Server:新增通过 Log.DEBUG 来切换日志输入，非 DEBUG 模式下隐藏敏感信息

TommyLemon · TommyLemon · commit 867d808cbe41 · 2019-03-03T23:32:33.000+08:00
diff --git a/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/APIJSONApplication.java b/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/APIJSONApplication.java
@@ -24,6 +24,8 @@
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 
+import zuo.biao.apijson.Log;
+
 
 /**SpringBootApplication
  * 右键这个类 > Run As > Java Application
@@ -36,6 +38,8 @@ public class APIJSONApplication {
 	public static void main(String[] args) throws Exception {
 		SpringApplication.run(APIJSONApplication.class, args);
 
+		Log.DEBUG = true; //上线生产环境前改为 false，可不输出 APIJSONORM 的日志 以及 SQLException 的原始(敏感)信息
+		
 		System.out.println("\n\n\n\n\n<<<<<<<<<<<<<<<<<<<<<<<<< APIJSON >>>>>>>>>>>>>>>>>>>>>>>>\n");
 		System.out.println("开始测试:远程函数 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
 		try {
diff --git a/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/DemoSQLConfig.java b/APIJSON-Java-Server/APIJSONBoot/src/main/java/apijson/demo/server/DemoSQLConfig.java
@@ -51,6 +51,7 @@ public DemoSQLConfig getSQLConfig(RequestMethod method, String table) {
 				return new DemoSQLConfig(method, table);
 			}
 
+			//取消注释来实现自定义各个表的主键名
 			//			@Override
 			//			public String getIdKey(String schema, String table) {
 			//				return StringUtil.firstCase(table + "Id");  // userId, comemntId ...
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/Log.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/Log.java
@@ -19,7 +19,7 @@
  */
 public class Log {
 
-	private static final boolean DEBUG = true;
+	public static boolean DEBUG = true;
 	
 	/**
 	 * @param TAG
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractParser.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractParser.java
@@ -17,6 +17,7 @@
 import static zuo.biao.apijson.RequestMethod.GET;
 
 import java.io.UnsupportedEncodingException;
+import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -1203,7 +1204,14 @@ public synchronized JSONObject executeSQL(@NotNull SQLConfig config, boolean isS
 			return sqlObj;//容易丢失信息 JSON.parseObject(config);
 		}
 
-		return parseCorrectResponse(config.getTable(), sqlExecutor.execute(config));
+		try {
+			return parseCorrectResponse(config.getTable(), sqlExecutor.execute(config));
+		} catch (Exception e) {
+			if (Log.DEBUG == false && e instanceof SQLException) {
+				throw new SQLException("数据库驱动执行异常SQLException，非 Log.DEBUG 模式下不显示详情，避免泄漏真实模式名、表名等隐私信息", e);
+			}
+			throw e;
+		}
 	}
 
 
diff --git a/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractVerifier.java b/APIJSON-Java-Server/APIJSONORM/src/main/java/zuo/biao/apijson/server/AbstractVerifier.java
@@ -67,15 +67,17 @@ public abstract class AbstractVerifier<T> implements Verifier<T> {
 	static {
 		ACCESS_MAP = new HashMap<String, Map<RequestMethod, RequestRole[]>>();
 
-		ACCESS_MAP.put(Table.class.getSimpleName(), getAccessMap(Table.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Column.class.getSimpleName(), getAccessMap(Column.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Test.class.getSimpleName(), getAccessMap(Test.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Request.class.getSimpleName(), getAccessMap(Request.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Response.class.getSimpleName(), getAccessMap(Response.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Document.class.getSimpleName(), getAccessMap(Document.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(TestRecord.class.getSimpleName(), getAccessMap(TestRecord.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Function.class.getSimpleName(), getAccessMap(Function.class.getAnnotation(MethodAccess.class)));
-		ACCESS_MAP.put(Access.class.getSimpleName(), getAccessMap(Access.class.getAnnotation(MethodAccess.class)));
+		if (Log.DEBUG) {
+			ACCESS_MAP.put(Table.class.getSimpleName(), getAccessMap(Table.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Column.class.getSimpleName(), getAccessMap(Column.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Test.class.getSimpleName(), getAccessMap(Test.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Request.class.getSimpleName(), getAccessMap(Request.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Response.class.getSimpleName(), getAccessMap(Response.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Document.class.getSimpleName(), getAccessMap(Document.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(TestRecord.class.getSimpleName(), getAccessMap(TestRecord.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Function.class.getSimpleName(), getAccessMap(Function.class.getAnnotation(MethodAccess.class)));
+			ACCESS_MAP.put(Access.class.getSimpleName(), getAccessMap(Access.class.getAnnotation(MethodAccess.class)));
+		}
 	}
 
 	/**获取权限Map，每种操作都只允许对应的角色
@@ -299,7 +301,7 @@ public void verifyLogin() throws Exception {
 		if (visitorId == null) {
 			throw new NotLoggedInException("未登录，请登录后再操作！");
 		}
-		
+
 		if (visitorId instanceof Number) {
 			if (((Number) visitorId).longValue() <= 0) {
 				throw new NotLoggedInException("未登录，请登录后再操作！");
@@ -364,5 +366,5 @@ public void verifyRepeat(String table, String key, Object value, long exceptId)
 			throw new ConflictException(key + ": " + value + " 已经存在，不能重复！");
 		}
 	}
-	
+
 }

Original file line number	Diff line number	Diff line change
`@@ -51,6 +51,7 @@ public DemoSQLConfig getSQLConfig(RequestMethod method, String table) {`
`51`	`51`	`return new DemoSQLConfig(method, table);`
`52`	`52`	`}`
`53`	`53`
	`54`	`+ //取消注释来实现自定义各个表的主键名`
`54`	`55`	`// @Override`
`55`	`56`	`// public String getIdKey(String schema, String table) {`
`56`	`57`	`// return StringUtil.firstCase(table + "Id"); // userId, comemntId ...`