            event.getProcessInstanceId(), null, null);

-            if (!StringUtils.hasText(noticeConfig.getCarbonCopy().getCarbonCopyMessageId())) {
-                noticeConfig.getCarbonCopy().setCarbonCopyMessageId(carbonCopyTemplateCode);
-            }
-            MessagePushEventImpl carbonCopyCompleteEvent =
-                    MessagePushEventBuilder.createEvent(MessagePushEventType.CARBON_COPY_COMPLETE, null, noticeConfig,
-                            event.getProcessInstanceId(), null, null);
            if (log.isDebugEnabled()) {
                log.debug("发送完成待办的消息: {}", JSON.toJSONString(messagePushEvent));
-                log.debug("发送完成抄送的消息: {}", JSON.toJSONString(carbonCopyCompleteEvent));
            }
+
            eventDispatcher.dispatchEvent(messagePushEvent, processEngineConfiguration.getEngineCfgKey());
-            eventDispatcher.dispatchEvent(carbonCopyCompleteEvent, processEngineConfiguration.getEngineCfgKey());
+            if (Objects.nonNull(noticeConfig.getCarbonCopy())) {
+                if (!StringUtils.hasText(noticeConfig.getCarbonCopy().getCarbonCopyMessageId())) {
+                    noticeConfig.getCarbonCopy().setCarbonCopyMessageId(carbonCopyTemplateCode);
+                }
+                MessagePushEventImpl carbonCopyCompleteEvent =
+                        MessagePushEventBuilder.createEvent(MessagePushEventType.CARBON_COPY_COMPLETE, null, noticeConfig,
+                                event.getProcessInstanceId(), null, null);
+                eventDispatcher.dispatchEvent(carbonCopyCompleteEvent, processEngineConfiguration.getEngineCfgKey());
+                if (log.isDebugEnabled()) {
+                    log.debug("发送完成抄送的消息: {}", JSON.toJSONString(carbonCopyCompleteEvent));
+                }
+            }
+
        });
    }

--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/TestController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/TestController.java
@ -1,6 +1,7 @@
 package cn.axzo.workflow.server.controller.web;

 import cn.axzo.workflow.client.feign.bpmn.ProcessInstanceApi;
+import cn.axzo.workflow.common.model.request.bpmn.process.BpmnProcessInstanceAbortDTO;
 import cn.axzo.workflow.common.model.request.bpmn.process.BpmnProcessInstanceQueryDTO;
 import cn.axzo.workflow.common.model.response.bpmn.process.BpmnProcessInstanceVO;
 import cn.axzo.workflow.common.model.response.bpmn.process.ProcessNodeDetailVO;
@ -11,8 +12,10 @@ import cn.azxo.framework.common.model.CommonResponse;
 import lombok.extern.slf4j.Slf4j;
 import org.flowable.bpmn.model.FlowElement;
 import org.flowable.common.engine.impl.util.IoUtil;
+import org.flowable.engine.HistoryService;
 import org.flowable.engine.RepositoryService;
 import org.flowable.engine.RuntimeService;
+import org.flowable.engine.history.HistoricProcessInstance;
 import org.flowable.engine.repository.Deployment;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
@ -22,9 +25,13 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;

 import java.io.InputStream;
+import java.util.Date;
 import java.util.List;

+import static cn.axzo.workflow.common.enums.BpmnProcessInstanceResultEnum.PROCESSING;
+
 /**
+ * 测试接口
 * @author wangli
 * @since 2023/10/10 13:59
 */
@ -41,9 +48,13 @@ public class TestController {
    @Autowired
    private RuntimeService runtimeService;
    @Autowired
+    private HistoryService historyService;
+    @Autowired
    private RepositoryService repositoryService;
    @Autowired
    private ProcessInstanceApi processInstanceApi;
+    @Autowired
+    private BpmnProcessInstanceService bpmnProcessInstanceService;

    @RepeatSubmit
    @GetMapping("/test")
@ -82,4 +93,25 @@ public class TestController {
        return processInstanceVO.getData().getName();
    }

+    @GetMapping("/system/operation/batch/abort")
+    public CommonResponse<Boolean> systemOperation(Long timestamp) {
+        List<HistoricProcessInstance> list = historyService.createHistoricProcessInstanceQuery()
+                .processInstanceBusinessStatus(PROCESSING.getStatus())
+                .startedBefore(new Date(timestamp))
+                .unfinished()
+                .list();
+        log.info("待系统中止的流程实例数: {}", list.size());
+        list.forEach(i -> {
+            try {
+                BpmnProcessInstanceAbortDTO abort = new BpmnProcessInstanceAbortDTO();
+                abort.setProcessInstanceId(i.getId());
+                abort.setReason("系统超时中止");
+                bpmnProcessInstanceService.abortProcessInstance(abort);
+            } catch (Exception e) {
+                log.warn("系统批量中止流程: {}, 发生异常: {}", i.getId(), e.getMessage());
+            }
+        });
+        return CommonResponse.success(true);
+    }
+
 }