//展现查询 .. 发送鉴权等信息,但是鉴权信息必须要重新校验
public async Task <JsonResult> comm(string sqlkey, string param)
{
try
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == sqlkey && s.STS == "A")).FirstOrDefault();
if (null == setting)
{
throw new ApplicationException("没有配置[" + sqlkey + "]的查询语句,请见sqlkeysetting");
}
//userinfo = new API.DAL.MongoContext().Users.FindOne(Query.EQ("userName", this.User.Identity.Name));
setting.SQL = string.Format(setting.SQL, param);
var res = await fetchJson(setting);
if (!string.IsNullOrWhiteSpace(setting.PRIVATES) && setting.PRIVATES != "[]")
{
try
{
var priv = true;
if (!string.IsNullOrWhiteSpace(this.User.Identity.Name))
{
if (setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
priv = false;
}
}
if (priv)
{
HashSet <string> privs = (HashSet <string>)Newtonsoft.Json.JsonConvert.DeserializeObject(setting.PRIVATES, typeof(HashSet <string>));
var names = ((List <string>)res.Data.GetType().GetProperty("names").GetValue(res.Data, null));
var data = (List <object[]>)res.Data.GetType().GetProperty("data").GetValue(res.Data, null);
for (int i = 0; i < names.Count; i++)
{
if (privs.Contains(names[i]))
{
data.ForEach(s => s[i] = "***");
}
}
}
}
catch { };
}
return(res);
}
}
catch (Exception e)
{
return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet));
}
}
public async Task <object> ExCodeGet(string ec)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
if (string.IsNullOrWhiteSpace(ec))
{
return(new HttpResponseMessage(HttpStatusCode.NotAcceptable));
}
var ee = (await svc.FilterWhereAsync <ExternalEntryMap>(s => s.Entry_Code == ec)).FirstOrDefault(); //db.ExternalEntryMaps.Where(s => s.EntryCode == EC).Single();
if (ee == null)
{
return(new HttpResponseMessage(HttpStatusCode.NotFound));
}
var id = ee.Engine_ID;
return(Get(id));
}
}
//打开连接
public async Task <ActionResult> exlink(string tsqlkey, string[] param)
{
try
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == tsqlkey && s.STS == "A")).FirstOrDefault();
if (setting != null && setting.CLASS == "link")
{
object[] ppp = param.Cast <object>().ToArray();
var sql = string.Format(setting.SQL, ppp);
return(Json(sql, JsonRequestBehavior.AllowGet));
}
throw new ApplicationException("不是合法的链接[" + tsqlkey + "]");
}
}
catch (Exception e)
{
return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet));
}
}
//执行存储
public async Task <JsonResult> dojob(string tsqlkey, string param)
{
try
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == tsqlkey && s.STS == "A")).FirstOrDefault();
if (setting != null && setting.CLASS == "proc")
{
if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
return(Json("你没有权限执行!", JsonRequestBehavior.AllowGet));
}
var sqlresult = CalcMain.ExternalExecutor(setting.SQL, param, System.Configuration.ConfigurationManager.AppSettings[setting.DBCONN]);
return(Json(sqlresult, JsonRequestBehavior.AllowGet));
}
throw new ApplicationException("没有配置执行语句[" + tsqlkey + "]!");
}
}
catch (Exception e)
{
return(Json(new { ErrorMsg = e.Message }, JsonRequestBehavior.AllowGet));
}
}
public async Task <ActionResult> dmls(List <DmlIndex> dmls, SqlKeySetting sqlsetting, string memo)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
object msg;
bool failed = false;
var setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == sqlsetting.SQLKEY && s.STS == "A")).FirstOrDefault();
if (!string.IsNullOrWhiteSpace(sqlsetting.DML_WHERE_COLS))
{
setting.DML_WHERE_COLS = sqlsetting.DML_WHERE_COLS;//主键列,前端重算:根据后端配置+视图列 综合决定
}
if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
{
return(Json("你没有权限修改执行!"));
}
var checklist = setting.ALLOWED_DML.Split(',');
var headcheck = new List <string>();
foreach (var ck in checklist)
{
switch (ck.ToUpper())
{
case "U":
headcheck.Add("UPDATE " + setting.DML_ENTITY.ToUpper().Trim());
break;
case "I":
headcheck.Add("INSERT INTO " + setting.DML_ENTITY.ToUpper().Trim());
break;
case "D":
headcheck.Add("DELETE " + setting.DML_ENTITY.ToUpper().Trim());
break;
default:
break;
}
}
//行号,DML摘要,DML语句
Dictionary <int, string[]> befores = new Dictionary <int, string[]>();
//行号,执行结果:insert回填主键,update,和Delete则填结果数据即可
Dictionary <string, string> outs = new Dictionary <string, string>();
Hashtable safeSaveContext = new Hashtable();
safeSaveContext.Add("setting", sqlsetting);
safeSaveContext.Add("befores", befores);
safeSaveContext.Add("outs", outs);
//if(dmls.Any(s=> headcheck.Any(h=>s.IndexOf(h)>=0)))
foreach (var dml in dmls)
{
//如果在限定的头校验中都不匹配
if (headcheck.All(s => dml.sql.IndexOf(s) == -1))
{
throw new ApplicationException(dml.sql + ",不被允许!服务端校验未通过!");
}
befores.Add(dml.index, new string[] { dml.sql[0].ToString().ToUpper(), dml.sql });
}
try
{
DMLHelper.safeRun(safeSaveContext);
msg = outs;
}
catch (Exception e)
{
msg = (e.Message);
failed = true;
}
//var logservice = new OrmService<AP_ACTION_LOG_DBA>(db);
//var seqservice = new OrmService<CustomSequence>(db);
var type = msg.GetType();
var msgmean = "";
if (type == typeof(string))
{
msgmean = (string)msg;
}
else
{
msgmean = Newtonsoft.Json.JsonConvert.SerializeObject(msg);
}
var risk = String.Format("执行DML,sql-key={0},语句列表={1},数据列表={2}",
setting.SQLKEY, msgmean, memo);
risk = risk.Substring(0, Math.Min(3900, risk.Length));
var log = new AP_ACTION_LOG_DBA
{
LOG_ID = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
ACTION_BRIEF = setting.DML_ENTITY,
ACTION_IP = GetUserIp,
ACTION_PAGE = this.Request.RawUrl,
ACTION_PARAM = risk,
ACTION_RESULT = msgmean,
ACTION_TIME = DateTime.Now,
USER_ID = this.User.Identity.Name
};
await svc.CreateAsync <AP_ACTION_LOG_DBA>(log);
var r = new { msg = msg, hasError = failed };
return(Json(r));
}
}
public static Task <RenderContext> GetRenders(decimal id, RenderContext context)
{
using (var svc = new OrmService(AppConfigs.sqlfaceconn))
{
var handler = svc.GetById <EasyHandler>(id);
if (null == handler || handler.STS != "A")
{
throw new ApplicationException("不存在SQL处理器");
}
var t_ps = svc.FilterWhereAsync <EasyHandlerParam>(s => s.HANDLER_ID == id);
var t_ex_config = svc.GetByIdAsync <HandlerExtralConfig>(id);
var t_dagsides = svc.FilterWhereAsync <ParamGraphMap>(c => c.GRAPH_ID == id);
Task.WaitAll(new Task[] { t_ps, t_ex_config, t_dagsides });
var _t_ps = t_ps.ContinueWith(task =>
{
Dictionary <decimal, string> dict = new Dictionary <decimal, string>();
foreach (var item in task.Result)
{
dict.Add(item.HANDLER_PARAM_ID, item.PARAM_NAME);
}
return(dict);
});
var _t_dagsides = t_dagsides.ContinueWith(task =>
{
//原始的键依赖关系
Dictionary <decimal, HashSet <decimal> > depends = new Dictionary <decimal, HashSet <decimal> >();
foreach (var item in task.Result)
{
if (!depends.ContainsKey(item.FROMKEY))
{
depends.Add(item.FROMKEY, new HashSet <decimal>());
}
depends[item.FROMKEY].Add(item.TOKEY);
}
return(depends);
});
////////逆向依赖关系 这个也可以在客户端或者服务端计算
//Dictionary<string, HashSet<string>> bydepend = new Dictionary<string, HashSet<string>>();
RenderContext vm = null;
if (null != context) //选择性的从客户端取值,防止被黑,安全模式!
{
vm = context;
vm.handler = handler;
vm.parameters = t_ps.Result;
}
else
{
vm = new RenderContext
{
handler = handler,
parameters = t_ps.Result.OrderBy(s => s.PARAM_NAME_C).OrderBy(s => s.ORDER_ID).ToList(),
frontConfig = t_ex_config.Result,
DAG = t_dagsides.Result,
dict = _t_ps.Result,
paramsScaledValues = new Dictionary <string, object>(),
depends = _t_dagsides.Result,
Triggers = new HashSet <decimal>(),
OptionSelects = new Dictionary <string, List <Options> >()
};
}
EvolvingOut(vm);
return(Task.FromResult(vm));
}
}