修复用户数据安全漏洞

src/main/java/com/fjy/spring/controller/DataController.java

@@ -74,7 +74,7 @@ public class DataController {
         throw new UserException(ResultEnum.EMPTY_DATA);
     }
 
-    @GetMapping("/home/findvfeedback")
+    @GetMapping("/home/admin/findvfeedback")
     public List<VFeedBack> findAllVFeedback(){
         List<VFeedBack> feedBacks = feedBackService.findAllVFeedback();
         if (feedBacks!=null){
@@ -92,7 +92,7 @@ public class DataController {
         throw new UserException(ResultEnum.EMPTY_DATA);
     }
 
-    @GetMapping("/home/findalluser")
+    @GetMapping("/home/admin/findalluser")
     public List<TbUser> findAllUser(){
         List<TbUser> users = userService.findAllUser();
         if (users!=null){
@@ -110,7 +110,7 @@ public class DataController {
         throw new UserException(ResultEnum.EMPTY_DATA);
     }
 
-    @GetMapping("/home/findStudentInCourseFile")
+    @GetMapping("/home/admin/findStudentInCourseFile")
     public  List<TbStudentlist> findStudentInCourseFile(
             @RequestParam(value = "Folder") String Folder,@RequestParam(value = "CourseName") String CourseName){
         List<TbStudentlist> files = vUserfileService.findStudentNoByWorkFolderAndCourseName(Folder,CourseName);
@@ -169,7 +169,7 @@ public class DataController {
             , @RequestParam(value = "password") String password,
               @RequestParam(value = "question") String question
             , @RequestParam(value = "answer") String answer) throws Exception {
-        log.info("name:{}, password:{}, question:{}, answer:{}",name,password,question,answer);
+        //log.info("name:{}, password:{}, question:{}, answer:{}",name,password,question,answer);
         if (findUserQue(name,question,answer)){
             //service方法内含有对密码加密的操作
             return userService.updateColpasswordByColname(password,name);
@@ -185,7 +185,7 @@ public class DataController {
 
     @PostMapping("/home/admin/addoneversion")
     public boolean addOneVersion(TbVersion version){
-        log.info(version.toString());
+        //log.info(version.toString());
         return versionService.addOneVersion(version)!=null;
     }
 

src/main/java/com/fjy/spring/interceptor/WebAppConfig.java

@@ -6,7 +6,7 @@ import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-@Configuration
+/*@Configuration*/
 public class WebAppConfig implements WebMvcConfigurer {
 
     /**

src/main/resources/static/js/admin.js

@@ -49,7 +49,7 @@ var Main = {
                 .catch(function (error) {
                     console.log(error);
                 });
-            axios.get(getRootPath_web()+'/home/findvfeedback')
+            axios.get(getRootPath_web()+'/home/admin/findvfeedback')
                 .then(function (response) {
                     console.log(response.data);
                     that.feedbackData = response.data;

src/main/resources/static/js/homework.js

@@ -65,7 +65,7 @@ var Main = {
         findUncommitStudent(row){
             var that = this;
             this.dialogTableVisible = true;
-            axios.get(getRootPath_web()+'/home/findStudentInCourseFile',
+            axios.get(getRootPath_web()+'/home/admin/findStudentInCourseFile',
                 {
                     params: {
                         Folder: row.folder,

src/main/resources/static/js/manageuser.js

@@ -18,7 +18,7 @@ var Main = {
     mounted() {
         this.$nextTick(() => {
             var that = this;
-            axios.get(getRootPath_web()+'/home/findalluser')
+            axios.get(getRootPath_web()+'/home/admin/findalluser')
                 .then(function (response) {
                     console.log(response.data);
                     that.userData = response.data;