服务端新增修改操作时, 判断是否包含敏感字符. (#31)

hippo4j-config/src/main/java/cn/hippo4j/config/model/biz/item/ItemSaveReqDTO.java

@@ -2,6 +2,9 @@ package cn.hippo4j.config.model.biz.item;
 
 import lombok.Data;
 
+import javax.validation.constraints.Pattern;
+
+
 /**
  * Item save req dto.
  *
@@ -14,11 +17,13 @@ public class ItemSaveReqDTO {
     /**
      * tenantId
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String tenantId;
 
     /**
      * itemId
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String itemId;
 
     /**

hippo4j-config/src/main/java/cn/hippo4j/config/model/biz/tenant/TenantSaveReqDTO.java

@@ -2,6 +2,8 @@ package cn.hippo4j.config.model.biz.tenant;
 
 import lombok.Data;
 
+import javax.validation.constraints.Pattern;
+
 /**
  * Tenant save req dto.
  *
@@ -14,11 +16,13 @@ public class TenantSaveReqDTO {
     /**
      * tenantId
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String tenantId;
 
     /**
      * tenantName
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String tenantName;
 
     /**

hippo4j-config/src/main/java/cn/hippo4j/config/model/biz/threadpool/ThreadPoolSaveOrUpdateReqDTO.java

@@ -2,6 +2,8 @@ package cn.hippo4j.config.model.biz.threadpool;
 
 import lombok.Data;
 
+import javax.validation.constraints.Pattern;
+
 /**
  * Thread pool save or update req dto.
  *
@@ -14,16 +16,19 @@ public class ThreadPoolSaveOrUpdateReqDTO {
     /**
      * tenantId
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String tenantId;
 
     /**
      * TpId
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String tpId;
 
     /**
      * ItemId
      */
+    @Pattern(regexp = "^((?!\\+).)*$", message = "租户、项目、线程池 ID 包含+号")
     private String itemId;
 
     /**

hippo4j-console/pom.xml

@@ -34,6 +34,11 @@
             <groupId>cn.hippo4j</groupId>
             <artifactId>hippo4j-auth</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>org.hibernate.validator</groupId>
+            <artifactId>hibernate-validator</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

hippo4j-console/src/main/java/cn/hippo4j/console/config/GlobalExceptionHandler.java

@@ -1,14 +1,21 @@
 package cn.hippo4j.console.config;
 
+import cn.hippo4j.common.toolkit.CollectionUtil;
+import cn.hippo4j.common.toolkit.StringUtil;
 import cn.hippo4j.common.web.base.Result;
 import cn.hippo4j.common.web.base.Results;
 import cn.hippo4j.common.web.exception.ServiceException;
+import lombok.SneakyThrows;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.util.StringUtils;
+import org.springframework.validation.BindingResult;
+import org.springframework.validation.FieldError;
+import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.Optional;
 
 /**
  * 全局异常捕获器.
@@ -31,6 +38,19 @@ public class GlobalExceptionHandler {
         return Results.failure(ex);
     }
 
+    @SneakyThrows
+    @ExceptionHandler(value = MethodArgumentNotValidException.class)
+    public Result validExceptionHandler(HttpServletRequest request, MethodArgumentNotValidException ex) {
+        BindingResult bindingResult = ex.getBindingResult();
+        FieldError firstFieldError = CollectionUtil.getFirst(bindingResult.getFieldErrors());
+        String exceptionStr = Optional.ofNullable(firstFieldError)
+                .map(FieldError::getDefaultMessage)
+                .orElse(StringUtil.EMPTY);
+
+        log.error("[{}] {} [ex] {}", request.getMethod(), getUrl(request), exceptionStr);
+        return Results.failure(new ServiceException(exceptionStr));
+    }
+
     @ExceptionHandler(value = Throwable.class)
     public Result defaultErrorHandler(HttpServletRequest request, Throwable throwable) {
         log.error("[{}] {} ", request.getMethod(), getUrl(request), throwable);

hippo4j-console/src/main/java/cn/hippo4j/console/controller/ItemController.java

@@ -1,6 +1,5 @@
 package cn.hippo4j.console.controller;
 
-import com.baomidou.mybatisplus.core.metadata.IPage;
 import cn.hippo4j.common.constant.Constants;
 import cn.hippo4j.common.web.base.Result;
 import cn.hippo4j.common.web.base.Results;
@@ -9,7 +8,9 @@ import cn.hippo4j.config.model.biz.item.ItemRespDTO;
 import cn.hippo4j.config.model.biz.item.ItemSaveReqDTO;
 import cn.hippo4j.config.model.biz.item.ItemUpdateReqDTO;
 import cn.hippo4j.config.service.biz.ItemService;
+import com.baomidou.mybatisplus.core.metadata.IPage;
 import lombok.AllArgsConstructor;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 /**
@@ -36,7 +37,7 @@ public class ItemController {
     }
 
     @PostMapping("/save")
-    public Result saveItem(@RequestBody ItemSaveReqDTO reqDTO) {
+    public Result saveItem(@Validated @RequestBody ItemSaveReqDTO reqDTO) {
         itemService.saveItem(reqDTO);
         return Results.success();
     }

hippo4j-console/src/main/java/cn/hippo4j/console/controller/TenantController.java

@@ -1,6 +1,5 @@
 package cn.hippo4j.console.controller;
 
-import com.baomidou.mybatisplus.core.metadata.IPage;
 import cn.hippo4j.common.constant.Constants;
 import cn.hippo4j.common.web.base.Result;
 import cn.hippo4j.common.web.base.Results;
@@ -9,7 +8,9 @@ import cn.hippo4j.config.model.biz.tenant.TenantRespDTO;
 import cn.hippo4j.config.model.biz.tenant.TenantSaveReqDTO;
 import cn.hippo4j.config.model.biz.tenant.TenantUpdateReqDTO;
 import cn.hippo4j.config.service.biz.TenantService;
+import com.baomidou.mybatisplus.core.metadata.IPage;
 import lombok.AllArgsConstructor;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 /**
@@ -37,7 +38,7 @@ public class TenantController {
     }
 
     @PostMapping("/save")
-    public Result<Boolean> saveNameSpace(@RequestBody TenantSaveReqDTO reqDTO) {
+    public Result<Boolean> saveNameSpace(@Validated @RequestBody TenantSaveReqDTO reqDTO) {
         tenantService.saveTenant(reqDTO);
         return Results.success(Boolean.TRUE);
     }

hippo4j-console/src/main/java/cn/hippo4j/console/controller/ThreadPoolController.java

@@ -1,9 +1,5 @@
 package cn.hippo4j.console.controller;
 
-import cn.hippo4j.console.model.ThreadPoolInstanceInfo;
-import cn.hutool.core.collection.CollUtil;
-import cn.hutool.core.util.StrUtil;
-import com.baomidou.mybatisplus.core.metadata.IPage;
 import cn.hippo4j.common.constant.Constants;
 import cn.hippo4j.common.model.InstanceInfo;
 import cn.hippo4j.common.web.base.Result;
@@ -16,10 +12,15 @@ import cn.hippo4j.config.model.biz.threadpool.ThreadPoolSaveOrUpdateReqDTO;
 import cn.hippo4j.config.service.ConfigCacheService;
 import cn.hippo4j.config.service.biz.ThreadPoolService;
 import cn.hippo4j.config.toolkit.BeanUtil;
+import cn.hippo4j.console.model.ThreadPoolInstanceInfo;
 import cn.hippo4j.discovery.core.BaseInstanceRegistry;
 import cn.hippo4j.discovery.core.Lease;
+import cn.hutool.core.collection.CollUtil;
+import cn.hutool.core.util.StrUtil;
+import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.google.common.collect.Lists;
 import lombok.AllArgsConstructor;
+import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
@@ -54,7 +55,7 @@ public class ThreadPoolController {
 
     @PostMapping("/save_or_update")
     public Result saveOrUpdateThreadPoolConfig(@RequestParam(value = "identify", required = false) String identify,
-                                               @RequestBody ThreadPoolSaveOrUpdateReqDTO reqDTO) {
+                                               @Validated @RequestBody ThreadPoolSaveOrUpdateReqDTO reqDTO) {
         threadPoolService.saveOrUpdateThreadPoolConfig(identify, reqDTO);
         return Results.success();
     }