修复漏洞,重构初始化功能,优化媒体库 (#1024)
* 媒体库增加 普通上传、压缩上传按钮,方便媒体库直接上传图片 * 增加数据类型切换后的的校验,避免使用错误的查询条件和字典条件。 * refactor: 重构初始化逻辑 * 媒体库功能丰富 * 修复注入漏洞和路径穿越 * 修复自动化接口获取数据库表失败后未能终止的bug * 微调媒体库样式 Co-authored-by: bypanghu <bypanghu@163.com> Co-authored-by: tesun <36953434+tesun@users.noreply.github.com> Co-authored-by: pnck <hio131@gmail.com> Co-authored-by: task <121913992@qq.com>
This commit is contained in:
奇淼(piexlmax
@@ -1,27 +1,36 @@
|
||||
package system
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/config"
|
||||
"github.com/gookit/color"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/utils"
|
||||
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/config"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/global"
|
||||
model "github.com/flipped-aurora/gin-vue-admin/server/model/system"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/model/system/request"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/source/example"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/source/system"
|
||||
uuid "github.com/satori/go.uuid"
|
||||
"gorm.io/driver/mysql"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
// writeMysqlConfig mysql回写配置
|
||||
// Author [SliverHorn](https://github.com/SliverHorn)
|
||||
// Author [songzhibin97](https://github.com/songzhibin97)
|
||||
func (initDBService *InitDBService) writeMysqlConfig(mysql config.Mysql) error {
|
||||
global.GVA_CONFIG.Mysql = mysql
|
||||
type MysqlInitHandler struct{}
|
||||
|
||||
func NewMysqlInitHandler() *MysqlInitHandler {
|
||||
return &MysqlInitHandler{}
|
||||
}
|
||||
|
||||
// WriteConfig mysql回写配置
|
||||
func (h MysqlInitHandler) WriteConfig(ctx context.Context) error {
|
||||
c, ok := ctx.Value("config").(config.Mysql)
|
||||
if !ok {
|
||||
return errors.New("mysql config invalid")
|
||||
}
|
||||
global.GVA_CONFIG.System.DbType = "mysql"
|
||||
global.GVA_CONFIG.Mysql = c
|
||||
cs := utils.StructToMap(global.GVA_CONFIG)
|
||||
for k, v := range cs {
|
||||
global.GVA_VP.Set(k, v)
|
||||
@@ -30,66 +39,55 @@ func (initDBService *InitDBService) writeMysqlConfig(mysql config.Mysql) error {
|
||||
return global.GVA_VP.WriteConfig()
|
||||
}
|
||||
|
||||
// initMysqlDB 创建数据库并初始化 mysql
|
||||
// Author [piexlmax](https://github.com/piexlmax)
|
||||
// Author [SliverHorn](https://github.com/SliverHorn)
|
||||
// Author: [songzhibin97](https://github.com/songzhibin97)
|
||||
func (initDBService *InitDBService) initMysqlDB(conf request.InitDB) error {
|
||||
// EnsureDB 创建数据库并初始化 mysql
|
||||
func (h MysqlInitHandler) EnsureDB(ctx context.Context, conf *request.InitDB) (next context.Context, err error) {
|
||||
if s, ok := ctx.Value("dbtype").(string); !ok || s != "mysql" {
|
||||
return ctx, ErrDBTypeMismatch
|
||||
}
|
||||
dsn := conf.MysqlEmptyDsn()
|
||||
createSql := fmt.Sprintf("CREATE DATABASE IF NOT EXISTS `%s` DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_general_ci;", conf.DBName)
|
||||
if err := initDBService.createDatabase(dsn, "mysql", createSql); err != nil {
|
||||
return err
|
||||
if err = createDatabase(dsn, "mysql", createSql); err != nil {
|
||||
return nil, err
|
||||
} // 创建数据库
|
||||
|
||||
mysqlConfig := conf.ToMysqlConfig()
|
||||
if mysqlConfig.Dbname == "" {
|
||||
return nil
|
||||
c := conf.ToMysqlConfig()
|
||||
next = context.WithValue(ctx, "config", c)
|
||||
if c.Dbname == "" {
|
||||
return ctx, nil
|
||||
} // 如果没有数据库名, 则跳出初始化数据
|
||||
|
||||
if db, err := gorm.Open(mysql.New(mysql.Config{
|
||||
DSN: mysqlConfig.Dsn(), // DSN data source name
|
||||
DefaultStringSize: 191, // string 类型字段的默认长度
|
||||
SkipInitializeWithVersion: true, // 根据版本自动配置
|
||||
var db *gorm.DB
|
||||
if db, err = gorm.Open(mysql.New(mysql.Config{
|
||||
DSN: c.Dsn(), // DSN data source name
|
||||
DefaultStringSize: 191, // string 类型字段的默认长度
|
||||
SkipInitializeWithVersion: true, // 根据版本自动配置
|
||||
}), &gorm.Config{DisableForeignKeyConstraintWhenMigrating: true}); err != nil {
|
||||
return nil
|
||||
} else {
|
||||
global.GVA_DB = db
|
||||
return ctx, err
|
||||
}
|
||||
|
||||
if err := initDBService.initTables(); err != nil {
|
||||
global.GVA_DB = nil
|
||||
return err
|
||||
}
|
||||
|
||||
if err := initDBService.initMysqlData(); err != nil {
|
||||
global.GVA_DB = nil
|
||||
return err
|
||||
}
|
||||
|
||||
if err := initDBService.writeMysqlConfig(mysqlConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
global.GVA_CONFIG.AutoCode.Root, _ = filepath.Abs("..")
|
||||
next = context.WithValue(next, "db", db)
|
||||
return next, err
|
||||
}
|
||||
|
||||
func (h MysqlInitHandler) InitTables(ctx context.Context, inits initSlice) error {
|
||||
return createTables(ctx, inits)
|
||||
}
|
||||
|
||||
func (h MysqlInitHandler) InitData(ctx context.Context, inits initSlice) error {
|
||||
next, cancel := context.WithCancel(ctx)
|
||||
defer func(c func()) { c() }(cancel)
|
||||
for _, init := range inits {
|
||||
if init.DataInserted(next) {
|
||||
color.Info.Printf(InitDataExist, Mysql, init.InitializerName())
|
||||
continue
|
||||
}
|
||||
if n, err := init.InitializeData(next); err != nil {
|
||||
color.Info.Printf(InitDataFailed, Mysql, err)
|
||||
return err
|
||||
} else {
|
||||
next = n
|
||||
color.Info.Printf(InitDataSuccess, Mysql, init.InitializerName())
|
||||
}
|
||||
}
|
||||
color.Info.Printf(InitSuccess, Mysql)
|
||||
return nil
|
||||
}
|
||||
|
||||
// initData mysql 初始化数据
|
||||
// Author [SliverHorn](https://github.com/SliverHorn)
|
||||
// Author: [songzhibin97](https://github.com/songzhibin97)
|
||||
func (initDBService *InitDBService) initMysqlData() error {
|
||||
return model.MysqlDataInitialize(
|
||||
system.Api,
|
||||
system.User,
|
||||
system.Casbin,
|
||||
system.BaseMenu,
|
||||
system.Authority,
|
||||
system.Dictionary,
|
||||
system.UserAuthority,
|
||||
system.DataAuthorities,
|
||||
system.AuthoritiesMenus,
|
||||
system.DictionaryDetail,
|
||||
system.ViewAuthorityMenuMysql,
|
||||
example.FileMysql,
|
||||
)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user