feat[litemall-wx-api]: 小程序后台服务进一步校验参数

7597c60a · Junling Bu · 637ee6c8 · 7597c60a · 7597c60a · 7597c60a
Commit 7597c60a authored Oct 21, 2018 by Junling Bu
--- a/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxAddressController.java
+++ b/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxAddressController.java
@@ -9,6 +9,7 @@ import org.linlinjava.litemall.db.service.LitemallRegionService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.linlinjava.litemall.wx.annotation.LoginUser;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
@@ -124,6 +125,57 @@ public class WxAddressController {
        return ResponseUtil.ok(data);
    }
+    private Object validate(LitemallAddress address) {
+        String name = address.getName();
+        if(StringUtils.isEmpty(name)){
+            return ResponseUtil.badArgument();
+        }
+        // 测试收货手机号码是否正确
+        String mobile = address.getMobile();
+        if(StringUtils.isEmpty(mobile)){
+            return ResponseUtil.badArgument();
+        }
+        if(!RegexUtil.isMobileExact(mobile)){
+            return ResponseUtil.badArgument();
+        }
+        Integer pid = address.getProvinceId();
+        if(pid == null){
+            return ResponseUtil.badArgument();
+        }
+        if(addressService.findById(pid) == null){
+            return ResponseUtil.badArgumentValue();
+        }
+        Integer cid = address.getCityId();
+        if(cid == null){
+            return ResponseUtil.badArgument();
+        }
+        if(addressService.findById(cid) == null){
+            return ResponseUtil.badArgumentValue();
+        }
+        Integer aid = address.getAreaId();
+        if(aid == null){
+            return ResponseUtil.badArgument();
+        }
+        if(addressService.findById(aid) == null){
+            return ResponseUtil.badArgumentValue();
+        }
+        String detailedAddress = address.getAddress();
+        if(StringUtils.isEmpty(detailedAddress)){
+            return ResponseUtil.badArgument();
+        }
+        Boolean isDefault = address.getIsDefault();
+        if(isDefault == null){
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
    /**
     * 添加或更新收货地址
     *
@@ -138,14 +190,9 @@ public class WxAddressController {
        if(userId == null){
            return ResponseUtil.unlogin();
        }
-        if(address == null){
+        Object error = validate(address);
-            return ResponseUtil.badArgument();
+        if(error != null){
-        }
+            return error;
-        // 测试收货手机号码是否正确
-        String mobile = address.getMobile();
-        if(!RegexUtil.isMobileExact(mobile)){
-            return ResponseUtil.badArgument();
        }
        if(address.getIsDefault()){
@@ -181,12 +228,9 @@ public class WxAddressController {
        if(userId == null){
            return ResponseUtil.unlogin();
        }
-        if(address == null){
-            return ResponseUtil.badArgument();
-        }
        Integer id = address.getId();
        if(id == null){
-            return ResponseUtil.badArgumentValue();
+            return ResponseUtil.badArgument();
        }
        addressService.delete(id);

--- a/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxAuthController.java
+++ b/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxAuthController.java
@@ -68,7 +68,7 @@ public class WxAuthController {
     * }
     * 失败则 { errno: XXX, errmsg: XXX }
     */
-    @RequestMapping("login")
+    @PostMapping("login")
    public Object login(@RequestBody String body, HttpServletRequest request) {
        String username = JacksonUtil.parseString(body, "username");
        String password = JacksonUtil.parseString(body, "password");
@@ -125,7 +125,7 @@ public class WxAuthController {
     * }
     * 失败则 { errno: XXX, errmsg: XXX }
     */
-    @RequestMapping("login_by_weixin")
+    @PostMapping("login_by_weixin")
    public Object loginByWeixin(@RequestBody WxLoginInfo wxLoginInfo, HttpServletRequest request) {
        String code = wxLoginInfo.getCode();
        UserInfo userInfo = wxLoginInfo.getUserInfo();

--- a/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxCartController.java
+++ b/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxCartController.java
@@ -296,7 +296,7 @@ public class WxCartController {
     * 如果原来没有勾选，则设置勾选状态；如果商品已经勾选，则设置非勾选状态。
     *
     * @param userId 用户ID
-     * @param body   购物车商品信息， { productIds: xxx }
+     * @param body   购物车商品信息， { productIds: xxx, isChecked: 1/0 }
     * @return 购物车信息
     * 成功则
     * {

--- a/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxCommentController.java
+++ b/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxCommentController.java
 package org.linlinjava.litemall.wx.web;
 import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.linlinjava.litemall.db.domain.LitemallComment;
+import org.linlinjava.litemall.db.domain.LitemallGoodsSpecification;
 import org.linlinjava.litemall.db.service.LitemallCommentService;
+import org.linlinjava.litemall.db.service.LitemallGoodsService;
+import org.linlinjava.litemall.db.service.LitemallTopicService;
 import org.linlinjava.litemall.db.service.LitemallUserService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.linlinjava.litemall.wx.annotation.LoginUser;
@@ -29,6 +33,45 @@ public class WxCommentController {
    private LitemallUserService userService;
    @Autowired
    private UserInfoService userInfoService;
+    @Autowired
+    private LitemallGoodsService goodsService;
+    @Autowired
+    private LitemallTopicService topicService;
+    private Object validate(LitemallComment comment) {
+        String content = comment.getContent();
+        if(StringUtils.isEmpty(content)){
+            return ResponseUtil.badArgument();
+        }
+        Short star = comment.getStar();
+        if(star == null){
+            return ResponseUtil.badArgument();
+        }
+        if(star < 0 || star > 5){
+            return ResponseUtil.badArgumentValue();
+        }
+        Byte type = comment.getType();
+        Integer valueId = comment.getValueId();
+        if(type == null || valueId == null){
+            return ResponseUtil.badArgument();
+        }
+        if(type == 0){
+            if(goodsService.findById(valueId)  == null){
+                return ResponseUtil.badArgumentValue();
+          }
+        }
+        else if(type == 1){
+            if(topicService.findById(valueId) == null){
+                return ResponseUtil.badArgumentValue();
+            }
+        }
+        else{
+            return ResponseUtil.badArgumentValue();
+        }
+        return null;
+    }
    /**
     * 发表评论
@@ -53,8 +96,9 @@ public class WxCommentController {
        if(userId == null){
            return ResponseUtil.unlogin();
        }
-        if(comment == null){
+        Object error = validate(comment);
-            return ResponseUtil.badArgument();
+        if(error != null){
+            return error;
        }
        comment.setAddTime(LocalDateTime.now());

--- a/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxFeedbackController.java
+++ b/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxFeedbackController.java
 package org.linlinjava.litemall.wx.web;
-import org.linlinjava.litemall.core.util.JacksonUtil;
+import org.apache.commons.lang3.StringUtils;
 import org.linlinjava.litemall.core.util.RegexUtil;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.linlinjava.litemall.db.domain.LitemallFeedback;
@@ -13,8 +13,6 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
-import javax.servlet.http.HttpServletRequest;
 import java.time.LocalDateTime;
 /**
@@ -32,18 +30,39 @@ public class WxFeedbackController {
    @Autowired
    private LitemallUserService userService;
+    private Object validate(LitemallFeedback feedback) {
+        String content = feedback.getContent();
+        if(StringUtils.isEmpty(content)){
+            return ResponseUtil.badArgument();
+        }
+        String type = feedback.getFeedType();
+        if(StringUtils.isEmpty(type)){
+            return ResponseUtil.badArgument();
+        }
+        // 测试手机号码是否正确
+        String mobile = feedback.getMobile();
+        if(StringUtils.isEmpty(mobile)){
+            return ResponseUtil.badArgument();
+        }
+        if (!RegexUtil.isMobileExact(mobile)) {
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
    /**
-     * 意见反馈
+     *  意见反馈
     */
    @PostMapping("submit")
    public Object submit(@LoginUser Integer userId, @RequestBody LitemallFeedback feedback) {
        if (userId == null) {
            return ResponseUtil.unlogin();
        }
+        Object error = validate(feedback);
-        // 测试手机号码是否正确
+        if(error != null){
-        if (!RegexUtil.isMobileExact(feedback.getMobile())) {
+            return error;
-            return ResponseUtil.badArgument();
        }
        LitemallUser user = userService.findById(userId);

--- a/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxOrderController.java
+++ b/litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxOrderController.java
@@ -102,9 +102,6 @@ public class WxOrderController {
    @Autowired
    private ExpressService expressService;
-    public WxOrderController() {
-    }
    private String detailedAddress(LitemallAddress litemallAddress) {
        Integer provinceId = litemallAddress.getProvinceId();
        Integer cityId = litemallAddress.getCityId();
@@ -141,7 +138,7 @@ public class WxOrderController {
     * }
     * 失败则 { errno: XXX, errmsg: XXX }
     */
-    @RequestMapping("list")
+    @GetMapping("list")
    public Object list(@LoginUser Integer userId,
                       @RequestParam(defaultValue = "0") Integer showType,
                       @RequestParam(defaultValue = "1") Integer page,