bigdata
/
dsMin
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

'commit'

Browse Source
master
wangshuai 4 years ago
parent 9d8cd4ba44
commit d372841462
8 changed files with 310 additions and 204 deletions
Show Stats Download Patch File Download Diff File

248
dsDataexV1.1/Html/hyper_test.html
Unescape View File

@ -9,6 +9,7 @@
<script src="jquery.timers-1.2.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready(function(){
/*
// 获取市下的行政区划列表
var hyper001 = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
@ -301,162 +302,163 @@
"query_page": 1,
"query_perpage": 20
}
*/
// 获取行政区
var hyper019 = {
var ypt_hyper_xzq = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
"XZQ_CODE", "XZQ_ID", "XZQ_NAME"
],
"query_combinations": "",
"query_combinations": "XZQ_ID='200001'",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper019",
"query_id": "hyper_xzq",
"query_order": [
"XZQ_ID DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取行政区
var hyper020 = {
var xpt_hyper_xzq = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
"XZQ_CODE", "XZQ_ID", "XZQ_NAME"
],
"query_combinations": "",
"query_combinations": "XZQ_ID='ffb460f249414c988b1869eba6ca679e'",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper020",
"query_id": "hyper_xzq",
"query_order": [
"XZQ_ID DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取机构(单位)
var hyper021 = {
var ypt_hyper_jg = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
'DW_ID', 'DW_LB', 'DW_LBM', 'DW_MC', 'XZQ_ID', 'XZQ_Qu_ID', 'XZQ_Sheng_ID'
],
"query_combinations": "",
"query_combinations": "DW_LB='教育局' AND XZQ_Qu_ID=0",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper021",
"query_id": "hyper_jg",
"query_order": [
"DW_LBM ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取机构(单位)
var hyper022 = {
var xpt_hyper_jg = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
'DW_ID', 'DW_LB', 'DW_LBM', 'DW_MC', 'XZQ_ID', 'XZQ_Qu_ID', 'XZQ_Sheng_ID'
],
"query_combinations": "",
"query_combinations": "DW_LB='学校' AND XZQ_Qu_ID='30592439ad9d4f669d9fcbb1dc1ec453'",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper022",
"query_id": "hyper_jg",
"query_order": [
"DW_LBM ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取学校
var hyper023 = {
var ypt_hyper_school = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "XX_BXLX='小学'",
"query_conditions": [
2
],
"query_format": "json",
"query_id": "hyper023",
"query_id": "hyper_school",
"query_order": [
"XZQ_Qu_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取学校
var hyper024 = {
var xpt_hyper_school = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "XX_BXLX='幼儿园'",
"query_conditions": [
2
],
"query_format": "json",
"query_id": "hyper024",
"query_id": "hyper_school",
"query_order": [
"XZQ_Qu_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取部门
var hyper025 = {
var ypt_hyper_bm = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "BM_ID>400002",
"query_conditions": [
3, 400001
],
"query_format": "json",
"query_id": "hyper025",
"query_id": "hyper_bm",
"query_order": [
"BM_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取部门
var hyper026 = {
var xpt_hyper_bm = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "BM_MC!=''",
"query_conditions": [
3, 'f98cfdd5de99440d855aafb24ba47b52'
],
"query_format": "json",
"query_id": "hyper026",
"query_id": "hyper_bm",
"query_order": [
"BM_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取年级
var hyper027 = {
var ypt_hyper_nj = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "NJ_XD='小学'",
"query_conditions": [
400001
],
"query_format": "json",
"query_id": "hyper027",
"query_id": "hyper_nj",
"query_order": [
],
@ -464,17 +466,17 @@
"query_perpage": 20
}
// 获取年级
var hyper028 = {
var xpt_hyper_nj = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "NJ_XD='学前教育'",
"query_conditions": [
'097D57445AA54AAC958B8649A44ECEA9'
],
"query_format": "json",
"query_id": "hyper028",
"query_id": "hyper_nj",
"query_order": [
],
@ -482,17 +484,17 @@
"query_perpage": 20
}
// 获取班级
var hyper029 = {
var ypt_hyper_bj = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "BJ_MC LIKE '2017年%班'",
"query_conditions": [
400001, 2017
],
"query_format": "json",
"query_id": "hyper029",
"query_id": "hyper_bj",
"query_order": [
],
@ -500,17 +502,17 @@
"query_perpage": 20
}
// 获取班级
var hyper030 = {
var xpt_hyper_bj = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "BJ_MC LIKE '19%'",
"query_conditions": [
'097D57445AA54AAC958B8649A44ECEA9'
],
"query_format": "json",
"query_id": "hyper030",
"query_id": "hyper_bj",
"query_order": [
],
@ -518,253 +520,253 @@
"query_perpage": 20
}
// 获取教师(教职工)
var hyper031 = {
var ypt_hyper_js = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "JS_XB='男'",
"query_conditions": [
400001, 5
],
"query_format": "json",
"query_id": "hyper031",
"query_id": "hyper_js",
"query_order": [
"BM_ID DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取教师(教职工)
var hyper032 = {
var xpt_hyper_js = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "JS_XB='男'",
"query_conditions": [
5, '097D57445AA54AAC958B8649A44ECEA9'
],
"query_format": "json",
"query_id": "hyper032",
"query_id": "hyper_js",
"query_order": [
"BM_ID DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取学生
var hyper033 = {
var ypt_hyper_xs = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "XS_XB='男'",
"query_conditions": [
400001
],
"query_format": "json",
"query_id": "hyper033",
"query_id": "hyper_xs",
"query_order": [
"XS_XM DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取学生
var hyper034 = {
var xpt_hyper_xs = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "XS_XB='男'",
"query_conditions": [
6, '097D57445AA54AAC958B8649A44ECEA9'
],
"query_format": "json",
"query_id": "hyper034",
"query_id": "hyper_xs",
"query_order": [
"XS_XM DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取家长
var hyper035 = {
var ypt_hyper_jz = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "JZ_XM LIKE '%家长'",
"query_conditions": [
400001
],
"query_format": "json",
"query_id": "hyper035",
"query_id": "hyper_jz",
"query_order": [
"JZ_ID DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取家长
var hyper036 = {
var xpt_hyper_jz = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "JZ_XM LIKE '%家长'",
"query_conditions": [
7, '097D57445AA54AAC958B8649A44ECEA9'
],
"query_format": "json",
"query_id": "hyper036",
"query_id": "hyper_jz",
"query_order": [
"JZ_ID DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取用户角色
var hyper037 = {
var ypt_hyper_yhjs = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "YHJS_SFDM>1",
"query_conditions": [
1, 1
],
"query_format": "json",
"query_id": "hyper037",
"query_id": "hyper_yhjs",
"query_order": [
"YHJS_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取系统角色
var hyper038 = {
var ypt_hyper_xtjs = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "YHJS_SFDM>1",
"query_conditions": [
'YPT'
],
"query_format": "json",
"query_id": "hyper038",
"query_id": "hyper_xtjs",
"query_order": [
"YHJS_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取用户角色
var hyper039 = {
var xpt_hyper_yhjs = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "YHJS_SFDM>1",
"query_conditions": [
'd704280d17d3480e8e609da36415ce8e'
],
"query_format": "json",
"query_id": "hyper039",
"query_id": "hyper_yhjs",
"query_order": [
"YHJS_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取系统角色
var hyper040 = {
var xpt_hyper_xtjs = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "YHJS_SFDM>1",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper040",
"query_id": "hyper_xtjs",
"query_order": [
"YHJS_ID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取权限
var hyper041 = {
var ypt_hyper_qx = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "QX_PID=350",
"query_conditions": [
'JY', '167, 197'
],
"query_format": "json",
"query_id": "hyper041",
"query_id": "hyper_qx",
"query_order": [
"QX_PID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取权限
var hyper042 = {
var xpt_hyper_qx = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "QX_PID='282b2da18eea462ba199f38bf950529f'",
"query_conditions": [
"64056dd8421c89e3d0bb8511526a7ace"
],
"query_format": "json",
"query_id": "hyper042",
"query_id": "hyper_qx",
"query_order": [
"QX_PID ASC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取权限
var hyper043 = {
// 获取数据字典
var ypt_hyper_sjzd = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "ZD_FLDM='xxlbm'",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper043",
"query_id": "hyper_sjzd",
"query_order": [
"ZD_DM DESC"
],
"query_page": 1,
"query_perpage": 20
}
// 获取权限
var hyper044 = {
// 获取数据字典
var xpt_hyper_sjzd = {
"access_token": "system_01##20200102030405##a6ce11eab94df48a6ce11eab",
"query_cols": [
],
"query_combinations": "",
"query_combinations": "ZD_FLDM='FAMILY_RELATIONSHIP'",
"query_conditions": [
],
"query_format": "json",
"query_id": "hyper044",
"query_id": "hyper_sjzd",
"query_order": [
"ZD_DM DESC"
],
"query_page": 1,
"query_perpage": 20
@ -827,12 +829,6 @@
}
// if (queryId == "hyper011" || queryId == "hyper012" || queryId == "hyper013" || queryId == "hyper014") {
// requestUrl = "http://127.0.0.1:9009/dataex/hyper_" + platform + "/QueryByID"
// } else {
@ -882,6 +878,7 @@
<div id="control_zone">
<p class="print_box">Hello world</p>
<select name="query_ids" class="query_ids">
<!--
<option value="ypt:hyper001" func="Query">获取市下的行政区划列表</option>
<option value="ypt:hyper002" func="Query">获取市下的单位列表</option>
<option value="ypt:hyper003" func="Query">获取区下的单位列表</option>
@ -900,19 +897,20 @@
<option value="ypt:hyper016" func="Query">获取人员某个业务系统的角色列表</option>
<option value="ypt:hyper017" func="Query">获取人员某个业务系统的功能菜单</option>
<option value="ypt:hyper018" func="Query">获取学段信息</option>
<option value="ypt:hyper019,xpt:hyper020" func="Query">获取行政区</option>
<option value="ypt:hyper021,xpt:hyper022" func="Query">获取机构(单位)</option>
<option value="ypt:hyper023,xpt:hyper024" func="Query">获取学校</option>
<option value="ypt:hyper025,xpt:hyper026" func="Query">获取部门</option>
<option value="ypt:hyper027,xpt:hyper028" func="Query">获取年级</option>
<option value="ypt:hyper029,xpt:hyper030" func="Query">获取班级</option>
<option value="ypt:hyper031,xpt:hyper032" func="Query">获取教师(教职工)</option>
<option value="ypt:hyper033,xpt:hyper034" func="Query">获取学生</option>
<option value="ypt:hyper035,xpt:hyper036" func="Query">获取家长</option>
<option value="ypt:hyper037,xpt:hyper039" func="Query">获取用户角色</option>
<option value="ypt:hyper038,xpt:hyper040" func="Query">获取系统角色</option>
<option value="ypt:hyper041,xpt:hyper042" func="Query">获取权限</option>
<option value="ypt:hyper043,xpt:hyper044" func="Query">获取系统角色</option>
-->
<option value="ypt:ypt_hyper_xzq,xpt:xpt_hyper_xzq" func="Query">001 - 获取行政区</option>
<option value="ypt:ypt_hyper_jg,xpt:xpt_hyper_jg" func="Query">002 - 获取机构(单位)</option>
<option value="ypt:ypt_hyper_school,xpt:xpt_hyper_school" func="Query">003 - 获取学校</option>
<option value="ypt:ypt_hyper_bm,xpt:xpt_hyper_bm" func="Query">004 - 获取部门</option>
<option value="ypt:ypt_hyper_nj,xpt:xpt_hyper_nj" func="Query">005 - 获取年级</option>
<option value="ypt:ypt_hyper_bj,xpt:xpt_hyper_bj" func="Query">006 - 获取班级</option>
<option value="ypt:ypt_hyper_js,xpt:xpt_hyper_js" func="Query">007 - 获取教师(教职工)</option>
<option value="ypt:ypt_hyper_xs,xpt:xpt_hyper_xs" func="Query">008 - 获取学生</option>
<option value="ypt:ypt_hyper_jz,xpt:xpt_hyper_jz" func="Query">009 - 获取家长</option>
<option value="ypt:ypt_hyper_yhjs,xpt:xpt_hyper_yhjs" func="Query">010 - 获取用户角色</option>
<option value="ypt:ypt_hyper_xtjs,xpt:xpt_hyper_xtjs" func="Query">011 - 获取系统角色</option>
<option value="ypt:ypt_hyper_qx,xpt:xpt_hyper_qx" func="Query">012 - 获取权限</option>
<option value="ypt:ypt_hyper_sjzd,xpt:xpt_hyper_sjzd" func="Query">013 - 获取数据字典</option>
</select>
<button class="button" type='button'>GET IT !</button>
</div>

128
dsDataexV1.1/MyHyper/DataHyper/DatahyperOpenapi/DatahyperOpenapi.go
Unescape View File

@ -3,7 +3,10 @@ package DatahyperOpenapi
import (
"dsDataex/MyHyper/DataHyper/DatahyperService"
"dsDataex/MyHyper/MySwagger"
"dsDataex/MyService/Auth/AuthService"
"dsDataex/MyService/DataEX/DataexService"
"dsDataex/Utils/CommonUtil"
"dsDataex/Utils/ValidationUtil"
"github.com/gin-gonic/gin"
"net/http"
"strings"
@ -43,19 +46,19 @@ func Query(c *gin.Context) {
return
}
//flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
//
//if flag == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统票据不正确"})
// //return
//}
//
//flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
//
//if flag2 == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
// //return
//}
flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
if flag == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统票据不正确"})
//return
}
flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
if flag2 == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
//return
}
// 接入系统URL后缀校验
if ! CommonUtil.StringArrayContain(platforms, platform) {
@ -111,19 +114,19 @@ func QueryByID(c *gin.Context) {
return
}
//flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
//
//if flag == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统票据不正确"})
// //return
//}
//
//flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
//
//if flag2 == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
// //return
//}
flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
if flag == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统票据不正确"})
//return
}
flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
if flag2 == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
//return
}
// 接入系统URL后缀校验
if ! CommonUtil.StringArrayContain(platforms, platform) {
@ -177,19 +180,19 @@ func QueryFE(c *gin.Context) {
return
}
//flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
//
//if flag == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统票据不正确"})
// //return
//}
//
//flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
//
//if flag2 == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
// //return
//}
flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
if flag == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统票据不正确"})
//return
}
flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
if flag2 == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
//return
}
// 接入系统URL后缀校验
if ! CommonUtil.StringArrayContain(platforms, platform) {
@ -197,6 +200,27 @@ func QueryFE(c *gin.Context) {
return
}
// 输入参数 SQL注入检测
if len(input.QueryCondition) > 0 {
result, msg, _ := ValidationUtil.ValidHyperSql(CommonUtil.ConvertInterfaceArrayToStringArray(input.QueryCondition))
if result == false {
c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false, Message: msg})
return
}
}
// 输入参数 SQL注入检测
if input.QueryCombination != "" {
var queryCombination []string
queryCombination = append(queryCombination, input.QueryCombination)
result, msg, _ := ValidationUtil.ValidHyperSql(queryCombination)
if result == false {
c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{Success: false, Message: msg})
return
}
}
res, msg, count, data, _ := DatahyperService.GetResultsFE(platform, input)
if res {
c.JSON(http.StatusOK, MySwagger.DatahyperGetResult{
@ -245,19 +269,19 @@ func QueryFEByID(c *gin.Context) {
return
}
//flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
//
//if flag == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统票据不正确"})
// //return
//}
//
//flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
//
//if flag2 == false {
// //c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
// //return
//}
flag, _, systemID := AuthService.CheckAccessToken(temp[0], temp[1], temp[2])
if flag == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统票据不正确"})
//return
}
flag2, _ := DataexService.CheckDatasourceSql(systemID, input.QueryID)
if flag2 == false {
//c.JSON(http.StatusOK, MySwagger.DatahyperGet{Success: false,Message: "接入系统GP-SQL查询权限验证失败"})
//return
}
// 接入系统URL后缀校验
if ! CommonUtil.StringArrayContain(platforms, platform) {

52
dsDataexV1.1/MyHyper/DataHyper/DatahyperService/DatahyperService.go
Unescape View File

@ -4,7 +4,6 @@ import (
"dsDataex/MyHyper/DataHyper/DatahyperDAO"
"dsDataex/MyHyper/MySwagger"
"dsDataex/Utils/CommonUtil"
"regexp"
//"strconv"
"strings"
)
@ -45,25 +44,31 @@ func GetResults(platform string, raw MySwagger.DatahyperQuery) (bool, string, in
}
*/
//reg1 := regexp.MustCompile(`(AS T|as T)$`)
if raw.QueryCombination != "" {
if find := strings.Contains(strings.ToUpper(sql), "WHERE"); find {
sql += " AND " + raw.QueryCombination
} else {
//if find := strings.Contains(strings.ToUpper(sql), "WHERE"); find {
// sql += " AND " + raw.QueryCombination
//} else {
// sql += " WHERE " + raw.QueryCombination
//}
sql += " WHERE " + raw.QueryCombination
}
}
if len(raw.QueryOrder) > 0 {
orderBy := strings.Join(raw.QueryOrder, ", ")
reg2 := regexp.MustCompile(`(ORDER|order)`)
prefix := ""
if !reg2.MatchString(sql) {
//reg2 := regexp.MustCompile(`(ORDER|order)`)
//if ! reg1.MatchString(sql) {
// if reg2.MatchString(sql) {
// prefix = ", "
// } else {
// prefix = " ORDER BY "
// }
//} else {
// prefix = " ORDER BY "
//}
prefix = " ORDER BY "
} else {
prefix = ", "
}
sql += prefix + orderBy
}
@ -164,16 +169,29 @@ func GetResultsFE(platform string, raw MySwagger.DatahyperQueryFE) (bool, string
*/
if raw.QueryCombination != "" {
if find := strings.Contains(strings.ToUpper(sql), "WHERE"); find {
sql += " AND " + raw.QueryCombination
} else {
//if find := strings.Contains(strings.ToUpper(sql), "WHERE"); find {
// sql += " AND " + raw.QueryCombination
//} else {
// sql += " WHERE " + raw.QueryCombination
//}
sql += " WHERE " + raw.QueryCombination
}
}
if len(raw.QueryOrder) > 0 {
orderby := strings.Join(raw.QueryOrder, ", ")
sql += " ORDER BY " + orderby
orderBy := strings.Join(raw.QueryOrder, ", ")
prefix := ""
//reg2 := regexp.MustCompile(`(ORDER|order)`)
//if ! reg1.MatchString(sql) {
// if reg2.MatchString(sql) {
// prefix = ", "
// } else {
// prefix = " ORDER BY "
// }
//} else {
// prefix = " ORDER BY "
//}
prefix = " ORDER BY "
sql += prefix + orderBy
}
//接收传入参数

2
dsDataexV1.1/MyReport/GPSql/GPSqlOpenapi/GPSqlOpenapi.go
Unescape View File

@ -61,7 +61,7 @@ func QuerySimpleGP(c *gin.Context) {
// 输入参数 SQL注入检测
if len(input.Query.QueryParam) > 0 {
result, msg, _ := ValidationUtil.ValidGPSqlInjuect(input.Query.QueryParam)
result, msg, _ := ValidationUtil.ValidGPSql(input.Query.QueryParam)
if result == false {
fmt.Println(msg)
c.JSON(http.StatusOK, MySwagger.DataResult{Success: false, Message: msg})

21
dsDataexV1.1/Utils/CommonUtil/CommonUtil.go
Unescape View File

@ -281,3 +281,24 @@ func StringArrayContain(items []string, item string) bool {
}
return false
}
func ConvertInterfaceArrayToStringArray(params []interface{}) []string {
var paramStringArray []string
for _, param := range params {
switch v := param.(type) {
case string:
paramStringArray = append(paramStringArray, v)
case int:
strV := strconv.FormatInt(int64(v), 10)
paramStringArray = append(paramStringArray, strV)
case float64:
strV := strconv.FormatFloat(v, 'f', -1, 64)
paramStringArray = append(paramStringArray, strV)
default:
panic("params type not supported")
}
}
return paramStringArray
}

34
dsDataexV1.1/Utils/ValidationUtil/ValidationUtil.go
Unescape View File

@ -159,7 +159,7 @@ func ValidESDataContentItem(dataContentItem map[string]interface{}, itemName str
}
/**
* @title ValidSqlInjuect
* @title ValidGPSql
* @Description SQL
* @Author wangshuai
* @Date 2021-02-26
@ -168,7 +168,7 @@ func ValidESDataContentItem(dataContentItem map[string]interface{}, itemName str
* @Return string
* @Return error
*/
func ValidGPSqlInjuect(params []string) (bool, string, error) {
func ValidGPSql(params []string) (bool, string, error) {
flag := true
msg := ""
var err error
@ -176,7 +176,35 @@ func ValidGPSqlInjuect(params []string) (bool, string, error) {
// 校验关键字
matchKeyword, _ := regexp.MatchString("SELECT|INSERT|DELETE|FROM|COUNT\\(|DROP TABLE|TRUNCATE|\\ASC|MID\\(|CHAR\\(|XP_CMDSHELL|EXEC MASTER|NETLOCALGROUP ADMINISTRATORS|\\:|NET USER|\"\"|OR|AND", strings.ToUpper(v))
// 校验关键字符
matchCharacter, _ := regexp.MatchString("[-|;|,|\\?|/|\\(|\\)|\\[|\\]|}|{|%|\\@|*|!|']", strings.ToUpper(v))
matchCharacter, _ := regexp.MatchString("[-|;|,|\\?|/|\\(|\\)|\\[|\\]|}|{|%|\\@|*|!|']", v)
if matchKeyword == true || matchCharacter == true {
flag = false
msg = "SQL注入校验不通过"
}
}
return flag, msg, err
}
/**
* @title ValidHyperSql
* @Description SQL
* @Author wangshuai
* @Date 2021-02-26
* @Param params []string SQL
* @Return bool
* @Return string
* @Return error
*/
func ValidHyperSql(params []string) (bool, string, error) {
flag := true
msg := ""
var err error
for _, v := range params {
// 校验关键字
matchKeyword, _ := regexp.MatchString("SELECT|INSERT|DELETE|FROM|COUNT\\(|DROP TABLE|TRUNCATE|\\ASC|MID\\(|CHAR\\(|XP_CMDSHELL|EXEC MASTER|NETLOCALGROUP ADMINISTRATORS|\\:|NET USER|\"\"|OR|AND", strings.ToUpper(v))
// 校验关键字符
matchCharacter, _ := regexp.MatchString("[-|;|,|\\?|/|\\(|\\)|\\[|\\]|}|{|%|\\@|*]", v)
if matchKeyword == true || matchCharacter == true {
flag = false
msg = "SQL注入校验不通过"

20
dsDataexV1.1/docs/common_left.html
Unescape View File

@ -1,7 +1,22 @@
<div class="overview">▶ 数据交换服务</div>
<li><a href="index.html#operations-tag-dataex">数据交换【DataEX】</a></li>
<li><a href="index.html#operations-tag-dataex">汇集数据【DataexCollect】</a></li>
<li><a href="index.html#operations-tag-dataex">获取数据【DataexGet】</a></li>
<li><a href="index.html#operations-tag-dataex">分页查询数据【DataexPage】</a></li>
<li><a href="index.html#operations-tag-dataex">条件查询数据【DataexQuery】</a></li>
<li><a href="index.html#operations-tag-dataex">修改数据【DataexSet】</a></li>
<li><a href="index.html#operations-tag-dataex">接入系统鉴权【SystemAuth】</a></li>
<div class="overview">▶ 超融合服务</div>
<li><a href="index.html#operations-tag-hyper_query">超融合数据查询后台【Query】</a></li>
<li><a href="index.html#operations-tag-hyper_querybyid">超融合数据详情查询后台【QueryByID】</a></li>
<li><a href="index.html#operations-tag-hyper_queryfe">超融合数据查询前端【QueryFE】</a></li>
<li><a href="index.html#operations-tag-hyper_queryfebyid">超融合数据详情查询前端【QueryFEByID】</a></li>
<div class="overview">▶ 统计分析服务</div>
<li><a href="index.html#operations-tag-report">数据查询【Report】</a></li>
<li><a href="index.html#operations-tag-report_queryjoin">ES-SQL数据关联查询【QueryJoin】</a></li>
<li><a href="index.html#operations-tag-report_querysimple">ES-SQL数据查询【QuerySimple】</a></li>
<li><a href="index.html#operations-tag-report_querysimplegp">GP-SQL数据查询【QuerySimpleGP】</a></li>
<li><a href="index.html#operations-tag-report_queryunion">ES-SQL数据合并查询【QueryUnion】</a></li>
<!--
<div>▶ 数据交换管理</div>
<li><a href="index.html#operations-tag-linksystem">接入系统管理【LinkSystem】</a></li>
<li><a href="index.html#operations-tag-datasource">数据源管理【DataSource】</a></li>
@ -9,3 +24,4 @@
<li><a href="index.html#operations-tag-metadata">元数据管理【MetaData】</a></li>
<li><a href="index.html#operations-tag-jyt2012">数据标准管理【JYT-2012】</a></li>
<li><a href="index.html#operations-tag-orgtree">机构目录查询【OrgTree】</a></li>
-->

3
dsDataexV1.1/docs/index.html
Unescape View File

@ -19,11 +19,12 @@
<div class="topbar-wrapper">
<a href="#" class="link">
<img src="./assets/image/favicon-16x16.png" alt="Swagger UI" width="30" height="30">
<span>东师理想大数据平台 . 数据交换与汇集服务&nbsp;<span>Developer Api &nbsp;&nbsp;&nbsp;&nbsp;<font color="yellow" size="2">V1.0</font></span></span>
<span>东师理想大数据平台&nbsp;<span>Developer Api &nbsp;&nbsp;&nbsp;&nbsp;<font color="yellow" size="2">V1.0</font></span></span>
</a>
<ul class="toolflag">
<li><a href="index.html">数据统计分析服务</a></li>
<li><a href="index.html"><font color="yellow" size="2">数据交换汇集服务</font></a></li>
<li><a href="index.html">超融合服务</a></li>
</ul>
</div>
</div>

Write Preview
Loading…
Cancel
Save