数据安全接口优化

2 weeks ago · b01dc986ce
1 changed files with 16 additions and 31 deletions
--- a/vue-fastapi-backend/module_admin/service/metasecurity_service.py
+++ b/vue-fastapi-backend/module_admin/service/metasecurity_service.py
@ -711,6 +711,8 @@ async def generate_sql(tablesRowCol:dict, table_columns:dict):
 #     return oldStrSql
 async def replace_table_with_subquery(ctrSqlDict, oldStrSql):
    """
    将 SQL 中的表替换成子查询，并自动生成别名，同时把字段引用替换为别名.字段
@ -733,35 +735,23 @@ async def replace_table_with_subquery(ctrSqlDict, oldStrSql):
            alias_part = match.group(3)    # " AS xxx" 或 " xxx"
            alias_name = match.group(4)    # xxx
-            if original_table not in table_alias_map:
+            # 动态获取子查询
-                # 判断 alias 是否为关键字
+            if original_table in ctrSqlDict:
-                               # 判断 alias 是否为关键字
+                # 使用 ctrSqlDict 中的子查询替换表名
                replaced = f"{keyword} ({ctrSqlDict[original_table]}) {alias_part}"
            else:
                # 默认处理逻辑：判断 alias 是否为关键字
                sql_keywords = {
                    # 数据操作关键字
                    "SELECT", "INSERT", "UPDATE", "DELETE", "MERGE", "TRUNCATE",
-                    "VALUES", "RETURNING",
+                    "VALUES", "RETURNING", "FROM", "WHERE", "GROUP", "HAVING", "ORDER",
-                
+                    "LIMIT", "OFFSET", "DISTINCT", "ALL", "UNION", "INTERSECT", "EXCEPT",
                    # 查询关键字
                    "FROM", "WHERE", "GROUP", "HAVING", "ORDER", "LIMIT", "OFFSET",
                    "DISTINCT", "ALL", "UNION", "INTERSECT", "EXCEPT",
                    # 连接关键字
                    "JOIN", "INNER", "LEFT", "RIGHT", "FULL", "CROSS", "NATURAL", "USING", "ON",
-                
+                    "TABLE", "VIEW", "INDEX", "PRIMARY", "KEY", "FOREIGN", "REFERENCES", "NOT", 
-                    # 数据类型和约束关键字
+                    "NULL", "UNIQUE", "CHECK", "DEFAULT", "IF", "ELSE", "CASE", "WHEN", "THEN", 
-                    "TABLE", "VIEW", "INDEX", "PRIMARY", "KEY", "FOREIGN", "REFERENCES",
+                    "END", "LOOP", "FOR", "WHILE", "CREATE", "ALTER", "DROP", "TRUNCATE", "COMMENT",
-                    "NOT", "NULL", "UNIQUE", "CHECK", "DEFAULT",
+                    "EXISTS", "IN", "IS", "LIKE", "ILIKE", "SIMILAR", "BETWEEN", "AND", "OR", "ANY", 
-                
+                    "ALL", "SOME", "FETCH", "NEXT", "ONLY", "ASC", "DESC", "GRANT", "REVOKE", "ROLE", 
-                    # 控制关键字
+                    "USER", "CURRENT_DATE", "CURRENT_TIME", "CURRENT_TIMESTAMP",
                    "IF", "ELSE", "CASE", "WHEN", "THEN", "END", "LOOP", "FOR", "WHILE",
                    # 其他
                    "CREATE", "ALTER", "DROP", "TRUNCATE", "COMMENT",
                    "EXISTS", "IN", "IS", "LIKE", "ILIKE", "SIMILAR", "BETWEEN",
                    "AND", "OR", "ANY", "ALL", "SOME",
                    "FETCH", "NEXT", "ONLY", "ASC", "DESC",
                    "GRANT", "REVOKE", "ROLE", "USER",
                    "CURRENT_DATE", "CURRENT_TIME", "CURRENT_TIMESTAMP",
                }
                if alias_name and alias_name.upper().split()[0] not in sql_keywords:
@ -771,9 +761,6 @@ async def replace_table_with_subquery(ctrSqlDict, oldStrSql):
                    alias = original_table.split('.')[-1]
                    replaced = f"{keyword} ({subquery}) AS {alias}{alias_part or ''}"
                    table_alias_map[original_table] = alias
            else:
                alias = table_alias_map[original_table]
                replaced = f"{keyword} {alias}"
            return replaced
@ -791,8 +778,6 @@ async def replace_table_with_subquery(ctrSqlDict, oldStrSql):
    return oldStrSql
 async def get_data_source_tree(request: Request, current_user: MetaSecurityApiModel):
   url = f'{AppConfig.ds_server_url}/dolphinscheduler/datasources/withpwdlist?pageNo=1&pageSize=100'