Example 1 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class RoleSet method expires.
@Override
protected byte expires(File f) throws HongsException {
DB db;
Table tb;
Table td;
FetchCase fc;
Map rs;
int st;
long rt;
long ot;
long pt;
db = DB.getInstance("master");
tb = db.getTable("user");
fc = new FetchCase(FetchCase.STRICT).from(tb.tableName, tb.name).select(tb.name + ".state, " + tb.name + ".rtime, " + tb.name + ".ptime").filter(tb.name + ".id = ?", userId);
rs = db.fetchLess(fc);
st = Synt.declare(rs.get("state"), 0);
rt = Synt.declare(rs.get("rtime"), 0L);
pt = Synt.declare(rs.get("ptime"), 0L);
if (st <= 0) {
// 用户不存在或已锁定,则删除
return -1;
}
/**
* 使用密码登录
* 当密码变更时(登录时间小于密码修改时间)
* 需要重新登录
*/
USK: {
ActionHelper ah;
try {
ah = ActionHelper.getInstance();
} catch (UnsupportedOperationException e) {
// 不理会非动作环境
break USK;
}
if (!"*".equals(ah.getSessibute(Cnst.USK_SES))) {
// 不理会非密码登录
break USK;
}
ot = Synt.declare(ah.getSessibute(Cnst.UST_SES), 0L);
if (ot < pt && 0 < ot && 0 < pt) {
throw new HongsException(401, "Password changed").setLocalizedContent("core.password.changed").setLocalizedContext("master");
}
}
tb = db.getTable("dept");
td = db.getTable("dept_user");
fc = new FetchCase(FetchCase.STRICT).from(tb.tableName, tb.name).join(td.tableName, td.name, td.name + ".dept_id = " + tb.name + ".id").select("MAX(" + tb.name + ".state) AS state, MAX(" + tb.name + ".rtime) AS rtime").filter(td.name + ".user_id = ?", userId).gather(td.name + ".user_id");
rs = db.fetchLess(fc);
st = Synt.declare(rs.get("state"), 1);
ot = Synt.declare(rs.get("rtime"), 0L);
if (st <= 0) {
// 所在的分组均已锁定,则删除
return -1;
}
/**
* 比较文件修改时间和权限变更时间
* 还没有过期则从缓存文件载入即可
*/
if (rt < ot) {
rt = ot;
}
if (f.exists() && f.lastModified() >= rt * 1000L) {
return 1;
} else {
return 0;
}
}
Also used :
Table(io.github.ihongs.db.Table)
FetchCase(io.github.ihongs.db.util.FetchCase)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
Map(java.util.Map)
DB(io.github.ihongs.db.DB)
Example 2 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class IsUnique method verify.
@Override
public Object verify(Value watch) throws Wrong {
// 跳过空值和空串
Object value = watch.get();
if (FORCE == STAND) {
if (value == null) {
return STAND;
}
if (value.equals("")) {
return STAND;
}
}
Map nd = watch.getCleans();
Object id = nd.get(Cnst.ID_KEY);
String ut = (String) getParam("data-ut");
String uk = (String) getParam("data-uk");
String nk = (String) getParam("__name__");
String ck = (String) getParam("__conf__");
String fk = (String) getParam("__form__");
if (ut == null || ut.isEmpty()) {
ut = ck + "/" + fk + "/search";
}
if (uk == null || uk.isEmpty()) {
uk = nk;
}
// 请求数据
Map cd = new HashMap();
Map rd = new HashMap();
rd.put(Cnst.PN_KEY, 0);
rd.put(Cnst.RN_KEY, 1);
rd.put(Cnst.RB_KEY, Synt.setOf(Cnst.ID_KEY));
// 更新需排除当前记录
if (watch.isUpdate()) {
Map ne = new HashMap();
ne.put(Cnst.NE_REL, id);
rd.put(Cnst.ID_KEY, ne);
}
// 参与唯一约束的字段
Set us = Synt.toTerms(uk);
Set ns = new HashSet(us);
Iterator<String> it = ns.iterator();
while (it.hasNext()) {
String n = it.next();
Object v;
if (nd.containsKey(n)) {
it.remove();
v = nd.get(n);
} else if (nk.equals(n)) {
it.remove();
v = value;
} else {
continue;
}
if (v == null) {
rd.put(n, Synt.mapOf(Cnst.IS_REL, "null"));
} else if (v.equals("")) {
rd.put(n, Synt.mapOf(Cnst.EQ_REL, v));
} else {
rd.put(n, v);
}
}
// 没提供任何值则跳过
if (ns.size() == us.size()) {
return FORCE;
}
// 补充缺的旧的字段值
if (watch.isUpdate() && !ns.isEmpty()) {
Map ud = new HashMap();
ud.put(Cnst.ID_KEY, id);
ud.put(Cnst.RB_KEY, ns);
ud.put(Cnst.RN_KEY, 0);
ActionHelper ah = ActionHelper.newInstance();
ah.setContextData(cd);
ah.setRequestData(ud);
try {
ActionRunner.newInstance(ah, ut).doInvoke();
} catch (HongsException ex) {
throw ex.toExemption();
}
SD: {
Map sd = ah.getResponseData();
if (sd == null) {
break SD;
}
if (sd.containsKey("list")) {
List sl = (List) sd.get("list");
if (sl.isEmpty())
break SD;
sd = (Map) sl.get(00);
} else if (sd.containsKey("info")) {
sd = (Map) sd.get("info");
} else {
break SD;
}
for (Object n : ns) {
Object v = sd.get(n);
if (v == null) {
rd.put(n, Synt.mapOf(Cnst.IS_REL, "null"));
} else if (v.equals("")) {
rd.put(n, Synt.mapOf(Cnst.EQ_REL, v));
} else {
rd.put(n, v);
}
}
}
}
// 执行动作
ActionHelper ah = ActionHelper.newInstance();
ah.setContextData(cd);
ah.setRequestData(rd);
try {
ActionRunner.newInstance(ah, ut).doInvoke();
} catch (HongsException ex) {
throw ex.toExemption();
}
// 对比结果
Map sd = ah.getResponseData();
if (sd == null) {
return FORCE;
}
if (sd.containsKey("list")) {
List list = (List) sd.get("list");
if (list == null || list.isEmpty()) {
return FORCE;
}
} else if (sd.containsKey("info")) {
Map info = (Map) sd.get("info");
if (info == null || info.isEmpty()) {
return FORCE;
}
} else if (sd.containsKey("page")) {
Map page = (Map) sd.get("page");
if (page == null || page.isEmpty()) {
return FORCE;
} else if (page.containsKey("state") && Synt.declare(page.get("pages"), 0) <= 0) {
return FORCE;
} else if (page.containsKey("count") && Synt.declare(page.get("count"), 0) == 0) {
return FORCE;
}
}
throw new Wrong("fore.form.is.not.unique");
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
List(java.util.List)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 3 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class Capts method verify.
@Override
public Object verify(Value watch) throws Wrong {
ActionHelper ah = Core.getInstance(ActionHelper.class);
String ss = Synt.declare(getParam("capts-sess"), CoreConfig.getInstance().getProperty("core.capts.sess", "capt"));
long xt = Synt.declare(getParam("capts-time"), CoreConfig.getInstance().getProperty("core.capts.time", 600L));
String cc = Synt.declare(ah.getSessibute(ss + "_code"), "");
long ct = Synt.declare(ah.getSessibute(ss + "_time"), 0L);
String vs = Synt.declare(watch.get(), "");
try {
// 人机校验
if (cc.equals("") || !cc.equalsIgnoreCase(vs)) {
throw new Wrong("fore.capt.invalid");
}
if (ct + xt * 1000 < System.currentTimeMillis()) {
throw new Wrong("fore.capt.timeout");
}
} finally {
// 销毁记录
ah.setSessibute(ss + "_code", null);
ah.setSessibute(ss + "_time", null);
}
return BLANK;
}
Also used :
ActionHelper(io.github.ihongs.action.ActionHelper)
Example 4 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class ActsAction method service.
/**
* 服务方法
* Servlet Mapping: *.act<br/>
* 注意: 不支持请求URI的路径中含有"."(句点), 且必须区分大小写;
* 其目的是为了防止产生多种形式的请求路径, 影响动作过滤, 产生安全隐患.
*
* @param req
* @param rsp
* @throws javax.servlet.ServletException
*/
@Override
public void service(HttpServletRequest req, HttpServletResponse rsp) throws ServletException {
String act = ActionDriver.getRecentPath(req);
Core core = ActionDriver.getActualCore(req);
ActionHelper helper = core.got(ActionHelper.class);
Core.THREAD_CORE.set(core);
if (act == null || act.length() == 0) {
helper.fault(new HongsException(404, "Action URI can not be empty."));
return;
}
// 去掉根和扩展名
int pos = act.lastIndexOf('.');
if (pos != -1) {
act = act.substring(1, pos);
} else {
act = act.substring(1);
}
// 获取并执行动作
try {
new ActionRunner(helper, act).doAction();
} catch (HongsException e) {
helper.fault(e);
} catch (HongsExemption e) {
helper.fault(e);
} catch (RuntimeException e) {
helper.fault(new HongsException(500, e));
}
}
Also used :
ActionRunner(io.github.ihongs.action.ActionRunner)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
HongsExemption(io.github.ihongs.HongsExemption)
Core(io.github.ihongs.Core)
Example 5 with ActionHelper
use of io.github.ihongs.action.ActionHelper in project HongsCORE by ihongs.
the class AuthAction method service.
/**
* 服务方法
* 判断配置和消息有没有生成, 如果没有则生成; 消息按客户语言存放
* @param req
* @param rsp
* @throws java.io.IOException
* @throws javax.servlet.ServletException
*/
@Override
public void service(HttpServletRequest req, HttpServletResponse rsp) throws ServletException, IOException {
/*
// 2020/05/14 通过配置和用户的修改时间来判断是否能有变化
// 受是否登录、不同用户等影响, 权限经常变化, 必须禁止缓存
rsp.setHeader("Expires", "0");
rsp.addHeader("Pragma" , "no-cache");
rsp.setHeader("Cache-Control", "no-cache");
*/
Core core = ActionDriver.getActualCore(req);
ActionHelper helper = core.got(ActionHelper.class);
String name = req.getPathInfo();
if (name == null || name.length() == 0) {
helper.error(400, "Path info required");
return;
}
int p = name.lastIndexOf('.');
if (p < 0) {
helper.error(400, "File type required");
return;
}
String type = name.substring(1 + p);
name = name.substring(1, p);
if (!"js".equals(type) && !"json".equals(type)) {
helper.error(400, "Wrong file type: " + type);
return;
}
String s;
try {
NaviMap sitemap = NaviMap.getInstance(name);
Set<String> roleset = sitemap.getRoleSet();
Set<String> authset;
// 没有设置 rsname 的不公开
if (null == sitemap.session) {
helper.error(403, "Auth data for '" + name + "' is not open to the public");
return;
}
// HTTP 304 缓存策略
if (roleset instanceof CoreSerial.Mtimes) {
CoreSerial.Mtimes rolemod = (CoreSerial.Mtimes) roleset;
long l = Math.max(sitemap.dataModified(), rolemod.dataModified());
long m = helper.getRequest().getDateHeader("If-Modified-Since");
if (l != 0) {
// HTTP 时间精确到秒
l = l / 1000;
m = m / 1000;
if (m >= l) {
helper.getResponse().setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
} else {
helper.getResponse().setHeader("Cache-Control", "no-cache");
helper.getResponse().setDateHeader("Last-Modified", l * 1000);
}
}
}
Map<String, Boolean> datamap = new HashMap();
if (null == roleset)
authset = new HashSet();
else
authset = sitemap.getRoleAuths(roleset.toArray(new String[] {}));
for (String act : sitemap.actions) {
datamap.put(act, authset.contains(act));
}
s = Dawn.toString(datamap);
} catch (IllegalArgumentException ex) {
helper.error(500, ex.getMessage());
return;
} catch (HongsException | HongsExemption ex) {
helper.error(404, ex.getMessage());
return;
}
// 输出权限信息
if ("json".equals(type)) {
helper.write("application/json", s);
} else {
String c = req.getParameter("callback");
if (c != null && !c.isEmpty()) {
if (!c.matches("^[a-zA-Z_\\$][a-zA-Z0-9_]*$")) {
helper.error(400, "Illegal callback function name!");
return;
}
helper.write("text/javascript", c + "(" + s + ");");
} else {
c = "self.HsAUTH=Object.assign(self.HsAUTH||{}";
helper.write("text/javascript", c + "," + s + ");");
}
}
}
Also used :
HashMap(java.util.HashMap)
HongsExemption(io.github.ihongs.HongsExemption)
NaviMap(io.github.ihongs.action.NaviMap)
CoreSerial(io.github.ihongs.CoreSerial)
HongsException(io.github.ihongs.HongsException)
ActionHelper(io.github.ihongs.action.ActionHelper)
Core(io.github.ihongs.Core)
HashSet(java.util.HashSet)
Aggregations
ActionHelper (io.github.ihongs.action.ActionHelper)21
HashSet (java.util.HashSet)11
Set (java.util.Set)8
HongsException (io.github.ihongs.HongsException)7
HashMap (java.util.HashMap)7
Map (java.util.Map)7
Core (io.github.ihongs.Core)6
List (java.util.List)5
HongsExemption (io.github.ihongs.HongsExemption)4
Table (io.github.ihongs.db.Table)4
NaviMap (io.github.ihongs.action.NaviMap)3
ActionRunner (io.github.ihongs.action.ActionRunner)2
PrintWriter (java.io.PrintWriter)2
CoreConfig (io.github.ihongs.CoreConfig)1
CoreSerial (io.github.ihongs.CoreSerial)1
FormSet (io.github.ihongs.action.FormSet)1
Action (io.github.ihongs.action.anno.Action)1
Cmdlet (io.github.ihongs.cmdlet.anno.Cmdlet)1
DB (io.github.ihongs.db.DB)1
FetchCase (io.github.ihongs.db.util.FetchCase)1
