修复漏洞,重构初始化功能,优化媒体库 (#1024)
* 媒体库增加 普通上传、压缩上传按钮,方便媒体库直接上传图片 * 增加数据类型切换后的的校验,避免使用错误的查询条件和字典条件。 * refactor: 重构初始化逻辑 * 媒体库功能丰富 * 修复注入漏洞和路径穿越 * 修复自动化接口获取数据库表失败后未能终止的bug * 微调媒体库样式 Co-authored-by: bypanghu <bypanghu@163.com> Co-authored-by: tesun <36953434+tesun@users.noreply.github.com> Co-authored-by: pnck <hio131@gmail.com> Co-authored-by: task <121913992@qq.com>
This commit is contained in:
奇淼(piexlmax
@@ -1,26 +1,36 @@
|
||||
package system
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/config"
|
||||
"github.com/gookit/color"
|
||||
"path/filepath"
|
||||
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/utils"
|
||||
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/config"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/global"
|
||||
model "github.com/flipped-aurora/gin-vue-admin/server/model/system"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/model/system/request"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/source/example"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/source/system"
|
||||
uuid "github.com/satori/go.uuid"
|
||||
"gorm.io/driver/postgres"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
// writePgsqlConfig pgsql 回写配置
|
||||
// Author [SliverHorn](https://github.com/SliverHorn)
|
||||
func (initDBService *InitDBService) writePgsqlConfig(pgsql config.Pgsql) error {
|
||||
type PgsqlInitHandler struct{}
|
||||
|
||||
func NewPgsqlInitHandler() *PgsqlInitHandler {
|
||||
return &PgsqlInitHandler{}
|
||||
}
|
||||
|
||||
// WriteConfig pgsql 回写配置
|
||||
func (h PgsqlInitHandler) WriteConfig(ctx context.Context) error {
|
||||
c, ok := ctx.Value("config").(config.Pgsql)
|
||||
if !ok {
|
||||
return errors.New("postgresql config invalid")
|
||||
}
|
||||
global.GVA_CONFIG.System.DbType = "pgsql"
|
||||
global.GVA_CONFIG.Pgsql = pgsql
|
||||
global.GVA_CONFIG.Pgsql = c
|
||||
cs := utils.StructToMap(global.GVA_CONFIG)
|
||||
for k, v := range cs {
|
||||
global.GVA_VP.Set(k, v)
|
||||
@@ -29,61 +39,54 @@ func (initDBService *InitDBService) writePgsqlConfig(pgsql config.Pgsql) error {
|
||||
return global.GVA_VP.WriteConfig()
|
||||
}
|
||||
|
||||
func (initDBService *InitDBService) initPgsqlDB(conf request.InitDB) error {
|
||||
// EnsureDB 创建数据库并初始化 pg
|
||||
func (h PgsqlInitHandler) EnsureDB(ctx context.Context, conf *request.InitDB) (next context.Context, err error) {
|
||||
if s, ok := ctx.Value("dbtype").(string); !ok || s != "pgsql" {
|
||||
return ctx, ErrDBTypeMismatch
|
||||
}
|
||||
dsn := conf.PgsqlEmptyDsn()
|
||||
createSql := "CREATE DATABASE " + conf.DBName
|
||||
if err := initDBService.createDatabase(dsn, "pgx", createSql); err != nil {
|
||||
return err
|
||||
createSql := fmt.Sprintf("CREATE DATABASE %s;", conf.DBName)
|
||||
if err = createDatabase(dsn, "pgx", createSql); err != nil {
|
||||
return nil, err
|
||||
} // 创建数据库
|
||||
|
||||
pgsqlConfig := conf.ToPgsqlConfig()
|
||||
if pgsqlConfig.Dbname == "" {
|
||||
return nil
|
||||
c := conf.ToPgsqlConfig()
|
||||
next = context.WithValue(ctx, "config", c)
|
||||
if c.Dbname == "" {
|
||||
return ctx, nil
|
||||
} // 如果没有数据库名, 则跳出初始化数据
|
||||
|
||||
if db, err := gorm.Open(postgres.New(postgres.Config{
|
||||
DSN: pgsqlConfig.Dsn(), // DSN data source name
|
||||
var db *gorm.DB
|
||||
if db, err = gorm.Open(postgres.New(postgres.Config{
|
||||
DSN: c.Dsn(), // DSN data source name
|
||||
PreferSimpleProtocol: false,
|
||||
}), &gorm.Config{DisableForeignKeyConstraintWhenMigrating: true}); err != nil {
|
||||
return nil
|
||||
} else {
|
||||
global.GVA_DB = db
|
||||
return ctx, err
|
||||
}
|
||||
|
||||
if err := initDBService.initTables(); err != nil {
|
||||
global.GVA_DB = nil
|
||||
return err
|
||||
}
|
||||
|
||||
if err := initDBService.initPgsqlData(); err != nil {
|
||||
global.GVA_DB = nil
|
||||
return err
|
||||
}
|
||||
|
||||
if err := initDBService.writePgsqlConfig(pgsqlConfig); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
global.GVA_CONFIG.AutoCode.Root, _ = filepath.Abs("..")
|
||||
next = context.WithValue(next, "db", db)
|
||||
return next, err
|
||||
}
|
||||
|
||||
func (h PgsqlInitHandler) InitTables(ctx context.Context, inits initSlice) error {
|
||||
return createTables(ctx, inits)
|
||||
}
|
||||
|
||||
func (h PgsqlInitHandler) InitData(ctx context.Context, inits initSlice) error {
|
||||
next, cancel := context.WithCancel(ctx)
|
||||
defer func(c func()) { c() }(cancel)
|
||||
for i := 0; i < len(inits); i++ {
|
||||
if inits[i].DataInserted(next) {
|
||||
color.Info.Printf(InitDataExist, Pgsql, inits[i].InitializerName())
|
||||
continue
|
||||
}
|
||||
if n, err := inits[i].InitializeData(next); err != nil {
|
||||
color.Info.Printf(InitDataFailed, Pgsql, err)
|
||||
return err
|
||||
} else {
|
||||
next = n
|
||||
color.Info.Printf(InitDataSuccess, Pgsql, inits[i].InitializerName())
|
||||
}
|
||||
}
|
||||
color.Info.Printf(InitSuccess, Pgsql)
|
||||
return nil
|
||||
}
|
||||
|
||||
// initPgsqlData pgsql 初始化数据
|
||||
// Author [SliverHorn](https://github.com/SliverHorn)
|
||||
func (initDBService *InitDBService) initPgsqlData() error {
|
||||
return model.PgsqlDataInitialize(
|
||||
system.Api,
|
||||
system.User,
|
||||
system.Casbin,
|
||||
system.BaseMenu,
|
||||
system.Authority,
|
||||
system.Dictionary,
|
||||
system.UserAuthority,
|
||||
system.DataAuthorities,
|
||||
system.AuthoritiesMenus,
|
||||
system.DictionaryDetail,
|
||||
system.ViewAuthorityMenuPostgres,
|
||||
|
||||
example.FilePgsql,
|
||||
)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user