package com.qs.serve.common.util;

import lombok.extern.slf4j.Slf4j;
import org.springframework.util.StringUtils;

import java.sql.*;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * 原生JDBC工具类
 * @Author JcYen
 * @Date 2021/6/4
 */
@Slf4j
public class JdbcUtil {

    private static final String[] FILTER_WORD = new String[]{"truncate","create","alter","eval","delete","sp_password"};

    /**
     * 执行SQL（为安全，拦截delete语句）
     * @param username
     * @param password
     * @param url
     * @param driverName
     * @param sql
     * @return
     */
    public static List<Map<String,Object>> query(String username, String password, String url, String driverName, String sql) {
        //检查SQL，防止SQL执行DDL语句
        doSqlFilter(sql);
        List<Map<String,Object>> list = new ArrayList();
        Connection conn = null;
        Statement stmt = null;
        ResultSet rs = null;
        try {
            Class.forName(driverName);
            conn = DriverManager.getConnection(url, username, password);
            stmt = conn.createStatement();
            log.debug("JDBC工具类 Preparing SQL: {}",url);
            rs = stmt.executeQuery(sql);
            ResultSetMetaData md = rs.getMetaData();
            int columnCount = md.getColumnCount();
            while (rs.next()) {
                Map<String,Object> rowData = new HashMap<>();
                for (int i = 1; i <= columnCount; i++) {
                    rowData.put(md.getColumnName(i), rs.getObject(i));
                }
                list.add(rowData);
            }
        } catch (ClassNotFoundException e) {
            log.warn(e.getMessage());
        } catch (SQLException throwables) {
            log.error(throwables.getMessage());
        }finally {
            if(rs!=null){
                try {
                    rs.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if (stmt!=null){
                try {
                    stmt.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            if(conn!=null){
                try {
                    conn.close();
                } catch (SQLException e) {
                    e.printStackTrace();
                }
            }
            rs = null;
            stmt = null;
            conn = null;
        }
        return list;
    }

    private static void doSqlFilter(String sql){
        boolean unsafe = false;
        String[] parts = sql.split(" ");
        for (String part : parts) {
            if(unsafe){ break; }
            if(StringUtils.isEmpty(part)){
                continue;
            }
            part = part.trim();
            for (String filterWord : FILTER_WORD) {
                if(part.equalsIgnoreCase(filterWord)){
                    unsafe = true;
                    break;
                }
            }
        }
        if(unsafe){
            //AssertUtil.("非法SQL被拦截 ==> "+sql);
        }
    }

}