Skip to content

Commit 347f0ec

Browse files
TommyLemonTommyLemon
committed
Server:@having支持非函数表达式 column?value
1 parent bde6311 commit 347f0ec

1 file changed

Lines changed: 30 additions & 14 deletions

File tree

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java

Lines changed: 30 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -319,41 +319,53 @@ public String getHavingString() {
319319

320320
//TODO 支持 maxId>=100 这种没括号的
321321
int start = expression.indexOf("(");
322+
if (start < 0) {
323+
if (isPrepared() && PATTERN_HAVING.matcher(expression).matches() == false) {
324+
throw new UnsupportedOperationException("字符串 " + expression + " 不合法!"
325+
+ "预编译模式下 @having:\"column?value;function(arg0,arg1,...)?value...\""
326+
+ " 中 column?value 必须符合正则表达式 ^[A-Za-z0-9%!=<>]+$ !不允许空格!");
327+
}
328+
continue;
329+
}
330+
322331
int end = expression.indexOf(")");
323332
if (start >= end) {
324-
throw new IllegalArgumentException("字符 " + expression + " 不合法!@having:value 中 value 里的 SQL函数必须为 function(arg0,arg1,...) 这种格式!");
333+
throw new IllegalArgumentException("字符 " + expression + " 不合法!"
334+
+ "@having:value 中 value 里的 SQL函数必须为 function(arg0,arg1,...) 这种格式!");
325335
}
326336

327337
method = expression.substring(0, start);
328338

329339
if (StringUtil.isName(method) == false) {
330340
throw new IllegalArgumentException("字符 " + method + " 不合法!"
331-
+ "预编译模式下 @having:\"function0(arg0,arg1,...)operator value;function1(arg0,arg1,...)operator value\""
341+
+ "预编译模式下 @having:\"column?value;function(arg0,arg1,...)?value...\""
332342
+ " 中SQL函数名 function 必须符合正则表达式 ^[0-9a-zA-Z_]+$ !");
333343
}
334344

335345
suffix = expression.substring(end + 1, expression.length());
336346

337-
if (isPrepared() && PATTERN_RANGE.matcher((String) suffix).matches() == false) {
347+
if (isPrepared() && PATTERN_HAVING_SUFFIX.matcher((String) suffix).matches() == false) {
338348
throw new UnsupportedOperationException("字符串 " + suffix + " 不合法!"
339-
+ "预编译模式下 @having:\"function0(arg0,arg1,...)operator value;function1(arg0,arg1,...)operator value\""
340-
+ " 中 condition 必须符合正则表达式 ^[0-9%!=<>,]+$ !不允许空格!");
349+
+ "预编译模式下 @having:\"column?value;function(arg0,arg1,...)?value...\""
350+
+ " 中 ?value 必须符合正则表达式 ^[0-9%!=<>]+$ !不允许空格!");
341351
}
342352

343353
String[] ckeys = StringUtil.split(expression.substring(start + 1, end));
344354

345-
for (int j = 0; j < ckeys.length; j++) {
355+
if (ckeys != null) {
356+
for (int j = 0; j < ckeys.length; j++) {
346357

347-
if (isPrepared() && (StringUtil.isName(ckeys[j]) == false || ckeys[j].startsWith("_"))) {
348-
throw new IllegalArgumentException("字符 " + ckeys[j] + " 不合法!"
349-
+ "预编译模式下 @having:\"function0(arg0,arg1,...)operator value;function1(arg0,arg1,...)operator value\""
350-
+ " 中所有 arg 都必须是1个不以 _ 开头的单词!并且不要有空格!");
351-
}
358+
if (isPrepared() && (StringUtil.isName(ckeys[j]) == false || ckeys[j].startsWith("_"))) {
359+
throw new IllegalArgumentException("字符 " + ckeys[j] + " 不合法!"
360+
+ "预编译模式下 @having:\"column?value;function(arg0,arg1,...)?value...\""
361+
+ " 中所有 arg 都必须是1个不以 _ 开头的单词!并且不要有空格!");
362+
}
352363

353-
ckeys[j] = getKey(ckeys[j]);
364+
ckeys[j] = getKey(ckeys[j]);
365+
}
354366
}
355367

356-
keys[i] = method + "(" + StringUtil.getString(ckeys) + ")" + suffix;
368+
//keys[i] = method + "(" + StringUtil.getString(ckeys) + ")" + suffix;
357369
}
358370

359371
return " HAVING " + StringUtil.getString(keys, AND); //TODO 支持 OR, NOT 参考 @combine:"&key0,|key1,!key2"
@@ -461,7 +473,7 @@ public String getColumnString() throws Exception {
461473

462474
return "(" + column + ")";
463475
case GET:
464-
case GETS:
476+
case GETS: //TODO 支持SQL函数 json_length(contactIdList):contactCount
465477
boolean isQuery = RequestMethod.isQueryMethod(method);
466478
String joinColumn = "";
467479
if (isQuery && joinList != null) {
@@ -1106,8 +1118,12 @@ public String getRegExpString(String key, String value) {
11061118

11071119
// * 和 / 不能同时出现,防止 /* */ 段注释! # 和 -- 不能出现,防止行注释! ; 不能出现,防止隔断SQL语句!空格不能出现,防止 CRUD,DROP,SHOW TABLES等语句!
11081120
private static final Pattern PATTERN_RANGE;
1121+
private static final Pattern PATTERN_HAVING;
1122+
private static final Pattern PATTERN_HAVING_SUFFIX;
11091123
static {
11101124
PATTERN_RANGE = Pattern.compile("^[0-9%!=<>,]+$"); // ^[a-zA-Z0-9_*%!=<>(),"]+$ 导致 exists(select*from(Comment)) 通过!
1125+
PATTERN_HAVING = Pattern.compile("^[A-Za-z0-9%!=<>]+$"); //TODO 改成更好的正则,校验前面为单词,中间为操作符,后面为值
1126+
PATTERN_HAVING_SUFFIX = Pattern.compile("^[0-9%!=<>]+$"); // ^[a-zA-Z0-9_*%!=<>(),"]+$ 导致 exists(select*from(Comment)) 通过!
11111127
}
11121128

11131129

0 commit comments

Comments
 (0)