diff --git a/src/access.lua b/src/access.lua index 405e55c..0007244 100755 --- a/src/access.lua +++ b/src/access.lua @@ -8,32 +8,32 @@ function test_output(content, status) end function split(str, delimiter) - if str==nil or str=='' or delimiter==nil then + if str == nil or str == '' or delimiter == nil then return nil end - + local result = {} - for match in (str..delimiter):gmatch("(.-)"..delimiter) do + for match in (str .. delimiter):gmatch("(.-)" .. delimiter) do table.insert(result, match) end return result end function rewrite(request_uri, reg, original_uri) - i, j = string.find(request_uri, reg) - if i ~= nil then - local real_uri, index=string.gsub(request_uri, reg, original_uri, 1) - return real_uri - end - return nil + i, j = string.find(request_uri, reg) + if i ~= nil then + local real_uri, index = string.gsub(request_uri, reg, original_uri, 1) + return real_uri + end + return nil end function _M.dispatch() local cjson = require "cjson" local cache = ngx.shared.cache - local config_str=cache:get(ngx.var.host); + local config_str = cache:get(ngx.var.host); if config_str == nil then - config_str=cache:get("localhost"); + config_str = cache:get("localhost"); if config_str == nil then ngx.exit(404) end @@ -41,19 +41,19 @@ function _M.dispatch() local config = cjson.decode(config_str) - local real_uri = nil - local api_info = nil + local real_uri + local api_info local api_uri_array = config["api_uri_array"] local api_uri_map = config["api_uri_map"] local uri = ngx.var.uri if ngx.var.args ~= nil then - uri = uri.."?"..ngx.var.args + uri = uri .. "?" .. ngx.var.args end - for k,uri_regx in pairs(api_uri_array) do + for k, uri_regx in pairs(api_uri_array) do local api_info_t = api_uri_map[uri_regx]; real_uri = rewrite(uri, api_info_t["request_uri"], api_info_t["original_uri"]); - if(real_uri ~= nil) then + if (real_uri ~= nil) then api_info = api_info_t break; end @@ -70,20 +70,20 @@ function _M.dispatch() ngx.exit(503) end - local request_index_cache_key = ngx.var.host.."_request_index_"..api_info["request_uri"] + local request_index_cache_key = ngx.var.host .. "_request_index_" .. api_info["request_uri"] local request_index = cache:get(request_index_cache_key) if request_index == nil then request_index = 1 end - cache:set(request_index_cache_key, request_index+1) - local server = servers[request_index%server_count+1]; + cache:set(request_index_cache_key, request_index + 1) + local server = servers[request_index % server_count + 1]; if api_info["host"] == "localhost" then api_info["host"] = ngx.var.host end if server["protocol"] ~= nil and server["protocol"] ~= "" then - ngx.var.upstream = server["protocol"].."servers" + ngx.var.upstream = server["protocol"] .. "servers" end ngx.var.backend_host = server["ip"] diff --git a/src/model/api.lua b/src/model/api.lua index d84d669..8f043f3 100755 --- a/src/model/api.lua +++ b/src/model/api.lua @@ -1,10 +1,11 @@ local mysql = require "model.mysql" local api_model = {} +-- 由于系统都是内部使用,对SQL注入问题没有特殊处理 function api_model.getApis() local db = mysql.getDb() local apis, err, errno, sqlstate = db:query("select * from agw_api", 10) - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return apis, err end @@ -12,21 +13,21 @@ function api_model.add(service_id, request_uri, original_uri, description) local db = mysql.getDb() description = ndk.set_var.set_quote_sql_str(description) local res, err, errno, sqlstate = db:query("INSERT INTO agw_api (service_id,request_uri,original_uri,description)values(\'"..service_id.."\',\'"..request_uri.."\',\'"..original_uri.."\',"..description..")", 10) - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return res, err end function api_model.delete(aid) local db = mysql.getDb() local res, err, errno, sqlstate = db:query("DELETE FROM agw_api WHERE id="..aid, 10) - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return res, err end function api_model.deleteByServiceId(sid) local db = mysql.getDb() local res, err, errno, sqlstate = db:query("DELETE FROM agw_api WHERE service_id="..sid, 10) - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return res, err end @@ -34,7 +35,7 @@ function api_model.update(id, request_uri, original_uri, description) local db = mysql.getDb() description = ndk.set_var.set_quote_sql_str(description) local res, err, errno, sqlstate = db:query("UPDATE agw_api SET request_uri=\'"..request_uri.."\',original_uri=\'"..original_uri.."\',description="..description.." WHERE id="..id, 10) - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return res, err end @@ -47,14 +48,14 @@ function api_model.getApi(id) else err = "error api id" end - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return api, err end function api_model.getServiceApis(sid) local db = mysql.getDb() local services, err, errno, sqlstate = db:query("SELECT * FROM agw_api WHERE service_id="..sid, 10) - db:set_keepalive(10000, 100) + db:set_keepalive(10000, 10) return services, err end diff --git a/src/model/module.lua b/src/model/module.lua index c398389..ce23281 100755 --- a/src/model/module.lua +++ b/src/model/module.lua @@ -2,8 +2,9 @@ local mysql = require "model.mysql" local service_model = {} function service_model.add(domain_id, name, host, description) + description = ndk.set_var.set_quote_sql_str(description) local db = mysql.getDb() - local res, err, errno, sqlstate = db:query("INSERT INTO agw_service (domain_id, name,host,description)values(\'"..domain_id.."\',\'"..name.."\',\'"..host.."\',\'"..description.."\')", 10) + local res, err, errno, sqlstate = db:query("INSERT INTO agw_service (domain_id, name,host,description)values(\'"..domain_id.."\',\'"..name.."\',\'"..host.."\',"..description..")", 10) db:set_keepalive(10000, 100) return res, err end @@ -23,8 +24,9 @@ function service_model.delete(id) end function service_model.update(id, name, host, description) + description = ndk.set_var.set_quote_sql_str(description) local db = mysql.getDb() - local res, err, errno, sqlstate = db:query("UPDATE agw_service SET name=\'"..name.."\',host=\'"..host.."\',description=\'"..description.."\' WHERE id="..id, 10) + local res, err, errno, sqlstate = db:query("UPDATE agw_service SET name=\'"..name.."\',host=\'"..host.."\',description="..description.." WHERE id="..id, 10) db:set_keepalive(10000, 100) return res, err end diff --git a/src/model/server.lua b/src/model/server.lua index 3a123b7..0d7e886 100755 --- a/src/model/server.lua +++ b/src/model/server.lua @@ -2,8 +2,9 @@ local mysql = require "model.mysql" local server_model = {} function server_model.add(service_id, ip, port, weight, description, protocol) + description = ndk.set_var.set_quote_sql_str(description) local db = mysql.getDb() - local res, err, errno, sqlstate = db:query("INSERT INTO agw_server(service_id,ip,port,weight,description,protocol)values(\'"..service_id.."\',\'"..ip.."\',\'"..port.."\',\'"..weight.."\',\'"..description.."\',\'"..protocol.."\')", 10) + local res, err, errno, sqlstate = db:query("INSERT INTO agw_server(service_id,ip,port,weight,description,protocol)values(\'"..service_id.."\',\'"..ip.."\',\'"..port.."\',\'"..weight.."\',"..description..",\'"..protocol.."\')", 10) db:set_keepalive(10000, 100) return res, err end @@ -23,8 +24,9 @@ function server_model.deleteByServiceId(sid) end function server_model.update(server_id, ip, port, weight, description, protocol) + description = ndk.set_var.set_quote_sql_str(description) local db = mysql.getDb() - local res, err, errno, sqlstate = db:query("UPDATE agw_server SET ip=\'"..ip.."\',port="..port..",protocol=\'"..protocol.."\',weight=\'"..weight.."\',description=\'"..description.."\' WHERE id="..server_id, 10) + local res, err, errno, sqlstate = db:query("UPDATE agw_server SET ip=\'"..ip.."\',port="..port..",protocol=\'"..protocol.."\',weight=\'"..weight.."\',description="..description.." WHERE id="..server_id, 10) db:set_keepalive(10000, 100) return res, err end