lyf
/
cowr_upgram
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

增加权限名,用户名,角色名验证,修改查询防止sql注入

master
chusifeng 2017-09-30 10:40:23 +08:00
parent 2d2e88f66e
commit 4dfd3e38d9
6 changed files with 159 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/config/Const.kt
View File

@ -13,7 +13,8 @@ object Const {
val msgUpdateRoleFailed = "更新角色信息失败"
val msgUpdateGroupFailed = "更新组信息失败"
val msgUpdateMenuFailed = "更新菜单信息失败"
val msgUpdatepermFailed = "更新perm信息失败"
val msgUpdatepermFailed = "更新权限信息失败"
val msgInvalidParams = "参数错误"
val msgOperationFailed = "操作失败"
val msgCheckNameFailed = "用户名不存在,请重新输入"
}

11
src/main/java/route/CtrlPerm.kt
View File

@ -24,7 +24,16 @@ class CtrlPerm : Controller() {
responseSuccess(perm)
}
}
//校验用户名是否存在
@POST("/checkName/{name}")
@Produces(Produces.JSON)
fun checkName(@Param("name") name : String ) :JSONResponse{
if ( null == name || "" == name.trim()){
responseCheckNameFailed()
}
service.getPremByName(name) ?: return responseCheckNameFailed()
return responseSuccess(true)
}
@GET("/{page: [0-9]+}/{size: [0-9]+}")
@Produces(Produces.JSON)
fun pagi(@Param("page") num:Int, @Param("size") size:Int) :String {

11
src/main/java/route/CtrlRole.kt
View File

@ -24,7 +24,16 @@ class CtrlRole : Controller() {
return responseSuccess(role)
}
//校验用户名是否存在
@POST("/checkName/{name}")
@Produces(Produces.JSON)
fun checkName(@Param("name") name : String ) :JSONResponse{
if ( null == name || "" == name.trim()){
responseCheckNameFailed()
}
service.getRoleByName(name) ?: return responseCheckNameFailed()
return responseSuccess(true)
}
@GET("/{page: [0-9]+}/{size: [0-9]+}")
@Produces(Produces.JSON)
fun pagi(@Param("page") num:Int, @Param("size") size:Int) :String {

10
src/main/java/route/CtrlUser.kt
View File

@ -69,6 +69,16 @@ class CtrlUser : Controller() {
}
}
}
//校验用户名是否存在
@POST("/checkName/{name}")
@Produces(Produces.JSON)
fun checkName(@Param("name") name : String ) :JSONResponse{
if ( null == name || "" == name.trim()){
responseCheckNameFailed()
}
service.getUserByName(name) ?: return responseCheckNameFailed()
return responseSuccess(true)
}
//更新 User
@POST("/update")
@Produces(Produces.JSON)

170
src/main/java/service/Service.kt
View File

@ -10,9 +10,9 @@ import util.*
class Service {
fun getUserById(id: Int): ModelUser? {
val conn = DBUtil.getConnection()
val rs = conn.createStatement()
.executeQuery("select * from `user` where id=$id")
val prep = conn.prepareStatement("select * from `user` where id=?")
prep.setInt(1,id)
val rs = prep.executeQuery()
return if (rs.next()) {
val user = rsToUser(rs)
conn.close()
@ -21,6 +21,19 @@ class Service {
null
}
}
fun getUserByName(userName : String ) : ModelUser? {
val conn = DBUtil.getConnection()
val prep = conn.prepareStatement("select * from `user` where name=?");
prep.setString(1,userName)
val rs = prep.executeQuery();
return if (rs.next()){
val user = rsToUser(rs)
conn.close()
return user
}else {
null
}
}
fun saveUser(user: ModelUser): Boolean {
val conn = DBUtil.getConnection()
@ -42,8 +55,9 @@ class Service {
fun deleteUser(userId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
conn.createStatement()
.execute("delete from `user` where id=$userId")
val prep = conn.prepareStatement("delete from `user` where id=?")
prep.setInt(1,userId)
prep.execute()
return true
} catch (e: Exception) {
return false
@ -63,8 +77,9 @@ class Service {
}
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("select * from `group` where id=${user.groupId}")
val prep = conn.prepareStatement("select * from `group` where id=?")
prep.setInt(1,user.groupId)
val rs = prep.executeQuery()
return if (rs.next()) {
return rsToGroup(rs)
} else {
@ -97,8 +112,9 @@ class Service {
fun deleteGroup(groupId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
conn.createStatement()
.execute("delete from `group` where id=$groupId")
val prep = conn.prepareStatement("delete from `group` where id=?")
prep.setInt(1,groupId)
prep.execute()
return true
} catch (e: Exception) {
return false
@ -110,9 +126,9 @@ class Service {
fun getGroupById(groupId: Int): ModelGroup? {
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("select * from `group` where id=$groupId")
val prep = conn.prepareStatement("select * from `group` where id=?")
prep.setInt(1,groupId)
val rs = prep.executeQuery()
return if (rs.next()) {
return rsToGroup(rs)
} else {
@ -131,8 +147,10 @@ class Service {
val conn = DBUtil.getConnection()
try {
return conn.createStatement()
.execute("update `user` set groupId=$groupId where id=$userId")
val prep = conn.prepareStatement("update `user` set groupId=? where id=?")
prep.setInt(1,groupId)
prep.setInt(2,userId)
return prep.execute()
} finally {
conn.close()
}
@ -141,8 +159,9 @@ class Service {
fun unbindUserToGroup(userId: Int, groupId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
return conn.createStatement()
.execute("update `user` set groupId=-1 where id=$userId")
val prep = conn.prepareStatement("update `user` set groupId=-1 where id=?")
prep.setInt(1,userId)
return prep.execute()
} finally {
conn.close()
}
@ -151,8 +170,9 @@ class Service {
fun getRoleById(roleId: Int): ModelRole? {
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("select * from `role` where id=$roleId")
val prep = conn.prepareStatement("select * from `role` where id=?")
prep.setInt(1,roleId)
val rs = prep.executeQuery()
return if (rs.next()) {
return rsToRole(rs)
@ -163,6 +183,19 @@ class Service {
conn.close()
}
}
fun getRoleByName(roleName : String ) : ModelRole? {
val conn = DBUtil.getConnection()
val prep = conn.prepareStatement("select * from `role` where description=?")
prep.setString(1,roleName)
val rs = prep.executeQuery();
return if (rs.next()){
val role = rsToRole(rs)
conn.close()
return role
}else {
null
}
}
fun getRoleByUserId(userId: Int): ModelRole? {
val user = getUserById(userId)
@ -171,8 +204,10 @@ class Service {
}
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("select * from `role` where id=${user.roleId}")
val prep = conn.prepareStatement("select * from `role` where id=?")
prep.setInt(1,user.roleId)
val rs = prep.executeQuery()
return if (rs.next()) {
return rsToRole(rs)
} else {
@ -199,8 +234,10 @@ class Service {
fun deleteRole(roleId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
conn.createStatement()
.execute("delete from `role` where id=$roleId")
val prep = conn.prepareStatement("delete from `role` where id=?")
prep.setInt(1,roleId)
prep.execute()
return true
} catch (e: Exception) {
@ -222,8 +259,10 @@ class Service {
val conn = DBUtil.getConnection()
try {
return conn.createStatement()
.execute("update `user` set roleId=$roleId where id=$userId")
val prep = conn.prepareStatement("update `user` set roleId=? where id=?")
prep.setInt(1,roleId)
prep.setInt(2,userId)
return prep.execute()
} finally {
conn.close()
}
@ -237,8 +276,10 @@ class Service {
val conn = DBUtil.getConnection()
try {
return conn.createStatement()
.execute("update `user` set roleId=-1 where id=$userId")
val prep = conn.prepareStatement("update `user` set roleId=-1 where id=?")
prep.setInt(1,userId)
return prep.execute()
} finally {
conn.close()
}
@ -247,8 +288,10 @@ class Service {
fun getPermById(permId: Int): ModelPerm? {
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("select * from `perm` where id=$permId")
val prep = conn.prepareStatement("select * from `perm` where id=?")
prep.setInt(1,permId)
val rs = prep.executeQuery()
return if (rs.next()) {
return rsToPerm(rs)
@ -259,17 +302,31 @@ class Service {
conn.close()
}
}
fun getPremByName(permName : String ) : ModelPerm? {
val conn = DBUtil.getConnection()
val prep = conn.prepareStatement("select * from `perm` where description=?")
prep.setString(1,permName)
val rs = prep.executeQuery()
return if (rs.next()){
val perm = rsToPerm(rs)
conn.close()
return perm
}else {
null
}
}
fun getPermByRoleId(roleId: Int): List<ModelPerm> {
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("""
val prep = conn.prepareStatement("""
select * from perm t
where exists(
select * from mapping_perm_role m where m.roleid = $roleId
select * from mapping_perm_role m where m.roleid = ?
)
""".trim())
prep.setInt(1,roleId)
val rs = prep.executeQuery()
val list = mutableListOf<ModelPerm>()
while (rs.next()) {
list.add(rsToPerm(rs))
@ -300,8 +357,10 @@ class Service {
fun deletePerm(permId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
conn.createStatement()
.execute("delete from `perm` where id=$permId")
val prep = conn.prepareStatement("delete from `perm` where id=?")
prep.setInt(1,permId)
prep.execute()
return true
} catch (e: Exception) {
return false
@ -319,8 +378,11 @@ class Service {
val conn = DBUtil.getConnection()
try {
return conn.createStatement()
.execute("insert into mapping_perm_role($permId,$roleId)")
val prep = conn.prepareStatement("insert into mapping_perm_role(?,?)")
prep.setInt(1,permId)
prep.setInt(2,roleId)
return prep.execute()
} finally {
conn.close()
}
@ -329,8 +391,11 @@ class Service {
fun unbindPermToRole(permId: Int, roleId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
conn.createStatement()
.execute("delete from mapping_perm_role where permId=$permId and roleId=$roleId)")
val prep = conn.prepareStatement("delete from mapping_perm_role where permId=? and roleId=?)")
prep.setInt(1,permId)
prep.setInt(2,roleId)
prep.execute()
return true
} catch (e: Exception) {
return false
@ -342,8 +407,10 @@ class Service {
fun getMenuById(menuId: Int): ModelMenu? {
val conn = DBUtil.getConnection()
try {
val rs = conn.createStatement()
.executeQuery("select * from `menu` where id=$menuId")
val prep = conn.prepareStatement("select * from `menu` where id=?")
prep.setInt(1,menuId)
val rs = prep.executeQuery()
return if (rs.next()) {
return rsToMenu(rs)
@ -380,8 +447,10 @@ class Service {
fun deleteMenu(menuId: Int): Boolean {
val conn = DBUtil.getConnection()
try {
conn.createStatement()
.execute("delete from `menu` where id=$menuId")
val prep = conn.prepareStatement("delete from `menu` where id=?")
prep.setInt(1,menuId)
prep.execute()
return true
} catch (e: Exception) {
return false
@ -398,9 +467,15 @@ class Service {
val conn = DBUtil.getConnection()
try {
val statement = conn.createStatement()
statement.execute("update `menu` set permId=-1 where id=$menuId")
val bool = statement.executeUpdate("update `menu` set permId=$permId where id=$menuId")
val prep = conn.prepareStatement("update `menu` set permId=-1 where id=?")
prep.setInt(1,menuId)
prep.execute()
val prep2 = conn.prepareStatement("update `menu` set permId=? where id=?")
prep2.setInt(1,permId)
prep2.setInt(2,menuId)
val bool = prep2.executeUpdate()
return bool == 1
}finally {
conn.close()
@ -408,8 +483,9 @@ class Service {
}
fun unbindMenuToPerm(menuId: Int, permId: Int): Boolean {
return DBUtil.getConnection().createStatement()
.execute("update `menu` set permId=-1 where id=$menuId")
val prep = DBUtil.getConnection().prepareStatement("update `menu` set permId=-1 where id=?")
prep.setInt(1,menuId)
return prep.execute()
}
fun pagiUser(page: Int, size: Int): Page<Record> {

5
src/main/java/util/Util.kt
View File

@ -33,7 +33,9 @@ fun responseUpdateMenuFailed() : JSONResponse {
fun responseUpdatePermFailed() : JSONResponse {
return JSONResponse(Const.codeServiceOperationFailed,Const.msgUpdatepermFailed,null)
}
fun responseCheckNameFailed(): JSONResponse {
return JSONResponse(Const.codeSuccess, "", false)
}
fun responseInvalidParams(): JSONResponse {
return JSONResponse(Const.codeInvalidParams, Const.msgInvalidParams, null)
}
@ -42,6 +44,7 @@ fun responseSuccess(result: Any): JSONResponse {
return JSONResponse(Const.codeSuccess, Const.msgEmptyMsg, result)
}
fun rsToUser(rs: ResultSet): ModelUser {
return ModelUser(
id = rs.getInt("id"),