Skip to content

Commit 8510cca

Browse files
TommyLemonTommyLemon
committed
Server:userId,userId{}在WHERE条件中强制置前,仅次于id,id{},提高安全和性能
1 parent 6307a8b commit 8510cca

File tree

3 files changed

+36
-11
lines changed

3 files changed

+36
-11
lines changed

APIJSON-Java-Server/APIJSON-Eclipse/APIJSONLibrary/src/main/java/zuo/biao/apijson/JSONResponse.java

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,8 +67,6 @@ public JSONResponse(JSONObject object) {
6767

6868
public static final String KEY_CODE = "code";
6969
public static final String KEY_MSG = "msg";
70-
public static final String KEY_ID = "id";
71-
public static final String KEY_ID_IN = KEY_ID + "{}";
7270
public static final String KEY_COUNT = "count";
7371
public static final String KEY_TOTAL = "total";
7472

APIJSON-Java-Server/APIJSON-Eclipse/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java

Lines changed: 35 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@
2121
import static zuo.biao.apijson.JSONObject.KEY_HAVING;
2222
import static zuo.biao.apijson.JSONObject.KEY_ID;
2323
import static zuo.biao.apijson.JSONObject.KEY_ID_IN;
24+
import static zuo.biao.apijson.JSONObject.KEY_USER_ID;
25+
import static zuo.biao.apijson.JSONObject.KEY_USER_ID_IN;
2426
import static zuo.biao.apijson.JSONObject.KEY_ORDER;
2527
import static zuo.biao.apijson.JSONObject.KEY_ROLE;
2628
import static zuo.biao.apijson.JSONObject.KEY_SCHEMA;
@@ -39,6 +41,7 @@
3941
import java.util.LinkedHashMap;
4042
import java.util.List;
4143
import java.util.Map;
44+
import java.util.Map.Entry;
4245
import java.util.Set;
4346

4447
import com.alibaba.fastjson.JSON;
@@ -511,16 +514,35 @@ public String getWhereString() throws Exception {
511514
* @throws Exception
512515
*/
513516
public static String getWhereString(RequestMethod method, Map<String, Object> where, boolean verifyName) throws Exception {
514-
Set<String> set = where == null ? null : where.keySet();
515-
if (set == null || set.isEmpty()) {
517+
Map<String, Object> where2 = where == null || where.isEmpty() ? null : new LinkedHashMap<String, Object>();
518+
if (where2 == null) {
516519
return "";
517520
}
518-
String whereString = "";
521+
522+
//强制排序,把id,id{},userId,userId{}放最前面,保证安全、优化性能
523+
Object id = where.remove(KEY_ID);
524+
Object idIn = where.remove(KEY_ID_IN);
525+
Object userId = where.remove(KEY_USER_ID);
526+
Object userIdIn = where.remove(KEY_USER_ID_IN);
527+
528+
where2.put(KEY_ID, id);
529+
where2.put(KEY_ID_IN, idIn);
530+
where2.put(KEY_USER_ID, userId);
531+
where2.put(KEY_USER_ID_IN, userIdIn);
532+
where2.putAll(where);
533+
534+
535+
Set<Entry<String, Object>> set = where2.entrySet();
536+
519537
boolean isFirst = true;
520-
521538
String condition;
522-
for (String key : set) {
523-
condition = getWhereItem(key, where.get(key), method, verifyName);
539+
String whereString = "";
540+
541+
for (Entry<String, Object> entry : set) {
542+
if (entry == null) {
543+
continue;
544+
}
545+
condition = getWhereItem(entry.getKey(), entry.getValue(), method, verifyName);
524546

525547
if (StringUtil.isEmpty(condition, true)) {//避免SQL条件连接错误
526548
continue;
@@ -530,6 +552,12 @@ public static String getWhereString(RequestMethod method, Map<String, Object> wh
530552

531553
isFirst = false;
532554
}
555+
556+
//还原where,后续可能用到
557+
where.put(KEY_ID, id);
558+
where.put(KEY_ID_IN, idIn);
559+
where.put(KEY_USER_ID, userId);
560+
where.put(KEY_USER_ID_IN, userIdIn);
533561

534562
String s = whereString.isEmpty() ? "" : " WHERE " + whereString;
535563

@@ -1041,8 +1069,7 @@ public static AbstractSQLConfig newSQLConfig(RequestMethod method, String table,
10411069
}
10421070
AbstractSQLConfig config = callback.getSQLConfig(method, table);
10431071

1044-
boolean isEmpty = request.isEmpty();
1045-
if (isEmpty) { // User:{} 这种空内容在查询时也有效
1072+
if (request.isEmpty()) { // User:{} 这种空内容在查询时也有效
10461073
return config; //request.remove(key); 前都可以直接return,之后必须保证 put 回去
10471074
}
10481075

APIJSON-Java-Server/APIJSON-Eclipse/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLExecutor.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ public JSONObject execute(SQLConfig config) throws Exception {
148148
result = AbstractParser.newResult(updateCount > 0 ? JSONResponse.CODE_SUCCESS : JSONResponse.CODE_NOT_FOUND
149149
, updateCount > 0 ? JSONResponse.MSG_SUCCEED : "可能对象不存在!");
150150

151-
//id或id{}一定有,一定会返回,不用抛异常来阻止关联写操作时前面错误导致后面无条件执行!
151+
//id,id{}至少一个会有,一定会返回,不用抛异常来阻止关联写操作时前面错误导致后面无条件执行!
152152
if (config.getId() > 0) {
153153
result.put(JSONResponse.KEY_ID, config.getId());
154154
} else {

0 commit comments

Comments
 (0)