1.table导出excel接口

2.接口参数防注入

bsoft-api/src/main/java/com/bsoft/api/common/utils/SqlUtil.java

+package com.bsoft.api.common.utils;
+
+public class SqlUtil {
+    public static String TransactSQLInjection(String str)
+    {
+        return str.replaceAll(".*([';]+|(--)+).*", " ");
+    }
+}

bsoft-api/src/main/java/com/bsoft/api/controller/DimController.java

@@ -12,6 +12,7 @@ import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.validation.Valid;
 import java.util.List;
 
 @Api(tags = "维度数值Api")
@@ -28,7 +29,7 @@ public class DimController {
     @PostMapping("dimValue")
     @Token
     @ApiOperation("根据pageCode查询维度数值")
-    public  Object getdimValueByPageCode(@RequestBody ReqDimValue reqDimValue) {
+    public  Object getdimValueByPageCode(@RequestBody@Valid ReqDimValue reqDimValue) {
         List<DimValue> dimValueList = dicDimService.getByPageCode(reqDimValue.getPageCode(), reqDimValue.getOrgId(), reqDimValue.getDate());
         return Result.success(dimValueList);
     }

bsoft-api/src/main/java/com/bsoft/api/controller/ExcelController.java

 package com.bsoft.api.controller;
 
 import com.bsoft.api.common.Result;
+import com.bsoft.api.common.annotations.Token;
 import com.bsoft.api.service.ExcelService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -18,7 +19,8 @@ public class ExcelController {
     @Autowired
     private ExcelService excelService;
 
-    @PostMapping("xls")
+    @PostMapping("export")
+    @Token
     @ApiOperation("将Table转换为Xls")
     public Object tableToXls(HttpServletRequest request,@RequestBody String tableStr){
         String realPath = request.getSession().getServletContext().getRealPath("/");

bsoft-api/src/main/java/com/bsoft/api/controller/SerDiseaseDocController.java

@@ -22,7 +22,7 @@ public class SerDiseaseDocController {
     private SerDiseaseDocService serDiseaseDocService;
 
     @PostMapping("diseaseDoc")
-//    @Token
+    @Token
     @ApiOperation("根据Code查询疾病关系信息")
     public  Object getDiseaseDoc(@RequestBody DiseaseDoc disease) throws InterruptedException {
         List<SerDiseaseDocRs> list = serDiseaseDocService.getDiseaseDoc(disease.getDocCode(),disease.getMdcCode(),

bsoft-api/src/main/java/com/bsoft/api/mapper/SerDiseaseDocRsMapper.java

@@ -18,5 +18,8 @@ public interface SerDiseaseDocRsMapper {
     List<SerDiseaseDocRs> selectByCode(@Param("docCode") String docCode,@Param("mdcCode") String mdcCode,
                                        @Param("deptCode") String deptCode,@Param("date") String date);
 
+    List<SerDiseaseDocRs> selectByRelation(@Param("docCode") String docCode,@Param("listMdcCode") String[] listMdcCode,
+                                       @Param("deptCode") String deptCode,@Param("date") String date);
+
     int updateByPrimaryKey(SerDiseaseDocRs record);
 }

bsoft-api/src/main/java/com/bsoft/api/mapper/SerPageMapper.java

@@ -4,6 +4,7 @@ import com.bsoft.api.model.SerPage;
 import org.apache.ibatis.annotations.Param;
 
 import java.util.List;
+import java.util.Set;
 
 public interface SerPageMapper {
     int deleteByPrimaryKey(Long id);
@@ -17,4 +18,6 @@ public interface SerPageMapper {
     int updateByPrimaryKey(SerPage record);
 
     List<SerPage> selectByCodeAndDim(@Param("pageCode") Integer pageCode, @Param("inField") String inField, @Param("dimCount") int dimCount);
+
+    List<SerPage> selectByCodeAndDimList(@Param("pageCode") Integer pageCode, @Param("inFields") Set<String> inFields, @Param("dimCount") int dimCount);
 }
\ No newline at end of file

bsoft-api/src/main/java/com/bsoft/api/model/reqmodel/ReqDimValue.java

@@ -2,6 +2,8 @@ package com.bsoft.api.model.reqmodel;
 
 import io.swagger.annotations.ApiModelProperty;
 
+import javax.validation.constraints.NotNull;
+
 public class ReqDimValue {
 
     @ApiModelProperty(value = "pageCode",required = true)
@@ -9,6 +11,7 @@ public class ReqDimValue {
     @ApiModelProperty("机构id")
     private Long orgId;
     @ApiModelProperty("时间")
+    @NotNull
     private String date;
 
     public String getPageCode() {

bsoft-api/src/main/java/com/bsoft/api/service/Impl/BlockValuesServiceImpl.java

 package com.bsoft.api.service.Impl;
 
 import com.bsoft.api.common.exceptions.DBConfigurationError;
+import com.bsoft.api.common.utils.SqlUtil;
 import com.bsoft.api.mapper.BlockValuesMapper;
 import com.bsoft.api.mapper.DicDimMapper;
 import com.bsoft.api.mapper.SerPageBlockRsMapper;
@@ -18,10 +19,7 @@ import org.springframework.scheduling.annotation.AsyncResult;
 import org.springframework.stereotype.Service;
 
 import javax.annotation.Resource;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;
 import java.util.concurrent.CountDownLatch;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.Future;
@@ -109,17 +107,19 @@ public class BlockValuesServiceImpl implements BlockValuesService {
          */
         List<BlockValue> list = new ArrayList<>();
 
-        int count = 0;
-        String inField = "";
-        for (Map.Entry<String, String> entry : dim.entrySet()) {
-            inField += "'"+entry.getKey()+"',";
-            count++;
-        }
-        if(count > 0){
-            inField = inField.substring(0, inField.length()-1);
-        }
-
-        List<SerPage> pageList = serPageMapper.selectByCodeAndDim(pageCode, inField, count);
+//        int count = 0;
+        Set<String> inFields = dim.keySet();
+//        String inField = "";
+//        for (Map.Entry<String, String> entry : dim.entrySet()) {
+//            inField += "'"+ SqlUtil.TransactSQLInjection(entry.getKey())+"',";
+//            count++;
+//        }
+//        if(count > 0){
+//            inField = inField.substring(0, inField.length()-1);
+//        }
+
+        List<SerPage> pageList = serPageMapper.selectByCodeAndDimList(pageCode, inFields, inFields.size());
+//        List<SerPage> pageList = serPageMapper.selectByCodeAndDim(pageCode, inField, count);
         if(pageList.size() == 0){
             throw new DBConfigurationError("页面维度配置表错误，请联系管理员");
         }

bsoft-api/src/main/java/com/bsoft/api/service/Impl/SerDiseaseDocServiceImpl.java

 package com.bsoft.api.service.Impl;
 
+import com.bsoft.api.common.utils.SqlUtil;
 import com.bsoft.api.mapper.SerDiseaseDocRsMapper;
 import com.bsoft.api.model.SerDiseaseDocRs;
 import com.bsoft.api.service.SerDiseaseDocService;
 import com.bsoft.common.utils.StringUtil;
 import org.springframework.stereotype.Service;
 import javax.annotation.Resource;
+import java.sql.Array;
+import java.util.ArrayList;
 import java.util.List;
 
 @Service
@@ -17,9 +20,11 @@ public class SerDiseaseDocServiceImpl implements SerDiseaseDocService {
     @Override
     public List<SerDiseaseDocRs> getDiseaseDoc(String docCode, String mdcCode, String deptCode,String date) throws InterruptedException {
         docCode= StringUtil.isNullOrEmpty(docCode)?null:docCode;
-        mdcCode= StringUtil.isNullOrEmpty(mdcCode)?null:mdcCode;
+        mdcCode= StringUtil.isNullOrEmpty(mdcCode)?"":mdcCode;
         deptCode= StringUtil.isNullOrEmpty(deptCode)?null:deptCode;
         date= StringUtil.isNullOrEmpty(date)?null:date;
-        return serDiseaseDocRsMapper.selectByCode(docCode,mdcCode,deptCode,date);
+        String[] inField = mdcCode.split(",");
+//        return serDiseaseDocRsMapper.selectByCode(docCode,mdcCode,deptCode,date);
+        return serDiseaseDocRsMapper.selectByRelation(docCode,inField,deptCode,date);
     }
 }

bsoft-api/src/main/resources/application.properties

@@ -15,3 +15,5 @@ spring.aop.auto=true
 # Whether subclass-based (CGLIB) proxies are to be created (true)
 spring.aop.proxy-target-class=false
 spring.jmx.enabled=false
+#控制字段为null不返回的问题 True表示返回 False表示不返回
+mybatis.configuration.call-setters-on-nulls=true
\ No newline at end of file

bsoft-api/src/main/resources/mapper/SerDiseaseDocRsMapper.xml

@@ -64,4 +64,24 @@
           and "DATE" = #{date,jdbcType=VARCHAR}
       </if>
   </select>
+    <select id="selectByRelation" resultMap="BaseResultMap">
+        select ID, ORG_ID, DOC_CODE, DOC_NAME, MDC_CODE, "DATE", DEPT_CODE, DEPT_NAME
+        from SER_DISEASE_DOC_RS
+        where 1=1
+        <if test="docCode!=null">
+            and DOC_CODE = #{docCode,jdbcType=VARCHAR}
+        </if>
+        <if test="listMdcCode.length > 0">
+            and MDC_CODE in
+            <foreach item="item" index="index" collection="listMdcCode" open="(" separator="," close=")">
+                #{item,jdbcType=VARCHAR}
+            </foreach>
+        </if>
+        <if test="deptCode!=null">
+            and DEPT_CODE = #{deptCode,jdbcType=VARCHAR}
+        </if>
+        <if test="date!=null">
+            and "DATE" = #{date,jdbcType=VARCHAR}
+        </if>
+    </select>
 </mapper>
\ No newline at end of file

bsoft-api/src/main/resources/mapper/SerPageMapper.xml

@@ -64,4 +64,33 @@
         </if>
         and f.count =#{dimCount,jdbcType=INTEGER}
     </select>
+    <select id="selectByCodeAndDimList" resultType="com.bsoft.api.model.SerPage">
+        select d.* from SER_PAGE d,
+        <if test="dimCount != 0">
+            (select a.id,COUNT(b.ID) count
+            from SER_PAGE a
+            LEFT JOIN ser_page_dim_rs b on a.id = b.PAGE_ID and b.state = 1
+            LEFT JOIN DIC_DIM c on c.ID = b.DIM_ID
+            where a.state =1 and a.PAGE_CODE = #{pageCode,jdbcType=VARCHAR}
+            <if test="inFields.size() > 0">
+                and c.DIM_FIELD in
+                <foreach item="item" index="index" collection="inFields" open="(" separator="," close=")">
+                    #{item,jdbcType=VARCHAR}
+                </foreach>
+            </if>
+            GROUP BY a.ID) e,
+        </if>
+        (select a.id,COUNT(b.ID) count
+        from SER_PAGE a
+        LEFT JOIN ser_page_dim_rs b on a.id = b.PAGE_ID and b.state = 1
+        LEFT JOIN DIC_DIM c on c.ID = b.DIM_ID
+        where a.state =1 and a.PAGE_CODE = #{pageCode,jdbcType=VARCHAR}
+        GROUP BY a.ID) f
+        where d.id = f.id
+        <if test="dimCount != 0">
+            and f.count = e.count
+            and d.Id = e.id
+        </if>
+        and f.count =#{dimCount,jdbcType=INTEGER}
+    </select>
 </mapper>
\ No newline at end of file