新增 ENABLE_REMOTE_FUNCTION, ENABLE_SCRIPT_FUNCTION, ENABLE_VERIFY_ROLE, ENABLE_VERIFY_CONTENT 等配置
This commit is contained in:
parent
21df376a60
commit
1b2b65b8af
@ -7,6 +7,7 @@ package apijson.orm;
|
|||||||
|
|
||||||
import java.io.FileReader;
|
import java.io.FileReader;
|
||||||
import java.lang.reflect.InvocationTargetException;
|
import java.lang.reflect.InvocationTargetException;
|
||||||
|
import java.lang.reflect.Method;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -32,6 +33,13 @@ import apijson.StringUtil;
|
|||||||
public class AbstractFunctionParser implements FunctionParser {
|
public class AbstractFunctionParser implements FunctionParser {
|
||||||
// private static final String TAG = "AbstractFunctionParser";
|
// private static final String TAG = "AbstractFunctionParser";
|
||||||
|
|
||||||
|
/**开启支持远程函数
|
||||||
|
*/
|
||||||
|
public static boolean ENABLE_REMOTE_FUNCTION = true;
|
||||||
|
/**开启支持远程函数中的 JavaScript 脚本形式
|
||||||
|
*/
|
||||||
|
public static boolean ENABLE_SCRIPT_FUNCTION = true;
|
||||||
|
|
||||||
public static final int TYPE_REMOTE_FUNCTION = 0;
|
public static final int TYPE_REMOTE_FUNCTION = 0;
|
||||||
//public static final int TYPE_SQL_FUNCTION = 1;
|
//public static final int TYPE_SQL_FUNCTION = 1;
|
||||||
public static final int TYPE_SCRIPT_FUNCTION = 1;
|
public static final int TYPE_SCRIPT_FUNCTION = 1;
|
||||||
@ -160,6 +168,10 @@ public class AbstractFunctionParser implements FunctionParser {
|
|||||||
* @return {@link #invoke(AbstractFunctionParser, String, Class[], Object[])}
|
* @return {@link #invoke(AbstractFunctionParser, String, Class[], Object[])}
|
||||||
*/
|
*/
|
||||||
public static Object invoke(@NotNull AbstractFunctionParser parser, @NotNull String function, @NotNull JSONObject currentObject) throws Exception {
|
public static Object invoke(@NotNull AbstractFunctionParser parser, @NotNull String function, @NotNull JSONObject currentObject) throws Exception {
|
||||||
|
if (ENABLE_REMOTE_FUNCTION == false) {
|
||||||
|
throw new UnsupportedOperationException("AbstractFunctionParser.ENABLE_REMOTE_FUNCTION" +
|
||||||
|
" == false 时不支持远程函数!如需支持则设置 AbstractFunctionParser.ENABLE_REMOTE_FUNCTION = true !");
|
||||||
|
}
|
||||||
|
|
||||||
FunctionBean fb = parseFunction(function, currentObject, false);
|
FunctionBean fb = parseFunction(function, currentObject, false);
|
||||||
|
|
||||||
@ -170,7 +182,11 @@ public class AbstractFunctionParser implements FunctionParser {
|
|||||||
|
|
||||||
int type = row.getIntValue("type");
|
int type = row.getIntValue("type");
|
||||||
if (type < TYPE_REMOTE_FUNCTION || type > TYPE_SCRIPT_FUNCTION) {
|
if (type < TYPE_REMOTE_FUNCTION || type > TYPE_SCRIPT_FUNCTION) {
|
||||||
throw new UnsupportedOperationException("type = " + type + " 不合法!必须是 [0, 1, 2] 中的一个 !");
|
throw new UnsupportedOperationException("type = " + type + " 不合法!必须是 [0, 1] 中的一个 !");
|
||||||
|
}
|
||||||
|
if (ENABLE_SCRIPT_FUNCTION == false && type == TYPE_SCRIPT_FUNCTION) {
|
||||||
|
throw new UnsupportedOperationException("type = " + type + " 不合法!AbstractFunctionParser.ENABLE_SCRIPT_FUNCTION" +
|
||||||
|
" == false 时不支持远程函数中的脚本形式!如需支持则设置 AbstractFunctionParser.ENABLE_SCRIPT_FUNCTION = true !");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -178,7 +194,7 @@ public class AbstractFunctionParser implements FunctionParser {
|
|||||||
if (parser.getVersion() < version) {
|
if (parser.getVersion() < version) {
|
||||||
throw new UnsupportedOperationException("不允许 version = " + parser.getVersion() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 version >= " + version + " !");
|
throw new UnsupportedOperationException("不允许 version = " + parser.getVersion() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 version >= " + version + " !");
|
||||||
}
|
}
|
||||||
String tag = row.getString("tag");
|
String tag = row.getString("tag"); // TODO 改为 tags,类似 methods 支持多个 tag。或者干脆不要?因为目前非开放请求全都只能后端指定
|
||||||
if (tag != null && tag.equals(parser.getTag()) == false) {
|
if (tag != null && tag.equals(parser.getTag()) == false) {
|
||||||
throw new UnsupportedOperationException("不允许 tag = " + parser.getTag() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 tag = " + tag + " !");
|
throw new UnsupportedOperationException("不允许 tag = " + parser.getTag() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 tag = " + tag + " !");
|
||||||
}
|
}
|
||||||
@ -227,7 +243,13 @@ public class AbstractFunctionParser implements FunctionParser {
|
|||||||
if (type == TYPE_SCRIPT_FUNCTION) {
|
if (type == TYPE_SCRIPT_FUNCTION) {
|
||||||
return invokeScript(parser, methodName, parameterTypes, args, currentObject);
|
return invokeScript(parser, methodName, parameterTypes, args, currentObject);
|
||||||
}
|
}
|
||||||
return parser.getClass().getMethod(methodName, parameterTypes).invoke(parser, args);
|
|
||||||
|
Method m = parser.getClass().getMethod(methodName, parameterTypes);
|
||||||
|
//费性能,还是初始化时做更好
|
||||||
|
//if (m.getReturnType().getSimpleName().equals(returnType) == false) {
|
||||||
|
// throw new IllegalArgumentTypeException("");
|
||||||
|
//}
|
||||||
|
return m.invoke(parser, args);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Invocable INVOCABLE;
|
public static Invocable INVOCABLE;
|
||||||
|
@ -120,7 +120,10 @@ public abstract class AbstractParser<T extends Object> implements Parser<T>, Par
|
|||||||
* @param method null ? requestMethod = GET
|
* @param method null ? requestMethod = GET
|
||||||
*/
|
*/
|
||||||
public AbstractParser(RequestMethod method) {
|
public AbstractParser(RequestMethod method) {
|
||||||
this(method, true);
|
super();
|
||||||
|
setMethod(method);
|
||||||
|
setNeedVerifyRole(AbstractVerifier.ENABLE_VERIFY_ROLE);
|
||||||
|
setNeedVerifyContent(AbstractVerifier.ENABLE_VERIFY_CONTENT);
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
* @param method null ? requestMethod = GET
|
* @param method null ? requestMethod = GET
|
||||||
|
@ -81,7 +81,14 @@ import apijson.orm.model.TestRecord;
|
|||||||
public abstract class AbstractVerifier<T extends Object> implements Verifier<T>, IdCallback<T> {
|
public abstract class AbstractVerifier<T extends Object> implements Verifier<T>, IdCallback<T> {
|
||||||
private static final String TAG = "AbstractVerifier";
|
private static final String TAG = "AbstractVerifier";
|
||||||
|
|
||||||
/**未登录,不明身份的用户
|
/**开启校验请求角色权限
|
||||||
|
*/
|
||||||
|
public static boolean ENABLE_VERIFY_ROLE = true;
|
||||||
|
/**开启校验请求传参内容
|
||||||
|
*/
|
||||||
|
public static boolean ENABLE_VERIFY_CONTENT = true;
|
||||||
|
|
||||||
|
/**未登录,不明身份的用户
|
||||||
*/
|
*/
|
||||||
public static final String UNKNOWN = "UNKNOWN";
|
public static final String UNKNOWN = "UNKNOWN";
|
||||||
|
|
||||||
@ -253,6 +260,11 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public boolean verifyAccess(SQLConfig config) throws Exception {
|
public boolean verifyAccess(SQLConfig config) throws Exception {
|
||||||
|
if (ENABLE_VERIFY_ROLE == false) {
|
||||||
|
throw new UnsupportedOperationException("AbstractVerifier.ENABLE_VERIFY_ROLE == false " +
|
||||||
|
"时不支持校验角色权限!如需支持则设置 AbstractVerifier.ENABLE_VERIFY_ROLE = true !");
|
||||||
|
}
|
||||||
|
|
||||||
String table = config == null ? null : config.getTable();
|
String table = config == null ? null : config.getTable();
|
||||||
if (table == null) {
|
if (table == null) {
|
||||||
return true;
|
return true;
|
||||||
@ -265,7 +277,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
else {
|
else {
|
||||||
if (ROLE_MAP.containsKey(role) == false) {
|
if (ROLE_MAP.containsKey(role) == false) {
|
||||||
Set<String> NAMES = ROLE_MAP.keySet();
|
Set<String> NAMES = ROLE_MAP.keySet();
|
||||||
throw new IllegalArgumentException("角色 " + role + " 不存在!只能是[" + StringUtil.getString(NAMES.toArray()) + "]中的一种!");
|
throw new IllegalArgumentException("角色 " + role + " 不存在!" +
|
||||||
|
"只能是[" + StringUtil.getString(NAMES.toArray()) + "]中的一种!");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (role.equals(UNKNOWN) == false) { //未登录的角色
|
if (role.equals(UNKNOWN) == false) { //未登录的角色
|
||||||
@ -469,7 +482,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void verifyAdmin() throws Exception {
|
public void verifyAdmin() throws Exception {
|
||||||
throw new UnsupportedOperationException("不支持 ADMIN 角色!如果要支持就在子类重写这个方法来校验 ADMIN 角色,不通过则 throw IllegalAccessException!");
|
throw new UnsupportedOperationException("不支持 ADMIN 角色!如果要支持就在子类重写这个方法" +
|
||||||
|
"来校验 ADMIN 角色,不通过则 throw IllegalAccessException!");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -563,8 +577,10 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static JSONObject verifyRequest(@NotNull final RequestMethod method, final String name
|
public static JSONObject verifyRequest(@NotNull final RequestMethod method, final String name
|
||||||
, final JSONObject target, final JSONObject request, final int maxUpdateCount, final SQLCreator creator) throws Exception {
|
, final JSONObject target, final JSONObject request
|
||||||
return verifyRequest(method, name, target, request, maxUpdateCount, null, null, null, creator);
|
, final int maxUpdateCount, final SQLCreator creator) throws Exception {
|
||||||
|
return verifyRequest(method, name, target, request, maxUpdateCount
|
||||||
|
, null, null, null, creator);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**从request提取target指定的内容
|
/**从request提取target指定的内容
|
||||||
@ -579,10 +595,12 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method, final String name
|
public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method
|
||||||
, final JSONObject target, final JSONObject request, final int maxUpdateCount
|
, final String name, final JSONObject target, final JSONObject request
|
||||||
, final String database, final String schema, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception {
|
, final int maxUpdateCount, final String database, final String schema
|
||||||
return verifyRequest(method, name, target, request, maxUpdateCount, database, schema, null, idCallback, creator);
|
, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception {
|
||||||
|
return verifyRequest(method, name, target, request, maxUpdateCount, database, schema
|
||||||
|
, null, idCallback, creator);
|
||||||
}
|
}
|
||||||
/**从request提取target指定的内容
|
/**从request提取target指定的内容
|
||||||
* @param method
|
* @param method
|
||||||
@ -596,9 +614,14 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method, final String name
|
public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method
|
||||||
, final JSONObject target, final JSONObject request, final int maxUpdateCount
|
, final String name, final JSONObject target, final JSONObject request
|
||||||
, final String database, final String schema, final String datasource, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception {
|
, final int maxUpdateCount, final String database, final String schema, final String datasource
|
||||||
|
, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception {
|
||||||
|
if (ENABLE_VERIFY_CONTENT == false) {
|
||||||
|
throw new UnsupportedOperationException("AbstractVerifier.ENABLE_VERIFY_CONTENT == false" +
|
||||||
|
" 时不支持校验请求传参内容!如需支持则设置 AbstractVerifier.ENABLE_VERIFY_CONTENT = true !");
|
||||||
|
}
|
||||||
|
|
||||||
Log.i(TAG, "verifyRequest method = " + method + "; name = " + name
|
Log.i(TAG, "verifyRequest method = " + method + "; name = " + name
|
||||||
+ "; target = \n" + JSON.toJSONString(target)
|
+ "; target = \n" + JSON.toJSONString(target)
|
||||||
@ -807,7 +830,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
}
|
}
|
||||||
|
|
||||||
//解析
|
//解析
|
||||||
return parse(method, name, target, response, database, schema, idKeyCallback, creator, callback != null ? callback : new OnParseCallback() {
|
return parse(method, name, target, response, database, schema
|
||||||
|
, idKeyCallback, creator, callback != null ? callback : new OnParseCallback() {
|
||||||
@Override
|
@Override
|
||||||
protected JSONObject onParseJSONObject(String key, JSONObject tobj, JSONObject robj) throws Exception {
|
protected JSONObject onParseJSONObject(String key, JSONObject tobj, JSONObject robj) throws Exception {
|
||||||
return verifyResponse(method, key, tobj, robj, database, schema, idKeyCallback, creator, callback);
|
return verifyResponse(method, key, tobj, robj, database, schema, idKeyCallback, creator, callback);
|
||||||
@ -843,8 +867,9 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name, JSONObject target, JSONObject real
|
public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name
|
||||||
, final String database, final String schema, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception {
|
, JSONObject target, JSONObject real, final String database, final String schema
|
||||||
|
, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception {
|
||||||
return parse(method, name, target, real, database, schema, null, idCallback, creator, callback);
|
return parse(method, name, target, real, database, schema, null, idCallback, creator, callback);
|
||||||
}
|
}
|
||||||
/**对request和response不同的解析用callback返回
|
/**对request和response不同的解析用callback返回
|
||||||
@ -861,8 +886,9 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name, JSONObject target, JSONObject real
|
public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name
|
||||||
, final String database, final String schema, final String datasource, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception {
|
, JSONObject target, JSONObject real, final String database, final String schema, final String datasource
|
||||||
|
, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception {
|
||||||
if (target == null) {
|
if (target == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -897,7 +923,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
if (musts != null && musts.length > 0) {
|
if (musts != null && musts.length > 0) {
|
||||||
for (String s : musts) {
|
for (String s : musts) {
|
||||||
if (real.get(s) == null) { // 可能传null进来,这里还会通过 real.containsKey(s) == false) {
|
if (real.get(s) == null) { // 可能传null进来,这里还会通过 real.containsKey(s) == false) {
|
||||||
throw new IllegalArgumentException(method + "请求," + name + " 里面不能缺少 " + s + " 等[" + must + "]内的任何字段!");
|
throw new IllegalArgumentException(method + "请求,"
|
||||||
|
+ name + " 里面不能缺少 " + s + " 等[" + must + "]内的任何字段!");
|
||||||
}
|
}
|
||||||
|
|
||||||
mustSet.add(s);
|
mustSet.add(s);
|
||||||
@ -976,15 +1003,19 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
rfs = rfs.substring(1);
|
rfs = rfs.substring(1);
|
||||||
|
|
||||||
if (notRefuseSet.contains(rfs)) {
|
if (notRefuseSet.contains(rfs)) {
|
||||||
throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 !"
|
||||||
|
+ rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
||||||
}
|
}
|
||||||
if (refuseSet.contains(rfs)) {
|
if (refuseSet.contains(rfs)) {
|
||||||
throw new ConflictException(REFUSE.name() + ":value 中同时出现了 " + rfs + " 和 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
throw new ConflictException(REFUSE.name() + ":value 中同时出现了 "
|
||||||
|
+ rfs + " 和 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rfs.equals("")) { // 所有非 MUST
|
if (rfs.equals("")) { // 所有非 MUST
|
||||||
for (String key : rkset) { // 对@key放行,@role,@column,自定义@position等, @key:{ "Table":{} } 不会解析内部
|
// 对@key放行,@role,@column,自定义@position等, @key:{ "Table":{} } 不会解析内部
|
||||||
if (key == null || key.startsWith("@") || notRefuseSet.contains(key) || mustSet.contains(key) || objKeySet.contains(key)) {
|
for (String key : rkset) {
|
||||||
|
if (key == null || key.startsWith("@") || notRefuseSet.contains(key)
|
||||||
|
|| mustSet.contains(key) || objKeySet.contains(key)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -997,10 +1028,12 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (refuseSet.contains(rfs)) {
|
if (refuseSet.contains(rfs)) {
|
||||||
throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 " + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 " + rfs + " !" +
|
||||||
|
"不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
||||||
}
|
}
|
||||||
if (notRefuseSet.contains(rfs)) {
|
if (notRefuseSet.contains(rfs)) {
|
||||||
throw new ConflictException(REFUSE.name() + ":value 中同时出现了 " + rfs + " 和 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
throw new ConflictException(REFUSE.name() + ":value 中同时出现了 " + rfs + " 和 !" + rfs + " !" +
|
||||||
|
"不允许重复,也不允许一个 key 和取反 !key 同时使用!");
|
||||||
}
|
}
|
||||||
|
|
||||||
refuseSet.add(rfs);
|
refuseSet.add(rfs);
|
||||||
@ -1027,16 +1060,20 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
|
|
||||||
//不允许传远程函数,只能后端配置
|
//不允许传远程函数,只能后端配置
|
||||||
if (rk.endsWith("()") && rv instanceof String) {
|
if (rk.endsWith("()") && rv instanceof String) {
|
||||||
throw new UnsupportedOperationException(method + " 请求," + rk + " 不合法!非开放请求不允许传远程函数 key():\"fun()\" !");
|
throw new UnsupportedOperationException(method + " 请求," + rk + " 不合法!" +
|
||||||
|
"非开放请求不允许传远程函数 key():\"fun()\" !");
|
||||||
}
|
}
|
||||||
|
|
||||||
//不在target内的 key:{}
|
//不在target内的 key:{}
|
||||||
if (rk.startsWith("@") == false && objKeySet.contains(rk) == false) {
|
if (rk.startsWith("@") == false && objKeySet.contains(rk) == false) {
|
||||||
if (rv instanceof JSONObject) {
|
if (rv instanceof JSONObject) {
|
||||||
throw new UnsupportedOperationException(method + " 请求," + name + " 里面不允许传 " + rk + ":{} !");
|
throw new UnsupportedOperationException(method + " 请求,"
|
||||||
|
+ name + " 里面不允许传 " + rk + ":{} !");
|
||||||
}
|
}
|
||||||
if ((method == RequestMethod.POST || method == RequestMethod.PUT) && rv instanceof JSONArray && JSONRequest.isArrayKey(rk)) {
|
if ((method == RequestMethod.POST || method == RequestMethod.PUT)
|
||||||
throw new UnsupportedOperationException(method + " 请求," + name + " 里面不允许 " + rk + ":[] 等未定义的 Table[]:[{}] 批量操作键值对!");
|
&& rv instanceof JSONArray && JSONRequest.isArrayKey(rk)) {
|
||||||
|
throw new UnsupportedOperationException(method + " 请求," + name + " 里面不允许 "
|
||||||
|
+ rk + ":[] 等未定义的 Table[]:[{}] 批量操作键值对!");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1106,7 +1143,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
private static JSONObject operate(Operation opt, JSONObject targetChild, JSONObject real, SQLCreator creator) throws Exception {
|
private static JSONObject operate(Operation opt, JSONObject targetChild
|
||||||
|
, JSONObject real, SQLCreator creator) throws Exception {
|
||||||
if (targetChild == null) {
|
if (targetChild == null) {
|
||||||
return real;
|
return real;
|
||||||
}
|
}
|
||||||
@ -1160,7 +1198,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @param real
|
* @param real
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static void verifyType(@NotNull String tk, Object tv, @NotNull JSONObject real) throws UnsupportedDataTypeException {
|
public static void verifyType(@NotNull String tk, Object tv, @NotNull JSONObject real)
|
||||||
|
throws UnsupportedDataTypeException {
|
||||||
if (tv instanceof String == false) {
|
if (tv instanceof String == false) {
|
||||||
throw new UnsupportedDataTypeException("服务器内部错误," + tk + ":value 的value不合法!"
|
throw new UnsupportedDataTypeException("服务器内部错误," + tk + ":value 的value不合法!"
|
||||||
+ "Request表校验规则中 TYPE:{ key:value } 中的value只能是String类型!");
|
+ "Request表校验规则中 TYPE:{ key:value } 中的value只能是String类型!");
|
||||||
@ -1174,7 +1213,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @param rv
|
* @param rv
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv) throws UnsupportedDataTypeException {
|
public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv)
|
||||||
|
throws UnsupportedDataTypeException {
|
||||||
verifyType(tk, tv, rv, false);
|
verifyType(tk, tv, rv, false);
|
||||||
}
|
}
|
||||||
/**验证值类型
|
/**验证值类型
|
||||||
@ -1184,7 +1224,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @param isInArray
|
* @param isInArray
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv, boolean isInArray) throws UnsupportedDataTypeException {
|
public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv, boolean isInArray)
|
||||||
|
throws UnsupportedDataTypeException {
|
||||||
if (rv == null) {
|
if (rv == null) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -1218,50 +1259,58 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
try {
|
try {
|
||||||
Double.parseDouble(rv.toString());
|
Double.parseDouble(rv.toString());
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是 DECIMAL" + (isInArray ? "[] !" : " !"));
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是 DECIMAL" + (isInArray ? "[] !" : " !"));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "STRING":
|
case "STRING":
|
||||||
if (rv instanceof String == false) { //JSONObject.getString 可转换任何类型
|
if (rv instanceof String == false) { //JSONObject.getString 可转换任何类型
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是 STRING" + (isInArray ? "[] !" : " !"));
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是 STRING" + (isInArray ? "[] !" : " !"));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "URL": //网址,格式为 http://www.apijson.org, https://www.google.com 等
|
case "URL": //网址,格式为 http://www.apijson.org, https://www.google.com 等
|
||||||
try {
|
try {
|
||||||
new URL((String) rv);
|
new URL((String) rv);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是 URL" + (isInArray ? "[] !" : " !"));
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是 URL" + (isInArray ? "[] !" : " !"));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "DATE": //日期,格式为 YYYY-MM-DD(例如 2020-02-20)的 STRING
|
case "DATE": //日期,格式为 YYYY-MM-DD(例如 2020-02-20)的 STRING
|
||||||
try {
|
try {
|
||||||
LocalDate.parse((String) rv);
|
LocalDate.parse((String) rv);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是格式为 YYYY-MM-DD(例如 2020-02-20)的 DATE" + (isInArray ? "[] !" : " !"));
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是格式为 YYYY-MM-DD(例如 2020-02-20)的 DATE" + (isInArray ? "[] !" : " !"));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "TIME": //时间,格式为 HH:mm:ss(例如 12:01:30)的 STRING
|
case "TIME": //时间,格式为 HH:mm:ss(例如 12:01:30)的 STRING
|
||||||
try {
|
try {
|
||||||
LocalTime.parse((String) rv);
|
LocalTime.parse((String) rv);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是格式为 HH:mm:ss(例如 12:01:30)的 TIME" + (isInArray ? "[] !" : " !"));
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是格式为 HH:mm:ss(例如 12:01:30)的 TIME" + (isInArray ? "[] !" : " !"));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "DATETIME": //日期+时间,格式为 YYYY-MM-DDTHH:mm:ss(例如 2020-02-20T12:01:30)的 STRING
|
case "DATETIME": //日期+时间,格式为 YYYY-MM-DDTHH:mm:ss(例如 2020-02-20T12:01:30)的 STRING
|
||||||
try {
|
try {
|
||||||
LocalDateTime.parse((String) rv);
|
LocalDateTime.parse((String) rv);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是格式为 YYYY-MM-DDTHH:mm:ss(例如 2020-02-20T12:01:30)的 DATETIME" + (isInArray ? "[] !" : " !"));
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是格式为 " +
|
||||||
|
"YYYY-MM-DDTHH:mm:ss(例如 2020-02-20T12:01:30)的 DATETIME" + (isInArray ? "[] !" : " !"));
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "OBJECT":
|
case "OBJECT":
|
||||||
if (rv instanceof Map == false) { //JSONObject.getJSONObject 可转换String类型
|
if (rv instanceof Map == false) { //JSONObject.getJSONObject 可转换String类型
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是 OBJECT" + (isInArray ? "[] !" : " !") + " OBJECT 结构为 {} !");
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是 OBJECT" + (isInArray ? "[] !" : " !") + " OBJECT 结构为 {} !");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case "ARRAY":
|
case "ARRAY":
|
||||||
if (rv instanceof Collection == false) { //JSONObject.getJSONArray 可转换String类型
|
if (rv instanceof Collection == false) { //JSONObject.getJSONArray 可转换String类型
|
||||||
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!类型必须是 ARRAY" + (isInArray ? "[] !" : " !") + " ARRAY 结构为 [] !");
|
throw new UnsupportedDataTypeException(tk + ":value 的value不合法!" +
|
||||||
|
"类型必须是 ARRAY" + (isInArray ? "[] !" : " !") + " ARRAY 结构为 [] !");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
//目前在业务表中还用不上,单一的类型校验已经够用
|
//目前在业务表中还用不上,单一的类型校验已经够用
|
||||||
@ -1428,7 +1477,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
config.setTest(true);
|
config.setTest(true);
|
||||||
// config.setTable(Test.class.getSimpleName());
|
// config.setTable(Test.class.getSimpleName());
|
||||||
// config.setColumn(rv + logic.getChar() + funChar)
|
// config.setColumn(rv + logic.getChar() + funChar)
|
||||||
config.putWhere(rv + logic.getChar() + funChar, tv, false); // 字符串可能 SQL 注入,目前的解决方式是加 TYPE 校验类型或者干脆不用 sqlVerify,而是通过远程函数来校验
|
// 字符串可能 SQL 注入,目前的解决方式是加 TYPE 校验类型或者干脆不用 sqlVerify,而是通过远程函数来校验
|
||||||
|
config.putWhere(rv + logic.getChar() + funChar, tv, false);
|
||||||
config.setCount(1);
|
config.setCount(1);
|
||||||
|
|
||||||
SQLExecutor executor = creator.createSQLExecutor();
|
SQLExecutor executor = creator.createSQLExecutor();
|
||||||
@ -1510,7 +1560,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
|
|||||||
* @param creator
|
* @param creator
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public static void verifyRepeat(String table, String key, Object value, long exceptId, String idKey, @NotNull SQLCreator creator) throws Exception {
|
public static void verifyRepeat(String table, String key, Object value
|
||||||
|
, long exceptId, String idKey, @NotNull SQLCreator creator) throws Exception {
|
||||||
if (key == null || value == null) {
|
if (key == null || value == null) {
|
||||||
Log.e(TAG, "verifyRepeat key == null || value == null >> return;");
|
Log.e(TAG, "verifyRepeat key == null || value == null >> return;");
|
||||||
return;
|
return;
|
||||||
|
Loading…
Reference in New Issue
Block a user