-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] function校验失败和不允许 UNKNOWN 用户的 GET 请求 #702
Comments
1.所有远程函数,在 Function 表配置的参数值都是 String 类型,一般只传 key 名或路径,对应 DemoFunctionParser 中的 Java 方法,第 0 个参数为 JSONObject curObj, 后面的都是 String key0, String key1..., 通过 Long value0 = curObj.getLong(key0) 或 getArgVal(key0) 这样的方式取值 具体见: 2.Access, Function, Request 这些 APIJSON 系统配置表,要么通过重启项目来更新到内存,要么调 /reload 接口来更新。 这个 Demo 是 setNeedVerify(true),默认需要配置 Access 和 Request 表,改成 false 就不用了,但也没了对应的安全检查,只推荐测试时使用: 重启也识别不到变更,这个早期版本是因为超过了 Parser.getMaxQueryCount (默认 100)的限制导致,后面版本在 AbstractSQLConfig.SYSTEM_ACCESS_MAP 中默认配置了 Access 等表,已经不限制加载数量了,可以断点调试下 limitSQLCount 的返回值,对 Access 等配置表应该为 return false: |
已解决,感谢 @jia199807 的贡献~ |
APIJSON Version/APIJSON 版本号
6.4.0-springboot3
Database Type & Version/数据库类型及版本号
postgresql16.2和mysql5.7
Environment/环境信息
APIAuto Screenshots/APIAuto 请求与结果完整截屏
{ "EX_sys_users": { "id": 1 }, "ok": false, "code": 401, "msg": "EX_sys_users 不允许 UNKNOWN 用户的 GET 请求!", "debug:info|help": "浏览器打开以下链接查看解答。。。。}
Current Behavior/问题描述
Expected Behavior/期望结果
No response
Any additional comments?/其它补充说明?
No response
The text was updated successfully, but these errors were encountered: