From e60bdb6407dfd8c3af68e1228fd0c8c4b2e8ca22 Mon Sep 17 00:00:00 2001 From: XSWL1018 <824576966@qq.com> Date: Mon, 9 Sep 2024 21:24:13 +0800 Subject: [PATCH 1/4] u --- .../common/annotation/sql/DataSecurity.java | 20 +++ .../annotation/sql/MybatisHandlerOrder.java | 14 ++ .../DataSecurityContextHolder.java | 48 ++++++ .../context/page/PageContextHolder.java | 44 ++++++ .../common/context/page/model/PageInfo.java | 63 ++++++++ .../context/page/model/RuoyiTableData.java | 25 +++ .../common/context/page/model/TableInfo.java | 22 +++ .../common/enums/DataSecurityStrategy.java | 8 + .../java/com/ruoyi/common/enums/SqlType.java | 18 +++ .../handler/sql/MybatisAfterHandler.java | 7 + .../common/handler/sql/MybatisPreHandler.java | 15 ++ .../dataSecurity/DataSecurityPreHandler.java | 100 ++++++++++++ .../handler/sql/page/PageAfterHandler.java | 31 ++++ .../handler/sql/page/PagePreHandler.java | 142 ++++++++++++++++++ .../ruoyi/common/model/JoinTableModel.java | 85 +++++++++++ .../com/ruoyi/common/model/WhereModel.java | 67 +++++++++ .../ruoyi/common/utils/DataSecurityUtil.java | 14 ++ .../com/ruoyi/common/utils/sql/SqlUtil.java | 38 ++--- .../framework/aspectj/DataSecurityAspect.java | 85 +++++++++++ .../mybatis/MybatisInterceptor.java | 129 ++++++++++++++++ 20 files changed, 958 insertions(+), 17 deletions(-) create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java create mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java create mode 100644 ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java create mode 100644 ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java new file mode 100644 index 0000000..6d14bd1 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java @@ -0,0 +1,20 @@ +package com.ruoyi.common.annotation.sql; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +import com.ruoyi.common.enums.DataSecurityStrategy; + +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface DataSecurity { + public DataSecurityStrategy strategy() default DataSecurityStrategy.CREEATE_BY; + + public String table() default ""; + + public String joinTableAlise() default ""; +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java new file mode 100644 index 0000000..4c75c03 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java @@ -0,0 +1,14 @@ +package com.ruoyi.common.annotation.sql; + +import java.lang.annotation.Documented; +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +@Target(ElementType.TYPE) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface MybatisHandlerOrder { + public int value() default 0; +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java b/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java new file mode 100644 index 0000000..9b381b6 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java @@ -0,0 +1,48 @@ +package com.ruoyi.common.context.dataSecurity; + +import java.util.List; +import java.util.Map; + +import com.alibaba.fastjson2.JSONArray; +import com.alibaba.fastjson2.JSONObject; +import com.ruoyi.common.enums.SqlType; +import com.ruoyi.common.model.JoinTableModel; +import com.ruoyi.common.model.WhereModel; + +public class DataSecurityContextHolder { + private static final ThreadLocal DATA_SECURITY_SQL_CONTEXT_HOLDER = new ThreadLocal<>(); + + public static void startDataSecurity() { + JSONObject jsonObject = new JSONObject(); + jsonObject.put("isSecurity", Boolean.TRUE); + jsonObject.put(SqlType.WHERE.getSqlType(), new JSONArray()); + jsonObject.put(SqlType.JOIN.getSqlType(), new JSONArray()); + DATA_SECURITY_SQL_CONTEXT_HOLDER.set(jsonObject); + } + + public static void addWhereParam(WhereModel whereModel) { + DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()).add(whereModel); + } + + public static void clearCache() { + DATA_SECURITY_SQL_CONTEXT_HOLDER.remove(); + } + + public static boolean isSecurity() { + + return DATA_SECURITY_SQL_CONTEXT_HOLDER.get() != null + && DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getBooleanValue("isSecurity"); + } + + public static JSONArray getWhere() { + return DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()); + } + + public static void addJoinTable(JoinTableModel joinTableModel) { + DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()).add(joinTableModel); + } + + public static JSONArray getJoinTables() { + return DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()); + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java new file mode 100644 index 0000000..ad0bcd3 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java @@ -0,0 +1,44 @@ +package com.ruoyi.common.context.page; + +import com.alibaba.fastjson2.JSONObject; +import com.ruoyi.common.context.page.model.PageInfo; + +public class PageContextHolder { + private static final ThreadLocal PAGE_CONTEXT_HOLDER = new ThreadLocal<>(); + + private static final String PAGE_FLAG = "isPage"; + + private static final String PAGE_INFO = "pageInfo"; + + private static final String TOTAL = "total"; + + public static void startPage() { + JSONObject jsonObject = new JSONObject(); + jsonObject.put(PAGE_FLAG, Boolean.TRUE); + PAGE_CONTEXT_HOLDER.set(jsonObject); + } + + public static void setPageInfo() { + PAGE_CONTEXT_HOLDER.get().put(PAGE_INFO, PageInfo.defaultPageInfo()); + } + + public static PageInfo getPageInfo() { + return (PageInfo) PAGE_CONTEXT_HOLDER.get().get(PAGE_INFO); + } + + public static void clear() { + PAGE_CONTEXT_HOLDER.remove(); + } + + public static boolean isPage() { + return PAGE_CONTEXT_HOLDER.get() != null && PAGE_CONTEXT_HOLDER.get().getBooleanValue(PAGE_FLAG); + } + + public static void setTotal(Long total) { + PAGE_CONTEXT_HOLDER.get().put(TOTAL, total); + } + + public static Long getTotal() { + return PAGE_CONTEXT_HOLDER.get().getLong(TOTAL); + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java new file mode 100644 index 0000000..dfca4ad --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java @@ -0,0 +1,63 @@ +package com.ruoyi.common.context.page.model; + +import com.ruoyi.common.core.text.Convert; +import com.ruoyi.common.utils.ServletUtils; + +public class PageInfo { + + private Long pageNumber; + + private Long pageSize; + + /** + * 当前记录起始索引 + */ + public static final String PAGE_NUM = "pageNum"; + + /** + * 每页显示记录数 + */ + public static final String PAGE_SIZE = "pageSize"; + + /** + * 排序列 + */ + public static final String ORDER_BY_COLUMN = "orderByColumn"; + + /** + * 排序的方向 "desc" 或者 "asc". + */ + public static final String IS_ASC = "isAsc"; + + /** + * 分页参数合理化 + */ + public static final String REASONABLE = "reasonable"; + + public Long getPageNumber() { + return pageNumber; + } + + public void setPageNumber(Long pageNumber) { + this.pageNumber = pageNumber; + } + + public Long getPageSize() { + return pageSize; + } + + public void setPageSize(Long pageSize) { + this.pageSize = pageSize; + } + + public static PageInfo defaultPageInfo() { + PageInfo pageInfo = new PageInfo(); + pageInfo.setPageNumber(Long.valueOf(Convert.toInt(ServletUtils.getParameter(PAGE_NUM), 1))); + pageInfo.setPageSize(Long.valueOf(Convert.toInt(ServletUtils.getParameter(PAGE_SIZE), 10))); + return pageInfo; + } + + public Long getOffeset() { + return (pageNumber.longValue() - 1L) * pageSize; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java new file mode 100644 index 0000000..b4d3711 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java @@ -0,0 +1,25 @@ +package com.ruoyi.common.context.page.model; + +import java.util.List; + +public class RuoyiTableData { + private Long total; + private List data; + + public Long getTotal() { + return total; + } + + public void setTotal(Long total) { + this.total = total; + } + + public List getData() { + return data; + } + + public void setData(List data) { + this.data = data; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java new file mode 100644 index 0000000..8e0d722 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java @@ -0,0 +1,22 @@ +package com.ruoyi.common.context.page.model; + +import java.util.ArrayList; +import java.util.List; + +public class TableInfo extends ArrayList { + + private Long total; + + public TableInfo(List list) { + super(list); + } + + public Long getTotal() { + return total; + } + + public void setTotal(Long total) { + this.total = total; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java b/ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java new file mode 100644 index 0000000..f3b0770 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java @@ -0,0 +1,8 @@ +package com.ruoyi.common.enums; + +public enum DataSecurityStrategy { + JOINTABLE_CREATE_BY, + JOINTABLE_USER_ID, + CREEATE_BY, + USER_ID; +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java b/ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java new file mode 100644 index 0000000..b100ce7 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java @@ -0,0 +1,18 @@ +package com.ruoyi.common.enums; + +public enum SqlType { + WHERE("where"), + JOIN("join"), + SELECT("select"), + LIMIT("limit"); + + private String sqlType; + + public String getSqlType() { + return sqlType; + } + + private SqlType(String sqlType) { + this.sqlType = sqlType; + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java new file mode 100644 index 0000000..3713b39 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java @@ -0,0 +1,7 @@ +package com.ruoyi.common.handler.sql; + +public interface MybatisAfterHandler { + + Object handleObject(Object object) throws Throwable; + +} \ No newline at end of file diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java new file mode 100644 index 0000000..676d97c --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java @@ -0,0 +1,15 @@ +package com.ruoyi.common.handler.sql; + +import org.apache.ibatis.cache.CacheKey; +import org.apache.ibatis.executor.Executor; +import org.apache.ibatis.mapping.BoundSql; +import org.apache.ibatis.mapping.MappedStatement; +import org.apache.ibatis.session.ResultHandler; +import org.apache.ibatis.session.RowBounds; + +public interface MybatisPreHandler { + + void preHandle(Executor executor, MappedStatement mappedStatement, Object params, + RowBounds rowBounds, ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) + throws Throwable; +} \ No newline at end of file diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java new file mode 100644 index 0000000..1021b09 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java @@ -0,0 +1,100 @@ +package com.ruoyi.common.handler.sql.dataSecurity; + +import java.lang.reflect.Field; +import java.util.List; + +import org.apache.ibatis.cache.CacheKey; +import org.apache.ibatis.executor.Executor; +import org.apache.ibatis.mapping.BoundSql; +import org.apache.ibatis.mapping.MappedStatement; +import org.apache.ibatis.session.ResultHandler; +import org.apache.ibatis.session.RowBounds; +import org.springframework.stereotype.Component; +import org.springframework.util.ReflectionUtils; + +import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; +import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; +import com.ruoyi.common.handler.sql.MybatisPreHandler; +import com.ruoyi.common.model.JoinTableModel; +import com.ruoyi.common.model.WhereModel; +import com.ruoyi.common.utils.StringUtils; +import com.ruoyi.common.utils.sql.SqlUtil; + +import net.sf.jsqlparser.JSQLParserException; +import net.sf.jsqlparser.expression.Alias; +import net.sf.jsqlparser.expression.Expression; +import net.sf.jsqlparser.expression.operators.relational.EqualsTo; +import net.sf.jsqlparser.parser.CCJSqlParserUtil; +import net.sf.jsqlparser.schema.Column; +import net.sf.jsqlparser.schema.Table; +import net.sf.jsqlparser.statement.Statement; +import net.sf.jsqlparser.statement.select.Join; +import net.sf.jsqlparser.statement.select.PlainSelect; +import net.sf.jsqlparser.statement.select.Select; + +@MybatisHandlerOrder(1) +@Component +public class DataSecurityPreHandler implements MybatisPreHandler { + + private static final Field sqlFiled = ReflectionUtils.findField(BoundSql.class, "sql"); + static { + sqlFiled.setAccessible(true); + } + + @Override + public void preHandle(Executor executor, MappedStatement mappedStatement, Object params, RowBounds rowBounds, + ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) throws Throwable { + if (DataSecurityContextHolder.isSecurity()) { + Statement sql = parseSql(SqlUtil.parseSql(boundSql.getSql())); + sqlFiled.set(boundSql, sql.toString()); + } + } + + private static Statement parseSql(Statement statement) throws JSQLParserException { + if (statement instanceof Select) { + Select select = (Select) statement; + // plain.setWhere(CCJSqlParserUtil.parseCondExpression(handleWhere(expWhere))); + handleWhere(select); + handleJoin(select); + return select; + } else { + return statement; + } + } + + private static void handleWhere(Select select) throws JSQLParserException { + PlainSelect plain = select.getPlainSelect(); + Expression expWhere = plain.getWhere(); + StringBuilder whereParam = new StringBuilder(" "); + String where = expWhere != null ? expWhere.toString() : null; + if (DataSecurityContextHolder.getWhere() == null || DataSecurityContextHolder.getWhere().size() <= 0) { + return; + } + DataSecurityContextHolder.getWhere().forEach(item -> { + whereParam.append(((WhereModel) item).getSqlString()); + }); + where = StringUtils.isEmpty(where) ? whereParam.toString().substring(5, whereParam.length()) + : where + " " + whereParam.toString(); + plain.setWhere(CCJSqlParserUtil.parseCondExpression(where)); + } + + private static void handleJoin(Select select) { + PlainSelect selectBody = select.getPlainSelect(); + if (DataSecurityContextHolder.getJoinTables() == null || DataSecurityContextHolder.getJoinTables().size() <= 0) { + return; + } + DataSecurityContextHolder.getJoinTables().forEach(item -> { + JoinTableModel tableModel = (JoinTableModel) item; + Table table = new Table(tableModel.getJoinTable()); + table.setAlias(new Alias(tableModel.getJoinTableAlise())); + Join join = new Join(); + join.setRightItem(table); + join.setInner(true); + Expression onExpression = new EqualsTo(new Column(tableModel.getFromTableColumnString()), + new Column(tableModel.getJoinTableColumnString())); + join.setOnExpressions(List.of(onExpression)); + selectBody.addJoins(join); + }); + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java new file mode 100644 index 0000000..8a5d670 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java @@ -0,0 +1,31 @@ +package com.ruoyi.common.handler.sql.page; + +import java.util.ArrayList; +import java.util.List; + +import org.springframework.stereotype.Component; + +import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; +import com.ruoyi.common.context.page.PageContextHolder; +import com.ruoyi.common.context.page.model.TableInfo; +import com.ruoyi.common.handler.sql.MybatisAfterHandler; + +@MybatisHandlerOrder(1) +@Component +public class PageAfterHandler implements MybatisAfterHandler { + + @Override + public Object handleObject(Object object) throws Throwable { + if (PageContextHolder.isPage()) { + if (object instanceof List) { + TableInfo tableInfo = new TableInfo<>((List) object); + tableInfo.setTotal(PageContextHolder.getTotal()); + PageContextHolder.clear(); + return tableInfo; + } + return object; + } + return object; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java new file mode 100644 index 0000000..387eeb4 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java @@ -0,0 +1,142 @@ +package com.ruoyi.common.handler.sql.page; + +import java.lang.reflect.Field; +import java.sql.SQLException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; +import org.apache.ibatis.cache.CacheKey; +import org.apache.ibatis.executor.Executor; +import org.apache.ibatis.mapping.BoundSql; +import org.apache.ibatis.mapping.MappedStatement; +import org.apache.ibatis.mapping.ResultMap; +import org.apache.ibatis.mapping.ResultMapping; +import org.apache.ibatis.session.ResultHandler; +import org.apache.ibatis.session.RowBounds; +import org.springframework.stereotype.Component; +import org.springframework.util.ReflectionUtils; + +import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; +import com.ruoyi.common.context.page.PageContextHolder; +import com.ruoyi.common.context.page.model.PageInfo; +import com.ruoyi.common.handler.sql.MybatisPreHandler; +import com.ruoyi.common.utils.sql.SqlUtil; +import net.sf.jsqlparser.schema.Column; +import net.sf.jsqlparser.statement.Statement; +import net.sf.jsqlparser.statement.select.Limit; +import net.sf.jsqlparser.statement.select.PlainSelect; +import net.sf.jsqlparser.statement.select.Select; +import net.sf.jsqlparser.statement.select.SelectItem; + +@Component +@MybatisHandlerOrder(2) +public class PagePreHandler implements MybatisPreHandler { + + private static final List EMPTY_RESULTMAPPING = new ArrayList(0); + + private static final String SELECT_COUNT_SUFIX = "_SELECT_COUNT"; + private static final Field sqlFiled = ReflectionUtils.findField(BoundSql.class, "sql"); + static { + sqlFiled.setAccessible(true); + } + + @Override + public void preHandle(Executor executor, MappedStatement mappedStatement, Object params, RowBounds rowBounds, + ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) throws Throwable { + if (PageContextHolder.isPage()) { + String originSql = boundSql.getSql(); + Statement sql = SqlUtil.parseSql(originSql); + if (sql instanceof Select) { + PageInfo pageInfo = PageContextHolder.getPageInfo(); + Statement handleLimit = handleLimit((Select) sql, pageInfo); + Statement countSql = getCountSql((Select) sql); + Long count = getCount(executor, mappedStatement, params, boundSql, rowBounds, resultHandler, + countSql.toString()); + PageContextHolder.setTotal(count); + sqlFiled.set(boundSql, handleLimit.toString()); + cacheKey = executor.createCacheKey(mappedStatement, params, rowBounds, boundSql); + } + } + + } + + private static MappedStatement createCountMappedStatement(MappedStatement ms, String newMsId) { + MappedStatement.Builder builder = new MappedStatement.Builder(ms.getConfiguration(), newMsId, + ms.getSqlSource(), + ms.getSqlCommandType()); + builder.resource(ms.getResource()); + builder.fetchSize(ms.getFetchSize()); + builder.statementType(ms.getStatementType()); + builder.keyGenerator(ms.getKeyGenerator()); + if (ms.getKeyProperties() != null && ms.getKeyProperties().length != 0) { + StringBuilder keyProperties = new StringBuilder(); + for (String keyProperty : ms.getKeyProperties()) { + keyProperties.append(keyProperty).append(","); + } + keyProperties.delete(keyProperties.length() - 1, keyProperties.length()); + builder.keyProperty(keyProperties.toString()); + } + builder.timeout(ms.getTimeout()); + builder.parameterMap(ms.getParameterMap()); + // count查询返回值int + List resultMaps = new ArrayList(); + ResultMap resultMap = new ResultMap.Builder(ms.getConfiguration(), ms.getId(), Long.class, + EMPTY_RESULTMAPPING) + .build(); + resultMaps.add(resultMap); + builder.resultMaps(resultMaps); + builder.resultSetType(ms.getResultSetType()); + builder.cache(ms.getCache()); + builder.flushCacheRequired(ms.isFlushCacheRequired()); + builder.useCache(ms.isUseCache()); + return builder.build(); + } + + public static Long getCount(Executor executor, MappedStatement mappedStatement, Object parameter, + BoundSql boundSql, RowBounds rowBounds, ResultHandler resultHandler, String countSql) + throws SQLException { + + Map additionalParameters = boundSql.getAdditionalParameters(); + + BoundSql countBoundSql = new BoundSql(mappedStatement.getConfiguration(), countSql, + boundSql.getParameterMappings(), parameter); + for (String key : additionalParameters.keySet()) { + countBoundSql.setAdditionalParameter(key, additionalParameters.get(key)); + } + CacheKey countKey = executor.createCacheKey(mappedStatement, parameter, RowBounds.DEFAULT, countBoundSql); + + List query = executor.query( + createCountMappedStatement(mappedStatement, getCountMSId(mappedStatement)), + parameter, RowBounds.DEFAULT, resultHandler, countKey, + countBoundSql); + return (Long) query.get(0); + } + + private static String getCountMSId(MappedStatement mappedStatement) { + return mappedStatement.getId() + SELECT_COUNT_SUFIX; + } + + public static Statement getCountSql(Select select) { + PlainSelect plain = select.getPlainSelect(); + PlainSelect countPlain = new PlainSelect(); + countPlain.setSelectItems(List.of(new SelectItem<>(new Column("COUNT(0)")))); + countPlain.setJoins(plain.getJoins()); + countPlain.setWhere(plain.getWhere()); + countPlain.setFromItem(plain.getFromItem()); + countPlain.setDistinct(plain.getDistinct()); + countPlain.setHaving(plain.getHaving()); + countPlain.setIntoTables(plain.getIntoTables()); + // countPlain.setOrderByElements(plain.getOrderByElements()); + return plain; + } + + private static Statement handleLimit(Select select, PageInfo pageInfo) { + Limit limit = new Limit(); + limit.setRowCount(new Column(pageInfo.getPageSize().toString())); + limit.setOffset(new Column(pageInfo.getOffeset().toString())); + PlainSelect plain = select.getPlainSelect(); + plain.setLimit(limit); + return select; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java b/ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java new file mode 100644 index 0000000..6a6cb75 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java @@ -0,0 +1,85 @@ +package com.ruoyi.common.model; + +import com.ruoyi.common.utils.StringUtils; + +public class JoinTableModel { + private String joinTable; + + private String joinTableAlise; + + private String fromTable; + + private String fromTableAlise; + + private String joinTableColumn; + + private String fromTableColumn; + + public String getJoinTable() { + return joinTable; + } + + public void setJoinTable(String joinTable) { + this.joinTable = joinTable; + } + + public String getJoinTableAlise() { + if (StringUtils.isEmpty(this.joinTableAlise)) { + return this.joinTable; + } + return joinTableAlise; + } + + public void setJoinTableAlise(String joinTableAlise) { + + this.joinTableAlise = joinTableAlise; + } + + public String getFromTable() { + return fromTable; + } + + public void setFromTable(String fromTable) { + this.fromTable = fromTable; + } + + public String getFromTableAlise() { + if (StringUtils.isEmpty(this.fromTableAlise)) { + return this.fromTable; + } + return fromTableAlise; + } + + public void setFromTableAlise(String fromTableAlise) { + this.fromTableAlise = fromTableAlise; + } + + public String getJoinTableColumn() { + + return joinTableColumn; + } + + public void setJoinTableColumn(String joinTableColumn) { + this.joinTableColumn = joinTableColumn; + } + + public String getFromTableColumn() { + return fromTableColumn; + } + + public void setFromTableColumn(String fromTableColumn) { + this.fromTableColumn = fromTableColumn; + } + + public String getJoinTableColumnString() { + return this.getJoinTableAlise() + "." + this.joinTableColumn; + } + + public String getFromTableColumnString() { + if (StringUtils.isEmpty(this.getFromTableAlise())) { + return this.fromTableColumn; + } + return this.getFromTableAlise() + "." + this.fromTableColumn; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java b/ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java new file mode 100644 index 0000000..406b1b5 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java @@ -0,0 +1,67 @@ +package com.ruoyi.common.model; + +import com.ruoyi.common.utils.StringUtils; + +public class WhereModel { + private String whereColumn; + private String table; + private Object value; + private String connectType; + private String method; + + public static final String METHOD_EQUAS = "="; + public static final String METHOD_LIKE = "like"; + public static final String CONNECT_AND = "AND"; + public static final String CONNECT_OR = "OR"; + + public String getWhereColumn() { + return whereColumn; + } + + public void setWhereColumn(String whereColumn) { + this.whereColumn = whereColumn; + } + + public String getTable() { + return table; + } + + public void setTable(String table) { + this.table = table; + } + + public Object getValue() { + return value; + } + + public void setValue(Object value) { + this.value = value; + } + + public String getFullTableColumn() { + if (StringUtils.isEmpty(this.table)) { + return this.whereColumn; + } + return this.table + "." + this.whereColumn; + } + + public String getConnectType() { + return connectType; + } + + public void setConnectType(String connectType) { + this.connectType = connectType; + } + + public String getMethod() { + return method; + } + + public void setMethod(String method) { + this.method = method; + } + + public String getSqlString() { + return String.format(" %s %s %s %s ", this.getConnectType(), this.getFullTableColumn(), this.method, this.value); + } +} \ No newline at end of file diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java new file mode 100644 index 0000000..5dd6e23 --- /dev/null +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java @@ -0,0 +1,14 @@ +package com.ruoyi.common.utils; + +import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; + +public class DataSecurityUtil { + + public static void closeDataSecurity() { + DataSecurityContextHolder.clearCache(); + } + + public static void startDataSecurity() { + DataSecurityContextHolder.startDataSecurity(); + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java index 2650fb7..e66d159 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java @@ -1,32 +1,37 @@ package com.ruoyi.common.utils.sql; +import java.io.StringReader; + import com.ruoyi.common.exception.UtilException; import com.ruoyi.common.utils.StringUtils; +import net.sf.jsqlparser.JSQLParserException; +import net.sf.jsqlparser.parser.CCJSqlParserManager; +import net.sf.jsqlparser.statement.Statement; + /** * sql操作工具类 * * @author ruoyi */ -public class SqlUtil -{ +public class SqlUtil { /** * 定义常用的 sql关键字 */ - public static String SQL_REGEX = "and |extractvalue|updatexml|sleep|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |union |like |+|/*|user()"; + public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()"; /** * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序) */ public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+"; + private static final CCJSqlParserManager parserManager = new CCJSqlParserManager(); + /** * 检查字符,防止注入绕过 */ - public static String escapeOrderBySql(String value) - { - if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) - { + public static String escapeOrderBySql(String value) { + if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) { throw new UtilException("参数不符合规范,不能进行查询"); } return value; @@ -35,27 +40,26 @@ public class SqlUtil /** * 验证 order by 语法是否符合规范 */ - public static boolean isValidOrderBySql(String value) - { + public static boolean isValidOrderBySql(String value) { return value.matches(SQL_PATTERN); } /** * SQL关键字检查 */ - public static void filterKeyword(String value) - { - if (StringUtils.isEmpty(value)) - { + public static void filterKeyword(String value) { + if (StringUtils.isEmpty(value)) { return; } String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|"); - for (String sqlKeyword : sqlKeywords) - { - if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) - { + for (String sqlKeyword : sqlKeywords) { + if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) { throw new UtilException("参数存在SQL注入风险"); } } } + + public static Statement parseSql(String sql) throws JSQLParserException { + return parserManager.parse(new StringReader(sql)); + } } diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java new file mode 100644 index 0000000..dd52370 --- /dev/null +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java @@ -0,0 +1,85 @@ +package com.ruoyi.framework.aspectj; + +import java.util.List; + +import org.aspectj.lang.JoinPoint; +import org.aspectj.lang.annotation.After; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Before; +import org.aspectj.lang.annotation.Pointcut; +import org.springframework.stereotype.Component; + +import com.ruoyi.common.annotation.sql.DataSecurity; +import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; +import com.ruoyi.common.enums.DataSecurityStrategy; +import com.ruoyi.common.model.JoinTableModel; +import com.ruoyi.common.model.WhereModel; +import com.ruoyi.common.utils.SecurityUtils; +import com.ruoyi.common.utils.StringUtils; + +import ch.qos.logback.core.util.StringUtil; + +@Aspect +@Component +public class DataSecurityAspect { + + @Before(value = "@annotation(dataSecurity)") + public void doBefore(final JoinPoint point, DataSecurity dataSecurity) throws Throwable { + DataSecurityContextHolder.startDataSecurity(); + switch (dataSecurity.strategy()) { + case CREEATE_BY: + WhereModel createByModel = new WhereModel(); + createByModel.setTable(dataSecurity.table()); + createByModel.setValue("\"" + SecurityUtils.getUsername() + "\""); + createByModel.setWhereColumn("create_by"); + createByModel.setMethod(WhereModel.METHOD_EQUAS); + createByModel.setConnectType(WhereModel.CONNECT_AND); + DataSecurityContextHolder.addWhereParam(createByModel); + break; + case USER_ID: + WhereModel userIdModel = new WhereModel(); + userIdModel.setTable(dataSecurity.table()); + userIdModel.setTable("user_id"); + userIdModel.setValue(SecurityUtils.getUserId()); + userIdModel.setConnectType(WhereModel.CONNECT_AND); + userIdModel.setMethod(WhereModel.METHOD_EQUAS); + DataSecurityContextHolder.addWhereParam(userIdModel); + break; + case JOINTABLE_CREATE_BY: + JoinTableModel createByTableModel = new JoinTableModel(); + createByTableModel.setFromTable(dataSecurity.table()); + createByTableModel.setFromTableAlise(dataSecurity.table()); + createByTableModel.setJoinTable("sys_user"); + if (!StringUtils.isEmpty(dataSecurity.joinTableAlise())) { + createByTableModel.setJoinTableAlise(dataSecurity.joinTableAlise()); + } + + createByTableModel.setFromTableColumn("create_by"); + createByTableModel.setJoinTableColumn("user_name"); + DataSecurityContextHolder.addJoinTable(createByTableModel); + break; + case JOINTABLE_USER_ID: + JoinTableModel userIdTableModel = new JoinTableModel(); + userIdTableModel.setFromTable(dataSecurity.table()); + userIdTableModel.setFromTableAlise(dataSecurity.table()); + userIdTableModel.setJoinTable("sys_user"); + if (!StringUtils.isEmpty(dataSecurity.joinTableAlise())) { + userIdTableModel.setJoinTableAlise(dataSecurity.joinTableAlise()); + } + + userIdTableModel.setFromTableColumn("user_id"); + userIdTableModel.setJoinTableColumn("user_id"); + DataSecurityContextHolder.addJoinTable(userIdTableModel); + break; + + default: + break; + } + + } + + @After(value = " @annotation(dataSecurity)") + public void doAfter(final JoinPoint point, DataSecurity dataSecurity) { + DataSecurityContextHolder.clearCache(); + } +} diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java b/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java new file mode 100644 index 0000000..caf4af5 --- /dev/null +++ b/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java @@ -0,0 +1,129 @@ +package com.ruoyi.framework.interceptor.mybatis; + +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; + +import org.apache.ibatis.cache.CacheKey; +import org.apache.ibatis.executor.Executor; +import org.apache.ibatis.mapping.BoundSql; +import org.apache.ibatis.mapping.MappedStatement; +import org.apache.ibatis.plugin.Interceptor; +import org.apache.ibatis.plugin.Intercepts; +import org.apache.ibatis.plugin.Invocation; +import org.apache.ibatis.plugin.Signature; +import org.apache.ibatis.session.ResultHandler; +import org.apache.ibatis.session.RowBounds; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; +import com.ruoyi.common.handler.sql.MybatisAfterHandler; +import com.ruoyi.common.handler.sql.MybatisPreHandler; + +import jakarta.annotation.PostConstruct; + +@Component +@Intercepts({ + @Signature(type = Executor.class, method = "query", args = { MappedStatement.class, Object.class, + RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class }), + @Signature(type = Executor.class, method = "query", args = { + MappedStatement.class, Object.class, RowBounds.class, + ResultHandler.class }) + +}) +public class MybatisInterceptor implements Interceptor { + + @Autowired + private List preHandlerBeans; + + @Autowired + private List afterHandlerBeans; + + private static List preHandlersChain; + + private static List afterHandlersChain; + + @PostConstruct + public void init() { + List sortedPreHandlers = preHandlerBeans.stream().sorted((item1, item2) -> { + int a; + int b; + MybatisHandlerOrder ann1 = item1.getClass().getAnnotation(MybatisHandlerOrder.class); + MybatisHandlerOrder ann2 = item2.getClass().getAnnotation(MybatisHandlerOrder.class); + if (ann1 == null) { + a = 0; + } else { + a = ann1.value(); + } + if (ann2 == null) { + b = 0; + } else { + b = ann2.value(); + } + return a - b; + }).collect(Collectors.toList()); + preHandlersChain = sortedPreHandlers; + + List sortedAfterHandlers = afterHandlerBeans.stream().sorted((item1, item2) -> { + int a; + int b; + MybatisHandlerOrder ann1 = item1.getClass().getAnnotation(MybatisHandlerOrder.class); + MybatisHandlerOrder ann2 = item2.getClass().getAnnotation(MybatisHandlerOrder.class); + if (ann1 == null) { + a = 0; + } else { + a = ann1.value(); + } + if (ann2 == null) { + b = 0; + } else { + b = ann2.value(); + } + return a - b; + }).collect(Collectors.toList()); + afterHandlersChain = sortedAfterHandlers; + } + + @Override + public Object intercept(Invocation invocation) throws Throwable { + Executor targetExecutor = (Executor) invocation.getTarget(); + Object[] args = invocation.getArgs(); + if (args.length < 6) { + if (preHandlersChain != null && preHandlersChain.size() > 0) { + MappedStatement ms = (MappedStatement) args[0]; + Object parameterObject = args[1]; + RowBounds rowBounds = (RowBounds) args[2]; + Executor executor = (Executor) invocation.getTarget(); + BoundSql boundSql = ms.getBoundSql(parameterObject); + // 可以对参数做各种处理 + CacheKey cacheKey = executor.createCacheKey(ms, parameterObject, rowBounds, boundSql); + for (MybatisPreHandler item : preHandlersChain) { + item.preHandle(targetExecutor, ms, args[1], (RowBounds) args[2], + (ResultHandler) args[3], cacheKey, boundSql); + } + } + Object result = invocation.proceed(); + if (afterHandlersChain != null && afterHandlersChain.size() > 0) { + for (MybatisAfterHandler item : afterHandlersChain) { + item.handleObject(result); + } + } + return result; + } + if (preHandlersChain != null && preHandlersChain.size() > 0) { + for (MybatisPreHandler item : preHandlersChain) { + item.preHandle(targetExecutor, (MappedStatement) args[0], args[1], (RowBounds) args[2], + (ResultHandler) args[3], (CacheKey) args[4], (BoundSql) args[5]); + } + } + Object result = invocation.proceed(); + if (afterHandlersChain != null && afterHandlersChain.size() > 0) { + for (MybatisAfterHandler item : afterHandlersChain) { + result = item.handleObject(result); + } + } + return result; + } + +} -- Gitee From d06fa02df20006598b71766ed9725695ea980911 Mon Sep 17 00:00:00 2001 From: XSWL1018 <824576966@qq.com> Date: Tue, 10 Sep 2024 17:39:57 +0800 Subject: [PATCH 2/4] u --- ruoyi-middleware/pom.xml | 9 ++- .../ruoyi-middleware-starter/pom.xml | 5 ++ .../pom.xml | 26 ++++++++ .../main/java/annotation/DataSecurity.java | 16 +++++ .../java/annotation/MybatisHandlerOrder.java | 10 +++ .../java}/aspectj/DataSecurityAspect.java | 23 +++---- .../dataSecurity/SqlContextHolder.java | 25 ++++---- .../java}/context/page/PageContextHolder.java | 4 +- .../java}/context/page/model/PageInfo.java | 2 +- .../context/page/model/RuoyiTableData.java | 2 +- .../java}/context/page/model/TableInfo.java | 2 +- .../mybatis/MybatisInterceptor.java | 8 +-- .../main/java}/sql/MybatisAfterHandler.java | 4 +- .../src/main/java}/sql/MybatisPreHandler.java | 4 +- .../dataSecurity/DataSecurityPreHandler.java | 16 ++--- .../main/java}/sql/page/PageAfterHandler.java | 9 ++- .../main/java}/sql/page/PagePreHandler.java | 8 +-- .../src/main/java/util}/DataSecurityUtil.java | 9 +-- .../src/main/java/util/SqlUtil.java | 64 +++++++++++++++++++ 19 files changed, 183 insertions(+), 63 deletions(-) create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java rename {ruoyi-framework/src/main/java/com/ruoyi/framework => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/aspectj/DataSecurityAspect.java (81%) rename ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java (48%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/PageContextHolder.java (92%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/model/PageInfo.java (96%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/model/RuoyiTableData.java (88%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/model/TableInfo.java (87%) rename {ruoyi-framework/src/main/java/com/ruoyi/framework => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/interceptor/mybatis/MybatisInterceptor.java (96%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/MybatisAfterHandler.java (71%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/MybatisPreHandler.java (93%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/dataSecurity/DataSecurityPreHandler.java (85%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/page/PageAfterHandler.java (73%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/page/PagePreHandler.java (96%) rename {ruoyi-common/src/main/java/com/ruoyi/common/utils => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util}/DataSecurityUtil.java (40%) create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java diff --git a/ruoyi-middleware/pom.xml b/ruoyi-middleware/pom.xml index 20f2140..00adf91 100644 --- a/ruoyi-middleware/pom.xml +++ b/ruoyi-middleware/pom.xml @@ -44,6 +44,12 @@ ruoyi-middleware-starter ${ruoyi.version} + + + com.ruoyi + ruoyi-midleware-mybatis-interceptor + ${ruoyi.version} + @@ -52,6 +58,7 @@ ruoyi-middleware-minio ruoyi-middleware-redis ruoyi-middleware-starter + ruoyi-midleware-mybatis-interceptor pom - \ No newline at end of file + diff --git a/ruoyi-middleware/ruoyi-middleware-starter/pom.xml b/ruoyi-middleware/ruoyi-middleware-starter/pom.xml index 870ca1e..626ca90 100644 --- a/ruoyi-middleware/ruoyi-middleware-starter/pom.xml +++ b/ruoyi-middleware/ruoyi-middleware-starter/pom.xml @@ -32,6 +32,11 @@ ruoyi-middleware-redis + + com.ruoyi + ruoyi-midleware-mybatis-interceptor + + diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml new file mode 100644 index 0000000..0f4a89d --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml @@ -0,0 +1,26 @@ + + + + ruoyi-middleware + com.ruoyi + 3.8.8.3.1 + + 4.0.0 + + ruoyi-midleware-mybatis-interceptor + + + 19 + 19 + UTF-8 + + + + com.ruoyi + ruoyi-framework + + + + diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java new file mode 100644 index 0000000..8cf123b --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java @@ -0,0 +1,16 @@ +package annotation; + +import com.ruoyi.common.enums.DataSecurityStrategy; + +import java.lang.annotation.*; + +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface DataSecurity { + public DataSecurityStrategy strategy() default DataSecurityStrategy.CREEATE_BY; + + public String table() default ""; + + public String joinTableAlise() default ""; +} diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java new file mode 100644 index 0000000..440c856 --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java @@ -0,0 +1,10 @@ +package annotation; + +import java.lang.annotation.*; + +@Target(ElementType.TYPE) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface MybatisHandlerOrder { + public int value() default 0; +} diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java similarity index 81% rename from ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java index dd52370..137a38e 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java @@ -1,31 +1,26 @@ -package com.ruoyi.framework.aspectj; - -import java.util.List; +package aspectj; +import context.dataSecurity.SqlContextHolder; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.After; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; -import org.aspectj.lang.annotation.Pointcut; import org.springframework.stereotype.Component; import com.ruoyi.common.annotation.sql.DataSecurity; -import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; -import com.ruoyi.common.enums.DataSecurityStrategy; + import com.ruoyi.common.model.JoinTableModel; import com.ruoyi.common.model.WhereModel; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; -import ch.qos.logback.core.util.StringUtil; - @Aspect @Component public class DataSecurityAspect { @Before(value = "@annotation(dataSecurity)") public void doBefore(final JoinPoint point, DataSecurity dataSecurity) throws Throwable { - DataSecurityContextHolder.startDataSecurity(); + SqlContextHolder.startDataSecurity(); switch (dataSecurity.strategy()) { case CREEATE_BY: WhereModel createByModel = new WhereModel(); @@ -34,7 +29,7 @@ public class DataSecurityAspect { createByModel.setWhereColumn("create_by"); createByModel.setMethod(WhereModel.METHOD_EQUAS); createByModel.setConnectType(WhereModel.CONNECT_AND); - DataSecurityContextHolder.addWhereParam(createByModel); + SqlContextHolder.addWhereParam(createByModel); break; case USER_ID: WhereModel userIdModel = new WhereModel(); @@ -43,7 +38,7 @@ public class DataSecurityAspect { userIdModel.setValue(SecurityUtils.getUserId()); userIdModel.setConnectType(WhereModel.CONNECT_AND); userIdModel.setMethod(WhereModel.METHOD_EQUAS); - DataSecurityContextHolder.addWhereParam(userIdModel); + SqlContextHolder.addWhereParam(userIdModel); break; case JOINTABLE_CREATE_BY: JoinTableModel createByTableModel = new JoinTableModel(); @@ -56,7 +51,7 @@ public class DataSecurityAspect { createByTableModel.setFromTableColumn("create_by"); createByTableModel.setJoinTableColumn("user_name"); - DataSecurityContextHolder.addJoinTable(createByTableModel); + SqlContextHolder.addJoinTable(createByTableModel); break; case JOINTABLE_USER_ID: JoinTableModel userIdTableModel = new JoinTableModel(); @@ -69,7 +64,7 @@ public class DataSecurityAspect { userIdTableModel.setFromTableColumn("user_id"); userIdTableModel.setJoinTableColumn("user_id"); - DataSecurityContextHolder.addJoinTable(userIdTableModel); + SqlContextHolder.addJoinTable(userIdTableModel); break; default: @@ -80,6 +75,6 @@ public class DataSecurityAspect { @After(value = " @annotation(dataSecurity)") public void doAfter(final JoinPoint point, DataSecurity dataSecurity) { - DataSecurityContextHolder.clearCache(); + SqlContextHolder.clearCache(); } } diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java similarity index 48% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java index 9b381b6..0450064 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java @@ -1,7 +1,4 @@ -package com.ruoyi.common.context.dataSecurity; - -import java.util.List; -import java.util.Map; +package context.dataSecurity; import com.alibaba.fastjson2.JSONArray; import com.alibaba.fastjson2.JSONObject; @@ -9,40 +6,40 @@ import com.ruoyi.common.enums.SqlType; import com.ruoyi.common.model.JoinTableModel; import com.ruoyi.common.model.WhereModel; -public class DataSecurityContextHolder { - private static final ThreadLocal DATA_SECURITY_SQL_CONTEXT_HOLDER = new ThreadLocal<>(); +public class SqlContextHolder { + private static final ThreadLocal SQL_CONTEXT_HOLDER = new ThreadLocal<>(); public static void startDataSecurity() { JSONObject jsonObject = new JSONObject(); jsonObject.put("isSecurity", Boolean.TRUE); jsonObject.put(SqlType.WHERE.getSqlType(), new JSONArray()); jsonObject.put(SqlType.JOIN.getSqlType(), new JSONArray()); - DATA_SECURITY_SQL_CONTEXT_HOLDER.set(jsonObject); + SQL_CONTEXT_HOLDER.set(jsonObject); } public static void addWhereParam(WhereModel whereModel) { - DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()).add(whereModel); + SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()).add(whereModel); } public static void clearCache() { - DATA_SECURITY_SQL_CONTEXT_HOLDER.remove(); + SQL_CONTEXT_HOLDER.remove(); } public static boolean isSecurity() { - return DATA_SECURITY_SQL_CONTEXT_HOLDER.get() != null - && DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getBooleanValue("isSecurity"); + return SQL_CONTEXT_HOLDER.get() != null + && SQL_CONTEXT_HOLDER.get().getBooleanValue("isSecurity"); } public static JSONArray getWhere() { - return DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()); + return SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()); } public static void addJoinTable(JoinTableModel joinTableModel) { - DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()).add(joinTableModel); + SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()).add(joinTableModel); } public static JSONArray getJoinTables() { - return DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()); + return SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()); } } diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java similarity index 92% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java index ad0bcd3..3e06149 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java @@ -1,7 +1,7 @@ -package com.ruoyi.common.context.page; +package context.page; import com.alibaba.fastjson2.JSONObject; -import com.ruoyi.common.context.page.model.PageInfo; +import context.page.model.PageInfo; public class PageContextHolder { private static final ThreadLocal PAGE_CONTEXT_HOLDER = new ThreadLocal<>(); diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java similarity index 96% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java index dfca4ad..3996166 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.context.page.model; +package context.page.model; import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.utils.ServletUtils; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java similarity index 88% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java index b4d3711..346b17a 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.context.page.model; +package context.page.model; import java.util.List; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java similarity index 87% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java index 8e0d722..dace74c 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.context.page.model; +package context.page.model; import java.util.ArrayList; import java.util.List; diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java similarity index 96% rename from ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java index caf4af5..0d9d8d0 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java @@ -1,6 +1,5 @@ -package com.ruoyi.framework.interceptor.mybatis; +package interceptor.mybatis; -import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; @@ -18,10 +17,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.handler.sql.MybatisAfterHandler; -import com.ruoyi.common.handler.sql.MybatisPreHandler; + import jakarta.annotation.PostConstruct; +import sql.MybatisAfterHandler; +import sql.MybatisPreHandler; @Component @Intercepts({ diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java similarity index 71% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java index 3713b39..a476dff 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java @@ -1,7 +1,7 @@ -package com.ruoyi.common.handler.sql; +package sql; public interface MybatisAfterHandler { Object handleObject(Object object) throws Throwable; -} \ No newline at end of file +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java similarity index 93% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java index 676d97c..dc5f96e 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.handler.sql; +package sql; import org.apache.ibatis.cache.CacheKey; import org.apache.ibatis.executor.Executor; @@ -12,4 +12,4 @@ public interface MybatisPreHandler { void preHandle(Executor executor, MappedStatement mappedStatement, Object params, RowBounds rowBounds, ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) throws Throwable; -} \ No newline at end of file +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java similarity index 85% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java index 1021b09..5bd69e3 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.handler.sql.dataSecurity; +package sql.dataSecurity; import java.lang.reflect.Field; import java.util.List; @@ -13,8 +13,8 @@ import org.springframework.stereotype.Component; import org.springframework.util.ReflectionUtils; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; -import com.ruoyi.common.handler.sql.MybatisPreHandler; +import context.dataSecurity.SqlContextHolder; +import sql.MybatisPreHandler; import com.ruoyi.common.model.JoinTableModel; import com.ruoyi.common.model.WhereModel; import com.ruoyi.common.utils.StringUtils; @@ -44,7 +44,7 @@ public class DataSecurityPreHandler implements MybatisPreHandler { @Override public void preHandle(Executor executor, MappedStatement mappedStatement, Object params, RowBounds rowBounds, ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) throws Throwable { - if (DataSecurityContextHolder.isSecurity()) { + if (SqlContextHolder.isSecurity()) { Statement sql = parseSql(SqlUtil.parseSql(boundSql.getSql())); sqlFiled.set(boundSql, sql.toString()); } @@ -67,10 +67,10 @@ public class DataSecurityPreHandler implements MybatisPreHandler { Expression expWhere = plain.getWhere(); StringBuilder whereParam = new StringBuilder(" "); String where = expWhere != null ? expWhere.toString() : null; - if (DataSecurityContextHolder.getWhere() == null || DataSecurityContextHolder.getWhere().size() <= 0) { + if (SqlContextHolder.getWhere() == null || SqlContextHolder.getWhere().size() <= 0) { return; } - DataSecurityContextHolder.getWhere().forEach(item -> { + SqlContextHolder.getWhere().forEach(item -> { whereParam.append(((WhereModel) item).getSqlString()); }); where = StringUtils.isEmpty(where) ? whereParam.toString().substring(5, whereParam.length()) @@ -80,10 +80,10 @@ public class DataSecurityPreHandler implements MybatisPreHandler { private static void handleJoin(Select select) { PlainSelect selectBody = select.getPlainSelect(); - if (DataSecurityContextHolder.getJoinTables() == null || DataSecurityContextHolder.getJoinTables().size() <= 0) { + if (SqlContextHolder.getJoinTables() == null || SqlContextHolder.getJoinTables().size() <= 0) { return; } - DataSecurityContextHolder.getJoinTables().forEach(item -> { + SqlContextHolder.getJoinTables().forEach(item -> { JoinTableModel tableModel = (JoinTableModel) item; Table table = new Table(tableModel.getJoinTable()); table.setAlias(new Alias(tableModel.getJoinTableAlise())); diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java similarity index 73% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java index 8a5d670..398b209 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java @@ -1,14 +1,13 @@ -package com.ruoyi.common.handler.sql.page; +package sql.page; -import java.util.ArrayList; import java.util.List; import org.springframework.stereotype.Component; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.context.page.PageContextHolder; -import com.ruoyi.common.context.page.model.TableInfo; -import com.ruoyi.common.handler.sql.MybatisAfterHandler; +import context.page.PageContextHolder; +import context.page.model.TableInfo; +import sql.MybatisAfterHandler; @MybatisHandlerOrder(1) @Component diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java similarity index 96% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java index 387eeb4..f0a0d92 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.handler.sql.page; +package sql.page; import java.lang.reflect.Field; import java.sql.SQLException; @@ -17,9 +17,9 @@ import org.springframework.stereotype.Component; import org.springframework.util.ReflectionUtils; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.context.page.PageContextHolder; -import com.ruoyi.common.context.page.model.PageInfo; -import com.ruoyi.common.handler.sql.MybatisPreHandler; +import context.page.PageContextHolder; +import context.page.model.PageInfo; +import sql.MybatisPreHandler; import com.ruoyi.common.utils.sql.SqlUtil; import net.sf.jsqlparser.schema.Column; import net.sf.jsqlparser.statement.Statement; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java similarity index 40% rename from ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java index 5dd6e23..b3016f0 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java @@ -1,14 +1,15 @@ -package com.ruoyi.common.utils; +package util; -import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; + +import context.dataSecurity.SqlContextHolder; public class DataSecurityUtil { public static void closeDataSecurity() { - DataSecurityContextHolder.clearCache(); + SqlContextHolder.clearCache(); } public static void startDataSecurity() { - DataSecurityContextHolder.startDataSecurity(); + SqlContextHolder.startDataSecurity(); } } diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java new file mode 100644 index 0000000..277e4b1 --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java @@ -0,0 +1,64 @@ +package util; + +import com.ruoyi.common.exception.UtilException; +import com.ruoyi.common.utils.StringUtils; +import net.sf.jsqlparser.JSQLParserException; +import net.sf.jsqlparser.parser.CCJSqlParserManager; +import net.sf.jsqlparser.statement.Statement; + +import java.io.StringReader; + +/** + * sql操作工具类 + * + * @author ruoyi + */ +public class SqlUtil { + /** + * 定义常用的 sql关键字 + */ + public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()"; + + /** + * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序) + */ + public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+"; + + private static final CCJSqlParserManager parserManager = new CCJSqlParserManager(); + + /** + * 检查字符,防止注入绕过 + */ + public static String escapeOrderBySql(String value) { + if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) { + throw new UtilException("参数不符合规范,不能进行查询"); + } + return value; + } + + /** + * 验证 order by 语法是否符合规范 + */ + public static boolean isValidOrderBySql(String value) { + return value.matches(SQL_PATTERN); + } + + /** + * SQL关键字检查 + */ + public static void filterKeyword(String value) { + if (StringUtils.isEmpty(value)) { + return; + } + String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|"); + for (String sqlKeyword : sqlKeywords) { + if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) { + throw new UtilException("参数存在SQL注入风险"); + } + } + } + + public static Statement parseSql(String sql) throws JSQLParserException { + return parserManager.parse(new StringReader(sql)); + } +} -- Gitee From 3279ef8ab5587512b529e05bd2f02a43c09c7c6b Mon Sep 17 00:00:00 2001 From: XSWL1018 <824576966@qq.com> Date: Tue, 10 Sep 2024 18:06:59 +0800 Subject: [PATCH 3/4] u --- .../main/resources/mybatis/mybatis-config.xml | 6 +- .../common/annotation/sql/DataSecurity.java | 20 --- .../annotation/sql/MybatisHandlerOrder.java | 14 -- ruoyi-middleware/pom.xml | 7 +- .../ruoyi-middleware-starter/pom.xml | 4 - ruoyi-plugins/pom.xml | 9 +- .../ruoyi-mybatis-interceptor}/pom.xml | 11 +- .../annotation/DataSecurity.java | 4 +- .../annotation/MybatisHandlerOrder.java | 2 +- .../aspectj/DataSecurityAspect.java | 12 +- .../dataSecurity/SqlContextHolder.java | 8 +- .../context/page/PageContextHolder.java | 4 +- .../context/page/model/PageInfo.java | 2 +- .../context/page/model/RuoyiTableData.java | 2 +- .../context/page/model/TableInfo.java | 2 +- .../enums/DataSecurityStrategy.java | 2 +- .../mybatisinterceptor}/enums/SqlType.java | 2 +- .../mybatis/MybatisInterceptor.java | 129 ++++++++++++++++++ .../model/JoinTableModel.java | 2 +- .../mybatisinterceptor}/model/WhereModel.java | 4 +- .../mybatis/MybatisInterceptor.java | 8 +- .../sql/MybatisAfterHandler.java | 2 +- .../sql/MybatisPreHandler.java | 2 +- .../dataSecurity/DataSecurityPreHandler.java | 14 +- .../sql/page/PageAfterHandler.java | 11 +- .../sql/page/PagePreHandler.java | 12 +- .../util/DataSecurityUtil.java | 4 +- .../mybatisinterceptor}/util/SqlUtil.java | 2 +- ruoyi-plugins/ruoyi-plugins-starter/pom.xml | 5 + 29 files changed, 207 insertions(+), 99 deletions(-) delete mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java delete mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor => ruoyi-plugins/ruoyi-mybatis-interceptor}/pom.xml (71%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/annotation/DataSecurity.java (73%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/annotation/MybatisHandlerOrder.java (78%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/aspectj/DataSecurityAspect.java (91%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/context/dataSecurity/SqlContextHolder.java (85%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/context/page/PageContextHolder.java (90%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/context/page/model/PageInfo.java (96%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/context/page/model/RuoyiTableData.java (86%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/context/page/model/TableInfo.java (85%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/enums/DataSecurityStrategy.java (71%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/enums/SqlType.java (85%) create mode 100644 ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/interceptor/mybatis/MybatisInterceptor.java rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/model/JoinTableModel.java (97%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/model/WhereModel.java (96%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/mybatis/MybatisInterceptor.java (95%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/sql/MybatisAfterHandler.java (70%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/sql/MybatisPreHandler.java (92%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/sql/dataSecurity/DataSecurityPreHandler.java (90%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/sql/page/PageAfterHandler.java (65%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/sql/page/PagePreHandler.java (95%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/util/DataSecurityUtil.java (64%) rename {ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java => ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor}/util/SqlUtil.java (97%) diff --git a/ruoyi-admin/src/main/resources/mybatis/mybatis-config.xml b/ruoyi-admin/src/main/resources/mybatis/mybatis-config.xml index 4da6e21..57f87fc 100644 --- a/ruoyi-admin/src/main/resources/mybatis/mybatis-config.xml +++ b/ruoyi-admin/src/main/resources/mybatis/mybatis-config.xml @@ -16,5 +16,9 @@ PUBLIC "-//mybatis.org//DTD Config 3.0//EN" - + + + + + diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java deleted file mode 100644 index 6d14bd1..0000000 --- a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/DataSecurity.java +++ /dev/null @@ -1,20 +0,0 @@ -package com.ruoyi.common.annotation.sql; - -import java.lang.annotation.Documented; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -import com.ruoyi.common.enums.DataSecurityStrategy; - -@Target(ElementType.METHOD) -@Retention(RetentionPolicy.RUNTIME) -@Documented -public @interface DataSecurity { - public DataSecurityStrategy strategy() default DataSecurityStrategy.CREEATE_BY; - - public String table() default ""; - - public String joinTableAlise() default ""; -} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java b/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java deleted file mode 100644 index 4c75c03..0000000 --- a/ruoyi-common/src/main/java/com/ruoyi/common/annotation/sql/MybatisHandlerOrder.java +++ /dev/null @@ -1,14 +0,0 @@ -package com.ruoyi.common.annotation.sql; - -import java.lang.annotation.Documented; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -@Target(ElementType.TYPE) -@Retention(RetentionPolicy.RUNTIME) -@Documented -public @interface MybatisHandlerOrder { - public int value() default 0; -} diff --git a/ruoyi-middleware/pom.xml b/ruoyi-middleware/pom.xml index 00adf91..c6895eb 100644 --- a/ruoyi-middleware/pom.xml +++ b/ruoyi-middleware/pom.xml @@ -45,11 +45,6 @@ ${ruoyi.version} - - com.ruoyi - ruoyi-midleware-mybatis-interceptor - ${ruoyi.version} - @@ -58,7 +53,7 @@ ruoyi-middleware-minio ruoyi-middleware-redis ruoyi-middleware-starter - ruoyi-midleware-mybatis-interceptor + pom diff --git a/ruoyi-middleware/ruoyi-middleware-starter/pom.xml b/ruoyi-middleware/ruoyi-middleware-starter/pom.xml index 626ca90..bb7eca4 100644 --- a/ruoyi-middleware/ruoyi-middleware-starter/pom.xml +++ b/ruoyi-middleware/ruoyi-middleware-starter/pom.xml @@ -32,10 +32,6 @@ ruoyi-middleware-redis - - com.ruoyi - ruoyi-midleware-mybatis-interceptor - diff --git a/ruoyi-plugins/pom.xml b/ruoyi-plugins/pom.xml index 837a95a..f956740 100644 --- a/ruoyi-plugins/pom.xml +++ b/ruoyi-plugins/pom.xml @@ -80,6 +80,12 @@ ruoyi-plugins-starter ${ruoyi.version} + + com.ruoyi + ruoyi-mybatis-interceptor + ${ruoyi.version} + + @@ -90,6 +96,7 @@ ruoyi-mybatis-plus ruoyi-websocket ruoyi-plugins-starter + ruoyi-mybatis-interceptor pom - \ No newline at end of file + diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml b/ruoyi-plugins/ruoyi-mybatis-interceptor/pom.xml similarity index 71% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml rename to ruoyi-plugins/ruoyi-mybatis-interceptor/pom.xml index 0f4a89d..5d13862 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/pom.xml @@ -3,13 +3,13 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - ruoyi-middleware + ruoyi-plugins com.ruoyi 3.8.8.3.1 4.0.0 - ruoyi-midleware-mybatis-interceptor + ruoyi-mybatis-interceptor 19 @@ -19,7 +19,12 @@ com.ruoyi - ruoyi-framework + ruoyi-common + + + + org.springframework.boot + spring-boot-starter-aop diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/annotation/DataSecurity.java similarity index 73% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/annotation/DataSecurity.java index 8cf123b..ae9f8e3 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/annotation/DataSecurity.java @@ -1,6 +1,6 @@ -package annotation; +package com.ruoyi.mybatisinterceptor.annotation; -import com.ruoyi.common.enums.DataSecurityStrategy; +import com.ruoyi.mybatisinterceptor.enums.DataSecurityStrategy; import java.lang.annotation.*; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/annotation/MybatisHandlerOrder.java similarity index 78% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/annotation/MybatisHandlerOrder.java index 440c856..e897354 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/annotation/MybatisHandlerOrder.java @@ -1,4 +1,4 @@ -package annotation; +package com.ruoyi.mybatisinterceptor.annotation; import java.lang.annotation.*; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/aspectj/DataSecurityAspect.java similarity index 91% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/aspectj/DataSecurityAspect.java index 137a38e..166b87f 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/aspectj/DataSecurityAspect.java @@ -1,19 +1,21 @@ -package aspectj; +package com.ruoyi.mybatisinterceptor.aspectj; -import context.dataSecurity.SqlContextHolder; +import com.ruoyi.mybatisinterceptor.annotation.DataSecurity; +import com.ruoyi.mybatisinterceptor.model.JoinTableModel; +import com.ruoyi.mybatisinterceptor.model.WhereModel; +import com.ruoyi.mybatisinterceptor.context.dataSecurity.SqlContextHolder; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.After; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; import org.springframework.stereotype.Component; -import com.ruoyi.common.annotation.sql.DataSecurity; -import com.ruoyi.common.model.JoinTableModel; -import com.ruoyi.common.model.WhereModel; + import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; + @Aspect @Component public class DataSecurityAspect { diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/dataSecurity/SqlContextHolder.java similarity index 85% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/dataSecurity/SqlContextHolder.java index 0450064..54407a6 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/dataSecurity/SqlContextHolder.java @@ -1,10 +1,10 @@ -package context.dataSecurity; +package com.ruoyi.mybatisinterceptor.context.dataSecurity; import com.alibaba.fastjson2.JSONArray; import com.alibaba.fastjson2.JSONObject; -import com.ruoyi.common.enums.SqlType; -import com.ruoyi.common.model.JoinTableModel; -import com.ruoyi.common.model.WhereModel; +import com.ruoyi.mybatisinterceptor.enums.SqlType; +import com.ruoyi.mybatisinterceptor.model.JoinTableModel; +import com.ruoyi.mybatisinterceptor.model.WhereModel; public class SqlContextHolder { private static final ThreadLocal SQL_CONTEXT_HOLDER = new ThreadLocal<>(); diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/PageContextHolder.java similarity index 90% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/PageContextHolder.java index 3e06149..4eef686 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/PageContextHolder.java @@ -1,7 +1,7 @@ -package context.page; +package com.ruoyi.mybatisinterceptor.context.page; import com.alibaba.fastjson2.JSONObject; -import context.page.model.PageInfo; +import com.ruoyi.mybatisinterceptor.context.page.model.PageInfo; public class PageContextHolder { private static final ThreadLocal PAGE_CONTEXT_HOLDER = new ThreadLocal<>(); diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/PageInfo.java similarity index 96% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/PageInfo.java index 3996166..e0cd7a0 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/PageInfo.java @@ -1,4 +1,4 @@ -package context.page.model; +package com.ruoyi.mybatisinterceptor.context.page.model; import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.utils.ServletUtils; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/RuoyiTableData.java similarity index 86% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/RuoyiTableData.java index 346b17a..925c1fe 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/RuoyiTableData.java @@ -1,4 +1,4 @@ -package context.page.model; +package com.ruoyi.mybatisinterceptor.context.page.model; import java.util.List; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/TableInfo.java similarity index 85% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/TableInfo.java index dace74c..b055a58 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/context/page/model/TableInfo.java @@ -1,4 +1,4 @@ -package context.page.model; +package com.ruoyi.mybatisinterceptor.context.page.model; import java.util.ArrayList; import java.util.List; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/enums/DataSecurityStrategy.java similarity index 71% rename from ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/enums/DataSecurityStrategy.java index f3b0770..16358c1 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/enums/DataSecurityStrategy.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/enums/DataSecurityStrategy.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.enums; +package com.ruoyi.mybatisinterceptor.enums; public enum DataSecurityStrategy { JOINTABLE_CREATE_BY, diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/enums/SqlType.java similarity index 85% rename from ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/enums/SqlType.java index b100ce7..52af7d4 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/enums/SqlType.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/enums/SqlType.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.enums; +package com.ruoyi.mybatisinterceptor.enums; public enum SqlType { WHERE("where"), diff --git a/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/interceptor/mybatis/MybatisInterceptor.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/interceptor/mybatis/MybatisInterceptor.java new file mode 100644 index 0000000..179e150 --- /dev/null +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/interceptor/mybatis/MybatisInterceptor.java @@ -0,0 +1,129 @@ +package com.ruoyi.mybatisinterceptor.interceptor.mybatis; + +import java.util.ArrayList; +import java.util.List; +import java.util.stream.Collectors; + +import com.ruoyi.mybatisinterceptor.annotation.MybatisHandlerOrder; +import com.ruoyi.mybatisinterceptor.sql.MybatisAfterHandler; +import com.ruoyi.mybatisinterceptor.sql.MybatisPreHandler; +import org.apache.ibatis.cache.CacheKey; +import org.apache.ibatis.executor.Executor; +import org.apache.ibatis.mapping.BoundSql; +import org.apache.ibatis.mapping.MappedStatement; +import org.apache.ibatis.plugin.Interceptor; +import org.apache.ibatis.plugin.Intercepts; +import org.apache.ibatis.plugin.Invocation; +import org.apache.ibatis.plugin.Signature; +import org.apache.ibatis.session.ResultHandler; +import org.apache.ibatis.session.RowBounds; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + + +import jakarta.annotation.PostConstruct; + +@Component +@Intercepts({ + @Signature(type = Executor.class, method = "query", args = { MappedStatement.class, Object.class, + RowBounds.class, ResultHandler.class, CacheKey.class, BoundSql.class }), + @Signature(type = Executor.class, method = "query", args = { + MappedStatement.class, Object.class, RowBounds.class, + ResultHandler.class }) + +}) +public class MybatisInterceptor implements Interceptor { + + @Autowired + private List preHandlerBeans; + + @Autowired + private List afterHandlerBeans; + + private static List preHandlersChain; + + private static List afterHandlersChain; + + @PostConstruct + public void init() { + List sortedPreHandlers = preHandlerBeans.stream().sorted((item1, item2) -> { + int a; + int b; + MybatisHandlerOrder ann1 = item1.getClass().getAnnotation(MybatisHandlerOrder.class); + MybatisHandlerOrder ann2 = item2.getClass().getAnnotation(MybatisHandlerOrder.class); + if (ann1 == null) { + a = 0; + } else { + a = ann1.value(); + } + if (ann2 == null) { + b = 0; + } else { + b = ann2.value(); + } + return a - b; + }).collect(Collectors.toList()); + preHandlersChain = sortedPreHandlers; + + List sortedAfterHandlers = afterHandlerBeans.stream().sorted((item1, item2) -> { + int a; + int b; + MybatisHandlerOrder ann1 = item1.getClass().getAnnotation(MybatisHandlerOrder.class); + MybatisHandlerOrder ann2 = item2.getClass().getAnnotation(MybatisHandlerOrder.class); + if (ann1 == null) { + a = 0; + } else { + a = ann1.value(); + } + if (ann2 == null) { + b = 0; + } else { + b = ann2.value(); + } + return a - b; + }).collect(Collectors.toList()); + afterHandlersChain = sortedAfterHandlers; + } + + @Override + public Object intercept(Invocation invocation) throws Throwable { + Executor targetExecutor = (Executor) invocation.getTarget(); + Object[] args = invocation.getArgs(); + if (args.length < 6) { + if (preHandlersChain != null && preHandlersChain.size() > 0) { + MappedStatement ms = (MappedStatement) args[0]; + Object parameterObject = args[1]; + RowBounds rowBounds = (RowBounds) args[2]; + Executor executor = (Executor) invocation.getTarget(); + BoundSql boundSql = ms.getBoundSql(parameterObject); + // 可以对参数做各种处理 + CacheKey cacheKey = executor.createCacheKey(ms, parameterObject, rowBounds, boundSql); + for (MybatisPreHandler item : preHandlersChain) { + item.preHandle(targetExecutor, ms, args[1], (RowBounds) args[2], + (ResultHandler) args[3], cacheKey, boundSql); + } + } + Object result = invocation.proceed(); + if (afterHandlersChain != null && afterHandlersChain.size() > 0) { + for (MybatisAfterHandler item : afterHandlersChain) { + item.handleObject(result); + } + } + return result; + } + if (preHandlersChain != null && preHandlersChain.size() > 0) { + for (MybatisPreHandler item : preHandlersChain) { + item.preHandle(targetExecutor, (MappedStatement) args[0], args[1], (RowBounds) args[2], + (ResultHandler) args[3], (CacheKey) args[4], (BoundSql) args[5]); + } + } + Object result = invocation.proceed(); + if (afterHandlersChain != null && afterHandlersChain.size() > 0) { + for (MybatisAfterHandler item : afterHandlersChain) { + result = item.handleObject(result); + } + } + return result; + } + +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/model/JoinTableModel.java similarity index 97% rename from ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/model/JoinTableModel.java index 6a6cb75..50bd25d 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/model/JoinTableModel.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/model/JoinTableModel.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.model; +package com.ruoyi.mybatisinterceptor.model; import com.ruoyi.common.utils.StringUtils; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/model/WhereModel.java similarity index 96% rename from ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/model/WhereModel.java index 406b1b5..6456fb5 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/model/WhereModel.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/model/WhereModel.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.model; +package com.ruoyi.mybatisinterceptor.model; import com.ruoyi.common.utils.StringUtils; @@ -64,4 +64,4 @@ public class WhereModel { public String getSqlString() { return String.format(" %s %s %s %s ", this.getConnectType(), this.getFullTableColumn(), this.method, this.value); } -} \ No newline at end of file +} diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/mybatis/MybatisInterceptor.java similarity index 95% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/mybatis/MybatisInterceptor.java index 0d9d8d0..ae7d0a3 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/mybatis/MybatisInterceptor.java @@ -1,8 +1,11 @@ -package interceptor.mybatis; +package com.ruoyi.mybatisinterceptor.mybatis; import java.util.List; import java.util.stream.Collectors; +import com.ruoyi.mybatisinterceptor.annotation.MybatisHandlerOrder; +import com.ruoyi.mybatisinterceptor.sql.MybatisAfterHandler; +import com.ruoyi.mybatisinterceptor.sql.MybatisPreHandler; import org.apache.ibatis.cache.CacheKey; import org.apache.ibatis.executor.Executor; import org.apache.ibatis.mapping.BoundSql; @@ -16,12 +19,9 @@ import org.apache.ibatis.session.RowBounds; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; import jakarta.annotation.PostConstruct; -import sql.MybatisAfterHandler; -import sql.MybatisPreHandler; @Component @Intercepts({ diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/MybatisAfterHandler.java similarity index 70% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/MybatisAfterHandler.java index a476dff..133f111 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/MybatisAfterHandler.java @@ -1,4 +1,4 @@ -package sql; +package com.ruoyi.mybatisinterceptor.sql; public interface MybatisAfterHandler { diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/MybatisPreHandler.java similarity index 92% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/MybatisPreHandler.java index dc5f96e..5e9e2eb 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/MybatisPreHandler.java @@ -1,4 +1,4 @@ -package sql; +package com.ruoyi.mybatisinterceptor.sql; import org.apache.ibatis.cache.CacheKey; import org.apache.ibatis.executor.Executor; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/dataSecurity/DataSecurityPreHandler.java similarity index 90% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/dataSecurity/DataSecurityPreHandler.java index 5bd69e3..01a5766 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/dataSecurity/DataSecurityPreHandler.java @@ -1,8 +1,13 @@ -package sql.dataSecurity; +package com.ruoyi.mybatisinterceptor.sql.dataSecurity; import java.lang.reflect.Field; import java.util.List; +import com.ruoyi.mybatisinterceptor.annotation.MybatisHandlerOrder; +import com.ruoyi.mybatisinterceptor.context.dataSecurity.SqlContextHolder; +import com.ruoyi.mybatisinterceptor.model.JoinTableModel; +import com.ruoyi.mybatisinterceptor.model.WhereModel; +import com.ruoyi.mybatisinterceptor.sql.MybatisPreHandler; import org.apache.ibatis.cache.CacheKey; import org.apache.ibatis.executor.Executor; import org.apache.ibatis.mapping.BoundSql; @@ -11,15 +16,8 @@ import org.apache.ibatis.session.ResultHandler; import org.apache.ibatis.session.RowBounds; import org.springframework.stereotype.Component; import org.springframework.util.ReflectionUtils; - -import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import context.dataSecurity.SqlContextHolder; -import sql.MybatisPreHandler; -import com.ruoyi.common.model.JoinTableModel; -import com.ruoyi.common.model.WhereModel; import com.ruoyi.common.utils.StringUtils; import com.ruoyi.common.utils.sql.SqlUtil; - import net.sf.jsqlparser.JSQLParserException; import net.sf.jsqlparser.expression.Alias; import net.sf.jsqlparser.expression.Expression; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/page/PageAfterHandler.java similarity index 65% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/page/PageAfterHandler.java index 398b209..76d0776 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/page/PageAfterHandler.java @@ -1,13 +1,14 @@ -package sql.page; +package com.ruoyi.mybatisinterceptor.sql.page; import java.util.List; +import com.ruoyi.mybatisinterceptor.annotation.MybatisHandlerOrder; +import com.ruoyi.mybatisinterceptor.context.page.PageContextHolder; +import com.ruoyi.mybatisinterceptor.context.page.model.TableInfo; +import com.ruoyi.mybatisinterceptor.sql.MybatisAfterHandler; import org.springframework.stereotype.Component; -import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import context.page.PageContextHolder; -import context.page.model.TableInfo; -import sql.MybatisAfterHandler; + @MybatisHandlerOrder(1) @Component diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/page/PagePreHandler.java similarity index 95% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/page/PagePreHandler.java index f0a0d92..f7f771a 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/sql/page/PagePreHandler.java @@ -1,10 +1,15 @@ -package sql.page; +package com.ruoyi.mybatisinterceptor.sql.page; import java.lang.reflect.Field; import java.sql.SQLException; import java.util.ArrayList; import java.util.List; import java.util.Map; + +import com.ruoyi.mybatisinterceptor.annotation.MybatisHandlerOrder; +import com.ruoyi.mybatisinterceptor.context.page.PageContextHolder; +import com.ruoyi.mybatisinterceptor.context.page.model.PageInfo; +import com.ruoyi.mybatisinterceptor.sql.MybatisPreHandler; import org.apache.ibatis.cache.CacheKey; import org.apache.ibatis.executor.Executor; import org.apache.ibatis.mapping.BoundSql; @@ -15,11 +20,6 @@ import org.apache.ibatis.session.ResultHandler; import org.apache.ibatis.session.RowBounds; import org.springframework.stereotype.Component; import org.springframework.util.ReflectionUtils; - -import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import context.page.PageContextHolder; -import context.page.model.PageInfo; -import sql.MybatisPreHandler; import com.ruoyi.common.utils.sql.SqlUtil; import net.sf.jsqlparser.schema.Column; import net.sf.jsqlparser.statement.Statement; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/util/DataSecurityUtil.java similarity index 64% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/util/DataSecurityUtil.java index b3016f0..cb360d5 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/util/DataSecurityUtil.java @@ -1,7 +1,7 @@ -package util; +package com.ruoyi.mybatisinterceptor.util; -import context.dataSecurity.SqlContextHolder; +import com.ruoyi.mybatisinterceptor.context.dataSecurity.SqlContextHolder; public class DataSecurityUtil { diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/util/SqlUtil.java similarity index 97% rename from ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java rename to ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/util/SqlUtil.java index 277e4b1..98e1f54 100644 --- a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java +++ b/ruoyi-plugins/ruoyi-mybatis-interceptor/src/main/java/com/ruoyi/mybatisinterceptor/util/SqlUtil.java @@ -1,4 +1,4 @@ -package util; +package com.ruoyi.mybatisinterceptor.util; import com.ruoyi.common.exception.UtilException; import com.ruoyi.common.utils.StringUtils; diff --git a/ruoyi-plugins/ruoyi-plugins-starter/pom.xml b/ruoyi-plugins/ruoyi-plugins-starter/pom.xml index 0b4107f..183d4cd 100644 --- a/ruoyi-plugins/ruoyi-plugins-starter/pom.xml +++ b/ruoyi-plugins/ruoyi-plugins-starter/pom.xml @@ -45,6 +45,11 @@ com.ruoyi ruoyi-mybatis-plus + + + com.ruoyi + ruoyi-mybatis-interceptor + -- Gitee From ecc4e11f4d4ea5da394368098cf6eea04698fa26 Mon Sep 17 00:00:00 2001 From: XSWL1018 <824576966@qq.com> Date: Tue, 10 Sep 2024 18:12:16 +0800 Subject: [PATCH 4/4] u --- .../com/ruoyi/common/utils/sql/SqlUtil.java | 40 +++++++++---------- 1 file changed, 18 insertions(+), 22 deletions(-) diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java index e66d159..36b5489 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java +++ b/ruoyi-common/src/main/java/com/ruoyi/common/utils/sql/SqlUtil.java @@ -1,37 +1,32 @@ package com.ruoyi.common.utils.sql; -import java.io.StringReader; - import com.ruoyi.common.exception.UtilException; import com.ruoyi.common.utils.StringUtils; -import net.sf.jsqlparser.JSQLParserException; -import net.sf.jsqlparser.parser.CCJSqlParserManager; -import net.sf.jsqlparser.statement.Statement; - /** * sql操作工具类 - * + * * @author ruoyi */ -public class SqlUtil { +public class SqlUtil +{ /** * 定义常用的 sql关键字 */ - public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()"; + public static String SQL_REGEX = "and |extractvalue|updatexml|sleep|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |union |like |+|/*|user()"; /** * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序) */ public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+"; - private static final CCJSqlParserManager parserManager = new CCJSqlParserManager(); - /** * 检查字符,防止注入绕过 */ - public static String escapeOrderBySql(String value) { - if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) { + public static String escapeOrderBySql(String value) + { + if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) + { throw new UtilException("参数不符合规范,不能进行查询"); } return value; @@ -40,26 +35,27 @@ public class SqlUtil { /** * 验证 order by 语法是否符合规范 */ - public static boolean isValidOrderBySql(String value) { + public static boolean isValidOrderBySql(String value) + { return value.matches(SQL_PATTERN); } /** * SQL关键字检查 */ - public static void filterKeyword(String value) { - if (StringUtils.isEmpty(value)) { + public static void filterKeyword(String value) + { + if (StringUtils.isEmpty(value)) + { return; } String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|"); - for (String sqlKeyword : sqlKeywords) { - if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) { + for (String sqlKeyword : sqlKeywords) + { + if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) + { throw new UtilException("参数存在SQL注入风险"); } } } - - public static Statement parseSql(String sql) throws JSQLParserException { - return parserManager.parse(new StringReader(sql)); - } } -- Gitee