What's new in EzyPlatform 1.2.3?
This release introduces CronExpression into the common SDK, modernizes the workflow architecture, expands workflow-schema capabilities, and strengthens validation for return URLs and user input.
-
Added CronExpression to the common SDKIntroduced
CronExpressionfor parsing and processing both 5-field and 6-field cron expressions. Supported syntax includes*, single values, ranges, steps, range-step combinations, and comma-separated lists. The class providesnextTimeOf(...)methods to calculate the next execution time and can generate human-readable descriptions such asevery 5 minutesorat 08:00, every weekday. If no valid execution time can be found within four years, the methods returnnullor-1. -
Modernized workflow architectureThe workflow API has been simplified by replacing the legacy
WorkflowHandlerpattern based onhandle(Map input, Map output)with the new generic modelWorkflowHandler<T, R>using the methodR handle(T input). AddedgetPriority()to allow multiple handlers with the same name to be resolved according to priority. A newWorkflowHandlerManagerwas also introduced to manage workflow handlers, schema fetchers, and registered workflow definitions. -
Added workflow-handler schema supportIntroduced
WorkflowHandlerSchemacontainingargumentSchema,resultSchema,description, andproperties. AddedWorkflowHandlerSchemaFetcherto separate workflow schema definitions from workflow execution logic, making documentation, tooling, and integrations easier to maintain. -
Enhanced workflow management with WorkflowHandlerManager
WorkflowHandlerManagersupports retrieving handlers by name, listing registered workflow names in sorted order, retrieving schema fetchers by workflow name, and accessing all registered schema fetchers. The manager uses lazy initialization when scanningEzySingletonFactory, reducing startup overhead and improving runtime efficiency. -
Strengthened return-URL validation and securityAdded
DefaultValidator.isValidReturnUrlto reduce the risk of open redirects and header-injection attacks. The validator rejects empty URLs, URLs containing control characters, protocol-relative URLs such as//evil.com, and encoded slash/backslash patterns such as/%2fand/%5c. Only absolute URLs usinghttporhttps, with a valid host and without user-info or fragments, are accepted. -
Improved SQL-injection detection and validator utilitiesThe validator now detects additional SQL-comment patterns including
/*,*/, and#, in addition to--. SQL-injection detection logic was also refined, replacing parenthesis-based checks with single-quote validation to improve detection accuracy. Additionally,normalizeHostwas made public for reuse by other components. -
Simplified admin-role and user-role validation
validateUserRoleNamenow returns aUserRoleNameModeland automatically handles missing-role scenarios. Role-deletion APIs and user-by-role queries now reuse the validator directly to avoid duplicated lookup and not-found logic. Validation of role-name collections no longer performs SQL-injection checks, focusing only on blank-value and existence validation. -
Additional improvements and breaking changes
Numbers.toLongOrZeroFromObject(null)now consistently returns0L.AdminEzyPlatformBackupWriternow usesString.isEmpty()when filtering empty lines. In addition, the legacyWorkflowandWorkflowManagercomponents have been removed, andAdminWorkflowManagerhas been renamed toAdminWorkflowHandlerManager. Projects using the old workflow API should migrate toWorkflowHandler<T, R>andWorkflowHandlerManager.