From 7dfdd6be6c7d8b9bffd08da83c19469ef36c20c8 Mon Sep 17 00:00:00 2001 From: msslulu <1484036491@qq.com> Date: Tue, 31 Mar 2026 05:58:44 -0700 Subject: [PATCH 1/6] feat: add DynamicModelServiceTest --- .../service/DynamicModelServiceTest.java | 357 ++++++++++++++++++ 1 file changed, 357 insertions(+) create mode 100644 base/src/test/java/com/tinyengine/it/dynamic/service/DynamicModelServiceTest.java diff --git a/base/src/test/java/com/tinyengine/it/dynamic/service/DynamicModelServiceTest.java b/base/src/test/java/com/tinyengine/it/dynamic/service/DynamicModelServiceTest.java new file mode 100644 index 00000000..11f1d0ea --- /dev/null +++ b/base/src/test/java/com/tinyengine/it/dynamic/service/DynamicModelServiceTest.java @@ -0,0 +1,357 @@ +package com.tinyengine.it.dynamic.service; + +import cn.hutool.core.util.ReflectUtil; +import com.tinyengine.it.common.context.LoginUserContext; +import com.tinyengine.it.dynamic.dto.DynamicDelete; +import com.tinyengine.it.dynamic.dto.DynamicInsert; +import com.tinyengine.it.dynamic.dto.DynamicQuery; +import com.tinyengine.it.dynamic.dto.DynamicUpdate; +import com.tinyengine.it.model.dto.ParametersDto; +import com.tinyengine.it.model.entity.Model; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.springframework.jdbc.core.JdbcTemplate; +import org.springframework.jdbc.core.PreparedStatementCreator; +import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate; +import org.springframework.jdbc.support.KeyHolder; + +import java.util.*; + +import static org.junit.jupiter.api.Assertions.*; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyString; +import static org.mockito.Mockito.*; + + +class DynamicModelServiceTest { + + @Mock + private JdbcTemplate jdbcTemplate; + + @Mock + private NamedParameterJdbcTemplate namedParameterJdbcTemplate; + + @Mock + private LoginUserContext loginUserContext; + + @InjectMocks + private DynamicModelService dynamicModelService; + + @BeforeEach + void setUp() { + MockitoAnnotations.openMocks(this); + MockitoAnnotations.openMocks(this); + ReflectUtil.setFieldValue(dynamicModelService, "jdbcTemplate", jdbcTemplate); + ReflectUtil.setFieldValue(dynamicModelService, "loginUserContext", loginUserContext); + ReflectUtil.setFieldValue(dynamicModelService, "namedParameterJdbcTemplate", namedParameterJdbcTemplate); + + } + + + @Test + void createDynamicTable() { + // Arrange + Model model = new Model(); + model.setNameEn("test_table"); + ParametersDto parametersDto = new ParametersDto(); + parametersDto.setProp("name"); + parametersDto.setType("String"); + parametersDto.setRequired(true); + parametersDto.setDefaultValue("1"); + parametersDto.setDescription("1"); + model.setParameters(Collections.singletonList(parametersDto)); + + // Mock JdbcTemplate behavior + doNothing().when(jdbcTemplate).execute(anyString()); + + // Act & Assert + assertDoesNotThrow(() -> dynamicModelService.createDynamicTable(model)); + verify(jdbcTemplate, times(1)).execute(anyString()); + } + + @Test + void dropDynamicTable() { + // Arrange + Model model = new Model(); + model.setNameEn("test_table"); + + // Mock JdbcTemplate behavior + doNothing().when(jdbcTemplate).execute(anyString()); + + // Act & Assert + assertDoesNotThrow(() -> dynamicModelService.dropDynamicTable(model)); + verify(jdbcTemplate, times(1)).execute("DROP TABLE IF EXISTS dynamic_test_table;"); + } + + @Test + void initializeDynamicTable() { + // Arrange + Model model = new Model(); + model.setNameEn("test_table"); + ParametersDto param1 = new ParametersDto(); + param1.setProp("name"); + param1.setType("String"); + param1.setDefaultValue("default_name"); + param1.setRequired(true); + model.setParameters(Collections.singletonList(param1)); + + Long userId = 1L; + + // Mock JdbcTemplate behavior + when(jdbcTemplate.update(anyString(), any(Object[].class))).thenReturn(1); + + // Act & Assert + assertDoesNotThrow(() -> dynamicModelService.initializeDynamicTable(model, userId)); + verify(jdbcTemplate, times(1)).update(anyString(), any(Object[].class)); + } + + @Test + void dynamicQuery() { + // Arrange + String tableName = "test_table"; + List fields = Arrays.asList("id", "name"); + Map conditions = Map.of("id", 1); + String orderBy = "id DESC"; + Integer limit = 10; + + List> mockResult = new ArrayList<>(); + mockResult.add(Map.of("id", 1, "name", "test_name")); + + when(namedParameterJdbcTemplate.queryForList(anyString(), anyMap())).thenReturn(mockResult); + + // Act + List> result = dynamicModelService.dynamicQuery(tableName, fields, conditions, orderBy, limit); + + // Assert + assertNotNull(result); + assertEquals(1, result.size()); + assertEquals("test_name", result.get(0).get("name")); + verify(namedParameterJdbcTemplate, times(1)).queryForList(anyString(), anyMap()); + } + + @Test + void dynamicCount() { + // Arrange + String tableName = "test_table"; + Map conditions = Map.of("id", 1); + + List> mockResult = new ArrayList<>(); + mockResult.add(Map.of("count", 5L)); + + when(namedParameterJdbcTemplate.queryForList(anyString(), anyMap())).thenReturn(mockResult); + + // Act + List> result = dynamicModelService.dynamicCount(tableName, conditions); + + // Assert + assertNotNull(result); + assertEquals(1, result.size()); + assertEquals(5L, result.get(0).get("count")); + verify(namedParameterJdbcTemplate, times(1)).queryForList(anyString(), anyMap()); + } + + @Test + void count() { + // Arrange + String tableName = "test_table"; + Map conditions = Map.of("id", 1); + + List> mockResult = new ArrayList<>(); + mockResult.add(Map.of("count", 10L)); + + when(namedParameterJdbcTemplate.queryForList(anyString(), anyMap())).thenReturn(mockResult); + + // Act + Long result = dynamicModelService.count(tableName, conditions); + + // Assert + assertNotNull(result); + assertEquals(10L, result); + verify(namedParameterJdbcTemplate, times(1)).queryForList(anyString(), anyMap()); + } + + @Test + void queryWithPage() { + // Arrange + DynamicQuery dto = new DynamicQuery(); + dto.setNameEn("test_table"); + dto.setFields(Arrays.asList("id", "name")); + dto.setParams(Map.of("id", 1)); + dto.setOrderBy("id DESC"); + dto.setCurrentPage(1); + dto.setPageSize(10); + + List> mockData = new ArrayList<>(); + mockData.add(Map.of("id", 1, "name", "test_name")); + + when(namedParameterJdbcTemplate.queryForList(anyString(), anyMap())).thenReturn(mockData); + when(namedParameterJdbcTemplate.queryForList(anyString(), anyMap())).thenReturn(List.of(Map.of("count", 1L))); + + // Act + Map result = dynamicModelService.queryWithPage(dto); + + // Assert + assertNotNull(result); + assertTrue((Boolean) result.get("success")); + assertEquals(1L, result.get("total")); + assertEquals(1, ((List) result.get("data")).size()); + verify(namedParameterJdbcTemplate, times(2)).queryForList(anyString(), anyMap()); + } + + + + @Test + void createData() { + // Arrange + DynamicInsert dataDto = new DynamicInsert(); + dataDto.setNameEn("test_table"); + dataDto.setParams(Map.of("name", "test")); + + when(loginUserContext.getLoginUserId()).thenReturn("1"); + when(jdbcTemplate.update(any(PreparedStatementCreator.class), any(KeyHolder.class))).thenAnswer(invocation -> { + KeyHolder keyHolder = invocation.getArgument(1); + keyHolder.getKeyList().add(Map.of("GENERATED_KEY", 1L)); + return 1; + }); + + // Act + Map result = dynamicModelService.createData(dataDto); + + // Assert + assertNotNull(result); + assertEquals(1L, result.get("id")); + verify(jdbcTemplate, times(1)).update(any(PreparedStatementCreator.class), any(KeyHolder.class)); + } + + @Test + void getDataById() { + // Arrange + String modelId = "test_table"; + Long id = 1L; + + List> mockResult = new ArrayList<>(); + mockResult.add(Map.of("id", 1, "name", "test_name")); + + when(jdbcTemplate.queryForList(anyString(), Optional.ofNullable(any()))).thenReturn(mockResult); + + // Act + Map result = dynamicModelService.getDataById(modelId, id); + + // Assert + assertNotNull(result); + assertEquals("test_name", result.get("name")); + verify(jdbcTemplate, times(1)).queryForList(anyString(), Optional.ofNullable(any())); + } + + @Test + void updateDateById() { + // Arrange + DynamicUpdate dto = new DynamicUpdate(); + dto.setNameEn("test_table"); + dto.setParams(Map.of("id", 1)); + dto.setData(Map.of("name", "updated_name")); + + when(jdbcTemplate.update(anyString(), any(Object[].class))).thenReturn(1); + + // Act + Map result = dynamicModelService.updateDateById(dto); + + // Assert + assertNotNull(result); + assertEquals(1, result.get("rowsAffected")); + verify(jdbcTemplate, times(1)).update(anyString(), any(Object[].class)); + } + + @Test + void deleteDataById() { + // Arrange + DynamicDelete dto = new DynamicDelete(); + dto.setNameEn("test_table"); + dto.setId(1); + + when(jdbcTemplate.update(anyString(), Optional.ofNullable(any()))).thenReturn(1); + + // Act + Map result = dynamicModelService.deleteDataById(dto); + + // Assert + assertNotNull(result); + assertEquals(1, result.get("rowsAffected")); + verify(jdbcTemplate, times(1)).update(anyString(), Optional.ofNullable(any())); + } + + + @Test + void testCreateDynamicTable() { + Model model = new Model(); + model.setNameEn("test_table"); + ParametersDto parametersDto = new ParametersDto(); + parametersDto.setProp("name"); + parametersDto.setType("String"); + parametersDto.setRequired(true); + parametersDto.setDefaultValue("1"); + parametersDto.setDescription("1"); + model.setParameters(Collections.singletonList(parametersDto)); + + doNothing().when(jdbcTemplate).execute(anyString()); + + assertDoesNotThrow(() -> dynamicModelService.createDynamicTable(model)); + verify(jdbcTemplate, times(1)).execute(anyString()); + } + + @Test + void testDropDynamicTable() { + Model model = new Model(); + model.setNameEn("test_table"); + + doNothing().when(jdbcTemplate).execute(anyString()); + + assertDoesNotThrow(() -> dynamicModelService.dropDynamicTable(model)); + verify(jdbcTemplate, times(1)).execute(anyString()); + } + + @Test + void testDynamicQuery() { + String tableName = "test_table"; + List fields = Arrays.asList("id", "name"); + Map conditions = Map.of("id", 1); + + when(namedParameterJdbcTemplate.queryForList(anyString(), anyMap())).thenReturn(new ArrayList<>()); + + List> result = dynamicModelService.dynamicQuery(tableName, fields, conditions, null, null); + assertNotNull(result); + verify(namedParameterJdbcTemplate, times(1)).queryForList(anyString(), anyMap()); + } + + @Test + void testCreateData() { + DynamicInsert dataDto = new DynamicInsert(); + dataDto.setNameEn("test_table"); + dataDto.setParams(Map.of("name", "test")); + + when(loginUserContext.getLoginUserId()).thenReturn("1"); + when(jdbcTemplate.update(any(), any(PreparedStatementCreator.class), any())).thenReturn(1); + + Map result = dynamicModelService.createData(dataDto); + assertNotNull(result); + verify(jdbcTemplate, times(1)).update(any(PreparedStatementCreator.class), any()); + } + + @Test + void testDeleteDataById() { + DynamicDelete dto = new DynamicDelete(); + dto.setNameEn("test_table"); + dto.setId(1); + + when(jdbcTemplate.update(anyString(), Optional.ofNullable(any()))).thenReturn(1); + + Map result = dynamicModelService.deleteDataById(dto); + assertEquals(1, result.get("rowsAffected")); + verify(jdbcTemplate, times(1)).update(anyString(), Optional.ofNullable(any())); + } + + +} \ No newline at end of file From d52fa92448e2f3a5b587ad7ea2a5b07aa8ac93d7 Mon Sep 17 00:00:00 2001 From: msslulu <1484036491@qq.com> Date: Fri, 17 Apr 2026 03:07:51 -0700 Subject: [PATCH 2/6] feat: update jwtutil --- base/src/main/java/com/tinyengine/it/login/utils/JwtUtil.java | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/base/src/main/java/com/tinyengine/it/login/utils/JwtUtil.java b/base/src/main/java/com/tinyengine/it/login/utils/JwtUtil.java index 42f7ed03..0f5fc62c 100644 --- a/base/src/main/java/com/tinyengine/it/login/utils/JwtUtil.java +++ b/base/src/main/java/com/tinyengine/it/login/utils/JwtUtil.java @@ -43,12 +43,10 @@ public class JwtUtil { private TokenBlacklistService tokenBlacklistService; private static final long EXPIRATION_TIME = 21600000L; // 6小时 = 6 * 60 * 60 * 1000 = 21600000 毫秒 - private static final String DEFAULT_SECRET = "tiny-engine-backend-secret-key-at-jwt-login"; // 避免启动时环境变量未加载的问题 private static String getSecretString() { - return Optional.ofNullable(System.getenv("SECRET_STRING")) - .orElse(DEFAULT_SECRET); + return System.getenv("SECRET_STRING"); } public static SecretKey getSecretKey() { From 14af2502532e197526dc22e769a34801dae4cc53 Mon Sep 17 00:00:00 2001 From: msslulu <1484036491@qq.com> Date: Thu, 23 Apr 2026 01:44:36 -0700 Subject: [PATCH 3/6] feat: update model data --- .../it/dynamic/dao/DynamicSqlProvider.java | 17 ++--------------- .../tinyengine/it/dynamic/dto/DynamicQuery.java | 4 +--- .../it/dynamic/service/DynamicService.java | 4 +--- .../tinyengine/it/login/config/LoginConfig.java | 4 +--- 4 files changed, 5 insertions(+), 24 deletions(-) diff --git a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java index fba8eac1..a6f6539b 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java @@ -9,23 +9,13 @@ public class DynamicSqlProvider { public String select(Map params) { String tableName = (String) params.get("tableName"); - List fields = (List) params.get("fields"); Map conditions = (Map) params.get("conditions"); Integer pageNum = (Integer) params.get("pageNum"); Integer pageSize = (Integer) params.get("pageSize"); - String orderBy = (String) params.get("orderBy"); - String orderType = (String) params.get("orderType"); SQL sql = new SQL(); + sql.SELECT("*"); - // 选择字段 - if (fields != null && !fields.isEmpty()) { - for (String field : fields) { - sql.SELECT(field); - } - } else { - sql.SELECT("*"); - } sql.FROM(tableName); @@ -37,10 +27,7 @@ public String select(Map params) { } } } - // 排序 - if (orderBy != null && !orderBy.isEmpty()) { - sql.ORDER_BY(orderBy + " " + orderType); - } + // 分页 if (pageNum != null && pageSize != null) { diff --git a/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java b/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java index 79608a70..42582bb8 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java @@ -10,10 +10,8 @@ public class DynamicQuery { private String nameEn; // 表名 private String nameCh; // 表中文名 - private List fields; // 查询字段 private Map params; // 查询条件 private Integer currentPage = 1; // 页码 private Integer pageSize = 10; // 每页大小 - private String orderBy; // 排序字段 - private String orderType = "ASC"; // 排序方式 + } diff --git a/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java b/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java index 27ba63c3..29aaa94d 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java @@ -37,12 +37,10 @@ public List query(DynamicQuery dto) { String tableName = getTableName(dto.getNameEn()); Map params = new HashMap<>(); params.put("tableName", tableName); - params.put("fields", dto.getFields()); params.put("conditions", dto.getParams()); params.put("pageNum", dto.getCurrentPage()); params.put("pageSize", dto.getPageSize()); - params.put("orderBy", dto.getOrderBy()); - params.put("orderType", dto.getOrderType()); + return dynamicDao.select(params); } diff --git a/base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java b/base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java index 7b29d4fc..0d78e04e 100644 --- a/base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java +++ b/base/src/main/java/com/tinyengine/it/login/config/LoginConfig.java @@ -44,9 +44,7 @@ public void addInterceptors(InterceptorRegistry registry) { "/app-center/api/ai/chat", "/app-center/api/chat/completions", // 图片文件资源下载 - "/material-center/api/resource/download/*", - //模型驱动 - "/platform-center/api/model-data/**" + "/material-center/api/resource/download/*" ); } } From 6bd136fe0db1aa996667bee25ee5b7dbc1d518cb Mon Sep 17 00:00:00 2001 From: msslulu <1484036491@qq.com> Date: Thu, 23 Apr 2026 03:19:08 -0700 Subject: [PATCH 4/6] feat: update model data --- .../it/dynamic/dao/DynamicSqlProvider.java | 32 ++++++++++++++--- .../it/dynamic/dto/DynamicQuery.java | 12 +++++-- .../it/dynamic/service/DynamicService.java | 22 +++++++++++- .../dynamic/util/SQLIdentifierValidator.java | 35 +++++++++++++++++++ 4 files changed, 94 insertions(+), 7 deletions(-) create mode 100644 base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java diff --git a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java index a6f6539b..2ad4f016 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java @@ -1,5 +1,6 @@ package com.tinyengine.it.dynamic.dao; +import com.tinyengine.it.dynamic.util.SQLIdentifierValidator; import org.apache.ibatis.jdbc.SQL; import java.util.List; @@ -9,16 +10,29 @@ public class DynamicSqlProvider { public String select(Map params) { String tableName = (String) params.get("tableName"); + SQLIdentifierValidator.isValidIdentifier(tableName); + + List fields = (List) params.get("fields"); Map conditions = (Map) params.get("conditions"); Integer pageNum = (Integer) params.get("pageNum"); Integer pageSize = (Integer) params.get("pageSize"); - + String orderBy = (String) params.get("orderBy"); + String orderType = (String) params.get("orderType"); SQL sql = new SQL(); - sql.SELECT("*"); - + System.out.println(fields.size()); + // 选择字段 + if (fields != null && !fields.isEmpty()) { + for (String field : fields) { + sql.SELECT(field); + } + } else { + sql.SELECT("*"); + } sql.FROM(tableName); + + // 条件 if (conditions != null && !conditions.isEmpty()) { for (Map.Entry entry : conditions.entrySet()) { @@ -27,7 +41,10 @@ public String select(Map params) { } } } - + // 排序 + if (orderBy != null && !orderBy.isEmpty()) { + sql.ORDER_BY(orderBy + " " + orderType); + } // 分页 if (pageNum != null && pageSize != null) { @@ -39,6 +56,8 @@ public String select(Map params) { public String insert(Map params) { String tableName = (String) params.get("tableName"); + SQLIdentifierValidator.isValidIdentifier(tableName); + Map data = (Map) params.get("data"); SQL sql = new SQL(); @@ -55,6 +74,9 @@ public String insert(Map params) { public String update(Map params) { String tableName = (String) params.get("tableName"); + SQLIdentifierValidator.isValidIdentifier(tableName); + + SQLIdentifierValidator.isValidIdentifier(tableName); Map data = (Map) params.get("data"); Map conditions = (Map) params.get("conditions"); @@ -78,6 +100,8 @@ public String update(Map params) { public String delete(Map params) { String tableName = (String) params.get("tableName"); + SQLIdentifierValidator.isValidIdentifier(tableName); + Map conditions = (Map) params.get("conditions"); SQL sql = new SQL(); diff --git a/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java b/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java index 42582bb8..08385707 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/dto/DynamicQuery.java @@ -1,5 +1,7 @@ package com.tinyengine.it.dynamic.dto; +import jakarta.validation.constraints.NotBlank; +import jakarta.validation.constraints.Pattern; import lombok.Data; import java.util.List; @@ -7,11 +9,17 @@ @Data public class DynamicQuery { - + @NotBlank(message = "表英文名不能为空") + @Pattern(regexp = "^[a-zA-Z_][a-zA-Z0-9_]*$", message = "模型名称格式不正确") private String nameEn; // 表名 private String nameCh; // 表中文名 + @Pattern(regexp = "^[a-zA-Z_][a-zA-Z0-9_]*$", message = "字段名称格式不正确") + private List fields; // 查询字段 private Map params; // 查询条件 private Integer currentPage = 1; // 页码 private Integer pageSize = 10; // 每页大小 - + @Pattern(regexp = "^[a-zA-Z_][a-zA-Z0-9_]*$", message = "排序字段格式不正确") + private String orderBy; // 排序字段 + @Pattern(regexp = "ASC|DESC", message = "排序方式必须为ASC或DESC") + private String orderType = "ASC"; // 排序方式 } diff --git a/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java b/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java index 29aaa94d..0a28729a 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java @@ -4,6 +4,7 @@ import com.tinyengine.it.common.context.LoginUserContext; import com.tinyengine.it.dynamic.dao.ModelDataDao; import com.tinyengine.it.dynamic.dto.*; +import com.tinyengine.it.dynamic.util.SQLIdentifierValidator; import com.tinyengine.it.model.entity.Model; import com.tinyengine.it.service.material.ModelService; import jakarta.transaction.Transactional; @@ -38,6 +39,7 @@ public List query(DynamicQuery dto) { Map params = new HashMap<>(); params.put("tableName", tableName); params.put("conditions", dto.getParams()); + params.put("fields", dto.getFields()); params.put("pageNum", dto.getCurrentPage()); params.put("pageSize", dto.getPageSize()); @@ -76,6 +78,10 @@ public Map queryWithPage(DynamicQuery dto) { if( dto.getPageSize() == null || dto.getPageSize() <= 0) { dto.setPageSize(10); } + List fields = dto.getFields(); + // 验证字段列表 + validateFields(fields); + // 验证表和数据 validateTableExists(dto.getNameEn()); validateTableAndData(dto.getNameEn(), dto.getParams()); List list = query(dto); @@ -220,7 +226,21 @@ private void validateTableAndData(String tableName, Map data) { // 验证字段名格式 for (String field : data.keySet()) { if (!field.matches("^[a-zA-Z_][a-zA-Z0-9_]*$")) { - throw new IllegalArgumentException("字段名格式不正确: " + field); + throw new IllegalArgumentException("查询字段名格式不正确: " + field); + } + } + } + + /** + * 验证字段列表 + * @param fields + */ + private void validateFields(List fields) { + if (fields != null) { + for (String field : fields) { + if (!field.matches("^[a-zA-Z_][a-zA-Z0-9_]*$")) { + throw new IllegalArgumentException("Field name format is invalid: " + field); + } } } } diff --git a/base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java b/base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java new file mode 100644 index 00000000..90ce31a8 --- /dev/null +++ b/base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java @@ -0,0 +1,35 @@ +package com.tinyengine.it.dynamic.util; + +public class SQLIdentifierValidator { + + private static final String IDENTIFIER_REGEX = "^[a-zA-Z_][a-zA-Z0-9_]*$"; + + /** + * Validates a SQL identifier (e.g., table name, column name). + * + * @param identifier the identifier to validate + * @return true if valid, false otherwise + */ + public static boolean isValidIdentifier(String identifier) { + if (identifier == null || identifier.trim().isEmpty()) { + return false; + } + return identifier.matches(IDENTIFIER_REGEX); + } + + /** + * Validates a list of SQL identifiers. + * + * @param identifiers the list of identifiers to validate + * @throws IllegalArgumentException if any identifier is invalid + */ + public static void validateIdentifiers(Iterable identifiers) { + if (identifiers != null) { + for (String identifier : identifiers) { + if (!isValidIdentifier(identifier)) { + throw new IllegalArgumentException("Invalid SQL identifier: " + identifier); + } + } + } + } +} From 67293879fdcdb4fdf9e7fc32bd72548e3011fce2 Mon Sep 17 00:00:00 2001 From: msslulu <1484036491@qq.com> Date: Thu, 23 Apr 2026 03:21:05 -0700 Subject: [PATCH 5/6] feat: update model data --- .../java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java | 1 - 1 file changed, 1 deletion(-) diff --git a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java index 2ad4f016..cc8a4e9e 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java @@ -19,7 +19,6 @@ public String select(Map params) { String orderBy = (String) params.get("orderBy"); String orderType = (String) params.get("orderType"); SQL sql = new SQL(); - System.out.println(fields.size()); // 选择字段 if (fields != null && !fields.isEmpty()) { for (String field : fields) { From 7c3cc9fe24b3e00b90f7b18c5ac6cdca7730edc2 Mon Sep 17 00:00:00 2001 From: msslulu <1484036491@qq.com> Date: Thu, 23 Apr 2026 03:34:00 -0700 Subject: [PATCH 6/6] feat: update model data --- .../it/dynamic/dao/DynamicSqlProvider.java | 10 ------ .../it/dynamic/service/DynamicService.java | 2 +- .../dynamic/util/SQLIdentifierValidator.java | 35 ------------------- 3 files changed, 1 insertion(+), 46 deletions(-) delete mode 100644 base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java diff --git a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java index cc8a4e9e..f0ff398d 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/dao/DynamicSqlProvider.java @@ -1,6 +1,5 @@ package com.tinyengine.it.dynamic.dao; -import com.tinyengine.it.dynamic.util.SQLIdentifierValidator; import org.apache.ibatis.jdbc.SQL; import java.util.List; @@ -10,8 +9,6 @@ public class DynamicSqlProvider { public String select(Map params) { String tableName = (String) params.get("tableName"); - SQLIdentifierValidator.isValidIdentifier(tableName); - List fields = (List) params.get("fields"); Map conditions = (Map) params.get("conditions"); Integer pageNum = (Integer) params.get("pageNum"); @@ -55,8 +52,6 @@ public String select(Map params) { public String insert(Map params) { String tableName = (String) params.get("tableName"); - SQLIdentifierValidator.isValidIdentifier(tableName); - Map data = (Map) params.get("data"); SQL sql = new SQL(); @@ -73,9 +68,6 @@ public String insert(Map params) { public String update(Map params) { String tableName = (String) params.get("tableName"); - SQLIdentifierValidator.isValidIdentifier(tableName); - - SQLIdentifierValidator.isValidIdentifier(tableName); Map data = (Map) params.get("data"); Map conditions = (Map) params.get("conditions"); @@ -99,8 +91,6 @@ public String update(Map params) { public String delete(Map params) { String tableName = (String) params.get("tableName"); - SQLIdentifierValidator.isValidIdentifier(tableName); - Map conditions = (Map) params.get("conditions"); SQL sql = new SQL(); diff --git a/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java b/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java index 0a28729a..027922f5 100644 --- a/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java +++ b/base/src/main/java/com/tinyengine/it/dynamic/service/DynamicService.java @@ -4,7 +4,6 @@ import com.tinyengine.it.common.context.LoginUserContext; import com.tinyengine.it.dynamic.dao.ModelDataDao; import com.tinyengine.it.dynamic.dto.*; -import com.tinyengine.it.dynamic.util.SQLIdentifierValidator; import com.tinyengine.it.model.entity.Model; import com.tinyengine.it.service.material.ModelService; import jakarta.transaction.Transactional; @@ -210,6 +209,7 @@ public List> getTableStructure(String tableName) { * 验证表和数据 */ private void validateTableAndData(String tableName, Map data) { + if (tableName == null || tableName.trim().isEmpty()) { throw new IllegalArgumentException("表名不能为空"); } diff --git a/base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java b/base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java deleted file mode 100644 index 90ce31a8..00000000 --- a/base/src/main/java/com/tinyengine/it/dynamic/util/SQLIdentifierValidator.java +++ /dev/null @@ -1,35 +0,0 @@ -package com.tinyengine.it.dynamic.util; - -public class SQLIdentifierValidator { - - private static final String IDENTIFIER_REGEX = "^[a-zA-Z_][a-zA-Z0-9_]*$"; - - /** - * Validates a SQL identifier (e.g., table name, column name). - * - * @param identifier the identifier to validate - * @return true if valid, false otherwise - */ - public static boolean isValidIdentifier(String identifier) { - if (identifier == null || identifier.trim().isEmpty()) { - return false; - } - return identifier.matches(IDENTIFIER_REGEX); - } - - /** - * Validates a list of SQL identifiers. - * - * @param identifiers the list of identifiers to validate - * @throws IllegalArgumentException if any identifier is invalid - */ - public static void validateIdentifiers(Iterable identifiers) { - if (identifiers != null) { - for (String identifier : identifiers) { - if (!isValidIdentifier(identifier)) { - throw new IllegalArgumentException("Invalid SQL identifier: " + identifier); - } - } - } - } -}