Diuse/zhenxun_bot
1
0
Fork 0
mirror of https://github.com/zhenxun-org/zhenxun_bot.git synced 2025-12-15 14:22:55 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

修复路径问题

Browse Source
This commit is contained in:
HibiKier 2025-05-11 05:28:22 +08:00
parent e84fc89fed
commit d861e1ccfc
1 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
zhenxun/builtin_plugins/web_ui/api/configure/__init__.py
View File

@ -42,6 +42,31 @@ async def _(setting: Setting) -> Result:
if not env_file.exists(): if not env_file.exists():
return Result.fail("配置文件.env.dev不存在。") return Result.fail("配置文件.env.dev不存在。")
env_text = env_file.read_text(encoding="utf-8") env_text = env_file.read_text(encoding="utf-8")
if setting.db_url:
if setting.db_url.startswith("sqlite"):
base_dir = Path().resolve()
# 清理和验证数据库路径
db_path_str = setting.db_url.split(":")[-1].strip()
# 移除任何可能的路径遍历尝试
db_path_str = re.sub(r"[\\/]\.\.[\\/]", "", db_path_str)
# 规范化路径
db_path = Path(db_path_str).resolve()
parent_path = db_path.parent
# 验证路径是否在项目根目录内
try:
if not parent_path.absolute().is_relative_to(base_dir):
return Result.fail("数据库路径不在项目根目录内。")
except ValueError:
return Result.fail("无效的数据库路径。")
# 创建目录
try:
parent_path.mkdir(parents=True, exist_ok=True)
except Exception as e:
return Result.fail(f"创建数据库目录失败: {e!s}")
env_text = env_text.replace('DB_URL = ""', f'DB_URL = "{setting.db_url}"')
if setting.superusers: if setting.superusers:
superusers = ", ".join([f'"{s}"' for s in setting.superusers]) superusers = ", ".join([f'"{s}"' for s in setting.superusers])
env_text = re.sub(r"SUPERUSERS=\[.*?\]", f"SUPERUSERS=[{superusers}]", env_text) env_text = re.sub(r"SUPERUSERS=\[.*?\]", f"SUPERUSERS=[{superusers}]", env_text)
@ -50,15 +75,6 @@ async def _(setting: Setting) -> Result:
if setting.port: if setting.port:
env_text = env_text.replace("PORT = 8080", f"PORT = {setting.port}") env_text = env_text.replace("PORT = 8080", f"PORT = {setting.port}")
port = setting.port port = setting.port
if setting.db_url:
if setting.db_url.startswith("sqlite"):
base_dir = Path().resolve()
db_path = Path(setting.db_url.split(":")[-1]).resolve()
parent_path = db_path.parent
if not parent_path.absolute().is_relative_to(base_dir):
return Result.fail("数据库路径不在项目根目录内。")
parent_path.mkdir(parents=True, exist_ok=True)
env_text = env_text.replace('DB_URL = ""', f'DB_URL = "{setting.db_url}"')
if setting.username: if setting.username:
Config.set_config("web-ui", "username", setting.username) Config.set_config("web-ui", "username", setting.username)
Config.set_config("web-ui", "password", setting.password, True) Config.set_config("web-ui", "password", setting.password, True)