perf: 优化排序参数校验

2025-09-14 05:02:43 +00:00 · 2025-07-18 16:21:35 +08:00
parent 773ce159f7
commit 1cd8a49fd4
7 changed files with 29 additions and 26 deletions
--- a/novel-admin/src/main/java/com/java2nb/common/aspect/SortOrderValidationAspect.java
+++ b/novel-admin/src/main/java/com/java2nb/common/aspect/SortOrderValidationAspect.java
@@ -25,10 +25,10 @@ import java.util.Map;
 public class SortOrderValidationAspect {

    /**
-     * 拦截所有的mapper方法
+     * 拦截mapper的所有list方法
     */
    @SneakyThrows
-    @Around("execution(* com.java2nb.*.dao.*Dao.*(..))")
+    @Around("execution(* com.java2nb.*.dao.*Dao.list*(..))")
    public Object validateSortAndOrder(ProceedingJoinPoint joinPoint) {
        Object[] args = joinPoint.getArgs();
        MethodSignature signature = (MethodSignature) joinPoint.getSignature();
--- a/novel-admin/src/main/java/com/java2nb/common/utils/SortWhitelistUtil.java
+++ b/novel-admin/src/main/java/com/java2nb/common/utils/SortWhitelistUtil.java
@@ -14,8 +14,7 @@ import java.util.Set;
 public class SortWhitelistUtil {

    private final Set<String> allowedColumns = new HashSet<>(
-        Arrays.asList("id", "name", "create_time", "update_time", "order_num", "last_index_update_time", "word_count",
-            "visit_count"));
+        Arrays.asList("id", "name", "order_num"));
    private final Set<String> allowedOrders = new HashSet<>(Arrays.asList("asc", "desc"));

    public String sanitizeColumn(String input) {
--- a/novel-admin/src/main/java/com/java2nb/system/dao/SysUserDao.java
+++ b/novel-admin/src/main/java/com/java2nb/system/dao/SysUserDao.java
@@ -11,7 +11,6 @@ import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;

 /**
- * 
 * @author xiongxy
 * @email 1179705413@qq.com
 * @date 2019-10-03 09:45:11
@@ -19,23 +18,23 @@ import org.apache.ibatis.annotations.Param;
@Mapper
 public interface SysUserDao {

-	UserDO get(Long userId);
-	
-	List<UserDO> list(@ValidateSortOrder  Map<String,Object> map);
-	
-	int count(Map<String,Object> map);
-	
-	int save(UserDO user);
-	
-	int update(UserDO user);
-	
-	int remove(Long userId);
-	
-	int batchRemove(Long[] userIds);
-	
-	Long[] listAllDept();
+    UserDO get(Long userId);

-    List<UserDO> listByPerm(Map<String, Object> map);
+    List<UserDO> list(@ValidateSortOrder Map<String, Object> map);

-	int countByPerm(Map<String,Object> map);
+    int count(Map<String, Object> map);
+
+    int save(UserDO user);
+
+    int update(UserDO user);
+
+    int remove(Long userId);
+
+    int batchRemove(Long[] userIds);
+
+    Long[] listAllDept();
+
+    List<UserDO> listByPerm(@ValidateSortOrder Map<String, Object> map);
+
+    int countByPerm(Map<String, Object> map);
 }