From 8a1d8c0b05af4fb3bcedd0d657eee0febeb10817 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=97=E5=AD=90?= <i@haozi.net>
Date: Fri, 28 Jun 2024 01:20:37 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BC=98=E5=8C=96=E6=95=B0=E6=8D=AE?=
 =?UTF-8?q?=E5=BA=93=E6=AD=A3=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controllers/plugins/mysql_controller.go   | 28 +++++++++----------
 .../plugins/postgresql_controller.go          | 24 ++++++++--------
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/app/http/controllers/plugins/mysql_controller.go b/app/http/controllers/plugins/mysql_controller.go
index 0d74848e..451e77b1 100644
--- a/app/http/controllers/plugins/mysql_controller.go
+++ b/app/http/controllers/plugins/mysql_controller.go
@@ -225,9 +225,9 @@ func (r *MySQLController) DatabaseList(ctx http.Context) http.Response {
 // AddDatabase 添加数据库
 func (r *MySQLController) AddDatabase(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"password": "required|min_len:8|max_len:255",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:32",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -257,7 +257,7 @@ func (r *MySQLController) AddDatabase(ctx http.Context) http.Response {
 // DeleteDatabase 删除数据库
 func (r *MySQLController) DeleteDatabase(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -316,7 +316,7 @@ func (r *MySQLController) UploadBackup(ctx http.Context) http.Response {
 // CreateBackup 创建备份
 func (r *MySQLController) CreateBackup(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -350,7 +350,7 @@ func (r *MySQLController) DeleteBackup(ctx http.Context) http.Response {
 func (r *MySQLController) RestoreBackup(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
 		"backup":   "required|min_len:1|max_len:255",
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -388,9 +388,9 @@ func (r *MySQLController) UserList(ctx http.Context) http.Response {
 // AddUser 添加用户
 func (r *MySQLController) AddUser(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"password": "required|min_len:8|max_len:255",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:32",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -416,7 +416,7 @@ func (r *MySQLController) AddUser(ctx http.Context) http.Response {
 // DeleteUser 删除用户
 func (r *MySQLController) DeleteUser(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"user": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
+		"user": "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -437,8 +437,8 @@ func (r *MySQLController) DeleteUser(ctx http.Context) http.Response {
 // SetUserPassword 设置用户密码
 func (r *MySQLController) SetUserPassword(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"password": "required|min_len:8|max_len:255",
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:32",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -460,8 +460,8 @@ func (r *MySQLController) SetUserPassword(ctx http.Context) http.Response {
 // SetUserPrivileges 设置用户权限
 func (r *MySQLController) SetUserPrivileges(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"database": "required|min_len:1|max_len:255",
+		"user":     "required|min_len:1|max_len:32|regex:^[a-zA-Z0-9_]+$",
+		"database": "required|min_len:1|max_len:64|regex:^[a-zA-Z0-9_]+$",
 	}); sanitize != nil {
 		return sanitize
 	}
diff --git a/app/http/controllers/plugins/postgresql_controller.go b/app/http/controllers/plugins/postgresql_controller.go
index 95fb2dc8..987fb829 100644
--- a/app/http/controllers/plugins/postgresql_controller.go
+++ b/app/http/controllers/plugins/postgresql_controller.go
@@ -202,9 +202,9 @@ func (r *PostgreSQLController) DatabaseList(ctx http.Context) http.Response {
 // AddDatabase 添加数据库
 func (r *PostgreSQLController) AddDatabase(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"password": "required|min_len:8|max_len:255",
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:40",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -241,7 +241,7 @@ func (r *PostgreSQLController) AddDatabase(ctx http.Context) http.Response {
 // DeleteDatabase 删除数据库
 func (r *PostgreSQLController) DeleteDatabase(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -295,7 +295,7 @@ func (r *PostgreSQLController) UploadBackup(ctx http.Context) http.Response {
 // CreateBackup 创建备份
 func (r *PostgreSQLController) CreateBackup(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -329,7 +329,7 @@ func (r *PostgreSQLController) DeleteBackup(ctx http.Context) http.Response {
 func (r *PostgreSQLController) RestoreBackup(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
 		"backup":   "required|min_len:1|max_len:255",
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$|not_in:information_schema,mysql,performance_schema,sys",
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$|not_in:postgres,template0,template1",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -420,9 +420,9 @@ func (r *PostgreSQLController) RoleList(ctx http.Context) http.Response {
 // AddRole 添加角色
 func (r *PostgreSQLController) AddRole(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"database": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"password": "required|min_len:8|max_len:255",
+		"database": "required|min_len:1|max_len:63|regex:^[a-zA-Z0-9_]+$",
+		"user":     "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:40",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -452,7 +452,7 @@ func (r *PostgreSQLController) AddRole(ctx http.Context) http.Response {
 // DeleteRole 删除角色
 func (r *PostgreSQLController) DeleteRole(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"user": "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
+		"user": "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
 	}); sanitize != nil {
 		return sanitize
 	}
@@ -475,8 +475,8 @@ func (r *PostgreSQLController) DeleteRole(ctx http.Context) http.Response {
 // SetRolePassword 设置用户密码
 func (r *PostgreSQLController) SetRolePassword(ctx http.Context) http.Response {
 	if sanitize := controllers.Sanitize(ctx, map[string]string{
-		"user":     "required|min_len:1|max_len:255|regex:^[a-zA-Z][a-zA-Z0-9_]+$",
-		"password": "required|min_len:8|max_len:255",
+		"user":     "required|min_len:1|max_len:30|regex:^[a-zA-Z0-9_]+$",
+		"password": "required|min_len:8|max_len:40",
 	}); sanitize != nil {
 		return sanitize
 	}