From 424306f77600d483dfc0dd230729f22dd534b886 Mon Sep 17 00:00:00 2001 From: wayn <1669738430@qq.com> Date: Thu, 16 Nov 2023 22:30:43 +0800 Subject: [PATCH] =?UTF-8?q?feat(=E5=95=86=E5=9F=8E):=20=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../base/controller/BaseController.java | 44 +++++++------- .../common/convert/MallConfigConvert.java | 25 ++++++++ .../domain/shop/vo/HomeIndexResponseVO.java | 2 +- .../domain/shop/vo/MallConfigResponseVO.java | 60 +++++++++++++++++++ .../shop/vo/RecommonGoodsResponseVO.java | 20 +++++++ .../com/wayn/common/util/sql/SqlUtil.java | 59 ++++++++++++++++++ .../mobile/api/controller/HomeController.java | 9 ++- .../wayn/mobile/api/service/IHomeService.java | 8 ++- .../api/service/impl/IHomeServiceImpl.java | 18 +++--- 9 files changed, 208 insertions(+), 37 deletions(-) create mode 100644 waynboot-common/src/main/java/com/wayn/common/convert/MallConfigConvert.java create mode 100644 waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/MallConfigResponseVO.java create mode 100644 waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/RecommonGoodsResponseVO.java create mode 100644 waynboot-common/src/main/java/com/wayn/common/util/sql/SqlUtil.java diff --git a/waynboot-common/src/main/java/com/wayn/common/base/controller/BaseController.java b/waynboot-common/src/main/java/com/wayn/common/base/controller/BaseController.java index 1f78155..911d99f 100644 --- a/waynboot-common/src/main/java/com/wayn/common/base/controller/BaseController.java +++ b/waynboot-common/src/main/java/com/wayn/common/base/controller/BaseController.java @@ -5,9 +5,11 @@ import com.alibaba.fastjson.serializer.SerializerFeature; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.core.metadata.OrderItem; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; +import com.baomidou.mybatisplus.extension.toolkit.SqlParserUtils; import com.wayn.common.constant.Constants; import com.wayn.common.util.ServletUtils; import com.wayn.common.util.http.HttpUtil; +import com.wayn.common.util.sql.SqlUtil; import jakarta.servlet.ServletContext; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -52,36 +54,35 @@ public class BaseController { /** * 获取分页对象 + * * @param * @return 返回分页对象 */ protected Page getPage() { - //设置通用分页 - try { - Integer pageNumber = ServletUtils.getParameterToInt(Constants.PAGE_NUMBER, "1"); - Integer pageSize = ServletUtils.getParameterToInt(Constants.PAGE_SIZE, "10"); - String sortName = ServletUtils.getParameter(Constants.SORT_NAME); - String sortOrder = ServletUtils.getParameter(Constants.SORT_ORDER); - Page tPage = new Page<>(pageNumber, pageSize); - if (StringUtils.isNotEmpty(sortName)) { - String[] split = sortName.split(","); - for (String s : split) { - OrderItem orderItem = new OrderItem(); - orderItem.setColumn(s.replaceAll("[A-Z]", "_$0").toLowerCase()); - orderItem.setAsc(sortOrder == null || !sortOrder.startsWith(Constants.ORDER_DESC)); - tPage.addOrder(orderItem); - } + // 设置通用分页 + Integer pageNumber = ServletUtils.getParameterToInt(Constants.PAGE_NUMBER, "1"); + Integer pageSize = ServletUtils.getParameterToInt(Constants.PAGE_SIZE, "10"); + String sortName = ServletUtils.getParameter(Constants.SORT_NAME); + String sortOrder = ServletUtils.getParameter(Constants.SORT_ORDER); + Page tPage = new Page<>(pageNumber, pageSize); + if (StringUtils.isNotEmpty(sortName)) { + sortName = SqlUtil.escapeOrderBySql(sortName); + sortOrder = SqlUtil.escapeOrderBySql(sortOrder); + String[] split = sortName.split(","); + for (String s : split) { + OrderItem orderItem = new OrderItem(); + orderItem.setColumn(s.replaceAll("[A-Z]", "_$0").toLowerCase()); + orderItem.setAsc(sortOrder == null || !sortOrder.startsWith(Constants.ORDER_DESC)); + tPage.addOrder(orderItem); } - return tPage; - } catch (Exception e) { - // log.error(e.getMessage(), e); - return getPage(1, 10); } + return tPage; } /** * 获取分页对象 + * * @param pageNumber 当前页 * @param * @return 返回分页对象 @@ -95,8 +96,8 @@ public class BaseController { * 获取分页对象 *

* - * @param pageNumber 当前页 - * @param pageSize 分页数 + * @param pageNumber 当前页 + * @param pageSize 分页数 * @param * @return 返回分页对象 */ @@ -147,7 +148,6 @@ public class BaseController { * @param object 转换对象 * @param format 序列化特点 * @return json字符串 - * */ protected String toJson(Object object, String format) { if (format == null) { diff --git a/waynboot-common/src/main/java/com/wayn/common/convert/MallConfigConvert.java b/waynboot-common/src/main/java/com/wayn/common/convert/MallConfigConvert.java new file mode 100644 index 0000000..7144365 --- /dev/null +++ b/waynboot-common/src/main/java/com/wayn/common/convert/MallConfigConvert.java @@ -0,0 +1,25 @@ +package com.wayn.common.convert; + +import com.wayn.common.config.WaynConfig; +import com.wayn.common.core.domain.shop.vo.MallConfigResponseVO; + +/** + * @author: waynaqua + * @date: 2023/11/13 23:10 + */ +public class MallConfigConvert { + + public static MallConfigResponseVO convertMallConfig() { + + return MallConfigResponseVO.builder() + .freightLimit(WaynConfig.getFreightLimit()) + .freightPrice(WaynConfig.getFreightPrice()) + .mobileUrl(WaynConfig.getMobileUrl()) + .email(WaynConfig.getEmail()) + .name(WaynConfig.getName()) + .unpaidOrderCancelDelayTime(WaynConfig.getUnpaidOrderCancelDelayTime()) + .version(WaynConfig.getVersion()) + .uploadDir(WaynConfig.getUploadDir()) + .build(); + } +} diff --git a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/HomeIndexResponseVO.java b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/HomeIndexResponseVO.java index eaec164..e345bad 100644 --- a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/HomeIndexResponseVO.java +++ b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/HomeIndexResponseVO.java @@ -19,7 +19,7 @@ public class HomeIndexResponseVO implements Serializable { private static final long serialVersionUID = -14732478530341760L; private List bannerList; - private List categoryList; + private List diamondList; private List newGoodsList; private List hotGoodsList; } diff --git a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/MallConfigResponseVO.java b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/MallConfigResponseVO.java new file mode 100644 index 0000000..2249a94 --- /dev/null +++ b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/MallConfigResponseVO.java @@ -0,0 +1,60 @@ +package com.wayn.common.core.domain.shop.vo; + +import lombok.Builder; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; +import java.math.BigDecimal; + +/** + * @author: waynaqua + * @date: 2023/11/13 23:08 + */ +@Data +@Builder +public class MallConfigResponseVO implements Serializable { + + @Serial + private static final long serialVersionUID = -4620022749379145372L; + /** + * 上传路径 + */ + private String uploadDir; + + /** + * 项目名称 + */ + private String name; + /** + * 项目版本 + */ + private String version; + /** + * 联系邮件 + */ + private String email; + + /** + * 管理后台地址 + */ + private String adminUrl; + /** + * 商城移动端地址 + */ + private String mobileUrl; + + /** + * 未支付订单延时取消时间 + */ + private Integer unpaidOrderCancelDelayTime; + + /** + * 商城免运费限额 + */ + private BigDecimal freightLimit; + /** + * 商城运费 + */ + private BigDecimal freightPrice; +} diff --git a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/RecommonGoodsResponseVO.java b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/RecommonGoodsResponseVO.java new file mode 100644 index 0000000..3d9cf11 --- /dev/null +++ b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/RecommonGoodsResponseVO.java @@ -0,0 +1,20 @@ +package com.wayn.common.core.domain.shop.vo; + +import com.wayn.common.core.domain.shop.Goods; +import lombok.Data; + +import java.io.Serial; +import java.io.Serializable; +import java.util.List; + +/** + * @author: waynaqua + * @date: 2023/11/13 23:32 + */ +@Data +public class RecommonGoodsResponseVO implements Serializable { + @Serial + private static final long serialVersionUID = 6261274861901027930L; + + private List data; +} diff --git a/waynboot-common/src/main/java/com/wayn/common/util/sql/SqlUtil.java b/waynboot-common/src/main/java/com/wayn/common/util/sql/SqlUtil.java new file mode 100644 index 0000000..1194e24 --- /dev/null +++ b/waynboot-common/src/main/java/com/wayn/common/util/sql/SqlUtil.java @@ -0,0 +1,59 @@ +package com.wayn.common.util.sql; + +import cn.hutool.core.exceptions.UtilException; +import org.apache.commons.lang3.StringUtils; + +/** + * sql操作工具类 + */ +public class SqlUtil { + /** + * 定义常用的 sql关键字 + */ + public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()"; + + /** + * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序) + */ + public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+"; + + /** + * 限制orderBy最大长度 + */ + private static final int ORDER_BY_MAX_LENGTH = 500; + + /** + * 检查字符,防止注入绕过 + */ + public static String escapeOrderBySql(String value) { + if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) { + throw new UtilException("参数不符合规范,不能进行查询"); + } + if (StringUtils.length(value) > ORDER_BY_MAX_LENGTH) { + throw new UtilException("参数已超过最大限制,不能进行查询"); + } + return value; + } + + /** + * 验证 order by 语法是否符合规范 + */ + public static boolean isValidOrderBySql(String value) { + return value.matches(SQL_PATTERN); + } + + /** + * SQL关键字检查 + */ + public static void filterKeyword(String value) { + if (StringUtils.isEmpty(value)) { + return; + } + String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|"); + for (String sqlKeyword : sqlKeywords) { + if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) { + throw new UtilException("参数存在SQL注入风险"); + } + } + } +} diff --git a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/controller/HomeController.java b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/controller/HomeController.java index 27fc897..d7343d5 100644 --- a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/controller/HomeController.java +++ b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/controller/HomeController.java @@ -7,7 +7,6 @@ import com.wayn.common.util.R; import com.wayn.mobile.api.service.IHomeService; import lombok.AllArgsConstructor; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -35,7 +34,7 @@ public class HomeController extends BaseController { */ @GetMapping("mallConfig") public R mallConfig() { - return iHomeService.mallConfig(); + return R.success(iHomeService.mallConfig()); } /** @@ -43,10 +42,10 @@ public class HomeController extends BaseController { * * @return R */ - @GetMapping("goodsList") - public R getGoodsList() { + @GetMapping("recommonGoodsList") + public R recommonGoodsList() { Page page = getPage(); - return iHomeService.listGoodsPage(page); + return R.success(iHomeService.listGoodsPage(page)); } } diff --git a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/IHomeService.java b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/IHomeService.java index f999a4e..d34fc67 100644 --- a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/IHomeService.java +++ b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/IHomeService.java @@ -3,8 +3,12 @@ package com.wayn.mobile.api.service; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; import com.wayn.common.core.domain.shop.Goods; import com.wayn.common.core.domain.shop.vo.HomeIndexResponseVO; +import com.wayn.common.core.domain.shop.vo.MallConfigResponseVO; +import com.wayn.common.core.domain.shop.vo.RecommonGoodsResponseVO; import com.wayn.common.util.R; +import java.util.List; + public interface IHomeService { /** @@ -22,12 +26,12 @@ public interface IHomeService { * @param page 分页对象 * @return r */ - R listGoodsPage(Page page); + RecommonGoodsResponseVO listGoodsPage(Page page); /** * 商城配置 * * @return r */ - R mallConfig(); + MallConfigResponseVO mallConfig(); } diff --git a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/impl/IHomeServiceImpl.java b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/impl/IHomeServiceImpl.java index 6b6717f..b42c1bd 100644 --- a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/impl/IHomeServiceImpl.java +++ b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/impl/IHomeServiceImpl.java @@ -3,15 +3,16 @@ package com.wayn.mobile.api.service.impl; import com.baomidou.mybatisplus.core.metadata.IPage; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.baomidou.mybatisplus.extension.plugins.pagination.Page; -import com.wayn.common.config.WaynConfig; +import com.wayn.common.convert.MallConfigConvert; import com.wayn.common.core.domain.shop.Banner; import com.wayn.common.core.domain.shop.Diamond; import com.wayn.common.core.domain.shop.Goods; import com.wayn.common.core.domain.shop.vo.HomeIndexResponseVO; +import com.wayn.common.core.domain.shop.vo.MallConfigResponseVO; +import com.wayn.common.core.domain.shop.vo.RecommonGoodsResponseVO; import com.wayn.common.core.service.shop.IBannerService; import com.wayn.common.core.service.shop.IDiamondService; import com.wayn.common.core.service.shop.IGoodsService; -import com.wayn.common.util.R; import com.wayn.mobile.api.service.IHomeService; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -47,7 +48,7 @@ public class IHomeServiceImpl implements IHomeService { .thenAccept(responseVO::setBannerList); CompletableFuture f2 = CompletableFuture.supplyAsync( () -> iDiamondService.list(Wrappers.lambdaQuery(Diamond.class).orderByAsc(Diamond::getSort).last("limit 10")), commonThreadPoolTaskExecutor) - .thenAccept(responseVO::setCategoryList); + .thenAccept(responseVO::setDiamondList); CompletableFuture f3 = CompletableFuture.supplyAsync( () -> iGoodsService.selectHomeIndexGoods(Goods.builder().isNew(true).build()), commonThreadPoolTaskExecutor) .thenAccept(responseVO::setNewGoodsList); @@ -67,14 +68,17 @@ public class IHomeServiceImpl implements IHomeService { } @Override - public R listGoodsPage(Page page) { + public RecommonGoodsResponseVO listGoodsPage(Page page) { + RecommonGoodsResponseVO responseVO = new RecommonGoodsResponseVO(); IPage goodsIPage = iGoodsService.listPage(page, new Goods()); - return R.success().add("data", goodsIPage.getRecords()); + responseVO.setData(goodsIPage.getRecords()); + return responseVO; + } @Override - public R mallConfig() { - return R.success().add("freightLimit", WaynConfig.getFreightLimit()); + public MallConfigResponseVO mallConfig() { + return MallConfigConvert.convertMallConfig(); } }