Add unsafe_import route
This commit is contained in:
parent
804fb5862a
commit
eff89e7100
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -5,3 +5,4 @@ python-venv/
|
|||
tickmate-backup-20230524.db
|
||||
server/public/
|
||||
db.mount/
|
||||
tickmate-dump.sql
|
||||
|
|
|
@ -3,6 +3,10 @@ name = "kalkulog-server"
|
|||
version = "0.1.0"
|
||||
edition = "2021"
|
||||
|
||||
[features]
|
||||
default = ["unsafe_import"]
|
||||
unsafe_import = []
|
||||
|
||||
[[bin]]
|
||||
name = "kalkulog-server"
|
||||
path = "src/main.rs"
|
||||
|
|
27
server/src/api/import.rs
Normal file
27
server/src/api/import.rs
Normal file
|
@ -0,0 +1,27 @@
|
|||
use rocket::{http::Status, State};
|
||||
use sea_orm::{ConnectionTrait, DatabaseBackend, DatabaseConnection, Statement};
|
||||
|
||||
use crate::error::Error;
|
||||
|
||||
use super::error::ApiResult;
|
||||
|
||||
/// This is behind a feature gate for a reason: it's wildly unsafe and
|
||||
/// insecure. It absolutely enables arbitrary sql injection.
|
||||
#[cfg(feature = "unsafe_import")]
|
||||
#[post("/import", data = "<sql_dump>")]
|
||||
pub(crate) async fn import_sql(
|
||||
db: &State<DatabaseConnection>,
|
||||
sql_dump: &str,
|
||||
) -> ApiResult<Status> {
|
||||
for line in sql_dump.lines() {
|
||||
let line = line.to_ascii_lowercase();
|
||||
if line.starts_with("insert into")
|
||||
&& !(line.contains("sqlite_sequence") || line.contains("android_metadata"))
|
||||
{
|
||||
db.execute(Statement::from_string(DatabaseBackend::Postgres, line))
|
||||
.await
|
||||
.map_err(Error::from)?;
|
||||
}
|
||||
}
|
||||
Ok(Status::Ok)
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
mod error;
|
||||
mod groups;
|
||||
mod import;
|
||||
mod ticks;
|
||||
mod tracks;
|
||||
|
||||
|
@ -7,9 +8,10 @@ use std::default::default;
|
|||
use std::net::{IpAddr, Ipv4Addr};
|
||||
|
||||
use rocket::fs::{FileServer, NamedFile};
|
||||
use rocket::Config;
|
||||
use rocket::{routes, Config};
|
||||
use sea_orm::DatabaseConnection;
|
||||
|
||||
use crate::api::import::import_sql;
|
||||
use crate::error::Error;
|
||||
use crate::rocket::{Build, Rocket};
|
||||
|
||||
|
@ -33,7 +35,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
|
|||
use groups::*;
|
||||
use ticks::*;
|
||||
use tracks::*;
|
||||
rocket::build()
|
||||
let it = rocket::build()
|
||||
.configure(Config {
|
||||
address: IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
|
||||
..default()
|
||||
|
@ -53,5 +55,10 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
|
|||
"/api/v1/groups",
|
||||
routes![all_groups, group, insert_group, update_group, delete_group],
|
||||
)
|
||||
.mount("/", FileServer::from("/src/public"))
|
||||
.mount("/", FileServer::from("/src/public"));
|
||||
|
||||
#[cfg(feature = "unsafe_import")]
|
||||
let it = it.mount("/api/v1", routes![import_sql]);
|
||||
|
||||
it
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue