修复一些已知的安全问题

1. 🎨 剔除主动推送百度 SEO 功能
2. 🎨 优化记录最后在线时间代码
3. 🎨 优化代码结构
4. ⬆️ 升级 log4j2 依赖
This commit is contained in:
ronger 2021-12-15 16:12:16 +08:00 committed by GitHub
commit 1e08f9be9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 134 additions and 115 deletions

45
pom.xml
View File

@ -24,6 +24,12 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@ -37,7 +43,7 @@
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.1</version>
<version>2.2.0</version>
</dependency>
<dependency>
@ -89,13 +95,13 @@
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper</artifactId>
<version>5.2.0</version>
<version>5.3.0</version>
</dependency>
<!-- fastjson -->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.76</version>
<version>1.2.78</version>
</dependency>
<!-- shiro权限控制框架 -->
<dependency>
@ -145,7 +151,30 @@
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid-spring-boot-starter</artifactId>
<version>1.1.20</version>
<version>1.2.8</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-to-slf4j</artifactId>
<version>2.16.0</version>
<exclusions>
<exclusion>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.16.0</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
@ -168,7 +197,7 @@
<dependency>
<groupId>org.jodd</groupId>
<artifactId>jodd-http</artifactId>
<version>5.0.13</version>
<version>6.0.6</version>
</dependency>
<dependency>
<groupId>com.github.binarywang</groupId>
@ -202,12 +231,16 @@
<dependency>
<groupId>com.baidu.aip</groupId>
<artifactId>java-sdk</artifactId>
<version>4.11.3</version>
<version>4.16.2</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
</exclusion>
<exclusion>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</exclusion>
</exclusions>
</dependency>

View File

@ -37,7 +37,7 @@ public class SecurityAspect {
Logger logger = LoggerFactory.getLogger(SecurityAspect.class);
@Pointcut("@annotation(com.rymcu.forest.core.service.security.annotation.SecurityInterceptor)")
public void pointCut() {
public void securityPointCut() {
}
/**
@ -47,7 +47,7 @@ public class SecurityAspect {
* @return 方法执行结果
* @throws Throwable 调用出错
*/
@Before(value = "pointCut()")
@Before(value = "securityPointCut()")
public void doBefore(JoinPoint joinPoint) throws BaseApiException {
logger.info("检查用户修改信息权限 start ...");
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();

View File

@ -3,14 +3,16 @@ package com.rymcu.forest.jwt.service;
import com.rymcu.forest.jwt.def.JwtConstants;
import com.rymcu.forest.jwt.model.TokenModel;
import com.rymcu.forest.service.UserService;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Date;
import java.util.concurrent.TimeUnit;
@ -21,17 +23,20 @@ import java.util.concurrent.TimeUnit;
*/
@Component
public class RedisTokenManager implements TokenManager {
@Autowired
private StringRedisTemplate redisTemplate;
@Resource
private UserService userService;
/**
* 生成TOKEN
*/
@Override
public String createToken(String id) {
//使用uuid作为源token
//使用 account 作为源 token
String token = Jwts.builder().setId(id).setSubject(id).setIssuedAt(new Date()).signWith(SignatureAlgorithm.HS256, JwtConstants.JWT_SECRET).compact();
//存储到redis并设置过期时间
//存储到 redis 并设置过期时间
redisTemplate.boundValueOps(id).set(token, JwtConstants.TOKEN_EXPIRES_HOUR, TimeUnit.HOURS);
return token;
}
@ -46,15 +51,20 @@ public class RedisTokenManager implements TokenManager {
if (model == null) {
return false;
}
String token = (String) redisTemplate.boundValueOps(model.getUsername()).get();
String token = redisTemplate.boundValueOps(model.getUsername()).get();
if (token == null || !token.equals(model.getToken())) {
return false;
}
//如果验证成功说明此用户进行了一次有效操作延长token的过期时间
// 如果验证成功说明此用户进行了一次有效操作延长 token 的过期时间
redisTemplate.boundValueOps(model.getUsername()).expire(JwtConstants.TOKEN_EXPIRES_HOUR, TimeUnit.HOURS);
StringBuilder key = new StringBuilder();
key.append(JwtConstants.LAST_ONLINE).append(model.getUsername());
redisTemplate.boundValueOps(key.toString()).set(LocalDateTime.now().toString(), JwtConstants.LAST_ONLINE_EXPIRES_MINUTE, TimeUnit.MINUTES);
String result = redisTemplate.boundValueOps(key.toString()).get();
if (StringUtils.isBlank(result)) {
// 更新最后在线时间
userService.updateLastOnlineTimeByEmail(model.getUsername());
redisTemplate.boundValueOps(key.toString()).set(LocalDateTime.now().toString(), JwtConstants.LAST_ONLINE_EXPIRES_MINUTE, TimeUnit.MINUTES);
}
return true;
}

View File

@ -15,6 +15,7 @@ import com.rymcu.forest.service.TagService;
import com.rymcu.forest.service.UserService;
import com.rymcu.forest.util.*;
import com.rymcu.forest.web.api.exception.BaseApiException;
import com.rymcu.forest.web.api.exception.ErrorCode;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.text.StringEscapeUtils;
@ -46,24 +47,21 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
@Value("${resource.domain}")
private String domain;
@Value("${env}")
private String env;
private static final int MAX_PREVIEW = 200;
private static final String defaultStatus = "0";
private static final String defaultTopicUri = "news";
private static final String DEFAULT_STATUS = "0";
private static final String DEFAULT_TOPIC_URI = "news";
private static final int ADMIN_ROLE_WEIGHTS = 2;
@Override
public List<ArticleDTO> findArticles(ArticleSearchDTO searchDTO) {
List<ArticleDTO> list;
if (StringUtils.isNotBlank(searchDTO.getTopicUri()) && !defaultTopicUri.equals(searchDTO.getTopicUri())) {
if (StringUtils.isNotBlank(searchDTO.getTopicUri()) && !DEFAULT_TOPIC_URI.equals(searchDTO.getTopicUri())) {
list = articleMapper.selectArticlesByTopicUri(searchDTO.getTopicUri());
} else {
list = articleMapper.selectArticles(searchDTO.getSearchText(), searchDTO.getTag(), searchDTO.getTopicUri());
}
list.forEach(article -> {
genArticle(article, 0);
});
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@ -73,31 +71,26 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
if (articleDTO == null) {
return null;
}
articleDTO = genArticle(articleDTO, type);
genArticle(articleDTO, type);
return articleDTO;
}
@Override
public List<ArticleDTO> findArticlesByTopicUri(String name) {
List<ArticleDTO> articleDTOS = articleMapper.selectArticlesByTopicUri(name);
articleDTOS.forEach(articleDTO -> {
genArticle(articleDTO, 0);
});
return articleDTOS;
List<ArticleDTO> list = articleMapper.selectArticlesByTopicUri(name);
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@Override
public List<ArticleDTO> findArticlesByTagName(String name) {
List<ArticleDTO> articleDTOS = articleMapper.selectArticlesByTagName(name);
return articleDTOS;
return articleMapper.selectArticlesByTagName(name);
}
@Override
public List<ArticleDTO> findUserArticlesByIdUser(Integer idUser) {
List<ArticleDTO> list = articleMapper.selectUserArticles(idUser);
list.forEach(article -> {
genArticle(article, 0);
});
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@ -119,11 +112,14 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
String articleContent = article.getArticleContent();
String articleContentHtml = article.getArticleContentHtml();
User user = UserUtils.getCurrentUserByToken();
if (Objects.isNull(user)) {
throw new BaseApiException(ErrorCode.INVALID_TOKEN);
}
String reservedTag = checkTags(articleTags);
boolean notification = false;
if (StringUtils.isNotBlank(reservedTag)) {
Integer roleWeights = userService.findRoleWeightsByUser(user.getIdUser());
if (roleWeights > 2) {
if (roleWeights > ADMIN_ROLE_WEIGHTS) {
map.put("message", StringEscapeUtils.unescapeJava(reservedTag) + "标签为系统保留标签!");
return map;
} else {
@ -144,10 +140,8 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
} else {
newArticle = articleMapper.selectByPrimaryKey(article.getIdArticle());
// 如果文章之前状态为草稿则应视为新发布文章
if (defaultStatus.equals(newArticle.getArticleStatus())) {
if (DEFAULT_STATUS.equals(newArticle.getArticleStatus())) {
isUpdate = true;
} else {
isUpdate = false;
}
if (!user.getIdUser().equals(newArticle.getArticleAuthorId())) {
map.put("message", "非法访问!");
@ -161,13 +155,13 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
}
// 发送相关通知
if (defaultStatus.equals(newArticle.getArticleStatus())) {
if (DEFAULT_STATUS.equals(newArticle.getArticleStatus())) {
// 发送系统通知
if (notification) {
NotificationUtils.sendAnnouncement(newArticle.getIdArticle(), NotificationConstant.Article, newArticle.getArticleTitle());
} else {
// 发送关注通知
StringBuffer dataSummary = new StringBuffer();
StringBuilder dataSummary = new StringBuilder();
if (isUpdate) {
dataSummary.append(user.getNickname()).append("更新了文章: ").append(newArticle.getArticleTitle());
NotificationUtils.sendArticlePush(newArticle.getIdArticle(), NotificationConstant.UpdateArticle, dataSummary.toString(), newArticle.getArticleAuthorId());
@ -176,53 +170,33 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
NotificationUtils.sendArticlePush(newArticle.getIdArticle(), NotificationConstant.PostArticle, dataSummary.toString(), newArticle.getArticleAuthorId());
}
}
}
// 草稿不更新索引
if ("0".equals(article.getArticleStatus())) {
System.out.println("开始增加索引");
// 草稿不更新索引
if (isUpdate) {
log.info("更新文章索引id={}",newArticle.getIdArticle());
log.info("更新文章索引id={}", newArticle.getIdArticle());
luceneService.updateArticle(newArticle.getIdArticle().toString());
} else {
log.info("写入文章索引id={}",newArticle.getIdArticle());
log.info("写入文章索引id={}", newArticle.getIdArticle());
luceneService.writeArticle(newArticle.getIdArticle().toString());
}
}
tagService.saveTagArticle(newArticle, articleContentHtml);
if (defaultStatus.equals(newArticle.getArticleStatus())) {
// 更新文章链接
newArticle.setArticlePermalink(domain + "/article/" + newArticle.getIdArticle());
newArticle.setArticleLink("/article/" + newArticle.getIdArticle());
} else {
// 更新文章链接
newArticle.setArticlePermalink(domain + "/draft/" + newArticle.getIdArticle());
newArticle.setArticleLink("/draft/" + newArticle.getIdArticle());
}
tagService.saveTagArticle(newArticle, articleContentHtml);
if (StringUtils.isNotBlank(articleContentHtml)) {
String previewContent;
if (articleContentHtml.length() > MAX_PREVIEW) {
previewContent = BaiDuAipUtils.getNewsSummary(newArticle.getArticleTitle(), articleContentHtml, MAX_PREVIEW);
if (previewContent.length() > MAX_PREVIEW) {
previewContent = previewContent.substring(0, MAX_PREVIEW);
}
} else {
previewContent = Html2TextUtil.getContent(articleContentHtml);
String previewContent = Html2TextUtil.getContent(articleContentHtml);
if (previewContent.length() > MAX_PREVIEW) {
previewContent = previewContent.substring(0, MAX_PREVIEW);
}
newArticle.setArticlePreviewContent(previewContent);
}
articleMapper.updateByPrimaryKeySelective(newArticle);
// 推送百度 SEO
if (!ProjectConstant.ENV.equals(env)
&& defaultStatus.equals(newArticle.getArticleStatus())
&& articleContent.length() >= MAX_PREVIEW) {
if (isUpdate) {
BaiDuUtils.sendUpdateSEOData(newArticle.getArticlePermalink());
} else {
BaiDuUtils.sendSEOData(newArticle.getArticlePermalink());
}
}
map.put("id", newArticle.getIdArticle());
return map;
}
@ -265,15 +239,18 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
Map<String, String> map = new HashMap(1);
// 鉴权
User user = UserUtils.getCurrentUserByToken();
if (Objects.isNull(user)) {
throw new BaseApiException(ErrorCode.INVALID_TOKEN);
}
Integer roleWeights = userService.findRoleWeightsByUser(user.getIdUser());
if (roleWeights > 2) {
if (roleWeights > ADMIN_ROLE_WEIGHTS) {
Article article = articleMapper.selectByPrimaryKey(id);
if (!user.getIdUser().equals(article.getArticleAuthorId())) {
map.put("message", "非法访问!");
return map;
}
}
Integer result;
int result;
// 判断是否有评论
boolean isHavComment = articleMapper.existsCommentWithPrimaryKey(id);
if (isHavComment) {
@ -312,6 +289,9 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
public Map share(Integer id) throws BaseApiException {
Article article = articleMapper.selectByPrimaryKey(id);
User user = UserUtils.getCurrentUserByToken();
if (Objects.isNull(user)) {
throw new BaseApiException(ErrorCode.INVALID_TOKEN);
}
StringBuilder shareUrl = new StringBuilder(article.getArticlePermalink());
shareUrl.append("?s=").append(user.getNickname());
Map map = new HashMap(1);
@ -322,28 +302,25 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
@Override
public List<ArticleDTO> findDrafts() throws BaseApiException {
User user = UserUtils.getCurrentUserByToken();
if (Objects.isNull(user)) {
throw new BaseApiException(ErrorCode.INVALID_TOKEN);
}
List<ArticleDTO> list = articleMapper.selectDrafts(user.getIdUser());
list.forEach(article -> {
genArticle(article, 0);
});
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@Override
public List<ArticleDTO> findArticlesByIdPortfolio(Integer idPortfolio) {
List<ArticleDTO> list = articleMapper.selectArticlesByIdPortfolio(idPortfolio);
list.forEach(article -> {
genArticle(article, 0);
});
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@Override
public List<ArticleDTO> selectUnbindArticles(Integer idPortfolio, String searchText, Integer idUser) {
List<ArticleDTO> list = articleMapper.selectUnbindArticlesByIdPortfolio(idPortfolio, searchText, idUser);
list.forEach(article -> {
genArticle(article, 0);
});
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@ -380,9 +357,7 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
@Override
public List<ArticleDTO> findAnnouncements() {
List<ArticleDTO> list = articleMapper.selectAnnouncements();
list.forEach(article -> {
genArticle(article, 0);
});
list.forEach(articleDTO -> genArticle(articleDTO, 0));
return list;
}
@ -401,7 +376,7 @@ public class ArticleServiceImpl extends AbstractService<Article> implements Arti
article.setArticleContent(articleContent.getArticleContentHtml());
// 获取所属作品集列表数据
List<PortfolioArticleDTO> portfolioArticleDTOList = articleMapper.selectPortfolioArticles(article.getIdArticle());
portfolioArticleDTOList.forEach(portfolioArticleDTO -> genPortfolioArticles(portfolioArticleDTO));
portfolioArticleDTOList.forEach(this::genPortfolioArticles);
article.setPortfolios(portfolioArticleDTOList);
} else if (type.equals(articleEdit)) {
article.setArticleContent(articleContent.getArticleContent());

View File

@ -27,7 +27,6 @@ import java.util.*;
/**
*
* @author CodeGenerator
* @date 2018/05/29
*/
@ -48,7 +47,7 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
private final static String DEFAULT_AVATAR = "https://static.rymcu.com/article/1578475481946.png";
@Override
public User findByAccount(String account) throws TooManyResultsException{
public User findByAccount(String account) throws TooManyResultsException {
return userMapper.findByAccount(account);
}
@ -56,13 +55,13 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
@Transactional(rollbackFor = Exception.class)
public Map register(String email, String password, String code) {
Map map = new HashMap(2);
map.put("message","验证码无效!");
map.put("message", "验证码无效!");
String vCode = redisService.get(email);
if(StringUtils.isNotBlank(vCode)){
if(vCode.equals(code)){
if (StringUtils.isNotBlank(vCode)) {
if (vCode.equals(code)) {
User user = userMapper.findByAccount(email);
if(user != null){
map.put("message","该邮箱已被注册!");
if (user != null) {
map.put("message", "该邮箱已被注册!");
} else {
user = new User();
String nickname = email.split("@")[0];
@ -83,8 +82,8 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
.nickname(user.getNickname())
.signature(user.getSignature())
.build());
map.put("message","注册成功!");
map.put("flag",1);
map.put("message", "注册成功!");
map.put("flag", 1);
redisService.delete(email);
}
}
@ -106,19 +105,20 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
public Map login(String account, String password) {
Map map = new HashMap(1);
User user = userMapper.findByAccount(account);
if(user != null){
if(Utils.comparePwd(password, user.getPassword())){
if (user != null) {
if (Utils.comparePwd(password, user.getPassword())) {
userMapper.updateLastLoginTime(user.getIdUser());
userMapper.updateLastOnlineTimeByEmail(user.getEmail());
TokenUser tokenUser = new TokenUser();
BeanCopierUtil.copy(user, tokenUser);
tokenUser.setToken(tokenManager.createToken(account));
tokenUser.setWeights(userMapper.selectRoleWeightsByUser(user.getIdUser()));
map.put("user", tokenUser);
} else {
map.put("message","密码错误!");
map.put("message", "密码错误!");
}
} else {
map.put("message","该账号不存在!");
map.put("message", "该账号不存在!");
}
return map;
}
@ -133,12 +133,12 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
public Map forgetPassword(String code, String password) {
Map map = new HashMap<>(2);
String email = redisService.get(code);
if(StringUtils.isBlank(email)){
map.put("message","链接已失效");
if (StringUtils.isBlank(email)) {
map.put("message", "链接已失效");
} else {
userMapper.updatePasswordByEmail(email,Utils.entryptPassword(password));
map.put("message","修改成功,正在跳转登录登陆界面!");
map.put("flag",1);
userMapper.updatePasswordByEmail(email, Utils.entryptPassword(password));
map.put("message", "修改成功,正在跳转登录登陆界面!");
map.put("flag", 1);
}
return map;
}
@ -147,9 +147,9 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
@Transactional(rollbackFor = Exception.class)
public Map updateUserRole(Integer idUser, Integer idRole) {
Map map = new HashMap(1);
Integer result = userMapper.updateUserRole(idUser,idRole);
if(result == 0) {
map.put("message","更新失败!");
Integer result = userMapper.updateUserRole(idUser, idRole);
if (result == 0) {
map.put("message", "更新失败!");
}
return map;
}
@ -158,9 +158,9 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
@Transactional(rollbackFor = Exception.class)
public Map updateStatus(Integer idUser, String status) {
Map map = new HashMap(1);
Integer result = userMapper.updateStatus(idUser,status);
if(result == 0) {
map.put("message","更新失败!");
Integer result = userMapper.updateStatus(idUser, status);
if (result == 0) {
map.put("message", "更新失败!");
}
return map;
}
@ -199,7 +199,7 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
user.setAvatarUrl(avatarUrl);
user.setAvatarType("0");
}
Integer result = userMapper.updateUserInfo(user.getIdUser(), user.getNickname(), user.getAvatarType(),user.getAvatarUrl(),user.getSignature(), user.getSex());
Integer result = userMapper.updateUserInfo(user.getIdUser(), user.getNickname(), user.getAvatarType(), user.getAvatarUrl(), user.getSignature(), user.getSex());
UserIndexUtil.addIndex(UserLucene.builder()
.idUser(user.getIdUser())
.nickname(user.getNickname())
@ -209,7 +209,7 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
map.put("message", "操作失败!");
return map;
}
map.put("user",user);
map.put("user", user);
return map;
}
@ -257,15 +257,15 @@ public class UserServiceImpl extends AbstractService<User> implements UserServic
@Override
public Map updateEmail(ChangeEmailDTO changeEmailDTO) {
Map map = new HashMap(2);
map.put("message","验证码无效!");
map.put("message", "验证码无效!");
Integer idUser = changeEmailDTO.getIdUser();
String email = changeEmailDTO.getEmail();
String code = changeEmailDTO.getCode();
String vCode = redisService.get(email);
if(StringUtils.isNotBlank(vCode) && StringUtils.isNotBlank(code)){
if(vCode.equals(code)){
if (StringUtils.isNotBlank(vCode) && StringUtils.isNotBlank(code)) {
if (vCode.equals(code)) {
userMapper.updateEmail(idUser, email);
map.put("message","更新成功!");
map.put("message", "更新成功!");
map.put("email", email);
}
}

View File

@ -10,7 +10,7 @@ import org.springframework.stereotype.Component;
/**
* @author ronger
*/
@Component
//@Component
@Slf4j
public class BaiDuCronTask {

View File

@ -80,7 +80,7 @@
</update>
<select id="findByAccount" resultMap="BaseResultMap">
select id, nickname, account, password, status, avatar_type, avatar_url from forest_user where (account = #{account} or email = #{account} ) and status = 0
select id, nickname, account, password, status, avatar_type, avatar_url, email from forest_user where (account = #{account} or email = #{account} ) and status = 0
</select>
<select id="findUserInfoByAccount" resultMap="UserInfoResultMapper">
select id, nickname, sex, avatar_type, avatar_url, email, phone, account, status, signature, last_login_time, last_online_time from forest_user where account = #{account}

View File

@ -0,0 +1 @@
log4j2.formatMsgNoLookups=True