feat(商城): 代码优化

1 year ago · 424306f776
parent 31d266845b
commit 424306f776
9 changed files with 208 additions and 37 deletions
--- a/waynboot-common/src/main/java/com/wayn/common/base/controller/BaseController.java
+++ b/waynboot-common/src/main/java/com/wayn/common/base/controller/BaseController.java
@ -5,9 +5,11 @@ import com.alibaba.fastjson.serializer.SerializerFeature;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.metadata.OrderItem;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.baomidou.mybatisplus.extension.toolkit.SqlParserUtils;
 import com.wayn.common.constant.Constants;
 import com.wayn.common.util.ServletUtils;
 import com.wayn.common.util.http.HttpUtil;
+import com.wayn.common.util.sql.SqlUtil;
 import jakarta.servlet.ServletContext;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@ -52,36 +54,35 @@ public class BaseController {

    /**
     * 获取分页对象
+     *
     * @param <T>
     * @return 返回分页对象
     */
    protected <T> Page<T> getPage() {
-        //设置通用分页
-        try {
-            Integer pageNumber = ServletUtils.getParameterToInt(Constants.PAGE_NUMBER, "1");
-            Integer pageSize = ServletUtils.getParameterToInt(Constants.PAGE_SIZE, "10");
-            String sortName = ServletUtils.getParameter(Constants.SORT_NAME);
-            String sortOrder = ServletUtils.getParameter(Constants.SORT_ORDER);
-            Page<T> tPage = new Page<>(pageNumber, pageSize);
-            if (StringUtils.isNotEmpty(sortName)) {
-                String[] split = sortName.split(",");
-                for (String s : split) {
-                    OrderItem orderItem = new OrderItem();
-                    orderItem.setColumn(s.replaceAll("[A-Z]", "_$0").toLowerCase());
-                    orderItem.setAsc(sortOrder == null || !sortOrder.startsWith(Constants.ORDER_DESC));
-                    tPage.addOrder(orderItem);
-                }
+        // 设置通用分页
+        Integer pageNumber = ServletUtils.getParameterToInt(Constants.PAGE_NUMBER, "1");
+        Integer pageSize = ServletUtils.getParameterToInt(Constants.PAGE_SIZE, "10");
+        String sortName = ServletUtils.getParameter(Constants.SORT_NAME);
+        String sortOrder = ServletUtils.getParameter(Constants.SORT_ORDER);
+        Page<T> tPage = new Page<>(pageNumber, pageSize);
+        if (StringUtils.isNotEmpty(sortName)) {
+            sortName = SqlUtil.escapeOrderBySql(sortName);
+            sortOrder = SqlUtil.escapeOrderBySql(sortOrder);
+            String[] split = sortName.split(",");
+            for (String s : split) {
+                OrderItem orderItem = new OrderItem();
+                orderItem.setColumn(s.replaceAll("[A-Z]", "_$0").toLowerCase());
+                orderItem.setAsc(sortOrder == null || !sortOrder.startsWith(Constants.ORDER_DESC));
+                tPage.addOrder(orderItem);
            }
-            return tPage;
-        } catch (Exception e) {
-            // log.error(e.getMessage(), e);
-            return getPage(1, 10);
        }
+        return tPage;
    }


    /**
     * 获取分页对象
+     *
     * @param pageNumber 当前页
     * @param <T>
     * @return 返回分页对象
@ -95,8 +96,8 @@ public class BaseController {
     * 获取分页对象
     * </p>
     *
-     * @param pageNumber  当前页
-     * @param pageSize    分页数
+     * @param pageNumber 当前页
+     * @param pageSize   分页数
     * @param <T>
     * @return 返回分页对象
     */
@ -147,7 +148,6 @@ public class BaseController {
     * @param object 转换对象
     * @param format 序列化特点
     * @return json字符串
-     *
     */
    protected String toJson(Object object, String format) {
        if (format == null) {
--- a/waynboot-common/src/main/java/com/wayn/common/convert/MallConfigConvert.java
+++ b/waynboot-common/src/main/java/com/wayn/common/convert/MallConfigConvert.java
@ -0,0 +1,25 @@
+package com.wayn.common.convert;
+
+import com.wayn.common.config.WaynConfig;
+import com.wayn.common.core.domain.shop.vo.MallConfigResponseVO;
+
+/**
+ * @author: waynaqua
+ * @date: 2023/11/13 23:10
+ */
+public class MallConfigConvert {
+
+    public static MallConfigResponseVO convertMallConfig() {
+
+        return MallConfigResponseVO.builder()
+                .freightLimit(WaynConfig.getFreightLimit())
+                .freightPrice(WaynConfig.getFreightPrice())
+                .mobileUrl(WaynConfig.getMobileUrl())
+                .email(WaynConfig.getEmail())
+                .name(WaynConfig.getName())
+                .unpaidOrderCancelDelayTime(WaynConfig.getUnpaidOrderCancelDelayTime())
+                .version(WaynConfig.getVersion())
+                .uploadDir(WaynConfig.getUploadDir())
+                .build();
+    }
+}
--- a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/HomeIndexResponseVO.java
+++ b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/HomeIndexResponseVO.java
@ -19,7 +19,7 @@ public class HomeIndexResponseVO implements Serializable {
    private static final long serialVersionUID = -14732478530341760L;

    private List<Banner> bannerList;
-    private List<Diamond> categoryList;
+    private List<Diamond> diamondList;
    private List<Goods> newGoodsList;
    private List<Goods> hotGoodsList;
 }
--- a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/MallConfigResponseVO.java
+++ b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/MallConfigResponseVO.java
@ -0,0 +1,60 @@
+package com.wayn.common.core.domain.shop.vo;
+
+import lombok.Builder;
+import lombok.Data;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.math.BigDecimal;
+
+/**
+ * @author: waynaqua
+ * @date: 2023/11/13 23:08
+ */
+@Data
+@Builder
+public class MallConfigResponseVO implements Serializable {
+
+    @Serial
+    private static final long serialVersionUID = -4620022749379145372L;
+    /**
+     * 上传路径
+     */
+    private String uploadDir;
+
+    /**
+     * 项目名称
+     */
+    private String name;
+    /**
+     * 项目版本
+     */
+    private String version;
+    /**
+     * 联系邮件
+     */
+    private String email;
+
+    /**
+     * 管理后台地址
+     */
+    private String adminUrl;
+    /**
+     * 商城移动端地址
+     */
+    private String mobileUrl;
+
+    /**
+     * 未支付订单延时取消时间
+     */
+    private Integer unpaidOrderCancelDelayTime;
+
+    /**
+     * 商城免运费限额
+     */
+    private BigDecimal freightLimit;
+    /**
+     * 商城运费
+     */
+    private BigDecimal freightPrice;
+}
--- a/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/RecommonGoodsResponseVO.java
+++ b/waynboot-common/src/main/java/com/wayn/common/core/domain/shop/vo/RecommonGoodsResponseVO.java
@ -0,0 +1,20 @@
+package com.wayn.common.core.domain.shop.vo;
+
+import com.wayn.common.core.domain.shop.Goods;
+import lombok.Data;
+
+import java.io.Serial;
+import java.io.Serializable;
+import java.util.List;
+
+/**
+ * @author: waynaqua
+ * @date: 2023/11/13 23:32
+ */
+@Data
+public class RecommonGoodsResponseVO implements Serializable {
+    @Serial
+    private static final long serialVersionUID = 6261274861901027930L;
+
+    private List<Goods> data;
+}
--- a/waynboot-common/src/main/java/com/wayn/common/util/sql/SqlUtil.java
+++ b/waynboot-common/src/main/java/com/wayn/common/util/sql/SqlUtil.java
@ -0,0 +1,59 @@
+package com.wayn.common.util.sql;
+
+import cn.hutool.core.exceptions.UtilException;
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * sql操作工具类
+ */
+public class SqlUtil {
+    /**
+     * 定义常用的 sql关键字
+     */
+    public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()";
+
+    /**
+     * 仅支持字母、数字、下划线、空格、逗号、小数点（支持多个字段排序）
+     */
+    public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+";
+
+    /**
+     * 限制orderBy最大长度
+     */
+    private static final int ORDER_BY_MAX_LENGTH = 500;
+
+    /**
+     * 检查字符，防止注入绕过
+     */
+    public static String escapeOrderBySql(String value) {
+        if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) {
+            throw new UtilException("参数不符合规范，不能进行查询");
+        }
+        if (StringUtils.length(value) > ORDER_BY_MAX_LENGTH) {
+            throw new UtilException("参数已超过最大限制，不能进行查询");
+        }
+        return value;
+    }
+
+    /**
+     * 验证 order by 语法是否符合规范
+     */
+    public static boolean isValidOrderBySql(String value) {
+        return value.matches(SQL_PATTERN);
+    }
+
+    /**
+     * SQL关键字检查
+     */
+    public static void filterKeyword(String value) {
+        if (StringUtils.isEmpty(value)) {
+            return;
+        }
+        String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|");
+        for (String sqlKeyword : sqlKeywords) {
+            if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) {
+                throw new UtilException("参数存在SQL注入风险");
+            }
+        }
+    }
+}
--- a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/controller/HomeController.java
+++ b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/controller/HomeController.java
@ -7,7 +7,6 @@ import com.wayn.common.util.R;
 import com.wayn.mobile.api.service.IHomeService;
 import lombok.AllArgsConstructor;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;

@ -35,7 +34,7 @@ public class HomeController extends BaseController {
     */
    @GetMapping("mallConfig")
    public R mallConfig() {
-        return iHomeService.mallConfig();
+        return R.success(iHomeService.mallConfig());
    }

    /**
@ -43,10 +42,10 @@ public class HomeController extends BaseController {
     *
     * @return R
     */
-    @GetMapping("goodsList")
-    public R getGoodsList() {
+    @GetMapping("recommonGoodsList")
+    public R recommonGoodsList() {
        Page<Goods> page = getPage();
-        return iHomeService.listGoodsPage(page);
+        return R.success(iHomeService.listGoodsPage(page));
    }
 }

--- a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/IHomeService.java
+++ b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/IHomeService.java
@ -3,8 +3,12 @@ package com.wayn.mobile.api.service;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.wayn.common.core.domain.shop.Goods;
 import com.wayn.common.core.domain.shop.vo.HomeIndexResponseVO;
+import com.wayn.common.core.domain.shop.vo.MallConfigResponseVO;
+import com.wayn.common.core.domain.shop.vo.RecommonGoodsResponseVO;
 import com.wayn.common.util.R;

+import java.util.List;
+
 public interface IHomeService {

    /**
@ -22,12 +26,12 @@ public interface IHomeService {
     * @param page 分页对象
     * @return r
     */
-    R listGoodsPage(Page<Goods> page);
+    RecommonGoodsResponseVO listGoodsPage(Page<Goods> page);

    /**
     * 商城配置
     *
     * @return r
     */
-    R mallConfig();
+    MallConfigResponseVO mallConfig();
 }
--- a/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/impl/IHomeServiceImpl.java
+++ b/waynboot-mobile-api/src/main/java/com/wayn/mobile/api/service/impl/IHomeServiceImpl.java
@ -3,15 +3,16 @@ package com.wayn.mobile.api.service.impl;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import com.wayn.common.config.WaynConfig;
+import com.wayn.common.convert.MallConfigConvert;
 import com.wayn.common.core.domain.shop.Banner;
 import com.wayn.common.core.domain.shop.Diamond;
 import com.wayn.common.core.domain.shop.Goods;
 import com.wayn.common.core.domain.shop.vo.HomeIndexResponseVO;
+import com.wayn.common.core.domain.shop.vo.MallConfigResponseVO;
+import com.wayn.common.core.domain.shop.vo.RecommonGoodsResponseVO;
 import com.wayn.common.core.service.shop.IBannerService;
 import com.wayn.common.core.service.shop.IDiamondService;
 import com.wayn.common.core.service.shop.IGoodsService;
-import com.wayn.common.util.R;
 import com.wayn.mobile.api.service.IHomeService;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@ -47,7 +48,7 @@ public class IHomeServiceImpl implements IHomeService {
                    .thenAccept(responseVO::setBannerList);
            CompletableFuture<Void> f2 = CompletableFuture.supplyAsync(
                            () -> iDiamondService.list(Wrappers.lambdaQuery(Diamond.class).orderByAsc(Diamond::getSort).last("limit 10")), commonThreadPoolTaskExecutor)
-                    .thenAccept(responseVO::setCategoryList);
+                    .thenAccept(responseVO::setDiamondList);
            CompletableFuture<Void> f3 = CompletableFuture.supplyAsync(
                            () -> iGoodsService.selectHomeIndexGoods(Goods.builder().isNew(true).build()), commonThreadPoolTaskExecutor)
                    .thenAccept(responseVO::setNewGoodsList);
@ -67,14 +68,17 @@ public class IHomeServiceImpl implements IHomeService {
    }

    @Override
-    public R listGoodsPage(Page<Goods> page) {
+    public RecommonGoodsResponseVO listGoodsPage(Page<Goods> page) {
+        RecommonGoodsResponseVO responseVO = new RecommonGoodsResponseVO();
        IPage<Goods> goodsIPage = iGoodsService.listPage(page, new Goods());
-        return R.success().add("data", goodsIPage.getRecords());
+        responseVO.setData(goodsIPage.getRecords());
+        return responseVO;
+
    }

    @Override
-    public R mallConfig() {
-        return R.success().add("freightLimit", WaynConfig.getFreightLimit());
+    public MallConfigResponseVO mallConfig() {
+        return MallConfigConvert.convertMallConfig();
    }

 }