package com.ruoyi.web.controller.common;
|
|
import com.alibaba.fastjson2.JSON;
|
import com.ruoyi.common.core.domain.AjaxResult;
|
import com.ruoyi.common.core.page.TableDataInfo;
|
import com.ruoyi.project.domain.BaseAnnextype;
|
import com.ruoyi.project.domain.GiApi;
|
import com.ruoyi.project.domain.dto.ApiDTO;
|
import com.ruoyi.project.service.IApiService;
|
import io.swagger.annotations.Api;
|
import io.swagger.annotations.ApiOperation;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.commons.lang3.ObjectUtils;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.web.bind.annotation.*;
|
|
import java.util.ArrayList;
|
import java.util.List;
|
import java.util.Map;
|
|
@Slf4j
|
@Api(description = "api服务")
|
@RestController
|
@RequestMapping("/api")
|
public class ApiController {
|
@Autowired
|
private IApiService service;
|
@ApiOperation("API->api查询列表")
|
@PostMapping("/{path}")
|
public AjaxResult getApiList(@PathVariable("path") String path, @RequestBody ApiDTO DTO) {
|
List<Map<String, Object>> lists = new ArrayList<>();
|
if (ObjectUtils.isNotEmpty(path)) {
|
GiApi tempSql = service.getCode(path);
|
if (tempSql != null && ObjectUtils.isNotEmpty(tempSql.getApiSql())) {
|
String SQL_REG_EXP = ".*(\\b(insert|into|update|delete|trancate" +
|
"|drop|execute|grant|use)\\b).*";
|
if (tempSql.getApiSql().toLowerCase().matches(SQL_REG_EXP)) {
|
return AjaxResult.error("sql中有非法字符,只应许select");
|
}
|
lists = service.getListSql(tempSql.getApiSql(), DTO);
|
return AjaxResult.success(JSON.toJSON(lists));
|
} else
|
return AjaxResult.error("sql代码没有对应的sql请核对");
|
} else {
|
return AjaxResult.error("表名不能为空");
|
}
|
}
|
|
@ApiOperation("API->api查询object")
|
@PostMapping("/s/{path}")
|
public AjaxResult getStringSql(@PathVariable("path") String path, @RequestBody ApiDTO DTO){
|
List<Map<String,Object>> lists=new ArrayList<>();
|
if(ObjectUtils.isNotEmpty(path)) {
|
GiApi tempSql= service.getCode(path);
|
if(tempSql!=null&&ObjectUtils.isNotEmpty(tempSql.getApiSql())) {
|
String SQL_REG_EXP = ".*(\\b(insert|into|update|delete|trancate" +
|
"|drop|execute|grant|use)\\b).*";
|
if (tempSql.getApiSql().toLowerCase().matches(SQL_REG_EXP)) {
|
return AjaxResult.error("sql中有非法字符,只应许select");
|
}
|
|
return AjaxResult.success(service.getStringSql(tempSql.getApiSql(), DTO));
|
|
}else
|
return AjaxResult.error("sql代码没有对应的sql请核对");
|
}else {
|
return AjaxResult.error("表名不能为空");
|
}
|
}
|
|
}
|
