From d06fa02df20006598b71766ed9725695ea980911 Mon Sep 17 00:00:00 2001 From: XSWL1018 <824576966@qq.com> Date: Tue, 10 Sep 2024 17:39:57 +0800 Subject: [PATCH] u --- .../DataSecurityContextHolder.java | 48 -------------- .../ruoyi/common/utils/DataSecurityUtil.java | 14 ---- ruoyi-middleware/pom.xml | 9 ++- .../ruoyi-middleware-starter/pom.xml | 5 ++ .../pom.xml | 26 ++++++++ .../main/java/annotation/DataSecurity.java | 16 +++++ .../java/annotation/MybatisHandlerOrder.java | 10 +++ .../java}/aspectj/DataSecurityAspect.java | 23 +++---- .../dataSecurity/SqlContextHolder.java | 45 +++++++++++++ .../java}/context/page/PageContextHolder.java | 4 +- .../java}/context/page/model/PageInfo.java | 2 +- .../context/page/model/RuoyiTableData.java | 2 +- .../java}/context/page/model/TableInfo.java | 2 +- .../mybatis/MybatisInterceptor.java | 8 +-- .../main/java}/sql/MybatisAfterHandler.java | 4 +- .../src/main/java}/sql/MybatisPreHandler.java | 4 +- .../dataSecurity/DataSecurityPreHandler.java | 16 ++--- .../main/java}/sql/page/PageAfterHandler.java | 9 ++- .../main/java}/sql/page/PagePreHandler.java | 8 +-- .../src/main/java/util/DataSecurityUtil.java | 15 +++++ .../src/main/java/util/SqlUtil.java | 64 +++++++++++++++++++ 21 files changed, 227 insertions(+), 107 deletions(-) delete mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java delete mode 100644 ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java rename {ruoyi-framework/src/main/java/com/ruoyi/framework => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/aspectj/DataSecurityAspect.java (81%) create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/PageContextHolder.java (92%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/model/PageInfo.java (96%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/model/RuoyiTableData.java (88%) rename {ruoyi-common/src/main/java/com/ruoyi/common => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/context/page/model/TableInfo.java (87%) rename {ruoyi-framework/src/main/java/com/ruoyi/framework => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/interceptor/mybatis/MybatisInterceptor.java (96%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/MybatisAfterHandler.java (71%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/MybatisPreHandler.java (93%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/dataSecurity/DataSecurityPreHandler.java (85%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/page/PageAfterHandler.java (73%) rename {ruoyi-common/src/main/java/com/ruoyi/common/handler => ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java}/sql/page/PagePreHandler.java (96%) create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java create mode 100644 ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java b/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java deleted file mode 100644 index 9b381b6..0000000 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/dataSecurity/DataSecurityContextHolder.java +++ /dev/null @@ -1,48 +0,0 @@ -package com.ruoyi.common.context.dataSecurity; - -import java.util.List; -import java.util.Map; - -import com.alibaba.fastjson2.JSONArray; -import com.alibaba.fastjson2.JSONObject; -import com.ruoyi.common.enums.SqlType; -import com.ruoyi.common.model.JoinTableModel; -import com.ruoyi.common.model.WhereModel; - -public class DataSecurityContextHolder { - private static final ThreadLocal DATA_SECURITY_SQL_CONTEXT_HOLDER = new ThreadLocal<>(); - - public static void startDataSecurity() { - JSONObject jsonObject = new JSONObject(); - jsonObject.put("isSecurity", Boolean.TRUE); - jsonObject.put(SqlType.WHERE.getSqlType(), new JSONArray()); - jsonObject.put(SqlType.JOIN.getSqlType(), new JSONArray()); - DATA_SECURITY_SQL_CONTEXT_HOLDER.set(jsonObject); - } - - public static void addWhereParam(WhereModel whereModel) { - DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()).add(whereModel); - } - - public static void clearCache() { - DATA_SECURITY_SQL_CONTEXT_HOLDER.remove(); - } - - public static boolean isSecurity() { - - return DATA_SECURITY_SQL_CONTEXT_HOLDER.get() != null - && DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getBooleanValue("isSecurity"); - } - - public static JSONArray getWhere() { - return DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()); - } - - public static void addJoinTable(JoinTableModel joinTableModel) { - DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()).add(joinTableModel); - } - - public static JSONArray getJoinTables() { - return DATA_SECURITY_SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()); - } -} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java b/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java deleted file mode 100644 index 5dd6e23..0000000 --- a/ruoyi-common/src/main/java/com/ruoyi/common/utils/DataSecurityUtil.java +++ /dev/null @@ -1,14 +0,0 @@ -package com.ruoyi.common.utils; - -import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; - -public class DataSecurityUtil { - - public static void closeDataSecurity() { - DataSecurityContextHolder.clearCache(); - } - - public static void startDataSecurity() { - DataSecurityContextHolder.startDataSecurity(); - } -} diff --git a/ruoyi-middleware/pom.xml b/ruoyi-middleware/pom.xml index 20f2140..00adf91 100644 --- a/ruoyi-middleware/pom.xml +++ b/ruoyi-middleware/pom.xml @@ -44,6 +44,12 @@ ruoyi-middleware-starter ${ruoyi.version} + + + com.ruoyi + ruoyi-midleware-mybatis-interceptor + ${ruoyi.version} + @@ -52,6 +58,7 @@ ruoyi-middleware-minio ruoyi-middleware-redis ruoyi-middleware-starter + ruoyi-midleware-mybatis-interceptor pom - \ No newline at end of file + diff --git a/ruoyi-middleware/ruoyi-middleware-starter/pom.xml b/ruoyi-middleware/ruoyi-middleware-starter/pom.xml index 870ca1e..626ca90 100644 --- a/ruoyi-middleware/ruoyi-middleware-starter/pom.xml +++ b/ruoyi-middleware/ruoyi-middleware-starter/pom.xml @@ -32,6 +32,11 @@ ruoyi-middleware-redis + + com.ruoyi + ruoyi-midleware-mybatis-interceptor + + diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml new file mode 100644 index 0000000..0f4a89d --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/pom.xml @@ -0,0 +1,26 @@ + + + + ruoyi-middleware + com.ruoyi + 3.8.8.3.1 + + 4.0.0 + + ruoyi-midleware-mybatis-interceptor + + + 19 + 19 + UTF-8 + + + + com.ruoyi + ruoyi-framework + + + + diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java new file mode 100644 index 0000000..8cf123b --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/DataSecurity.java @@ -0,0 +1,16 @@ +package annotation; + +import com.ruoyi.common.enums.DataSecurityStrategy; + +import java.lang.annotation.*; + +@Target(ElementType.METHOD) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface DataSecurity { + public DataSecurityStrategy strategy() default DataSecurityStrategy.CREEATE_BY; + + public String table() default ""; + + public String joinTableAlise() default ""; +} diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java new file mode 100644 index 0000000..440c856 --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/annotation/MybatisHandlerOrder.java @@ -0,0 +1,10 @@ +package annotation; + +import java.lang.annotation.*; + +@Target(ElementType.TYPE) +@Retention(RetentionPolicy.RUNTIME) +@Documented +public @interface MybatisHandlerOrder { + public int value() default 0; +} diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java similarity index 81% rename from ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java index dd52370..137a38e 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/aspectj/DataSecurityAspect.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/aspectj/DataSecurityAspect.java @@ -1,31 +1,26 @@ -package com.ruoyi.framework.aspectj; - -import java.util.List; +package aspectj; +import context.dataSecurity.SqlContextHolder; import org.aspectj.lang.JoinPoint; import org.aspectj.lang.annotation.After; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Before; -import org.aspectj.lang.annotation.Pointcut; import org.springframework.stereotype.Component; import com.ruoyi.common.annotation.sql.DataSecurity; -import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; -import com.ruoyi.common.enums.DataSecurityStrategy; + import com.ruoyi.common.model.JoinTableModel; import com.ruoyi.common.model.WhereModel; import com.ruoyi.common.utils.SecurityUtils; import com.ruoyi.common.utils.StringUtils; -import ch.qos.logback.core.util.StringUtil; - @Aspect @Component public class DataSecurityAspect { @Before(value = "@annotation(dataSecurity)") public void doBefore(final JoinPoint point, DataSecurity dataSecurity) throws Throwable { - DataSecurityContextHolder.startDataSecurity(); + SqlContextHolder.startDataSecurity(); switch (dataSecurity.strategy()) { case CREEATE_BY: WhereModel createByModel = new WhereModel(); @@ -34,7 +29,7 @@ public class DataSecurityAspect { createByModel.setWhereColumn("create_by"); createByModel.setMethod(WhereModel.METHOD_EQUAS); createByModel.setConnectType(WhereModel.CONNECT_AND); - DataSecurityContextHolder.addWhereParam(createByModel); + SqlContextHolder.addWhereParam(createByModel); break; case USER_ID: WhereModel userIdModel = new WhereModel(); @@ -43,7 +38,7 @@ public class DataSecurityAspect { userIdModel.setValue(SecurityUtils.getUserId()); userIdModel.setConnectType(WhereModel.CONNECT_AND); userIdModel.setMethod(WhereModel.METHOD_EQUAS); - DataSecurityContextHolder.addWhereParam(userIdModel); + SqlContextHolder.addWhereParam(userIdModel); break; case JOINTABLE_CREATE_BY: JoinTableModel createByTableModel = new JoinTableModel(); @@ -56,7 +51,7 @@ public class DataSecurityAspect { createByTableModel.setFromTableColumn("create_by"); createByTableModel.setJoinTableColumn("user_name"); - DataSecurityContextHolder.addJoinTable(createByTableModel); + SqlContextHolder.addJoinTable(createByTableModel); break; case JOINTABLE_USER_ID: JoinTableModel userIdTableModel = new JoinTableModel(); @@ -69,7 +64,7 @@ public class DataSecurityAspect { userIdTableModel.setFromTableColumn("user_id"); userIdTableModel.setJoinTableColumn("user_id"); - DataSecurityContextHolder.addJoinTable(userIdTableModel); + SqlContextHolder.addJoinTable(userIdTableModel); break; default: @@ -80,6 +75,6 @@ public class DataSecurityAspect { @After(value = " @annotation(dataSecurity)") public void doAfter(final JoinPoint point, DataSecurity dataSecurity) { - DataSecurityContextHolder.clearCache(); + SqlContextHolder.clearCache(); } } diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java new file mode 100644 index 0000000..0450064 --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/dataSecurity/SqlContextHolder.java @@ -0,0 +1,45 @@ +package context.dataSecurity; + +import com.alibaba.fastjson2.JSONArray; +import com.alibaba.fastjson2.JSONObject; +import com.ruoyi.common.enums.SqlType; +import com.ruoyi.common.model.JoinTableModel; +import com.ruoyi.common.model.WhereModel; + +public class SqlContextHolder { + private static final ThreadLocal SQL_CONTEXT_HOLDER = new ThreadLocal<>(); + + public static void startDataSecurity() { + JSONObject jsonObject = new JSONObject(); + jsonObject.put("isSecurity", Boolean.TRUE); + jsonObject.put(SqlType.WHERE.getSqlType(), new JSONArray()); + jsonObject.put(SqlType.JOIN.getSqlType(), new JSONArray()); + SQL_CONTEXT_HOLDER.set(jsonObject); + } + + public static void addWhereParam(WhereModel whereModel) { + SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()).add(whereModel); + } + + public static void clearCache() { + SQL_CONTEXT_HOLDER.remove(); + } + + public static boolean isSecurity() { + + return SQL_CONTEXT_HOLDER.get() != null + && SQL_CONTEXT_HOLDER.get().getBooleanValue("isSecurity"); + } + + public static JSONArray getWhere() { + return SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.WHERE.getSqlType()); + } + + public static void addJoinTable(JoinTableModel joinTableModel) { + SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()).add(joinTableModel); + } + + public static JSONArray getJoinTables() { + return SQL_CONTEXT_HOLDER.get().getJSONArray(SqlType.JOIN.getSqlType()); + } +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java similarity index 92% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java index ad0bcd3..3e06149 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/PageContextHolder.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/PageContextHolder.java @@ -1,7 +1,7 @@ -package com.ruoyi.common.context.page; +package context.page; import com.alibaba.fastjson2.JSONObject; -import com.ruoyi.common.context.page.model.PageInfo; +import context.page.model.PageInfo; public class PageContextHolder { private static final ThreadLocal PAGE_CONTEXT_HOLDER = new ThreadLocal<>(); diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java similarity index 96% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java index dfca4ad..3996166 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/PageInfo.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/PageInfo.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.context.page.model; +package context.page.model; import com.ruoyi.common.core.text.Convert; import com.ruoyi.common.utils.ServletUtils; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java similarity index 88% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java index b4d3711..346b17a 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/RuoyiTableData.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/RuoyiTableData.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.context.page.model; +package context.page.model; import java.util.List; diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java similarity index 87% rename from ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java index 8e0d722..dace74c 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/context/page/model/TableInfo.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/context/page/model/TableInfo.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.context.page.model; +package context.page.model; import java.util.ArrayList; import java.util.List; diff --git a/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java similarity index 96% rename from ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java index caf4af5..0d9d8d0 100644 --- a/ruoyi-framework/src/main/java/com/ruoyi/framework/interceptor/mybatis/MybatisInterceptor.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/interceptor/mybatis/MybatisInterceptor.java @@ -1,6 +1,5 @@ -package com.ruoyi.framework.interceptor.mybatis; +package interceptor.mybatis; -import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; @@ -18,10 +17,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.handler.sql.MybatisAfterHandler; -import com.ruoyi.common.handler.sql.MybatisPreHandler; + import jakarta.annotation.PostConstruct; +import sql.MybatisAfterHandler; +import sql.MybatisPreHandler; @Component @Intercepts({ diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java similarity index 71% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java index 3713b39..a476dff 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisAfterHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisAfterHandler.java @@ -1,7 +1,7 @@ -package com.ruoyi.common.handler.sql; +package sql; public interface MybatisAfterHandler { Object handleObject(Object object) throws Throwable; -} \ No newline at end of file +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java similarity index 93% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java index 676d97c..dc5f96e 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/MybatisPreHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/MybatisPreHandler.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.handler.sql; +package sql; import org.apache.ibatis.cache.CacheKey; import org.apache.ibatis.executor.Executor; @@ -12,4 +12,4 @@ public interface MybatisPreHandler { void preHandle(Executor executor, MappedStatement mappedStatement, Object params, RowBounds rowBounds, ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) throws Throwable; -} \ No newline at end of file +} diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java similarity index 85% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java index 1021b09..5bd69e3 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/dataSecurity/DataSecurityPreHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/dataSecurity/DataSecurityPreHandler.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.handler.sql.dataSecurity; +package sql.dataSecurity; import java.lang.reflect.Field; import java.util.List; @@ -13,8 +13,8 @@ import org.springframework.stereotype.Component; import org.springframework.util.ReflectionUtils; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.context.dataSecurity.DataSecurityContextHolder; -import com.ruoyi.common.handler.sql.MybatisPreHandler; +import context.dataSecurity.SqlContextHolder; +import sql.MybatisPreHandler; import com.ruoyi.common.model.JoinTableModel; import com.ruoyi.common.model.WhereModel; import com.ruoyi.common.utils.StringUtils; @@ -44,7 +44,7 @@ public class DataSecurityPreHandler implements MybatisPreHandler { @Override public void preHandle(Executor executor, MappedStatement mappedStatement, Object params, RowBounds rowBounds, ResultHandler resultHandler, CacheKey cacheKey, BoundSql boundSql) throws Throwable { - if (DataSecurityContextHolder.isSecurity()) { + if (SqlContextHolder.isSecurity()) { Statement sql = parseSql(SqlUtil.parseSql(boundSql.getSql())); sqlFiled.set(boundSql, sql.toString()); } @@ -67,10 +67,10 @@ public class DataSecurityPreHandler implements MybatisPreHandler { Expression expWhere = plain.getWhere(); StringBuilder whereParam = new StringBuilder(" "); String where = expWhere != null ? expWhere.toString() : null; - if (DataSecurityContextHolder.getWhere() == null || DataSecurityContextHolder.getWhere().size() <= 0) { + if (SqlContextHolder.getWhere() == null || SqlContextHolder.getWhere().size() <= 0) { return; } - DataSecurityContextHolder.getWhere().forEach(item -> { + SqlContextHolder.getWhere().forEach(item -> { whereParam.append(((WhereModel) item).getSqlString()); }); where = StringUtils.isEmpty(where) ? whereParam.toString().substring(5, whereParam.length()) @@ -80,10 +80,10 @@ public class DataSecurityPreHandler implements MybatisPreHandler { private static void handleJoin(Select select) { PlainSelect selectBody = select.getPlainSelect(); - if (DataSecurityContextHolder.getJoinTables() == null || DataSecurityContextHolder.getJoinTables().size() <= 0) { + if (SqlContextHolder.getJoinTables() == null || SqlContextHolder.getJoinTables().size() <= 0) { return; } - DataSecurityContextHolder.getJoinTables().forEach(item -> { + SqlContextHolder.getJoinTables().forEach(item -> { JoinTableModel tableModel = (JoinTableModel) item; Table table = new Table(tableModel.getJoinTable()); table.setAlias(new Alias(tableModel.getJoinTableAlise())); diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java similarity index 73% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java index 8a5d670..398b209 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PageAfterHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PageAfterHandler.java @@ -1,14 +1,13 @@ -package com.ruoyi.common.handler.sql.page; +package sql.page; -import java.util.ArrayList; import java.util.List; import org.springframework.stereotype.Component; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.context.page.PageContextHolder; -import com.ruoyi.common.context.page.model.TableInfo; -import com.ruoyi.common.handler.sql.MybatisAfterHandler; +import context.page.PageContextHolder; +import context.page.model.TableInfo; +import sql.MybatisAfterHandler; @MybatisHandlerOrder(1) @Component diff --git a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java similarity index 96% rename from ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java rename to ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java index 387eeb4..f0a0d92 100644 --- a/ruoyi-common/src/main/java/com/ruoyi/common/handler/sql/page/PagePreHandler.java +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/sql/page/PagePreHandler.java @@ -1,4 +1,4 @@ -package com.ruoyi.common.handler.sql.page; +package sql.page; import java.lang.reflect.Field; import java.sql.SQLException; @@ -17,9 +17,9 @@ import org.springframework.stereotype.Component; import org.springframework.util.ReflectionUtils; import com.ruoyi.common.annotation.sql.MybatisHandlerOrder; -import com.ruoyi.common.context.page.PageContextHolder; -import com.ruoyi.common.context.page.model.PageInfo; -import com.ruoyi.common.handler.sql.MybatisPreHandler; +import context.page.PageContextHolder; +import context.page.model.PageInfo; +import sql.MybatisPreHandler; import com.ruoyi.common.utils.sql.SqlUtil; import net.sf.jsqlparser.schema.Column; import net.sf.jsqlparser.statement.Statement; diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java new file mode 100644 index 0000000..b3016f0 --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/DataSecurityUtil.java @@ -0,0 +1,15 @@ +package util; + + +import context.dataSecurity.SqlContextHolder; + +public class DataSecurityUtil { + + public static void closeDataSecurity() { + SqlContextHolder.clearCache(); + } + + public static void startDataSecurity() { + SqlContextHolder.startDataSecurity(); + } +} diff --git a/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java new file mode 100644 index 0000000..277e4b1 --- /dev/null +++ b/ruoyi-middleware/ruoyi-midleware-mybatis-interceptor/src/main/java/util/SqlUtil.java @@ -0,0 +1,64 @@ +package util; + +import com.ruoyi.common.exception.UtilException; +import com.ruoyi.common.utils.StringUtils; +import net.sf.jsqlparser.JSQLParserException; +import net.sf.jsqlparser.parser.CCJSqlParserManager; +import net.sf.jsqlparser.statement.Statement; + +import java.io.StringReader; + +/** + * sql操作工具类 + * + * @author ruoyi + */ +public class SqlUtil { + /** + * 定义常用的 sql关键字 + */ + public static String SQL_REGEX = "and |extractvalue|updatexml|exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |or |+|user()"; + + /** + * 仅支持字母、数字、下划线、空格、逗号、小数点(支持多个字段排序) + */ + public static String SQL_PATTERN = "[a-zA-Z0-9_\\ \\,\\.]+"; + + private static final CCJSqlParserManager parserManager = new CCJSqlParserManager(); + + /** + * 检查字符,防止注入绕过 + */ + public static String escapeOrderBySql(String value) { + if (StringUtils.isNotEmpty(value) && !isValidOrderBySql(value)) { + throw new UtilException("参数不符合规范,不能进行查询"); + } + return value; + } + + /** + * 验证 order by 语法是否符合规范 + */ + public static boolean isValidOrderBySql(String value) { + return value.matches(SQL_PATTERN); + } + + /** + * SQL关键字检查 + */ + public static void filterKeyword(String value) { + if (StringUtils.isEmpty(value)) { + return; + } + String[] sqlKeywords = StringUtils.split(SQL_REGEX, "\\|"); + for (String sqlKeyword : sqlKeywords) { + if (StringUtils.indexOfIgnoreCase(value, sqlKeyword) > -1) { + throw new UtilException("参数存在SQL注入风险"); + } + } + } + + public static Statement parseSql(String sql) throws JSQLParserException { + return parserManager.parse(new StringReader(sql)); + } +}