1. Fixed the issue where queries could not be executed in SSL connect…

…ion mode for data sources, issue #1124. 2. Fixed the problem of permission escalation in query review mode, issue #1126. 3. Resolved the precision loss in query results under bigint(20) type, issue #1104. 4. Corrected the drawer not closing properly after a review operation, issue #1100. 5. Clean code.
cookieY · Nov 8, 2024 · 0b6d500 · 0b6d500
1 parent 6d83c73
commit 0b6d500
Show file tree

Hide file tree

Showing 71 changed files with 1,046 additions and 2,050 deletions.
diff --git a/.gitignore b/.gitignore
@@ -109,3 +109,5 @@ go.sum
 .idea/Yearning.iml
 .idea/inspectionProfiles/Project_Default.xml
 .idea
+
+juno
diff --git a/cmd/cmd.go b/cmd/cmd.go
@@ -2,17 +2,16 @@ package cmd
 
 import (
 	"Yearning-go/src/i18n"
-	"Yearning-go/src/lib"
+	"Yearning-go/src/lib/factory"
+	"Yearning-go/src/lib/vars"
 	"Yearning-go/src/model"
 	"Yearning-go/src/service"
 	"fmt"
 	"github.com/gookit/gcli/v3"
 	"github.com/gookit/gcli/v3/builtin"
-	"net"
 )
 
 var RunOpts = struct {
-	addr       string
 	port       string
 	config     string
 	repair     bool
@@ -55,7 +54,7 @@ var Super = &gcli.Command{
 	},
 	Func: func(c *gcli.Command, args []string) error {
 		model.DBNew(RunOpts.config)
-		model.DB().Model(model.CoreAccount{}).Where("username =?", "admin").Updates(&model.CoreAccount{Password: lib.DjangoEncrypt("Yearning_admin", string(lib.GetRandom()))})
+		model.DB().Model(model.CoreAccount{}).Where("username =?", "admin").Updates(&model.CoreAccount{Password: factory.DjangoEncrypt("Yearning_admin", string(factory.GetRandom()))})
 		fmt.Println(i18n.DefaultLang.Load(i18n.INFO_ADMIN_PASSWORD_RESET))
 		return nil
 	},
@@ -65,22 +64,21 @@ var RunServer = &gcli.Command{
 	Name: "run",
 	Desc: "启动Yearning",
 	Config: func(c *gcli.Command) {
-		c.StrOpt(&RunOpts.addr, "addr", "a", "0.0.0.0", "Yearning启动地址")
 		c.StrOpt(&RunOpts.port, "port", "p", "8000", "Yearning启动端口")
 		c.StrOpt(&RunOpts.config, "config", "c", "conf.toml", "配置文件路径")
 	},
 	Examples: `<cyan>{$binName} {$cmd} --port 80 --push "yearning.io" --config ../config.toml</>`,
 	Func: func(c *gcli.Command, args []string) error {
 		model.DBNew(RunOpts.config)
 		service.UpdateData()
-		service.StartYearning(net.JoinHostPort(RunOpts.addr, RunOpts.port))
+		service.StartYearning(RunOpts.port)
 		return nil
 	},
 }
 
 func Command() {
 	app := gcli.NewApp()
-	app.Version = lib.Version
+	app.Version = fmt.Sprintf("%s %s", vars.Version, vars.Kind)
 	app.Name = "Yearning"
 	app.Logo = &gcli.Logo{Text: LOGO, Style: "info"}
 	app.Desc = "Yearning Mysql数据审核平台"

diff --git a/go.mod b/go.mod
@@ -10,9 +10,9 @@ require (
 	github.com/cookieY/sqlx v1.3.0
 	github.com/cookieY/yee v0.5.2
 	github.com/deckarep/golang-set/v2 v2.6.0
+	github.com/go-ldap/ldap/v3 v3.4.8
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/golang-jwt/jwt v3.2.2+incompatible
-	github.com/golang/protobuf v1.5.4
 	github.com/google/uuid v1.6.0
 	github.com/gookit/gcli/v3 v3.2.3
 	github.com/pkg/errors v0.9.1
@@ -22,20 +22,22 @@ require (
 	github.com/vmihailenco/msgpack/v5 v5.4.1
 	golang.org/x/crypto v0.28.0
 	golang.org/x/net v0.30.0
-	google.golang.org/grpc v1.65.0
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
-	gopkg.in/ldap.v3 v3.0.3
 	gorm.io/driver/mysql v1.5.7
 	gorm.io/gorm v1.25.12
 )
 
 require (
 	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/go-playground/validator/v10 v10.16.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/gookit/goutil v0.6.12 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
@@ -57,9 +59,7 @@ require (
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/term v0.25.0 // indirect
 	golang.org/x/text v0.19.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/src/apis/query.go b/src/apis/query.go
@@ -4,7 +4,8 @@ import (
 	"Yearning-go/src/handler/common"
 	"Yearning-go/src/handler/fetch"
 	"Yearning-go/src/handler/personal"
-	"Yearning-go/src/lib"
+	"Yearning-go/src/i18n"
+	"Yearning-go/src/lib/factory"
 	"github.com/cookieY/yee"
 	"net/http"
 )
@@ -28,12 +29,12 @@ func YearningQueryForPut(y yee.Context) (err error) {
 	case "merge":
 		return fetch.FetchMergeDDL(y)
 	}
-	return y.JSON(http.StatusOK, common.ERR_REQ_FAKE)
+	return y.JSON(http.StatusOK, common.ERR_COMMON_TEXT_MESSAGE(i18n.DefaultLang.Load(i18n.ER_REQ_FAKE)))
 }
 
 func YearningQueryForPost(y yee.Context) (err error) {
 	tp := y.Params("tp")
-	user := new(lib.Token).JwtParse(y)
+	user := new(factory.Token).JwtParse(y)
 	switch tp {
 	case "post":
 		return personal.ReferQueryOrder(y, user)

diff --git a/src/engine/engine.go b/src/engine/engine.go
@@ -1,13 +1,15 @@
 package engine
 
 type AuditRole struct {
+	DMLTransaction                 bool   `json:"DMLTransaction"`    // DML语句采用事务机制执行
 	DMLAllowLimitSTMT              bool   `json:"DMLAllowLimitSTMT"` // 是否允许update/insert 语句使用limit关键字
 	DMLInsertColumns               bool   `json:"DMLInsertColumns"`  //是否检查插入语句存在列名
 	DMLMaxInsertRows               int    `json:"DMLMaxInsertRows"`  //inert语句最大多少个字段
 	DMLWhere                       bool   `json:"DMLWhere"`          //是否检查dml语句where条件
-	DMLAllowInsertNull             bool   // 允许insert语句插入Null值
+	DMLWhereExprValueIsNull        bool   //是否检查dml语句where条件值为null
 	DMLOrder                       bool   // 是否检查dml语句order条件
 	DMLSelect                      bool   //是否检查dml语句有select语句
+	DMLAllowInsertNull             bool   // 允许insert语句插入Null值
 	DMLInsertMustExplicitly        bool   //是否检查insert语句必须显式声明字段
 	DDLEnablePrimaryKey            bool   // 是否检查必须拥有主键
 	DDLCheckTableComment           bool   //是否检查表注释
@@ -35,9 +37,9 @@ type AuditRole struct {
 	DDLMultiToCommit               bool   //是否允许一个工单内有多条DDL语句
 	DDLPrimaryKeyMust              bool   //是否强制主键名为id
 	DDLAllowColumnType             bool   // ddl语句允许更改字段类型
-	DDLAllowMultiAlter             bool   // ddl语句允许多个alter语句
 	DDLImplicitTypeConversion      bool
 	DDLAllowPRINotInt              bool
+	DDLAllowMultiAlter             bool   // DDL单个工单允许多alter语句提交
 	DDLEnableForeignKey            bool   // 允许外键
 	DDLTablePrefix                 string // 指定表名前缀
 	DDLColumnsMustHaveIndex        string // 如果表包含以下列，列必须有索引。可指定多个列,以逗号分隔.列类型可选.   格式: 列名 [列类型,可选],...
@@ -49,7 +51,7 @@ type AuditRole struct {
 	AllowCreateView                bool
 	AllowCrateViewWithSelectStar   bool
 	AllowCreatePartition           bool
-	AllowSpecialType               bool
+	AllowSpecialType               bool // 是否允许特殊类型
 	PRIRollBack                    bool
 }
 

diff --git a/src/handler/common/error.go b/src/handler/common/error.go
@@ -1,44 +1,11 @@
 package common
 
-import "Yearning-go/src/i18n"
-
-var (
-	ERR_LOGIN = Resp{
-		Code: 1301,
-		Text: i18n.DefaultLang.Load(i18n.ER_LOGIN),
-	}
-
-	ERR_REGISTER = Resp{
-		Code: 1302,
-		Text: i18n.DefaultLang.Load(i18n.ER_REGISTER),
-	}
-
-	ERR_REQ_BIND = Resp{
-		Code: 1310,
-		Text: i18n.DefaultLang.Load(i18n.ER_REQ_BIND),
-	}
-
-	ERR_REQ_FAKE = Resp{
-		Code: 1310,
-		Text: i18n.DefaultLang.Load(i18n.ER_REQ_FAKE),
-	}
-	ERR_REQ_PASSWORD_FAKE = Resp{
-		Code: 1310,
-		Text: i18n.DefaultLang.Load(i18n.ER_REQ_PASSWORD_FAKE),
-	}
-
-	ERR_RPC = Resp{
-		Code: 1311,
-		Text: "RPC call failed！",
-	}
-)
-
 // SOAR 错误码 1900-1999
 
-func ERR_SOAR_ALTER_MERGE(err error) Resp {
+func ERR_SOAR_ALTER_MERGE() Resp {
 	return Resp{
 		Code: 1901,
-		Text: err.Error(),
+		Text: "sql is empty",
 	}
 }
 

diff --git a/src/handler/common/util.go b/src/handler/common/util.go
@@ -1,8 +1,8 @@
 package common
 
 import (
-	"Yearning-go/src/lib"
 	"Yearning-go/src/lib/enc"
+	"Yearning-go/src/lib/factory"
 	"Yearning-go/src/model"
 	"errors"
 	"fmt"
@@ -38,7 +38,7 @@ func ScanDataRows(s model.CoreDataSource, database, sql, meta string, isQuery bo
 	if len(_tmp) == 0 {
 		return nil, errors.New("field is empty")
 	}
-	excludeDbList := lib.MapOn(strings.Split(s.ExcludeDbList, ","))
+	excludeDbList := factory.MapOn(strings.Split(s.ExcludeDbList, ","))
 	for rows.Next() {
 		if err = rows.Scan(_tmp...); err != nil {
 			logger.DefaultLogger.Error(err)

diff --git a/src/handler/dashboard.go b/src/handler/dashboard.go
@@ -15,7 +15,7 @@ package handler
 
 import (
 	"Yearning-go/src/handler/common"
-	"Yearning-go/src/lib"
+	"Yearning-go/src/lib/factory"
 	"Yearning-go/src/model"
 	"github.com/cookieY/yee"
 	"net/http"
@@ -42,7 +42,7 @@ type bannerCount struct {
 
 func DashBanner(c yee.Context) (err error) {
 	var b bannerCount
-	user := new(lib.Token).JwtParse(c)
+	user := new(factory.Token).JwtParse(c)
 	model.DB().Model(model.CoreAccount{}).Count(&b.User)
 	model.DB().Model(model.CoreQueryOrder{}).Count(&b.Query)
 	model.DB().Model(model.CoreSqlOrder{}).Count(&b.Order)
@@ -51,12 +51,12 @@ func DashBanner(c yee.Context) (err error) {
 	model.DB().Model(model.CoreSqlOrder{}).Where("username =? and `type` =?", user.Username, 1).Count(&b.SelfDML)
 	model.DB().Model(model.CoreQueryOrder{}).Where("username =?", user.Username).Count(&b.SelfQuery)
 	model.DB().Model(model.CoreSqlOrder{}).Where("status = ? and assigned like ?", 2, "%"+user.Username+"%").Count(&b.SelfAudit)
-	model.DB().Model(model.CoreTotalTickets{}).Order("date desc ").Limit(7).Find(&b.TotalOrder)
+	model.DB().Debug().Model(model.CoreTotalTickets{}).Order("date desc ").Limit(7).Find(&b.TotalOrder)
 	return c.JSON(http.StatusOK, common.SuccessPayload(b))
 }
 
 func DashUserInfo(c yee.Context) (err error) {
-	user := new(lib.Token).JwtParse(c)
+	user := new(factory.Token).JwtParse(c)
 	var (
 		p         model.CoreGrained
 		groupList []model.CoreRoleGroup
@@ -73,6 +73,6 @@ func DashStmt(c yee.Context) (err error) {
 
 func DashTop(c yee.Context) (err error) {
 	var source []groupBy
-	model.DB().Model(model.CoreSqlOrder{}).Select("source, count(*) as c").Group("source").Order("c desc").Limit(10).Scan(&source)
+	model.DB().Debug().Model(model.CoreSqlOrder{}).Select("source, count(*) as c").Group("source").Order("c desc").Limit(10).Scan(&source)
 	return c.JSON(http.StatusOK, common.SuccessPayload(source))
 }
diff --git a/src/handler/fetch/ai.go b/src/handler/fetch/ai.go
@@ -1,7 +1,7 @@
 package fetch
 
 import (
-	"Yearning-go/src/lib"
+	"Yearning-go/src/lib/factory"
 	"Yearning-go/src/model"
 	"context"
 	"github.com/sashabaranov/go-openai"
@@ -60,7 +60,7 @@ func (ai *AIAssistant) Messages(messages []openai.ChatCompletionMessage) *AIAssi
 }
 
 func (ai *AIAssistant) BuildSQLAdvise(prompt *advisorFrom, tables []string, kind string) (string, error) {
-	sql, err := lib.GetFingerprint(prompt.SQL)
+	sql, err := factory.GetFingerprint(prompt.SQL)
 	if err != nil {
 		return "", err
 	}

diff --git a/src/handler/fetch/chat.go b/src/handler/fetch/chat.go
@@ -15,7 +15,7 @@ type message struct {
 
 func AiChat(c yee.Context) error {
 
-	c.Response().Header().Set("Content-Type", "text/event-stream")
+	c.Response().Header().Set(yee.HeaderContentType, "text/event-stream")
 	c.Response().Header().Set("Cache-Control", "no-cache")
 	c.Response().Header().Set("Connection", "keep-alive")