Merge branch 'main' of http://172.14.1.63:3000/nextosd/ds-yamoto-farm-server

farm-common/src/main/java/jp/yamoto/farm/common/config/WebConfig.java

@@ -3,8 +3,10 @@ package jp.yamoto.farm.common.config;
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.databind.SerializationFeature;
+import jp.yamoto.farm.common.filter.PathTraversalFilter;
 import jp.yamoto.farm.common.resolver.DecryptFieldArgumentResolver;
 import jp.yamoto.farm.common.resolver.DecryptRequestBodyConverter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.HttpMessageConverter;
@@ -63,4 +65,17 @@ public class WebConfig implements WebMvcConfigurer {
         // converters.add(0, decryptConverter);  // springdoc v3/api-docs return base64
         converters.add(decryptConverter);
     }
+
+    /**
+     * 不正パスフィルタリング
+     * @return 結果
+     */
+    @Bean
+    public FilterRegistrationBean<PathTraversalFilter> pathTraversalFilter() {
+        FilterRegistrationBean<PathTraversalFilter> registration = new FilterRegistrationBean<>();
+        registration.setFilter(new PathTraversalFilter());
+        registration.addUrlPatterns("/*"); // すべてのURL
+        registration.setOrder(1); // 高優先度
+        return registration;
+    }
 }

farm-crm-biz/src/main/java/jp/yamoto/farm/crm/biz/bss/domain/bo/BssAskBo.java

@@ -1,5 +1,6 @@
 package jp.yamoto.farm.crm.biz.bss.domain.bo;
 
+import jakarta.validation.constraints.Pattern;
 import jp.yamoto.farm.common.validator.annotation.LmLength;
 import jp.yamoto.farm.common.validator.annotation.LmNotBlank;
 import jp.yamoto.farm.common.validator.utils.ValidatorGroup;
@@ -47,7 +48,10 @@ public class BssAskBo implements Serializable {
     /**
      * ステータス
      */
+
     @LmNotBlank(params = {"{status}"}, groups = {ValidatorGroup.AddGroup.class, ValidatorGroup.UpdateGroup.class})
+    @LmLength(min = 1, max = 1, params = {"{status}", "1"}, groups = {ValidatorGroup.AddGroup.class, ValidatorGroup.UpdateGroup.class})
+    @Pattern(regexp = "^[19]$", message = "ステータス は 1 または 9 でなければなりません。")
     private String status;
 
     /**
@@ -59,6 +63,8 @@ public class BssAskBo implements Serializable {
     /**
      * お問い合わせ者区分
      */
+    @LmLength(min = 1, max = 1, params = {"{askUserType}", "1"}, groups = {ValidatorGroup.AddGroup.class, ValidatorGroup.UpdateGroup.class})
+    @Pattern(regexp = "^[1-3]$", message = "お問い合わせ者区分 は 1、2、または 3 の数値である必要があります")
     private String askUserType;
 
     /**

farm-crm-biz/src/main/java/jp/yamoto/farm/crm/biz/master/domain/bo/MastCustomerBo.java

@@ -1,9 +1,6 @@
 package jp.yamoto.farm.crm.biz.master.domain.bo;
 
-import jp.yamoto.farm.common.validator.annotation.LmLength;
-import jp.yamoto.farm.common.validator.annotation.LmNotBlank;
-import jp.yamoto.farm.common.validator.annotation.LmPhoneNo;
-import jp.yamoto.farm.common.validator.annotation.LmPostalCd;
+import jp.yamoto.farm.common.validator.annotation.*;
 import jp.yamoto.farm.common.validator.utils.ValidatorGroup;
 import lombok.Data;
 
@@ -122,6 +119,7 @@ public class MastCustomerBo implements Serializable {
     /**
      * メールアドレス
      */
+    @LmMail(params = {"{mailAddress}"}, groups = {ValidatorGroup.AddGroup.class, ValidatorGroup.UpdateGroup.class})
     @LmLength(min = 1, max = 128, params = {"{mailAddress}", "128"}, groups = {ValidatorGroup.AddGroup.class, ValidatorGroup.UpdateGroup.class})
     private String mailAddress;
 

farm-crm/src/main/java/jp/yamoto/farm/crm/web/controller/bss/BssAskMessageController.java

@@ -58,7 +58,7 @@ public class BssAskMessageController extends BaseController {
     @Log(title = "農家メッセージ 送信", businessType = BusinessType.INSERT)
     @PostMapping("/sendAskMessage")
     public AjaxResult send(@RequestBody @Validated({ValidatorGroup.AddGroup.class}) BssAskMessageBo bssAskMessageBo) {
-        return toAjax(messageService.sendMessage(bssAskMessageBo));
+        return success(messageService.sendMessage(bssAskMessageBo));
     }
 
     /**

farm-crm/src/main/java/jp/yamoto/farm/crm/web/controller/master/MastCustomerController.java

@@ -57,7 +57,7 @@ public class MastCustomerController extends BaseController {
     @PreAuthorize("@ss.hasPermi('crm:mastCustomer')")
     @Log(title = "顧客マスタ", businessType = BusinessType.SAVE)
     @PostMapping("/save")
-    public AjaxResult save(@RequestBody @Validated({ValidatorGroup.AddGroup.class}) MastCustomerBo mastCustomerBo) {
+    public AjaxResult save(@RequestBody @Validated({ValidatorGroup.AddGroup.class,ValidatorGroup.UpdateGroup.class}) MastCustomerBo mastCustomerBo) {
         return toAjax(mastCustomerService.save(mastCustomerBo));
     }
 

farm-crm/src/main/java/jp/yamoto/farm/crm/web/controller/master/MastFarmerController.java

@@ -56,7 +56,7 @@ public class MastFarmerController extends BaseController {
     @PreAuthorize("@ss.hasPermi('crm:mastFarmer')")
     @Log(title = "農家マスタ", businessType = BusinessType.SAVE)
     @PostMapping("/save")
-    public AjaxResult save(@RequestBody @Validated({ValidatorGroup.AddGroup.class}) MastFarmerBo mastFarmerBo) {
+    public AjaxResult save(@RequestBody @Validated({ValidatorGroup.AddGroup.class,ValidatorGroup.UpdateGroup.class}) MastFarmerBo mastFarmerBo) {
         return toAjax(mastFarmerService.save(mastFarmerBo));
     }
 

farm-crm/src/main/resources/i18n/messages.properties

@@ -106,7 +106,7 @@ label.category2=\u30AB\u30C6\u30B4\u30EA\uFF08\u4E2D\uFF09
 label.status=\u30B9\u30C6\u30FC\u30BF\u30B9
 label.askAnswerRemark=\u304A\u554F\u3044\u5408\u308F\u305B\u30FB\u5BFE\u5FDC\u5185\u5BB9
 label.askUser=\u304A\u554F\u3044\u5408\u308F\u305B\u8005
-
+askUserType=\u304A\u554F\u3044\u5408\u308F\u305B\u8005\u533A\u5206
 label.orderId=\u6CE8\u6587ID
 
 label.branchNo=\u679D\u756A