fix[litemall-admin-api]: 对于上传的request body中的json数据进行校验。

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdController.java

@@ -9,6 +9,7 @@ import org.linlinjava.litemall.db.domain.LitemallAd;
 import org.linlinjava.litemall.db.service.LitemallAdService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -47,11 +48,27 @@ public class AdminAdController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallAd ad) {
+        String name = ad.getName();
+        if(StringUtils.isEmpty(name)){
+            return ResponseUtil.badArgument();
+        }
+        String content = ad.getName();
+        if(StringUtils.isEmpty(content)){
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallAd ad){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(ad);
+        if(error != null){
+            return error;
+        }
         ad.setAddTime(LocalDateTime.now());
         adService.add(ad);
         return ResponseUtil.ok(ad);
@@ -72,7 +89,10 @@ public class AdminAdController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-
+        Object error = validate(ad);
+        if(error != null){
+            return error;
+        }
         if(adService.updateById(ad) == 0){
             return ResponseUtil.updatedDateExpired();
         }
@@ -85,7 +105,11 @@ public class AdminAdController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-        adService.deleteById(ad.getId());
+        Integer id = ad.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
+        adService.deleteById(id);
         return ResponseUtil.ok();
     }
 

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminAdminController.java

@@ -2,6 +2,7 @@ package org.linlinjava.litemall.admin.web;
 
 import org.linlinjava.litemall.admin.annotation.LoginAdmin;
 import org.linlinjava.litemall.admin.service.AdminTokenManager;
+import org.linlinjava.litemall.core.util.RegexUtil;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.linlinjava.litemall.core.util.bcrypt.BCryptPasswordEncoder;
 import org.linlinjava.litemall.core.validator.Order;
@@ -10,6 +11,7 @@ import org.linlinjava.litemall.db.domain.LitemallAdmin;
 import org.linlinjava.litemall.db.service.LitemallAdminService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.Assert;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -70,25 +72,38 @@ public class AdminAdminController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallAdmin admin) {
+        String name = admin.getUsername();
+        if(StringUtils.isEmpty(name)){
+            return ResponseUtil.badArgument();
+        }
+        if(RegexUtil.isUsername(name)){
+            return ResponseUtil.fail(402, "管理员名称不符合规定");
+        }
+        String password = admin.getPassword();
+        if(StringUtils.isEmpty(password) || password.length() < 6){
+            return ResponseUtil.fail(402, "管理员密码长度不能小于6");
+        }
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallAdmin admin){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(admin);
+        if(error != null){
+            return error;
+        }
 
         String username = admin.getUsername();
-        if(username == null){
-            return ResponseUtil.badArgument();
-        }
         List<LitemallAdmin> adminList = adminService.findAdmin(username);
         if(adminList.size() > 0){
             return ResponseUtil.fail(402, "管理员已经存在");
         }
 
         String rawPassword = admin.getPassword();
-        if(rawPassword == null || rawPassword.length() < 6){
-            return ResponseUtil.fail(402, "管理员密码长度不能小于6");
-        }
         BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
         String encodedPassword = encoder.encode(rawPassword);
         admin.setPassword(encodedPassword);
@@ -113,8 +128,17 @@ public class AdminAdminController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(admin);
+        if(error != null){
+            return error;
+        }
 
         Integer anotherAdminId = admin.getId();
+        if(anotherAdminId == null){
+            return ResponseUtil.badArgument();
+        }
+        // TODO 这里开发者需要删除以下检验代码
+        // 目前这里不允许修改超级管理员是防止演示平台上他人修改管理员密码而导致登录失败
         if(anotherAdminId == 1){
             return ResponseUtil.fail(403, "超级管理员不能修改");
         }
@@ -138,9 +162,15 @@ public class AdminAdminController {
         }
 
         Integer anotherAdminId = admin.getId();
+        if(anotherAdminId == null){
+            return ResponseUtil.badArgument();
+        }
+        // TODO 这里开发者需要删除以下检验代码
+        // 目前这里不允许删除超级管理员是防止演示平台上他人删除管理员账号而导致登录失败
         if(anotherAdminId == 1){
             return ResponseUtil.fail(403, "超级管理员不能删除");
         }
+
         adminService.deleteById(anotherAdminId);
         return ResponseUtil.ok();
     }

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminBrandController.java

@@ -9,10 +9,12 @@ import org.linlinjava.litemall.db.domain.LitemallBrand;
 import org.linlinjava.litemall.db.service.LitemallBrandService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.constraints.NotNull;
+import java.math.BigDecimal;
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.List;
@@ -47,11 +49,34 @@ public class AdminBrandController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallBrand brand) {
+        String name = brand.getName();
+        if(StringUtils.isEmpty(name)){
+            return ResponseUtil.badArgument();
+        }
+
+        String desc = brand.getDesc();
+        if(StringUtils.isEmpty(desc)){
+            return ResponseUtil.badArgument();
+        }
+
+        BigDecimal price = brand.getFloorPrice();
+        if(price == null){
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallBrand brand){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(brand);
+        if(error != null){
+            return error;
+        }
+
         brand.setAddTime(LocalDateTime.now());
         brandService.add(brand);
         return ResponseUtil.ok(brand);
@@ -72,6 +97,10 @@ public class AdminBrandController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(brand);
+        if(error != null){
+            return error;
+        }
         if(brandService.updateById(brand) == 0){
             return ResponseUtil.updatedDateExpired();
         }
@@ -83,7 +112,11 @@ public class AdminBrandController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-        brandService.deleteById(brand.getId());
+        Integer id = brand.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
+        brandService.deleteById(id);
         return ResponseUtil.ok();
     }
 

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCategoryController.java

@@ -10,6 +10,7 @@ import org.linlinjava.litemall.db.domain.LitemallCategory;
 import org.linlinjava.litemall.db.service.LitemallCategoryService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -49,11 +50,37 @@ public class AdminCategoryController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallCategory category) {
+        String name = category.getName();
+        if(StringUtils.isEmpty(name)){
+            return ResponseUtil.badArgument();
+        }
+
+        String level = category.getLevel();
+        if(StringUtils.isEmpty(level)){
+            return ResponseUtil.badArgument();
+        }
+        if(!level.equals("L1") && !level.equals("L2")){
+            return ResponseUtil.badArgumentValue();
+        }
+
+        Integer pid = category.getPid();
+        if(pid == null){
+            return ResponseUtil.badArgument();
+        }
+
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallCategory category){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(category);
+        if(error != null){
+            return error;
+        }
         category.setAddTime(LocalDateTime.now());
         categoryService.add(category);
         return ResponseUtil.ok();
@@ -74,6 +101,11 @@ public class AdminCategoryController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(category);
+        if(error != null){
+            return error;
+        }
+
         if(categoryService.updateById(category) == 0){
             return ResponseUtil.updatedDateExpired();
         }
@@ -85,7 +117,11 @@ public class AdminCategoryController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-        categoryService.deleteById(category.getId());
+        Integer id = category.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
+        categoryService.deleteById(id);
         return ResponseUtil.ok();
     }
 

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminCommentController.java

@@ -52,7 +52,11 @@ public class AdminCommentController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-        commentService.deleteById(comment.getId());
+        Integer id = comment.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
+        commentService.deleteById(id);
         return ResponseUtil.ok();
     }
 

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGoodsController.java

@@ -21,6 +21,7 @@ import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.constraints.NotNull;
+import java.math.BigDecimal;
 import java.time.LocalDateTime;
 import java.util.*;
 
@@ -69,6 +70,76 @@ public class AdminGoodsController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(GoodsAllinone goodsAllinone) {
+        LitemallGoods goods = goodsAllinone.getGoods();
+        String name = goods.getName();
+        if(StringUtils.isEmpty(name)){
+            return ResponseUtil.badArgument();
+        }
+        String goodsSn = goods.getGoodsSn();
+        if(StringUtils.isEmpty(goodsSn)){
+            return ResponseUtil.badArgument();
+        }
+        Integer brandId = goods.getBrandId();
+        if(brandId == null){
+            return ResponseUtil.badArgument();
+        }
+        if(brandService.findById(brandId) == null) {
+            return ResponseUtil.badArgumentValue();
+        }
+        Integer categoryId = goods.getCategoryId();
+        if(categoryId == null){
+            return ResponseUtil.badArgument();
+        }
+        if(categoryService.findById(categoryId) == null){
+            return ResponseUtil.badArgumentValue();
+        }
+
+        LitemallGoodsAttribute[] attributes = goodsAllinone.getAttributes();
+        for(LitemallGoodsAttribute attribute : attributes){
+            String attr = attribute.getAttribute();
+            if(StringUtils.isEmpty(attr)){
+                return ResponseUtil.badArgument();
+            }
+            String value = attribute.getValue();
+            if(StringUtils.isEmpty(value)){
+                return ResponseUtil.badArgument();
+            }
+        }
+
+        LitemallGoodsSpecification[] specifications = goodsAllinone.getSpecifications();
+        for(LitemallGoodsSpecification specification : specifications){
+            String spec = specification.getSpecification();
+            if(StringUtils.isEmpty(spec)){
+                return ResponseUtil.badArgument();
+            }
+            String value = specification.getValue();
+            if(StringUtils.isEmpty(value)){
+                return ResponseUtil.badArgument();
+            }
+        }
+
+        LitemallProduct[] products = goodsAllinone.getProducts();
+        for(LitemallProduct product : products){
+            Integer number = product.getNumber();
+            if(number == null || number < 0){
+                return ResponseUtil.badArgument();
+            }
+
+            BigDecimal price = product.getPrice();
+            if(price == null){
+                return ResponseUtil.badArgument();
+            }
+
+            String[] productSpecifications = product.getSpecifications();
+            if(productSpecifications.length == 0){
+                return ResponseUtil.badArgument();
+            }
+        }
+
+        return null;
+    }
+
     /*
      * TODO
      * 目前商品修改的逻辑是
@@ -86,6 +157,11 @@ public class AdminGoodsController {
             return ResponseUtil.unlogin();
         }
 
+        Object error = validate(goodsAllinone);
+        if(error != null){
+            return error;
+        }
+
         LitemallGoods goods = goodsAllinone.getGoods();
         LitemallGoodsAttribute[] attributes = goodsAllinone.getAttributes();
         LitemallGoodsSpecification[] specifications = goodsAllinone.getSpecifications();
@@ -148,6 +224,10 @@ public class AdminGoodsController {
         if (adminId == null) {
             return ResponseUtil.unlogin();
         }
+        Integer id = goods.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
 
         // 开启事务管理
         DefaultTransactionDefinition def = new DefaultTransactionDefinition();
@@ -175,6 +255,11 @@ public class AdminGoodsController {
             return ResponseUtil.unlogin();
         }
 
+        Object error = validate(goodsAllinone);
+        if(error != null){
+            return error;
+        }
+
         LitemallGoods goods = goodsAllinone.getGoods();
         LitemallGoodsAttribute[] attributes = goodsAllinone.getAttributes();
         LitemallGoodsSpecification[] specifications = goodsAllinone.getSpecifications();

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminGrouponController.java

@@ -94,36 +94,45 @@ public class AdminGrouponController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallGrouponRules grouponRules) {
+        Integer goodsId = grouponRules.getGoodsId();
+        if(goodsId == null){
+            return ResponseUtil.badArgument();
+        }
+        BigDecimal discount = grouponRules.getDiscount();
+        if(discount == null){
+            return ResponseUtil.badArgument();
+        }
+        Integer discountMember = grouponRules.getDiscountMember();
+        if(discountMember == null){
+            return ResponseUtil.badArgument();
+        }
+        LocalDateTime expireTime = grouponRules.getExpireTime();
+        if(expireTime == null){
+            return ResponseUtil.badArgument();
+        }
+
+        return null;
+    }
+
     @PostMapping("/update")
-    public Object update(@LoginAdmin Integer adminId, @RequestBody String grouponRulesBody) {
+    public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) {
         if (adminId == null) {
             return ResponseUtil.unlogin();
         }
 
-        Integer id = JacksonUtil.parseInteger(grouponRulesBody, "id");
-        Integer goodsId = JacksonUtil.parseInteger(grouponRulesBody, "goodsId");
-        String discount = JacksonUtil.parseString(grouponRulesBody, "discount");
-        Integer discountMember = JacksonUtil.parseInteger(grouponRulesBody, "discountMember");
-        String expireTimeString = JacksonUtil.parseString(grouponRulesBody, "expireTime");
-
-        DateTimeFormatter df = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
-        LocalDateTime expireTime = LocalDateTime.parse(expireTimeString, df);
+        Object error = validate(grouponRules);
+        if(error != null){
+            return error;
+        }
 
+        Integer goodsId = grouponRules.getGoodsId();
         LitemallGoods goods = goodsService.findById(goodsId);
         if (goods == null) {
             return ResponseUtil.badArgumentValue();
         }
 
-        LitemallGrouponRules grouponRules = rulesService.queryById(id);
-        if (grouponRules == null) {
-            return ResponseUtil.badArgumentValue();
-        }
-
-        grouponRules.setGoodsId(goodsId);
-        grouponRules.setDiscount(new BigDecimal(discount));
-        grouponRules.setDiscountMember(discountMember);
         grouponRules.setGoodsName(goods.getName());
-        grouponRules.setExpireTime(expireTime);
         grouponRules.setPicUrl(goods.getPicUrl());
 
         if(rulesService.updateById(grouponRules) == 0){
@@ -135,31 +144,24 @@ public class AdminGrouponController {
 
 
     @PostMapping("/create")
-    public Object create(@LoginAdmin Integer adminId, @RequestBody String grouponRulesBody) {
+    public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) {
         if (adminId == null) {
             return ResponseUtil.unlogin();
         }
 
-        Integer goodsId = JacksonUtil.parseInteger(grouponRulesBody, "goodsId");
-        String discount = JacksonUtil.parseString(grouponRulesBody, "discount");
-        Integer discountMember = JacksonUtil.parseInteger(grouponRulesBody, "discountMember");
-        String expireTimeString = JacksonUtil.parseString(grouponRulesBody, "expireTime");
-
-        DateTimeFormatter df = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
-        LocalDateTime expireTime = LocalDateTime.parse(expireTimeString, df);
+        Object error = validate(grouponRules);
+        if(error != null){
+            return error;
+        }
 
+        Integer goodsId = grouponRules.getGoodsId();
         LitemallGoods goods = goodsService.findById(goodsId);
         if (goods == null) {
             return ResponseUtil.badArgumentValue();
         }
 
-        LitemallGrouponRules grouponRules = new LitemallGrouponRules();
-        grouponRules.setGoodsId(goodsId);
-        grouponRules.setDiscount(new BigDecimal(discount));
-        grouponRules.setDiscountMember(discountMember);
         grouponRules.setAddTime(LocalDateTime.now());
         grouponRules.setGoodsName(goods.getName());
-        grouponRules.setExpireTime(expireTime);
         grouponRules.setPicUrl(goods.getPicUrl());
 
         rulesService.createRules(grouponRules);
@@ -169,12 +171,15 @@ public class AdminGrouponController {
 
 
     @PostMapping("/delete")
-    public Object delete(@LoginAdmin Integer adminId, @RequestBody String body) {
+    public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallGrouponRules grouponRules) {
         if (adminId == null) {
             return ResponseUtil.unlogin();
         }
 
-        Integer id = JacksonUtil.parseInteger(body, "id");
+        Integer id = grouponRules.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
 
         rulesService.delete(id);
         return ResponseUtil.ok();

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminIssueController.java

@@ -9,6 +9,7 @@ import org.linlinjava.litemall.db.domain.LitemallIssue;
 import org.linlinjava.litemall.db.service.LitemallIssueService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -47,11 +48,27 @@ public class AdminIssueController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallIssue issue) {
+        String question = issue.getQuestion();
+        if(StringUtils.isEmpty(question)){
+            return ResponseUtil.badArgument();
+        }
+        String answer = issue.getAnswer();
+        if(StringUtils.isEmpty(answer)){
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallIssue issue){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(issue);
+        if(error != null){
+            return error;
+        }
         issue.setAddTime(LocalDateTime.now());
         issueService.add(issue);
         return ResponseUtil.ok(issue);
@@ -72,6 +89,10 @@ public class AdminIssueController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(issue);
+        if(error != null){
+            return error;
+        }
         if(issueService.updateById(issue) == 0){
             return ResponseUtil.updatedDateExpired();
         }
@@ -84,7 +105,11 @@ public class AdminIssueController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-        issueService.deleteById(issue.getId());
+        Integer id = issue.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
+        issueService.deleteById(id);
         return ResponseUtil.ok();
     }
 

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminKeywordController.java

@@ -9,6 +9,7 @@ import org.linlinjava.litemall.db.domain.LitemallKeyword;
 import org.linlinjava.litemall.db.service.LitemallKeywordService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
@@ -47,11 +48,27 @@ public class AdminKeywordController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallKeyword keywords) {
+        String keyword = keywords.getKeyword();
+        if (StringUtils.isEmpty(keyword)) {
+            return ResponseUtil.badArgument();
+        }
+        String url = keywords.getUrl();
+        if (StringUtils.isEmpty(url)) {
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keywords){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(keywords);
+        if(error != null){
+            return error;
+        }
         keywords.setAddTime(LocalDateTime.now());
         keywordService.add(keywords);
         return ResponseUtil.ok(keywords);
@@ -72,6 +89,10 @@ public class AdminKeywordController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(keywords);
+        if(error != null){
+            return error;
+        }
         if(keywordService.updateById(keywords) == 0){
             return ResponseUtil.updatedDateExpired();
         }
@@ -79,11 +100,15 @@ public class AdminKeywordController {
     }
 
     @PostMapping("/delete")
-    public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword brand){
+    public Object delete(@LoginAdmin Integer adminId, @RequestBody LitemallKeyword keyword){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
-        keywordService.deleteById(brand.getId());
+        Integer id = keyword.getId();
+        if(id == null){
+            return ResponseUtil.badArgument();
+        }
+        keywordService.deleteById(id);
         return ResponseUtil.ok();
     }
 

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminRegionController.java

@@ -15,6 +15,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+import javax.validation.constraints.NotNull;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -29,9 +30,9 @@ public class AdminRegionController {
     private LitemallRegionService regionService;
 
     @GetMapping("/clist")
-    public Object clist(@LoginAdmin Integer adminId, Integer id) {
-        if (id == null) {
-            return ResponseUtil.badArgument();
+    public Object clist(@LoginAdmin Integer adminId, @NotNull Integer id) {
+        if(adminId == null){
+            return ResponseUtil.unlogin();
         }
 
         List<LitemallRegion> regionList = regionService.queryByPid(id);

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java

@@ -8,6 +8,7 @@ import org.linlinjava.litemall.core.validator.Sort;
 import org.linlinjava.litemall.db.domain.LitemallStorage;
 import org.linlinjava.litemall.db.service.LitemallStorageService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.multipart.MultipartFile;
@@ -84,8 +85,12 @@ public class AdminStorageController {
         if (adminId == null) {
             return ResponseUtil.unlogin();
         }
-        litemallStorageService.deleteByKey(litemallStorage.getKey());
-        storageService.delete(litemallStorage.getKey());
+        String key = litemallStorage.getKey();
+        if(StringUtils.isEmpty(key)){
+            return ResponseUtil.badArgument();
+        }
+        litemallStorageService.deleteByKey(key);
+        storageService.delete(key);
         return ResponseUtil.ok();
     }
 }

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminTopicController.java

@@ -9,10 +9,12 @@ import org.linlinjava.litemall.db.domain.LitemallTopic;
 import org.linlinjava.litemall.db.service.LitemallTopicService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.constraints.NotNull;
+import java.math.BigDecimal;
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.List;
@@ -47,11 +49,31 @@ public class AdminTopicController {
         return ResponseUtil.ok(data);
     }
 
+    private Object validate(LitemallTopic topic) {
+        String title = topic.getTitle();
+        if (StringUtils.isEmpty(title)) {
+            return ResponseUtil.badArgument();
+        }
+        String content = topic.getContent();
+        if (StringUtils.isEmpty(content)) {
+            return ResponseUtil.badArgument();
+        }
+        BigDecimal price = topic.getPrice();
+        if (price == null) {
+            return ResponseUtil.badArgument();
+        }
+        return null;
+    }
+
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallTopic topic){
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(topic);
+        if(error != null){
+            return error;
+        }
         topic.setAddTime(LocalDateTime.now());
         topicService.add(topic);
         return ResponseUtil.ok(topic);
@@ -72,6 +94,10 @@ public class AdminTopicController {
         if(adminId == null){
             return ResponseUtil.unlogin();
         }
+        Object error = validate(topic);
+        if(error != null){
+            return error;
+        }
         if(topicService.updateById(topic) == 0){
             return ResponseUtil.updatedDateExpired();
         }

litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminUserController.java

@@ -12,9 +12,11 @@ import org.linlinjava.litemall.db.domain.LitemallUser;
 import org.linlinjava.litemall.db.service.LitemallUserService;
 import org.linlinjava.litemall.core.util.ResponseUtil;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import javax.validation.constraints.NotEmpty;
 import java.time.LocalDateTime;
 import java.util.HashMap;
 import java.util.List;
@@ -49,9 +51,9 @@ public class AdminUserController {
     }
 
     @GetMapping("/username")
-    public Object username(String username){
-        if(StringUtil.isEmpty(username)){
-            return ResponseUtil.badArgument();
+    public Object username(@LoginAdmin Integer adminId, @NotEmpty String username){
+        if(adminId == null){
+            return ResponseUtil.unlogin();
         }
 
         int total = userService.countSeletive(username, null, null, null, null, null);
@@ -61,11 +63,37 @@ public class AdminUserController {
         return ResponseUtil.ok("已存在");
     }
 
+    private Object validate(LitemallUser user) {
+        String username = user.getUsername();
+        if(StringUtils.isEmpty(user)){
+            return ResponseUtil.badArgument();
+        }
+        if(RegexUtil.isUsername(username)){
+            return ResponseUtil.fail(402, "用户名不符合规定");
+        }
+        String password = user.getPassword();
+        if(StringUtils.isEmpty(password) || password.length() < 6){
+            return ResponseUtil.fail(402, "用户密码长度不能小于6");
+        }
+        String mobile = user.getMobile();
+        if(StringUtils.isEmpty(mobile)){
+            return ResponseUtil.badArgument();
+        }
+        if(RegexUtil.isMobileExact(mobile)){
+            return ResponseUtil.fail(402, "用户手机号码格式不正确");
+        }
+        return null;
+    }
 
     @PostMapping("/create")
     public Object create(@LoginAdmin Integer adminId, @RequestBody LitemallUser user){
-        logger.debug(user);
-
+        if(adminId == null){
+            return ResponseUtil.unlogin();
+        }
+        Object error = validate(user);
+        if(error != null){
+            return error;
+        }
         String username = user.getUsername();
         String mobile = user.getMobile();
         List<LitemallUser> userList = userService.queryByUsername(username);
@@ -92,8 +120,13 @@ public class AdminUserController {
 
     @PostMapping("/update")
     public Object update(@LoginAdmin Integer adminId, @RequestBody LitemallUser user){
-        logger.debug(user);
-
+        if(adminId == null){
+            return ResponseUtil.unlogin();
+        }
+        Object error = validate(user);
+        if(error != null){
+            return error;
+        }
         // 用户密码加密存储
         String password = user.getPassword();
         BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();