预案管理、菜单管理、字典管理接口添加xss校验及userid

routers/api/emergencyPlans/__init__.py

@@ -2,6 +2,7 @@
 # -*- coding: utf-8 -*-
 
 from fastapi import APIRouter, Request, Depends,Query, HTTPException, status
+from common.security import valid_access_token
 from fastapi.responses import JSONResponse
 from sqlalchemy.orm import Session
 from sqlalchemy import and_, or_
@@ -146,7 +147,8 @@ async def get_emergency_plan_list(
     keywords : str = Query(None, description='预案名称/编制单位'),
     page: int = Query(1, gt=0, description='页码'),
     pageSize: int = Query(5, gt=0, description='每页条目数量'),
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 构建查询
@@ -210,7 +212,8 @@ async def get_emergency_plan_list(
 @router.get('/plan/{planId}')
 async def get_emergency_plan(
     planId: str ,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 构建查询
@@ -255,7 +258,9 @@ async def get_emergency_plan(
 @router.post('/plan/create')
 async def create_emergency_plan(
     form_data:PlanCreateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -300,7 +305,9 @@ async def create_emergency_plan(
 @router.put('/plan/update')
 async def update_emergency_plan(
     form_data: PlanUpdateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -352,7 +359,9 @@ async def update_emergency_plan(
 @router.delete('/plan/delete')
 async def delete_emergency_plans(
         planUids: list,
-        db: Session = Depends(get_db)
+        db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -384,7 +393,9 @@ async def delete_emergency_plans(
 @router.delete('/plan/delete/{planUid}')
 async def delete_emergency_plan(
         planUid: str,
-        db: Session = Depends(get_db)
+        db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -423,7 +434,8 @@ async def get_emergency_drill_list(
     planNum: str = Query(None, description='预案编号'),
     page: int = Query(1, gt=0, description='页码'),
     pageSize: int = Query(5, gt=0, description='每页条目数量'),
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 构建查询
@@ -478,7 +490,9 @@ async def get_emergency_drill_list(
 @router.get('/drill/{drillId}')
 async def get_emergency_drill(
     drillId: str = Query(None, description='演练编号'),
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 构建查询
@@ -524,7 +538,9 @@ async def get_emergency_drill(
 @router.post('/drill/create')
 async def create_emergency_drill(
     form_data:DrillCreateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -579,7 +595,9 @@ async def create_emergency_drill(
 @router.put('/drill/update')
 async def update_emergency_drill(
     form_data:DrillUpdateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         query = db.query(EmergencyDrill)
@@ -643,7 +661,9 @@ async def update_emergency_drill(
 @router.delete('/drill/delete')
 async def delete_emergency_drill(
         drillUids: list,
-        db: Session = Depends(get_db)
+        db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -676,7 +696,8 @@ async def delete_emergency_drill(
 @router.delete('/drill/delete/{drillUid}')
 async def delete_emergency_drill(
         drillUid: str,
-        db: Session = Depends(get_db)
+        db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -713,7 +734,8 @@ async def get_emergency_training_list(
     planNum: str = Query(None, description='预案编号'),
     page: int = Query(1, gt=0, description='页码'),
     pageSize: int = Query(5, gt=0, description='每页条目数量'),
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 构建查询
@@ -770,7 +792,8 @@ async def get_emergency_training_list(
 @router.get('/training/{trainingId}')
 async def get_emergency_training(
     trainingId: str = Query(None, description='培训编号'),
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 构建查询
@@ -819,7 +842,8 @@ async def get_emergency_training(
 @router.post('/training/create')
 async def create_emergency_training(
     form_data:TrainingCreateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 创建新的预案记录
@@ -858,7 +882,8 @@ async def create_emergency_training(
 @router.put('/training/update')
 async def update_emergency_training(
     form_data:TrainingUpdateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         query = db.query(EmergencyTrainingSession)
@@ -917,7 +942,8 @@ async def update_emergency_training(
 @router.delete('/training/delete')
 async def delete_emergency_training(
         trainingUids: list,
-        db: Session = Depends(get_db)
+        db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -950,7 +976,8 @@ async def delete_emergency_training(
 @router.delete('/training/delete/{trainingUid}')
 async def delete_emergency_training(
         trainingUid: str,
-        db: Session = Depends(get_db)
+        db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 提取请求数据
@@ -986,7 +1013,8 @@ async def get_emergency_response_list(
     planNum:str,
     page: int = Query(1, gt=0, description='页码'),
     pageSize: int = Query(5, gt=0, description='每页条目数量'),
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    user_id = Depends(valid_access_token)
 ):
     try:
         # 查询所有响应事件

routers/prod_api/system/dic/__init__.py

@@ -2,12 +2,15 @@
 # -*- coding: utf-8 -*-
 
 from fastapi import APIRouter, Request, Depends, Query, HTTPException, status
+from common.security import valid_access_token
 from pydantic import BaseModel
 from database import get_db
 from sqlalchemy.orm import Session
 from sqlalchemy import and_, or_
 from typing import List
 from models import *
+from utils import *
+from common.auth_user import *
 import json
 from sqlalchemy.sql import func
 router = APIRouter()
@@ -114,6 +117,8 @@ async def get_dict_types_optionselect(
 async def get_dict_types_optionselect(
     dictId: str,
     db: Session = Depends(get_db),  # 假设 get_db 是获取数据库会话的依赖项
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 构建查询
@@ -151,7 +156,9 @@ class DictTypeCreateForm(BaseModel):
 @router.post("/type")
 async def create_dict_type(
     form_data: DictTypeCreateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 从请求数据创建一个新的 SysDictType 实例
@@ -189,7 +196,9 @@ class DictTypeUpdataForm(BaseModel):
 @router.put("/type")
 async def updata_dict_type(
     form_data: DictTypeUpdataForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 从请求数据创建一个新的 SysDictType 实例
@@ -223,7 +232,9 @@ async def updata_dict_type(
 @router.delete("/type/delete/{dictId}")  # 使用 ID 来标识要删除的接口
 async def delete_dict_type(
     dictId: int,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 从数据库中获取要删除的 OneShareApiEntity 实例
@@ -256,6 +267,8 @@ async def get_dict_data_by_type(
     pageNum: int = Query(1, gt=0),
     pageSize: int = Query(10, gt=0),
     db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 根据 dict_type 查询字典数据
@@ -317,6 +330,8 @@ class DictDataCreateForm(BaseModel):
 async def create_dict_data(
     form_data: DictDataCreateForm,
     db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 创建一个新的 SysDictData 实例
@@ -350,6 +365,8 @@ async def create_dict_data(
 async def get_dict_data_by_type(
     dict_type: str,
     db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 根据 dict_type 查询字典数据
@@ -401,7 +418,9 @@ class DictDataUpdataForm(BaseModel):
 @router.put("/data")
 async def updata_dict_type(
     form_data: DictDataUpdataForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 从请求数据创建一个新的 SysDictType 实例
@@ -453,7 +472,9 @@ async def updata_dict_type(
 @router.delete("/data/delete/{dictCode}")  # 使用 ID 来标识要删除的接口
 async def delete_dict_data(
     dictCode: str,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user: AuthUser = Depends(get_auth_user)
 ):
     try:
         # 从数据库中获取要删除的 OneShareApiEntity 实例

routers/prod_api/system/menu/__init__.py

@@ -2,11 +2,13 @@
 # -*- coding: utf-8 -*-
 
 from fastapi import APIRouter, Request, Depends, Query, HTTPException, status
+from common.security import valid_access_token
 from pydantic import BaseModel
 from database import get_db
 from sqlalchemy.orm import Session
 from typing import List
 from models import *
+from utils import *
 import json
 from sqlalchemy.sql import func
 from common.auth_user import *
@@ -50,7 +52,9 @@ class Router_frame(BaseModel):
     alwaysShow: bool = True
 
 @router.get('/getRouters')
-async def getRouters(request: Request, db: Session = Depends(get_db), user: AuthUser = Depends(get_auth_user)):
+async def getRouters(request: Request, db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)):
     try:
         # 查询数据库中的所有菜单项，根据 parent_id 排序以构建树形结构
         query = db.query(SysMenu)
@@ -131,7 +135,9 @@ async def getRouters(request: Request, db: Session = Depends(get_db), user: Auth
 
 
 @router.get('/qydt/getRouters')
-async def getRouters(request: Request, db: Session = Depends(get_db)):
+async def getRouters(request: Request, db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)):
     try:
         # 查询数据库中的所有菜单项，根据 parent_id 排序以构建树形结构
         query = db.query(SysMenu)
@@ -216,7 +222,8 @@ async def get_list(
     # request: Request,
     menuName: str = Query(None, max_length=100),
     status: str =  Query(None, max_length=100),
-    db: Session = Depends(get_db), 
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
     user: AuthUser = Depends(get_auth_user)
 ):
     query = db.query(SysMenu)
@@ -283,6 +290,7 @@ async def get_list(
     # request: Request,
     menuid: str = Query(None, max_length=100),
     db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
     user: AuthUser = Depends(get_auth_user)
 ):
     query = db.query(SysMenu)
@@ -339,7 +347,9 @@ class SysMuneCreateForm(BaseModel):
 @router.post('/create')
 async def create(
     form_data: SysMuneCreateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
 
     try:
@@ -390,7 +400,9 @@ class SysMuneUpdateForm(BaseModel):
 async def update(
     request: Request,
     form_data: SysMuneUpdateForm,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
 
     try:
@@ -448,7 +460,9 @@ async def update(
 @router.delete('/delete/{menu_id}')
 async def delete(
     menu_id: int,
-    db: Session = Depends(get_db)
+    db: Session = Depends(get_db),
+    body = Depends(remove_xss_json),
+    user_id = Depends(valid_access_token)
 ):
     try:
         query = db.query(SysMenu)

utils/__init__.py

@@ -10,6 +10,7 @@ import uuid
 from sqlalchemy.orm import Session
 from models import *
 from exceptions import ParamException
+from .StripTagsHTMLParser import *
 import re