Skip to content

Commit afe38fd

Browse files
TommyLemonTommyLemon
committed
Server:远程函数支持校验session,新增verifyIdList和verifyURLList
1 parent 4f0bbe3 commit afe38fd

File tree

3 files changed

+72
-19
lines changed

3 files changed

+72
-19
lines changed

APIJSON-Java-Server/APIJSONDemo/src/main/java/apijson/demo/server/DemoFunction.java

Lines changed: 65 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,18 @@
1616

1717
import java.util.ArrayList;
1818
import java.util.Arrays;
19+
import java.util.Collection;
1920
import java.util.List;
2021

22+
import javax.servlet.http.HttpSession;
23+
2124
import com.alibaba.fastjson.JSONArray;
2225
import com.alibaba.fastjson.JSONObject;
2326

2427
import apijson.demo.server.model.BaseModel;
2528
import zuo.biao.apijson.Log;
2629
import zuo.biao.apijson.RequestRole;
30+
import zuo.biao.apijson.StringUtil;
2731
import zuo.biao.apijson.server.Function;
2832
import zuo.biao.apijson.server.NotNull;
2933

@@ -33,7 +37,11 @@
3337
*/
3438
public class DemoFunction extends Function implements FunctionList {
3539
private static final String TAG = "DemoFunction";
36-
40+
41+
private final HttpSession session;
42+
public DemoFunction(HttpSession session) {
43+
this.session = session;
44+
}
3745

3846
public static void test() throws Exception {
3947
int i0 = 1, i1 = -2;
@@ -61,35 +69,76 @@ public static void test() throws Exception {
6169
request.put("object", object);
6270

6371

64-
Log.i(TAG, "plus(1,-2) = " + invoke(request, "plus(i0,i1)"));
65-
Log.i(TAG, "count([1,2,4,10]) = " + invoke(request, "countArray(array)"));
66-
Log.i(TAG, "isContain([1,2,4,10], 10) = " + invoke(request, "isContain(array,id)"));
67-
Log.i(TAG, "getFromArray([1,2,4,10], 0) = " + invoke(request, "getFromArray(array,@position)"));
68-
Log.i(TAG, "getFromObject({key:true}, key) = " + invoke(request, "getFromObject(object,key)"));
72+
Log.i(TAG, "plus(1,-2) = " + new DemoFunction(null).invoke(request, "plus(i0,i1)"));
73+
Log.i(TAG, "count([1,2,4,10]) = " + new DemoFunction(null).invoke(request, "countArray(array)"));
74+
Log.i(TAG, "isContain([1,2,4,10], 10) = " + new DemoFunction(null).invoke(request, "isContain(array,id)"));
75+
Log.i(TAG, "getFromArray([1,2,4,10], 0) = " + new DemoFunction(null).invoke(request, "getFromArray(array,@position)"));
76+
Log.i(TAG, "getFromObject({key:true}, key) = " + new DemoFunction(null).invoke(request, "getFromObject(object,key)"));
6977

7078
}
7179

7280

7381

74-
public static final DemoFunction instance;
75-
static {
76-
instance = new DemoFunction();
77-
}
82+
7883
/**反射调用
7984
* @param request
8085
* @param function 例如get(object,key),参数只允许引用,不能直接传值
8186
* @return
8287
*/
83-
public static Object invoke(JSONObject request, String function) throws Exception {
88+
public Object invoke(JSONObject request, String function) throws Exception {
8489
//TODO 不允许调用invoke,避免死循环
8590
// if (function.startsWith("invoke(")) {
8691
//
8792
// }
88-
return invoke(instance, request, function);
93+
return invoke(this, request, function);
8994
}
9095

9196

92-
97+
98+
/**
99+
* @param request
100+
* @return
101+
* @throws Exception
102+
*/
103+
public Object verifyIdList(@NotNull JSONObject request, @NotNull String idList) throws Exception {
104+
Object obj = request.get(idList);
105+
if (obj instanceof Collection == false) {
106+
throw new IllegalArgumentException(idList + " 不符合 Array 类型! 结构必须是 [] !");
107+
}
108+
JSONArray array = (JSONArray) obj;
109+
if (array != null) {
110+
for (int i = 0; i < array.size(); i++) {
111+
if (array.get(i) instanceof Long == false && array.get(i) instanceof Integer == false) {
112+
throw new IllegalArgumentException(idList + " 内字符 " + array.getString(i) + " 不符合 Long 类型!");
113+
}
114+
}
115+
}
116+
return null;
117+
}
118+
119+
120+
/**
121+
* @param request
122+
* @return
123+
* @throws Exception
124+
*/
125+
public Object verifyURLList(@NotNull JSONObject request, @NotNull String urlList) throws Exception {
126+
Object obj = request.get(urlList);
127+
if (obj instanceof Collection == false) {
128+
throw new IllegalArgumentException(urlList + " 不符合 Array 类型! 结构必须是 [] !");
129+
}
130+
JSONArray array = (JSONArray) obj;
131+
if (array != null) {
132+
for (int i = 0; i < array.size(); i++) {
133+
if (StringUtil.isUrl(array.getString(i)) == false) {
134+
throw new IllegalArgumentException(urlList + " 内字符 " + array.getString(i) + " 不符合 URL 格式!");
135+
}
136+
}
137+
}
138+
return null;
139+
}
140+
141+
93142

94143
/**TODO 仅用来测试 "key-()":"getIdList()" 和 "key()":"getIdList()"
95144
* @param request
@@ -99,6 +148,7 @@ public static Object invoke(JSONObject request, String function) throws Exceptio
99148
public JSONArray getIdList(@NotNull JSONObject request) throws Exception {
100149
return new JSONArray(new ArrayList<Object>(Arrays.asList(12, 15, 301, 82001, 82002, 38710)));
101150
}
151+
102152

103153
/**TODO 仅用来测试 "key-()":"verifyAccess()"
104154
* @param request
@@ -108,8 +158,8 @@ public JSONArray getIdList(@NotNull JSONObject request) throws Exception {
108158
public Object verifyAccess(@NotNull JSONObject request) throws Exception {
109159
long userId = request.getLongValue(zuo.biao.apijson.JSONObject.KEY_USER_ID);
110160
RequestRole role = RequestRole.get(request.getString(zuo.biao.apijson.JSONObject.KEY_ROLE));
111-
if (userId != 70793 && role == RequestRole.ADMIN) {
112-
throw new IllegalAccessException("verifyAccess:ADMIN账号只能为70793!");
161+
if (role == RequestRole.OWNER && userId != DemoVerifier.getVisitorId(session)) {
162+
throw new IllegalAccessException("登录用户与角色OWNER不匹配!");
113163
}
114164
return null;
115165
}

APIJSON-Java-Server/APIJSONDemo/src/main/java/apijson/demo/server/DemoObjectParser.java

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414

1515
package apijson.demo.server;
1616

17+
import javax.servlet.http.HttpSession;
1718
import javax.validation.constraints.NotNull;
1819

1920
import com.alibaba.fastjson.JSONObject;
@@ -37,14 +38,16 @@ public abstract class DemoObjectParser extends AbstractObjectParser {
3738
}
3839

3940

41+
private DemoFunction function;
4042
/**for single object
4143
* @param parentPath
4244
* @param request
4345
* @param name
4446
* @throws Exception
4547
*/
46-
public DemoObjectParser(@NotNull JSONObject request, String parentPath, String name, SQLConfig arrayConfig) throws Exception {
48+
public DemoObjectParser(HttpSession session, @NotNull JSONObject request, String parentPath, String name, SQLConfig arrayConfig) throws Exception {
4749
super(request, parentPath, name, arrayConfig);
50+
function = new DemoFunction(session);
4851
}
4952

5053
@Override
@@ -66,8 +69,8 @@ public SQLConfig newSQLConfig() throws Exception {
6669

6770

6871
@Override
69-
public Object onFunctionParse(JSONObject json, String function) throws Exception {
70-
return DemoFunction.invoke(json, function);
72+
public Object onFunctionParse(JSONObject json, String fun) throws Exception {
73+
return function.invoke(json, fun);
7174
}
7275

7376

APIJSON-Java-Server/APIJSONDemo/src/main/java/apijson/demo/server/DemoParser.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ public SQLExecutor createSQLExecutor() {
7373
@Override
7474
public DemoObjectParser createObjectParser(JSONObject request, String parentPath, String name, SQLConfig arrayConfig) throws Exception {
7575

76-
return new DemoObjectParser(request, parentPath, name, arrayConfig) {
76+
return new DemoObjectParser(session, request, parentPath, name, arrayConfig) {
7777

7878
//TODO 删除,onPUTArrayParse改用MySQL函数JSON_ADD, JSON_REMOVE等
7979
@Override

0 commit comments

Comments
 (0)