CN-JS-HuiBai/PromdataPanel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

优化后端逻辑

Browse Source
This commit is contained in:
CN-JS-HuiBai
2026-04-12 17:56:49 +08:00
parent 24b5f8455e
commit 34bf4d5e91
2 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/db-schema-check.js
View File

@@ -69,7 +69,6 @@ const SCHEMA = {
latency_target VARCHAR(255), latency_target VARCHAR(255),
icp_filing VARCHAR(255), icp_filing VARCHAR(255),
ps_filing VARCHAR(255), ps_filing VARCHAR(255),
network_data_sources TEXT,
show_server_ip TINYINT(1) DEFAULT 0, show_server_ip TINYINT(1) DEFAULT 0,
ip_metric_name VARCHAR(100) DEFAULT NULL, ip_metric_name VARCHAR(100) DEFAULT NULL,
ip_label_name VARCHAR(100) DEFAULT 'address', ip_label_name VARCHAR(100) DEFAULT 'address',
@@ -101,8 +100,7 @@ const SCHEMA = {
{ name: 'latency_target', sql: "ALTER TABLE site_settings ADD COLUMN latency_target VARCHAR(255) AFTER latency_dest" }, { name: 'latency_target', sql: "ALTER TABLE site_settings ADD COLUMN latency_target VARCHAR(255) AFTER latency_dest" },
{ name: 'icp_filing', sql: "ALTER TABLE site_settings ADD COLUMN icp_filing VARCHAR(255) AFTER latency_target" }, { name: 'icp_filing', sql: "ALTER TABLE site_settings ADD COLUMN icp_filing VARCHAR(255) AFTER latency_target" },
{ name: 'ps_filing', sql: "ALTER TABLE site_settings ADD COLUMN ps_filing VARCHAR(255) AFTER icp_filing" }, { name: 'ps_filing', sql: "ALTER TABLE site_settings ADD COLUMN ps_filing VARCHAR(255) AFTER icp_filing" },
{ name: 'network_data_sources', sql: "ALTER TABLE site_settings ADD COLUMN network_data_sources TEXT AFTER ps_filing" }, { name: 'show_server_ip', sql: "ALTER TABLE site_settings ADD COLUMN show_server_ip TINYINT(1) DEFAULT 0 AFTER ps_filing" },
{ name: 'show_server_ip', sql: "ALTER TABLE site_settings ADD COLUMN show_server_ip TINYINT(1) DEFAULT 0 AFTER network_data_sources" },
{ name: 'ip_metric_name', sql: "ALTER TABLE site_settings ADD COLUMN ip_metric_name VARCHAR(100) DEFAULT NULL AFTER show_server_ip" }, { name: 'ip_metric_name', sql: "ALTER TABLE site_settings ADD COLUMN ip_metric_name VARCHAR(100) DEFAULT NULL AFTER show_server_ip" },
{ name: 'ip_label_name', sql: "ALTER TABLE site_settings ADD COLUMN ip_label_name VARCHAR(100) DEFAULT 'address' AFTER ip_metric_name" }, { name: 'ip_label_name', sql: "ALTER TABLE site_settings ADD COLUMN ip_label_name VARCHAR(100) DEFAULT 'address' AFTER ip_metric_name" },
{ name: 'custom_metrics', sql: "ALTER TABLE site_settings ADD COLUMN custom_metrics JSON DEFAULT NULL AFTER ip_label_name" } { name: 'custom_metrics', sql: "ALTER TABLE site_settings ADD COLUMN custom_metrics JSON DEFAULT NULL AFTER ip_label_name" }

19
server/index.js
View File

@@ -164,6 +164,16 @@ async function requireServerDetailsAccess(req, res, next) {
const settings = await getSiteSettingsRow(); const settings = await getSiteSettingsRow();
req.siteSettings = settings; // Store for later use (e.g. IP stripping) req.siteSettings = settings; // Store for later use (e.g. IP stripping)
// 1. Mandatory source validation for detail access
const sourceName = req.query.source;
if (sourceName) {
const [sources] = await db.query('SELECT is_detail_source FROM prometheus_sources WHERE name = ?', [sourceName]);
if (sources.length === 0 || !sources[0].is_detail_source) {
return res.status(403).json({ error: '该数据源已禁用详情查看权限' });
}
}
// 2. Global login requirement check
const requiresLogin = settings.require_login_for_server_details !== undefined const requiresLogin = settings.require_login_for_server_details !== undefined
? !!settings.require_login_for_server_details ? !!settings.require_login_for_server_details
: true; : true;
@@ -175,7 +185,7 @@ async function requireServerDetailsAccess(req, res, next) {
return requireAuth(req, res, next); return requireAuth(req, res, next);
} catch (err) { } catch (err) {
console.error('Server details access check failed:', err); console.error('Server details access check failed:', err);
return res.status(500).json({ error: 'Failed to verify detail access' }); return res.status(500).json({ error: '权限验证失败' });
} }
} }
@@ -932,7 +942,7 @@ app.post('/api/settings', requireAuth, async (req, res) => {
const { const {
page_name, show_page_name, title, logo_url, logo_url_dark, favicon_url, page_name, show_page_name, title, logo_url, logo_url_dark, favicon_url,
default_theme, show_95_bandwidth, p95_type, require_login_for_server_details, default_theme, show_95_bandwidth, p95_type, require_login_for_server_details,
icp_filing, ps_filing, network_data_sources, show_server_ip, ip_metric_name, ip_label_name, custom_metrics icp_filing, ps_filing, show_server_ip, ip_metric_name, ip_label_name, custom_metrics
} = req.body; } = req.body;
// 3. Prepare parameters, prioritizing body but falling back to current // 3. Prepare parameters, prioritizing body but falling back to current
@@ -966,9 +976,9 @@ app.post('/api/settings', requireAuth, async (req, res) => {
id, page_name, show_page_name, title, logo_url, logo_url_dark, favicon_url, id, page_name, show_page_name, title, logo_url, logo_url_dark, favicon_url,
default_theme, show_95_bandwidth, p95_type, require_login_for_server_details, default_theme, show_95_bandwidth, p95_type, require_login_for_server_details,
blackbox_source_id, latency_source, latency_dest, latency_target, blackbox_source_id, latency_source, latency_dest, latency_target,
icp_filing, ps_filing, network_data_sources, show_server_ip, ip_metric_name, ip_label_name, icp_filing, ps_filing, show_server_ip, ip_metric_name, ip_label_name,
custom_metrics custom_metrics
) VALUES (1, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ) VALUES (1, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE ON DUPLICATE KEY UPDATE
page_name = VALUES(page_name), page_name = VALUES(page_name),
show_page_name = VALUES(show_page_name), show_page_name = VALUES(show_page_name),
@@ -986,7 +996,6 @@ app.post('/api/settings', requireAuth, async (req, res) => {
latency_target = VALUES(latency_target), latency_target = VALUES(latency_target),
icp_filing = VALUES(icp_filing), icp_filing = VALUES(icp_filing),
ps_filing = VALUES(ps_filing), ps_filing = VALUES(ps_filing),
network_data_sources = VALUES(network_data_sources),
show_server_ip = VALUES(show_server_ip), show_server_ip = VALUES(show_server_ip),
ip_metric_name = VALUES(ip_metric_name), ip_metric_name = VALUES(ip_metric_name),
ip_label_name = VALUES(ip_label_name), ip_label_name = VALUES(ip_label_name),