修复漏洞,重构初始化功能,优化媒体库 (#1024)
* 媒体库增加 普通上传、压缩上传按钮,方便媒体库直接上传图片 * 增加数据类型切换后的的校验,避免使用错误的查询条件和字典条件。 * refactor: 重构初始化逻辑 * 媒体库功能丰富 * 修复注入漏洞和路径穿越 * 修复自动化接口获取数据库表失败后未能终止的bug * 微调媒体库样式 Co-authored-by: bypanghu <bypanghu@163.com> Co-authored-by: tesun <36953434+tesun@users.noreply.github.com> Co-authored-by: pnck <hio131@gmail.com> Co-authored-by: task <121913992@qq.com>
This commit is contained in:
奇淼(piexlmax
@@ -1,34 +0,0 @@
|
||||
package example
|
||||
|
||||
import (
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/global"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/model/example"
|
||||
"github.com/pkg/errors"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
var FileMysql = new(fileMysql)
|
||||
|
||||
type fileMysql struct{}
|
||||
|
||||
func (f *fileMysql) TableName() string {
|
||||
return "exa_file_upload_and_downloads"
|
||||
}
|
||||
|
||||
func (f *fileMysql) Initialize() error {
|
||||
entities := []example.ExaFileUploadAndDownload{
|
||||
{Name: "10.png", Url: "https://qmplusimg.henrongyi.top/gvalogo.png", Tag: "png", Key: "158787308910.png"},
|
||||
{Name: "logo.png", Url: "https://qmplusimg.henrongyi.top/1576554439myAvatar.png", Tag: "png", Key: "1587973709logo.png"},
|
||||
}
|
||||
if err := global.GVA_DB.Create(&entities).Error; err != nil {
|
||||
return errors.Wrap(err, f.TableName()+"表数据初始化失败!")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (f *fileMysql) CheckDataExist() bool {
|
||||
if errors.Is(global.GVA_DB.Where("`name` = ? AND `key` = ?", "logo.png", "1587973709logo.png").First(&example.ExaFileUploadAndDownload{}).Error, gorm.ErrRecordNotFound) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
@@ -1,34 +0,0 @@
|
||||
package example
|
||||
|
||||
import (
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/global"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/model/example"
|
||||
"github.com/pkg/errors"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
var FilePgsql = new(filePgsql)
|
||||
|
||||
type filePgsql struct{}
|
||||
|
||||
func (f *filePgsql) TableName() string {
|
||||
return "exa_file_upload_and_downloads"
|
||||
}
|
||||
|
||||
func (f *filePgsql) Initialize() error {
|
||||
entities := []example.ExaFileUploadAndDownload{
|
||||
{Name: "10.png", Url: "https://qmplusimg.henrongyi.top/gvalogo.png", Tag: "png", Key: "158787308910.png"},
|
||||
{Name: "logo.png", Url: "https://qmplusimg.henrongyi.top/1576554439myAvatar.png", Tag: "png", Key: "1587973709logo.png"},
|
||||
}
|
||||
if err := global.GVA_DB.Create(&entities).Error; err != nil {
|
||||
return errors.Wrap(err, f.TableName()+"表数据初始化失败!")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (f *filePgsql) CheckDataExist() bool {
|
||||
if errors.Is(global.GVA_DB.Where("name = ? AND key = ?", "logo.png", "1587973709logo.png").First(&example.ExaFileUploadAndDownload{}).Error, gorm.ErrRecordNotFound) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
65
server/source/example/file_upload_download.go
Normal file
65
server/source/example/file_upload_download.go
Normal file
@@ -0,0 +1,65 @@
|
||||
package example
|
||||
|
||||
import (
|
||||
"context"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/model/example"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/service/system"
|
||||
"github.com/pkg/errors"
|
||||
"gorm.io/gorm"
|
||||
)
|
||||
|
||||
const initOrderExaFile = system.InitOrderInternal + 1
|
||||
|
||||
type initExaFileMysql struct{}
|
||||
|
||||
// auto run
|
||||
func init() {
|
||||
system.RegisterInit(initOrderExaFile, &initExaFileMysql{})
|
||||
}
|
||||
|
||||
func (i *initExaFileMysql) MigrateTable(ctx context.Context) (context.Context, error) {
|
||||
db, ok := ctx.Value("db").(*gorm.DB)
|
||||
if !ok {
|
||||
return ctx, system.ErrMissingDBContext
|
||||
}
|
||||
return ctx, db.AutoMigrate(&example.ExaFileUploadAndDownload{})
|
||||
}
|
||||
|
||||
func (i *initExaFileMysql) TableCreated(ctx context.Context) bool {
|
||||
db, ok := ctx.Value("db").(*gorm.DB)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
return db.Migrator().HasTable(&example.ExaFileUploadAndDownload{})
|
||||
}
|
||||
|
||||
func (i initExaFileMysql) InitializerName() string {
|
||||
return example.ExaFileUploadAndDownload{}.TableName()
|
||||
}
|
||||
|
||||
func (i *initExaFileMysql) InitializeData(ctx context.Context) (context.Context, error) {
|
||||
db, ok := ctx.Value("db").(*gorm.DB)
|
||||
if !ok {
|
||||
return ctx, system.ErrMissingDBContext
|
||||
}
|
||||
entities := []example.ExaFileUploadAndDownload{
|
||||
{Name: "10.png", Url: "https://qmplusimg.henrongyi.top/gvalogo.png", Tag: "png", Key: "158787308910.png"},
|
||||
{Name: "logo.png", Url: "https://qmplusimg.henrongyi.top/1576554439myAvatar.png", Tag: "png", Key: "1587973709logo.png"},
|
||||
}
|
||||
if err := db.Create(&entities).Error; err != nil {
|
||||
return ctx, errors.Wrap(err, example.ExaFileUploadAndDownload{}.TableName()+"表数据初始化失败!")
|
||||
}
|
||||
return ctx, nil
|
||||
}
|
||||
|
||||
func (i *initExaFileMysql) DataInserted(ctx context.Context) bool {
|
||||
db, ok := ctx.Value("db").(*gorm.DB)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
lookup := example.ExaFileUploadAndDownload{Name: "logo.png", Key: "1587973709logo.png"}
|
||||
if errors.Is(db.First(&lookup, &lookup).Error, gorm.ErrRecordNotFound) {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
Reference in New Issue
Block a user