新增 ENABLE_REMOTE_FUNCTION, ENABLE_SCRIPT_FUNCTION, ENABLE_VERIFY_ROLE, ENABLE_VERIFY_CONTENT 等配置

This commit is contained in:
TommyLemon 2022-11-17 02:43:22 +08:00
parent 21df376a60
commit 1b2b65b8af
3 changed files with 122 additions and 46 deletions

View File

@ -7,6 +7,7 @@ package apijson.orm;
import java.io.FileReader; import java.io.FileReader;
import java.lang.reflect.InvocationTargetException; import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
@ -32,6 +33,13 @@ import apijson.StringUtil;
public class AbstractFunctionParser implements FunctionParser { public class AbstractFunctionParser implements FunctionParser {
// private static final String TAG = "AbstractFunctionParser"; // private static final String TAG = "AbstractFunctionParser";
/**开启支持远程函数
*/
public static boolean ENABLE_REMOTE_FUNCTION = true;
/**开启支持远程函数中的 JavaScript 脚本形式
*/
public static boolean ENABLE_SCRIPT_FUNCTION = true;
public static final int TYPE_REMOTE_FUNCTION = 0; public static final int TYPE_REMOTE_FUNCTION = 0;
//public static final int TYPE_SQL_FUNCTION = 1; //public static final int TYPE_SQL_FUNCTION = 1;
public static final int TYPE_SCRIPT_FUNCTION = 1; public static final int TYPE_SCRIPT_FUNCTION = 1;
@ -160,6 +168,10 @@ public class AbstractFunctionParser implements FunctionParser {
* @return {@link #invoke(AbstractFunctionParser, String, Class[], Object[])} * @return {@link #invoke(AbstractFunctionParser, String, Class[], Object[])}
*/ */
public static Object invoke(@NotNull AbstractFunctionParser parser, @NotNull String function, @NotNull JSONObject currentObject) throws Exception { public static Object invoke(@NotNull AbstractFunctionParser parser, @NotNull String function, @NotNull JSONObject currentObject) throws Exception {
if (ENABLE_REMOTE_FUNCTION == false) {
throw new UnsupportedOperationException("AbstractFunctionParser.ENABLE_REMOTE_FUNCTION" +
" == false 时不支持远程函数!如需支持则设置 AbstractFunctionParser.ENABLE_REMOTE_FUNCTION = true ");
}
FunctionBean fb = parseFunction(function, currentObject, false); FunctionBean fb = parseFunction(function, currentObject, false);
@ -170,7 +182,11 @@ public class AbstractFunctionParser implements FunctionParser {
int type = row.getIntValue("type"); int type = row.getIntValue("type");
if (type < TYPE_REMOTE_FUNCTION || type > TYPE_SCRIPT_FUNCTION) { if (type < TYPE_REMOTE_FUNCTION || type > TYPE_SCRIPT_FUNCTION) {
throw new UnsupportedOperationException("type = " + type + " 不合法!必须是 [0, 1, 2] 中的一个 !"); throw new UnsupportedOperationException("type = " + type + " 不合法!必须是 [0, 1] 中的一个 !");
}
if (ENABLE_SCRIPT_FUNCTION == false && type == TYPE_SCRIPT_FUNCTION) {
throw new UnsupportedOperationException("type = " + type + " 不合法AbstractFunctionParser.ENABLE_SCRIPT_FUNCTION" +
" == false 时不支持远程函数中的脚本形式!如需支持则设置 AbstractFunctionParser.ENABLE_SCRIPT_FUNCTION = true ");
} }
@ -178,7 +194,7 @@ public class AbstractFunctionParser implements FunctionParser {
if (parser.getVersion() < version) { if (parser.getVersion() < version) {
throw new UnsupportedOperationException("不允许 version = " + parser.getVersion() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 version >= " + version + " !"); throw new UnsupportedOperationException("不允许 version = " + parser.getVersion() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 version >= " + version + " !");
} }
String tag = row.getString("tag"); String tag = row.getString("tag"); // TODO 改为 tags类似 methods 支持多个 tag或者干脆不要因为目前非开放请求全都只能后端指定
if (tag != null && tag.equals(parser.getTag()) == false) { if (tag != null && tag.equals(parser.getTag()) == false) {
throw new UnsupportedOperationException("不允许 tag = " + parser.getTag() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 tag = " + tag + " !"); throw new UnsupportedOperationException("不允许 tag = " + parser.getTag() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 tag = " + tag + " !");
} }
@ -227,7 +243,13 @@ public class AbstractFunctionParser implements FunctionParser {
if (type == TYPE_SCRIPT_FUNCTION) { if (type == TYPE_SCRIPT_FUNCTION) {
return invokeScript(parser, methodName, parameterTypes, args, currentObject); return invokeScript(parser, methodName, parameterTypes, args, currentObject);
} }
return parser.getClass().getMethod(methodName, parameterTypes).invoke(parser, args);
Method m = parser.getClass().getMethod(methodName, parameterTypes);
//费性能还是初始化时做更好
//if (m.getReturnType().getSimpleName().equals(returnType) == false) {
// throw new IllegalArgumentTypeException("");
//}
return m.invoke(parser, args);
} }
public static Invocable INVOCABLE; public static Invocable INVOCABLE;

View File

@ -120,7 +120,10 @@ public abstract class AbstractParser<T extends Object> implements Parser<T>, Par
* @param method null ? requestMethod = GET * @param method null ? requestMethod = GET
*/ */
public AbstractParser(RequestMethod method) { public AbstractParser(RequestMethod method) {
this(method, true); super();
setMethod(method);
setNeedVerifyRole(AbstractVerifier.ENABLE_VERIFY_ROLE);
setNeedVerifyContent(AbstractVerifier.ENABLE_VERIFY_CONTENT);
} }
/** /**
* @param method null ? requestMethod = GET * @param method null ? requestMethod = GET

View File

@ -81,7 +81,14 @@ import apijson.orm.model.TestRecord;
public abstract class AbstractVerifier<T extends Object> implements Verifier<T>, IdCallback<T> { public abstract class AbstractVerifier<T extends Object> implements Verifier<T>, IdCallback<T> {
private static final String TAG = "AbstractVerifier"; private static final String TAG = "AbstractVerifier";
/**未登录不明身份的用户 /**开启校验请求角色权限
*/
public static boolean ENABLE_VERIFY_ROLE = true;
/**开启校验请求传参内容
*/
public static boolean ENABLE_VERIFY_CONTENT = true;
/**未登录不明身份的用户
*/ */
public static final String UNKNOWN = "UNKNOWN"; public static final String UNKNOWN = "UNKNOWN";
@ -253,6 +260,11 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
*/ */
@Override @Override
public boolean verifyAccess(SQLConfig config) throws Exception { public boolean verifyAccess(SQLConfig config) throws Exception {
if (ENABLE_VERIFY_ROLE == false) {
throw new UnsupportedOperationException("AbstractVerifier.ENABLE_VERIFY_ROLE == false " +
"时不支持校验角色权限!如需支持则设置 AbstractVerifier.ENABLE_VERIFY_ROLE = true ");
}
String table = config == null ? null : config.getTable(); String table = config == null ? null : config.getTable();
if (table == null) { if (table == null) {
return true; return true;
@ -265,7 +277,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
else { else {
if (ROLE_MAP.containsKey(role) == false) { if (ROLE_MAP.containsKey(role) == false) {
Set<String> NAMES = ROLE_MAP.keySet(); Set<String> NAMES = ROLE_MAP.keySet();
throw new IllegalArgumentException("角色 " + role + " 不存在!只能是[" + StringUtil.getString(NAMES.toArray()) + "]中的一种!"); throw new IllegalArgumentException("角色 " + role + " 不存在!" +
"只能是[" + StringUtil.getString(NAMES.toArray()) + "]中的一种!");
} }
if (role.equals(UNKNOWN) == false) { //未登录的角色 if (role.equals(UNKNOWN) == false) { //未登录的角色
@ -469,7 +482,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
@Override @Override
public void verifyAdmin() throws Exception { public void verifyAdmin() throws Exception {
throw new UnsupportedOperationException("不支持 ADMIN 角色!如果要支持就在子类重写这个方法来校验 ADMIN 角色,不通过则 throw IllegalAccessException!"); throw new UnsupportedOperationException("不支持 ADMIN 角色!如果要支持就在子类重写这个方法" +
"来校验 ADMIN 角色,不通过则 throw IllegalAccessException!");
} }
@ -563,8 +577,10 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @throws Exception * @throws Exception
*/ */
public static JSONObject verifyRequest(@NotNull final RequestMethod method, final String name public static JSONObject verifyRequest(@NotNull final RequestMethod method, final String name
, final JSONObject target, final JSONObject request, final int maxUpdateCount, final SQLCreator creator) throws Exception { , final JSONObject target, final JSONObject request
return verifyRequest(method, name, target, request, maxUpdateCount, null, null, null, creator); , final int maxUpdateCount, final SQLCreator creator) throws Exception {
return verifyRequest(method, name, target, request, maxUpdateCount
, null, null, null, creator);
} }
/**从request提取target指定的内容 /**从request提取target指定的内容
@ -579,10 +595,12 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @return * @return
* @throws Exception * @throws Exception
*/ */
public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method, final String name public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method
, final JSONObject target, final JSONObject request, final int maxUpdateCount , final String name, final JSONObject target, final JSONObject request
, final String database, final String schema, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception { , final int maxUpdateCount, final String database, final String schema
return verifyRequest(method, name, target, request, maxUpdateCount, database, schema, null, idCallback, creator); , final IdCallback<T> idCallback, final SQLCreator creator) throws Exception {
return verifyRequest(method, name, target, request, maxUpdateCount, database, schema
, null, idCallback, creator);
} }
/**从request提取target指定的内容 /**从request提取target指定的内容
* @param method * @param method
@ -596,9 +614,14 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @return * @return
* @throws Exception * @throws Exception
*/ */
public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method, final String name public static <T extends Object> JSONObject verifyRequest(@NotNull final RequestMethod method
, final JSONObject target, final JSONObject request, final int maxUpdateCount , final String name, final JSONObject target, final JSONObject request
, final String database, final String schema, final String datasource, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception { , final int maxUpdateCount, final String database, final String schema, final String datasource
, final IdCallback<T> idCallback, final SQLCreator creator) throws Exception {
if (ENABLE_VERIFY_CONTENT == false) {
throw new UnsupportedOperationException("AbstractVerifier.ENABLE_VERIFY_CONTENT == false" +
" 时不支持校验请求传参内容!如需支持则设置 AbstractVerifier.ENABLE_VERIFY_CONTENT = true ");
}
Log.i(TAG, "verifyRequest method = " + method + "; name = " + name Log.i(TAG, "verifyRequest method = " + method + "; name = " + name
+ "; target = \n" + JSON.toJSONString(target) + "; target = \n" + JSON.toJSONString(target)
@ -807,7 +830,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
} }
//解析 //解析
return parse(method, name, target, response, database, schema, idKeyCallback, creator, callback != null ? callback : new OnParseCallback() { return parse(method, name, target, response, database, schema
, idKeyCallback, creator, callback != null ? callback : new OnParseCallback() {
@Override @Override
protected JSONObject onParseJSONObject(String key, JSONObject tobj, JSONObject robj) throws Exception { protected JSONObject onParseJSONObject(String key, JSONObject tobj, JSONObject robj) throws Exception {
return verifyResponse(method, key, tobj, robj, database, schema, idKeyCallback, creator, callback); return verifyResponse(method, key, tobj, robj, database, schema, idKeyCallback, creator, callback);
@ -843,8 +867,9 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @return * @return
* @throws Exception * @throws Exception
*/ */
public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name, JSONObject target, JSONObject real public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name
, final String database, final String schema, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception { , JSONObject target, JSONObject real, final String database, final String schema
, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception {
return parse(method, name, target, real, database, schema, null, idCallback, creator, callback); return parse(method, name, target, real, database, schema, null, idCallback, creator, callback);
} }
/**对request和response不同的解析用callback返回 /**对request和response不同的解析用callback返回
@ -861,8 +886,9 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @return * @return
* @throws Exception * @throws Exception
*/ */
public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name, JSONObject target, JSONObject real public static <T extends Object> JSONObject parse(@NotNull final RequestMethod method, String name
, final String database, final String schema, final String datasource, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception { , JSONObject target, JSONObject real, final String database, final String schema, final String datasource
, final IdCallback<T> idCallback, SQLCreator creator, @NotNull OnParseCallback callback) throws Exception {
if (target == null) { if (target == null) {
return null; return null;
} }
@ -897,7 +923,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
if (musts != null && musts.length > 0) { if (musts != null && musts.length > 0) {
for (String s : musts) { for (String s : musts) {
if (real.get(s) == null) { // 可能传null进来这里还会通过 real.containsKey(s) == false) { if (real.get(s) == null) { // 可能传null进来这里还会通过 real.containsKey(s) == false) {
throw new IllegalArgumentException(method + "请求," + name + " 里面不能缺少 " + s + " 等[" + must + "]内的任何字段!"); throw new IllegalArgumentException(method + "请求,"
+ name + " 里面不能缺少 " + s + " 等[" + must + "]内的任何字段!");
} }
mustSet.add(s); mustSet.add(s);
@ -976,15 +1003,19 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
rfs = rfs.substring(1); rfs = rfs.substring(1);
if (notRefuseSet.contains(rfs)) { if (notRefuseSet.contains(rfs)) {
throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!"); throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 !"
+ rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
} }
if (refuseSet.contains(rfs)) { if (refuseSet.contains(rfs)) {
throw new ConflictException(REFUSE.name() + ":value 中同时出现了 " + rfs + " 和 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!"); throw new ConflictException(REFUSE.name() + ":value 中同时出现了 "
+ rfs + " 和 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!");
} }
if (rfs.equals("")) { // 所有非 MUST if (rfs.equals("")) { // 所有非 MUST
for (String key : rkset) { // @key放行@role,@column,自定义@position等 @key:{ "Table":{} } 不会解析内部 // @key放行@role,@column,自定义@position等 @key:{ "Table":{} } 不会解析内部
if (key == null || key.startsWith("@") || notRefuseSet.contains(key) || mustSet.contains(key) || objKeySet.contains(key)) { for (String key : rkset) {
if (key == null || key.startsWith("@") || notRefuseSet.contains(key)
|| mustSet.contains(key) || objKeySet.contains(key)) {
continue; continue;
} }
@ -997,10 +1028,12 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
} }
else { else {
if (refuseSet.contains(rfs)) { if (refuseSet.contains(rfs)) {
throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 " + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!"); throw new ConflictException(REFUSE.name() + ":value 中出现了重复的 " + rfs + " " +
"不允许重复,也不允许一个 key 和取反 !key 同时使用!");
} }
if (notRefuseSet.contains(rfs)) { if (notRefuseSet.contains(rfs)) {
throw new ConflictException(REFUSE.name() + ":value 中同时出现了 " + rfs + " 和 !" + rfs + " !不允许重复,也不允许一个 key 和取反 !key 同时使用!"); throw new ConflictException(REFUSE.name() + ":value 中同时出现了 " + rfs + " 和 !" + rfs + " " +
"不允许重复,也不允许一个 key 和取反 !key 同时使用!");
} }
refuseSet.add(rfs); refuseSet.add(rfs);
@ -1027,16 +1060,20 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
//不允许传远程函数只能后端配置 //不允许传远程函数只能后端配置
if (rk.endsWith("()") && rv instanceof String) { if (rk.endsWith("()") && rv instanceof String) {
throw new UnsupportedOperationException(method + " 请求," + rk + " 不合法!非开放请求不允许传远程函数 key():\"fun()\" "); throw new UnsupportedOperationException(method + " 请求," + rk + " 不合法!" +
"非开放请求不允许传远程函数 key():\"fun()\" ");
} }
//不在target内的 key:{} //不在target内的 key:{}
if (rk.startsWith("@") == false && objKeySet.contains(rk) == false) { if (rk.startsWith("@") == false && objKeySet.contains(rk) == false) {
if (rv instanceof JSONObject) { if (rv instanceof JSONObject) {
throw new UnsupportedOperationException(method + " 请求," + name + " 里面不允许传 " + rk + ":{} "); throw new UnsupportedOperationException(method + " 请求,"
+ name + " 里面不允许传 " + rk + ":{} ");
} }
if ((method == RequestMethod.POST || method == RequestMethod.PUT) && rv instanceof JSONArray && JSONRequest.isArrayKey(rk)) { if ((method == RequestMethod.POST || method == RequestMethod.PUT)
throw new UnsupportedOperationException(method + " 请求," + name + " 里面不允许 " + rk + ":[] 等未定义的 Table[]:[{}] 批量操作键值对!"); && rv instanceof JSONArray && JSONRequest.isArrayKey(rk)) {
throw new UnsupportedOperationException(method + " 请求," + name + " 里面不允许 "
+ rk + ":[] 等未定义的 Table[]:[{}] 批量操作键值对!");
} }
} }
} }
@ -1106,7 +1143,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @return * @return
* @throws Exception * @throws Exception
*/ */
private static JSONObject operate(Operation opt, JSONObject targetChild, JSONObject real, SQLCreator creator) throws Exception { private static JSONObject operate(Operation opt, JSONObject targetChild
, JSONObject real, SQLCreator creator) throws Exception {
if (targetChild == null) { if (targetChild == null) {
return real; return real;
} }
@ -1160,7 +1198,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @param real * @param real
* @throws Exception * @throws Exception
*/ */
public static void verifyType(@NotNull String tk, Object tv, @NotNull JSONObject real) throws UnsupportedDataTypeException { public static void verifyType(@NotNull String tk, Object tv, @NotNull JSONObject real)
throws UnsupportedDataTypeException {
if (tv instanceof String == false) { if (tv instanceof String == false) {
throw new UnsupportedDataTypeException("服务器内部错误," + tk + ":value 的value不合法" throw new UnsupportedDataTypeException("服务器内部错误," + tk + ":value 的value不合法"
+ "Request表校验规则中 TYPE:{ key:value } 中的value只能是String类型"); + "Request表校验规则中 TYPE:{ key:value } 中的value只能是String类型");
@ -1174,7 +1213,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @param rv * @param rv
* @throws Exception * @throws Exception
*/ */
public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv) throws UnsupportedDataTypeException { public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv)
throws UnsupportedDataTypeException {
verifyType(tk, tv, rv, false); verifyType(tk, tv, rv, false);
} }
/**验证值类型 /**验证值类型
@ -1184,7 +1224,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @param isInArray * @param isInArray
* @throws Exception * @throws Exception
*/ */
public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv, boolean isInArray) throws UnsupportedDataTypeException { public static void verifyType(@NotNull String tk, @NotNull String tv, Object rv, boolean isInArray)
throws UnsupportedDataTypeException {
if (rv == null) { if (rv == null) {
return; return;
} }
@ -1218,50 +1259,58 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
try { try {
Double.parseDouble(rv.toString()); Double.parseDouble(rv.toString());
} catch (Exception e) { } catch (Exception e) {
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是 DECIMAL" + (isInArray ? "[] !" : " !")); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是 DECIMAL" + (isInArray ? "[] !" : " !"));
} }
break; break;
case "STRING": case "STRING":
if (rv instanceof String == false) { //JSONObject.getString 可转换任何类型 if (rv instanceof String == false) { //JSONObject.getString 可转换任何类型
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是 STRING" + (isInArray ? "[] !" : " !")); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是 STRING" + (isInArray ? "[] !" : " !"));
} }
break; break;
case "URL": //网址格式为 http://www.apijson.org, https://www.google.com case "URL": //网址格式为 http://www.apijson.org, https://www.google.com
try { try {
new URL((String) rv); new URL((String) rv);
} catch (Exception e) { } catch (Exception e) {
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是 URL" + (isInArray ? "[] !" : " !")); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是 URL" + (isInArray ? "[] !" : " !"));
} }
break; break;
case "DATE": //日期格式为 YYYY-MM-DD例如 2020-02-20 STRING case "DATE": //日期格式为 YYYY-MM-DD例如 2020-02-20 STRING
try { try {
LocalDate.parse((String) rv); LocalDate.parse((String) rv);
} catch (Exception e) { } catch (Exception e) {
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是格式为 YYYY-MM-DD例如 2020-02-20的 DATE" + (isInArray ? "[] !" : " !")); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是格式为 YYYY-MM-DD例如 2020-02-20的 DATE" + (isInArray ? "[] !" : " !"));
} }
break; break;
case "TIME": //时间格式为 HH:mm:ss例如 12:01:30 STRING case "TIME": //时间格式为 HH:mm:ss例如 12:01:30 STRING
try { try {
LocalTime.parse((String) rv); LocalTime.parse((String) rv);
} catch (Exception e) { } catch (Exception e) {
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是格式为 HH:mm:ss例如 12:01:30的 TIME" + (isInArray ? "[] !" : " !")); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是格式为 HH:mm:ss例如 12:01:30的 TIME" + (isInArray ? "[] !" : " !"));
} }
break; break;
case "DATETIME": //日期+时间格式为 YYYY-MM-DDTHH:mm:ss例如 2020-02-20T12:01:30 STRING case "DATETIME": //日期+时间格式为 YYYY-MM-DDTHH:mm:ss例如 2020-02-20T12:01:30 STRING
try { try {
LocalDateTime.parse((String) rv); LocalDateTime.parse((String) rv);
} catch (Exception e) { } catch (Exception e) {
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是格式为 YYYY-MM-DDTHH:mm:ss例如 2020-02-20T12:01:30的 DATETIME" + (isInArray ? "[] !" : " !")); throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是格式为 " +
"YYYY-MM-DDTHH:mm:ss例如 2020-02-20T12:01:30的 DATETIME" + (isInArray ? "[] !" : " !"));
} }
break; break;
case "OBJECT": case "OBJECT":
if (rv instanceof Map == false) { //JSONObject.getJSONObject 可转换String类型 if (rv instanceof Map == false) { //JSONObject.getJSONObject 可转换String类型
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是 OBJECT" + (isInArray ? "[] !" : " !") + " OBJECT 结构为 {} !"); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是 OBJECT" + (isInArray ? "[] !" : " !") + " OBJECT 结构为 {} !");
} }
break; break;
case "ARRAY": case "ARRAY":
if (rv instanceof Collection == false) { //JSONObject.getJSONArray 可转换String类型 if (rv instanceof Collection == false) { //JSONObject.getJSONArray 可转换String类型
throw new UnsupportedDataTypeException(tk + ":value 的value不合法类型必须是 ARRAY" + (isInArray ? "[] !" : " !") + " ARRAY 结构为 [] !"); throw new UnsupportedDataTypeException(tk + ":value 的value不合法" +
"类型必须是 ARRAY" + (isInArray ? "[] !" : " !") + " ARRAY 结构为 [] !");
} }
break; break;
//目前在业务表中还用不上单一的类型校验已经够用 //目前在业务表中还用不上单一的类型校验已经够用
@ -1428,7 +1477,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
config.setTest(true); config.setTest(true);
// config.setTable(Test.class.getSimpleName()); // config.setTable(Test.class.getSimpleName());
// config.setColumn(rv + logic.getChar() + funChar) // config.setColumn(rv + logic.getChar() + funChar)
config.putWhere(rv + logic.getChar() + funChar, tv, false); // 字符串可能 SQL 注入目前的解决方式是加 TYPE 校验类型或者干脆不用 sqlVerify而是通过远程函数来校验 // 字符串可能 SQL 注入目前的解决方式是加 TYPE 校验类型或者干脆不用 sqlVerify而是通过远程函数来校验
config.putWhere(rv + logic.getChar() + funChar, tv, false);
config.setCount(1); config.setCount(1);
SQLExecutor executor = creator.createSQLExecutor(); SQLExecutor executor = creator.createSQLExecutor();
@ -1510,7 +1560,8 @@ public abstract class AbstractVerifier<T extends Object> implements Verifier<T>,
* @param creator * @param creator
* @throws Exception * @throws Exception
*/ */
public static void verifyRepeat(String table, String key, Object value, long exceptId, String idKey, @NotNull SQLCreator creator) throws Exception { public static void verifyRepeat(String table, String key, Object value
, long exceptId, String idKey, @NotNull SQLCreator creator) throws Exception {
if (key == null || value == null) { if (key == null || value == null) {
Log.e(TAG, "verifyRepeat key == null || value == null >> return;"); Log.e(TAG, "verifyRepeat key == null || value == null >> return;");
return; return;