参数校验

2025-04-29 21:37:00 +08:00 · 2025-04-29 21:37:00 +08:00 · 2ce8f06cfb
commit 2ce8f06cfb
parent 698b5b4504
6 changed files with 28 additions and 30 deletions
--- a/src/main/java/com/greenorange/promotion/controller/user/UserInfoController.java
+++ b/src/main/java/com/greenorange/promotion/controller/user/UserInfoController.java
@ -26,10 +26,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import jakarta.annotation.Resource;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotBlank;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import java.util.List;
@ -70,10 +69,9 @@ public class UserInfoController {
     */
    @PostMapping("login")
    @Operation(summary = "web端管理员登录", description = "参数：用户登录请求体，权限：管理员（boss, admin)，方法名：userInfoLogin")
-    public BaseResponse<String> userInfoLogin(@RequestBody UserInfoLoginRequest userInfoLoginRequest, HttpServletRequest request) {
+    public BaseResponse<String> userInfoLogin(@Valid @RequestBody UserInfoLoginRequest userInfoLoginRequest, HttpServletRequest request) {
        String userAccount = userInfoLoginRequest.getUserAccount();
        String userPassword = userInfoLoginRequest.getUserPassword();
        ThrowUtils.throwIf(StringUtils.isAnyBlank(userAccount, userPassword), ErrorCode.PARAMS_ERROR);
        String token = userInfoService.userInfoLogin(userAccount, userPassword, request);
        return ResultUtils.success(token);
    }
@ -87,12 +85,11 @@ public class UserInfoController {
    @PostMapping("logout")
    @Operation(summary = "web端管理员退出登录", description = "参数：JWT，权限：管理员（boss, admin)，方法名：userInfoLogout")
    @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE)
-    public BaseResponse<Boolean> userInfoLogout(@RequestHeader("Authorization") String token) {
+    public BaseResponse<Boolean> userInfoLogout(@NotBlank @RequestHeader("Authorization") String token) {
-        // 获取 token 的过期时间
+        // 获取token的过期时间
        DecodedJWT decodedJWT = jwtUtils.verify(token);
        long expirationTime = decodedJWT.getExpiresAt().getTime() - System.currentTimeMillis();
-
+        // 将token存入Redis黑名单，并设置过期时间与token一致
        // 将 token 存入 Redis 黑名单，并设置过期时间与 token 一致
        redisTemplate.opsForValue().set(token, token, expirationTime, TimeUnit.MILLISECONDS);
        return ResultUtils.success(true);
    }
@ -106,7 +103,7 @@ public class UserInfoController {
     * @return 是否添加成功
     */
    @PostMapping("add")
-    @Operation(summary = "web端管理员添加用户表", description = "参数：用户表添加请求体，权限：管理员（boss, admin)，方法名：addUserInfo")
+    @Operation(summary = "web端管理员添加用户", description = "参数：用户表添加请求体，权限：管理员（boss, admin)，方法名：addUserInfo")
    public BaseResponse<Boolean> addUserInfo(@Valid @RequestBody UserInfoAddRequest userInfoAddRequest) {
        UserInfo userInfo = commonService.copyProperties(userInfoAddRequest, UserInfo.class);
        userInfoService.save(userInfo);
@ -121,9 +118,8 @@ public class UserInfoController {
     * @return 是否更新成功
     */
    @PostMapping("update")
-    @Operation(summary = "web端管理员更新用户表", description = "参数：用户表更新请求体，权限：管理员（boss, admin)，方法名：updateUserInfo")
+    @Operation(summary = "web端管理员更新用户", description = "参数：用户表更新请求体，权限：管理员（boss, admin)，方法名：updateUserInfo")
-    public BaseResponse<Boolean> updateUserInfo(@RequestBody UserInfoUpdateRequest userInfoUpdateRequest) {
+    public BaseResponse<Boolean> updateUserInfo(@Valid @RequestBody UserInfoUpdateRequest userInfoUpdateRequest) {
        ThrowUtils.throwIf(userInfoUpdateRequest == null || userInfoUpdateRequest.getId() <= 0, ErrorCode.PARAMS_ERROR);
        UserInfo userInfo = commonService.copyProperties(userInfoUpdateRequest, UserInfo.class);
        userInfoService.updateById(userInfo);
        return ResultUtils.success(true);
@ -135,9 +131,8 @@ public class UserInfoController {
     * @return 是否删除成功
     */
    @PostMapping("delete")
-    @Operation(summary = "web端管理员删除用户表", description = "参数：用户表删除请求体，权限：管理员（boss, admin)，方法名：delUserInfo")
+    @Operation(summary = "web端管理员删除用户", description = "参数：用户表删除请求体，权限：管理员（boss, admin)，方法名：delUserInfo")
-    public BaseResponse<Boolean> delUserInfo(@RequestBody CommonRequest commonRequest) {
+    public BaseResponse<Boolean> delUserInfo(@Valid @RequestBody CommonRequest commonRequest) {
        ThrowUtils.throwIf(commonRequest == null || commonRequest.getId() <= 0, ErrorCode.PARAMS_ERROR);
        Long id = commonRequest.getId();
        userInfoService.removeById(id);
        return ResultUtils.success(true);
@ -149,9 +144,8 @@ public class UserInfoController {
     * @return 用户表列表
     */
    @PostMapping("page")
-    @Operation(summary = "Web端管理员分页查看用户表", description = "参数：用户表查询请求体，权限：管理员（boss, admin)，方法名:listUserInfoByPage")
+    @Operation(summary = "Web端管理员分页查看用户", description = "参数：用户表查询请求体，权限：管理员（boss, admin)，方法名:listUserInfoByPage")
-    public BaseResponse<Page<UserInfoVO>> listUserInfoByPage(@RequestBody UserInfoQueryRequest userInfoQueryRequest) {
+    public BaseResponse<Page<UserInfoVO>> listUserInfoByPage(@Valid @RequestBody UserInfoQueryRequest userInfoQueryRequest) {
        if (userInfoQueryRequest == null) throw new BusinessException(ErrorCode.PARAMS_ERROR);
        long current = userInfoQueryRequest.getCurrent();
        long pageSize = userInfoQueryRequest.getPageSize();
        QueryWrapper<UserInfo> queryWrapper = userInfoService.getQueryWrapper(userInfoQueryRequest);
@ -173,10 +167,9 @@ public class UserInfoController {
     * @return 用户表信息
     */
    @PostMapping("queryById")
-    @Operation(summary = "web端管理员根据id查询用户表", description = "参数：用户表查询请求体，权限：管理员（boss, admin)，方法名:queryUserInfoById")
+    @Operation(summary = "web端管理员根据id查询用户", description = "参数：用户表查询请求体，权限：管理员（boss, admin)，方法名:queryUserInfoById")
    @RequiresPermission(mustRole = UserConstant.ADMIN_ROLE)
-    public BaseResponse<UserInfoVO> queryUserInfoById(@RequestBody CommonRequest commonRequest) {
+    public BaseResponse<UserInfoVO> queryUserInfoById(@Valid @RequestBody CommonRequest commonRequest) {
        ThrowUtils.throwIf(commonRequest == null || commonRequest.getId() <= 0, ErrorCode.PARAMS_ERROR);
        Long id = commonRequest.getId();
        UserInfo userInfo = userInfoService.getById(id);
        ThrowUtils.throwIf(userInfo == null, ErrorCode.OPERATION_ERROR, "当前用户不存在");
@ -191,9 +184,8 @@ public class UserInfoController {
     * @return 是否删除成功
     */
    @PostMapping("delBatch")
-    @Operation(summary = "web端管理员批量删除用户表", description = "参数：用户表批量删除请求体，权限：管理员（boss, admin)，方法名:delBatchUserInfo")
+    @Operation(summary = "web端管理员批量删除用户", description = "参数：用户表批量删除请求体，权限：管理员（boss, admin)，方法名:delBatchUserInfo")
-    public BaseResponse<Boolean> delBatchUserInfo(@RequestBody CommonBatchRequest commonBatchRequest) {
+    public BaseResponse<Boolean> delBatchUserInfo(@Valid @RequestBody CommonBatchRequest commonBatchRequest) {
        ThrowUtils.throwIf(commonBatchRequest == null || commonBatchRequest.getIds() == null || commonBatchRequest.getIds().isEmpty(), ErrorCode.PARAMS_ERROR);
        List<Long> ids = commonBatchRequest.getIds();
        userInfoService.removeByIds(ids);
        return ResultUtils.success(true);
--- a/src/main/java/com/greenorange/promotion/exception/GlobalExceptionHandler.java
+++ b/src/main/java/com/greenorange/promotion/exception/GlobalExceptionHandler.java
@ -47,10 +47,11 @@ public class GlobalExceptionHandler {
    @ExceptionHandler(HttpMessageNotReadableException.class)
    public BaseResponse<?> handleHttpMessageNotReadableException(HttpMessageNotReadableException e) {
        log.error("HttpMessageNotReadableException", e);
-        return ResultUtils.error(ErrorCode.PARAMS_ERROR, e.getMessage());
+        return ResultUtils.error(ErrorCode.PARAMS_ERROR, "请求体不能为空或格式无效");
    }
    // 处理业务异常
    @ExceptionHandler(BusinessException.class)
    public BaseResponse<?> businessExceptionHandler(BusinessException e) {
        log.error("BusinessException", e);
@ -58,6 +59,7 @@ public class GlobalExceptionHandler {
    }
    // 处理运行时异常
    @ExceptionHandler(RuntimeException.class)
    public BaseResponse<?> runtimeExceptionHandler(RuntimeException e) {
        log.error("RuntimeException", e);
--- a/src/main/java/com/greenorange/promotion/model/dto/user/UserInfoAddRequest.java
+++ b/src/main/java/com/greenorange/promotion/model/dto/user/UserInfoAddRequest.java
@ -42,14 +42,16 @@ public class UserInfoAddRequest implements Serializable {
     * 账号
     */
    @NotBlank(message = "账号不能为空")
-    @Schema(description = "账号", example = "qingcheng_account")
+    @Size(min = 6, max = 10, message = "账号长度在 6 到 10 个字符")
    @Schema(description = "账号", example = "qingcheng")
    private String userAccount;
    /**
     * 密码
     */
    @NotBlank(message = "密码不能为空")
-    @Schema(description = "密码", example = "qingcheng_password")
+    @Size(min = 6, max = 10, message = "密码长度在 6 到 10 个字符")
    @Schema(description = "密码", example = "qingcheng")
    private String userPassword;
    /**
--- a/src/main/java/com/greenorange/promotion/model/dto/user/UserInfoLoginRequest.java
+++ b/src/main/java/com/greenorange/promotion/model/dto/user/UserInfoLoginRequest.java
@ -18,7 +18,7 @@ public class UserInfoLoginRequest implements Serializable {
     * 账号
     */
    @NotBlank(message = "账号不能为空")
-    @Size(min = 6, max = 8, message = "账号长度在 6 到 8 个字符")
+    @Size(min = 6, max = 10, message = "账号长度在 6 到 10 个字符")
    @Schema(description = "账号", example = "qingcheng_account")
    private String userAccount;
@ -26,7 +26,7 @@ public class UserInfoLoginRequest implements Serializable {
     * 密码
     */
    @NotBlank(message = "密码不能为空")
-    @Size(min = 6, max = 8, message = "密码长度在 6 到 8 个字符")
+    @Size(min = 6, max = 10, message = "密码长度在 6 到 10 个字符")
    @Schema(description = "密码", example = "qingcheng_password")
    private String userPassword;
--- a/src/main/java/com/greenorange/promotion/model/dto/user/UserInfoUpdateRequest.java
+++ b/src/main/java/com/greenorange/promotion/model/dto/user/UserInfoUpdateRequest.java
@ -4,6 +4,7 @@ import io.swagger.v3.oas.annotations.media.Schema;
 import jakarta.validation.constraints.Min;
 import jakarta.validation.constraints.NotBlank;
 import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Size;
 import lombok.Data;
 import java.io.Serial;
@ -50,6 +51,7 @@ public class UserInfoUpdateRequest implements Serializable {
     * 账号
     */
    @NotBlank(message = "账号不能为空")
    @Size(min = 6, max = 10, message = "账号长度在 6 到 10 个字符")
    @Schema(description = "账号", example = "qingcheng_account")
    private String userAccount;
@ -57,6 +59,7 @@ public class UserInfoUpdateRequest implements Serializable {
     * 密码
     */
    @NotBlank(message = "密码不能为空")
    @Size(min = 6, max = 10, message = "密码长度在 6 到 10 个字符")
    @Schema(description = "密码", example = "qingcheng_password")
    private String userPassword;
--- a/src/main/java/com/greenorange/promotion/service/user/impl/UserInfoServiceImpl.java
+++ b/src/main/java/com/greenorange/promotion/service/user/impl/UserInfoServiceImpl.java
@ -57,7 +57,6 @@ public class UserInfoServiceImpl extends ServiceImpl<UserInfoMapper, UserInfo>
     */
    @Override
    public String userInfoLogin(String userAccount, String userPassword, HttpServletRequest request) {
        ThrowUtils.throwIf(userAccount.length() < 6 || userPassword.length() < 6, ErrorCode.PARAMS_ERROR);
        LambdaQueryWrapper<UserInfo> lambdaQueryWrapper = new LambdaQueryWrapper<>();
        lambdaQueryWrapper.eq(UserInfo::getUserAccount, userAccount).eq(UserInfo::getUserPassword, userPassword);
        UserInfo userInfo = this.getOne(lambdaQueryWrapper);