优化疫情上报功能

java110

2022-06-15 8db876498c0179e8ffab848237eccd66436ccacc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
package com.java110.oa.cmd.oaWorkflow;
 
import com.alibaba.fastjson.JSONObject;
import com.java110.core.annotation.Java110Cmd;
import com.java110.core.annotation.Java110Transactional;
import com.java110.core.context.ICmdDataFlowContext;
import com.java110.core.event.cmd.Cmd;
import com.java110.core.event.cmd.CmdEvent;
import com.java110.core.factory.GenerateCodeFactory;
import com.java110.dto.oaWorkflow.OaWorkflowDto;
import com.java110.dto.oaWorkflowForm.OaWorkflowFormDto;
import com.java110.dto.workflowDataFile.WorkflowDataFileDto;
import com.java110.intf.oa.IOaWorkflowFormInnerServiceSMO;
import com.java110.intf.oa.IOaWorkflowInnerServiceSMO;
import com.java110.intf.oa.IWorkflowDataFileV1InnerServiceSMO;
import com.java110.oa.bmo.oaWorkflowForm.IGetOaWorkflowFormBMO;
import com.java110.po.workflowDataFile.WorkflowDataFilePo;
import com.java110.utils.exception.CmdException;
import com.java110.utils.util.Assert;
import com.java110.utils.util.StringUtil;
import com.java110.vo.ResultVo;
import org.springframework.beans.factory.annotation.Autowired;
 
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
 
/**
 * 修改表单数据
 */
@Java110Cmd(serviceCode = "oaWorkflow.updateOaWorkflowFormData")
public class UpdateOaWorkflowFormData extends Cmd {
 
    @Autowired
    private IOaWorkflowFormInnerServiceSMO oaWorkflowFormInnerServiceSMOImpl;
 
    @Autowired
    private IOaWorkflowInnerServiceSMO oaWorkflowInnerServiceSMOImpl;
 
    @Autowired
    private IGetOaWorkflowFormBMO getOaWorkflowFormBMOImpl;
 
    @Autowired
    private IWorkflowDataFileV1InnerServiceSMO workflowDataFileV1InnerServiceSMOImpl;
 
    @Override
    public void validate(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) {
        Assert.hasKeyAndValue(reqJson, "id", "ID不能为空");
        Assert.hasKeyAndValue(reqJson, "flowId", "流程不能为空");
    }
 
    @Override
    @Java110Transactional
    public void doCmd(CmdEvent event, ICmdDataFlowContext cmdDataFlowContext, JSONObject reqJson) throws CmdException {
        Map<String,String> headers = cmdDataFlowContext.getReqHeaders();
 
        reqJson.put("storeId",headers.get("store-id"));
 
        OaWorkflowFormDto oaWorkflowFormDto = new OaWorkflowFormDto();
        oaWorkflowFormDto.setFlowId(reqJson.get("flowId").toString());
        oaWorkflowFormDto.setStoreId(reqJson.get("storeId").toString());
        oaWorkflowFormDto.setRow(1);
        oaWorkflowFormDto.setPage(1);
        List<OaWorkflowFormDto> oaWorkflowFormDtos = oaWorkflowFormInnerServiceSMOImpl.queryOaWorkflowForms(oaWorkflowFormDto);
        Assert.listOnlyOne(oaWorkflowFormDtos, "未包含流程表单，请先设置表单");
 
        //
        OaWorkflowDto oaWorkflowDto = new OaWorkflowDto();
        oaWorkflowDto.setStoreId(reqJson.getString("storeId"));
        oaWorkflowDto.setFlowId(reqJson.getString("flowId"));
        List<OaWorkflowDto> oaWorkflowDtos = oaWorkflowInnerServiceSMOImpl.queryOaWorkflows(oaWorkflowDto);
        Assert.listOnlyOne(oaWorkflowDtos, "流程不存在");
 
        if (!OaWorkflowDto.STATE_COMPLAINT.equals(oaWorkflowDtos.get(0).getState())) {
            throw new IllegalArgumentException(oaWorkflowDtos.get(0).getFlowName() + "流程未部署");
        }
 
        if (StringUtil.isEmpty(oaWorkflowDtos.get(0).getProcessDefinitionKey())) {
            throw new IllegalArgumentException(oaWorkflowDtos.get(0).getFlowName() + "流程未部署");
        }
 
        List<String> columns = new ArrayList<>();
        for (String key : reqJson.keySet()) {
            if ("flowId".equals(key) || "id".equals(key) || "storeId".equals(key)) {
                continue;
            }
            if("fileName".equals(key)){
                continue;
            }
 
            if("realFileName".equals(key)){
                continue;
            }
            columns.add(key + "='" + reqJson.getString(key)+"'");
 
            //简单校验
            validateColumns(columns);
        }
        reqJson.put("columns", columns.toArray(new String[columns.size()]));
 
        //保存表单数据
        reqJson.put("tableName", oaWorkflowFormDtos.get(0).getTableName());
 
        int flag = oaWorkflowFormInnerServiceSMOImpl.updateOaWorkflowFormDataAll(reqJson);
        if (flag < 1) {
            throw new IllegalArgumentException("保存失败");
        }
 
        //判断是否有附件
        saveOaWorkflowFile(reqJson);
 
 
        cmdDataFlowContext.setResponseEntity(ResultVo.success());
 
    }
 
 
    private void saveOaWorkflowFile(JSONObject reqJson) {
        if (!reqJson.containsKey("fileName")) {
            return;
        }
 
        String fileName = reqJson.getString("fileName");
        if (StringUtil.isEmpty(fileName)) {
            return;
        }
 
        WorkflowDataFileDto workflowDataFileDto = new WorkflowDataFileDto();
        workflowDataFileDto.setId(reqJson.getString("id"));
        List<WorkflowDataFileDto> workflowDataFileDtos = workflowDataFileV1InnerServiceSMOImpl.queryWorkflowDataFiles(workflowDataFileDto);
 
        if(workflowDataFileDtos == null || workflowDataFileDtos.size()< 1) {
            WorkflowDataFilePo workflowDataFilePo = new WorkflowDataFilePo();
            workflowDataFilePo.setCreateUserId(reqJson.getString("userId"));
            workflowDataFilePo.setCreateUserName(reqJson.getString("createUserName"));
            workflowDataFilePo.setFileId(GenerateCodeFactory.getGeneratorId(GenerateCodeFactory.CODE_PREFIX_file_id));
            workflowDataFilePo.setFileName(reqJson.getString("fileName"));
            workflowDataFilePo.setId(reqJson.getString("id"));
            workflowDataFilePo.setRealFileName(reqJson.getString("realFileName"));
            workflowDataFilePo.setStoreId(reqJson.getString("storeId"));
            int flag = workflowDataFileV1InnerServiceSMOImpl.saveWorkflowDataFile(workflowDataFilePo);
            if (flag < 1) {
                throw new CmdException("保存附件失败");
            }
        }else{
            WorkflowDataFilePo workflowDataFilePo = new WorkflowDataFilePo();
            workflowDataFilePo.setFileId(workflowDataFileDtos.get(0).getFileId());
            workflowDataFilePo.setFileName(reqJson.getString("fileName"));
            workflowDataFilePo.setId(reqJson.getString("id"));
            workflowDataFilePo.setRealFileName(reqJson.getString("realFileName"));
            workflowDataFilePo.setStoreId(reqJson.getString("storeId"));
            int flag = workflowDataFileV1InnerServiceSMOImpl.updateWorkflowDataFile(workflowDataFilePo);
            if (flag < 1) {
                throw new CmdException("保存附件失败");
            }
        }
    }
 
    private void validateColumns(List<String> columns) {
        String columnBak = "";
        for (String column : columns) {
            columnBak = column.toLowerCase();
            if (containsSqlInjection(columnBak)) {
                throw new IllegalArgumentException("非法操作，可能破坏系统稳定性");
            }
        }
    }
 
    public static boolean containsSqlInjection(Object obj) {
        Pattern pattern = Pattern.compile("\\b(exec|insert|select|drop|grant|alter|delete|update|count|chr|mid|master|truncate|char|declare)");
        Matcher matcher = pattern.matcher(obj.toString().toLowerCase());
        return matcher.find();
    }
}