//展现查询 .. 发送鉴权等信息,但是鉴权信息必须要重新校验
public async Task <JsonResult> comm(string sqlkey, string param)
{
try
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == sqlkey && s.STS == "A")).FirstOrDefault();
if (null == setting)
{
throw new ApplicationException("没有配置[" + sqlkey + "]的查询语句,请见sqlkeysetting");
}
//userinfo = new API.DAL.MongoContext().Users.FindOne(Query.EQ("userName", this.User.Identity.Name));
setting.SQL = string.Format(setting.SQL, param);
var res = await fetchJson(setting);
if (!string.IsNullOrWhiteSpace(setting.PRIVATES) && setting.PRIVATES != "[]")
{
try
{
var priv = true;
if (!string.IsNullOrWhiteSpace(this.User.Identity.Name))
{
if (setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
priv = false;
}
}
if (priv)
{
HashSet <string> privs = (HashSet <string>)Newtonsoft.Json.JsonConvert.DeserializeObject(setting.PRIVATES, typeof(HashSet <string>));
var names = ((List <string>)res.Data.GetType().GetProperty("names").GetValue(res.Data, null));
var data = (List <object[]>)res.Data.GetType().GetProperty("data").GetValue(res.Data, null);
for (int i = 0; i < names.Count; i++)
{
if (privs.Contains(names[i]))
{
data.ForEach(s => s[i] = "***");
}
}
}
}
catch { };
}
return(res);
}
}
catch (Exception e)
{
return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet));
}
}
public async Task <object> ExCodeGet(string ec)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
if (string.IsNullOrWhiteSpace(ec))
{
return(new HttpResponseMessage(HttpStatusCode.NotAcceptable));
}
var ee = (await svc.FilterWhereAsync <ExternalEntryMap>(s => s.Entry_Code == ec)).FirstOrDefault(); //db.ExternalEntryMaps.Where(s => s.EntryCode == EC).Single();
if (ee == null)
{
return(new HttpResponseMessage(HttpStatusCode.NotFound));
}
var id = ee.Engine_ID;
return(Get(id));
}
}
//打开连接
public async Task <ActionResult> exlink(string tsqlkey, string[] param)
{
try
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == tsqlkey && s.STS == "A")).FirstOrDefault();
if (setting != null && setting.CLASS == "link")
{
object[] ppp = param.Cast <object>().ToArray();
var sql = string.Format(setting.SQL, ppp);
return(Json(sql, JsonRequestBehavior.AllowGet));
}
throw new ApplicationException("不是合法的链接[" + tsqlkey + "]");
}
}
catch (Exception e)
{
return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet));
}
}
public ActionResult easygo()
{
if (!User.Identity.IsAuthenticated)
{
Session["Role"] = null;
}
Dictionary <string, string> querys = formatQuery();
ViewBag.querys = querys;
string ec;
decimal id = -1;
if (querys.TryGetValue("ec", out ec) && !string.IsNullOrWhiteSpace(ec))
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
if (!string.IsNullOrWhiteSpace(ec))
{
var ee = (svc.FilterWhere <ExternalEntryMap>(s => s.Entry_Code == ec)).FirstOrDefault();
if (ee != null)
{
id = ee.Engine_ID;
}
}
}
}
if (id == -1)
{
return(HttpNotFound("资源不存在!"));
}
else
{
ViewBag.linkOuts = getLinkOut(id);
object ret = Newtonsoft.Json.JsonConvert.SerializeObject(XAngularController.GetRenders(id, null).Result);
return(View("Easyhandle", ret));
}
}
//执行存储
public async Task <JsonResult> dojob(string tsqlkey, string param)
{
try
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == tsqlkey && s.STS == "A")).FirstOrDefault();
if (setting != null && setting.CLASS == "proc")
{
if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
return(Json("你没有权限执行!", JsonRequestBehavior.AllowGet));
}
var sqlresult = CalcMain.ExternalExecutor(setting.SQL, param, System.Configuration.ConfigurationManager.AppSettings[setting.DBCONN]);
return(Json(sqlresult, JsonRequestBehavior.AllowGet));
}
throw new ApplicationException("没有配置执行语句[" + tsqlkey + "]!");
}
}
catch (Exception e)
{
return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet));
}
}
public CompareController(OrmService srv)
{
_srv = srv;
}
public UserController(OrmService srv)
{
_srv = srv;
}
public EventController(OrmService srv)
{
_srv = srv;
}
public async Task <ActionResult> dmls(List <DmlIndex> dmls, SqlKeySetting sqlsetting, string memo)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
object msg;
bool failed = false;
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == sqlsetting.SQLKEY && s.STS == "A")).FirstOrDefault();
if (!string.IsNullOrWhiteSpace(sqlsetting.DML_WHERE_COLS))
{
setting.DML_WHERE_COLS = sqlsetting.DML_WHERE_COLS;//主键列,前端重算:根据后端配置+视图列 综合决定
}
if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
return(Json("你没有权限修改执行!"));
}
var checklist = setting.ALLOWED_DML.Split(',');
var headcheck = new List <string>();
foreach (var ck in checklist)
{
switch (ck.ToUpper())
{
case "U":
headcheck.Add("UPDATE " + setting.DML_ENTITY.ToUpper().Trim());
break;
case "I":
headcheck.Add("INSERT INTO " + setting.DML_ENTITY.ToUpper().Trim());
break;
case "D":
headcheck.Add("DELETE " + setting.DML_ENTITY.ToUpper().Trim());
break;
default:
break;
}
}
//行号,DML摘要,DML语句
Dictionary <int, string[]> befores = new Dictionary <int, string[]>();
//行号,执行结果:insert回填主键,update,和Delete则填结果数据即可
Dictionary <string, string> outs = new Dictionary <string, string>();
Hashtable safeSaveContext = new Hashtable();
safeSaveContext.Add("setting", sqlsetting);
safeSaveContext.Add("befores", befores);
safeSaveContext.Add("outs", outs);
//if(dmls.Any(s=> headcheck.Any(h=>s.IndexOf(h)>=0)))
foreach (var dml in dmls)
{
//如果在限定的头校验中都不匹配
if (headcheck.All(s => dml.sql.IndexOf(s) == -1))
{
throw new ApplicationException(dml.sql + ",不被允许!服务端校验未通过!");
}
befores.Add(dml.index, new string[] { dml.sql[0].ToString().ToUpper(), dml.sql });
}
try
{
DMLHelper.safeRun(safeSaveContext);
msg = outs;
}
catch (Exception e)
{
msg = (e.Message);
failed = true;
}
//var logservice = new OrmService<AP_ACTION_LOG_DBA>(db);
//var seqservice = new OrmService<CustomSequence>(db);
var type = msg.GetType();
var msgmean = "";
if (type == typeof(string))
{
msgmean = (string)msg;
}
else
{
msgmean = Newtonsoft.Json.JsonConvert.SerializeObject(msg);
}
var risk = String.Format("执行DML,sql-key={0},语句列表={1},数据列表={2}",
setting.SQLKEY, msgmean, memo);
risk = risk.Substring(0, Math.Min(3900, risk.Length));
var log = new AP_ACTION_LOG_DBA
{
LOG_ID = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
ACTION_BRIEF = setting.DML_ENTITY,
ACTION_IP = GetUserIp,
ACTION_PAGE = this.Request.RawUrl,
ACTION_PARAM = risk,
ACTION_RESULT = msgmean,
ACTION_TIME = DateTime.Now,
USER_ID = this.User.Identity.Name
};
await svc.CreateAsync <AP_ACTION_LOG_DBA>(log);
var r = new { msg = msg, hasError = failed };
return(Json(r));
}
}
public static Task <RenderContext> GetRenders(decimal id, RenderContext context)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var handler = svc.GetById <EasyHandler>(id);
if (null == handler || handler.STS != "A")
{
throw new ApplicationException("不存在SQL处理器");
}
var t_ps = svc.FilterWhereAsync <EasyHandlerParam>(s => s.HANDLER_ID == id);
var t_ex_config = svc.GetByIdAsync <HandlerExtralConfig>(id);
var t_dagsides = svc.FilterWhereAsync <ParamGraphMap>(c => c.GRAPH_ID == id);
Task.WaitAll(new Task[] { t_ps, t_ex_config, t_dagsides });
var _t_ps = t_ps.ContinueWith(task =>
{
Dictionary <decimal, string> dict = new Dictionary <decimal, string>();
foreach (var item in task.Result)
{
dict.Add(item.HANDLER_PARAM_ID, item.PARAM_NAME);
}
return(dict);
});
var _t_dagsides = t_dagsides.ContinueWith(task =>
{
//原始的键依赖关系
Dictionary <decimal, HashSet <decimal> > depends = new Dictionary <decimal, HashSet <decimal> >();
foreach (var item in task.Result)
{
if (!depends.ContainsKey(item.FROMKEY))
{
depends.Add(item.FROMKEY, new HashSet <decimal>());
}
depends[item.FROMKEY].Add(item.TOKEY);
}
return(depends);
});
////////逆向依赖关系 这个也可以在客户端或者服务端计算
//Dictionary<string, HashSet<string>> bydepend = new Dictionary<string, HashSet<string>>();
RenderContext vm = null;
if (null != context) //选择性的从客户端取值,防止被黑,安全模式!
{
vm = context;
vm.handler = handler;
vm.parameters = t_ps.Result;
}
else
{
vm = new RenderContext
{
handler = handler,
parameters = t_ps.Result.OrderBy(s => s.PARAM_NAME_C).OrderBy(s => s.ORDER_ID).ToList(),
frontConfig = t_ex_config.Result,
DAG = t_dagsides.Result,
dict = _t_ps.Result,
paramsScaledValues = new Dictionary <string, object>(),
depends = _t_dagsides.Result,
Triggers = new HashSet <decimal>(),
OptionSelects = new Dictionary <string, List <Options> >()
};
}
EvolvingOut(vm);
return(Task.FromResult(vm));
}
}
//[Authorize]
private Task <RenderContext> _ExecuteHandler(decimal id, RenderContext context)
{
bool EvolvesSafe = true;//Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["EvolvesSafe"]);//是否全盘接受客户端参数
bool isGetPagedDataing = null != context.ExecutionIO && context.ExecutionIO.HasTable;
var valuecontext = context.paramsScaledValues;
if (EvolvesSafe)//安全方式,从服务端加载参数.
{
var mainid = id;
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
//List<String> cols = new List<string>();
//List<Object[]> data = new List<object[]>();
ExecutionIO outputMsg = context.ExecutionIO;
var handler = svc.GetByIdAsync <EasyHandler>(id).Result;
bool isSelect = "SELECT".Equals(handler.SQL_CMD_TYPE);
context.handler = handler;//防止被黑
//var logservice = new OrmService<AP_ACTION_LOG_DBA>(svc);
//var seqservice = new OrmService<CustomSequence>(svc);
var log = new SqlFace.Models.AP_ACTION_LOG_DBA
{
LOG_ID = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
ACTION_BRIEF = null,
ACTION_IP = base.GetIp(),
ACTION_PAGE = this.Request.RequestUri.AbsolutePath,
ACTION_PARAM = String.Format("执行通用处理器{0}-{1},参数={2}", handler.HANDLER_ID, handler.HANDLER_NAME, Newtonsoft.Json.JsonConvert.SerializeObject(context.paramsScaledValues)),
ACTION_RESULT = string.Format("开始执行@{0}...", DateTime.Now.ToString()),
ACTION_TIME = DateTime.Now,
USER_ID = this.User.Identity.Name
};
var calcMain = new CalcMain(context, new Dictionary <string, string> {
{ "username", this.User.Identity.Name }, { "ip", base.GetIp() }
});
try
{
if (!isSelect && !isGetPagedDataing)
{ //非查询
var returnstr = calcMain.ExeSqlBlock();
if (string.IsNullOrWhiteSpace(returnstr))
{
// 正常输出
outputMsg.msg = "无错误无输出";
log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString());
}
else if (Regex.IsMatch(returnstr, "^ORA-[0-9]{4,5}\\b"))
{
string innerErr = string.Format(",执行中断@{1},发生数据库内部错误={0}", returnstr, DateTime.Now.ToString());
throw new ApplicationException(innerErr);
}
else
{ // 正常输出
outputMsg.msg = returnstr;
log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString());
}
if (!string.IsNullOrWhiteSpace(handler.PREPARING_BLOCK))
{
//额外数据表输出
string extramsg = calcMain.GetQuery();
//outputMsg.msg = extramsg;
log.ACTION_RESULT += string.Format("匿名块执行成功,执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg);
}
}
else //查询
{
string extramsg = calcMain.GetQuery();
outputMsg.msg = extramsg;
log.ACTION_RESULT += string.Format(",执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg);
}
}
catch (Exception ex)
{
//捕获异常,for查询类或者非查询类
outputMsg.hasError = true;
outputMsg.msg = "执行失败!" + ex.Message + "\n" + outputMsg;
if (isGetPagedDataing)
{
log.ACTION_RESULT += "--分页--";
}
log.ACTION_RESULT += string.Format("执行失败@{0},错误信息={1}", DateTime.Now.ToString(), ex.Message);
}
finally
{
if (!isGetPagedDataing)
{
svc.CreateAsync(log);
}
}
return(Task.FromResult(context));
}
}
else
{
throw new ApplicationException("不安全的执行");
}
}
public OrganizationController(OrmService srv)
{
_srv = srv;
}
