增加开发文档和API，修复系统可以被一个用户注册多次的漏洞

2018-03-13 16:02:16 +08:00
parent 1f8e727889
commit f83b39361b
13 changed files with 449 additions and 2 deletions
--- a/API文档.xlsx
+++ b/API文档.xlsx
--- a/ER图.vsdx
+++ b/ER图.vsdx
--- a/sql.sql
+++ b/sql.sql
@@ -0,0 +1,249 @@
+CREATE DATABASE db_imis2 
+
+CREATE TABLE tb_user
+(
+  coluserid    INT(10) PRIMARY KEY NOT NULL AUTO_INCREMENT,
+  colname      VARCHAR(30)         NOT NULL,
+  colpassword  VARCHAR(255)        NOT NULL,
+  colemail     VARCHAR(30)         NOT NULL,
+  colstudentno VARCHAR(50)         NOT NULL,
+  colrealname  VARCHAR(20)         NOT NULL
+)
+  ENGINE = InnoDB
+  CHARSET = utf8
+  COLLATE utf8_general_ci;
+CREATE UNIQUE INDEX tb_user_colname_uindex ON tb_user (colname);
+INSERT INTO tb_user (colname, colpassword, colemail, colstudentno, colrealname) VALUES ('root','-4e4hc3pvvu8n0rj1uena76948n37q23r','root@gmail.com','00001','FJY');
+SELECT * FROM tb_user;
+
+
+CREATE TABLE tb_file
+(
+    colfileid   INT(10) PRIMARY KEY AUTO_INCREMENT,
+    coluserid   INT(10),
+    coltime     VARCHAR(128) NOT NULL,
+    colip       VARCHAR(128),
+    colrealname VARCHAR(255),
+    colfilename VARCHAR(255),
+    colfilesize VARCHAR(32),
+    colfilepath VARCHAR(128)
+)ENGINE = InnoDB CHARSET=utf8 COLLATE utf8_general_ci;
+ALTER TABLE tb_file COMMENT = '文件表';
+ALTER TABLE tb_file ADD CONSTRAINT FK_fileuser FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid);
+
+CREATE TABLE tb_admin
+(
+  adminid   INT(10) PRIMARY KEY AUTO_INCREMENT,
+  coluserid INT(10),
+  coltime   VARCHAR(128) NOT NULL,
+  CONSTRAINT FK_adminuser FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid)
+)
+  ENGINE = InnoDB
+  CHARSET = utf8
+  COLLATE utf8_general_ci;
+ALTER TABLE tb_admin COMMENT = '管理员表';
+
+CREATE TABLE tb_student
+(
+    studentid   INT(10) PRIMARY KEY AUTO_INCREMENT,
+    coluserid   INT(10),
+    coltime     VARCHAR(128) NOT NULL,
+  CONSTRAINT FK_sutdentuser FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid)
+)ENGINE = InnoDB CHARSET=utf8 COLLATE utf8_general_ci;
+ALTER TABLE tb_student COMMENT = '学生表';
+
+CREATE TABLE tb_teacher
+(
+    teacherid   INT(10) PRIMARY KEY AUTO_INCREMENT,
+    coluserid   INT(10),
+    coltime    VARCHAR(128) NOT NULL,
+  CONSTRAINT FK_teacheruser FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid)
+)ENGINE = InnoDB CHARSET=utf8 COLLATE utf8_general_ci;
+ALTER TABLE tb_teacher COMMENT = '老师表';
+
+CREATE TABLE tb_log
+(
+    logid     INT(10) PRIMARY KEY AUTO_INCREMENT,
+    coluserid INT(10),
+    coltime   VARCHAR(128) NOT NULL,
+    colip     VARCHAR(128),
+    colheader VARCHAR(255),
+  CONSTRAINT FK_loguser FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid)
+)
+    ENGINE = InnoDB
+    CHARSET = utf8
+    COLLATE utf8_general_ci;
+ALTER TABLE tb_log
+    COMMENT = '日志表';
+
+CREATE TABLE tb_course
+(
+    courseNo   INT(10) PRIMARY KEY    AUTO_INCREMENT,
+    courseName VARCHAR(128) NOT NULL,
+    courseTime VARCHAR(128)    NOT NULL,
+    teacherid  INT(10),
+  CONSTRAINT FK_teacherid FOREIGN KEY (teacherid) REFERENCES tb_teacher (teacherid)
+)
+    ENGINE = InnoDB
+    CHARSET = utf8
+    COLLATE utf8_general_ci;
+ALTER TABLE tb_course COMMENT = '课程表';
+
+CREATE TABLE tb_homework
+(
+  workId     INT(10) PRIMARY KEY    AUTO_INCREMENT,
+  workName   VARCHAR(128) NOT NULL,
+  workTime   VARCHAR(128) NOT NULL ,
+  colfileid  INT(10),
+  workFolder VARCHAR(255) NOT NULL,
+  courseNo   INT(10),
+  workRemark VARCHAR(255),
+  CONSTRAINT FK_colfileid FOREIGN KEY (colfileid) REFERENCES tb_file (colfileid),
+  CONSTRAINT FK_courseNo FOREIGN KEY (courseNo) REFERENCES tb_course (courseNo)
+)
+  ENGINE = InnoDB
+  CHARSET = utf8
+  COLLATE utf8_general_ci;
+ALTER TABLE tb_homework COMMENT = '作业表';
+
+CREATE TABLE tb_workstatus
+(
+  statusid  INT(10) PRIMARY KEY    AUTO_INCREMENT,
+  coluserid INT(10),
+  workId    INT(10),
+  colstatus INT(10),
+  CONSTRAINT FK_statususer FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid),
+  CONSTRAINT FK_workId FOREIGN KEY (workId) REFERENCES tb_homework (workId)
+)
+  ENGINE = InnoDB
+  CHARSET = utf8
+  COLLATE utf8_general_ci;
+ALTER TABLE tb_workstatus COMMENT = '作业提交状态表';
+
+CREATE TABLE tb_feedback
+(
+  feedbackid  INT(10) PRIMARY KEY    AUTO_INCREMENT,
+  coluserid INT(10),
+  feedbackContent    VARCHAR(255),
+  issueTime VARCHAR(128),
+  CONSTRAINT FK_feedbackuser FOREIGN KEY (coluserid) REFERENCES tb_user (coluserid)
+)
+  ENGINE = InnoDB
+  CHARSET = utf8
+  COLLATE utf8_general_ci;
+ALTER TABLE tb_workstatus COMMENT = '反馈信息表';
+
+CREATE TABLE tb_notice
+(
+  noticeid  INT(10) PRIMARY KEY    AUTO_INCREMENT,
+  adminid INT(10),
+  noticeContent    VARCHAR(255),
+  issueTime VARCHAR(128),
+  CONSTRAINT FK_noticeuser FOREIGN KEY (adminid) REFERENCES tb_admin (adminid)
+)
+  ENGINE = InnoDB
+  CHARSET = utf8
+  COLLATE utf8_general_ci;
+ALTER TABLE tb_workstatus COMMENT = '公告表';
+
+
+CREATE VIEW v_workdetail
+  AS
+    SELECT
+      workId,
+      workName,
+      workTime,
+      f.colfileid,
+      colfilename,
+      c.courseName,
+      workRemark,
+      h.workFolder
+    FROM tb_homework h, tb_course c, tb_file f
+    WHERE h.colfileid = f.colfileid AND h.courseNo = c.courseNo;
+
+CREATE VIEW v_log
+  AS
+    SELECT
+    logid,
+    colname,
+    coltime   ,
+    colip     ,
+    colheader
+    FROM tb_log,tb_user
+    WHERE tb_user.coluserid = tb_log.coluserid;
+
+CREATE VIEW v_feedback
+  AS
+    SELECT
+      feedbackid,
+      colname,
+      feedbackContent,
+      issueTime
+    FROM tb_feedback, tb_user
+    WHERE tb_user.coluserid = tb_feedback.coluserid;
+
+
+CREATE VIEW v_course
+  AS
+    SELECT
+    courseNo,
+    courseName,
+    courseTime,
+    colrealname,
+    colname
+    FROM tb_course, tb_teacher,tb_user
+    WHERE tb_user.coluserid = tb_teacher.coluserid AND tb_teacher.teacherid=tb_course.teacherid;
+
+CREATE VIEW v_homework
+  AS
+    SELECT
+      workId,
+      workName,
+      workTime,
+      colfileid,
+      workFolder,
+      courseName,
+      workRemark
+    FROM tb_homework, tb_course
+    WHERE tb_homework.courseNo = tb_course.courseNo;
+
+
+CREATE VIEW v_userfile
+  AS
+    SELECT
+      colfileid,
+      coltime,
+      colip,
+      colfilename,
+      colfilesize,
+      colfilepath,
+      courseName,
+      workFolder,
+      tb_user.colrealname,
+      colstudentno
+    FROM tb_file, tb_user
+    WHERE tb_user.coluserid = tb_file.coluserid;
+
+
+CREATE VIEW v_userinfo
+  AS
+    SELECT
+      coluserid,
+      colname,
+      colemail,
+      colstudentno,
+      colrealname
+    FROM tb_user;
+
+
+CREATE VIEW v_userque
+  AS
+    SELECT
+      tb_user.coluserid,
+      colname,
+      colquestion,
+      colanswer,
+      colrealname
+    FROM tb_userque,tb_user
+    WHERE tb_user.coluserid=tb_userque.coluserid;
+
--- a/src/main/java/com/fjy/spring/controller/RegisterController.java
+++ b/src/main/java/com/fjy/spring/controller/RegisterController.java
@@ -2,6 +2,7 @@ package com.fjy.spring.controller;

 import com.fjy.spring.domain.TbStudentlist;
 import com.fjy.spring.domain.TbUser;
+import com.fjy.spring.enums.RegisteredEnum;
 import com.fjy.spring.enums.ResultEnum;
 import com.fjy.spring.exception.UserException;
 import com.fjy.spring.properties.ServerProperties;
@@ -48,6 +49,8 @@ public class RegisterController {
        //加密用户密码
        tbUser.setColpassword(new BigInteger(CodingUtil.encryptSHA(tbUser.getColpassword().getBytes())).toString(32));
        if (userService.doRegisterService(tbUser)){
+            //更新用户列表是否注册的标记
+            studentService.UpdateStudentListRegistered(tbUser.getColrealname(),tbUser.getColstudentno());
            return true;
            /*return "redirect:" + request.getScheme() + "://" + request.getServerName() + ":"
                    + serverProperties.getPortNum() + request.getContextPath() + "/index";*/
@@ -70,7 +73,7 @@ public class RegisterController {
    public boolean doCheckStudent(@RequestParam(value = "studentno") String studentno,
                                  @RequestParam(value = "realname") String realname){
        TbStudentlist studentlist = studentService.findByColstudentnoAndColrealname(studentno,realname);
-        if (studentlist!=null)
+        if (studentlist!=null&&studentlist.getRegistered()!= RegisteredEnum.REGISTERED.getCode())
            return true;
        return false;
    }
--- a/src/main/java/com/fjy/spring/domain/TbStudentlist.java
+++ b/src/main/java/com/fjy/spring/domain/TbStudentlist.java
@@ -17,4 +17,6 @@ public class TbStudentlist {

    private String sex;

+    private Integer registered;
+
 }
--- a/src/main/java/com/fjy/spring/enums/RegisteredEnum.java
+++ b/src/main/java/com/fjy/spring/enums/RegisteredEnum.java
@@ -0,0 +1,18 @@
+package com.fjy.spring.enums;
+
+import lombok.Getter;
+
+@Getter
+public enum RegisteredEnum {
+    REGISTERED(1,"该用户已注册"),
+    UNREGISTERED(0,"该用户未注册"),
+    FORBIDDEN(2,"该用户已被列入黑名单")
+    ;
+    private Integer code;
+    private String msg;
+
+    RegisteredEnum(Integer code, String msg) {
+        this.code = code;
+        this.msg = msg;
+    }
+}
--- a/src/main/java/com/fjy/spring/service/StudentService.java
+++ b/src/main/java/com/fjy/spring/service/StudentService.java
@@ -3,6 +3,7 @@ package com.fjy.spring.service;
 import com.fjy.spring.domain.TbStudent;
 import com.fjy.spring.domain.TbStudentlist;
 import com.fjy.spring.domain.TbUser;
+import com.fjy.spring.enums.RegisteredEnum;
 import com.fjy.spring.repository.TbStudentListRepository;
 import com.fjy.spring.repository.TbStudentRepository;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -26,6 +27,12 @@ public class StudentService {
        return tbStudentListRepository.findByColstudentnoAndColrealname(studentno,realname);
    }

+    public TbStudentlist UpdateStudentListRegistered(String realname,String studentno){
+        TbStudentlist studentlist = new TbStudentlist();
+        studentlist = findByColstudentnoAndColrealname(studentno,realname);
+        studentlist.setRegistered(RegisteredEnum.REGISTERED.getCode());
+        return tbStudentListRepository.save(studentlist);
+    }


 }
--- a/src/main/resources/static/js/loginstyle.js
+++ b/src/main/resources/static/js/loginstyle.js
@@ -106,7 +106,7 @@ var Main = {
                    .then(function (response) {
                        console.log(response.data);
                        if (response.data === false) {
-                            return callback(new Error('姓名与学号不匹配'));
+                            return callback(new Error('姓名与学号不匹配或该用户已注册'));
                        } else {
                            callback()
                        }
--- a/version.js
+++ b/version.js
@@ -0,0 +1,168 @@
+{
+    "date":"2018-02-26",
+    "content":"实现公告获取和输出",
+    "version":"V2.1.3",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-26",
+    "content":"修复导航栏跳转错误，添加404页面",
+    "version":"V2.1.2",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-26",
+    "content":"使用异步注册，优化注册体验",
+    "version":"V2.1.1",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-26",
+    "content":"优化备份文件结构，对备份文件统一存储",
+    "version":"V2.1",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-26",
+    "content":"修复对同一文件重复上传后无法下载备份文件的问题",
+    "version":"V2.0",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-25",
+    "content":"修复一些安全性问题",
+    "version":"V1.16.1",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-25",
+    "content":"修复登录失败的提示",
+    "version":"V1.16",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-25",
+    "content":"实现忘记密码功能，以及完善部分单元测试",
+    "version":"V1.15",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-24",
+    "content":"修复文件批量下载的错误，为压缩文件进行统一管理，批量下载不支持多线程",
+    "version":"V1.8.1",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-24",
+    "content":"实现文件批量下载",
+    "version":"V1.8",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-23",
+    "content":"实现对未交作业人员的查询和展示",
+    "version":"V1.7",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-23",
+    "content":"去除js对绝对地址的依赖，为日志添加排序选项",
+    "version":"V1.6.1",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-23",
+    "content":"实现用户仅能查看自己提交的文件",
+    "version":"V1.6",
+    "user":"F嘉阳"
+},
+{
+    "date":"2018-02-23",
+    "content":"修复用户信息修改页面数据绑定方式，改为使用axios进行数据获取和绑定",
+    "version":"V1.5",
+    "user":"F嘉阳"
+},
+{
+     "date":"2018-02-22",
+"content":"实现后台对未交作业人员的查询",
+    "version":"V1.4",
+    "user":"F嘉阳"
+},
+{
+     "date":"2018-02-22",
+"content":"实现用户信息修改",
+    "version":"V1.3.1",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-21",
+"content":"实现用户信息修改页面session传值",
+    "version":"V1.3",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-09",
+"content":"实现用户管理和作业管理数据读取",
+    "version":"V1.2.1",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-09",
+"content":"实现单文件删除",
+    "version":"V1.2",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-08",
+"content":"完成课程管理数据读取，修复页面加载css，js错误",
+    "version":"V1.1.2",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-08",
+"content":"完成管理员主页的数据读取",
+    "version":"V1.1.1",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-08",
+"content":"完成前端界面设计",
+    "version":"V1.0",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-08",
+"content":"实现表单异步提交并显示消息",
+    "version":"V0.15",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-07",
+"content":"实现作业上传自动创建文件夹",
+    "version":"V0.14",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-07",
+"content":"实现作业获取和展示",
+    "version":"V0.13",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-06",
+"content":"完成前端上传页面设计",
+    "version":"V0.12",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-06",
+"content":"实现登录日志记录",
+    "version":"V0.11",
+    "user":"F嘉阳"
+},
+{
+ "date":"2018-02-05",
+"content":"提高加密安全性",
+    "version":"V0.10.1",
+    "user":"F嘉阳"
+}
--- a/后台API.docx
+++ b/后台API.docx
--- a/数据库表.xlsx
+++ b/数据库表.xlsx
--- a/流程图.png
+++ b/流程图.png
--- a/错误码.xlsx
+++ b/错误码.xlsx