通过缓存 Request 校验规则来大幅提升增删改等非开放请求的性能；解决 关闭权限验证情况下批量新增、批量修改依然会验证权限 Tencent#164

TommyLemon · TommyLemon · commit 22ed7cc9e801 · 2020-12-26T19:41:51.000+08:00
diff --git a/APIJSONORM/src/main/java/apijson/orm/AbstractObjectParser.java b/APIJSONORM/src/main/java/apijson/orm/AbstractObjectParser.java
@@ -568,6 +568,8 @@ public void onTableArrayParse(String key, JSONArray value) throws Exception {
 		int maxUpdateCount = parser.getMaxUpdateCount();
 
 		String idKey = parser.createSQLConfig().getIdKey(); //Table[]: [{}] arrayConfig 为 null
+		boolean isNeedVerifyContent = parser.isNeedVerifyContent();
+		
 		for (int i = 0; i < valueArray.size(); i++) { //只要有一条失败，则抛出异常，全部失败
 			//TODO 改成一条多 VALUES 的 SQL 性能更高，报错也更会更好处理，更人性化
 			JSONObject item;
@@ -580,13 +582,13 @@ public void onTableArrayParse(String key, JSONArray value) throws Exception {
 			JSONRequest req = new JSONRequest(childKey, item);
 
 			//parser.getMaxSQLCount() ? 可能恶意调用接口，把数据库拖死
-			JSONObject result = (JSONObject) onChildParse(0, "" + i, parser.parseCorrectRequest(method, childKey, version, "", req, maxUpdateCount, parser));
+			JSONObject result = (JSONObject) onChildParse(0, "" + i, isNeedVerifyContent == false ? req : parser.parseCorrectRequest(method, childKey, version, "", req, maxUpdateCount, parser));
 			result = result.getJSONObject(childKey);
 			//
 			boolean success = JSONResponse.isSuccess(result);
 			int count = result == null ? null : result.getIntValue(JSONResponse.KEY_COUNT);
 
-			if (success == false || count != 1) { //如果 code = 200 但 count != 1，不能算成功，掩盖了错误为不好排查问题
+			if (success == false || count != 1) { //如果 code = 200 但 count != 1，不能算成功，掩盖了错误不好排查问题
 				throw new ServerException("批量新增/修改失败！" + key + "/" +  i + "：" + (success ? "成功但 count != 1 ！" : (result == null ? "null" : result.getString(JSONResponse.KEY_MSG))));
 			}
 
diff --git a/APIJSONORM/src/main/java/apijson/orm/AbstractParser.java b/APIJSONORM/src/main/java/apijson/orm/AbstractParser.java
@@ -14,12 +14,15 @@
 import java.sql.Savepoint;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Comparator;
 import java.util.HashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
+import java.util.SortedMap;
+import java.util.TreeMap;
 import java.util.concurrent.TimeoutException;
 
 import javax.activation.UnsupportedDataTypeException;
@@ -472,7 +475,7 @@ public JSONObject parseCorrectRequest(RequestMethod method, String tag, int vers
 		JSONObject object = null;
 		String error = "";
 		try {
-			object = getStructure("Request", JSONRequest.KEY_TAG, tag, version);
+			object = getStructure("Request", method.name(), tag, version);
 		} catch (Exception e) {
 			error = e.getMessage();
 		}
@@ -665,34 +668,91 @@ public JSONObject parseCorrectResponse(String table, JSONObject response) throws
 
 	/**获取Request或Response内指定JSON结构
 	 * @param table
-	 * @param key
-	 * @param value
+	 * @param method
+	 * @param tag
 	 * @param version
 	 * @return
 	 * @throws Exception
 	 */
 	@Override
-	public JSONObject getStructure(@NotNull String table, String key, String value, int version) throws Exception  {
-		//获取指定的JSON结构 <<<<<<<<<<<<<<
-		SQLConfig config = createSQLConfig().setMethod(GET).setTable(table);
-		config.setPrepared(false);
-		config.setColumn(Arrays.asList("structure"));
-
-		Map<String, Object> where = new HashMap<String, Object>();
-		where.put("method", requestMethod.name());
-		if (key != null) {
-			where.put(key, value);
-		}
-		if (version > 0) {
-			where.put(JSONRequest.KEY_VERSION + "{}", ">=" + version);
-		}
-		config.setWhere(where);
-		config.setOrder(JSONRequest.KEY_VERSION + (version > 0 ? "+" : "-"));
-		config.setCount(1);
-
-		//too many connections error: 不try-catch，可以让客户端看到是服务器内部异常
-		JSONObject result = getSQLExecutor().execute(config, false);
-		return getJSONObject(result, "structure");//解决返回值套了一层 "structure":{}
+	public JSONObject getStructure(@NotNull String table, String method, String tag, int version) throws Exception  {
+		// TODO 目前只使用 Request 而不使用 Response，所以这里写死用 REQUEST_MAP，以后可能 Response 表也会与 Request 表合并，用字段来区分
+		String cacheKey = AbstractVerifier.getCacheKeyForRequest(method, tag);
+		SortedMap<Integer, JSONObject> versionedMap = AbstractVerifier.REQUEST_MAP.get(cacheKey);
+		
+		JSONObject result = versionedMap == null ? null : versionedMap.get(Integer.valueOf(version));
+		if (result == null) {  // version <= 0 时使用最新，version > 0 时使用 > version 的最接近版本（最小版本）
+			Set<Entry<Integer, JSONObject>> set = versionedMap == null ? null : versionedMap.entrySet();
+			
+			if (set != null && set.isEmpty() == false) {
+				Entry<Integer, JSONObject> maxEntry = null;
+				
+				for (Entry<Integer, JSONObject> entry : set) {
+					if (entry == null || entry.getKey() == null || entry.getValue() == null) {
+						continue;
+					}
+
+					if (version <= 0 || version == entry.getKey()) {  // 这里应该不会出现相等，因为上面 versionedMap.get(Integer.valueOf(version))
+						maxEntry = entry;
+						break;
+					}
+
+					if (entry.getKey() < version) {
+						break;
+					}
+					
+					maxEntry = entry;
+				}
+				
+				result = maxEntry == null ? null : maxEntry.getValue();
+			}
+			
+			if (result != null) {  // 加快下次查询，查到值的话组合情况其实是有限的，不属于恶意请求
+				if (versionedMap == null) {
+					versionedMap = new TreeMap<>(new Comparator<Integer>() {
+
+						@Override
+						public int compare(Integer o1, Integer o2) {
+							return o2 == null ? -1 : o2.compareTo(o1);  // 降序
+						}
+					});
+				}
+				
+				versionedMap.put(Integer.valueOf(version), result);
+				AbstractVerifier.REQUEST_MAP.put(cacheKey, versionedMap);
+			}
+		}
+		
+		if (result == null) {
+			if (AbstractVerifier.REQUEST_MAP.isEmpty() == false) {
+				return null;  // 已使用 REQUEST_MAP 缓存全部，但没查到
+			}
+			
+			//获取指定的JSON结构 <<<<<<<<<<<<<<
+			SQLConfig config = createSQLConfig().setMethod(GET).setTable(table);
+			config.setPrepared(false);
+			config.setColumn(Arrays.asList("structure"));
+
+			Map<String, Object> where = new HashMap<String, Object>();
+			where.put("method", method);
+			where.put(JSONRequest.KEY_TAG, tag);
+			
+			if (version > 0) {
+				where.put(JSONRequest.KEY_VERSION + "{}", ">=" + version);
+			}
+			config.setWhere(where);
+			config.setOrder(JSONRequest.KEY_VERSION + (version > 0 ? "+" : "-"));
+			config.setCount(1);
+
+			//too many connections error: 不try-catch，可以让客户端看到是服务器内部异常
+			result = getSQLExecutor().execute(config, false);
+			
+			// version, method, tag 组合情况太多了，JDK 里又没有 LRUCache，所以要么启动时一次性缓存全部后面只用缓存，要么每次都查数据库
+			//			versionedMap.put(Integer.valueOf(version), result);
+			//			AbstractVerifier.REQUEST_MAP.put(cacheKey, versionedMap);
+		}
+		
+		return getJSONObject(result, "structure"); //解决返回值套了一层 "structure":{}
 	}
 
 
diff --git a/APIJSONORM/src/main/java/apijson/orm/AbstractVerifier.java b/APIJSONORM/src/main/java/apijson/orm/AbstractVerifier.java
@@ -34,11 +34,13 @@
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
+import java.util.SortedMap;
 import java.util.regex.Pattern;
 
 import javax.activation.UnsupportedDataTypeException;
@@ -83,9 +85,17 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
 
 	// <TableName, <METHOD, allowRoles>>
 	// <User, <GET, [OWNER, ADMIN]>>
+	@NotNull
 	public static final Map<String, Map<RequestMethod, RequestRole[]>> SYSTEM_ACCESS_MAP;
+	@NotNull
 	public static final Map<String, Map<RequestMethod, RequestRole[]>> ACCESS_MAP;
+	
+	// <method tag, <version, Request>>
+	// <PUT Comment, <1, { "method":"PUT", "tag":"Comment", "structure":{ "MUST":"id"... }... }>>
+	@NotNull
+	public static final Map<String, SortedMap<Integer, JSONObject>> REQUEST_MAP;
 
+	@NotNull
 	public static final Map<String, Pattern> COMPILE_MAP;
 	static {
 		SYSTEM_ACCESS_MAP = new HashMap<String, Map<RequestMethod, RequestRole[]>>();
@@ -110,6 +120,8 @@ public abstract class AbstractVerifier<T> implements Verifier<T>, IdCallback {
 		}
 
 		ACCESS_MAP = new HashMap<>(SYSTEM_ACCESS_MAP);
+		
+		REQUEST_MAP = new HashMap<>(ACCESS_MAP.size()*6);  // 单个与批量增删改
 
 		COMPILE_MAP = new HashMap<String, Pattern>();
 	}
@@ -689,7 +701,7 @@ public static JSONObject verifyResponse(@NotNull final RequestMethod method, fin
 				+ "\n response = \n" + JSON.toJSONString(response));
 
 		if (target == null || response == null) {// || target.isEmpty() {
-			Log.i(TAG, "verifyRequest  target == null || response == null >> return response;");
+			Log.i(TAG, "verifyResponse  target == null || response == null >> return response;");
 			return response;
 		}
 
@@ -1424,5 +1436,9 @@ public static void verifyRepeat(String table, String key, Object value, long exc
 		}
 	}
 
+	public static String getCacheKeyForRequest(String method, String tag) {
+		return method + " " + tag;
+	}
+	
 
 }
diff --git a/APIJSONORM/src/main/java/apijson/orm/Parser.java b/APIJSONORM/src/main/java/apijson/orm/Parser.java
@@ -74,7 +74,7 @@ JSONObject parseCorrectRequest(RequestMethod method, String tag, int version, St
 	
 	JSONObject parseCorrectResponse(String table, JSONObject response) throws Exception;
 
-	JSONObject getStructure(String table, String key, String value, int version) throws Exception;
+	JSONObject getStructure(String table, String method, String tag, int version) throws Exception;
 
 
 

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ JSONObject parseCorrectRequest(RequestMethod method, String tag, int version, St`
`74`	`74`
`75`	`75`	`JSONObject parseCorrectResponse(String table, JSONObject response) throws Exception;`
`76`	`76`
`77`		`- JSONObject getStructure(String table, String key, String value, int version) throws Exception;`
	`77`	`+ JSONObject getStructure(String table, String method, String tag, int version) throws Exception;`
`78`	`78`
`79`	`79`
`80`	`80`