mirror of
https://github.com/YMFE/yapi.git
synced 2025-03-31 14:50:26 +08:00
feat: 完善path验证规则
This commit is contained in:
sean
parent
08bccf4451
commit
e0fdafe3fc
@ -48,6 +48,10 @@ class interfaceController extends baseController{
|
||||
return ctx.body = yapi.commons.resReturn(null, 400, '接口请求路径不能为空');
|
||||
}
|
||||
|
||||
if(!yapi.commons.verifyPath(params.path)){
|
||||
return ctx.body = yapi.commons.resReturn(null, 400, '接口path第一位必须是/,最后一位不能为/')
|
||||
}
|
||||
|
||||
let checkRepeat = await this.Model.checkRepeat(params.path, params.method);
|
||||
if(checkRepeat > 0){
|
||||
return ctx.body = yapi.commons.resReturn(null, 401, '已存在的接口:' + params.path + '[' + params.method + ']');
|
||||
@ -162,12 +166,17 @@ class interfaceController extends baseController{
|
||||
return ctx.body = yapi.commons.resReturn(null, 400, '接口id不能为空');
|
||||
}
|
||||
let interfaceData = await this.Model.get(id);
|
||||
|
||||
if(params.path && !yapi.commons.verifyPath(params.path)){
|
||||
return ctx.body = yapi.commons.resReturn(null, 400, '接口path第一位必须是/,最后一位不能为/')
|
||||
}
|
||||
|
||||
if(params.path && params.path !== interfaceData.path && params.method !== interfaceData.method){
|
||||
let checkRepeat = await this.Model.checkRepeat(params.path, params.method);
|
||||
if(checkRepeat > 0){
|
||||
return ctx.body = yapi.commons.resReturn(null, 401, '已存在的接口:' + params.path + '[' + params.method + ']');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
let data = {
|
||||
up_time: yapi.commons.time()
|
||||
|
||||
@ -18,20 +18,12 @@ class projectController extends baseController {
|
||||
if(!basepath) return false;
|
||||
if(basepath[0] !== '/') basepath = '/' + basepath;
|
||||
if(basepath[basepath.length -1] === '/') basepath = basepath.substr(0, basepath.length -1)
|
||||
if(!this.verifyPath(basepath)){
|
||||
if(yapi.commons.verifyPath(basepath)){
|
||||
return false;
|
||||
}
|
||||
return basepath;
|
||||
}
|
||||
|
||||
verifyPath(path){
|
||||
if(/^[a-zA-Z0-9\-\/_:]+$/.test(path)){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
verifyDomain(domain){
|
||||
if(!domain) return false;
|
||||
if(/^[a-zA-Z0-9\-_\.]+[a-zA-Z]{2,6}$/.test(domain)){
|
||||
|
||||
@ -139,6 +139,10 @@ class userController extends baseController {
|
||||
up_time: yapi.commons.time()
|
||||
}
|
||||
user = await userInst.save(data);
|
||||
yapi.commons.sendMail({
|
||||
to: params.email,
|
||||
contents: `<h3>亲爱的用户:</h3><p>您好,感谢使用YApi,系统检测您是第一次用Qsso账号登录YApi服务,您的Email是: ${params.email} ,初始化密码为:${passsalt}</p>`
|
||||
})
|
||||
}
|
||||
|
||||
this.setLoginCookie(user._id, user.passsalt)
|
||||
@ -276,7 +280,7 @@ class userController extends baseController {
|
||||
});
|
||||
yapi.commons.sendMail({
|
||||
to: params.email,
|
||||
contents: `欢迎注册,您的账号 ${params.email} 已经注册成功`
|
||||
contents: `<h3>亲爱的用户:</h3><p>您好,感谢使用YApi,您的账号 ${params.email} 已经注册成功</p>`
|
||||
})
|
||||
} catch (e) {
|
||||
ctx.body = yapi.commons.resReturn(null, 401, e.message);
|
||||
|
||||
@ -134,4 +134,16 @@ exports.filterRes = (list, rules) => {
|
||||
});
|
||||
return filteredRes;
|
||||
})
|
||||
}
|
||||
|
||||
exports.verifyPath = (path) => {
|
||||
if (/^\/[a-zA-Z0-9\-\/_:]+$/.test(path)) {
|
||||
if (path[path.length - 1] === '/') {
|
||||
return false;
|
||||
} else {
|
||||
return true
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@ -114,21 +114,29 @@ var interfaceController = function (_baseController) {
|
||||
return _context.abrupt('return', ctx.body = _yapi2.default.commons.resReturn(null, 400, '接口请求路径不能为空'));
|
||||
|
||||
case 8:
|
||||
_context.next = 10;
|
||||
return this.Model.checkRepeat(params.path, params.method);
|
||||
if (_yapi2.default.commons.verifyPath(params.path)) {
|
||||
_context.next = 10;
|
||||
break;
|
||||
}
|
||||
|
||||
return _context.abrupt('return', ctx.body = _yapi2.default.commons.resReturn(null, 400, '接口path第一位必须是/,最后一位不能为/'));
|
||||
|
||||
case 10:
|
||||
_context.next = 12;
|
||||
return this.Model.checkRepeat(params.path, params.method);
|
||||
|
||||
case 12:
|
||||
checkRepeat = _context.sent;
|
||||
|
||||
if (!(checkRepeat > 0)) {
|
||||
_context.next = 13;
|
||||
_context.next = 15;
|
||||
break;
|
||||
}
|
||||
|
||||
return _context.abrupt('return', ctx.body = _yapi2.default.commons.resReturn(null, 401, '已存在的接口:' + params.path + '[' + params.method + ']'));
|
||||
|
||||
case 13:
|
||||
_context.prev = 13;
|
||||
case 15:
|
||||
_context.prev = 15;
|
||||
data = {
|
||||
project_id: params.project_id,
|
||||
title: params.title,
|
||||
@ -148,28 +156,28 @@ var interfaceController = function (_baseController) {
|
||||
if (params.req_params_form) data.req_params_form = params.req_params_form;
|
||||
if (params.req_params_other) data.req_params_other = params.req_params_other;
|
||||
|
||||
_context.next = 19;
|
||||
_context.next = 21;
|
||||
return this.Model.save(data);
|
||||
|
||||
case 19:
|
||||
case 21:
|
||||
result = _context.sent;
|
||||
|
||||
ctx.body = _yapi2.default.commons.resReturn(result);
|
||||
_context.next = 26;
|
||||
_context.next = 28;
|
||||
break;
|
||||
|
||||
case 23:
|
||||
_context.prev = 23;
|
||||
_context.t0 = _context['catch'](13);
|
||||
case 25:
|
||||
_context.prev = 25;
|
||||
_context.t0 = _context['catch'](15);
|
||||
|
||||
ctx.body = _yapi2.default.commons.resReturn(null, 402, _context.t0.message);
|
||||
|
||||
case 26:
|
||||
case 28:
|
||||
case 'end':
|
||||
return _context.stop();
|
||||
}
|
||||
}
|
||||
}, _callee, this, [[13, 23]]);
|
||||
}, _callee, this, [[15, 25]]);
|
||||
}));
|
||||
|
||||
function add(_x) {
|
||||
@ -359,25 +367,33 @@ var interfaceController = function (_baseController) {
|
||||
case 8:
|
||||
interfaceData = _context4.sent;
|
||||
|
||||
if (!(params.path && params.path !== interfaceData.path && params.method !== interfaceData.method)) {
|
||||
_context4.next = 15;
|
||||
if (!(params.path && !_yapi2.default.commons.verifyPath(params.path))) {
|
||||
_context4.next = 11;
|
||||
break;
|
||||
}
|
||||
|
||||
_context4.next = 12;
|
||||
return _context4.abrupt('return', ctx.body = _yapi2.default.commons.resReturn(null, 400, '接口path第一位必须是/,最后一位不能为/'));
|
||||
|
||||
case 11:
|
||||
if (!(params.path && params.path !== interfaceData.path && params.method !== interfaceData.method)) {
|
||||
_context4.next = 17;
|
||||
break;
|
||||
}
|
||||
|
||||
_context4.next = 14;
|
||||
return this.Model.checkRepeat(params.path, params.method);
|
||||
|
||||
case 12:
|
||||
case 14:
|
||||
checkRepeat = _context4.sent;
|
||||
|
||||
if (!(checkRepeat > 0)) {
|
||||
_context4.next = 15;
|
||||
_context4.next = 17;
|
||||
break;
|
||||
}
|
||||
|
||||
return _context4.abrupt('return', ctx.body = _yapi2.default.commons.resReturn(null, 401, '已存在的接口:' + params.path + '[' + params.method + ']'));
|
||||
|
||||
case 15:
|
||||
case 17:
|
||||
data = {
|
||||
up_time: _yapi2.default.commons.time()
|
||||
};
|
||||
@ -396,29 +412,29 @@ var interfaceController = function (_baseController) {
|
||||
if (params.res_body_type) data.res_body_type = params.res_body_type;
|
||||
if (params.res_body) data.res_body = params.res_body;
|
||||
|
||||
_context4.prev = 25;
|
||||
_context4.next = 28;
|
||||
_context4.prev = 27;
|
||||
_context4.next = 30;
|
||||
return this.Model.up(id, data);
|
||||
|
||||
case 28:
|
||||
case 30:
|
||||
result = _context4.sent;
|
||||
|
||||
ctx.body = _yapi2.default.commons.resReturn(result);
|
||||
_context4.next = 35;
|
||||
_context4.next = 37;
|
||||
break;
|
||||
|
||||
case 32:
|
||||
_context4.prev = 32;
|
||||
_context4.t0 = _context4['catch'](25);
|
||||
case 34:
|
||||
_context4.prev = 34;
|
||||
_context4.t0 = _context4['catch'](27);
|
||||
|
||||
ctx.body = _yapi2.default.commons.resReturn(null, 402, _context4.t0.message);
|
||||
|
||||
case 35:
|
||||
case 37:
|
||||
case 'end':
|
||||
return _context4.stop();
|
||||
}
|
||||
}
|
||||
}, _callee4, this, [[25, 32]]);
|
||||
}, _callee4, this, [[27, 34]]);
|
||||
}));
|
||||
|
||||
function up(_x4) {
|
||||
|
||||
@ -77,20 +77,11 @@ var projectController = function (_baseController) {
|
||||
if (!basepath) return false;
|
||||
if (basepath[0] !== '/') basepath = '/' + basepath;
|
||||
if (basepath[basepath.length - 1] === '/') basepath = basepath.substr(0, basepath.length - 1);
|
||||
if (!this.verifyPath(basepath)) {
|
||||
if (_yapi2.default.commons.verifyPath(basepath)) {
|
||||
return false;
|
||||
}
|
||||
return basepath;
|
||||
}
|
||||
}, {
|
||||
key: 'verifyPath',
|
||||
value: function verifyPath(path) {
|
||||
if (/^[a-zA-Z0-9\-\/_:]+$/.test(path)) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}, {
|
||||
key: 'verifyDomain',
|
||||
value: function verifyDomain(domain) {
|
||||
@ -742,7 +733,7 @@ var projectController = function (_baseController) {
|
||||
* @param {String} [desc] 项目描述
|
||||
* @param {Array} [env] 项目环境配置
|
||||
* @param {String} [env[].name] 环境名称
|
||||
* @param {String} [env[].host] 环境域名
|
||||
* @param {String} [env[].domain] 环境域名
|
||||
* @returns {Object}
|
||||
* @example ./api/project/up.json
|
||||
*/
|
||||
|
||||
@ -301,7 +301,7 @@ var userController = function (_baseController) {
|
||||
user = _context4.sent;
|
||||
|
||||
if (!(!user || !user._id)) {
|
||||
_context4.next = 12;
|
||||
_context4.next = 13;
|
||||
break;
|
||||
}
|
||||
|
||||
@ -321,24 +321,29 @@ var userController = function (_baseController) {
|
||||
case 11:
|
||||
user = _context4.sent;
|
||||
|
||||
case 12:
|
||||
_yapi2.default.commons.sendMail({
|
||||
to: params.email,
|
||||
contents: '<h3>\u4EB2\u7231\u7684\u7528\u6237\uFF1A</h3><p>\u60A8\u597D\uFF0C\u611F\u8C22\u4F7F\u7528YApi,\u7CFB\u7EDF\u68C0\u6D4B\u60A8\u662F\u7B2C\u4E00\u6B21\u7528Qsso\u8D26\u53F7\u767B\u5F55YApi\u670D\u52A1,\u60A8\u7684Email\u662F\uFF1A ' + params.email + ' \uFF0C\u521D\u59CB\u5316\u5BC6\u7801\u4E3A\uFF1A' + passsalt + '</p>'
|
||||
});
|
||||
|
||||
case 13:
|
||||
|
||||
this.setLoginCookie(user._id, user.passsalt);
|
||||
return _context4.abrupt('return', true);
|
||||
|
||||
case 16:
|
||||
_context4.prev = 16;
|
||||
case 17:
|
||||
_context4.prev = 17;
|
||||
_context4.t0 = _context4['catch'](2);
|
||||
|
||||
console.error(_context4.t0.message);
|
||||
return _context4.abrupt('return', false);
|
||||
|
||||
case 20:
|
||||
case 21:
|
||||
case 'end':
|
||||
return _context4.stop();
|
||||
}
|
||||
}
|
||||
}, _callee4, this, [[2, 16]]);
|
||||
}, _callee4, this, [[2, 17]]);
|
||||
}));
|
||||
|
||||
function handleThirdLogin(_x4, _x5) {
|
||||
@ -605,7 +610,7 @@ var userController = function (_baseController) {
|
||||
});
|
||||
_yapi2.default.commons.sendMail({
|
||||
to: params.email,
|
||||
contents: '\u6B22\u8FCE\u6CE8\u518C\uFF0C\u60A8\u7684\u8D26\u53F7 ' + params.email + ' \u5DF2\u7ECF\u6CE8\u518C\u6210\u529F'
|
||||
contents: '<h3>\u4EB2\u7231\u7684\u7528\u6237\uFF1A</h3><p>\u60A8\u597D\uFF0C\u611F\u8C22\u4F7F\u7528YApi,\u60A8\u7684\u8D26\u53F7 ' + params.email + ' \u5DF2\u7ECF\u6CE8\u518C\u6210\u529F</p>'
|
||||
});
|
||||
_context8.next = 26;
|
||||
break;
|
||||
@ -855,15 +860,16 @@ var userController = function (_baseController) {
|
||||
key: 'update',
|
||||
value: function () {
|
||||
var _ref12 = (0, _asyncToGenerator3.default)(_regenerator2.default.mark(function _callee12(ctx) {
|
||||
var params, userInst, id, data, checkRepeat, result;
|
||||
var _params, userInst, id, data, checkRepeat, result;
|
||||
|
||||
return _regenerator2.default.wrap(function _callee12$(_context12) {
|
||||
while (1) {
|
||||
switch (_context12.prev = _context12.next) {
|
||||
case 0:
|
||||
_context12.prev = 0;
|
||||
params = ctx.request.body;
|
||||
_params = ctx.request.body;
|
||||
|
||||
if (!(this.getRole() !== 'admin' && params.uid != this.getUid())) {
|
||||
if (!(this.getRole() !== 'admin' && _params.uid != this.getUid())) {
|
||||
_context12.next = 4;
|
||||
break;
|
||||
}
|
||||
@ -872,7 +878,7 @@ var userController = function (_baseController) {
|
||||
|
||||
case 4:
|
||||
userInst = _yapi2.default.getInst(_user2.default);
|
||||
id = params.uid;
|
||||
id = _params.uid;
|
||||
|
||||
if (id) {
|
||||
_context12.next = 8;
|
||||
@ -888,10 +894,10 @@ var userController = function (_baseController) {
|
||||
};
|
||||
|
||||
if (this.getRole() === 'admin') {
|
||||
params.role && (data.role = params.role);
|
||||
_params.role && (data.role = _params.role);
|
||||
}
|
||||
params.username && (data.username = params.username);
|
||||
params.email && (data.email = params.email);
|
||||
_params.username && (data.username = _params.username);
|
||||
_params.email && (data.email = _params.email);
|
||||
|
||||
if (!data.email) {
|
||||
_context12.next = 18;
|
||||
|
||||
@ -155,4 +155,16 @@ exports.filterRes = function (list, rules) {
|
||||
});
|
||||
return filteredRes;
|
||||
});
|
||||
};
|
||||
|
||||
exports.verifyPath = function (path) {
|
||||
if (/^\/[a-zA-Z0-9\-\/_:]+$/.test(path)) {
|
||||
if (path[path.length - 1] === '/') {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
Loading…
x
Reference in New Issue
Block a user