From 09d8a6e804e9acf9de474018f71029503ce83e2f Mon Sep 17 00:00:00 2001 From: xiaoz Date: Fri, 4 Mar 2022 18:54:18 +0800 Subject: [PATCH] 20220304 --- README.md | 4 +- class/Api.php | 95 ++++++++++++++++++++++++++++++++----- controller/api.php | 26 +++++++++- controller/login.php | 3 +- data/update.log | 7 ++- templates/default/index.php | 1 + 6 files changed, 118 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 084a108..a50f0bb 100755 --- a/README.md +++ b/README.md @@ -7,8 +7,6 @@ ![](https://i.bmp.ovh/imgs/2020/12/7a1eee25c16d2d81.png) - - ![](https://i.bmp.ovh/imgs/2020/12/abba0af566f3c16a.png) @@ -46,7 +44,7 @@ docker run -itd --name="onenav" -p 80:80 \ * `PASSWORD`:设置密码,上述设置为`xiaoz.me` * `/data/onenav`:本机挂载目录,用于持久存储Onenav数据 -> 更多说明,请参考帮助文档:https://www.yuque.com/helloz/onenav +> 更多说明,请参考帮助文档:https://dwz.ovh/onenav ## Demo diff --git a/class/Api.php b/class/Api.php index df1a17e..9bdcca3 100755 --- a/class/Api.php +++ b/class/Api.php @@ -417,27 +417,59 @@ class Api { } /** * 查询链接 + * 接收一个数组作为参数 */ - public function link_list($page,$limit,$token = ''){ - $offset = ($page - 1) * $limit; + public function link_list($data){ + $limit = $data['limit']; + $token = $data['token']; + $offset = ($data['page'] - 1) * $data['limit']; + $fid = @$data['category_id']; + + //如果存在分类ID,则根据分类ID进行查询 + if ($data['category_id'] != null) { + + $cid_sql = "WHERE fid = $fid"; + //统计链接总数 + $count = $this->db->count('on_links','*',[ + 'fid' => $fid + ]); + } + else{ + //统计链接总数,没有分类ID的情况 + $count = $this->db->count('on_links','*'); + } //如果成功登录,但token为空 if( ($this->is_login()) && (empty($token)) ){ - //统计总数 - $count = $this->db->count('on_links','*'); - $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; } //如果token验证通过 elseif( (!empty($token)) && ($this->auth($token)) ) { - //统计总数 - $count = $this->db->count('on_links','*'); - $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; } + //如果即没有登录成功,又没有token,则默认为游客 else{ - //统计总数 - $count = $this->db->count('on_links','*',[ 'property' => 0 ]); - $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links WHERE property = 0 ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; + $cid_sql = empty($fid) ? null : "AND fid = $fid"; + if($cid_sql == null) { + //统计链接总数,不存在分类ID的情况 + $count = $this->db->count('on_links','*',[ 'property' => 0 ]); + } + else{ + //统计链接总数,存在分类ID的情况 + $count = $this->db->count('on_links','*',[ + 'property' => 0, + 'fid' => $fid + ]); + } + + $sql = "SELECT *,(SELECT name FROM on_categorys WHERE id = on_links.fid) AS category_name FROM on_links WHERE property = 0 ${cid_sql} ORDER BY weight DESC,id DESC LIMIT {$limit} OFFSET {$offset}"; } + + //打印SQL + //echo $sql; + + //如果查询的总数大于limit,则以limit为准 + $count = ( $count > $limit) ? $limit : $count; //原生查询 $datas = $this->db->query($sql)->fetchAll(); @@ -449,6 +481,47 @@ class Api { ]; exit(json_encode($datas)); } + /** + * 查询单个链接 + * 此函数接收一个数组 + */ + public function get_a_link($data) { + $id = $data['id']; + $token = $data['token']; + $link_info = $this->db->get("on_links","*",[ + "id" => $id + ]); + //打印链接信息 + //var_dump($link_info); + //如果是公开链接,则直接返回 + if ( $link_info['property'] == "0" ) { + $datas = [ + 'code' => 0, + 'data' => $link_info + ]; + + } + //如果是私有链接,并且认证通过 + elseif( $link_info['property'] == "1" ) { + if ( $this->auth($token) ) { + $datas = [ + 'code' => 0, + 'data' => $link_info + ]; + } + + //exit(json_encode($datas)); + } + //如果是其它情况,则显示为空 + else{ + $datas = [ + 'code' => 0, + 'data' => [] + ]; + //exit(json_encode($datas)); + } + exit(json_encode($datas)); + } /** * 验证是否登录 */ diff --git a/controller/api.php b/controller/api.php index ed01b77..c679692 100755 --- a/controller/api.php +++ b/controller/api.php @@ -54,6 +54,9 @@ switch ($method) { case 'check_weak_password': check_weak_password($api); break; + case 'get_a_link': + get_a_link($api); + break; default: # code... break; @@ -173,11 +176,19 @@ function link_list($api){ $limit = empty(intval($_GET['limit'])) ? 10 : intval($_GET['limit']); //获取token $token = $_POST['token']; - $api->link_list($page,$limit,$token); + //获取分类ID + $category_id = empty($_POST['category_id']) ? null : intval($_POST['category_id']); + $data = [ + 'page' => $page, + 'limit' => $limit, + 'token' => $token, + 'category_id' => $category_id + ]; + $api->link_list($data); } /** - * 获取链接信息 + * 获取链接标题、描述等信息 */ function get_link_info($api) { //获取token @@ -187,6 +198,17 @@ function get_link_info($api) { $api->get_link_info($token,$url); } +/** + * 获取一个链接的信息,指存储在数据库的信息 + */ +function get_a_link($api) { + //获取token + $data['token'] = htmlspecialchars($_POST['token']); + //获取链接的ID + $data['id'] = intval(htmlspecialchars($_GET['id'])); + $api->get_a_link($data); +} + /** * 添加自定义js */ diff --git a/controller/login.php b/controller/login.php index f7a7fde..bb4b851 100755 --- a/controller/login.php +++ b/controller/login.php @@ -23,7 +23,8 @@ if( $_GET['check'] == 'login' ) { header('Content-Type:application/json; charset=utf-8'); if( ($user === $username) && ($pass === $password) ) { $key = md5($username.$password.'onenav'); - setcookie("key", $key, time()+30 * 24 * 60 * 60,"/"); + //开启httponly支持 + setcookie("key", $key, time()+30 * 24 * 60 * 60,"/",NULL,false,TRUE); $data = [ 'code' => 0, 'msg' => 'successful' diff --git a/data/update.log b/data/update.log index 4083a65..438852b 100755 --- a/data/update.log +++ b/data/update.log @@ -37,4 +37,9 @@ CREATE INDEX on_options_key_IDX ON on_options ("key"); 1. 修复默认主题字体图标不显示 20220225 -1. 修复一处安全漏洞 \ No newline at end of file +1. 修复一处安全漏洞 + +20220304 +1. 新增HttpOnly支持 +2. API新增查询单个链接信息get_a_link +3. API支持查询指定分类下的链接link_list,传递参数category_id diff --git a/templates/default/index.php b/templates/default/index.php index 8902f5a..c31185e 100755 --- a/templates/default/index.php +++ b/templates/default/index.php @@ -194,6 +194,7 @@
+