Skip to content

Commit

Permalink
fix: 解决 gorm 的 sql 注入问题 (1Panel-dev#5409)
Browse files Browse the repository at this point in the history
  • Loading branch information
ssongliu authored Jun 11, 2024
1 parent 34b7e1e commit 00c8c8d
Show file tree
Hide file tree
Showing 12 changed files with 489 additions and 170 deletions.
4 changes: 2 additions & 2 deletions backend/app/api/v1/cronjob.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,12 @@ func (b *BaseApi) CreateCronjob(c *gin.Context) {
// @Summary Page cronjobs
// @Description 获取计划任务分页
// @Accept json
// @Param request body dto.SearchWithPage true "request"
// @Param request body dto.PageCronjob true "request"
// @Success 200 {object} dto.PageResult
// @Security ApiKeyAuth
// @Router /cronjobs/search [post]
func (b *BaseApi) SearchCronjob(c *gin.Context) {
var req dto.SearchWithPage
var req dto.PageCronjob
if err := helper.CheckBindAndValidate(&req, c); err != nil {
return
}
Expand Down
6 changes: 3 additions & 3 deletions backend/app/dto/command.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
package dto

type SearchCommandWithPage struct {
SearchWithPage
OrderBy string `json:"orderBy"`
Order string `json:"order"`
PageInfo
OrderBy string `json:"orderBy" validate:"required,oneof=name command created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
GroupID uint `json:"groupID"`
Info string `json:"info"`
Name string `json:"name"`
Expand Down
4 changes: 1 addition & 3 deletions backend/app/dto/common_req.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@ package dto

type SearchWithPage struct {
PageInfo
Info string `json:"info"`
OrderBy string `json:"orderBy"`
Order string `json:"order"`
Info string `json:"info"`
}

type PageInfo struct {
Expand Down
4 changes: 2 additions & 2 deletions backend/app/dto/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ type PageContainer struct {
PageInfo
Name string `json:"name"`
State string `json:"state" validate:"required,oneof=all created running paused restarting removing exited dead"`
OrderBy string `json:"orderBy"`
Order string `json:"order"`
OrderBy string `json:"orderBy" validate:"required,oneof=name status created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
Filters string `json:"filters"`
ExcludeAppStore bool `json:"excludeAppStore"`
}
Expand Down
7 changes: 7 additions & 0 deletions backend/app/dto/cronjob.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,13 @@ import (
"time"
)

type PageCronjob struct {
PageInfo
Info string `json:"info"`
OrderBy string `json:"orderBy" validate:"required,oneof=name status created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
}

type CronjobCreate struct {
Name string `json:"name" validate:"required"`
Type string `json:"type" validate:"required"`
Expand Down
8 changes: 4 additions & 4 deletions backend/app/dto/database.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@ type MysqlDBSearch struct {
PageInfo
Info string `json:"info"`
Database string `json:"database" validate:"required"`
OrderBy string `json:"orderBy"`
Order string `json:"order"`
OrderBy string `json:"orderBy" validate:"required,oneof=name created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
}

type MysqlDBInfo struct {
Expand Down Expand Up @@ -236,8 +236,8 @@ type DatabaseSearch struct {
PageInfo
Info string `json:"info"`
Type string `json:"type"`
OrderBy string `json:"orderBy"`
Order string `json:"order"`
OrderBy string `json:"orderBy" validate:"required,oneof=name created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
}

type DatabaseInfo struct {
Expand Down
4 changes: 2 additions & 2 deletions backend/app/dto/database_postgresql.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ type PostgresqlDBSearch struct {
PageInfo
Info string `json:"info"`
Database string `json:"database" validate:"required"`
OrderBy string `json:"orderBy"`
Order string `json:"order"`
OrderBy string `json:"orderBy" validate:"required,oneof=name created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
}

type PostgresqlDBInfo struct {
Expand Down
4 changes: 2 additions & 2 deletions backend/app/dto/request/website.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@ import (
type WebsiteSearch struct {
dto.PageInfo
Name string `json:"name"`
OrderBy string `json:"orderBy"`
Order string `json:"order"`
OrderBy string `json:"orderBy" validate:"required,oneof=primary_domain type status created_at"`
Order string `json:"order" validate:"required,oneof=null ascending descending"`
WebsiteGroupID uint `json:"websiteGroupId"`
}

Expand Down
4 changes: 2 additions & 2 deletions backend/app/service/cornjob.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
type CronjobService struct{}

type ICronjobService interface {
SearchWithPage(search dto.SearchWithPage) (int64, interface{}, error)
SearchWithPage(search dto.PageCronjob) (int64, interface{}, error)
SearchRecords(search dto.SearchRecord) (int64, interface{}, error)
Create(cronjobDto dto.CronjobCreate) error
HandleOnce(id uint) error
Expand All @@ -39,7 +39,7 @@ func NewICronjobService() ICronjobService {
return &CronjobService{}
}

func (u *CronjobService) SearchWithPage(search dto.SearchWithPage) (int64, interface{}, error) {
func (u *CronjobService) SearchWithPage(search dto.PageCronjob) (int64, interface{}, error) {
total, cronjobs, err := cronjobRepo.Page(search.Page, search.PageSize, commonRepo.WithLikeName(search.Info), commonRepo.WithOrderRuleBy(search.OrderBy, search.Order))
var dtoCronjobs []dto.CronjobInfo
for _, cronjob := range cronjobs {
Expand Down
Loading

0 comments on commit 00c8c8d

Please sign in to comment.