afan
/
CaiYouHui_backend
Следить 1
В избранное 0
Форкнуть 0
Код Задачи 0 Pull Request'ы 0 Релизы 0 Вики Активность
CaiYouHui后端fastapi实现
1 коммит
1 ветка
Дерево: 64745d5c7c
веток Теги
${ item.name }
Создать ветку ${ searchTerm }
из '64745d5c7c'
${ noResults }
CaiYouHui_backend/app/api/v1/admin.py

admin.py 5.3KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 
  1. # app/api/admin.py

  2. from fastapi import APIRouter, Depends, HTTPException

  3. from fastapi.responses import JSONResponse

  4. from sqlalchemy.orm import Session

  5. from sqlalchemy import text

  6. import json

  7. 

  8. from ..dependencies.auth import get_current_user

  9. from ..models.user import User

  10. from ..database import get_db

  11. 

  12. router = APIRouter(prefix="/admin", tags=["admin"])

  13. 

  14. @router.get("/database/tables")

  15. async def get_database_tables(

  16.     db: Session = Depends(get_db),

  17.     current_user: User = Depends(get_current_user)

  18. ):

  19.     """获取所有表(需要管理员权限)"""

  20.     if not current_user.is_superuser:

  21.         raise HTTPException(status_code=403, detail="需要管理员权限")

  22.     

  23.     try:

  24.         # 使用 SQLAlchemy 执行原生 SQL

  25.         result = db.execute(text("""

  26.             SELECT name, type, sql 

  27.             FROM sqlite_master 

  28.             WHERE type='table' 

  29.             AND name NOT LIKE 'sqlite_%'

  30.             ORDER BY name;

  31.         """))

  32.         

  33.         tables = []

  34.         for row in result:

  35.             tables.append({

  36.                 "name": row[0],

  37.                 "type": row[1],

  38.                 "sql": row[2]

  39.             })

  40.         

  41.         return JSONResponse(content={"tables": tables})

  42.     

  43.     except Exception as e:

  44.         raise HTTPException(status_code=500, detail=str(e))

  45. 

  46. @router.get("/database/table/{table_name}")

  47. async def get_table_data(

  48.     table_name: str,

  49.     limit: int = 100,

  50.     db: Session = Depends(get_db),

  51.     current_user: User = Depends(get_current_user)

  52. ):

  53.     """获取表数据(需要管理员权限)"""

  54.     if not current_user.is_superuser:

  55.         raise HTTPException(status_code=403, detail="需要管理员权限")

  56.     

  57.     try:

  58.         # 先验证表存在且可访问

  59.         result = db.execute(text(f"SELECT name FROM sqlite_master WHERE type='table' AND name='{table_name}';"))

  60.         if not result.fetchone():

  61.             raise HTTPException(status_code=404, detail="表不存在")

  62.         

  63.         # 获取表结构

  64.         columns_result = db.execute(text(f"PRAGMA table_info({table_name});"))

  65.         columns = []

  66.         for row in columns_result:

  67.             columns.append({

  68.                 "cid": row[0],

  69.                 "name": row[1],

  70.                 "type": row[2],

  71.                 "notnull": bool(row[3]),

  72.                 "default_value": row[4],

  73.                 "pk": bool(row[5])

  74.             })

  75.         

  76.         # 获取数据

  77.         data_result = db.execute(text(f"SELECT * FROM {table_name} LIMIT {limit};"))

  78.         

  79.         # 获取列名

  80.         column_names = [desc[0] for desc in data_result.cursor.description]

  81.         

  82.         # 获取数据行

  83.         rows = []

  84.         for row in data_result:

  85.             row_dict = {}

  86.             for i, value in enumerate(row):

  87.                 # 处理特殊类型(如 datetime)

  88.                 if hasattr(value, 'isoformat'):

  89.                     row_dict[column_names[i]] = value.isoformat()

  90.                 else:

  91.                     row_dict[column_names[i]] = value

  92.             rows.append(row_dict)

  93.         

  94.         # 统计总数

  95.         count_result = db.execute(text(f"SELECT COUNT(*) FROM {table_name};"))

  96.         total_count = count_result.scalar()

  97.         

  98.         return JSONResponse(content={

  99.             "table": table_name,

  100.             "columns": columns,

  101.             "data": rows,

  102.             "total_count": total_count,

  103.             "showing": len(rows)

  104.         })

  105.     

  106.     except HTTPException:

  107.         raise

  108.     except Exception as e:

  109.         raise HTTPException(status_code=500, detail=str(e))

  110. 

  111. @router.post("/database/query")

  112. async def execute_custom_query(

  113.     query: str,

  114.     db: Session = Depends(get_db),

  115.     current_user: User = Depends(get_current_user)

  116. ):

  117.     """执行自定义查询(需要管理员权限,生产环境请谨慎)"""

  118.     if not current_user.is_superuser:

  119.         raise HTTPException(status_code=403, detail="需要管理员权限")

  120.     

  121.     # 安全限制:不允许修改操作

  122.     query_lower = query.strip().lower()

  123.     dangerous_keywords = ["drop", "delete", "update", "insert", "alter", "truncate"]

  124.     

  125.     if any(keyword in query_lower for keyword in dangerous_keywords):

  126.         raise HTTPException(status_code=400, detail="只允许SELECT查询")

  127.     

  128.     try:

  129.         result = db.execute(text(query))

  130.         

  131.         # 如果是查询语句

  132.         if query_lower.startswith("select"):

  133.             # 获取列名

  134.             column_names = [desc[0] for desc in result.cursor.description]

  135.             

  136.             # 获取数据

  137.             rows = []

  138.             for row in result:

  139.                 row_dict = {}

  140.                 for i, value in enumerate(row):

  141.                     if hasattr(value, 'isoformat'):

  142.                         row_dict[column_names[i]] = value.isoformat()

  143.                     else:

  144.                         row_dict[column_names[i]] = value

  145.                 rows.append(row_dict)

  146.             

  147.             return JSONResponse(content={

  148.                 "query": query,

  149.                 "columns": column_names,

  150.                 "data": rows,

  151.                 "row_count": len(rows)

  152.             })

  153.         else:

  154.             # 非查询语句

  155.             db.commit()

  156.             return JSONResponse(content={

  157.                 "query": query,

  158.                 "affected_rows": result.rowcount,

  159.                 "message": "执行成功"

  160.             })

  161.     

  162.     except Exception as e:

  163.         raise HTTPException(status_code=500, detail=str(e))