Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: fixed material generation and database connection for components #1152

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
+39 −15
Open

fix: fixed material generation and database connection for components #1152

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1c4b640
feat: update material generation and database connection for componen…
Ljhhhhhh Feb 27, 2025
67760dc
refactor: remove hardcoded component library configurations
Ljhhhhhh Feb 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions scripts/buildMaterials.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,14 +150,14 @@ const generateComponents = () => {

componentsMap.push({ component, npm })

const { package: packageName = '', version = '', exportName = '' } = npm || {}

if (connection.connected) {
connection.initDB(material)
}

appInfo.materialHistory.components = componentsMap

const { package: packageName = '', version = '', exportName = '' } = npm || {}

const mapItem = {
componentName: component,
package: packageName,
Expand Down
50 changes: 37 additions & 13 deletions scripts/connection.mjs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ dotenv.config({ path: `${pathsDotenv}.local` })
const { SQL_HOST, SQL_PORT, SQL_USER, SQL_PASSWORD, SQL_DATABASE } = process.env

// 组件表名称
const componentsTableName = 'user_components'
const componentsTableName = 't_component'
// 组件关联到物料资产包的id
const materialHistoryId = 639
const materialHistoryId = 1
// 数据库配置
const mysqlConfig = {
host: SQL_HOST, // 主机名(服务器地址)
Expand Down Expand Up @@ -202,9 +202,10 @@ class MysqlConnection {

/**
* 新建的组件关联物料资产包
* @deprecated 物料资产包已废弃,使用relationMaterialHistory替代
* @param {number} id 新建的组件id
*/
relationMaterialHistory(id) {
relationMaterialBlockHistory(id) {
const uniqSql = `SELECT * FROM \`material_histories_components__user_components_mhs\` WHERE \`material-history_id\`=${materialHistoryId} AND \`user-component_id\`=${id}`
this.query(uniqSql).then((result) => {
if (!result.length) {
Expand All @@ -215,6 +216,20 @@ class MysqlConnection {
})
}

/**
* 新建的组件关联物料资产包
* @param {number} id 新建的组件id
*/
relationMaterialHistory(id) {
const uniqSql = `SELECT * FROM \`r_material_history_component\` WHERE \`material_history_id\`=${materialHistoryId} AND \`component_id\`=${id}`
this.query(uniqSql).then((result) => {
if (!result.length) {
const sqlContent = `INSERT INTO \`r_material_history_component\` (\`material_history_id\`, \`component_id\`) VALUES (${materialHistoryId}, ${id})`
this.query(sqlContent)
}
})
}

Comment on lines +219 to +232
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Use parameterized queries to prevent SQL injection.
Directly concatenating id into the SQL statement may be risky if the value is not guaranteed to be an integer. Parameterized queries will secure this method and help avoid potential injection vulnerabilities.

Possible fix using placeholders (for example in MySQL Node libraries):

- const uniqSql = `SELECT * FROM \`r_material_history_component\` WHERE \`material_history_id\`=${materialHistoryId} AND \`component_id\`=${id}`
- ...
- const sqlContent = `INSERT INTO \`r_material_history_component\` (\`material_history_id\`, \`component_id\`) VALUES (${materialHistoryId}, ${id})`
+ const uniqSql = 'SELECT * FROM `r_material_history_component` WHERE `material_history_id` = ? AND `component_id` = ?'
+ ...
+ const sqlContent = 'INSERT INTO `r_material_history_component` (`material_history_id`, `component_id`) VALUES (?, ?)'
...

Committable suggestion skipped: line range outside the PR's diff.

/**
* 生成新增组件的sql语句
* @param {object} component 组件数据
Expand Down Expand Up @@ -282,10 +297,15 @@ class MysqlConnection {
isOfficial = 0,
isDefault = 0,
tiny_reserved = 0,
tenant = 1,
createBy = 86,
updatedBy = 86
component_metadata = null,
library_id = 1,
tenant_id = 1,
renter_id = 1,
site_id = 1,
created_by = 1,
last_updated_by = 1
} = component

const values = `('${version}',
'${this.formatSingleQuoteValue(JSON.stringify(name))}',
'${componentName}',
Expand All @@ -308,15 +328,19 @@ class MysqlConnection {
'${isOfficial}',
'${isDefault}',
'${tiny_reserved}',
'${tenant}',
'${createBy}',
'${updatedBy}'
'${component_metadata}',
'${library_id}',
'${tenant_id}',
'${renter_id}',
'${site_id}',
'${created_by}',
'${last_updated_by}'
);`

const sqlContent = `INSERT INTO ${componentsTableName} (version, name, component, icon, description, doc_url,
const sqlContent = `INSERT INTO ${componentsTableName} (version, name, name_en, icon, description, doc_url,
screenshot, tags, keywords, dev_mode, npm, \`group\`, \`category\`, priority, snippets,
schema_fragment, configure, \`public\`, framework, isOfficial, isDefault, tiny_reserved,
tenant, createdBy, updatedBy) VALUES ${values}`.replace(/\n/g, '')
schema_fragment, configure, \`public\`, framework, is_official, is_default, tiny_reserved,component_metadata,
library_id, tenant_id, renter_id, site_id, created_by, last_updated_by) VALUES ${values}`.replace(/\n/g, '')
Comment on lines +340 to +343
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Schema mismatch for “name_en” and “component_metadata”.
This insert statement references name_en and component_metadata, but the table definition does not declare a name_en column. This will fail unless the table schema is updated accordingly.

A possible fix in your CREATE TABLE statement might be:

  CREATE TABLE t_component (
    ...
+   name_en varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
    component_metadata longtext CHARACTER SET utf8 COLLATE utf8_general_ci NULL,
    ...
  );

Committable suggestion skipped: line range outside the PR's diff.


this.query(sqlContent, componentName)
.then((result) => {
Expand All @@ -335,7 +359,7 @@ class MysqlConnection {
* @param {object} component 组件数据
*/
initDB(component) {
const selectSqlContent = `SELECT * FROM ${this.config.database}.${componentsTableName} WHERE component = '${component.component}'`
const selectSqlContent = `SELECT * FROM ${this.config.database}.${componentsTableName} WHERE name_en = '${component.component}'`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Mismatch between “name_en” and “component.component”.
The query filters on name_en, yet we're passing the property component.component. If component.component doesn’t match the stored name_en, the lookup will fail.

Apply this diff to maintain consistency with the actual stored column and data:

- const selectSqlContent = `SELECT * FROM ${this.config.database}.${componentsTableName} WHERE name_en = '${component.component}'`
+ const selectSqlContent = `SELECT * FROM ${this.config.database}.${componentsTableName} WHERE component = '${component.component}'`
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
const selectSqlContent = `SELECT * FROM ${this.config.database}.${componentsTableName} WHERE name_en = '${component.component}'`
const selectSqlContent = `SELECT * FROM ${this.config.database}.${componentsTableName} WHERE component = '${component.component}'`


this.query(selectSqlContent)
.then((result) => {
Expand Down