feat: 前后端传递sql编码处理

mayfly_go_web/package.json

@@ -17,6 +17,7 @@
     "cropperjs": "^1.5.11",
     "echarts": "^5.4.3",
     "element-plus": "^2.4.3",
+    "js-base64": "^3.7.5",
     "jsencrypt": "^3.3.2",
     "lodash": "^4.17.21",
     "mitt": "^3.0.1",

mayfly_go_web/src/common/Api.ts

@@ -14,11 +14,27 @@ class Api {
      */
     method: string;
 
+    /**
+     * 请求前处理函数
+     * param1: param请求参数
+     */
+    beforeHandler: Function;
+
     constructor(url: string, method: string) {
         this.url = url;
         this.method = method;
     }
 
+    /**
+     * 设置请求前处理回调函数
+     * @param func 请求前处理器
+     * @returns this
+     */
+    withBeforeHandler(func: Function) {
+        this.beforeHandler = func;
+        return this;
+    }
+
     /**
      * 获取权限的完整url
      */
@@ -31,6 +47,9 @@ class Api {
      * @param {Object} param 请求该api的参数
      */
     request(param: any = null, options: any = null, headers: any = null): Promise<any> {
+        if (this.beforeHandler) {
+            this.beforeHandler(param);
+        }
         return request.request(this.method, this.url, param, headers, options);
     }
 

mayfly_go_web/src/views/ops/db/api.ts

@@ -1,4 +1,5 @@
 import Api from '@/common/Api';
+import { Base64 } from 'js-base64';
 
 export const dbApi = {
     // 获取权限列表
@@ -14,7 +15,12 @@ export const dbApi = {
     pgSchemas: Api.newGet('/dbs/{id}/pg/schemas'),
     // 获取表即列提示
     hintTables: Api.newGet('/dbs/{id}/hint-tables'),
-    sqlExec: Api.newPost('/dbs/{id}/exec-sql'),
+    sqlExec: Api.newPost('/dbs/{id}/exec-sql').withBeforeHandler((param: any) => {
+        // sql编码处理
+        if (param.sql) {
+            param.sql = Base64.encode(param.sql);
+        }
+    }),
     // 保存sql
     saveSql: Api.newPost('/dbs/{id}/sql'),
     // 获取保存的sql

mayfly_go_web/yarn.lock

@@ -1352,6 +1352,11 @@ isexe@^2.0.0:
   resolved "https://registry.npm.taobao.org/isexe/download/isexe-2.0.0.tgz"
   integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=
 
+js-base64@^3.7.5:
+  version "3.7.5"
+  resolved "https://registry.npmmirror.com/js-base64/-/js-base64-3.7.5.tgz#21e24cf6b886f76d6f5f165bfcd69cc55b9e3fca"
+  integrity sha512-3MEt5DTINKqfScXKfJFrRbxkrnk2AxPWGBL/ycjz4dK8iqiSJ06UxD8jh8xuh6p10TX4t2+7FsBYVxxQbMg+qA==
+
 js-sdsl@^4.1.4:
   version "4.3.0"
   resolved "https://registry.npmmirror.com/js-sdsl/-/js-sdsl-4.3.0.tgz#aeefe32a451f7af88425b11fdb5f58c90ae1d711"

server/internal/db/api/db.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"encoding/base64"
 	"fmt"
 	"io"
 	"mayfly-go/internal/common/consts"
@@ -89,12 +90,14 @@ func (d *Db) ExecSql(rc *req.Ctx) {
 	biz.ErrIsNil(err)
 	biz.ErrIsNilAppendErr(d.TagApp.CanAccess(rc.GetLoginAccount().Id, dbConn.Info.TagPath...), "%s")
 
+	sqlBytes, err := base64.StdEncoding.DecodeString(form.Sql)
+	biz.ErrIsNilAppendErr(err, "sql解码失败: %s")
+	// 去除前后空格及换行符
+	sql := stringx.TrimSpaceAndBr(string(sqlBytes))
+
 	rc.ReqParam = fmt.Sprintf("%s\n-> %s", dbConn.Info.GetLogDesc(), form.Sql)
 	biz.NotEmpty(form.Sql, "sql不能为空")
 
-	// 去除前后空格及换行符
-	sql := stringx.TrimSpaceAndBr(form.Sql)
-
 	execReq := &application.DbSqlExecReq{
 		DbId:         dbId,
 		Db:           form.Db,