Add unsafe_import route
This commit is contained in:
parent
804fb5862a
commit
eff89e7100
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -5,3 +5,4 @@ python-venv/
|
||||||
tickmate-backup-20230524.db
|
tickmate-backup-20230524.db
|
||||||
server/public/
|
server/public/
|
||||||
db.mount/
|
db.mount/
|
||||||
|
tickmate-dump.sql
|
||||||
|
|
|
@ -3,6 +3,10 @@ name = "kalkulog-server"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
edition = "2021"
|
edition = "2021"
|
||||||
|
|
||||||
|
[features]
|
||||||
|
default = ["unsafe_import"]
|
||||||
|
unsafe_import = []
|
||||||
|
|
||||||
[[bin]]
|
[[bin]]
|
||||||
name = "kalkulog-server"
|
name = "kalkulog-server"
|
||||||
path = "src/main.rs"
|
path = "src/main.rs"
|
||||||
|
|
27
server/src/api/import.rs
Normal file
27
server/src/api/import.rs
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
use rocket::{http::Status, State};
|
||||||
|
use sea_orm::{ConnectionTrait, DatabaseBackend, DatabaseConnection, Statement};
|
||||||
|
|
||||||
|
use crate::error::Error;
|
||||||
|
|
||||||
|
use super::error::ApiResult;
|
||||||
|
|
||||||
|
/// This is behind a feature gate for a reason: it's wildly unsafe and
|
||||||
|
/// insecure. It absolutely enables arbitrary sql injection.
|
||||||
|
#[cfg(feature = "unsafe_import")]
|
||||||
|
#[post("/import", data = "<sql_dump>")]
|
||||||
|
pub(crate) async fn import_sql(
|
||||||
|
db: &State<DatabaseConnection>,
|
||||||
|
sql_dump: &str,
|
||||||
|
) -> ApiResult<Status> {
|
||||||
|
for line in sql_dump.lines() {
|
||||||
|
let line = line.to_ascii_lowercase();
|
||||||
|
if line.starts_with("insert into")
|
||||||
|
&& !(line.contains("sqlite_sequence") || line.contains("android_metadata"))
|
||||||
|
{
|
||||||
|
db.execute(Statement::from_string(DatabaseBackend::Postgres, line))
|
||||||
|
.await
|
||||||
|
.map_err(Error::from)?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(Status::Ok)
|
||||||
|
}
|
|
@ -1,5 +1,6 @@
|
||||||
mod error;
|
mod error;
|
||||||
mod groups;
|
mod groups;
|
||||||
|
mod import;
|
||||||
mod ticks;
|
mod ticks;
|
||||||
mod tracks;
|
mod tracks;
|
||||||
|
|
||||||
|
@ -7,9 +8,10 @@ use std::default::default;
|
||||||
use std::net::{IpAddr, Ipv4Addr};
|
use std::net::{IpAddr, Ipv4Addr};
|
||||||
|
|
||||||
use rocket::fs::{FileServer, NamedFile};
|
use rocket::fs::{FileServer, NamedFile};
|
||||||
use rocket::Config;
|
use rocket::{routes, Config};
|
||||||
use sea_orm::DatabaseConnection;
|
use sea_orm::DatabaseConnection;
|
||||||
|
|
||||||
|
use crate::api::import::import_sql;
|
||||||
use crate::error::Error;
|
use crate::error::Error;
|
||||||
use crate::rocket::{Build, Rocket};
|
use crate::rocket::{Build, Rocket};
|
||||||
|
|
||||||
|
@ -33,7 +35,7 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
|
||||||
use groups::*;
|
use groups::*;
|
||||||
use ticks::*;
|
use ticks::*;
|
||||||
use tracks::*;
|
use tracks::*;
|
||||||
rocket::build()
|
let it = rocket::build()
|
||||||
.configure(Config {
|
.configure(Config {
|
||||||
address: IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
|
address: IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)),
|
||||||
..default()
|
..default()
|
||||||
|
@ -53,5 +55,10 @@ pub(crate) fn start_server(db: DatabaseConnection) -> Rocket<Build> {
|
||||||
"/api/v1/groups",
|
"/api/v1/groups",
|
||||||
routes![all_groups, group, insert_group, update_group, delete_group],
|
routes![all_groups, group, insert_group, update_group, delete_group],
|
||||||
)
|
)
|
||||||
.mount("/", FileServer::from("/src/public"))
|
.mount("/", FileServer::from("/src/public"));
|
||||||
|
|
||||||
|
#[cfg(feature = "unsafe_import")]
|
||||||
|
let it = it.mount("/api/v1", routes![import_sql]);
|
||||||
|
|
||||||
|
it
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue