|
|
|
# xkl-demo程序说明
|
|
|
|
|
|
|
|
## 部署
|
|
|
|
139.129.166.85
|
|
|
|
```
|
|
|
|
cd /home/fyq
|
|
|
|
git clone http://gitlab.hanhezy.com/fyq/xkl-demo.git
|
|
|
|
cd xkl-demo
|
|
|
|
nohup mvn spring-boot:run > xkl.log &
|
|
|
|
```
|
|
|
|
目前demo部署得比较简单,后续会增加jvm参数
|
|
|
|
|
|
|
|
## 数据库说明
|
|
|
|
用户数据库:
|
|
|
|
```
|
|
|
|
服务器:db.hanhezy.com
|
|
|
|
端口:4096
|
|
|
|
DB:hanhe_test
|
|
|
|
table:_test
|
|
|
|
```
|
|
|
|
登录token库:
|
|
|
|
```
|
|
|
|
redis.host=r-m5e7cedd3124afd4.redis.rds.aliyuncs.com
|
|
|
|
redis.password=r-m5e7cedd3124afd4:XIkaiLURedis2016
|
|
|
|
```
|
|
|
|
## 测试swagger界面
|
|
|
|
浏览器访问:
|
|
|
|
http://139.129.166.85:8090
|
|
|
|
|
|
|
|
### token测试:
|
|
|
|
#### 登录
|
|
|
|
使用mysql库_test表中的账户名密码登录:
|
|
|
|
```
|
|
|
|
user1 pass1
|
|
|
|
或者
|
|
|
|
user2 pass2
|
|
|
|
```
|
|
|
|
得到返回结果中的token
|
|
|
|
```
|
|
|
|
{
|
|
|
|
"code": 100,
|
|
|
|
"message": "成功",
|
|
|
|
"content": {
|
|
|
|
"userId": 1,
|
|
|
|
"token": "d212c69116ee49bfa15594dc9bb83d47"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
```
|
|
|
|
#### 退出登录
|
|
|
|
在authorization中填入:userId_token
|
|
|
|
|
|
|
|
### userInfo测试:
|
|
|
|
|
|
|
|
#### 查询用户别名信息
|
|
|
|
在authorization中填入:userId_token
|
|
|
|
```
|
|
|
|
1_d212c69116ee49bfa15594dc9bb83d47
|
|
|
|
```
|
|
|
|
|
|
|
|
#### 修改用户信息
|
|
|
|
顺便可以测试xss
|
|
|
|
```
|
|
|
|
<script>alert(document.cookie)</script>
|
|
|
|
<script>alert(vulnerable)</script>
|
|
|
|
%3Cscript%3Ealert('XSS')%3C/script%3E
|
|
|
|
``` |
|
|
\ No newline at end of file |
...
|
...
|
|
