package kingdee
|
|
import (
|
"encoding/json"
|
"strings"
|
|
"kingdee-dbapi/config"
|
"kingdee-dbapi/logger"
|
"kingdee-dbapi/nsqclient"
|
)
|
|
func QueryMsgHandle(data []byte) error {
|
var result []interface{}
|
|
var sql = string(data)
|
|
logger.Debug("接收到查询请求,%s", sql)
|
|
if !sqlCheck(sql) {
|
logger.Warn("识别到危险的sql语句, 拒绝执行. %s", sql)
|
|
return nil
|
}
|
|
if db == nil {
|
logger.Debug("数据库未连接")
|
|
return nil
|
}
|
|
rows, err := db.Raw(`select * from users`).Rows()
|
if err != nil {
|
result = append(result, err.Error())
|
return err
|
}
|
|
var colums []string
|
for rows.Next() {
|
//先获取所有的column
|
if colums == nil {
|
colums, _ = rows.Columns()
|
}
|
|
//建立俩个interface数组,columnPointers中存在columns的地址
|
columns := make([]interface{}, len(colums))
|
columnPointers := make([]interface{}, len(colums))
|
for i, _ := range columns {
|
//赋值地址
|
columnPointers[i] = &columns[i]
|
}
|
|
//扫描结果
|
rows.Scan(columnPointers...)
|
m := make(map[string]interface{})
|
for i, colName := range colums {
|
val := columnPointers[i].(*interface{})
|
m[colName] = *val
|
}
|
|
result = append(result, m)
|
//result = append(result, row)
|
}
|
|
logger.Debug("数据库返回数据%+v", result)
|
b, _ := json.Marshal(result)
|
|
ok := nsqclient.Produce(config.Options.ReplyTopic, b)
|
if !ok {
|
logger.Warn("应答查询请求失败.")
|
} else {
|
logger.Debug("应答查询请求成功. 数据:%s", string(b))
|
}
|
|
return nil
|
}
|
|
// 简单过滤下sql语句,拒绝增删改操作
|
func sqlCheck(sql string) bool {
|
var dangerousWords = []string{"INSERT", "UPDATE", "DELETE", "ALTER", "DROP", "DECLARE", "EXECUTE", "EXEC", "INTO", "TRANCATE"}
|
|
var upperStr = strings.ToUpper(sql)
|
|
for _, word := range dangerousWords {
|
if strings.Contains(upperStr, word) {
|
return false
|
}
|
}
|
|
return true
|
}
|
