fix(cosy): ensure the list sort query is validated to prevent SQL injection

2025-05-11 02:15:48 +02:00 · 2023-12-20 10:16:04 +08:00 · 2023-12-20 10:16:04 +08:00 · 6d5f34751d
commit 6d5f34751d
parent 18f2b4aba8
1 changed files with 66 additions and 66 deletions
--- a/model/model.go
+++ b/model/model.go
@ -1,103 +1,103 @@
 package model

 import (
-    "fmt"
-    "github.com/0xJacky/Nginx-UI/internal/logger"
-    "github.com/0xJacky/Nginx-UI/settings"
-    "github.com/gin-gonic/gin"
-    "gorm.io/driver/sqlite"
-    "gorm.io/gen"
-    "gorm.io/gorm"
-    gormlogger "gorm.io/gorm/logger"
-    "path"
-    "time"
+	"fmt"
+	"github.com/0xJacky/Nginx-UI/internal/logger"
+	"github.com/0xJacky/Nginx-UI/settings"
+	"github.com/gin-gonic/gin"
+	"gorm.io/driver/sqlite"
+	"gorm.io/gen"
+	"gorm.io/gorm"
+	gormlogger "gorm.io/gorm/logger"
+	"path"
+	"time"
 )

 var db *gorm.DB

 type Model struct {
-    ID        int             `gorm:"primary_key" json:"id"`
-    CreatedAt time.Time       `json:"created_at"`
-    UpdatedAt time.Time       `json:"updated_at"`
-    DeletedAt *gorm.DeletedAt `gorm:"index" json:"deleted_at"`
+	ID        int             `gorm:"primary_key" json:"id"`
+	CreatedAt time.Time       `json:"created_at"`
+	UpdatedAt time.Time       `json:"updated_at"`
+	DeletedAt *gorm.DeletedAt `gorm:"index" json:"deleted_at"`
 }

 func GenerateAllModel() []any {
-    return []any{
-        ConfigBackup{},
-        Auth{},
-        AuthToken{},
-        Cert{},
-        ChatGPTLog{},
-        Site{},
-        Stream{},
-        DnsCredential{},
-        Environment{},
-        Notification{},
-    }
+	return []any{
+		ConfigBackup{},
+		Auth{},
+		AuthToken{},
+		Cert{},
+		ChatGPTLog{},
+		Site{},
+		Stream{},
+		DnsCredential{},
+		Environment{},
+		Notification{},
+	}
 }

 func logMode() gormlogger.Interface {
-    switch settings.ServerSettings.RunMode {
-    case gin.ReleaseMode:
-        return gormlogger.Default.LogMode(gormlogger.Warn)
-    default:
-        fallthrough
-    case gin.DebugMode:
-        return gormlogger.Default.LogMode(gormlogger.Info)
-    }
+	switch settings.ServerSettings.RunMode {
+	case gin.ReleaseMode:
+		return gormlogger.Default.LogMode(gormlogger.Warn)
+	default:
+		fallthrough
+	case gin.DebugMode:
+		return gormlogger.Default.LogMode(gormlogger.Info)
+	}
 }

 func UseDB() *gorm.DB {
-    return db
+	return db
 }

 func Init() *gorm.DB {
-    dbPath := path.Join(path.Dir(settings.ConfPath), fmt.Sprintf("%s.db", settings.ServerSettings.Database))
+	dbPath := path.Join(path.Dir(settings.ConfPath), fmt.Sprintf("%s.db", settings.ServerSettings.Database))

-    var err error
-    db, err = gorm.Open(sqlite.Open(dbPath), &gorm.Config{
-        Logger:                                   logMode(),
-        PrepareStmt:                              true,
-        DisableForeignKeyConstraintWhenMigrating: true,
-    })
+	var err error
+	db, err = gorm.Open(sqlite.Open(dbPath), &gorm.Config{
+		Logger:                                   logMode(),
+		PrepareStmt:                              true,
+		DisableForeignKeyConstraintWhenMigrating: true,
+	})

-    if err != nil {
-        logger.Fatal(err.Error())
-    }
+	if err != nil {
+		logger.Fatal(err.Error())
+	}

-    // Migrate the schema
-    err = db.AutoMigrate(GenerateAllModel()...)
-    if err != nil {
-        logger.Fatal(err.Error())
-    }
+	// Migrate the schema
+	err = db.AutoMigrate(GenerateAllModel()...)
+	if err != nil {
+		logger.Fatal(err.Error())
+	}

-    return db
+	return db
 }

 type Pagination struct {
-    Total       int64 `json:"total"`
-    PerPage     int   `json:"per_page"`
-    CurrentPage int   `json:"current_page"`
-    TotalPages  int64 `json:"total_pages"`
+	Total       int64 `json:"total"`
+	PerPage     int   `json:"per_page"`
+	CurrentPage int   `json:"current_page"`
+	TotalPages  int64 `json:"total_pages"`
 }

 type DataList struct {
-    Data       interface{} `json:"data"`
-    Pagination Pagination  `json:"pagination,omitempty"`
+	Data       interface{} `json:"data"`
+	Pagination Pagination  `json:"pagination,omitempty"`
 }

 func TotalPage(total int64, pageSize int) int64 {
-    n := total / int64(pageSize)
-    if total%int64(pageSize) > 0 {
-        n++
-    }
-    return n
+	n := total / int64(pageSize)
+	if total%int64(pageSize) > 0 {
+		n++
+	}
+	return n
 }

 type Method interface {
-    // FirstByID Where("id=@id")
-    FirstByID(id int) (*gen.T, error)
-    // DeleteByID update @@table set deleted_at=strftime('%Y-%m-%d %H:%M:%S','now') where id=@id
-    DeleteByID(id int) error
+	// FirstByID Where("id=@id")
+	FirstByID(id int) (*gen.T, error)
+	// DeleteByID update @@table set deleted_at=strftime('%Y-%m-%d %H:%M:%S','now') where id=@id
+	DeleteByID(id int) error
 }