😎1、修复X-Frame-Options页面劫持策略 2、代码优化

2025-01-19 14:25:38 +08:00 · 2025-01-19 14:25:38 +08:00 · 4fb5961353
commit 4fb5961353
parent 2b917963b9
8 changed files with 70 additions and 67 deletions
--- a/Admin.NET/Admin.NET.Core/Service/Config/SysConfigService.cs
+++ b/Admin.NET/Admin.NET.Core/Service/Config/SysConfigService.cs
@ -7,9 +7,9 @@
 namespace Admin.NET.Core.Service;

 /// <summary>
-/// 系统参数配置服务 🧩
+/// 系统配置参数服务 🧩
 /// </summary>
-[ApiDescriptionSettings(Order = 440, Description = "参数配置")]
+[ApiDescriptionSettings(Order = 440, Description = "配置参数")]
 public class SysConfigService : IDynamicApiController, ITransient
 {
    private readonly UserManager _userManager;
@ -30,11 +30,11 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 获取参数配置分页列表 🔖
+    /// 获取配置参数分页列表 🔖
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
-    [DisplayName("获取参数配置分页列表")]
+    [DisplayName("获取配置参数分页列表")]
    public async Task<SqlSugarPagedList<ConfigOutput>> Page(PageConfigInput input)
    {
        var query = await GetConfigQueryable();
@ -48,10 +48,10 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 获取参数配置列表 🔖
+    /// 获取配置参数列表 🔖
    /// </summary>
    /// <returns></returns>
-    [DisplayName("获取参数配置列表")]
+    [DisplayName("获取配置参数列表")]
    public async Task<List<ConfigOutput>> List(PageConfigInput input)
    {
        var query = await GetConfigQueryable();
@ -60,12 +60,12 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 增加参数配置 🔖
+    /// 增加配置参数 🔖
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Add"), HttpPost]
-    [DisplayName("增加参数配置")]
+    [DisplayName("增加配置参数")]
    public async Task AddConfig(AddConfigInput input)
    {
        if (input.SysFlag == YesNoEnum.Y && !_userManager.SuperAdmin) throw Oops.Oh(ErrorCodeEnum.D9002);
@ -75,12 +75,12 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 更新参数配置 🔖
+    /// 更新配置参数 🔖
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Update"), HttpPost]
-    [DisplayName("更新参数配置")]
+    [DisplayName("更新配置参数")]
    [UnitOfWork]
    public async Task UpdateConfig(UpdateConfigInput input)
    {
@ -148,12 +148,12 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 删除参数配置 🔖
+    /// 删除配置参数 🔖
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "Delete"), HttpPost]
-    [DisplayName("删除参数配置")]
+    [DisplayName("删除配置参数")]
    public async Task DeleteConfig(DeleteConfigInput input)
    {
        var config = await _sysConfigRep.GetByIdAsync(input.Id);
@ -167,12 +167,12 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 批量删除参数配置 🔖
+    /// 批量删除配置参数 🔖
    /// </summary>
    /// <param name="ids"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "BatchDelete"), HttpPost]
-    [DisplayName("批量删除参数配置")]
+    [DisplayName("批量删除配置参数")]
    public async Task BatchDeleteConfig(List<long> ids)
    {
        foreach (var id in ids)
@ -189,18 +189,18 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 获取参数配置详情 🔖
+    /// 获取配置参数详情 🔖
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
-    [DisplayName("获取参数配置详情")]
+    [DisplayName("获取配置参数详情")]
    public async Task<SysConfig> GetDetail([FromQuery] ConfigInput input)
    {
        return await _sysConfigRep.GetByIdAsync(input.Id);
    }

    /// <summary>
-    /// 根据Code获取参数配置
+    /// 根据Code获取配置参数
    /// </summary>
    /// <param name="code"></param>
    /// <returns></returns>
@ -212,18 +212,18 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 根据Code获取参数配置值 🔖
+    /// 根据Code获取配置参数值 🔖
    /// </summary>
    /// <param name="code"></param>
    /// <returns></returns>
-    [DisplayName("根据Code获取参数配置值")]
+    [DisplayName("根据Code获取配置参数值")]
    public async Task<string> GetConfigValueByCode(string code)
    {
        return await GetConfigValueByCode<string>(code);
    }

    /// <summary>
-    /// 获取参数配置值
+    /// 获取配置参数值
    /// </summary>
    /// <param name="code"></param>
    /// <returns></returns>
@ -245,7 +245,7 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 更新参数配置值
+    /// 更新配置参数值
    /// </summary>
    /// <param name="code"></param>
    /// <param name="value"></param>
@ -301,12 +301,12 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 批量更新参数配置值 🔖
+    /// 批量更新配置参数值 🔖
    /// </summary>
    /// <param name="input"></param>
    /// <returns></returns>
    [ApiDescriptionSettings(Name = "BatchUpdate"), HttpPost]
-    [DisplayName("批量更新参数配置值")]
+    [DisplayName("批量更新配置参数值")]
    public async Task BatchUpdateConfig(List<BatchConfigInput> input)
    {
        foreach (var config in input)
@ -321,7 +321,7 @@ public class SysConfigService : IDynamicApiController, ITransient
    }

    /// <summary>
-    /// 获取参数配置查询器
+    /// 获取配置参数查询器
    /// </summary>
    /// <returns></returns>
    [NonAction]
--- a/Admin.NET/Admin.NET.Web.Core/Startup.cs
+++ b/Admin.NET/Admin.NET.Web.Core/Startup.cs
@ -273,7 +273,10 @@ public class Startup : AppStartup
            // 防止浏览器 MIME 类型嗅探，确保内容按照声明的类型处理
            context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
            // 防止点击劫持，确保页面内容不被其他页面覆盖
-            context.Response.Headers.Append("X-Frame-Options", "DENY");
+            // DENY：表示该页面不允许在 frame 中展示，即便是在相同域名的页面中嵌套也不允许
+            // SAMEORIGIN：表示该页面可以在相同域名页面的 frame 中展示
+            // ALLOW-FROM uri：表示该页面可以在指定来源的 frame 中展示
+            context.Response.Headers.Append("X-Frame-Options", "ALLOW-FROM " + App.GetConfig<string>("Urls", true));
            // 启用 XSS 保护，防止跨站脚本注入
            context.Response.Headers.Append("X-XSS-Protection", "1; mode=block");
            // 控制在请求中发送的来源信息，减少潜在的隐私泄露
--- a/Web/src/api-services/apis/sys-config-api.ts
+++ b/Web/src/api-services/apis/sys-config-api.ts
@ -36,7 +36,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
    return {
        /**
         * 
-         * @summary 增加参数配置 🔖
+         * @summary 增加配置参数 🔖
         * @param {AddConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -84,7 +84,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 批量删除参数配置 🔖
+         * @summary 批量删除配置参数 🔖
         * @param {Array<number>} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -132,7 +132,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 批量更新参数配置值 🔖
+         * @summary 批量更新配置参数值 🔖
         * @param {Array<BatchConfigInput>} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -180,7 +180,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 根据Code获取参数配置值 🔖
+         * @summary 根据Code获取配置参数值 🔖
         * @param {string} code 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -229,7 +229,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 删除参数配置 🔖
+         * @summary 删除配置参数 🔖
         * @param {DeleteConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -277,7 +277,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 获取参数配置详情 🔖
+         * @summary 获取配置参数详情 🔖
         * @param {number} id 主键Id
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -372,7 +372,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 获取参数配置列表 🔖
+         * @summary 获取配置参数列表 🔖
         * @param {PageConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -420,7 +420,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 获取参数配置分页列表 🔖
+         * @summary 获取配置参数分页列表 🔖
         * @param {PageConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -516,7 +516,7 @@ export const SysConfigApiAxiosParamCreator = function (configuration?: Configura
        },
        /**
         * 
-         * @summary 更新参数配置 🔖
+         * @summary 更新配置参数 🔖
         * @param {UpdateConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -573,7 +573,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
    return {
        /**
         * 
-         * @summary 增加参数配置 🔖
+         * @summary 增加配置参数 🔖
         * @param {AddConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -587,7 +587,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 批量删除参数配置 🔖
+         * @summary 批量删除配置参数 🔖
         * @param {Array<number>} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -601,7 +601,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 批量更新参数配置值 🔖
+         * @summary 批量更新配置参数值 🔖
         * @param {Array<BatchConfigInput>} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -615,7 +615,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 根据Code获取参数配置值 🔖
+         * @summary 根据Code获取配置参数值 🔖
         * @param {string} code 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -629,7 +629,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 删除参数配置 🔖
+         * @summary 删除配置参数 🔖
         * @param {DeleteConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -643,7 +643,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 获取参数配置详情 🔖
+         * @summary 获取配置参数详情 🔖
         * @param {number} id 主键Id
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -670,7 +670,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 获取参数配置列表 🔖
+         * @summary 获取配置参数列表 🔖
         * @param {PageConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -684,7 +684,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 获取参数配置分页列表 🔖
+         * @summary 获取配置参数分页列表 🔖
         * @param {PageConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -712,7 +712,7 @@ export const SysConfigApiFp = function(configuration?: Configuration) {
        },
        /**
         * 
-         * @summary 更新参数配置 🔖
+         * @summary 更新配置参数 🔖
         * @param {UpdateConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -735,7 +735,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
    return {
        /**
         * 
-         * @summary 增加参数配置 🔖
+         * @summary 增加配置参数 🔖
         * @param {AddConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -745,7 +745,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 批量删除参数配置 🔖
+         * @summary 批量删除配置参数 🔖
         * @param {Array<number>} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -755,7 +755,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 批量更新参数配置值 🔖
+         * @summary 批量更新配置参数值 🔖
         * @param {Array<BatchConfigInput>} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -765,7 +765,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 根据Code获取参数配置值 🔖
+         * @summary 根据Code获取配置参数值 🔖
         * @param {string} code 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -775,7 +775,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 删除参数配置 🔖
+         * @summary 删除配置参数 🔖
         * @param {DeleteConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -785,7 +785,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 获取参数配置详情 🔖
+         * @summary 获取配置参数详情 🔖
         * @param {number} id 主键Id
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -804,7 +804,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 获取参数配置列表 🔖
+         * @summary 获取配置参数列表 🔖
         * @param {PageConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -814,7 +814,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 获取参数配置分页列表 🔖
+         * @summary 获取配置参数分页列表 🔖
         * @param {PageConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -834,7 +834,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
        },
        /**
         * 
-         * @summary 更新参数配置 🔖
+         * @summary 更新配置参数 🔖
         * @param {UpdateConfigInput} [body] 
         * @param {*} [options] Override http request option.
         * @throws {RequiredError}
@ -854,7 +854,7 @@ export const SysConfigApiFactory = function (configuration?: Configuration, base
 export class SysConfigApi extends BaseAPI {
    /**
     * 
-     * @summary 增加参数配置 🔖
+     * @summary 增加配置参数 🔖
     * @param {AddConfigInput} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -865,7 +865,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 批量删除参数配置 🔖
+     * @summary 批量删除配置参数 🔖
     * @param {Array<number>} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -876,7 +876,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 批量更新参数配置值 🔖
+     * @summary 批量更新配置参数值 🔖
     * @param {Array<BatchConfigInput>} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -887,7 +887,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 根据Code获取参数配置值 🔖
+     * @summary 根据Code获取配置参数值 🔖
     * @param {string} code 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -898,7 +898,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 删除参数配置 🔖
+     * @summary 删除配置参数 🔖
     * @param {DeleteConfigInput} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -909,7 +909,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 获取参数配置详情 🔖
+     * @summary 获取配置参数详情 🔖
     * @param {number} id 主键Id
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -930,7 +930,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 获取参数配置列表 🔖
+     * @summary 获取配置参数列表 🔖
     * @param {PageConfigInput} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -941,7 +941,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 获取参数配置分页列表 🔖
+     * @summary 获取配置参数分页列表 🔖
     * @param {PageConfigInput} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
@ -963,7 +963,7 @@ export class SysConfigApi extends BaseAPI {
    }
    /**
     * 
-     * @summary 更新参数配置 🔖
+     * @summary 更新配置参数 🔖
     * @param {UpdateConfigInput} [body] 
     * @param {*} [options] Override http request option.
     * @throws {RequiredError}
--- a/Web/src/api-services/models/add-config-input.ts
+++ b/Web/src/api-services/models/add-config-input.ts
@ -102,7 +102,7 @@ export interface AddConfigInput {
    code?: string | null;

    /**
-     * 属性值
+     * 参数值
     *
     * @type {string}
     * @memberof AddConfigInput
--- a/Web/src/api-services/models/config-output.ts
+++ b/Web/src/api-services/models/config-output.ts
@ -102,7 +102,7 @@ export interface ConfigOutput {
    code?: string | null;

    /**
-     * 属性值
+     * 参数值
     *
     * @type {string}
     * @memberof ConfigOutput
--- a/Web/src/api-services/models/sys-config.ts
+++ b/Web/src/api-services/models/sys-config.ts
@ -14,7 +14,7 @@

 import { YesNoEnum } from './yes-no-enum';
 /**
- * 系统参数配置表
+ * 系统配置参数表
 *
 * @export
 * @interface SysConfig
@ -102,7 +102,7 @@ export interface SysConfig {
    code?: string | null;

    /**
-     * 属性值
+     * 参数值
     *
     * @type {string}
     * @memberof SysConfig
--- a/Web/src/api-services/models/update-config-input.ts
+++ b/Web/src/api-services/models/update-config-input.ts
@ -102,7 +102,7 @@ export interface UpdateConfigInput {
    code?: string | null;

    /**
-     * 属性值
+     * 参数值
     *
     * @type {string}
     * @memberof UpdateConfigInput
--- a/Web/src/views/system/stressTest/index.vue
+++ b/Web/src/views/system/stressTest/index.vue
@ -9,7 +9,7 @@
 				<el-card class="vh80" shadow="hover" header="" v-loading="state.loading">
 					<el-row :gutter="35">
 						<el-col :xs="24" :sm="24" :md="24" :lg="24" :xl="24" class="mb10">
-							<el-select v-model="state.swaggerUrl" placeholder="接口分组">
+							<el-select v-model="state.swaggerUrl" placeholder="接口分组" @change="queryTreeNode()">
 								<el-option v-for="(item, index) in state.apiGroupList" :key="index" :label="item.name" :value="item.url" />
 							</el-select>
 						</el-col>