diff --git a/internal/db/models/accounts/user_account_log_dao.go b/internal/db/models/accounts/user_account_log_dao.go index dac02154..ef259d7f 100644 --- a/internal/db/models/accounts/user_account_log_dao.go +++ b/internal/db/models/accounts/user_account_log_dao.go @@ -2,6 +2,7 @@ package accounts import ( "github.com/TeaOSLab/EdgeAPI/internal/db/models" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/userconfigs" _ "github.com/go-sql-driver/mysql" @@ -79,7 +80,7 @@ func (this *UserAccountLogDAO) CountAccountLogs(tx *dbs.Tx, userId int64, accoun } if len(keyword) > 0 { query.Where("(userId IN (SELECT id FROM " + models.SharedUserDAO.Table + " WHERE state=1 AND (username LIKE :keyword OR fullname LIKE :keyword)) OR description LIKE :keyword)") - query.Param("keyword", "%"+keyword+"%") + query.Param("keyword", dbutils.QuoteLike(keyword)) } if len(eventType) > 0 { query.Attr("eventType", eventType) @@ -98,7 +99,7 @@ func (this *UserAccountLogDAO) ListAccountLogs(tx *dbs.Tx, userId int64, account } if len(keyword) > 0 { query.Where("(userId IN (SELECT id FROM " + models.SharedUserDAO.Table + " WHERE state=1 AND (username LIKE :keyword OR fullname LIKE :keyword)) OR description LIKE :keyword)") - query.Param("keyword", "%"+keyword+"%") + query.Param("keyword", dbutils.QuoteLike(keyword)) } if len(eventType) > 0 { query.Attr("eventType", eventType) diff --git a/internal/db/models/acme/acme_task_dao.go b/internal/db/models/acme/acme_task_dao.go index f23f2cad..7ec6146b 100644 --- a/internal/db/models/acme/acme_task_dao.go +++ b/internal/db/models/acme/acme_task_dao.go @@ -125,11 +125,11 @@ func (this *ACMETaskDAO) CountAllEnabledACMETasks(tx *dbs.Tx, adminId int64, use if len(keyword) > 0 { query.Where("(domains LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(keyword) > 0 { query.Where("domains LIKE :keyword"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query.State(ACMETaskStateEnabled). @@ -155,7 +155,7 @@ func (this *ACMETaskDAO) ListEnabledACMETasks(tx *dbs.Tx, adminId int64, userId } if len(keyword) > 0 { query.Where("(domains LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(ACMETaskStateEnabled). diff --git a/internal/db/models/dns/dns_provider_dao.go b/internal/db/models/dns/dns_provider_dao.go index 05bf262e..c64dbe41 100644 --- a/internal/db/models/dns/dns_provider_dao.go +++ b/internal/db/models/dns/dns_provider_dao.go @@ -111,7 +111,7 @@ func (this *DNSProviderDAO) CountAllEnabledDNSProviders(tx *dbs.Tx, adminId int6 var query = dbutils.NewQuery(tx, this, adminId, userId) if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query.State(DNSProviderStateEnabled). Count() @@ -122,7 +122,7 @@ func (this *DNSProviderDAO) ListEnabledDNSProviders(tx *dbs.Tx, adminId int64, u var query = dbutils.NewQuery(tx, this, adminId, userId) if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(DNSProviderStateEnabled). diff --git a/internal/db/models/http_access_log_dao.go b/internal/db/models/http_access_log_dao.go index dee1bdac..21725065 100644 --- a/internal/db/models/http_access_log_dao.go +++ b/internal/db/models/http_access_log_dao.go @@ -3,6 +3,7 @@ package models import ( "bytes" "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/goman" "github.com/TeaOSLab/EdgeAPI/internal/remotelogs" @@ -22,6 +23,7 @@ import ( timeutil "github.com/iwind/TeaGo/utils/time" "net" "net/http" + "net/url" "regexp" "sort" "strings" @@ -309,7 +311,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, return nil, lastRequestId, nil } - serverIds := []int64{} + var serverIds = []int64{} if userId > 0 { serverIds, err = SharedServerDAO.FindAllEnabledServerIdsWithUserId(tx, userId) if err != nil { @@ -369,6 +371,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, var statusPrefixReg = regexp.MustCompile(`status:\s*(\d{3})\b`) var statusRangeReg = regexp.MustCompile(`status:\s*(\d{3})-(\d{3})\b`) + var urlReg = regexp.MustCompile(`^(http|https)://`) var count = len(tableQueries) var wg = &sync.WaitGroup{} @@ -462,10 +465,13 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, } if len(keyword) > 0 { - // remoteAddr - if tableQuery.hasRemoteAddrField && net.ParseIP(keyword) != nil { + var isSpecialKeyword = false + + if tableQuery.hasRemoteAddrField && net.ParseIP(keyword) != nil { // ip + isSpecialKeyword = true query.Attr("remoteAddr", keyword) - } else if tableQuery.hasRemoteAddrField && regexp.MustCompile(`^ip:.+`).MatchString(keyword) { + } else if tableQuery.hasRemoteAddrField && regexp.MustCompile(`^ip:.+`).MatchString(keyword) { // ip:x.x.x.x + isSpecialKeyword = true keyword = keyword[3:] pieces := strings.SplitN(keyword, ",", 2) if len(pieces) == 1 || len(pieces[1]) == 0 { @@ -473,16 +479,27 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, } else { query.Between("INET_ATON(remoteAddr)", utils.IP2Long(pieces[0]), utils.IP2Long(pieces[1])) } - } else if statusRangeReg.MatchString(keyword) { + } else if statusRangeReg.MatchString(keyword) { // status:200-400 + isSpecialKeyword = true var matches = statusRangeReg.FindStringSubmatch(keyword) query.Between("status", types.Int(matches[1]), types.Int(matches[2])) // TODO 处理剩余的关键词 - } else if statusPrefixReg.MatchString(keyword) { + } else if statusPrefixReg.MatchString(keyword) { // status:200 + isSpecialKeyword = true var matches = statusPrefixReg.FindStringSubmatch(keyword) query.Attr("status", matches[1]) // TODO 处理剩余的关键词 - } else { + } else if urlReg.MatchString(keyword) { // https://xxx/yyy + u, err := url.Parse(keyword) + if err == nil { + isSpecialKeyword = true + query.Attr("domain", u.Host) + query.Where("JSON_EXTRACT(content, '$.requestURI') LIKE :keyword"). + Param("keyword", dbutils.QuoteLikePrefix("\""+u.RequestURI())) + } + } + if !isSpecialKeyword { if regexp.MustCompile(`^ip:.+`).MatchString(keyword) { keyword = keyword[3:] } @@ -530,7 +547,7 @@ func (this *HTTPAccessLogDAO) listAccessLogs(tx *dbs.Tx, } query.Where("("+where+")"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) if useOriginKeyword { query.Param("originKeyword", keyword) } diff --git a/internal/db/models/http_cache_policy_dao.go b/internal/db/models/http_cache_policy_dao.go index dea757c0..8c4fa1d0 100644 --- a/internal/db/models/http_cache_policy_dao.go +++ b/internal/db/models/http_cache_policy_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs" @@ -318,7 +319,7 @@ func (this *HTTPCachePolicyDAO) CountAllEnabledHTTPCachePolicies(tx *dbs.Tx, clu } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(storageType) > 0 { query.Attr("type", storageType) @@ -336,7 +337,7 @@ func (this *HTTPCachePolicyDAO) ListEnabledHTTPCachePolicies(tx *dbs.Tx, cluster } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(storageType) > 0 { query.Attr("type", storageType) diff --git a/internal/db/models/http_firewall_policy_dao.go b/internal/db/models/http_firewall_policy_dao.go index 2c608aac..2153af9e 100644 --- a/internal/db/models/http_firewall_policy_dao.go +++ b/internal/db/models/http_firewall_policy_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/firewallconfigs" @@ -311,7 +312,7 @@ func (this *HTTPFirewallPolicyDAO) CountAllEnabledFirewallPolicies(tx *dbs.Tx, c } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query. State(HTTPFirewallPolicyStateEnabled). @@ -330,7 +331,7 @@ func (this *HTTPFirewallPolicyDAO) ListEnabledFirewallPolicies(tx *dbs.Tx, clust } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(HTTPFirewallPolicyStateEnabled). diff --git a/internal/db/models/ip_item_dao.go b/internal/db/models/ip_item_dao.go index 462f5fe0..f1b22d14 100644 --- a/internal/db/models/ip_item_dao.go +++ b/internal/db/models/ip_item_dao.go @@ -1,6 +1,7 @@ package models import ( + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/goman" "github.com/TeaOSLab/EdgeAPI/internal/remotelogs" @@ -270,7 +271,7 @@ func (this *IPItemDAO) CountIPItemsWithListId(tx *dbs.Tx, listId int64, ipFrom s Attr("listId", listId) if len(keyword) > 0 { query.Where("(ipFrom LIKE :keyword OR ipTo LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(ipFrom) > 0 { query.Attr("ipFrom", ipFrom) @@ -288,7 +289,7 @@ func (this *IPItemDAO) ListIPItemsWithListId(tx *dbs.Tx, listId int64, keyword s Attr("listId", listId) if len(keyword) > 0 { query.Where("(ipFrom LIKE :keyword OR ipTo LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(ipFrom) > 0 { query.Attr("ipFrom", ipFrom) diff --git a/internal/db/models/ip_list_dao.go b/internal/db/models/ip_list_dao.go index 32305e38..ca8ea7a6 100644 --- a/internal/db/models/ip_list_dao.go +++ b/internal/db/models/ip_list_dao.go @@ -1,6 +1,7 @@ package models import ( + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" @@ -221,7 +222,7 @@ func (this *IPListDAO) CountAllEnabledIPLists(tx *dbs.Tx, listType string, isPub Attr("isPublic", isPublic) if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query.Count() } @@ -234,7 +235,7 @@ func (this *IPListDAO) ListEnabledIPLists(tx *dbs.Tx, listType string, isPublic Attr("isPublic", isPublic) if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query.Offset(offset). Limit(size). diff --git a/internal/db/models/log_dao.go b/internal/db/models/log_dao.go index e78cb5b3..f20a49aa 100644 --- a/internal/db/models/log_dao.go +++ b/internal/db/models/log_dao.go @@ -1,6 +1,7 @@ package models import ( + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" _ "github.com/go-sql-driver/mysql" "github.com/iwind/TeaGo/Tea" @@ -72,7 +73,7 @@ func (this *LogDAO) CountLogs(tx *dbs.Tx, dayFrom string, dayTo string, keyword } if len(keyword) > 0 { query.Where("(description LIKE :keyword OR ip LIKE :keyword OR action LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } // 用户类型 @@ -100,7 +101,7 @@ func (this *LogDAO) ListLogs(tx *dbs.Tx, offset int64, size int64, dayFrom strin } if len(keyword) > 0 { query.Where("(description LIKE :keyword OR ip LIKE :keyword OR action LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } // 用户类型 diff --git a/internal/db/models/message_media_instance_dao.go b/internal/db/models/message_media_instance_dao.go index c8038bf5..efc72dcd 100644 --- a/internal/db/models/message_media_instance_dao.go +++ b/internal/db/models/message_media_instance_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" _ "github.com/go-sql-driver/mysql" @@ -149,7 +150,7 @@ func (this *MessageMediaInstanceDAO) CountAllEnabledMediaInstances(tx *dbs.Tx, m } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query. State(MessageMediaInstanceStateEnabled). @@ -165,7 +166,7 @@ func (this *MessageMediaInstanceDAO) ListAllEnabledMediaInstances(tx *dbs.Tx, me } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(MessageMediaInstanceStateEnabled). diff --git a/internal/db/models/message_recipient_dao.go b/internal/db/models/message_recipient_dao.go index 76ebc737..41519776 100644 --- a/internal/db/models/message_recipient_dao.go +++ b/internal/db/models/message_recipient_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils" @@ -172,7 +173,7 @@ func (this *MessageRecipientDAO) CountAllEnabledRecipients(tx *dbs.Tx, adminId i } if len(keyword) > 0 { query.Where("(`user` LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query. State(MessageRecipientStateEnabled). @@ -197,7 +198,7 @@ func (this *MessageRecipientDAO) ListAllEnabledRecipients(tx *dbs.Tx, adminId in } if len(keyword) > 0 { query.Where("(`user` LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(MessageRecipientStateEnabled). diff --git a/internal/db/models/nameservers/ns_domain_dao.go b/internal/db/models/nameservers/ns_domain_dao.go index d0ea0d8b..a5cc38c5 100644 --- a/internal/db/models/nameservers/ns_domain_dao.go +++ b/internal/db/models/nameservers/ns_domain_dao.go @@ -2,6 +2,7 @@ package nameservers import ( "github.com/TeaOSLab/EdgeAPI/internal/db/models" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" _ "github.com/go-sql-driver/mysql" @@ -167,7 +168,7 @@ func (this *NSDomainDAO) CountAllEnabledDomains(tx *dbs.Tx, clusterId int64, use } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query. @@ -190,7 +191,7 @@ func (this *NSDomainDAO) ListEnabledDomains(tx *dbs.Tx, clusterId int64, userId } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(NSDomainStateEnabled). diff --git a/internal/db/models/nameservers/ns_record_dao.go b/internal/db/models/nameservers/ns_record_dao.go index dfab122e..8fa17773 100644 --- a/internal/db/models/nameservers/ns_record_dao.go +++ b/internal/db/models/nameservers/ns_record_dao.go @@ -3,6 +3,7 @@ package nameservers import ( "encoding/json" "github.com/TeaOSLab/EdgeAPI/internal/db/models" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" @@ -177,7 +178,7 @@ func (this *NSRecordDAO) CountAllEnabledDomainRecords(tx *dbs.Tx, domainId int64 } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR value LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(routeCode) > 0 { routeCodeJSON, err := json.Marshal(routeCode) @@ -207,7 +208,7 @@ func (this *NSRecordDAO) ListEnabledRecords(tx *dbs.Tx, domainId int64, dnsType } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR value LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(routeCode) > 0 { routeCodeJSON, err := json.Marshal(routeCode) diff --git a/internal/db/models/node_cluster_dao.go b/internal/db/models/node_cluster_dao.go index 0969ee30..fe4d535b 100644 --- a/internal/db/models/node_cluster_dao.go +++ b/internal/db/models/node_cluster_dao.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "github.com/TeaOSLab/EdgeAPI/internal/db/models/dns" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/dnsconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" @@ -221,7 +222,7 @@ func (this *NodeClusterDAO) CountAllEnabledClusters(tx *dbs.Tx, keyword string) State(NodeClusterStateEnabled) if len(keyword) > 0 { query.Where("(name LIKE :keyword OR dnsName like :keyword OR (dnsDomainId > 0 AND dnsDomainId IN (SELECT id FROM "+dns.SharedDNSDomainDAO.Table+" WHERE name LIKE :keyword AND state=1)))"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query.Count() } @@ -232,7 +233,7 @@ func (this *NodeClusterDAO) ListEnabledClusters(tx *dbs.Tx, keyword string, offs State(NodeClusterStateEnabled) if len(keyword) > 0 { query.Where("(name LIKE :keyword OR dnsName like :keyword OR (dnsDomainId > 0 AND dnsDomainId IN (SELECT id FROM "+dns.SharedDNSDomainDAO.Table+" WHERE name LIKE :keyword AND state=1)))"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. Offset(offset). diff --git a/internal/db/models/node_dao.go b/internal/db/models/node_dao.go index 4292dbde..d59f819e 100644 --- a/internal/db/models/node_dao.go +++ b/internal/db/models/node_dao.go @@ -4,6 +4,7 @@ import ( "encoding/json" teaconst "github.com/TeaOSLab/EdgeAPI/internal/const" "github.com/TeaOSLab/EdgeAPI/internal/db/models/dns" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils" @@ -323,7 +324,7 @@ func (this *NodeDAO) ListEnabledNodesMatch(tx *dbs.Tx, // 关键词 if len(keyword) > 0 { query.Where("(name LIKE :keyword OR JSON_EXTRACT(status,'$.hostname') LIKE :keyword OR id IN (SELECT nodeId FROM "+SharedNodeIPAddressDAO.Table+" WHERE ip LIKE :keyword))"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } // 分组 @@ -594,7 +595,7 @@ func (this *NodeDAO) CountAllEnabledNodesMatch(tx *dbs.Tx, // 关键词 if len(keyword) > 0 { query.Where("(name LIKE :keyword OR JSON_EXTRACT(status,'$.hostname') LIKE :keyword OR id IN (SELECT nodeId FROM "+SharedNodeIPAddressDAO.Table+" WHERE ip LIKE :keyword))"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } // 分组 diff --git a/internal/db/models/node_dao_ext.go b/internal/db/models/node_dao_ext.go index 6ba68f91..c8cce902 100644 --- a/internal/db/models/node_dao_ext.go +++ b/internal/db/models/node_dao_ext.go @@ -1,6 +1,6 @@ // Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. -//go:build community -// +build community +//go:build !plus +// +build !plus package models diff --git a/internal/db/models/node_grant_dao.go b/internal/db/models/node_grant_dao.go index 732ed1ce..2567cb32 100644 --- a/internal/db/models/node_grant_dao.go +++ b/internal/db/models/node_grant_dao.go @@ -2,6 +2,7 @@ package models import ( "errors" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" _ "github.com/go-sql-driver/mysql" "github.com/iwind/TeaGo/Tea" "github.com/iwind/TeaGo/dbs" @@ -129,7 +130,7 @@ func (this *NodeGrantDAO) CountAllEnabledGrants(tx *dbs.Tx, keyword string) (int State(NodeGrantStateEnabled) if len(keyword) > 0 { query.Where("(name LIKE :keyword OR username LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query.Count() } @@ -140,7 +141,7 @@ func (this *NodeGrantDAO) ListEnabledGrants(tx *dbs.Tx, keyword string, offset i State(NodeGrantStateEnabled) if len(keyword) > 0 { query.Where("(name LIKE :keyword OR username LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. Offset(offset). diff --git a/internal/db/models/node_ip_address_dao.go b/internal/db/models/node_ip_address_dao.go index 212636f9..bbd547f0 100644 --- a/internal/db/models/node_ip_address_dao.go +++ b/internal/db/models/node_ip_address_dao.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "github.com/TeaOSLab/EdgeAPI/internal/db/models/dns" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeCommon/pkg/configutils" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" _ "github.com/go-sql-driver/mysql" @@ -323,7 +324,7 @@ func (this *NodeIPAddressDAO) CountAllEnabledIPAddresses(tx *dbs.Tx, role string // 关键词 if len(keyword) > 0 { query.Where("(ip LIKE :keyword OR name LIKE :keyword OR description LIKE :keyword OR nodeId IN (SELECT id FROM "+SharedNodeDAO.Table+" WHERE state=1 AND name LIKE :keyword))"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query.Count() @@ -355,7 +356,7 @@ func (this *NodeIPAddressDAO) ListEnabledIPAddresses(tx *dbs.Tx, role string, no // 关键词 if len(keyword) > 0 { query.Where("(ip LIKE :keyword OR name LIKE :keyword OR description LIKE :keyword OR nodeId IN (SELECT id FROM "+SharedNodeDAO.Table+" WHERE state=1 AND name LIKE :keyword))"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query.Offset(offset). diff --git a/internal/db/models/node_log_dao.go b/internal/db/models/node_log_dao.go index e72905cb..4351b823 100644 --- a/internal/db/models/node_log_dao.go +++ b/internal/db/models/node_log_dao.go @@ -1,6 +1,7 @@ package models import ( + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/remotelogs" "github.com/TeaOSLab/EdgeCommon/pkg/configutils" @@ -184,7 +185,7 @@ func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx, } if len(keyword) > 0 { query.Where("(tag LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(level) > 0 { query.Attr("level", level) @@ -200,7 +201,7 @@ func (this *NodeLogDAO) CountNodeLogs(tx *dbs.Tx, query.Attr("isRead", 0) } if len(tag) > 0 { - query.Like("tag", "%"+tag+"%") + query.Like("tag", dbutils.QuoteLikeKeyword(tag)) } return query.Count() @@ -267,7 +268,7 @@ func (this *NodeLogDAO) ListNodeLogs(tx *dbs.Tx, } if len(keyword) > 0 { query.Where("(tag LIKE :keyword OR description LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if len(level) > 0 { var pieces = strings.Split(level, ",") @@ -281,7 +282,7 @@ func (this *NodeLogDAO) ListNodeLogs(tx *dbs.Tx, query.Attr("isRead", 0) } if len(tag) > 0 { - query.Like("tag", "%"+tag+"%") + query.Like("tag", dbutils.QuoteLikeKeyword(tag)) } _, err = query. Offset(offset). diff --git a/internal/db/models/ns_access_log_dao.go b/internal/db/models/ns_access_log_dao.go index 87d25883..bfdccac1 100644 --- a/internal/db/models/ns_access_log_dao.go +++ b/internal/db/models/ns_access_log_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" _ "github.com/go-sql-driver/mysql" @@ -198,7 +199,7 @@ func (this *NSAccessLogDAO) listAccessLogs(tx *dbs.Tx, lastRequestId string, siz // keyword if len(keyword) > 0 { query.Where("(JSON_EXTRACT(content, '$.remoteAddr') LIKE :keyword OR JSON_EXTRACT(content, '$.questionName') LIKE :keyword OR JSON_EXTRACT(content, '$.recordValue') LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if !reverse { diff --git a/internal/db/models/ns_node_dao.go b/internal/db/models/ns_node_dao.go index 22f9a732..25565dd3 100644 --- a/internal/db/models/ns_node_dao.go +++ b/internal/db/models/ns_node_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/configutils" @@ -139,7 +140,7 @@ func (this *NSNodeDAO) CountAllEnabledNodesMatch(tx *dbs.Tx, clusterId int64, in } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query. @@ -176,7 +177,7 @@ func (this *NSNodeDAO) ListAllEnabledNodesMatch(tx *dbs.Tx, clusterId int64, ins } if len(keyword) > 0 { query.Where("(name LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. State(NSNodeStateEnabled). diff --git a/internal/db/models/report_node_dao.go b/internal/db/models/report_node_dao.go index 67aaca1e..dcacb49a 100644 --- a/internal/db/models/report_node_dao.go +++ b/internal/db/models/report_node_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/nodeconfigs" @@ -169,7 +170,7 @@ func (this *ReportNodeDAO) CountAllEnabledReportNodes(tx *dbs.Tx, groupId int64, } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR location LIKE :keyword OR isp LIKE :keyword OR allowIPs LIKE :keyword OR (status IS NOT NULL AND JSON_EXTRACT(status, 'ip') LIKE :keyword))") - query.Param("keyword", "%"+keyword+"%") + query.Param("keyword", dbutils.QuoteLike(keyword)) } return query.Count() } @@ -201,7 +202,7 @@ func (this *ReportNodeDAO) ListEnabledReportNodes(tx *dbs.Tx, groupId int64, key OR (LENGTH(location)=0 AND JSON_EXTRACT(status, '$.location') LIKE :keyword) OR (LENGTH(isp)=0 AND JSON_EXTRACT(status, '$.isp') LIKE :keyword) ))`) - query.Param("keyword", "%"+keyword+"%") + query.Param("keyword", dbutils.QuoteLike(keyword)) } query.Slice(&result) _, err = query.Asc("isActive"). diff --git a/internal/db/models/server_dao.go b/internal/db/models/server_dao.go index 80701839..40ff9db6 100644 --- a/internal/db/models/server_dao.go +++ b/internal/db/models/server_dao.go @@ -4,6 +4,7 @@ import ( "encoding/json" "errors" "github.com/TeaOSLab/EdgeAPI/internal/db/models/dns" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeAPI/internal/utils/numberutils" "github.com/TeaOSLab/EdgeCommon/pkg/configutils" @@ -668,10 +669,10 @@ func (this *ServerDAO) CountAllEnabledServersMatch(tx *dbs.Tx, groupId int64, ke if regexp.MustCompile(`^\d+$`).MatchString(keyword) { query.Where("(name LIKE :keyword OR serverNames LIKE :keyword OR JSON_CONTAINS(http, :portRange, '$.listen') OR JSON_CONTAINS(https, :portRange, '$.listen') OR JSON_CONTAINS(tcp, :portRange, '$.listen') OR JSON_CONTAINS(tls, :portRange, '$.listen'))"). Param("portRange", maps.Map{"portRange": keyword}.AsJSON()). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } else { query.Where("(name LIKE :keyword OR serverNames LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } } if userId > 0 { @@ -719,10 +720,10 @@ func (this *ServerDAO) ListEnabledServersMatch(tx *dbs.Tx, offset int64, size in if regexp.MustCompile(`^\d+$`).MatchString(keyword) { query.Where("(name LIKE :keyword OR serverNames LIKE :keyword OR JSON_CONTAINS(http, :portRange, '$.listen') OR JSON_CONTAINS(https, :portRange, '$.listen') OR JSON_CONTAINS(tcp, :portRange, '$.listen') OR JSON_CONTAINS(tls, :portRange, '$.listen'))"). Param("portRange", string(maps.Map{"portRange": keyword}.AsJSON())). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } else { query.Where("(name LIKE :keyword OR serverNames LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } } if userId > 0 { diff --git a/internal/db/models/ssl_cert_dao.go b/internal/db/models/ssl_cert_dao.go index 2547e132..4be2f191 100644 --- a/internal/db/models/ssl_cert_dao.go +++ b/internal/db/models/ssl_cert_dao.go @@ -4,6 +4,7 @@ import ( "bytes" "encoding/json" "errors" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs" _ "github.com/go-sql-driver/mysql" @@ -281,7 +282,7 @@ func (this *SSLCertDAO) CountCerts(tx *dbs.Tx, isCA bool, isAvailable bool, isEx } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if userId > 0 { query.Attr("userId", userId) @@ -311,7 +312,7 @@ func (this *SSLCertDAO) ListCertIds(tx *dbs.Tx, isCA bool, isAvailable bool, isE } if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if userId > 0 { query.Attr("userId", userId) @@ -514,7 +515,7 @@ func (this *SSLCertDAO) CountAllSSLCertsWithOCSPError(tx *dbs.Tx, keyword string if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword OR ocspError LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } return query. @@ -530,7 +531,7 @@ func (this *SSLCertDAO) ListSSLCertsWithOCSPError(tx *dbs.Tx, keyword string, of if len(keyword) > 0 { query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword OR ocspError LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } _, err = query. diff --git a/internal/db/models/user_dao.go b/internal/db/models/user_dao.go index bf66a3d7..fd550226 100644 --- a/internal/db/models/user_dao.go +++ b/internal/db/models/user_dao.go @@ -2,6 +2,7 @@ package models import ( "encoding/json" + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" "github.com/TeaOSLab/EdgeAPI/internal/errors" "github.com/TeaOSLab/EdgeAPI/internal/utils" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" @@ -222,7 +223,7 @@ func (this *UserDAO) CountAllEnabledUsers(tx *dbs.Tx, clusterId int64, keyword s } if len(keyword) > 0 { query.Where("(username LIKE :keyword OR fullname LIKE :keyword OR mobile LIKE :keyword OR email LIKE :keyword OR tel LIKE :keyword OR remark LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if isVerifying { query.Attr("isVerified", 0) @@ -247,7 +248,7 @@ func (this *UserDAO) ListEnabledUsers(tx *dbs.Tx, clusterId int64, keyword strin } if len(keyword) > 0 { query.Where("(username LIKE :keyword OR fullname LIKE :keyword OR mobile LIKE :keyword OR email LIKE :keyword OR tel LIKE :keyword OR remark LIKE :keyword)"). - Param("keyword", "%"+keyword+"%") + Param("keyword", dbutils.QuoteLike(keyword)) } if isVerifying { query.Attr("isVerified", 0) diff --git a/internal/db/utils/utils.go b/internal/db/utils/utils.go index 12fec217..4f821259 100644 --- a/internal/db/utils/utils.go +++ b/internal/db/utils/utils.go @@ -2,24 +2,12 @@ package dbutils import ( "github.com/iwind/TeaGo/dbs" + "strings" "sync" ) var SharedCacheLocker = sync.RWMutex{} -// JSONBytes 处理JSON字节Slice -func JSONBytes(data []byte) []byte { - if len(data) == 0 { - return []byte("null") - } - return data -} - -// IsNotNull 判断JSON是否不为空 -func IsNotNull(data string) bool { - return len(data) > 0 && data != "null" -} - // NewQuery 构造Query func NewQuery(tx *dbs.Tx, dao dbs.DAOWrapper, adminId int64, userId int64) *dbs.Query { query := dao.Object().Query(tx) @@ -31,3 +19,22 @@ func NewQuery(tx *dbs.Tx, dao dbs.DAOWrapper, adminId int64, userId int64) *dbs. } return query } + +// QuoteLikeKeyword 处理关键词中的特殊字符 +func QuoteLikeKeyword(keyword string) string { + keyword = strings.ReplaceAll(keyword, "%", "\\%") + keyword = strings.ReplaceAll(keyword, "_", "\\_") + return keyword +} + +func QuoteLike(keyword string) string { + return "%" + QuoteLikeKeyword(keyword) + "%" +} + +func QuoteLikePrefix(keyword string) string { + return QuoteLikeKeyword(keyword) + "%" +} + +func QuoteLikeSuffix(keyword string) string { + return "%" + QuoteLikeKeyword(keyword) +} diff --git a/internal/db/utils/utils_test.go b/internal/db/utils/utils_test.go new file mode 100644 index 00000000..5d2acdb1 --- /dev/null +++ b/internal/db/utils/utils_test.go @@ -0,0 +1,14 @@ +// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. + +package dbutils_test + +import ( + dbutils "github.com/TeaOSLab/EdgeAPI/internal/db/utils" + "testing" +) + +func TestQuoteLike(t *testing.T) { + for _, s := range []string{"abc", "abc%", "_abc%%%"} { + t.Log(s + " => " + dbutils.QuoteLike(s)) + } +}