Server: RemoteFunction 内强制校验远程函数必须符合 Function 表的配置；Function 表新增 methods,tag,version 用于限制远程函数的使用范围

TommyLemon · TommyLemon · commit 30084d91e553 · 2019-08-18T04:02:49.000+08:00
diff --git a/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/APIJSONApplication.java b/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/APIJSONApplication.java
@@ -42,44 +42,46 @@ public static void main(String[] args) throws Exception {
 		
 		System.out.println("\n\n\n\n\n<<<<<<<<<<<<<<<<<<<<<<<<< APIJSON 开始启动 >>>>>>>>>>>>>>>>>>>>>>>>\n");
 		
-		System.out.println("开始测试:远程函数 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+		System.out.println("\n\n\n开始初始化:远程函数配置 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
 		try {
-			DemoFunction.test();
+			DemoFunction.init(true);
 		}
 		catch (Exception e) {
 			e.printStackTrace();
 		}
-		System.out.println("\n完成测试:远程函数 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
-
-
-		System.out.println("\n\n\n开始测试:请求校验 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+		System.out.println("\n完成初始化:远程函数配置 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
+		
+		System.out.println("开始测试:远程函数 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
 		try {
-			StructureUtil.test();
+			DemoFunction.test();
 		}
 		catch (Exception e) {
 			e.printStackTrace();
 		}
-		System.out.println("\n完成测试:请求校验 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
+		System.out.println("\n完成测试:远程函数 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
+
 		
 		
-		System.out.println("\n\n\n开始初始化:远程函数配置 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+		System.out.println("\n\n\n开始初始化:请求校验配置 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
 		try {
-			DemoFunction.init(true);
+			StructureUtil.init(true);
 		}
 		catch (Exception e) {
 			e.printStackTrace();
 		}
-		System.out.println("\n完成初始化:远程函数配置 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
-		
-		System.out.println("\n\n\n开始初始化:请求校验配置 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+		System.out.println("\n完成初始化:请求校验配置 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
+
+		System.out.println("\n\n\n开始测试:请求校验 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
 		try {
-			StructureUtil.init(true);
+			StructureUtil.test();
 		}
 		catch (Exception e) {
 			e.printStackTrace();
 		}
-		System.out.println("\n完成初始化:请求校验配置 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
-
+		System.out.println("\n完成测试:请求校验 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
+		
+		
+		
 		System.out.println("\n\n\n开始初始化:权限校验配置 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
 		try {
 			DemoVerifier.init(true);
diff --git a/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/DemoFunction.java b/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/DemoFunction.java
@@ -45,10 +45,9 @@
 public class DemoFunction extends RemoteFunction {
 	private static final String TAG = "DemoFunction";
 
-	private final RequestMethod method;
 	private final HttpSession session;
-	public DemoFunction(RequestMethod method, HttpSession session) {
-		this.method = method;
+	public DemoFunction(RequestMethod method, String tag, int version, HttpSession session) {
+		super(method, tag, version);
 		this.session = session;
 	}
 
@@ -78,11 +77,11 @@ public static void test() throws Exception {
 		request.put("object", object);
 
 
-		Log.i(TAG, "plus(1,-2) = " + new DemoFunction(null, null).invoke("plus(i0,i1)", request));
-		Log.i(TAG, "count([1,2,4,10]) = " + new DemoFunction(null, null).invoke("countArray(array)", request));
-		Log.i(TAG, "isContain([1,2,4,10], 10) = " + new DemoFunction(null, null).invoke("isContain(array,id)", request));
-		Log.i(TAG, "getFromArray([1,2,4,10], 0) = " + new DemoFunction(null, null).invoke("getFromArray(array,@position)", request));
-		Log.i(TAG, "getFromObject({key:true}, key) = " + new DemoFunction(null, null).invoke("getFromObject(object,key)", request));
+		Log.i(TAG, "plus(1,-2) = " + new DemoFunction(null, null, 1, null).invoke("plus(i0,i1)", request));
+		Log.i(TAG, "count([1,2,4,10]) = " + new DemoFunction(null, null, 1, null).invoke("countArray(array)", request));
+		Log.i(TAG, "isContain([1,2,4,10], 10) = " + new DemoFunction(null, null, 1, null).invoke("isContain(array,id)", request));
+		Log.i(TAG, "getFromArray([1,2,4,10], 0) = " + new DemoFunction(null, null, 1, null).invoke("getFromArray(array,@position)", request));
+		Log.i(TAG, "getFromObject({key:true}, key) = " + new DemoFunction(null, null, 1, null).invoke("getFromObject(object,key)", request));
 
 	}
 
@@ -112,7 +111,7 @@ public static JSONObject init(boolean shutdownWhenServerError) throws ServerExce
 			request.putAll(functionItem.toArray(0, 0, FUNCTION_));
 		}  //Function[]>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
-		
+
 		JSONObject response = new DemoParser(RequestMethod.GET, true).parseResponse(request);
 		if (JSONResponse.isSuccess(response) == false) {
 			onServerError("\n\n\n\n\n !!!! 查询远程函数异常 !!!\n" + response.getString(JSONResponse.KEY_MSG) + "\n\n\n\n\n", shutdownWhenServerError);
@@ -135,15 +134,28 @@ public static JSONObject init(boolean shutdownWhenServerError) throws ServerExce
 			if (demo == null) {
 				onServerError("字段 demo 的值必须为合法且非 null 的 JSONObejct 字符串！", shutdownWhenServerError);
 			}
+			String name = item.getString("name");
 			if (demo.containsKey("result()") == false) {
-				demo.put("result()", getFunctionCall(item.getString("name"), item.getString("arguments")));
+				demo.put("result()", getFunctionCall(name, item.getString("arguments")));
 			}
-			demo.put(JSONRequest.KEY_COLUMN, "id,name,arguments,demo");
+			//			demo.put(JSONRequest.KEY_TAG, item.getString(JSONRequest.KEY_TAG));
+			//			demo.put(JSONRequest.KEY_VERSION, item.getInteger(JSONRequest.KEY_VERSION));
+
+			FUNCTION_MAP.put(name, item);  //必须在测试 invoke 前！
+
+			String[] methods = StringUtil.split(item.getString("methods"));
+			JSONObject r = new DemoParser(
+					methods == null || methods.length <= 0 ? RequestMethod.GET : RequestMethod.valueOf(methods[0])
+							, true
+					)
+					.setTag(item.getString(JSONRequest.KEY_TAG))
+					.setVersion(item.getInteger(JSONRequest.KEY_VERSION))
+					.parseResponse(demo);
 
-			JSONObject r = new DemoParser(RequestMethod.GET, true).parseResponse(demo);
 			if (JSONResponse.isSuccess(r) == false) {
 				onServerError(JSONResponse.getMsg(r), shutdownWhenServerError);
 			}
+
 		}
 
 		return response;
@@ -223,10 +235,6 @@ public Object verifyURLList(@NotNull JSONObject request, @NotNull String urlList
 	 * @throws Exception
 	 */
 	public int deleteCommentOfMoment(@NotNull JSONObject rq, @NotNull String momentId) throws Exception {
-		if (method != RequestMethod.DELETE) {
-			throw new UnsupportedOperationException("远程函数 deleteCommentOfMoment 只支持 DELETE 方法！");
-		}
-
 		long mid = rq.getLongValue(momentId);
 		if (mid <= 0 || rq.getIntValue(JSONResponse.KEY_COUNT) <= 0) {
 			return 0;
@@ -254,10 +262,6 @@ public int deleteCommentOfMoment(@NotNull JSONObject rq, @NotNull String momentI
 	 * @return
 	 */
 	public int deleteChildComment(@NotNull JSONObject rq, @NotNull String toId) throws Exception {
-		if (method != RequestMethod.DELETE) { //TODO 如果这样的判断太多，可以把 DemoFunction 分成对应不同 RequestMethod 的 GetFunciton 等，创建时根据 method 判断用哪个
-			throw new UnsupportedOperationException("远程函数 deleteChildComment 只支持 DELETE 方法！");
-		}
-
 		long tid = rq.getLongValue(toId);
 		if (tid <= 0 || rq.getIntValue(JSONResponse.KEY_COUNT) <= 0) {
 			return 0;
diff --git a/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/DemoParser.java b/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/DemoParser.java
@@ -14,7 +14,6 @@
 
 package apijson.demo.server;
 
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -25,10 +24,7 @@
 import zuo.biao.apijson.RequestMethod;
 import zuo.biao.apijson.server.AbstractParser;
 import zuo.biao.apijson.server.JSONRequest;
-import zuo.biao.apijson.server.Join;
 import zuo.biao.apijson.server.SQLConfig;
-import zuo.biao.apijson.server.SQLExecutor;
-import zuo.biao.apijson.server.exception.NotExistException;
 
 
 /**请求解析器
@@ -98,7 +94,7 @@ public JSONObject parseResponse(JSONObject request) {
 	@Override
 	public Object onFunctionParse(JSONObject json, String fun) throws Exception {
 		if (function == null) {
-			function = new DemoFunction(requestMethod, session);
+			function = new DemoFunction(requestMethod, tag, version, session);
 		}
 		return function.invoke(fun, json);
 	}
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractParser.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractParser.java
@@ -120,6 +120,28 @@ public AbstractParser<T> setMethod(RequestMethod method) {
 		this.transactionIsolation = RequestMethod.isQueryMethod(method) ? Connection.TRANSACTION_NONE : Connection.TRANSACTION_REPEATABLE_READ;
 		return this;
 	}
+	
+	protected int version;
+	@Override
+	public int getVersion() {
+		return version;
+	}
+	@Override
+	public AbstractParser<T> setVersion(int version) {
+		this.version = version;
+		return this;
+	}
+	
+	protected String tag;
+	@Override
+	public String getTag() {
+		return tag;
+	}
+	@Override
+	public AbstractParser<T> setTag(String tag) {
+		this.tag = tag;
+		return this;
+	}
 
 	protected JSONObject requestObject;
 	@Override
@@ -571,6 +593,8 @@ public JSONObject parseCorrectRequest() throws Exception {
 		if (StringUtil.isNotEmpty(tag, true) == false) {
 			throw new IllegalArgumentException("请在最外层设置tag！一般是Table名，例如 \"tag\": \"User\" ");
 		}
+		setTag(tag);
+
 		int version = requestObject.getIntValue(JSONRequest.KEY_VERSION);
 
 		JSONObject object = null;
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/Parser.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/Parser.java
@@ -47,6 +47,12 @@ public interface Parser<T> {
 	RequestMethod getMethod();
 	Parser<T> setMethod(@NotNull RequestMethod method);
 
+	int getVersion();
+	Parser<T> setVersion(int version);
+	
+	String getTag();
+	Parser<T> setTag(String tag);
+
 	JSONObject getRequest();
 	Parser<T> setRequest(JSONObject request);
 
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/RemoteFunction.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/RemoteFunction.java
@@ -15,13 +15,18 @@
 package zuo.biao.apijson.server;
 
 import java.lang.reflect.InvocationTargetException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 import javax.activation.UnsupportedDataTypeException;
 
 import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 
 import zuo.biao.apijson.NotNull;
+import zuo.biao.apijson.RequestMethod;
 import zuo.biao.apijson.StringUtil;
 
 /**可远程调用的函数类
@@ -30,6 +35,32 @@
 public class RemoteFunction {
 	//	private static final String TAG = "RemoteFunction";
 
+	// <methodName, JSONObject>
+	// <isContain, <arguments:"array,key", tag:null, methods:null>>
+	public static final Map<String, JSONObject> FUNCTION_MAP;
+	static {
+		FUNCTION_MAP = new HashMap<>();
+	}
+	
+	private final RequestMethod method;
+	private final String tag;
+	private final int version;
+	public RemoteFunction(RequestMethod method, String tag, int version) {
+		this.method = method == null ? RequestMethod.GET : method;
+		this.tag = tag;
+		this.version = version;
+	}
+
+	public RequestMethod getMethod() {
+		return method;
+	}
+	public String getTag() {
+		return tag;
+	}
+	public int getVersion() {
+		return version;
+	}
+	
 	/**反射调用
 	 * @param fun
 	 * @param request
@@ -39,6 +70,25 @@ public class RemoteFunction {
 	public static Object invoke(@NotNull RemoteFunction fun, @NotNull JSONObject request, @NotNull String function) throws Exception {
 
 		FunctionBean fb = parseFunction(function, request, false);
+		
+		JSONObject row = FUNCTION_MAP.get(fb.getMethod());
+		if (row == null) {
+			throw new UnsupportedOperationException("不允许调用远程函数 " + fb.getMethod() + " !");
+		}
+		
+		int v = row.getIntValue("version");
+		if (v < fun.getVersion()) {
+			throw new UnsupportedOperationException("不允许 version = " + fun.getVersion() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 version >= " + v + " !");
+		}
+		String t = row.getString("tag");
+		if (t != null && t.equals(fun.getTag()) == false) {
+			throw new UnsupportedOperationException("不允许 tag = " + fun.getTag() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 tag = " + t + " !");
+		}
+		String[] methods = StringUtil.split(row.getString("methods"));
+		List<String> ml = methods == null || methods.length <= 0 ? null : Arrays.asList(methods);
+		if (ml != null && ml.contains(fun.getMethod().toString()) == false) {
+			throw new UnsupportedOperationException("不允许 method = " + fun.getMethod() + " 的请求调用远程函数 " + fb.getMethod() + " ! 必须满足 method 在 " + methods + "内 !");
+		}
 
 		try {
 			return invoke(fun, fb.getMethod(), fb.getTypes(), fb.getValues()); 
