Пример #1
0
        public async Task <ActionResult> dmls(List <DmlIndex> dmls, SqlKeySetting sqlsetting, string memo)
        {
            using (var svc = new OrmService(AppConfigs.sqlfaceconn))
            {
                object msg;
                bool   failed  = false;
                var    setting = (await svc.FilterWhereAsync <SqlKeySetting>(s => s.SQLKEY == sqlsetting.SQLKEY && s.STS == "A")).FirstOrDefault();
                if (!string.IsNullOrWhiteSpace(sqlsetting.DML_WHERE_COLS))
                {
                    setting.DML_WHERE_COLS = sqlsetting.DML_WHERE_COLS;//主键列,前端重算:根据后端配置+视图列 综合决定
                }
                if (!setting.EvalAuthorized(this.User.Identity.Name, Helper.Roles(this)))
                {
                    return(Json("你没有权限修改执行!"));
                }
                var checklist = setting.ALLOWED_DML.Split(',');
                var headcheck = new List <string>();
                foreach (var ck in checklist)
                {
                    switch (ck.ToUpper())
                    {
                    case "U":
                        headcheck.Add("UPDATE " + setting.DML_ENTITY.ToUpper().Trim());
                        break;

                    case "I":
                        headcheck.Add("INSERT INTO " + setting.DML_ENTITY.ToUpper().Trim());
                        break;

                    case "D":
                        headcheck.Add("DELETE " + setting.DML_ENTITY.ToUpper().Trim());
                        break;

                    default:
                        break;
                    }
                }
                //行号,DML摘要,DML语句
                Dictionary <int, string[]> befores = new Dictionary <int, string[]>();
                //行号,执行结果:insert回填主键,update,和Delete则填结果数据即可
                Dictionary <string, string> outs = new Dictionary <string, string>();
                Hashtable safeSaveContext        = new Hashtable();
                safeSaveContext.Add("setting", sqlsetting);
                safeSaveContext.Add("befores", befores);
                safeSaveContext.Add("outs", outs);
                //if(dmls.Any(s=> headcheck.Any(h=>s.IndexOf(h)>=0)))
                foreach (var dml in dmls)
                {
                    //如果在限定的头校验中都不匹配
                    if (headcheck.All(s => dml.sql.IndexOf(s) == -1))
                    {
                        throw new ApplicationException(dml.sql + ",不被允许!服务端校验未通过!");
                    }
                    befores.Add(dml.index, new string[] { dml.sql[0].ToString().ToUpper(), dml.sql });
                }
                try
                {
                    DMLHelper.safeRun(safeSaveContext);
                    msg = outs;
                }
                catch (Exception e)
                {
                    msg    = (e.Message);
                    failed = true;
                }
                //var logservice = new OrmService<AP_ACTION_LOG_DBA>(db);
                //var seqservice = new OrmService<CustomSequence>(db);
                var type    = msg.GetType();
                var msgmean = "";
                if (type == typeof(string))
                {
                    msgmean = (string)msg;
                }
                else
                {
                    msgmean = Newtonsoft.Json.JsonConvert.SerializeObject(msg);
                }
                var risk = String.Format("执行DML,sql-key={0},语句列表={1},数据列表={2}",
                                         setting.SQLKEY, msgmean, memo);
                risk = risk.Substring(0, Math.Min(3900, risk.Length));

                var log = new AP_ACTION_LOG_DBA
                {
                    LOG_ID        = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
                    ACTION_BRIEF  = setting.DML_ENTITY,
                    ACTION_IP     = GetUserIp,
                    ACTION_PAGE   = this.Request.RawUrl,
                    ACTION_PARAM  = risk,
                    ACTION_RESULT = msgmean,
                    ACTION_TIME   = DateTime.Now,
                    USER_ID       = this.User.Identity.Name
                };
                await svc.CreateAsync <AP_ACTION_LOG_DBA>(log);

                var r = new { msg = msg, hasError = failed };
                return(Json(r));
            }
        }
Пример #2
0
        //[Authorize]
        private Task <RenderContext> _ExecuteHandler(decimal id, RenderContext context)
        {
            bool EvolvesSafe       = true;//Convert.ToBoolean(System.Configuration.ConfigurationManager.AppSettings["EvolvesSafe"]);//是否全盘接受客户端参数
            bool isGetPagedDataing = null != context.ExecutionIO && context.ExecutionIO.HasTable;
            var  valuecontext      = context.paramsScaledValues;

            if (EvolvesSafe)//安全方式,从服务端加载参数.
            {
                var mainid = id;
                using (var svc = new OrmService(AppConfigs.sqlfaceconn))
                {
                    //List<String> cols = new List<string>();
                    //List<Object[]> data = new List<object[]>();
                    ExecutionIO outputMsg = context.ExecutionIO;

                    var  handler  = svc.GetByIdAsync <EasyHandler>(id).Result;
                    bool isSelect = "SELECT".Equals(handler.SQL_CMD_TYPE);
                    context.handler = handler;//防止被黑

                    //var logservice = new OrmService<AP_ACTION_LOG_DBA>(svc);
                    //var seqservice = new OrmService<CustomSequence>(svc);
                    var log = new SqlFace.Models.AP_ACTION_LOG_DBA
                    {
                        LOG_ID        = CustomSequence.GetNextVal("AP_ACTION_LOG_DBA_ID", svc),
                        ACTION_BRIEF  = null,
                        ACTION_IP     = base.GetIp(),
                        ACTION_PAGE   = this.Request.RequestUri.AbsolutePath,
                        ACTION_PARAM  = String.Format("执行通用处理器{0}-{1},参数={2}", handler.HANDLER_ID, handler.HANDLER_NAME, Newtonsoft.Json.JsonConvert.SerializeObject(context.paramsScaledValues)),
                        ACTION_RESULT = string.Format("开始执行@{0}...", DateTime.Now.ToString()),
                        ACTION_TIME   = DateTime.Now,
                        USER_ID       = this.User.Identity.Name
                    };

                    var calcMain = new CalcMain(context, new Dictionary <string, string> {
                        { "username", this.User.Identity.Name }, { "ip", base.GetIp() }
                    });
                    try
                    {
                        if (!isSelect && !isGetPagedDataing)
                        {  //非查询
                            var returnstr = calcMain.ExeSqlBlock();
                            if (string.IsNullOrWhiteSpace(returnstr))
                            {
                                // 正常输出
                                outputMsg.msg      = "无错误无输出";
                                log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString());
                            }
                            else if (Regex.IsMatch(returnstr, "^ORA-[0-9]{4,5}\\b"))
                            {
                                string innerErr = string.Format(",执行中断@{1},发生数据库内部错误={0}", returnstr, DateTime.Now.ToString());
                                throw new ApplicationException(innerErr);
                            }
                            else
                            {   // 正常输出
                                outputMsg.msg      = returnstr;
                                log.ACTION_RESULT += string.Format("{1},返回信息={0}", returnstr, DateTime.Now.ToString());
                            }
                            if (!string.IsNullOrWhiteSpace(handler.PREPARING_BLOCK))
                            {
                                //额外数据表输出
                                string extramsg = calcMain.GetQuery();
                                //outputMsg.msg = extramsg;
                                log.ACTION_RESULT += string.Format("匿名块执行成功,执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg);
                            }
                        }
                        else //查询
                        {
                            string extramsg = calcMain.GetQuery();
                            outputMsg.msg      = extramsg;
                            log.ACTION_RESULT += string.Format(",执行额外查询结束@{0},结果{1}", DateTime.Now.ToString(), extramsg);
                        }
                    }
                    catch (Exception ex)
                    {
                        //捕获异常,for查询类或者非查询类
                        outputMsg.hasError = true;
                        outputMsg.msg      = "执行失败!" + ex.Message + "\n" + outputMsg;
                        if (isGetPagedDataing)
                        {
                            log.ACTION_RESULT += "--分页--";
                        }
                        log.ACTION_RESULT += string.Format("执行失败@{0},错误信息={1}", DateTime.Now.ToString(), ex.Message);
                    }
                    finally
                    {
                        if (!isGetPagedDataing)
                        {
                            svc.CreateAsync(log);
                        }
                    }

                    return(Task.FromResult(context));
                }
            }
            else
            {
                throw new ApplicationException("不安全的执行");
            }
        }