From 84694611c86fb3481d7a1623c9481b941b16dbef Mon Sep 17 00:00:00 2001 From: "wei.peng" Date: Mon, 28 Jan 2019 18:14:21 +0800 Subject: [PATCH] =?UTF-8?q?=E6=A8=A1=E6=9D=BF=E7=AE=A1=E7=90=86=20?= =?UTF-8?q?=E5=90=8E=E5=8F=B0=E5=8A=9F=E8=83=BD=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/api/iservice/base/IReportService.java | 22 ++++ .../controller/report/CoreReportController.java | 117 +++++++++------------ .../i3plus/core/apiservice/dao/IReportDao.java | 16 +++ .../core/apiservice/daoimpl/ReportDaoImpl.java | 41 ++++++++ .../apiservice/serviceimpl/base/ReportService.java | 43 ++++++++ .../i3plus/core/apiservice/util/ExcelUtil.java | 1 - 6 files changed, 171 insertions(+), 69 deletions(-) create mode 100644 modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/base/IReportService.java create mode 100644 modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/dao/IReportDao.java create mode 100644 modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/daoimpl/ReportDaoImpl.java create mode 100644 modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/ReportService.java diff --git a/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/base/IReportService.java b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/base/IReportService.java new file mode 100644 index 0000000..a41c23f --- /dev/null +++ b/modules/i3plus-core-api/src/main/java/cn/estsh/i3plus/core/api/iservice/base/IReportService.java @@ -0,0 +1,22 @@ +package cn.estsh.i3plus.core.api.iservice.base; + +import cn.estsh.i3plus.pojo.model.report.TemplateModel; +import io.swagger.annotations.ApiOperation; + +import java.util.List; + +/** + * @Description : + * @Reference : + * @Author : Adair Peng + * @CreateDate : 2019-01-20 16:04 + * @Modify: + **/ +public interface IReportService { + + @ApiOperation(value = "HQL 入侵检查",notes = "入侵检查") + void checkReportHQL(String hql); + + @ApiOperation(value = "HQL 执行",notes = "执行 HQL") + List selectTemplateModel(TemplateModel model) throws Exception; +} diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/report/CoreReportController.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/report/CoreReportController.java index a734ed9..9de7261 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/report/CoreReportController.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/controller/report/CoreReportController.java @@ -1,14 +1,17 @@ package cn.estsh.i3plus.core.apiservice.controller.report; +import cn.estsh.i3plus.core.api.iservice.base.IReportService; import cn.estsh.i3plus.core.api.iservice.busi.ISysRoleService; import cn.estsh.i3plus.platform.common.tool.ClassTool; import cn.estsh.i3plus.platform.common.tool.StringTool; import cn.estsh.i3plus.platform.common.util.PlatformConstWords; +import cn.estsh.i3plus.pojo.base.annotation.RefPojo; import cn.estsh.i3plus.pojo.base.bean.BaseResultBean; import cn.estsh.i3plus.pojo.base.enumutil.CommonEnumUtil; import cn.estsh.i3plus.pojo.base.enumutil.ResourceEnumUtil; import cn.estsh.i3plus.pojo.model.common.ClassFieldModel; import cn.estsh.i3plus.pojo.model.common.ClassModel; +import cn.estsh.i3plus.pojo.model.report.TemplateModel; import cn.estsh.i3plus.pojo.platform.bean.SysRole; import cn.estsh.impp.framework.boot.exception.ImppBusiException; import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder; @@ -17,6 +20,7 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; import org.apache.commons.lang3.StringUtils; +import org.hibernate.QueryException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -39,13 +43,16 @@ public class CoreReportController { public String pojoPackagePath; @Autowired - private ISysRoleService sysRoleService; + private ISysRoleService roleService; + + @Autowired + private IReportService reportService; @GetMapping(value = "/role/list") @ApiOperation(value = "查询所有角色", notes = "查询所有系统角色") public ResultBean findAll() { try { - List list = sysRoleService.findSysRoleAll(); + List list = roleService.findSysRoleAll(); return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()).setResultList(list); } catch (ImppBusiException busExcep) { return ResultBean.fail(busExcep); @@ -58,7 +65,7 @@ public class CoreReportController { @ApiOperation(value = "查询所有角色", notes = "查询所有系统角色") public ResultBean findRoleByIdList(@RequestBody String[] ids) { try { - List list = sysRoleService.findSysRoleByInId(StringTool.getArrayLong(ids)); + List list = roleService.findSysRoleByInId(StringTool.getArrayLong(ids)); return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()).setResultList(list); } catch (ImppBusiException busExcep) { return ResultBean.fail(busExcep); @@ -67,7 +74,23 @@ public class CoreReportController { } } - @GetMapping(value="/list-clz-model") + @PostMapping(value="/template-model/run") + @ApiOperation(value="查询管理后台所有类",notes = "根据核心包路径列出所有类") + public ResultBean runTemplateModel(@RequestBody TemplateModel model){ + LOGGER.info("【执行TemplateModel】TemplateModel:{}",model); + try { + List list = reportService.selectTemplateModel(model); + return ResultBean.success("操作成功").setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()) + .setResultObject(model) + .setResultList(list); + }catch (Exception e){ + return ResultBean.fail("操作失败").setMsg(e.getMessage()).setErrorMsg(e.getLocalizedMessage() + ); + } + } + + + @GetMapping(value="/clz-model/list") @ApiOperation(value="查询管理后台所有类",notes = "根据核心包路径列出所有类") public BaseResultBean listClzModel() { LOGGER.info("【类路径:{}】",pojoPackagePath); @@ -86,37 +109,28 @@ public class CoreReportController { return ResultBean.success("获取类:" + clzList.size()).setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()).setResultList(clzList); } + @GetMapping(value="/clz-model/{classPath}") + @ApiOperation(value="查询管理后台所有类",notes = "根据核心包路径列出所有类") + public BaseResultBean getClzModel(@PathVariable("classPath") String classPath) { + LOGGER.info("【类路径:{}】",pojoPackagePath); + ClassModel model = getClassModel(classPath); + if(model != null){ + if(StringUtils.isNotBlank(model.getClzFullName())){ + List list = getClassFieldModel(model.getClzFullName()); + model.setFieldList(list); + } + } + return ResultBean.success("获取类:" + model.getClzDesc()).setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()).setResultObject(model); + } + @GetMapping(value="/list-clz") @ApiOperation(value="查询管理后台所有类",notes = "根据核心包路径列出所有类") public BaseResultBean listClz() { LOGGER.info("【类路径:{}】",pojoPackagePath); List clzNameList = ClassTool.getClassName(pojoPackagePath, true); List clzList = new ArrayList<>(clzNameList.size()); - Class tmpClz = null; - Api api = null; - ClassModel classModel = null; for(String clzName : clzNameList){ - try { - //注册类 - tmpClz = Class.forName(clzName); - - classModel = new ClassModel(); - classModel.setPackageName(pojoPackagePath); - classModel.setClzFullName(clzName); - classModel.setClzSimpleName(tmpClz.getSimpleName()); - - api = (Api) tmpClz.getAnnotation(Api.class); - if(api != null) { - classModel.setClzDesc(api.value()); - - clzList.add(classModel); - }else{ - //classModel.setClzDesc(clzName); - LOGGER.warn("不添加类:{},因为没有添加api描述", tmpClz); - } - } catch (ClassNotFoundException e) { - LOGGER.error("【类:{}注册出错】",clzName,clzName,e); - } + clzList.add(getClassModel(clzName)); } return ResultBean.success("获取类:" + clzList.size()) @@ -128,40 +142,7 @@ public class CoreReportController { @ApiOperation(value="查询类所有属性") public ResultBean testWms(@RequestParam("clzFullName") String clzFullName) { LOGGER.info("【查询类属性:{}】",clzFullName); - - ApiParam apiParam = null; - Transient tran = null; - List fieldModelList = new ArrayList<>(); - try { - Class tmpClz = Class.forName(clzFullName); - List fields = ClassTool.getAllFieldsList(tmpClz); - ClassFieldModel fieldModel = null; - for(Field f : fields){ - tran = f.getAnnotation(Transient.class); - if(tran == null) { - // 临时对象不需要处理 - fieldModel = new ClassFieldModel(); - fieldModel.setPackageName(pojoPackagePath); - fieldModel.setClzFullName(clzFullName); - fieldModel.setClzSimpleName(tmpClz.getSimpleName()); - fieldModel.setFieldName(f.getName()); - - apiParam = f.getAnnotation(ApiParam.class); - if(apiParam != null){ - fieldModel.setFieldDesc(apiParam.value()); - - fieldModelList.add(fieldModel); - }else{ - //fieldModel.setFieldDesc(fieldModel.getFieldName()); - LOGGER.warn("不添加属性:{},因为没有添加api描述", f.getName()); - } - }else{ - LOGGER.info("【临时属性:{}】",f.getName()); - } - } - } catch (ClassNotFoundException e) { - LOGGER.error("【类:{}实例化出错】",clzFullName,e); - } + List fieldModelList = getClassFieldModel(clzFullName); return ResultBean.success("获取属性:" + fieldModelList.size()) .setCode(ResourceEnumUtil.MESSAGE.SUCCESS.getCode()) .setResultList(fieldModelList); @@ -198,9 +179,11 @@ public class CoreReportController { Class tmpClz = Class.forName(clzFullName); List fields = ClassTool.getAllFieldsList(tmpClz); ClassFieldModel fieldModel = null; + ApiParam apiParam; + Transient tran; for(Field f : fields){ - Transient tran = f.getAnnotation(Transient.class); - if(tran == null) { + tran = f.getAnnotation(Transient.class); + if(tran == null && !"serialVersionUID".equals(f.getName())) { // 临时对象不需要处理 fieldModel = new ClassFieldModel(); fieldModel.setPackageName(pojoPackagePath); @@ -208,13 +191,11 @@ public class CoreReportController { fieldModel.setClzSimpleName(tmpClz.getSimpleName()); fieldModel.setFieldName(f.getName()); - ApiParam apiParam = f.getAnnotation(ApiParam.class); + apiParam = f.getAnnotation(ApiParam.class); if(apiParam != null){ fieldModel.setFieldDesc(apiParam.value()); - fieldModelList.add(fieldModel); - }else{ - LOGGER.warn("不添加属性:{},因为没有添加api描述", f.getName()); } + fieldModelList.add(fieldModel); }else{ LOGGER.info("【临时属性:{}】",f.getName()); } diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/dao/IReportDao.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/dao/IReportDao.java new file mode 100644 index 0000000..ac48bf3 --- /dev/null +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/dao/IReportDao.java @@ -0,0 +1,16 @@ +package cn.estsh.i3plus.core.apiservice.dao; + +import java.util.List; + +/** + * @Description : + * @Reference : + * @Author : Adair Peng + * @CreateDate : 2019-01-20 16:11 + * @Modify: + **/ +public interface IReportDao { + + List findByHqlObjects(String hql, String[] paramName, Object[] paramValue) throws Exception; + +} diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/daoimpl/ReportDaoImpl.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/daoimpl/ReportDaoImpl.java new file mode 100644 index 0000000..ed7893f --- /dev/null +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/daoimpl/ReportDaoImpl.java @@ -0,0 +1,41 @@ +package cn.estsh.i3plus.core.apiservice.daoimpl; + +import cn.estsh.i3plus.core.apiservice.dao.IReportDao; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import javax.persistence.EntityManager; +import javax.persistence.Query; +import java.util.List; + +/** + * @Description : + * @Reference : + * @Author : Adair Peng + * @CreateDate : 2019-01-20 16:14 + * @Modify: + **/ +@Service +public class ReportDaoImpl implements IReportDao { + + public static final Logger LOGGER = LoggerFactory.getLogger(ReportDaoImpl.class); + + @Autowired + private EntityManager entityManager; + + @Override + public List findByHqlObjects(String hql, String[] paramName, Object[] paramValue) throws Exception { + LOGGER.info(" find HQL:{} paramName:{} paramValue:{}", hql, paramName, paramValue); + Query queryObject = entityManager.createQuery(hql); + if(paramName != null && paramValue != null){ + for (int i = 0; i < paramName.length; i++) { + if (paramValue[i] != null) { + queryObject.setParameter(paramName[i], paramValue[i].toString()); + } + } + } + return queryObject.getResultList(); + } +} diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/ReportService.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/ReportService.java new file mode 100644 index 0000000..7d1a666 --- /dev/null +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/serviceimpl/base/ReportService.java @@ -0,0 +1,43 @@ +package cn.estsh.i3plus.core.apiservice.serviceimpl.base; + +import cn.estsh.i3plus.core.api.iservice.base.IReportService; +import cn.estsh.i3plus.core.apiservice.dao.IReportDao; +import cn.estsh.i3plus.pojo.base.tool.HqlPack; +import cn.estsh.i3plus.pojo.model.report.TemplateModel; +import org.hibernate.QueryException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.List; + +/** + * @Description : + * @Reference : + * @Author : Adair Peng + * @CreateDate : 2019-01-20 16:06 + * @Modify: + **/ +@Service +public class ReportService implements IReportService { + + private Logger LOGGER = LoggerFactory.getLogger(ReportService.class); + + @Autowired + private IReportDao reportDao; + + + @Override + public void checkReportHQL(String hql) { + LOGGER.info("报表 HQL 注入检查:{}",hql); + // HQL 非法入侵检查 + hql = HqlPack.getSafeParam(hql); + } + + @Override + public List selectTemplateModel(TemplateModel model) throws Exception{ + LOGGER.info("报表执行 model :{}",model); + return reportDao.findByHqlObjects(model.getHql(), model.getParamName(), model.getParamValue()); + } +} diff --git a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/ExcelUtil.java b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/ExcelUtil.java index 7942173..d2de4b4 100644 --- a/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/ExcelUtil.java +++ b/modules/i3plus-core-apiservice/src/main/java/cn/estsh/i3plus/core/apiservice/util/ExcelUtil.java @@ -12,7 +12,6 @@ import cn.estsh.i3plus.pojo.base.enumutil.ImppEnumUtil; import cn.estsh.i3plus.pojo.platform.bean.SysDictionary; import cn.estsh.i3plus.pojo.platform.bean.SysFile; import cn.estsh.i3plus.pojo.platform.bean.SysMessage; -import cn.estsh.i3plus.pojo.platform.bean.SysTool; import cn.estsh.impp.framework.boot.exception.ImppExceptionBuilder; import cn.estsh.impp.framework.boot.exception.ImppExceptionEnum; import io.swagger.annotations.ApiParam;