限制外链地址必须以http(s)://开头

ruoyi/src/main/java/com/ruoyi/common/constant/Constants.java

@@ -19,6 +19,16 @@ public class Constants
      */
     public static final String GBK = "GBK";
 
+    /**
+     * http请求
+     */
+    public static final String HTTP = "http://";
+
+    /**
+     * https请求
+     */
+    public static final String HTTPS = "https://";
+
     /**
      * 通用成功标识
      */

ruoyi/src/main/java/com/ruoyi/common/constant/UserConstants.java

@@ -26,7 +26,7 @@ public class UserConstants
 
     /** 部门正常状态 */
     public static final String DEPT_NORMAL = "0";
-    
+
     /** 部门停用状态 */
     public static final String DEPT_DISABLE = "1";
 
@@ -36,6 +36,12 @@ public class UserConstants
     /** 是否为系统默认（是） */
     public static final String YES = "Y";
 
+    /** 是否菜单外链（是） */
+    public static final String YES_FRAME = "0";
+
+    /** 是否菜单外链（否） */
+    public static final String NO_FRAME = "1";
+
     /** 校验返回结果码 */
     public final static String UNIQUE = "0";
     public final static String NOT_UNIQUE = "1";

ruoyi/src/main/java/com/ruoyi/project/system/controller/SysMenuController.java

@@ -12,9 +12,11 @@ import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+import com.ruoyi.common.constant.Constants;
 import com.ruoyi.common.constant.UserConstants;
 import com.ruoyi.common.utils.SecurityUtils;
 import com.ruoyi.common.utils.ServletUtils;
+import com.ruoyi.common.utils.StringUtils;
 import com.ruoyi.framework.aspectj.lang.annotation.Log;
 import com.ruoyi.framework.aspectj.lang.enums.BusinessType;
 import com.ruoyi.framework.security.LoginUser;
@@ -100,6 +102,11 @@ public class SysMenuController extends BaseController
         {
             return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败，菜单名称已存在");
         }
+        else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
+                && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+        {
+            return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败，地址必须以http(s)://开头");
+        }
         menu.setCreateBy(SecurityUtils.getUsername());
         return toAjax(menuService.insertMenu(menu));
     }
@@ -116,6 +123,11 @@ public class SysMenuController extends BaseController
         {
             return AjaxResult.error("修改菜单'" + menu.getMenuName() + "'失败，菜单名称已存在");
         }
+        else if (UserConstants.YES_FRAME.equals(menu.getIsFrame())
+                && !StringUtils.startsWithAny(menu.getPath(), Constants.HTTP, Constants.HTTPS))
+        {
+            return AjaxResult.error("新增菜单'" + menu.getMenuName() + "'失败，地址必须以http(s)://开头");
+        }
         menu.setUpdateBy(SecurityUtils.getUsername());
         return toAjax(menuService.updateMenu(menu));
     }

ruoyi/src/main/java/com/ruoyi/project/system/service/impl/SysMenuServiceImpl.java

@@ -298,7 +298,7 @@ public class SysMenuServiceImpl implements ISysMenuService
     {
         String routerPath = menu.getPath();
         // 非外链并且是一级目录
-        if (0 == menu.getParentId() && "1".equals(menu.getIsFrame()))
+        if (0 == menu.getParentId() && UserConstants.NO_FRAME.equals(menu.getIsFrame()))
         {
             routerPath = "/" + menu.getPath();
         }