com.kukababy.pager.Valid Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of dbquery Show documentation
Unified query of Mongodb and Sql database.
The newest version!
package com.kukababy.pager;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/**
 * @describe 描述
 * @author 老汪 [email protected]
 * @date 创建时间：2015年11月16日 下午12:25:19
 * 
 */
public class Valid {

	public static void addConds(Pager pager, FilterEL filter) {
		List filters = pager.getFilters();
		if (filters == null) {
			filters = new ArrayList();
			pager.setFilters(filters);
		}
		filters.add(filter);
	}

	/**
	 * 
	 * 描述: 
	 * 
	 * 	 * 清除表达式里无效的字段命名，阻止无效客户端的攻击
	 * String validFields = "name,a.name;compName,b.name" ;
	 * 
	 * 
	 * 
	 * 
	 * @param Pager
	 * @param validFields
	 */

	public static void cleanInvalidField(Pager pager, String validFields) {

		List filters = pager.getFilters();
		List sysFilters = pager.getSysFilters();
		if (validFields != null) {
			cleanInvalidField(filters, validFields);
			cleanInvalidField(sysFilters, validFields);
		}
	}

	/**
	 * 
	 * 描述: 
	 * 
	 * 	 * 清除表达式里无效的字段命名，阻止无效客户端的攻击
	 * String validFields = "name,a.name;compName,b.name" ;
	 * 
	 * 
	 * 
	 * 
	 * @param filters
	 * @param validFields
	 */
	public static void cleanInvalidField(List filters, String validFields) {
		if (validFields == null) {
			filters = null;
		}
		Map _validFields = new HashMap();
		if (validFields != null) {
			String dars[] = validFields.split(";");
			for (String dar : dars) {
				String fields[] = dar.split(",");
				_validFields.put(fields[0], fields[1]);
			}
		}

		if (filters != null && !filters.isEmpty()) {
			Iterator it = filters.iterator();
			while (it.hasNext()) {
				FilterEL filterEL = it.next();
				if (filterEL.getCol() == null) {
					it.remove();
				} else {
					String col = _validFields.get(filterEL.getCol());
					if (col == null) {
						it.remove();
					} else {
						filterEL.setCol(col);// 换成数据库支持的字段名
					}
				}
			}
		}
	}

	/**
	 * 
	 * 描述: 
	 * 
	 * 	 * 验证值是否是字符串或数值类型或集合里必须是字符串或数值
	 * 
	 * 
	 * 
	 * 
	 * @param val
	 * @return
	 */
	public static boolean validVal(Object val) {
		if (val instanceof List) {// 是list集合方式
			if (!validListVal(val)) {
				return false;
			}
		}
		if (val instanceof String || val instanceof Number) {// 是字符串或数值
			if (!validSingleVal(val)) {
				return false;
			}
		}
		return true;
	}

	private static boolean validSingleVal(Object val) {
		if (!(val instanceof String) && !(val instanceof Number)) {// 只能是字符串或数值
			return false;
		}
		if (val instanceof String) {
			val = ((String) val).trim();
			if (((String) val).length() == 0) {
				return false;
			}
		}
		return true;
	}

	private static boolean validListVal(Object val) {// 只能是list集合方式
		if (!(val instanceof List)) {
			return false;
		}

		if (val instanceof List) {
			List _val = (List) val;
			if (_val.isEmpty()) {
				return false;
			}
			for (Object obj : _val) {
				if (obj == null || !validSingleVal(obj)) {
					return false;
				}
			}
		}
		return true;
	}

}