423 lines
20 KiB
C#
423 lines
20 KiB
C#
using Competition.Common.Util;
|
||
using Microsoft.AspNetCore.Authorization;
|
||
using Microsoft.AspNetCore.Http;
|
||
using Microsoft.AspNetCore.Mvc;
|
||
using Polly;
|
||
using System.Text.RegularExpressions;
|
||
|
||
namespace CompetitionAPI.Controllers.back.system
|
||
{
|
||
[Route("api/[controller]")]
|
||
[ApiController]
|
||
public class ImportUserController : Controller
|
||
{
|
||
private readonly IWebHostEnvironment _webHostEnvironment;
|
||
|
||
Competition.Mysql.BLL.admin_user user_bll = new Competition.Mysql.BLL.admin_user();
|
||
|
||
private static Object Lockobj = new object();
|
||
|
||
public ImportUserController(IWebHostEnvironment webHostEnvironment)
|
||
{
|
||
_webHostEnvironment = webHostEnvironment;
|
||
}
|
||
|
||
/// <summary>
|
||
/// 导入用户接口
|
||
/// </summary>
|
||
/// <returns></returns>
|
||
[Authorize]
|
||
[HttpPost]
|
||
[APIFilter]
|
||
public JsonResult Index([FromForm] IFormFile Files)
|
||
{
|
||
try
|
||
{
|
||
lock (Lockobj)
|
||
{
|
||
if (Files.Length <= 0)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "文件不能为空"));
|
||
}
|
||
var fileExtension = Path.GetExtension(Files.FileName);
|
||
var table = Tool.ExcelToDataTable(Files.OpenReadStream(), fileExtension, "", 0, true, false);
|
||
if (null != table && table.Rows.Count > 1)
|
||
{
|
||
#region ===检查上传的字段====
|
||
for (int i = 0; i < table.Rows.Count; i++)
|
||
{
|
||
var row = table.Rows[i];
|
||
|
||
#region 检查姓名
|
||
var real_name = row["姓名"].ToString();
|
||
if (string.IsNullOrWhiteSpace(real_name))
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "存在姓名为空的记录,请检查上传文件"));
|
||
}
|
||
#endregion
|
||
|
||
#region 检查性别
|
||
var sex_name = row["性别"].ToString();
|
||
if (string.IsNullOrWhiteSpace(sex_name))
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "存在性别为空的记录,请检查上传文件"));
|
||
}
|
||
else
|
||
{
|
||
if (sex_name != "男" && sex_name != "女")
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "性别不正确:" + sex_name + ",请检查上传文件"));
|
||
}
|
||
}
|
||
#endregion
|
||
|
||
#region 检查参加工作时间
|
||
var work_date = row["参加工作时间"].ToString();
|
||
if (!string.IsNullOrWhiteSpace(work_date))
|
||
{
|
||
DateTime dt;
|
||
if (!DateTime.TryParse(row["参加工作时间"].ToString(), out dt))
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "参加工作时间:" + work_date + ",不正确,请检查上传文件!"));
|
||
}
|
||
|
||
}
|
||
#endregion
|
||
|
||
#region ERP编码
|
||
var erp_code = row["ERP编码"].ToString();
|
||
if (!string.IsNullOrWhiteSpace(erp_code))
|
||
{
|
||
string ragular = @"[\u4e00-\u9fa5]";
|
||
var IsMatch = Regex.IsMatch(erp_code, ragular);
|
||
if (IsMatch)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "ERP编码格式不对,请检查上传文件"));
|
||
}
|
||
}
|
||
#endregion
|
||
|
||
#region 联系电话
|
||
var mobile = row["联系电话"].ToString();
|
||
if (!string.IsNullOrWhiteSpace(mobile))
|
||
{
|
||
string ragular = @"[\u4e00-\u9fa5]";
|
||
var IsMatch = Regex.IsMatch(mobile, ragular);
|
||
if (IsMatch)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "联系电话格式不对,请检查上传文件"));
|
||
}
|
||
}
|
||
#endregion
|
||
|
||
#region 员工编码
|
||
var player_code = row["员工编码"].ToString();
|
||
if (!string.IsNullOrWhiteSpace(player_code))
|
||
{
|
||
string ragular = @"[\u4e00-\u9fa5]";
|
||
var IsMatch = Regex.IsMatch(player_code, ragular);
|
||
if (IsMatch)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "员工编码格式不对,请检查上传文件"));
|
||
}
|
||
|
||
if (player_code.Length > 10)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "员工编码长度不对,最多只允许10个字符"));
|
||
}
|
||
}
|
||
#endregion
|
||
|
||
#region 身份证号
|
||
var id_card = row["身份证号"].ToString();
|
||
if (!string.IsNullOrWhiteSpace(id_card))
|
||
{
|
||
string ragular = @"[\u4e00-\u9fa5]";
|
||
var IsMatch = Regex.IsMatch(id_card, ragular);
|
||
if (IsMatch)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "身份证号格式不对,请检查上传文件"));
|
||
}
|
||
}
|
||
#endregion
|
||
|
||
#region sql注入判断
|
||
string message = "";
|
||
if (!string.IsNullOrEmpty(row["员工编码"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["员工编码"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["所属市"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["所属市"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["姓名"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["姓名"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["ERP编码"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["ERP编码"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["性别"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["性别"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["工作单位"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["工作单位"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["所在部门"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["所在部门"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["工作岗位"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["工作岗位"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["身份证号"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["身份证号"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["参加工作时间"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["参加工作时间"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["文化程度"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["文化程度"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["现有专业资格等级"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["现有专业资格等级"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["现有职业技能等级"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["现有职业技能等级"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["联系电话"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["联系电话"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
|
||
if (!string.IsNullOrEmpty(row["备注"].ToString()))
|
||
{
|
||
var result = CheckParams("", row["备注"].ToString(), out message);
|
||
if (!result)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, message));
|
||
}
|
||
}
|
||
#endregion
|
||
}
|
||
#endregion
|
||
|
||
|
||
Competition.Mysql.BLL.admin_user bll = new Competition.Mysql.BLL.admin_user();
|
||
List<Competition.Mysql.Model.admin_user> list_add = new List<Competition.Mysql.Model.admin_user>();
|
||
List<Competition.Mysql.Model.admin_user> list_update = new List<Competition.Mysql.Model.admin_user>();
|
||
var password = user_bll.CreateRandomPassword();
|
||
var pwd = EncryptionAndDecryption.EncryptByLgzn(EncryptionAndDecryption.EncryptByLgzn(password));
|
||
for (int i = 0, len = table.Rows.Count; i < len; i++)
|
||
{
|
||
var row = table.Rows[i];
|
||
var login_name = row["员工编码"].ToString();
|
||
var model = new Competition.Mysql.Model.admin_user();
|
||
var isExists = false;
|
||
var exist_user = bll.GetModelList(" login_name='" + login_name + "'").FirstOrDefault();
|
||
if (null != exist_user)
|
||
{
|
||
model = exist_user;
|
||
isExists = true;
|
||
}
|
||
|
||
var count = list_add.Where(a => a.login_name == login_name).Count();
|
||
if (count > 0)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "员工编码有重复数据,请检查上传文件"));
|
||
}
|
||
|
||
// 所属市 姓名 ERP编码 性别 员工编码
|
||
model.OwnCity = row["所属市"].ToString();
|
||
model.real_name = row["姓名"].ToString();
|
||
model.ErpCode = row["ERP编码"].ToString();
|
||
model.sex = row["性别"].ToString();
|
||
model.login_name = login_name; //员工编码
|
||
|
||
//工作单位 所在部门 工作岗位 身份证号 参加工作时间 文化程度
|
||
model.unit_name = row["工作单位"].ToString();
|
||
model.dep_name = row["所在部门"].ToString();
|
||
model.GZGW = row["工作岗位"].ToString();
|
||
model.id_card = row["身份证号"].ToString();
|
||
DateTime dt;
|
||
if (DateTime.TryParse(row["参加工作时间"].ToString(), out dt))
|
||
{
|
||
model.WorkDate = dt;
|
||
}
|
||
model.Education = row["文化程度"].ToString();
|
||
|
||
// 现有专业资格等级 现有职业技能等级 联系电话 备注
|
||
model.NowMajorGrade = row["现有专业资格等级"].ToString();
|
||
model.NowJobGrade = row["现有职业技能等级"].ToString();
|
||
model.mobile = row["联系电话"].ToString();
|
||
model.r1 = row["备注"].ToString();
|
||
if (isExists)
|
||
{
|
||
//bll.Update(model);
|
||
list_update.Add(model);
|
||
}
|
||
else
|
||
{
|
||
model.user_id = Tool.GetNewId("USER");
|
||
model.password = pwd;
|
||
model.create_time = DateTime.Now;
|
||
model.role_id = "2";
|
||
list_add.Add(model);
|
||
}
|
||
}
|
||
var xx = bll.BatchAddUpdateUser(list_update, list_add);
|
||
|
||
return Json(Tool.GetJsonWithCode(APICode.Success, "总共处理了" + xx + "条记录,添加:" + list_add.Count + "条,修改:" + list_update.Count + "条"));
|
||
}
|
||
else
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "上传失败:表格内容为空"));
|
||
}
|
||
}
|
||
}
|
||
catch (Exception ex)
|
||
{
|
||
return Json(Tool.GetJsonWithCode(APICode.Fail, "上传失败:" + ex.Message));
|
||
}
|
||
}
|
||
|
||
/// <summary>
|
||
/// 非法sql注入字符串
|
||
/// </summary>
|
||
private List<string> list_sql_filter = new List<string>()
|
||
{
|
||
"ascii(","ord(","hex(","bin("
|
||
," if(","+if(" ," char(","+char("
|
||
,"substr(","substring(" ,"mid("," replace(","+replace("
|
||
,"sleep(","benchmark("
|
||
,"concat(","concat_ws"
|
||
," floor(" ," rand(","+floor(" ,"+rand("
|
||
," limit"," offset " ," regexp "
|
||
,"user(","database(" ,"desc(","version(","datadir","version_compile_os" ,"table(","columns("
|
||
,"and+" ,"+and"
|
||
," between "," in "," and "," or "," xor "," not "," like "," rlike "," begin "," join "
|
||
," > ","> "," >" ," < ","< "," <"," = ","= "," ="
|
||
,"<>","!="," + ","+ "," +"
|
||
,"greatest(","least(","strcmp(","left(","right("
|
||
," select "," from "," where ","order by"," union "," group "
|
||
," insert "," update "," delete ","table_schema","information_schema.columns","truncate","execute","table","drop","into","exec"
|
||
};
|
||
|
||
|
||
/// <summary>
|
||
/// 检查参数值是否非法
|
||
/// </summary>
|
||
/// <param name="context"></param>
|
||
/// <param name="message"></param>
|
||
/// <returns></returns>
|
||
private bool CheckParams(string key, string value, out string message)
|
||
{
|
||
//string ragular = @"^[a-zA-Z0-9_\u4e00-\u9fa5\s-、()()]+$";
|
||
//string ragular = @"^[\.:"",\{ \}\[\]a-zA-Z0-9_\u4e00-\u9fa5\s-、\(\)()\\//,。;\?“”;:?!!\n\r\t]+$";
|
||
string ragular = @"^[\.:"",\{ \}\[\]a-zA-Z0-9_\u4e00-\u9fa5\s-、\(\)()\\//,。;;\?“”;:?!!\n\r\t*#Φ~|\u2103×]+$";
|
||
message = "";
|
||
string paraName = key;
|
||
string paraValue = value;
|
||
if (!string.IsNullOrWhiteSpace(paraValue))
|
||
{
|
||
var IsMatch = Regex.IsMatch(paraValue, ragular);
|
||
if (!IsMatch)
|
||
{
|
||
message = string.Format("异常值:{0} 请检查!", paraValue);
|
||
return false;
|
||
}
|
||
|
||
var low = paraValue.ToLower();
|
||
foreach (var item in list_sql_filter)
|
||
{
|
||
if (low.Contains(item))
|
||
{
|
||
message = string.Format("异常值:{0} 请检查!", item);
|
||
return false;
|
||
}
|
||
}
|
||
}
|
||
return true;
|
||
}
|
||
}
|
||
}
|