mirror of
https://github.com/0xJacky/nginx-ui.git
synced 2025-05-11 02:15:48 +02:00
fix(cosy): ensure the list sort query is validated to prevent SQL injection
This commit is contained in:
0xJacky
parent
18f2b4aba8
commit
6d5f34751d
1 changed files with 66 additions and 66 deletions
132
model/model.go
132
model/model.go
|
|
@ -1,103 +1,103 @@
|
||||||
package model
|
package model
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/0xJacky/Nginx-UI/internal/logger"
|
"github.com/0xJacky/Nginx-UI/internal/logger"
|
||||||
"github.com/0xJacky/Nginx-UI/settings"
|
"github.com/0xJacky/Nginx-UI/settings"
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
"gorm.io/driver/sqlite"
|
"gorm.io/driver/sqlite"
|
||||||
"gorm.io/gen"
|
"gorm.io/gen"
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
gormlogger "gorm.io/gorm/logger"
|
gormlogger "gorm.io/gorm/logger"
|
||||||
"path"
|
"path"
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
var db *gorm.DB
|
var db *gorm.DB
|
||||||
|
|
||||||
type Model struct {
|
type Model struct {
|
||||||
ID int `gorm:"primary_key" json:"id"`
|
ID int `gorm:"primary_key" json:"id"`
|
||||||
CreatedAt time.Time `json:"created_at"`
|
CreatedAt time.Time `json:"created_at"`
|
||||||
UpdatedAt time.Time `json:"updated_at"`
|
UpdatedAt time.Time `json:"updated_at"`
|
||||||
DeletedAt *gorm.DeletedAt `gorm:"index" json:"deleted_at"`
|
DeletedAt *gorm.DeletedAt `gorm:"index" json:"deleted_at"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func GenerateAllModel() []any {
|
func GenerateAllModel() []any {
|
||||||
return []any{
|
return []any{
|
||||||
ConfigBackup{},
|
ConfigBackup{},
|
||||||
Auth{},
|
Auth{},
|
||||||
AuthToken{},
|
AuthToken{},
|
||||||
Cert{},
|
Cert{},
|
||||||
ChatGPTLog{},
|
ChatGPTLog{},
|
||||||
Site{},
|
Site{},
|
||||||
Stream{},
|
Stream{},
|
||||||
DnsCredential{},
|
DnsCredential{},
|
||||||
Environment{},
|
Environment{},
|
||||||
Notification{},
|
Notification{},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func logMode() gormlogger.Interface {
|
func logMode() gormlogger.Interface {
|
||||||
switch settings.ServerSettings.RunMode {
|
switch settings.ServerSettings.RunMode {
|
||||||
case gin.ReleaseMode:
|
case gin.ReleaseMode:
|
||||||
return gormlogger.Default.LogMode(gormlogger.Warn)
|
return gormlogger.Default.LogMode(gormlogger.Warn)
|
||||||
default:
|
default:
|
||||||
fallthrough
|
fallthrough
|
||||||
case gin.DebugMode:
|
case gin.DebugMode:
|
||||||
return gormlogger.Default.LogMode(gormlogger.Info)
|
return gormlogger.Default.LogMode(gormlogger.Info)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func UseDB() *gorm.DB {
|
func UseDB() *gorm.DB {
|
||||||
return db
|
return db
|
||||||
}
|
}
|
||||||
|
|
||||||
func Init() *gorm.DB {
|
func Init() *gorm.DB {
|
||||||
dbPath := path.Join(path.Dir(settings.ConfPath), fmt.Sprintf("%s.db", settings.ServerSettings.Database))
|
dbPath := path.Join(path.Dir(settings.ConfPath), fmt.Sprintf("%s.db", settings.ServerSettings.Database))
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
db, err = gorm.Open(sqlite.Open(dbPath), &gorm.Config{
|
db, err = gorm.Open(sqlite.Open(dbPath), &gorm.Config{
|
||||||
Logger: logMode(),
|
Logger: logMode(),
|
||||||
PrepareStmt: true,
|
PrepareStmt: true,
|
||||||
DisableForeignKeyConstraintWhenMigrating: true,
|
DisableForeignKeyConstraintWhenMigrating: true,
|
||||||
})
|
})
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Fatal(err.Error())
|
logger.Fatal(err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
// Migrate the schema
|
// Migrate the schema
|
||||||
err = db.AutoMigrate(GenerateAllModel()...)
|
err = db.AutoMigrate(GenerateAllModel()...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Fatal(err.Error())
|
logger.Fatal(err.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
return db
|
return db
|
||||||
}
|
}
|
||||||
|
|
||||||
type Pagination struct {
|
type Pagination struct {
|
||||||
Total int64 `json:"total"`
|
Total int64 `json:"total"`
|
||||||
PerPage int `json:"per_page"`
|
PerPage int `json:"per_page"`
|
||||||
CurrentPage int `json:"current_page"`
|
CurrentPage int `json:"current_page"`
|
||||||
TotalPages int64 `json:"total_pages"`
|
TotalPages int64 `json:"total_pages"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type DataList struct {
|
type DataList struct {
|
||||||
Data interface{} `json:"data"`
|
Data interface{} `json:"data"`
|
||||||
Pagination Pagination `json:"pagination,omitempty"`
|
Pagination Pagination `json:"pagination,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func TotalPage(total int64, pageSize int) int64 {
|
func TotalPage(total int64, pageSize int) int64 {
|
||||||
n := total / int64(pageSize)
|
n := total / int64(pageSize)
|
||||||
if total%int64(pageSize) > 0 {
|
if total%int64(pageSize) > 0 {
|
||||||
n++
|
n++
|
||||||
}
|
}
|
||||||
return n
|
return n
|
||||||
}
|
}
|
||||||
|
|
||||||
type Method interface {
|
type Method interface {
|
||||||
// FirstByID Where("id=@id")
|
// FirstByID Where("id=@id")
|
||||||
FirstByID(id int) (*gen.T, error)
|
FirstByID(id int) (*gen.T, error)
|
||||||
// DeleteByID update @@table set deleted_at=strftime('%Y-%m-%d %H:%M:%S','now') where id=@id
|
// DeleteByID update @@table set deleted_at=strftime('%Y-%m-%d %H:%M:%S','now') where id=@id
|
||||||
DeleteByID(id int) error
|
DeleteByID(id int) error
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue