Eliminate business logic in controller & fix XSS bug

gousaiyang · Jul 16, 2017 · c5b1755 · c5b1755
1 parent a4b4d59
commit c5b1755
Show file tree

Hide file tree

Showing 10 changed files with 175 additions and 129 deletions.
diff --git a/src/main/java/bookstore/action/AdminBookAction.java b/src/main/java/bookstore/action/AdminBookAction.java
@@ -191,18 +191,9 @@ public String addBook() {
             retJson = vd.getFailureMessage();
             return ERROR;
         }
-
-        Book book = new Book();
-        book.setName(getName());
-        book.setImage(getImage());
-        book.setAuthor(getAuthor());
-        book.setPress(getPress());
-        book.setPrice((int)(Float.parseFloat(getPrice()) * 100));
-        book.setStock(Integer.parseInt(getStock()));
-        book.setDescription(getDescription());
-        appService.addBook(book);
-
-        retJson = new SuccessMessage(book.getId());
+
+        retJson = new SuccessMessage(appService.addBook(getName(), getImage(), getAuthor(), getPress(),
+                getPrice(), getStock(), getDescription()));
         return SUCCESS;
     }
 
@@ -244,14 +235,7 @@ public String updateBook() {
             return NONE;
         }
 
-        book.setName(getName());
-        book.setImage(getImage());
-        book.setAuthor(getAuthor());
-        book.setPress(getPress());
-        book.setPrice((int)(Float.parseFloat(getPrice()) * 100));
-        book.setStock(Integer.parseInt(getStock()));
-        book.setDescription(getDescription());
-        appService.updateBook(book);
+        appService.updateBook(book, getName(), getImage(), getAuthor(), getPress(), getPrice(), getStock(), getDescription());
 
         retJson = new SuccessMessage();
         return SUCCESS;

diff --git a/src/main/java/bookstore/action/AdminCategoryAction.java b/src/main/java/bookstore/action/AdminCategoryAction.java
@@ -137,11 +137,8 @@ public String addCategory() {
             retJson = vd.getFailureMessage();
             return ERROR;
         }
-
-        Category category = new Category(getName());
-        appService.addCategory(category);
-
-        retJson = new SuccessMessage(category.getId());
+
+        retJson = new SuccessMessage(appService.addCategory(getName()));
         return SUCCESS;
     }
 
@@ -173,8 +170,7 @@ public String updateCategory() {
             return NONE;
         }
 
-        category.setName(getName());
-        appService.updateCategory(category);
+        appService.updateCategory(category, getName());
 
         retJson = new SuccessMessage();
         return SUCCESS;
@@ -249,8 +245,7 @@ public String addBookToCategory() {
             return ERROR;
         }
 
-        bc = new BookCategory(category.getId(), book.getId());
-        appService.addBC(bc);
+        appService.addBC(category.getId(), book.getId());
 
         retJson = new SuccessMessage();
         return SUCCESS;

diff --git a/src/main/java/bookstore/action/AdminUserAction.java b/src/main/java/bookstore/action/AdminUserAction.java
@@ -1,14 +1,12 @@
 package bookstore.action;
 
-import java.util.ArrayList;
 import java.util.List;
 
 import bookstore.model.User;
 import bookstore.model.result.FailureMessage;
 import bookstore.model.result.SuccessMessage;
 import bookstore.model.result.UserDetail;
 import bookstore.service.AppService;
-import bookstore.util.PasswordUtil;
 import bookstore.util.StringUtil;
 import bookstore.util.Validator;
 
@@ -228,17 +226,9 @@ public String addUser() throws Exception {
             retJson = new FailureMessage("用户名 " + getUsername() + " 已经存在。");
             return ERROR;
         }
-
-        User user = new User();
-        user.setUsername(getUsername());
-        user.setPassword(PasswordUtil.passwordHash(getPassword()));
-        user.setNickname(getNickname());
-        user.setAvatar(getAvatar());
-        user.setBalance((int)(Float.parseFloat(getBalance()) * 100));
-        user.setRole(getRole().equals("1"));
-        appService.addUser(user);
 
-        retJson = new SuccessMessage(user.getId());
+        retJson = new SuccessMessage(appService.addUser(getUsername(), getPassword(), getNickname(),
+                getAvatar(), getBalance(), getRole()));
         return SUCCESS;
     }
 
@@ -301,14 +291,7 @@ public String updateUser() throws Exception {
             return ERROR;
         }
 
-        user.setUsername(getUsername());
-        if (!getPassword().equals(""))
-            user.setPassword(PasswordUtil.passwordHash(getPassword()));
-        user.setNickname(getNickname());
-        user.setAvatar(getAvatar());
-        user.setBalance((int)(Float.parseFloat(getBalance()) * 100));
-        user.setRole(getRole().equals("1"));
-        appService.updateUser(user);
+        appService.updateUser(user, getUsername(), getPassword(), getNickname(), getAvatar(), getBalance(), getRole());
 
         retJson = new SuccessMessage();
         return SUCCESS;
@@ -403,15 +386,8 @@ public String updateAddress() throws Exception {
             retJson = new FailureMessage("收货地址数组格式不正确");
             return ERROR;
         }
-
-        List<String> newAddresses = new ArrayList<String>();
-        for (String address: addressArray) {
-            String addr = address.trim();
-            if (!addr.isEmpty())
-                newAddresses.add(addr);
-        }
-
-        appService.updateUserAddress(userId, newAddresses);
+
+        appService.updateUserAddress(userId, addressArray);
 
         retJson = new SuccessMessage();
         return SUCCESS;

diff --git a/src/main/java/bookstore/action/AuthAction.java b/src/main/java/bookstore/action/AuthAction.java
@@ -91,16 +91,9 @@ public String doRegister() {
             return ERROR;
         }
 
-        User user = new User();
-        user.setUsername(getUsername());
-        user.setPassword(PasswordUtil.passwordHash(getPassword()));
-        user.setNickname(getUsername());
-        user.setAvatar("");
-        user.setBalance(0);
-        user.setRole(false);
-        appService.addUser(user);
+        Integer newUserId = appService.addUser(getUsername(), getPassword(), getUsername(), "", "0", "0");
 
-        session().setAttribute("user", user);
+        session().setAttribute("user", appService.getUserById(newUserId));
 
         retJson = new SuccessMessage();
         return SUCCESS;

diff --git a/src/main/java/bookstore/action/CartAction.java b/src/main/java/bookstore/action/CartAction.java
@@ -118,10 +118,7 @@ public String addToCart() {
             return ERROR;
         }
 
-        Order cart = appService.getUserCart(user.getId());
-        OrderItem item = new OrderItem(cart.getId(), bookId, Integer.parseInt(getQuantity()));
-
-        appService.addOrderItem(item);
+        appService.addItemToCart(user, bookId, Integer.parseInt(getQuantity()));
 
         retJson = new SuccessMessage();
         return SUCCESS;
@@ -174,8 +171,7 @@ public String updateCartItem() {
             return "forbidden";
         }
 
-        item.setQuantity(Integer.parseInt(getQuantity()));
-        appService.updateOrderItem(item);
+        appService.updateOrderItem(item, Integer.parseInt(getQuantity()));
 
         retJson = new SuccessMessage();
         return SUCCESS;
@@ -236,7 +232,7 @@ public String payCart() {
             return LOGIN;
         }
 
-        retJson = appService.payOrder(appService.getUserCart(user.getId()));
+        retJson = appService.payCart(user);
         return SUCCESS;
     }
 

diff --git a/src/main/java/bookstore/action/ProfileAction.java b/src/main/java/bookstore/action/ProfileAction.java
@@ -1,13 +1,11 @@
 package bookstore.action;
 
-import java.util.ArrayList;
 import java.util.List;
 
 import bookstore.model.User;
 import bookstore.model.result.FailureMessage;
 import bookstore.model.result.SuccessMessage;
 import bookstore.service.AppService;
-import bookstore.util.PasswordUtil;
 import bookstore.util.StringUtil;
 import bookstore.util.Validator;
 
@@ -141,12 +139,7 @@ public String updateMyProfile() {
             return ERROR;
         }
 
-        user.setUsername(getUsername());
-        if (!getPassword().equals(""))
-            user.setPassword(PasswordUtil.passwordHash(getPassword()));
-        user.setNickname(getNickname());
-        user.setAvatar(getAvatar());
-        appService.updateUser(user);
+        appService.updateUser(user, getUsername(), getPassword(), getNickname(), getAvatar());
 
         retJson = new SuccessMessage();
         return SUCCESS;
@@ -182,14 +175,7 @@ public String updateMyAddress() {
             return ERROR;
         }
 
-        List<String> newAddresses = new ArrayList<String>();
-        for (String address: addressArray) {
-            String addr = address.trim();
-            if (!addr.isEmpty())
-                newAddresses.add(addr);
-        }
-
-        appService.updateUserAddress(user.getId(), newAddresses);
+        appService.updateUserAddress(user.getId(), addressArray);
 
         retJson = new SuccessMessage();
         return SUCCESS;

diff --git a/src/main/java/bookstore/action/UploadImageAction.java b/src/main/java/bookstore/action/UploadImageAction.java
@@ -1,14 +1,11 @@
 package bookstore.action;
 
 import java.io.File;
-import java.util.concurrent.ThreadLocalRandom;
-
-import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.FilenameUtils;
 
 import bookstore.model.result.FailureMessage;
 import bookstore.model.result.SuccessMessage;
-import bookstore.util.HashUtil;
+import bookstore.service.AppService;
 
 public class UploadImageAction extends BaseAction {
 
@@ -17,10 +14,12 @@ public class UploadImageAction extends BaseAction {
     private File file;
     private String filename;
 
-    private String uploadPath = "img/upload/";
+    private final static String uploadPath = "img/upload/";
 
     private Object retJson;
 
+    private AppService appService;
+
     // Getters and setters
 
     public void setImage(File file) {
@@ -39,6 +38,13 @@ public void setRetJson(Object retJson) {
         this.retJson = retJson;
     }
 
+    public AppService getAppService() {
+        return appService;
+    }
+
+    public void setAppService(AppService appService) {
+        this.appService = appService;
+    }
 
     // Actions
 
@@ -49,21 +55,17 @@ public String execute() {
             return LOGIN;
         }
 
-        try {
-            String uploadDir = FilenameUtils.concat(application().getRealPath("/"), uploadPath);
-            String newName = HashUtil.sha1File(file) + "_"
-                + Long.toString(System.currentTimeMillis()) + "_"
-                + Integer.toString(ThreadLocalRandom.current().nextInt(1, 1001)) + "."
-                + FilenameUtils.getExtension(filename);
-            File newFile = new File(uploadDir, newName);
-            FileUtils.copyFile(file, newFile);
-            retJson = new SuccessMessage(newName);
-            return SUCCESS;
-        }
-        catch (Exception e) {
+        String newFilename = appService.uploadImage(FilenameUtils.concat(application().getRealPath("/"), uploadPath),
+                file, filename);
+
+        if (newFilename.isEmpty()) {
             retJson = new FailureMessage("上传失败！请检查文件大小和格式。");
             return ERROR;
         }
+
+        retJson = new SuccessMessage(newFilename);
+        return SUCCESS;
+
     }
 
 }
diff --git a/src/main/java/bookstore/service/AppService.java b/src/main/java/bookstore/service/AppService.java
@@ -1,5 +1,6 @@
 package bookstore.service;
 
+import java.io.File;
 import java.util.List;
 
 import bookstore.model.Book;
@@ -25,10 +26,12 @@ public interface AppService {
 
     public BookDetail getBookDetailById(int id, boolean isAdmin);
 
-    public Integer addBook(Book book);
+    public Integer addBook(String name, String image, String author, String press, String price, String stock, String description);
 
     public void updateBook(Book book);
 
+    public void updateBook(Book book, String name, String image, String author, String press, String price, String stock, String description);
+
     public void deleteBook(Book book);
 
 
@@ -39,9 +42,9 @@ public interface AppService {
 
     public Category getCategoryById(int id);
 
-    public Integer addCategory(Category category);
+    public Integer addCategory(String name);
 
-    public void updateCategory(Category category);
+    public void updateCategory(Category category, String name);
 
     public void deleteCategory(Category category);
 
@@ -55,7 +58,7 @@ public interface AppService {
 
     public BookCategory findBC(int categoryId, int bookId);
 
-    public Integer addBC(BookCategory bc);
+    public Integer addBC(int categoryId, int bookId);
 
     public void deleteBC(BookCategory bc);
 
@@ -80,6 +83,8 @@ public interface AppService {
 
     public Object payOrder(Order order);
 
+    public Object payCart(User user);
+
     public void deleteOrder(Order order);
 
 
@@ -100,9 +105,13 @@ public interface AppService {
     public OrderItem getOrderItemById(int id);
 
     public Integer addOrderItem(OrderItem orderItem);
+
+    public void addItemToCart(User user, int bookId, int quantity);
 
     public void updateOrderItem(OrderItem orderItem);
 
+    public void updateOrderItem(OrderItem orderItem, int quantity);
+
     public void deleteOrderItem(OrderItem orderItem);
 
 
@@ -119,9 +128,13 @@ public interface AppService {
 
     public boolean usernameExists(String username);
 
-    public Integer addUser(User user);
+    public Integer addUser(String username, String password, String nickname, String avatar, String balance, String role);
 
     public void updateUser(User user);
+
+    public void updateUser(User user, String username, String password, String nickname, String avatar);
+
+    public void updateUser(User user, String username, String password, String nickname, String avatar, String balance, String role);
 
     public void deleteUser(User user);
 
@@ -137,5 +150,10 @@ public interface AppService {
     public List<Integer> statBook(int bookId, String startDate, String endDate);
 
     public List<Integer> statUser(String username, String startDate, String endDate);
+
+
+    // Upload Image
+
+    public String uploadImage(String path, File file, String filename);
 
 }