rymcu / forest Goto Github PK
View Code? Open in Web Editor NEWforest(森林)——一款现代化的知识社区后台项目,使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现
Home Page: https://rymcu.com
License: MIT License
forest(森林)——一款现代化的知识社区后台项目,使用 SpringBoot + Shiro + MyBatis + JWT + Redis 实现
Home Page: https://rymcu.com
License: MIT License
未登录状态下,直接访问文章修改路径存在鉴权问题
未登录/无权限展示无权限提示
从ChatGPT页面跳转个人中心,上方有错误弹窗,但是没有错误信息
项目运行遇到一个问题,提示Failed to configure a DataSource: 'url' attribute is not specified and no embedded datasource could be configured.但是数据库配置文件又是配置好了的,而且我将配置文件复制到其他项目可以正常链接,就是这个项目不行,不知道什么原因
文章赞赏余额不足时,提示(服务器正在开小差,请稍后再试......)不友善,应正确提示余额不足
org.springframework.cglib.core.CodeGenerationException: java.lang.reflect.InaccessibleObjectException-->Unable to make protected final java.lang.Class java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) throws java.lang.ClassFormatError accessible: module java.base does not "opens java.lang" to unnamed module @28701274
使用的jdk8
问题代码定位:
// 草稿不更新索引
if (isUpdate) {
log.info("更新文章索引,id={}", newArticle.getIdArticle());
luceneService.updateArticle(newArticle.getIdArticle().toString());
} else {
log.info("写入文章索引,id={}", newArticle.getIdArticle());
luceneService.writeArticle(newArticle.getIdArticle().toString());
}
在作品 集详情,点浏览器回退后,
1、 没有跳到历史上一步的浏览链接
2、 在当前界面点击作品集, 按钮失效
文章删除后未清除文章内容表数据,导致后续发布文章发布后访问 404 问题
在哪里可以找到这个项目的数据库文件
文章点赞/打赏功能增加并发优化, 需求: <RYMCU 社区开发计划> #comment-5553
因用户上传头像过大,导致首页加载慢,修改意见:
Register a user using the system's registration function (使用系统的注册功能,注册一个用户)
POST /api/upload/file/link HTTP/1.1
Host: 127.0.0.1:3000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:120.0) Gecko/20100101 Firefox/120.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
X-Upload-Token: eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJ0ZXN0Iiwic3ViIjoidGVzdCIsImlhdCI6MTcwMjg3MTg1MX0.52fneB5s417LkY67Ry95657YCvlWcng6S3PekvvkEdA
Content-Type: application/json
Content-Length: 50
Origin: http://127.0.0.1:3000
Connection: close
Referer: http://127.0.0.1:3000/article/post
Cookie: SESSION=062279af-c20d-4004-b5e2-23e2196c52f5; auth.strategy=local; auth._token.local=eyJhbGciOiJIUzI1NiJ9.eyJqdGkiOiJhZG1pbiIsInN1YiI6ImFkbWluIiwiaWF0IjoxNzAyNTQ2MTkzfQ.1aL69-kqpkwV9Xu4BOf7takNHUmhp3PzDtOGseXHr-o; auth._token_expiration.local=1702547093332; auth._refresh_token.local=01HHKTJEW0EQ8FD9GCSZ6X5ZT4; auth._refresh_token_expiration.local=1702553393333
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
{"url":"http://456.v0e01kal.eyes.sh","type":"567"}
The test intranet address also received the request successfully:(测试内网地址也成功收到请求:)
src/main/java/com/rymcu/forest/web/api/common/UploadController.java The method does not limit the user parameter url, resulting in access to arbitrary intranet addresses(方法中未对用户参数url做限制,导致能访问任意的内网地址)
This ssrf affects the latest version of the curren(这个ssrf影响目前的最新版本)
For fix this vuln, Here is my advices:
为了修复这个漏洞,我有以下建议:
RT
网络图片链接携带参数会丢失文件后缀(eg: http://xxxx.com/img/xxx.png?size=100_100)
现有单元测试代码较少,加强单元测试
减少非核心开发者的开发成本,减少问题产生
TDD概念:https://developer.aliyun.com/article/365993
@PostMapping("/chat")
public GlobalResult<List> chat(@requestbody JSONObject jsonObject) {
//获取JSON数组
JSONArray jsonArray = jsonObject.getJSONArray("message");
//构建消息数组
String[] contents = new String[jsonArray.size()];
//遍历JSON数组,取出key为content的值存进消息数组中
for (int i = 0; i < jsonArray.size(); i++) {
JSONObject obj = jsonArray.getJSONObject(i);
contents[i] = obj.getString("content");
}
// 参数校验
if (StringUtils.isBlank(contents[0])) {
// 参数异常
throw new IllegalArgumentException("参数异常!");
}
// 构建问答列表 用于存储用户输入
List list = new ArrayList();
for (int i = contents.length-1; i >= 0; i--){
if((i+1)%2==0) {
ChatMessage chatMessage1 = new ChatMessage("assistant", contents[i]);
list.add(chatMessage1);
}else{
ChatMessage chatMessage1 = new ChatMessage("user", contents[i]);
list.add(chatMessage1);
}
}
// 调用openapi接口,构建请求头header
//触发拦截器,获取token 用于请求头
OpenAiService service = new OpenAiService(token, Duration.ofSeconds(600));
// 构建完整的请求
// model: 机器人模型
// messages: 用户输入
ChatCompletionRequest completionRequest = ChatCompletionRequest.builder()
.model("gpt-3.5-turbo")
.messages(list)
.build();
// 获取机器人回复 将请求参数传入结合token请求openapi接口 这里是发送请求的主要函数
List<ChatCompletionChoice> choices = service.createChatCompletion(completionRequest).getChoices();
// 返回结果
return GlobalResultGenerator.genSuccessResult(choices);
}
这样可以实现连续对话,而不是一句一句的回复。
消息通知界面无分页,导致查看不到更多消息
提示Required request parameter 'followingId' for method parameter type Integer is not present
增加文章内容审核机制,新发布的文章需通过内容审核后方可正式发布
在.yml中配置:
mail:
host: smtp.163.com # 网站发送邮件邮箱服务 host
port: 465
username: [email protected]
password: 4W3tCXdyk0Gm
但是会报错javax.mail.MessagingException: Got bad greeting from SMTP host: smtp.163.com, port: 465, response: [EOF]
请问怎么解决?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.