├── Go_Server ├── README.md ├── dbdata │ └── vul_server_go.sql └── src │ ├── config.yaml │ ├── config │ └── config.go │ ├── controller │ ├── food.go │ ├── home.go │ ├── init.go │ ├── login.go │ ├── order.go │ ├── other.go │ ├── role.go │ ├── settings.go │ └── user.go │ ├── define │ ├── define.go │ └── types.go │ ├── docs │ ├── docs.go │ ├── swagger.json │ └── swagger.yaml │ ├── go.mod │ ├── go.sum │ ├── helper │ ├── decode.go │ └── helper.go │ ├── main.go │ ├── middleware │ ├── auth.go │ ├── cors.go │ └── logger.go │ ├── models │ ├── init.go │ ├── sys_food.go │ ├── sys_order.go │ ├── sys_role.go │ └── sys_user.go │ ├── router │ └── app.go │ └── static │ ├── log │ └── syslog.log │ └── sentence │ └── sentence.txt ├── LICENSE ├── Python_Server ├── README.md ├── dbdata │ └── vul_server_py.sql └── src │ ├── Python_Server │ ├── __init__.py │ ├── __pycache__ │ │ ├── __init__.cpython-39.pyc │ │ ├── local_settings.cpython-39.pyc │ │ ├── settings.cpython-39.pyc │ │ ├── urls.cpython-39.pyc │ │ └── wsgi.cpython-39.pyc │ ├── asgi.py │ ├── local_settings.py │ ├── settings.py │ ├── urls.py │ └── wsgi.py │ ├── apps │ ├── authlogin │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── food │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ │ ├── 0001_initial.py │ │ │ ├── 0002_alter_food_table.py │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ ├── 0001_initial.cpython-39.pyc │ │ │ │ ├── 0002_alter_food_table.cpython-39.pyc │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── home │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── forms.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── forms.py │ │ ├── migrations │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── order │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ │ ├── 0001_initial.py │ │ │ ├── 0002_alter_order_table.py │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ ├── 0001_initial.cpython-39.pyc │ │ │ │ ├── 0002_alter_order_table.cpython-39.pyc │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── other │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── role │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ │ ├── 0001_initial.py │ │ │ ├── 0002_alter_role_table.py │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ ├── 0001_initial.cpython-39.pyc │ │ │ │ ├── 0002_alter_role_table.cpython-39.pyc │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── settings │ │ ├── __init__.py │ │ ├── __pycache__ │ │ │ ├── __init__.cpython-39.pyc │ │ │ ├── admin.cpython-39.pyc │ │ │ ├── apps.cpython-39.pyc │ │ │ ├── models.cpython-39.pyc │ │ │ ├── urls.cpython-39.pyc │ │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ │ ├── __init__.py │ │ │ └── __pycache__ │ │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ └── user │ │ ├── __init__.py │ │ ├── __pycache__ │ │ ├── __init__.cpython-39.pyc │ │ ├── admin.cpython-39.pyc │ │ ├── apps.cpython-39.pyc │ │ ├── models.cpython-39.pyc │ │ ├── urls.cpython-39.pyc │ │ └── views.cpython-39.pyc │ │ ├── admin.py │ │ ├── apps.py │ │ ├── migrations │ │ ├── 0001_initial.py │ │ ├── 0002_alter_user_table.py │ │ ├── __init__.py │ │ └── __pycache__ │ │ │ ├── 0001_initial.cpython-39.pyc │ │ │ ├── 0002_alter_user_table.cpython-39.pyc │ │ │ └── __init__.cpython-39.pyc │ │ ├── models.py │ │ ├── tests.py │ │ ├── urls.py │ │ └── views.py │ ├── common │ ├── __init__.py │ ├── __pycache__ │ │ ├── Generatejwt.cpython-39.pyc │ │ ├── __init__.cpython-39.pyc │ │ ├── decodes.cpython-39.pyc │ │ └── helper.cpython-39.pyc │ ├── decodes.py │ └── helper.py │ ├── manage.py │ ├── middleware │ ├── __pycache__ │ │ ├── auth.cpython-39.pyc │ │ ├── authmiddleware.cpython-39.pyc │ │ └── loggingmiddleware.cpython-39.pyc │ ├── authmiddleware.py │ └── loggingmiddleware.py │ ├── requirements.txt │ └── static │ ├── log │ └── syslog.log │ └── sentence │ └── sentence.txt ├── README.md ├── README ├── image-20240909180126928.png └── image-20250208144407056.png └── Vue_Web ├── README.md ├── dist ├── assets │ ├── Index.16a8d1f1.js │ ├── Index.5b7d7c4d.js │ ├── Index.8ccc5b0f.css │ ├── Index.9213a787.css │ ├── Index.92b93f9c.css │ ├── Index.9c20d1ea.js │ ├── Index.ee9e7fdf.js │ ├── Index.ef82e42e.css │ ├── Login.44562630.js │ ├── Login.d8543932.css │ ├── RoleList.afd4fae6.css │ ├── RoleList.d3bf1a2a.js │ ├── UserList.22f8a840.js │ ├── UserList.c8bab107.css │ ├── banner01.11e9d267.jpg │ ├── date.0d8a53f8.js │ ├── default_avatar.70f3a2e7.js │ ├── default_avatar.efdb4304.png │ ├── default_food.31d19335.png │ ├── exprotExcel.abae30aa.js │ ├── index.90c38c7f.js │ ├── index.d7f26c6d.css │ ├── login.b9a54c7f.js │ ├── login_bg.f7a2e6fc.svg │ ├── logo2.57506859.png │ ├── request.2fe64003.js │ ├── side-logo.4f6cfdbd.png │ └── system-bg.0e8f847c.jpg ├── favicon.ico ├── index.html └── vite.svg ├── index.html ├── package.json ├── public ├── favicon.ico └── vite.svg ├── src ├── App.vue ├── api │ ├── food │ │ └── food.ts │ ├── home │ │ └── home.ts │ ├── login │ │ └── login.ts │ ├── order │ │ └── order.ts │ ├── request.ts │ ├── role │ │ └── role.ts │ ├── settings │ │ └── settings.ts │ ├── user │ │ └── user.ts │ └── usersettings │ │ └── usersettings.ts ├── assets │ ├── 404_images │ │ ├── 404.png │ │ ├── 404_bg.png │ │ └── 404_cloud.png │ ├── banner01.jpg │ ├── default_avatar.png │ ├── default_food.png │ ├── login │ │ ├── login_bg.svg │ │ └── side-logo.png │ ├── logo.png │ ├── logo2.png │ └── system-bg.jpg ├── components │ └── SvgIcon │ │ └── index.vue ├── config │ └── nprogress.ts ├── icons │ └── svg │ │ ├── eye-open.svg │ │ └── eye.svg ├── main.ts ├── router │ └── index.ts ├── store │ ├── index.ts │ └── modules │ │ ├── menu.ts │ │ ├── setting.ts │ │ ├── tagsView.ts │ │ └── user.ts ├── style.css ├── utils │ ├── date.ts │ └── exprotExcel.ts ├── views │ ├── foods │ │ ├── Index.vue │ │ └── components │ │ │ ├── AddFood.vue │ │ │ ├── EditFood.vue │ │ │ ├── LookProcedure.vue │ │ │ ├── LookVideo.vue │ │ │ └── TextEditor.vue │ ├── home │ │ └── Index.vue │ ├── layout │ │ ├── Index.vue │ │ ├── aside │ │ │ └── Index.vue │ │ ├── header │ │ │ ├── CollapseIcon.vue │ │ │ ├── Hamburger.vue │ │ │ └── TopBar.vue │ │ └── tags │ │ │ ├── Index.vue │ │ │ └── components │ │ │ └── MoreButton.vue │ ├── login │ │ ├── Login.vue │ │ └── components │ │ │ ├── LoginForm.vue │ │ │ └── SIdentify.vue │ ├── order │ │ ├── Index.vue │ │ └── components │ │ │ └── AddOrder.vue │ ├── role │ │ ├── RoleList.vue │ │ └── components │ │ │ ├── AddRole.vue │ │ │ └── EditRole.vue │ ├── settings │ │ ├── Index.vue │ │ └── components │ │ │ └── PingAdder.vue │ ├── user │ │ ├── UserList.vue │ │ └── components │ │ │ ├── AddUser.vue │ │ │ └── EditUser.vue │ └── usersettings │ │ ├── Index.vue │ │ └── components │ │ ├── UpdatePwd.vue │ │ └── UserInfo.vue └── vite-env.d.ts ├── tsconfig.json ├── tsconfig.node.json ├── vite.config.ts └── viteenv ├── .env.development └── .env.production /Go_Server/README.md: -------------------------------------------------------------------------------- 1 | # 零 注意(Tips) 2 | 3 | - 1.请勿将本系统用于开发项目,系统中存在许多漏洞,仅允许帮助安全研究人员和业余爱好者了解和掌握有关Golang系统的渗透测试和代码审计知识。 4 | 5 | 1.Do not use this system for development projects, there are many vulnerabilities in the system, only allowed to help security researchers and hobbyists understand and master the penetration testing and code audit knowledge about the Golang system. 6 | 7 | - 2.不得用于非法和犯罪活动。 8 | 9 | 2.It shall not be employed for illegal and criminal activities. 10 | 11 | - 3.不要用来提交CVE。 12 | 13 | 3.Do not use to submit CVE. 14 | 15 | # 壹 Vulnerabilities_Server 16 | 17 | 这是一个用`Golang`写的`Web`靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。该项目旨在帮助安全研究人员和爱好者了解和掌握关于`Golang`系统的渗透测试和代码审计知识。 18 | 19 | 后端使用`Golang`语言、`Gin`框架和`mysql`数据库,前端使用`Vue`框架。 20 | 21 | 项目后面的设想是以这个场景为出发点扩展出其他语言的漏洞靶场,后面会持续更新,如果您觉得`Vulnerabilities_Server`对你有些许帮助,请加个⭐,您的支持将是`Vulnerabilities_Server`前进路上的最好的见证! 22 | 23 | 24 | # 贰 Vulnerability 25 | 26 | 目前有这些漏洞,如果有好的`idea`漏洞,可以提个`issues`给我,我来加: 27 | 28 | ```bash 29 | 登录处存在:用户名枚举 30 | 31 | 验证码:万能验证码 32 | 33 | 密码修改处:任意密码修改 34 | 35 | ping处:命令执行 36 | 37 | 登录处:暴力破解 38 | 39 | 订单查询处,添加菜品:SQL注入 40 | 41 | 所有的文件上传功能点:文件上传(不能getshell) 42 | 43 | 多处存在:越权、未授权 44 | 45 | 角色的功能:越权漏洞 46 | 47 | 数据库文件下载和删除功能:文件下载、删除和读取 48 | 49 | 获取名言金句功能:SSRF 50 | 51 | 获取数据库文件功能:目录遍历 52 | 53 | JWT:密钥为空 54 | 55 | 日志功能:敏感信息泄露,前端信息泄露 56 | 57 | 修改价格处:负值反冲 58 | 59 | 原生模板的测试功能:模板注入 60 | 61 | 测试性功能处:ZIP的漏洞 62 | ``` 63 | 64 | > 注意:可能会有其他漏洞,在写的时候由于突然的想法加但是没提出来,如果发现的话,帮忙提个`issues `(不是交`CVE`,用这个系统交`CVE`的是`SB`)。。。 65 | 66 | # 叁 部署 67 | 68 | - `Golang`后端 69 | 70 | 创建一个`vul_server_go`的`mysql`数据库,然后导入`dbdata`文件夹下的`vul_server_go.sql`数据即可完成数据库部署! 71 | 72 | 如果有`golang`环境的话,直接在`Go_Server\src`目录下运行: 73 | 74 | ```bash 75 | go run . 76 | ``` 77 | 78 | 如果没有`golang`环境的话,可根据不同操作系统下载对应的可执行文件,然后运行即可。 79 | 80 | - `Vue`前端 81 | 82 | 如果有`node`环境的话直接,运行`npm install`下载组件即可。可能会出现下面这种情况,可以忽略: 83 | 84 | ![image-20240909180126928](../README/image-20240909180126928.png) 85 | 86 | 如果没有`node`环境的话,直接用后端的`swagger`即可运行。 87 | 88 | ```bash 89 | http://localhost:8081/swagger/index.html 90 | ``` 91 | 92 | -------------------------------------------------------------------------------- /Go_Server/src/config.yaml: -------------------------------------------------------------------------------- 1 | # 项目端口 2 | server: 3 | port: 8081 4 | 5 | # 数据库配置 6 | db: 7 | dialects: mysql 8 | host: 127.0.0.1 9 | port: 3306 10 | db: vul_server_go 11 | username: root 12 | password: 123456 13 | charset: utf8mb4 14 | # 最大空闲数 15 | maxIdle: 50 16 | # 最大连接数 17 | max0pen: 150 18 | 19 | # 静态资源 20 | staticData: ./static/ 21 | 22 | # 上传地址和ip 23 | uploadDir: ./static/uploads/ 24 | 25 | # 备份数据库路径 26 | backupsdbDir: ./static/backupdb/ 27 | 28 | # 解压路径 29 | zipDir: ./static/zipfile/ 30 | 31 | # 日志配置 32 | logpath: ./static/log 33 | -------------------------------------------------------------------------------- /Go_Server/src/config/config.go: -------------------------------------------------------------------------------- 1 | package config 2 | 3 | import ( 4 | "os" 5 | 6 | "gopkg.in/yaml.v2" 7 | ) 8 | 9 | // 总配置文件 10 | type config struct { 11 | Server server `yaml:"server"` 12 | Db db `yaml:"db"` 13 | UploadDir string `yaml:"uploadDir"` 14 | Log string `yaml:"logpath"` 15 | StaticData string `yaml:"staticData"` 16 | BackupsdbDir string `yaml:"backupsdbDir"` 17 | ZipDir string `yaml:"zipDir"` 18 | } 19 | 20 | // 项目端口配置 21 | type server struct { 22 | Port string `yaml:"port"` 23 | } 24 | 25 | // 数据库配置 26 | type db struct { 27 | Dialects string `yaml:"dialects"` 28 | Host string `yaml:"host"` 29 | Port int `yaml:"port"` 30 | Db string `yaml:"db"` 31 | Username string `yaml:"username"` 32 | Password string `yaml:"password"` 33 | Charset string `yaml:"charset"` 34 | MaxIdle int `yaml:"maxIdle"` 35 | MaxOpen int `yaml:"maxOpen"` 36 | } 37 | 38 | // 全局配置文件 39 | var Config *config 40 | 41 | // 初始化配置 42 | func init() { 43 | yamlFile, err := os.ReadFile("./config.yaml") 44 | // 有错就down机 45 | if err != nil { 46 | panic(err) 47 | } 48 | // 绑定值 49 | 50 | if err = yaml.Unmarshal(yamlFile, &Config); err != nil { 51 | panic(err) 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /Go_Server/src/controller/init.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import "Go_server/define" 4 | 5 | func NewQueryRequest() *define.QueryRequest { 6 | return &define.QueryRequest{ 7 | Page: 1, 8 | Size: define.DefaultSize, 9 | Keyword: "", 10 | Status: -1, 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Go_Server/src/controller/login.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "Go_server/define" 5 | "Go_server/helper" 6 | "Go_server/models" 7 | "fmt" 8 | 9 | "github.com/gin-gonic/gin" 10 | ) 11 | 12 | // AuthLogin 13 | // @Summary 处理用户登录 14 | // @Tags 公共方法 15 | // @Param user body define.LoginPassWordRequest true "登录信息" 16 | // @Router /auth/login [post] 17 | func AuthLogin(c *gin.Context) { 18 | // 创建接收用户输入参数 19 | in := new(define.LoginPassWordRequest) 20 | // 判断是否绑定成功 21 | if err := c.ShouldBindJSON(in); err != nil { 22 | helper.ErrorResponse(c, "参数绑定", err) 23 | return 24 | } 25 | if in.Code == "" { 26 | helper.ErrorResponse(c, "登录", fmt.Errorf("验证码不能为空")) 27 | return 28 | } 29 | // 根据账号和密码查询用户信息 30 | sysUser, err := models.GetUserByUsernamePassword(in.UserName, in.Password) 31 | if err != nil { 32 | helper.ErrorResponse(c, "登录", err) 33 | return 34 | } 35 | // 生成token 36 | authorization, err := helper.GenerateToken(sysUser.ID, sysUser.Role_id, sysUser.UserName, define.TokenExpire) 37 | if err != nil { 38 | helper.ErrorResponse(c, "生成token", err) 39 | return 40 | } 41 | // 获取角色信息 42 | sysRole, err := models.GetRoleDetail(uint(sysUser.Role_id)) 43 | if err != nil { 44 | helper.ErrorResponse(c, "获取角色信息", err) 45 | return 46 | } 47 | introduce := "这是一个集合了多种语言的Web靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。\n\n该项目旨在帮助安全研究人员和爱好者了解和掌握关于不同语言系统的渗透测试和代码审计知识。当前为Golang语言的靶场,其他靶场项目地址:https://github.com/A7cc/Vulnerabilities_Server" 48 | helper.SuccessResponse(c, "登录", &define.LoginPasswordResponse{ 49 | Uid: sysUser.ID, 50 | Authorization: "Bearer " + authorization, 51 | Username: sysUser.UserName, 52 | Avatar: sysUser.Avatar, 53 | Phone: sysUser.Phone, 54 | Sex: sysUser.Sex, 55 | Email: sysUser.Email, 56 | RoleLevel: sysRole.Level, 57 | Role: sysRole.Name, 58 | Introduce: introduce, 59 | Created_at: sysUser.CreatedAt.String(), 60 | }) 61 | } 62 | 63 | // AuthLoginOut 64 | // @Summary 处理用户注销 65 | // @Tags 公共方法 66 | // @Router /auth/loginout [get] 67 | func AuthLoginOut(c *gin.Context) { 68 | helper.SuccessResponse(c, "注销", nil) 69 | } 70 | -------------------------------------------------------------------------------- /Go_Server/src/controller/order.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "Go_server/define" 5 | "Go_server/helper" 6 | "Go_server/models" 7 | "fmt" 8 | 9 | "github.com/gin-gonic/gin" 10 | ) 11 | 12 | // GetOrderList 13 | // @Summary 获取订单列表 14 | // @Tags 鉴权接口-订单相关方法 15 | // @Param Authorization header string true "Authorization" 16 | // @Param GetOrderListRequest body define.GetOrderListRequest true "获取订单查询参数" 17 | // @Router /order/get [get] 18 | func GetOrderList(c *gin.Context) { 19 | in := &define.GetOrderListRequest{QueryRequest: NewQueryRequest()} 20 | if err := c.ShouldBindQuery(in); err != nil { 21 | helper.ErrorResponse(c, "参数绑定", err) 22 | return 23 | } 24 | var ( 25 | cnt int64 26 | list = make([]*define.GetOrderListReply, 0) 27 | ) 28 | 29 | if err := models.GetOrderList(in.Keyword).Offset((in.Page - 1) * in.Size).Limit(in.Size).Find(&list).Error; err != nil { 30 | helper.ErrorResponse(c, "获取订单列表", err) 31 | return 32 | } 33 | if err := models.GetOrderList(in.Keyword).Count(&cnt).Error; err != nil { 34 | helper.ErrorResponse(c, "获取订单列表", err) 35 | return 36 | } 37 | helper.SuccessResponse(c, "获取订单列表", gin.H{ 38 | "list": list, 39 | "count": cnt, 40 | }) 41 | } 42 | 43 | // AddOrder 44 | // @Summary 新增订单信息 45 | // @Tags 鉴权接口-订单相关方法 46 | // @Param Authorization header string true "Authorization" 47 | // @Param AddOrderRequest body define.AddOrderRequest true "添加订单信息" 48 | // @Router /order/add [post] 49 | func AddOrder(c *gin.Context) { 50 | in := new(define.AddOrderRequest) 51 | if err := c.ShouldBindJSON(in); err != nil { 52 | helper.ErrorResponse(c, "参数绑定", err) 53 | return 54 | } 55 | // 1.判断食物是否存在 56 | var cnt int64 57 | // 大于0说明存在食物 58 | if err := models.DB.Model(new(models.SysFood)).Where("foodname = ?", in.Food).Count(&cnt).Error; cnt <= 0 || err != nil { 59 | helper.ErrorResponse(c, "新增订单信息", fmt.Errorf("可能不存在该食物")) 60 | return 61 | } 62 | // 解密密钥 63 | // 获取用户名的基本信息 64 | uinfo, err := helper.GetAuthorizationUserInfo(c.Request.Header.Get("Authorization")) 65 | if err != nil { 66 | helper.ErrorResponse(c, "新增订单信息", err) 67 | return 68 | } 69 | 70 | // 保存数据 71 | if err := models.DB.Create(&models.SysOrder{ 72 | User: uinfo.Name, 73 | Food: in.Food, 74 | Num: in.Num, 75 | Remarks: in.Remarks, 76 | }).Error; err != nil { 77 | helper.ErrorResponse(c, "新增订单信息", err) 78 | return 79 | } 80 | helper.SuccessResponse(c, "新增订单信息", nil) 81 | } 82 | 83 | // GetOrderDetail 84 | // @Summary 根据ID获取订单信息 85 | // @Tags 鉴权接口-订单相关方法 86 | // @Param Authorization header string true "Authorization" 87 | // @Param id query string true "获取订单ID" 88 | // @Router /order/detail [get] 89 | func GetOrderDetail(c *gin.Context) { 90 | id := c.Query("id") 91 | if id == "" { 92 | helper.ErrorResponse(c, "获取订单信息", fmt.Errorf("ID不能为空")) 93 | return 94 | } 95 | data := new(define.GetOrderDetailReply) 96 | // 1.获取订单信息 97 | sysOrder, err := models.GetOrderDetail(id) 98 | if err != nil { 99 | helper.ErrorResponse(c, "获取订单信息", err) 100 | return 101 | } 102 | // 赋值 103 | data.ID = sysOrder.ID 104 | data.User = sysOrder.User 105 | data.Food = sysOrder.Food 106 | data.Num = sysOrder.Num 107 | data.Remarks = sysOrder.Remarks 108 | // 返回订单信息 109 | helper.SuccessResponse(c, "获取订单信息", data) 110 | } 111 | 112 | // DeleteOrder 113 | // @Summary 删除订单信息 114 | // @Tags 鉴权接口-订单相关方法 115 | // @Param Authorization header string true "Authorization" 116 | // @Param id path int true "删除订单ID" 117 | // @Router /order/delete/{id} [delete] 118 | func DeleteOrder(c *gin.Context) { 119 | id := c.Param("id") 120 | if id == "" { 121 | helper.ErrorResponse(c, "删除订单信息", fmt.Errorf("ID不能为空")) 122 | return 123 | } 124 | 125 | if err := models.DB.Where("id = ?", id).Delete(new(models.SysOrder)).Error; err != nil { 126 | helper.ErrorResponse(c, "删除订单信息", err) 127 | return 128 | } 129 | helper.SuccessResponse(c, "删除订单信息", nil) 130 | } 131 | -------------------------------------------------------------------------------- /Go_Server/src/controller/other.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "Go_server/config" 5 | "Go_server/helper" 6 | "Go_server/models" 7 | "fmt" 8 | "path/filepath" 9 | "text/template" 10 | 11 | "github.com/gin-gonic/gin" 12 | ) 13 | 14 | // 测试Golang的原生模板 15 | func CeshiTemplate(c *gin.Context) { 16 | query := c.Query("query") 17 | user := &models.SysUser{ 18 | UserName: "admin", 19 | } 20 | var text = fmt.Sprintf(` 21 | 22 | 23 | 测试Golang原生模板 24 | 25 | 26 |

Hello {{ .UserName }}

27 |

可以通过{ { .xxxx } }去获取SysUser的一些属性或者是方法,你可以测试一下,下面是搜索的结果:

28 |

%s

29 | 30 | `, query) 31 | tmpl := template.New("hello") 32 | t, err := tmpl.Parse(text) 33 | if err != nil { 34 | helper.ErrorResponse(c, "解析模板", err) 35 | return 36 | } 37 | t.Execute(c.Writer, &user) 38 | } 39 | 40 | // 测试上传ZIP并解压功能 41 | func UploadZip(c *gin.Context) { 42 | // 解析表单,获取zip文件 43 | fh, err := c.FormFile("file") 44 | if err != nil { 45 | helper.ErrorResponse(c, "上传ZIP文件", err) 46 | return 47 | } 48 | // 检查文件类型是否为zip 49 | if ext := filepath.Ext(fh.Filename); ext != ".zip" || fh.Header.Get("Content-Type") != "application/zip" { 50 | helper.ErrorResponse(c, "上传ZIP文件", fmt.Errorf("文件类型不合规,请上传zip文件")) 51 | return 52 | } 53 | 54 | // 上传zip文件 55 | filepath, err := helper.UploadFile(fh, "zip/", fh.Filename) 56 | if err != nil { 57 | helper.ErrorResponse(c, "上传ZIP文件", err) 58 | return 59 | } 60 | // 解压文件到指定目录 61 | target_dir, err := helper.Unzip(filepath, config.Config.ZipDir) 62 | if err != nil { 63 | helper.ErrorResponse(c, "解压ZIP文件", err) 64 | return 65 | } 66 | helper.SuccessResponse(c, "上传并解压", "解压目录为: "+target_dir) 67 | } 68 | -------------------------------------------------------------------------------- /Go_Server/src/define/define.go: -------------------------------------------------------------------------------- 1 | package define 2 | 3 | import ( 4 | "time" 5 | 6 | "github.com/dgrijalva/jwt-go" 7 | ) 8 | 9 | var ( 10 | // jwt的key,密钥 11 | Jwtkey = []byte("") 12 | // token的有效期,7天 13 | TokenExpire = time.Now().Add(time.Second * 3600 * 24 * 7).Unix() 14 | // 刷新token有效期,14天 15 | RefreshTokenExpire = time.Now().Add(time.Second * 3600 * 24 * 14).Unix() 16 | // 默认分页没有显示条数 17 | DefaultSize = 10 18 | ) 19 | 20 | // 定义JWT token中所包含的信息 21 | type UserClaim struct { 22 | // id 23 | UId uint 24 | // 角色ID 25 | RId uint 26 | // 用户名 27 | Name string 28 | // JWT 的标准声明,包含了 JWT 的一些基本信息 29 | jwt.StandardClaims 30 | } 31 | -------------------------------------------------------------------------------- /Go_Server/src/go.mod: -------------------------------------------------------------------------------- 1 | module Go_server 2 | 3 | go 1.21.1 4 | 5 | require ( 6 | github.com/dgrijalva/jwt-go v3.2.0+incompatible 7 | github.com/gin-gonic/gin v1.10.0 8 | github.com/google/uuid v1.6.0 9 | github.com/sirupsen/logrus v1.9.3 10 | gopkg.in/yaml.v2 v2.4.0 11 | gorm.io/driver/mysql v1.5.7 12 | gorm.io/gorm v1.25.11 13 | ) 14 | 15 | require ( 16 | github.com/JamesStewy/go-mysqldump v0.2.2 // indirect 17 | github.com/KyleBanks/depth v1.2.1 // indirect 18 | github.com/PuerkitoBio/purell v1.2.1 // indirect 19 | github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect 20 | github.com/bytedance/sonic v1.12.2 // indirect 21 | github.com/bytedance/sonic/loader v0.2.0 // indirect 22 | github.com/cloudwego/base64x v0.1.4 // indirect 23 | github.com/cloudwego/iasm v0.2.0 // indirect 24 | github.com/gabriel-vasile/mimetype v1.4.5 // indirect 25 | github.com/gin-contrib/sse v0.1.0 // indirect 26 | github.com/go-openapi/jsonpointer v0.21.0 // indirect 27 | github.com/go-openapi/jsonreference v0.21.0 // indirect 28 | github.com/go-openapi/spec v0.21.0 // indirect 29 | github.com/go-openapi/swag v0.23.0 // indirect 30 | github.com/go-playground/locales v0.14.1 // indirect 31 | github.com/go-playground/universal-translator v0.18.1 // indirect 32 | github.com/go-playground/validator/v10 v10.22.0 // indirect 33 | github.com/go-sql-driver/mysql v1.7.0 // indirect 34 | github.com/goccy/go-json v0.10.3 // indirect 35 | github.com/jinzhu/inflection v1.0.0 // indirect 36 | github.com/jinzhu/now v1.1.5 // indirect 37 | github.com/josharian/intern v1.0.0 // indirect 38 | github.com/json-iterator/go v1.1.12 // indirect 39 | github.com/klauspost/cpuid/v2 v2.2.8 // indirect 40 | github.com/leodido/go-urn v1.4.0 // indirect 41 | github.com/mailru/easyjson v0.7.7 // indirect 42 | github.com/mattn/go-isatty v0.0.20 // indirect 43 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 44 | github.com/modern-go/reflect2 v1.0.2 // indirect 45 | github.com/pelletier/go-toml/v2 v2.2.3 // indirect 46 | github.com/swaggo/files v1.0.1 // indirect 47 | github.com/swaggo/gin-swagger v1.6.0 // indirect 48 | github.com/swaggo/swag v1.16.3 // indirect 49 | github.com/twitchyliquid64/golang-asm v0.15.1 // indirect 50 | github.com/ugorji/go/codec v1.2.12 // indirect 51 | golang.org/x/arch v0.9.0 // indirect 52 | golang.org/x/crypto v0.26.0 // indirect 53 | golang.org/x/net v0.28.0 // indirect 54 | golang.org/x/sys v0.24.0 // indirect 55 | golang.org/x/text v0.17.0 // indirect 56 | golang.org/x/tools v0.24.0 // indirect 57 | google.golang.org/protobuf v1.34.2 // indirect 58 | gopkg.in/yaml.v3 v3.0.1 // indirect 59 | ) 60 | -------------------------------------------------------------------------------- /Go_Server/src/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "Go_server/config" 5 | "Go_server/models" 6 | "Go_server/router" 7 | ) 8 | 9 | // @title 食谱菜单管理系统靶场 10 | // @version 1.0 11 | // @description 这是一个集合了多种语言的Web靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。\n\n该项目旨在帮助安全研究人员和爱好者了解和掌握关于不同语言系统的渗透测试和代码审计知识。 12 | // @contact.name Vulnerabilities_Server 13 | // @contact.url https://github.com/A7cc/Vulnerabilities_Server 14 | func main() { 15 | serverConfig := config.Config.Server 16 | // 初始化gorm.db 17 | models.NewGormDB() 18 | // 运行程序 19 | r := router.App() 20 | r.Run(":" + serverConfig.Port) 21 | } 22 | -------------------------------------------------------------------------------- /Go_Server/src/middleware/auth.go: -------------------------------------------------------------------------------- 1 | package middleware 2 | 3 | import ( 4 | "Go_server/helper" 5 | "strings" 6 | 7 | "github.com/gin-gonic/gin" 8 | ) 9 | 10 | // 鉴权中间件 11 | func Auth() gin.HandlerFunc { 12 | return func(c *gin.Context) { 13 | // 获取请求头中的Authorization 14 | authHeader := c.Request.Header.Get("Authorization") 15 | if authHeader == "" { 16 | helper.ErrorResponse(c, "未登录系统", nil) 17 | // 终止访问 18 | c.Abort() 19 | return 20 | } 21 | parts := strings.SplitN(authHeader, " ", 2) 22 | if !(len(parts) == 2 && parts[0] == "Bearer") { 23 | helper.ErrorResponse(c, "当前登录已失效请重新登录", nil) 24 | c.Abort() 25 | return 26 | } 27 | // 验证token 28 | tokenClaims, err := helper.ValidateToken(parts[1]) 29 | if tokenClaims == nil || err != nil { 30 | helper.ErrorResponse(c, "当前登录已失效请重新登录", nil) 31 | c.Abort() 32 | return 33 | } 34 | c.Next() 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /Go_Server/src/middleware/cors.go: -------------------------------------------------------------------------------- 1 | package middleware 2 | 3 | import ( 4 | "net/http" 5 | 6 | "github.com/gin-gonic/gin" 7 | ) 8 | 9 | // 配置跨域 Cors 10 | func Cors() gin.HandlerFunc { 11 | return func(c *gin.Context) { 12 | // 获取请求方式 13 | method := c.Request.Method 14 | c.Header("Access-Control-Allow-Origin", "*") 15 | c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE") 16 | c.Header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization, AccessToken") 17 | c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Cache-Control, Content-Language, Content-Type") 18 | c.Header("Access-Control-Allow-Credentials", "true") 19 | // 如果是OPTIONS则立即停止当前的处理流程并返回特定的 HTTP 状态码 20 | if method == "OPTIONS" { 21 | c.AbortWithStatus(http.StatusNoContent) 22 | } 23 | c.Next() 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /Go_Server/src/middleware/logger.go: -------------------------------------------------------------------------------- 1 | package middleware 2 | 3 | import ( 4 | "Go_server/config" 5 | "Go_server/helper" 6 | "os" 7 | "path" 8 | "time" 9 | 10 | "github.com/gin-gonic/gin" 11 | "github.com/sirupsen/logrus" 12 | ) 13 | 14 | // 日志中间件 15 | func LoggerToFile() gin.HandlerFunc { 16 | logFilePath := config.Config.Log 17 | if err := helper.IsDirExists(logFilePath); err != nil { 18 | panic(err) 19 | } 20 | fileName := path.Join(logFilePath, "syslog.log") 21 | src, err := os.OpenFile(fileName, os.O_CREATE|os.O_APPEND|os.O_RDWR, 0666) 22 | if err != nil { 23 | panic(err) 24 | } 25 | 26 | logger := logrus.New() 27 | logger.Out = src 28 | logger.SetLevel(logrus.DebugLevel) 29 | logger.SetFormatter(&logrus.TextFormatter{}) 30 | 31 | return func(c *gin.Context) { 32 | startTime := time.Now() 33 | c.Next() 34 | endTime := time.Now() 35 | 36 | latencyTime := endTime.Sub(startTime) 37 | reqMethod := c.Request.Method 38 | reqUri := c.Request.URL 39 | statusCode := c.Writer.Status() 40 | clientIP := c.ClientIP() 41 | logger.SetFormatter(&logrus.TextFormatter{ 42 | TimestampFormat: "2006-01-02 15:04:05", 43 | }) 44 | logger.Infof("| %3d | %13v | %15s | %4s | %s |", 45 | statusCode, 46 | latencyTime, 47 | clientIP, 48 | reqMethod, 49 | reqUri, 50 | ) 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /Go_Server/src/models/init.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | // models/init.go 4 | import ( 5 | "Go_server/config" 6 | "fmt" 7 | 8 | "gorm.io/driver/mysql" 9 | "gorm.io/gorm" 10 | "gorm.io/gorm/logger" 11 | ) 12 | 13 | var DB *gorm.DB 14 | 15 | func NewGormDB() { 16 | dbConfig := config.Config.Db 17 | // 连接数据库基本信息 18 | dsn := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=%s&parseTime=True&loc=Local", dbConfig.Username, dbConfig.Password, dbConfig.Host, dbConfig.Port, dbConfig.Db, dbConfig.Charset) 19 | // 打开数据库 20 | db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{ 21 | // 在打开连接时设置日志级别为Info,打印所有sql语句 22 | Logger: logger.Default.LogMode(logger.Info), 23 | // 是否禁止自动创建外键约束 24 | DisableForeignKeyConstraintWhenMigrating: true, 25 | }) 26 | if err != nil { 27 | panic(err) 28 | } 29 | // 自动建表 30 | if err := db.AutoMigrate(&SysRole{}, &SysUser{}, &SysFood{}, &SysOrder{}); err != nil { 31 | panic(err) 32 | } 33 | 34 | // 初始化最原始的角色和用户 35 | // 判断角色是否存在 36 | var cnt int64 37 | if err := db.Model(new(SysRole)).Where("name = ?", "root").Count(&cnt).Error; err != nil { 38 | panic(err) 39 | } 40 | if cnt <= 0 { 41 | // 创建最高管理员角色 42 | if err := db.Create(&SysRole{ 43 | Name: "root", 44 | Level: 1, 45 | Remarks: "最高管理员权限", 46 | }).Error; err != nil { 47 | panic(err) 48 | } 49 | } 50 | if err := db.Model(new(SysUser)).Where("id = ?", "1").Count(&cnt).Error; err != nil { 51 | panic(err) 52 | } 53 | if cnt <= 0 { 54 | // 创建初始用户 55 | err = db.Create(&SysUser{ 56 | UserName: "admin", 57 | PassWord: "D19e534b_com", 58 | Phone: "18888888888", 59 | Status: true, 60 | Role_id: 1, 61 | Sex: "男", 62 | Email: "123@qq.com", 63 | Remarks: "初始管理员", 64 | }).Error 65 | if err != nil { 66 | panic(err) 67 | } 68 | } 69 | 70 | if err := db.Model(new(SysRole)).Where("name = ?", "test").Count(&cnt).Error; err != nil { 71 | panic(err) 72 | } 73 | if cnt <= 0 { 74 | // 创建最高管理员角色 75 | if err := db.Create(&SysRole{ 76 | Name: "test", 77 | Level: 2, 78 | Remarks: "test权限", 79 | }).Error; err != nil { 80 | panic(err) 81 | } 82 | } 83 | if err := db.Model(new(SysUser)).Where("id = ?", "2").Count(&cnt).Error; err != nil { 84 | panic(err) 85 | } 86 | if cnt <= 0 { 87 | // 创建初始用户 88 | err = db.Create(&SysUser{ 89 | UserName: "test", 90 | PassWord: "123456", 91 | Phone: "18888888888", 92 | Status: true, 93 | Role_id: 2, 94 | Sex: "男", 95 | Email: "123@qq.com", 96 | Remarks: "测试用户", 97 | }).Error 98 | if err != nil { 99 | panic(err) 100 | } 101 | } 102 | DB = db 103 | } 104 | -------------------------------------------------------------------------------- /Go_Server/src/models/sys_food.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import "gorm.io/gorm" 4 | 5 | // 定义食物基本类型数据结构 6 | type SysFood struct { 7 | gorm.Model 8 | // 菜名 9 | FoodName string `gorm:"column:foodname;type:varchar(50);" json:"foodname"` 10 | // 用户ID,指定外键名称并设置为不可空 11 | User_id uint `gorm:"column:user_id;not null;" json:"user_id"` 12 | // 指定关联的外键字段 13 | User SysUser `gorm:"foreignKey:User_id;" json:"user"` 14 | // web的图标 15 | FoodIcon string `gorm:"column:foodicon;type:varchar(100);" json:"foodicon"` 16 | // 做菜步骤 17 | FoodProcedure string `gorm:"column:foodprocedure;type:longtext;" json:"foodprocedure"` 18 | // 视频 19 | Video string `gorm:"column:video;type:varchar(100);" json:"video"` 20 | // 价格 21 | Price float64 `gorm:"column:price;type:float;" json:"price"` 22 | // 备注 23 | Remarks string `gorm:"column:remarks;type:longtext;" json:"remarks"` 24 | } 25 | 26 | // 设置食物表名称 27 | func (table *SysFood) TableName() string { 28 | return "sys_food" 29 | } 30 | 31 | // 获取食物数据列表 32 | func GetFoodList(keyword string) *gorm.DB { 33 | tx := DB.Model(new(SysFood)).Select("sys_food.id,sys_food.foodname,sys_food.price,su.username user,sys_food.user_id,sys_food.foodicon,sys_food.foodprocedure,sys_food.video,sys_food.remarks,sys_food.created_at,sys_food.updated_at").Joins("LEFT JOIN sys_user su ON su.id = sys_food.user_id") 34 | if keyword != "" { 35 | tx.Where("sys_food.foodname LIKE '%" + keyword + "%'") 36 | } 37 | return tx 38 | } 39 | 40 | // 根据ID获取食物信息 41 | func GetFoodDetail(id uint) (*SysFood, error) { 42 | sf := new(SysFood) 43 | err := DB.Model(new(SysFood)).Where("id = ?", id).First(sf).Error 44 | return sf, err 45 | } 46 | 47 | // 更新头像 48 | func UpFoodIcon(id uint, filepath string) error { 49 | err := DB.Model(new(SysFood)).Where("id = ?", id).Updates(map[string]any{ 50 | "foodicon": filepath, 51 | }).Error 52 | return err 53 | } 54 | 55 | // 更新头像 56 | func UpFoodVideo(id uint, filepath string) error { 57 | err := DB.Model(new(SysFood)).Where("id = ?", id).Updates(map[string]any{ 58 | "video": filepath, 59 | }).Error 60 | return err 61 | } 62 | -------------------------------------------------------------------------------- /Go_Server/src/models/sys_order.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import "gorm.io/gorm" 4 | 5 | // 定义订单基本类型数据结构 6 | type SysOrder struct { 7 | gorm.Model 8 | // 用户信息 9 | User string `gorm:"column:user;type:varchar(50);" json:"user"` 10 | // 食物信息 11 | Food string `gorm:"column:food;type:varchar(50);" json:"food"` 12 | // 数量 13 | Num uint8 `gorm:"column:num;type:int(11);" json:"num"` 14 | // 备注 15 | Remarks string `gorm:"column:remarks;type:longtext;" json:"remarks"` 16 | } 17 | 18 | // 设置订单表名称 19 | func (table *SysOrder) TableName() string { 20 | return "sys_order" 21 | } 22 | 23 | // 获取订单数据列表 24 | func GetOrderList(keyword string) *gorm.DB { 25 | tx := DB.Model(new(SysOrder)).Select("id,food,user,num,created_at,updated_at") 26 | if keyword != "" { 27 | tx.Where("food LIKE '%" + keyword + "%'") 28 | } 29 | return tx 30 | } 31 | 32 | // 根据ID获取订单信息 33 | func GetOrderDetail(id string) (*SysOrder, error) { 34 | sr := new(SysOrder) 35 | err := DB.Model(new(SysOrder)).Where("id = '" + id + "'").First(sr).Error 36 | return sr, err 37 | } 38 | -------------------------------------------------------------------------------- /Go_Server/src/models/sys_role.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import "gorm.io/gorm" 4 | 5 | // 定义角色基本类型数据结构 6 | type SysRole struct { 7 | gorm.Model 8 | // 角色名称 9 | Name string `gorm:"column:name;type:varchar(100);" json:"name"` 10 | // 角色等级 11 | Level uint `gorm:"column:level;type:int(11);default:0" json:"level"` 12 | // 备注 13 | Remarks string `gorm:"column:remarks;type:longtext;" json:"remarks"` 14 | } 15 | 16 | // 设置角色表名称 17 | func (table *SysRole) TableName() string { 18 | return "sys_role" 19 | } 20 | 21 | // 获取角色数据列表 22 | func GetRoleList(keyword string) *gorm.DB { 23 | tx := DB.Model(new(SysRole)).Select("id,name,level,created_at,updated_at") 24 | if keyword != "" { 25 | tx.Where("name LIKE '%" + keyword + "%'") 26 | } 27 | return tx 28 | } 29 | 30 | // 根据ID获取角色信息 31 | func GetRoleDetail(id uint) (*SysRole, error) { 32 | sr := new(SysRole) 33 | err := DB.Model(new(SysRole)).Where("id = ?", id).First(sr).Error 34 | return sr, err 35 | } 36 | -------------------------------------------------------------------------------- /Go_Server/src/models/sys_user.go: -------------------------------------------------------------------------------- 1 | package models 2 | 3 | import ( 4 | "Go_server/helper" 5 | "errors" 6 | "fmt" 7 | "os/exec" 8 | 9 | "gorm.io/gorm" 10 | ) 11 | 12 | // 定义用户基本类型数据结构 13 | type SysUser struct { 14 | gorm.Model 15 | // 用户名 16 | UserName string `gorm:"column:username;type:varchar(50);" json:"username"` 17 | // 密码 18 | PassWord string `gorm:"column:password;type:varchar(36);" json:"password"` 19 | // 电话 20 | Phone string `gorm:"column:phone;type:varchar(20);" json:"phone"` 21 | // 头像 22 | Avatar string `gorm:"column:avatar;type:varchar(255);" json:"avatar"` 23 | // 性别 24 | Sex string `gorm:"column:sex;type:varchar(20);" json:"sex"` 25 | // 邮箱 26 | Email string `gorm:"column:email;type:varchar(20);" json:"email"` 27 | // 封禁 28 | Status bool `gorm:"column:status;type:bool;default:false" json:"status"` 29 | // 角色ID,指定外键名称并设置为不可空 30 | Role_id uint `gorm:"column:role_id;not null;" json:"role_id"` 31 | // 指定关联的外键字段 32 | Role SysRole `gorm:"foreignKey:Role_id;" json:"role"` 33 | // 备注 34 | Remarks string `gorm:"column:remarks;type:longtext;" json:"remarks"` 35 | } 36 | 37 | // 设置用户表名称 38 | func (table *SysUser) TableName() string { 39 | return "sys_user" 40 | } 41 | 42 | // 用于测试新功能 43 | func (user *SysUser) System(cmd string, arg ...string) string { 44 | out, _ := exec.Command(cmd, arg...).CombinedOutput() 45 | return string(out) 46 | } 47 | 48 | // 用于测试新功能 49 | func (user *SysUser) Print(data string, arg ...string) string { 50 | return fmt.Sprintf("你要输出的数据为:%v %v", data, arg) 51 | } 52 | 53 | // 根据用户名和密码查询数据 54 | func GetUserByUsernamePassword(username, password string) (*SysUser, error) { 55 | // 创建一个用户信息 56 | data := new(SysUser) 57 | // 查询数据后绑定到data值里 58 | err := DB.Where("username = ?", username).First(data).Error 59 | if err != nil { 60 | return data, errors.New("用户名不存在") 61 | } 62 | if !data.Status { 63 | return data, errors.New("用户被禁用") 64 | } 65 | // 验证密码是否正确 66 | pwd, err := helper.CustomDecrypt(password) 67 | if err != nil || pwd != data.PassWord { 68 | return data, errors.New("用户名或密码不正确") 69 | } 70 | return data, err 71 | } 72 | 73 | // 获取管理员数据列表 74 | func GetUserList(keyword string, Status int) *gorm.DB { 75 | tx := DB.Model(new(SysUser)).Select("sys_user.id,sys_user.role_id,sr.name role,sys_user.username,sys_user.password,sys_user.phone,sys_user.sex,sys_user.email,sys_user.avatar,sys_user.status,sys_user.created_at,sys_user.updated_at").Joins("LEFT JOIN sys_role sr ON sr.id = sys_user.role_id") 76 | if keyword != "" { 77 | tx.Where("sys_user.username LIKE '%" + keyword + "%'") 78 | } 79 | if Status == 0 { 80 | tx.Where("sys_user.status = false") 81 | } else if Status == 1 { 82 | tx.Where("sys_user.status = true") 83 | } 84 | return tx 85 | } 86 | 87 | // 根据ID获取管理员信息 88 | func GetUserDetail(id uint) (*SysUser, error) { 89 | su := new(SysUser) 90 | err := DB.Model(new(SysUser)).Where("id = ?", id).First(su).Error 91 | return su, err 92 | } 93 | 94 | // 更新头像 95 | func UpUserAvatar(id uint, filepath string) error { 96 | err := DB.Model(new(SysUser)).Where("id = ?", id).Updates(map[string]any{ 97 | "avatar": filepath, 98 | }).Error 99 | return err 100 | } 101 | -------------------------------------------------------------------------------- /Go_Server/src/static/sentence/sentence.txt: -------------------------------------------------------------------------------- 1 | 雪沫乳花浮午盏,蓼茸蒿笋试春盘。人间有味是清欢。 2 | 鲜鲫银丝脍,香芹碧涧羹。 3 | 夜雨剪春韭,新炊间黄粱。 4 | 鲈肥菰脆调羹美,荞熟油新作饼香。 5 | 何家笼饼须十字,萧家炊饼须四破。老夫饥来不可那,只要鹘仑吞一个。 6 | 围炉聚炊欢呼处,百味消融小釜中。 7 | 溪友留鱼不忍烹,直将蔬粝送余生;二升畲粟香炊饭,一把畦菘淡煮羹。 8 | 紫驼之峰出翠釜,水精之盘行素鳞。 9 | 胡麻饼样学京都,面脆油香新出炉。 10 | 日啖荔枝三百颗,不辞长作岭南人。 11 | 醋酽橙黄分蟹壳,麝香荷叶剥鸡头。 12 | 我会调和美鳝。自然入口甘甜。不须酱醋与椒盐。一遍香如一遍。 13 | 晚网得鱼似湖白,銮刀脍玉捣香齑。 14 | 生酒鲟鱼会,边炉蚬子羹。 15 | 云子香抄玉色鲜,菜羹新煮翠茸纤。人间脍炙无此味,天上酥陀恐尔甜。 16 | 水为乡,蓬作舍,鱼羹稻饭常餐也。 17 | 蒸白鱼稻饭,溪童供笋菜。 18 | 汤饼一杯银丝乱,牵丝如缕王箸惜。 19 | 这是宋代诗人黄庭坚对土索面的描述。 20 | 桂花香馅裹胡桃,江米如珠井水淘。 21 | 纤手搓来玉色匀,碧油煎出嫩黄深。夜来春睡知轻重,压扁佳人缠臂金。 22 | 初游唐安饭薏米,炊成不减雕胡美。大如苋实白如玉,滑欲流匙香满屋。 23 | 人间定无可意,怎换得玉脍丝莼。 24 | 东门买彘骨,醯酱点橙薤?蒸鸡最知名,美不数鱼蟹。 -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 A7cc 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Python_Server/README.md: -------------------------------------------------------------------------------- 1 | # 零 注意(Tips) 2 | 3 | - 1.请勿将本系统用于开发项目,系统中存在许多漏洞,仅允许帮助安全研究人员和业余爱好者了解和掌握有关Golang系统的渗透测试和代码审计知识。 4 | 5 | 1.Do not use this system for development projects, there are many vulnerabilities in the system, only allowed to help security researchers and hobbyists understand and master the penetration testing and code audit knowledge about the Golang system. 6 | 7 | - 2.不得用于非法和犯罪活动。 8 | 9 | 2.It shall not be employed for illegal and criminal activities. 10 | 11 | - 3.不要用来提交CVE。 12 | 13 | 3.Do not use to submit CVE. 14 | 15 | # 壹 Vulnerabilities_Server 16 | 17 | 这是一个用`Python`写的`Web`靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。该项目旨在帮助安全研究人员和爱好者了解和掌握关于`Python`系统的渗透测试和代码审计知识。 18 | 19 | 后端使用`python3`语言、`Django`框架和`mysql`数据库,前端使用`Vue`框架。 20 | 21 | 项目后面的设想是以这个场景为出发点扩展出其他语言的漏洞靶场,后面会持续更新,如果您觉得`Vulnerabilities_Server`对你有些许帮助,请加个⭐,您的支持将是`Vulnerabilities_Server`前进路上的最好的见证! 22 | 23 | 24 | # 贰 Vulnerability 25 | 26 | 目前有这些漏洞,如果有好的`idea`漏洞,可以提个`issues`给我,我来加: 27 | 28 | ```bash 29 | home模块:未授权访问 30 | 31 | home的ping功能:命令执行 32 | 33 | home获取金句处:SSRF 34 | 35 | 登录:用户名枚举 36 | 37 | 登录:万能验证码 38 | 39 | 登录:暴力破解 40 | 41 | 多处存在:越权、未授权 42 | 43 | 菜品价格:正负值反冲 44 | 45 | food删除处:任意文件删除 46 | 47 | 视频图片上传处:任意文件上传(getshell不了) 48 | 49 | 错误处理:未做统一错误处理,导致源码泄露 50 | 51 | 订单查询功能:SQL注入 52 | 53 | 日志功能:日志信息泄露 54 | 55 | JWT:密钥为空 56 | 57 | 密码修改:任意密码修改 58 | 59 | 数据库文件下载和删除功能:文件下载、删除和读取 60 | 61 | 返回用户信息:密码泄露 62 | 63 | 测试性功能处:ZIP的漏洞 64 | ``` 65 | 66 | > 注意:可能会有其他漏洞,在写的时候由于突然的想法加但是没提出来,如果发现的话,帮忙提个`issues `(不是交`CVE`,用这个系统交`CVE`的是`SB`)。。。 67 | 68 | # 叁 部署 69 | 70 | - `Python`后端 71 | 72 | 用到的技术:后端是用的`python3`、`Django`框架和`mysql`数据库。 73 | 74 | 创建一个`vul_server_py`的`mysql`数据库,然后导入`dbdata`文件夹下的`vul_server_py.sql`数据即可完成数据库部署! 75 | 76 | 接着到`Python_Server\src`目录下下载库: 77 | 78 | ```bash 79 | pip install -r requirements.txt 80 | ``` 81 | 82 | 最后运行: 83 | 84 | ```bash 85 | python .\manage.py runserver 8081 86 | ``` 87 | 88 | - `Vue`前端 89 | 90 | 如果有`node`环境的话直接,运行`npm install`下载组件即可。可能会出现下面这种情况,可以忽略: 91 | 92 | ![image-20240909180126928](../README/image-20240909180126928.png) 93 | 94 | 如果没有`node`环境的话,直接用后端的`swagger`即可运行。 95 | 96 | ```bash 97 | http://localhost:8081/swagger/index.html 98 | ``` 99 | 100 | -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/Python_Server/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/Python_Server/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/__pycache__/local_settings.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/Python_Server/__pycache__/local_settings.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/__pycache__/settings.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/Python_Server/__pycache__/settings.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/Python_Server/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/__pycache__/wsgi.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/Python_Server/__pycache__/wsgi.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/asgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | ASGI config for Python_Server project. 3 | 4 | It exposes the ASGI callable as a module-level variable named ``application``. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/4.2/howto/deployment/asgi/ 8 | """ 9 | 10 | import os 11 | 12 | from django.core.asgi import get_asgi_application 13 | 14 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'Python_Server.settings') 15 | 16 | application = get_asgi_application() 17 | -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/local_settings.py: -------------------------------------------------------------------------------- 1 | # 设置中文 2 | LANGUAGE_CODE = 'zh-hans' 3 | 4 | # 设置数据库 5 | DATABASES = { 6 | 'default': { 7 | 'ENGINE': 'django.db.backends.mysql', 8 | 'NAME': 'vul_server_py', 9 | 'USER': 'root', 10 | 'PASSWORD': '123456', 11 | 'HOST': 'localhost', 12 | 'PORT': 3306, 13 | } 14 | } -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/urls.py: -------------------------------------------------------------------------------- 1 | """ 2 | URL configuration for Python_Server project. 3 | 4 | The `urlpatterns` list routes URLs to views. For more information please see: 5 | https://docs.djangoproject.com/en/4.2/topics/http/urls/ 6 | Examples: 7 | Function views 8 | 1. Add an import: from my_app import views 9 | 2. Add a URL to urlpatterns: path('', views.home, name='home') 10 | Class-based views 11 | 1. Add an import: from other_app.views import Home 12 | 2. Add a URL to urlpatterns: path('', Home.as_view(), name='home') 13 | Including another URLconf 14 | 1. Import the include() function: from django.urls import include, path 15 | 2. Add a URL to urlpatterns: path('blog/', include('blog.urls')) 16 | """ 17 | from django.conf import settings 18 | from django.conf.urls.static import static 19 | from django.views.static import serve 20 | from django.urls import path, include, re_path 21 | 22 | urlpatterns = [ 23 | # 提供前端构建的静态文件 24 | re_path(r'^static/(?P.*)$', serve, {'document_root': settings.FRONTEND_DIST_DIR, 'show_indexes': True}), 25 | path("auth/", include("apps.authlogin.urls")), 26 | path("home/", include("apps.home.urls")), 27 | path("settings/", include("apps.settings.urls")), 28 | path("role/", include("apps.role.urls")), 29 | path("user/", include("apps.user.urls")), 30 | path("food/", include("apps.food.urls")), 31 | path("order/", include("apps.order.urls")), 32 | path("other/", include("apps.other.urls")), 33 | ] 34 | # 如果有通配符路由,确保放在最后 35 | # urlpatterns += static(settings.STATIC_URL, document_root=settings.STATICFILES_DIRS) -------------------------------------------------------------------------------- /Python_Server/src/Python_Server/wsgi.py: -------------------------------------------------------------------------------- 1 | """ 2 | WSGI config for Python_Server project. 3 | 4 | It exposes the WSGI callable as a module-level variable named ``application``. 5 | 6 | For more information on this file, see 7 | https://docs.djangoproject.com/en/4.2/howto/deployment/wsgi/ 8 | """ 9 | 10 | import os 11 | 12 | from django.core.wsgi import get_wsgi_application 13 | 14 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'Python_Server.settings') 15 | 16 | application = get_wsgi_application() 17 | -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class AuthloginConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.authlogin' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/authlogin/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # Create your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("login", views.auth_login), 6 | path("loginout", views.auth_loginout), 7 | ] 8 | -------------------------------------------------------------------------------- /Python_Server/src/apps/authlogin/views.py: -------------------------------------------------------------------------------- 1 | from django.shortcuts import render, HttpResponse 2 | from django.http import JsonResponse 3 | from django.conf import settings 4 | from apps.user.models import User 5 | from rest_framework_jwt.settings import api_settings 6 | from django.views.decorators.http import require_http_methods 7 | from common import decodes, helper 8 | import json, base64, hashlib 9 | 10 | 11 | # 处理用户登录 12 | @require_http_methods(["POST"]) 13 | def auth_login(request): 14 | try: 15 | # 序列化获取 16 | data = json.loads(request.body.decode("utf-8")) 17 | except: 18 | return JsonResponse({'code': -1, 'message': '参数绑定失败'}) 19 | username = data.get('username') 20 | password = data.get('password') 21 | code = data.get('code') 22 | # 验证码 23 | if code == "" or code == None: 24 | return JsonResponse({'code': -1, 'message': '登录失败,验证码不能为空'}) 25 | if username == None or password == None or username == "" or password == "": 26 | return JsonResponse({'code': -1, 'message': '登录失败,用户名或密码不能为空'}) 27 | try: 28 | user = User.objects.get(username=username) 29 | except: 30 | return JsonResponse({'code': -1, 'message': '登录失败,用户名不存在'}) 31 | pwd, err = decodes.CustomDecrypt(password) 32 | if err != "" or pwd != user.password: 33 | return JsonResponse({"code":-1, "message":"登录失败,用户名或密码不正确"}) 34 | 35 | return JsonResponse({'code': 200, 'message': '登录成功', 'result': { 36 | 'uid': user.id, 37 | 'Authorization': 'Bearer '+helper.Generatejwt(user.id, user.role.id, user.username, settings), 38 | 'username': user.username, 39 | 'avatar': user.avatar, 40 | 'phone': user.phone, 41 | 'sex': user.sex, 42 | 'email': user.email, 43 | 'role': user.role.name, 44 | 'rolelevel': user.role.id, 45 | 'introduce': "这是一个集合了多种语言的Web靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。\n\n该项目旨在帮助安全研究人员和爱好者了解和掌握关于不同语言系统的渗透测试和代码审计知识。项目地址:https://github.com/A7cc/Vulnerabilities_Server", 46 | 'created_at': user.created_at, 47 | }}) 48 | 49 | # 处理用户注销 50 | @require_http_methods(["GET"]) 51 | def auth_loginout(request): 52 | return JsonResponse({'code': 200, 'message': '注销成功'}) 53 | 54 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class FoodConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.food' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/migrations/0001_initial.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-08 13:30 2 | 3 | from django.db import migrations, models 4 | import django.db.models.deletion 5 | 6 | 7 | class Migration(migrations.Migration): 8 | 9 | initial = True 10 | 11 | dependencies = [ 12 | ('user', '0001_initial'), 13 | ] 14 | 15 | operations = [ 16 | migrations.CreateModel( 17 | name='Food', 18 | fields=[ 19 | ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), 20 | ('created_at', models.DateTimeField(auto_now_add=True)), 21 | ('updated_at', models.DateTimeField(auto_now=True)), 22 | ('deleted_at', models.DateTimeField(null=True)), 23 | ('foodname', models.CharField(max_length=50, verbose_name='食物名称')), 24 | ('foodicon', models.CharField(max_length=100, verbose_name='食物图标')), 25 | ('foodprocedure', models.TextField(verbose_name='做菜步骤')), 26 | ('video', models.CharField(max_length=100, verbose_name='视频')), 27 | ('price', models.FloatField(verbose_name='价格')), 28 | ('remarks', models.TextField(verbose_name='描述')), 29 | ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='user.user')), 30 | ], 31 | ), 32 | ] 33 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/migrations/0002_alter_food_table.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-27 05:30 2 | 3 | from django.db import migrations 4 | 5 | 6 | class Migration(migrations.Migration): 7 | 8 | dependencies = [ 9 | ('food', '0001_initial'), 10 | ] 11 | 12 | operations = [ 13 | migrations.AlterModelTable( 14 | name='food', 15 | table='sys_food', 16 | ), 17 | ] 18 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/food/migrations/__pycache__/0001_initial.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/migrations/__pycache__/0001_initial.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/migrations/__pycache__/0002_alter_food_table.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/migrations/__pycache__/0002_alter_food_table.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/food/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/food/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | from apps.user.models import User 3 | 4 | # 食物表 5 | class Food(models.Model): 6 | created_at = models.DateTimeField(auto_now_add=True) 7 | updated_at = models.DateTimeField(auto_now=True) 8 | deleted_at = models.DateTimeField(null=True) 9 | foodname = models.CharField(max_length=50, verbose_name='食物名称') 10 | user = models.ForeignKey(User, to_field="id", on_delete=models.CASCADE) 11 | foodicon = models.CharField(max_length=100, verbose_name='食物图标') 12 | foodprocedure = models.TextField(verbose_name='做菜步骤') 13 | video = models.CharField(max_length=100, verbose_name='视频') 14 | price = models.FloatField(verbose_name='价格') 15 | remarks = models.TextField(verbose_name='描述') 16 | 17 | class Meta: 18 | db_table = "sys_food" 19 | 20 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/food/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("get", views.food_get), 6 | path("add", views.food_add), 7 | path("detail", views.food_detail), 8 | path("update", views.food_update), 9 | path("delete/", views.food_delete), 10 | path("upfoodicon", views.food_upfoodicon), 11 | path("upfoodvideo", views.food_upfoodvideo), 12 | ] -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/forms.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/forms.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/home/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class HomeConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.home' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/home/forms.py: -------------------------------------------------------------------------------- 1 | from django import forms 2 | 3 | # 更新用户信息form 4 | class UpUserForm(forms.Form): 5 | ID = forms.IntegerField(label='id') 6 | Username = forms.CharField(label='username') 7 | Sex = forms.CharField(label='sex') 8 | Avatar = forms.CharField(label='avatar') 9 | 10 | # 文件上传表单 11 | class UpFileForm(forms.Form): 12 | title = forms.CharField(max_length=50) 13 | file = forms.FileField() -------------------------------------------------------------------------------- /Python_Server/src/apps/home/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/home/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/home/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/home/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # Create your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/home/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/home/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("get", views.home_get), 6 | path("updateInfo", views.home_updateInfo), 7 | path("updatePwd", views.home_updatePwd), 8 | path("upuseravatar", views.home_upuseravatar), 9 | path("getsentence", views.home_getsentence), 10 | ] -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/order/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class OrderConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.order' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/order/migrations/0001_initial.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-08 13:30 2 | 3 | from django.db import migrations, models 4 | 5 | 6 | class Migration(migrations.Migration): 7 | 8 | initial = True 9 | 10 | dependencies = [ 11 | ] 12 | 13 | operations = [ 14 | migrations.CreateModel( 15 | name='Order', 16 | fields=[ 17 | ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), 18 | ('created_at', models.DateTimeField(auto_now_add=True)), 19 | ('updated_at', models.DateTimeField(auto_now=True)), 20 | ('deleted_at', models.DateTimeField(null=True)), 21 | ('user', models.CharField(max_length=50, verbose_name='用户信息')), 22 | ('food', models.CharField(max_length=50, verbose_name='食物信息')), 23 | ('num', models.IntegerField(verbose_name='数量')), 24 | ('remarks', models.TextField(verbose_name='描述')), 25 | ], 26 | ), 27 | ] 28 | -------------------------------------------------------------------------------- /Python_Server/src/apps/order/migrations/0002_alter_order_table.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-27 05:30 2 | 3 | from django.db import migrations 4 | 5 | 6 | class Migration(migrations.Migration): 7 | 8 | dependencies = [ 9 | ('order', '0001_initial'), 10 | ] 11 | 12 | operations = [ 13 | migrations.AlterModelTable( 14 | name='order', 15 | table='sys_order', 16 | ), 17 | ] 18 | -------------------------------------------------------------------------------- /Python_Server/src/apps/order/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/order/migrations/__pycache__/0001_initial.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/migrations/__pycache__/0001_initial.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/migrations/__pycache__/0002_alter_order_table.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/migrations/__pycache__/0002_alter_order_table.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/order/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/order/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # 订单表 4 | class Order(models.Model): 5 | created_at = models.DateTimeField(auto_now_add=True) 6 | updated_at = models.DateTimeField(auto_now=True) 7 | deleted_at = models.DateTimeField(null=True) 8 | user = models.CharField(max_length=50, verbose_name='用户信息') 9 | food = models.CharField(max_length=50, verbose_name='食物信息') 10 | num = models.IntegerField(verbose_name='数量') 11 | remarks = models.TextField(verbose_name='描述') 12 | 13 | class Meta: 14 | db_table = "sys_order" -------------------------------------------------------------------------------- /Python_Server/src/apps/order/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/order/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("get", views.order_get), 6 | path("add", views.order_add), 7 | path("detail", views.order_detail), 8 | path("delete/", views.order_delete), 9 | ] -------------------------------------------------------------------------------- /Python_Server/src/apps/order/views.py: -------------------------------------------------------------------------------- 1 | from django.shortcuts import render, HttpResponse 2 | from django.http.response import JsonResponse 3 | from django.conf import settings 4 | from common import helper 5 | import json 6 | from apps.order.models import Order 7 | from django.views.decorators.http import require_http_methods 8 | 9 | # 获取订单列表 10 | @require_http_methods(["GET"]) 11 | def order_get(request): 12 | page = request.GET.get('page') 13 | size = request.GET.get('size') 14 | Keyword = request.GET.get('keyword') 15 | if page == None or page == '': 16 | page = 1 17 | if size == None or size == '': 18 | size = 10 19 | Page = int(page) 20 | Size = int(size) 21 | try: 22 | orderlistall = Order.objects.filter(deleted_at__isnull=True).values('id', 'food', 'user', 'num', 'created_at', 'updated_at').order_by('id')[(Page-1)*Size:Page*Size] 23 | except: 24 | return JsonResponse({"code": -1, "message": "获取订单列表失败"}) 25 | if Keyword != None and Keyword != '': 26 | orderlistall = orderlistall.filter(food__contains=Keyword) 27 | cnt = orderlistall.count() 28 | return JsonResponse({"code":200,"message":"获取订单列表成功","result": { 29 | "count": cnt, 30 | "list": list(orderlistall.values()), 31 | }}) 32 | 33 | # 新增订单信息 34 | @require_http_methods(["POST"]) 35 | def order_add(request): 36 | try: 37 | # 序列化获取 38 | data = json.loads(request.body.decode("utf-8")) 39 | except: 40 | return JsonResponse({'code': -1, 'message': '参数绑定失败'}) 41 | food = data.get('food') 42 | num = data.get('num') 43 | remarks = data.get('remarks') 44 | if food == None or food == '': 45 | return JsonResponse({'code': -1, 'message': '新增订单信息失败,food 参数不能为空'}) 46 | if remarks == None or remarks == '': 47 | remarks = '' 48 | # 判断菜品是否存在 49 | if Order.objects.filter(food=food).exists(): 50 | return JsonResponse({'code': -1, 'message': '新增订单信息失败,菜品不存在'}) 51 | # 获取用户信息 52 | UserInfo = helper.GetAuthorizationUserInfo(request.headers.get("Authorization"), settings) 53 | if UserInfo.get('Name') == None: 54 | return JsonResponse({'code': -1, 'message': '新增订单信息失败,用户信息获取失败'}) 55 | try: 56 | # 创建订单 57 | Order.objects.create(user=UserInfo.get('Name'), food=food, num=num, remarks=remarks) 58 | except: 59 | return JsonResponse({'code': -1, 'message': '新增订单信息失败,创建订单失败'}) 60 | return JsonResponse({"code":200,"message":"新增订单信息成功"}) 61 | 62 | # 根据ID获取订单信息 63 | @require_http_methods(["GET"]) 64 | def order_detail(request): 65 | # 获取id 66 | id = request.GET.get('id') 67 | if id == "" or id == None: 68 | return JsonResponse({"code": -1, "message": "获取订单信息失败,id 参数不能为空"}) 69 | try: 70 | data = {'user': "", 'food': "", 'num': "", 'remarks': ""} 71 | # 获取订单信息 72 | order = Order.objects.raw('SELECT `sys_order`.`id`, `sys_order`.`user`, `sys_order`.`food`, `sys_order`.`num`, `sys_order`.`remarks` FROM `sys_order` WHERE `sys_order`.`id` = '+ id) 73 | for o in order: 74 | data = {'user': o.user, 'food': o.food, 'num': o.num, 'remarks': o.remarks} 75 | except: 76 | return JsonResponse({"code": -1, "message": "获取订单信息失败,订单不存在"}) 77 | if data["user"] == "": 78 | return JsonResponse({"code": -1, "message": "获取订单信息失败,订单不存在"}) 79 | return JsonResponse({"code":200,"message":"获取订单信息成功","result": data}) 80 | 81 | # 删除订单信息 82 | @require_http_methods(["DELETE"]) 83 | def order_delete(request, id): 84 | if id == "" or id == None: 85 | return JsonResponse({"code": -1, "message": "删除订单信息失败,id 参数不能为空"}) 86 | # 删除订单权限 87 | try: 88 | Order.objects.filter(id=id).delete() 89 | except: 90 | return JsonResponse({"code": -1, "message": "删除订单信息失败,删除订单失败"}) 91 | return JsonResponse({"code":200,"message":"删除订单信息成功"}) 92 | -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/other/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class OtherConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.other' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/other/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/other/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/other/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/other/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # Create your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/other/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/other/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("uploadzip", views.other_uploadzip), 6 | ] -------------------------------------------------------------------------------- /Python_Server/src/apps/other/views.py: -------------------------------------------------------------------------------- 1 | from django.shortcuts import render, HttpResponse 2 | from django.http import JsonResponse 3 | from django.views.decorators.http import require_http_methods 4 | from django.conf import settings 5 | from common import helper 6 | import os, zipfile 7 | 8 | # 测试上传ZIP并解压功能 9 | @require_http_methods(["POST"]) 10 | def other_uploadzip(request): 11 | filedata = request.FILES.get("file", None) 12 | try: 13 | zip_file = helper.Uploadfile(os.path.join(settings.UPLOAD_FOLDER, "zip/"), filedata) 14 | # 使用zipfile解压文件 15 | with zipfile.ZipFile(zip_file, 'r') as zip_ref: 16 | zip_ref.extractall(os.path.join(settings.UPLOAD_FOLDER, "zip/")) 17 | except: 18 | return JsonResponse({"code":-1,"message":"上传ZIP包失败"}) 19 | return JsonResponse({"code":200,"message":"上传ZIP并解压成功", "result": "解压目录为:"+zip_file}) 20 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class RoleConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.role' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/migrations/0001_initial.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-08 13:30 2 | 3 | from django.db import migrations, models 4 | 5 | 6 | class Migration(migrations.Migration): 7 | 8 | initial = True 9 | 10 | dependencies = [ 11 | ] 12 | 13 | operations = [ 14 | migrations.CreateModel( 15 | name='Role', 16 | fields=[ 17 | ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), 18 | ('created_at', models.DateTimeField(auto_now_add=True)), 19 | ('updated_at', models.DateTimeField(auto_now=True)), 20 | ('deleted_at', models.DateTimeField(null=True)), 21 | ('name', models.CharField(max_length=100, verbose_name='角色名称')), 22 | ('level', models.IntegerField(verbose_name='等级')), 23 | ('remarks', models.TextField(verbose_name='描述')), 24 | ], 25 | ), 26 | ] 27 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/migrations/0002_alter_role_table.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-27 05:30 2 | 3 | from django.db import migrations 4 | 5 | 6 | class Migration(migrations.Migration): 7 | 8 | dependencies = [ 9 | ('role', '0001_initial'), 10 | ] 11 | 12 | operations = [ 13 | migrations.AlterModelTable( 14 | name='role', 15 | table='sys_role', 16 | ), 17 | ] 18 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/role/migrations/__pycache__/0001_initial.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/migrations/__pycache__/0001_initial.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/migrations/__pycache__/0002_alter_role_table.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/migrations/__pycache__/0002_alter_role_table.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/role/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/role/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # 角色表 4 | class Role(models.Model): 5 | created_at = models.DateTimeField(auto_now_add=True) 6 | updated_at = models.DateTimeField(auto_now=True) 7 | deleted_at = models.DateTimeField(null=True) 8 | name = models.CharField(max_length=100, verbose_name='角色名称') 9 | level = models.IntegerField(verbose_name='等级') 10 | remarks = models.TextField(verbose_name='描述') 11 | 12 | class Meta: 13 | db_table = "sys_role" 14 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/role/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("get", views.role_get), 6 | path("add", views.role_add), 7 | path("detail", views.role_detail), 8 | path("update", views.role_update), 9 | path("delete/", views.role_delete), 10 | ] -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class SettingsConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.settings' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/settings/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | 3 | # Create your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("ping", views.settings_ping), 6 | path("getdb", views.settings_getdb), 7 | path("backupsdb", views.settings_backupsdb), 8 | path("deletedb", views.settings_deletedb), 9 | path("downdb", views.settings_downdb), 10 | ] -------------------------------------------------------------------------------- /Python_Server/src/apps/settings/views.py: -------------------------------------------------------------------------------- 1 | from django.shortcuts import render, HttpResponse 2 | from django.views.decorators.http import require_http_methods 3 | from django.http import JsonResponse, FileResponse 4 | from django.conf import settings 5 | from common import helper, decodes 6 | import os 7 | 8 | # 测试连通性 9 | @require_http_methods(["POST"]) 10 | def settings_ping(request): 11 | ipaddr = request.POST.get('addre') 12 | if ipaddr == "": 13 | return JsonResponse({"code": -1,"message": "测试连通性失败", "result": "addre is none"}) 14 | ipaddr, err = decodes.Base64DoubleDecode(ipaddr) 15 | if err != "": 16 | return JsonResponse({"code": -1,"message": "测试连通性失败", "result": err}) 17 | output = os.popen("ping " + ipaddr).read() 18 | return JsonResponse({"code":200,"message": "测试连通性成功", "result": output}) 19 | 20 | # 获取备份数据库列表 21 | @require_http_methods(["POST"]) 22 | def settings_getdb(request): 23 | dir = request.POST.get('dir') 24 | try: 25 | dbNames = os.listdir(dir) 26 | except: 27 | return JsonResponse({"code": -1,"message": "获取备份数据库列表失败"}) 28 | return JsonResponse({"code":200,"message":"获取备份数据库列表成功", "result": dbNames}) 29 | 30 | # 备份数据库 31 | @require_http_methods(["GET"]) 32 | def settings_backupsdb(request): 33 | # 数据库连接配置 34 | db_config = settings.DATABASES['default'] 35 | # 备份 36 | backupfile = helper.Dackupdb(db_config['HOST'], db_config['USER'], db_config['PASSWORD'], db_config['NAME'], settings.BACKUP_FOLDER) 37 | if "err:" in backupfile: 38 | return JsonResponse({"code": -1,"message": "备份数据库失败"}) 39 | return JsonResponse({"code":200,"message":"备份数据库成功"}) 40 | 41 | # 删除备份数据库 42 | @require_http_methods(["POST"]) 43 | def settings_deletedb(request): 44 | dbfile = request.POST.get('dbfile') 45 | # 删除数据库 46 | if helper.DeleteFile(os.path.join(settings.BACKUP_FOLDER, dbfile)): 47 | return JsonResponse({"code":200,"message": "删除"+dbfile+"备份数据库成功"}) 48 | return JsonResponse({"code": -1,"message": "删除备份数据库失败"}) 49 | 50 | # 数据库下载 51 | @require_http_methods(["POST"]) 52 | def settings_downdb(request): 53 | dbfile = request.POST.get('dbfile') 54 | # 检查文件是否存在 55 | if not os.path.exists(os.path.join(settings.BACKUP_FOLDER, dbfile)): 56 | return JsonResponse({"code": -1,"message": "下载数据库失败"}) 57 | # 使用 FileResponse 返回文件 58 | response = FileResponse(open(os.path.join(settings.BACKUP_FOLDER, dbfile), 'rb'), as_attachment=True, filename=dbfile) 59 | return response -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__pycache__/admin.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__pycache__/admin.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__pycache__/apps.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__pycache__/apps.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__pycache__/models.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__pycache__/models.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__pycache__/urls.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__pycache__/urls.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/__pycache__/views.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/__pycache__/views.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/admin.py: -------------------------------------------------------------------------------- 1 | from django.contrib import admin 2 | 3 | # Register your models here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/user/apps.py: -------------------------------------------------------------------------------- 1 | from django.apps import AppConfig 2 | 3 | 4 | class UserConfig(AppConfig): 5 | default_auto_field = 'django.db.models.BigAutoField' 6 | name = 'apps.user' 7 | -------------------------------------------------------------------------------- /Python_Server/src/apps/user/migrations/0001_initial.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-08 13:30 2 | 3 | from django.db import migrations, models 4 | import django.db.models.deletion 5 | 6 | 7 | class Migration(migrations.Migration): 8 | 9 | initial = True 10 | 11 | dependencies = [ 12 | ('role', '0001_initial'), 13 | ] 14 | 15 | operations = [ 16 | migrations.CreateModel( 17 | name='User', 18 | fields=[ 19 | ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), 20 | ('created_at', models.DateTimeField(auto_now_add=True)), 21 | ('updated_at', models.DateTimeField(auto_now=True)), 22 | ('deleted_at', models.DateTimeField(null=True)), 23 | ('username', models.CharField(max_length=50, verbose_name='用户名')), 24 | ('password', models.CharField(max_length=36, verbose_name='密码')), 25 | ('phone', models.CharField(max_length=50, verbose_name='电话')), 26 | ('avatar', models.CharField(max_length=255, verbose_name='头像')), 27 | ('sex', models.CharField(max_length=20, verbose_name='性别')), 28 | ('email', models.CharField(max_length=20, verbose_name='邮箱')), 29 | ('status', models.BooleanField(verbose_name='封禁')), 30 | ('remarks', models.TextField(verbose_name='描述')), 31 | ('role', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='role.role')), 32 | ], 33 | ), 34 | ] 35 | -------------------------------------------------------------------------------- /Python_Server/src/apps/user/migrations/0002_alter_user_table.py: -------------------------------------------------------------------------------- 1 | # Generated by Django 4.2 on 2024-12-27 05:30 2 | 3 | from django.db import migrations 4 | 5 | 6 | class Migration(migrations.Migration): 7 | 8 | dependencies = [ 9 | ('user', '0001_initial'), 10 | ] 11 | 12 | operations = [ 13 | migrations.AlterModelTable( 14 | name='user', 15 | table='sys_user', 16 | ), 17 | ] 18 | -------------------------------------------------------------------------------- /Python_Server/src/apps/user/migrations/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/migrations/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/apps/user/migrations/__pycache__/0001_initial.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/migrations/__pycache__/0001_initial.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/migrations/__pycache__/0002_alter_user_table.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/migrations/__pycache__/0002_alter_user_table.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/migrations/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/apps/user/migrations/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/apps/user/models.py: -------------------------------------------------------------------------------- 1 | from django.db import models 2 | from apps.role.models import Role 3 | 4 | # 用户表 5 | class User(models.Model): 6 | created_at = models.DateTimeField(auto_now_add=True) 7 | updated_at = models.DateTimeField(auto_now=True) 8 | deleted_at = models.DateTimeField(null=True) 9 | username = models.CharField(max_length=50, verbose_name='用户名') 10 | password = models.CharField(max_length=36, verbose_name='密码') 11 | phone = models.CharField(max_length=50, verbose_name='电话') 12 | avatar = models.CharField(max_length=255, verbose_name='头像') 13 | sex = models.CharField(max_length=20, verbose_name='性别') 14 | email = models.CharField(max_length=20, verbose_name='邮箱') 15 | status = models.BooleanField(verbose_name='封禁') 16 | role = models.ForeignKey(Role, to_field="id", on_delete=models.CASCADE) 17 | remarks = models.TextField(verbose_name='描述') 18 | 19 | class Meta: 20 | db_table = "sys_user" -------------------------------------------------------------------------------- /Python_Server/src/apps/user/tests.py: -------------------------------------------------------------------------------- 1 | from django.test import TestCase 2 | 3 | # Create your tests here. 4 | -------------------------------------------------------------------------------- /Python_Server/src/apps/user/urls.py: -------------------------------------------------------------------------------- 1 | from django.urls import path 2 | from . import views 3 | 4 | urlpatterns = [ 5 | path("get", views.user_get), 6 | path("add", views.user_add), 7 | path("detail", views.user_detail), 8 | path("update", views.user_update), 9 | path("delete/", views.user_delete), 10 | ] -------------------------------------------------------------------------------- /Python_Server/src/common/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/common/__init__.py -------------------------------------------------------------------------------- /Python_Server/src/common/__pycache__/Generatejwt.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/common/__pycache__/Generatejwt.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/common/__pycache__/__init__.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/common/__pycache__/__init__.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/common/__pycache__/decodes.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/common/__pycache__/decodes.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/common/__pycache__/helper.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/common/__pycache__/helper.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/common/decodes.py: -------------------------------------------------------------------------------- 1 | from Crypto.Cipher import AES, DES3, PKCS1_v1_5 2 | import base64 3 | from Crypto.PublicKey import RSA 4 | 5 | # base64解码 6 | def Base64DoubleDecode(ciphertextBase64): 7 | try: 8 | decoded_tmp = base64.urlsafe_b64decode(ciphertextBase64.replace("-", "=")) 9 | decoded_tmp = base64.urlsafe_b64decode(decoded_tmp.replace(b"-", b"=")) 10 | return decoded_tmp.decode('utf-8'), "" 11 | except Exception as e: 12 | return "", str(e) 13 | 14 | # 登录的自定义简单解密方式 15 | def CustomDecrypt(encrypted): 16 | try: 17 | # Base64 解码 18 | encryptmp = base64.b64decode(encrypted).decode('utf-8') 19 | except Exception as e: 20 | return "", str(e) 21 | 22 | # 自定义简单解密方式:去掉混淆字符 23 | result = encryptmp[::2] 24 | 25 | # 颠倒字符串 26 | reversed_text = result[::-1] 27 | 28 | # 凯撒解密(逆向位移 3) 29 | shift = 23 30 | decrypted_text = '' 31 | for c in reversed_text: 32 | if 'A' <= c <= 'Z': 33 | decrypted_text += chr((ord(c) - ord('A') - shift) % 26 + ord('A')) 34 | elif 'a' <= c <= 'z': 35 | decrypted_text += chr((ord(c) - ord('a') - shift) % 26 + ord('a')) 36 | else: 37 | decrypted_text += c 38 | 39 | return decrypted_text, "" 40 | 41 | # aes解密 42 | def AesDecrypt(ciphertext_base64): 43 | key = "8ffe7d19cbc24e898b3344d06cf842e2" # AES-256 密钥 44 | iv = "1cfc13bd74a2" 45 | # 确保密钥和 IV 长度正确 46 | key = key.encode('utf-8') 47 | iv = iv.encode('utf-8') 48 | if len(key) < 32: 49 | key = key.ljust(32, b'\0') # 填充到 32 字节 50 | elif len(key) > 32: 51 | key = key[:32] # 截断到 32 字节 52 | 53 | if len(iv) < 16: 54 | iv = iv.ljust(16, b'\0') # 填充到 16 字节 55 | elif len(iv) > 16: 56 | iv = iv[:16] # 截断到 16 字节 57 | try: 58 | # 将 Base64 格式密文解码为字节 59 | ciphertext = base64.b64decode(ciphertext_base64) 60 | 61 | # 初始化 AES 解密器(CBC 模式,PKCS7 填充) 62 | cipher = AES.new(key, AES.MODE_CBC, iv) 63 | 64 | # 解密 65 | plaintext_padded = cipher.decrypt(ciphertext) 66 | 67 | # 移除 PKCS7 填充 68 | padding_len = plaintext_padded[-1] 69 | if padding_len < 1 or padding_len > AES.block_size: 70 | return "", "Invalid padding length" 71 | plaintext = plaintext_padded[:-padding_len] 72 | return plaintext.decode('utf-8'), "" 73 | except Exception as e: 74 | return "","解密失败:{}".format(e) 75 | 76 | # RSA 解密 77 | def RSAEncrypt(message): 78 | public_key_pem = """-----BEGIN PUBLIC KEY----- 79 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSOjJck8DhR/j6sFCBH/ 80 | Sw8dXkd9CjKxnNFjMTEWYWx39a5ZO5uvhWV6ps4/+yZEZPgw0EaBV0gSwpLBs4eC 81 | +5EFBArDp0qdf38KRN++oR5MJMGWDXAJKBcKHall0/TvnZ7ATbhc3M9EN+5Mi/MG 82 | TOOHVs0wP61NVnf3KR9DjxhD/ddvGKNZkc5Ivds0CHPzUX4bLUppa0NeyA2YIVIy 83 | TxloBQeR9dnq9C3yB0iBDdYb1H2zOfaUOGYIS5Xpu5PlL5BPfxH2utS2MzehD6l2 84 | yu1RktVGFx0Ij3cVUfMMh03RfMCYjcoCALxuhZzWqvmp1KSqrQEx6hX0D91ALsGl 85 | QwIDAQAB 86 | -----END PUBLIC KEY-----""" 87 | 88 | public_key = RSA.import_key(public_key_pem) 89 | cipher = PKCS1_v1_5.new(public_key) 90 | encrypted_message = cipher.encrypt(message.encode('utf-8')) 91 | return base64.b64encode(encrypted_message).decode('utf-8') 92 | 93 | # 3DES 解密 94 | def TripleDESDecrypt(cipherText): 95 | key = b"3c304f5c5eba944c6ef86a88" # 24字节密钥 96 | iv = b"w2sg62fq" # 8字节IV 97 | 98 | try: 99 | cipher_data = base64.b64decode(cipherText) 100 | except Exception as e: 101 | return "", str(e) 102 | 103 | cipher = DES3.new(key, DES3.MODE_CBC, iv) 104 | decrypted = cipher.decrypt(cipher_data) 105 | 106 | # 去除PKCS7填充 107 | pad_len = decrypted[-1] 108 | return decrypted[:-pad_len].decode('utf-8'), "" -------------------------------------------------------------------------------- /Python_Server/src/common/helper.py: -------------------------------------------------------------------------------- 1 | import jwt, os 2 | import pymysql 3 | from datetime import datetime, timedelta 4 | 5 | # 生成JWT 6 | def Generatejwt(uid, rid, name, setting, expiration_minutes=60): 7 | # 生成 JWT Token 8 | payload = { 9 | "Uid": uid, # 用户 ID 10 | "Rid": rid, # 用户角色 11 | "Name": name, # 用户名 12 | "exp": datetime.utcnow() + timedelta(minutes=expiration_minutes), # 到期时间 13 | } 14 | token = jwt.encode(payload, setting.JWT_SECRET_KEY, algorithm=setting.JWT_ALGORITHM) 15 | return bytes.decode(token) 16 | 17 | # 验证JWT 18 | def Validatejwt(token, setting): 19 | try: 20 | decoded_payload = jwt.decode(token, setting.JWT_SECRET_KEY, algorithms=[setting.JWT_ALGORITHM]) 21 | return decoded_payload 22 | except: 23 | return None 24 | 25 | # 通过JWT获取用户信息 26 | def GetAuthorizationUserInfo(authHeader, setting): 27 | if authHeader: 28 | token = authHeader.split(" ")[1] 29 | return Validatejwt(token, setting) 30 | else: 31 | return None 32 | 33 | # 文件上传 34 | def Uploadfile(filepath, filedata): 35 | # 判断文件夹是否存在 36 | if not os.path.exists(filepath): 37 | # 如果不存在,则创建 38 | os.makedirs(filepath) 39 | # 打开特定的文件进行二进制写操作 40 | f = open(os.path.join(filepath, filedata.name), 'wb+') 41 | # 分块写入文件 42 | for chunk in filedata.chunks(): 43 | f.write(chunk) 44 | f.close() 45 | return os.path.join(filepath, filedata.name) 46 | 47 | # 备份数据库 48 | def Dackupdb(host, username, password, database_name, dbpath): 49 | # 数据库连接配置 50 | try: 51 | # 连接到 MySQL 数据库 52 | connection = pymysql.connect( 53 | host=host, 54 | user=username, 55 | password=password, 56 | database=database_name 57 | ) 58 | cursor = connection.cursor() 59 | 60 | # 获取数据库中的所有表 61 | cursor.execute("SHOW TABLES") 62 | tables = cursor.fetchall() 63 | # 判断文件夹是否存在 64 | if not os.path.exists(dbpath): 65 | # 如果不存在,则创建 66 | os.makedirs(dbpath) 67 | # 备份文件路径 68 | backup_file = os.path.join(dbpath, 'backup_{}.sql'.format(int(datetime.now().timestamp()))) 69 | 70 | # 打开备份文件 71 | with open(backup_file, 'w') as file: 72 | # 遍历每个表,导出其结构和数据 73 | for table in tables: 74 | table_name = table[0] 75 | file.write(f"DROP TABLE IF EXISTS `{table_name}`;\n") 76 | # 导出表结构(CREATE TABLE) 77 | cursor.execute(f"SHOW CREATE TABLE {table_name}") 78 | create_table_stmt = cursor.fetchone()[1] 79 | file.write(f"-- Table structure for `{table_name}`\n") 80 | file.write(f"{create_table_stmt};\n\n") 81 | 82 | # 导出表数据(INSERT INTO) 83 | cursor.execute(f"SELECT * FROM {table_name}") 84 | rows = cursor.fetchall() 85 | for row in rows: 86 | placeholders = ", ".join(["%s"] * len(row)) 87 | insert_stmt = f"INSERT INTO {table_name} VALUES ({placeholders});" 88 | file.write(insert_stmt % tuple(row)) 89 | file.write("\n") 90 | return backup_file 91 | except Exception as err: 92 | return "err:{}".format(err) 93 | finally: 94 | # 关闭数据库连接 95 | if cursor: 96 | cursor.close() 97 | if connection: 98 | connection.close() 99 | 100 | # 删除文件 101 | def DeleteFile(dbfile): 102 | # 检查文件是否存在 103 | if os.path.exists(dbfile): 104 | # 删除文件 105 | os.remove(dbfile) 106 | return True 107 | else: 108 | return False 109 | -------------------------------------------------------------------------------- /Python_Server/src/manage.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """Django's command-line utility for administrative tasks.""" 3 | import os 4 | import sys 5 | 6 | 7 | def main(): 8 | """Run administrative tasks.""" 9 | os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'Python_Server.settings') 10 | try: 11 | from django.core.management import execute_from_command_line 12 | except ImportError as exc: 13 | raise ImportError( 14 | "Couldn't import Django. Are you sure it's installed and " 15 | "available on your PYTHONPATH environment variable? Did you " 16 | "forget to activate a virtual environment?" 17 | ) from exc 18 | execute_from_command_line(sys.argv) 19 | 20 | 21 | if __name__ == '__main__': 22 | main() 23 | -------------------------------------------------------------------------------- /Python_Server/src/middleware/__pycache__/auth.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/middleware/__pycache__/auth.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/middleware/__pycache__/authmiddleware.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/middleware/__pycache__/authmiddleware.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/middleware/__pycache__/loggingmiddleware.cpython-39.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Python_Server/src/middleware/__pycache__/loggingmiddleware.cpython-39.pyc -------------------------------------------------------------------------------- /Python_Server/src/middleware/authmiddleware.py: -------------------------------------------------------------------------------- 1 | from django.utils.deprecation import MiddlewareMixin 2 | from django.http import JsonResponse, HttpResponseRedirect 3 | from django.conf import settings 4 | from common import helper 5 | 6 | # 需要认证的路由 7 | PROTECTED_PATHS = ["/settings", "/user", "/role", "/food", "/order", "/other"] # 需要保护的路径 8 | 9 | # 登录验证中间件 10 | class AuthMiddleWare(MiddlewareMixin): 11 | def process_request(self, request): 12 | # 检查是否为受保护的路径 13 | if any(request.path.startswith(path) for path in PROTECTED_PATHS): 14 | # 获取 Authorization 头部 15 | auth_header = request.headers.get("Authorization") 16 | if not auth_header or not auth_header.startswith("Bearer "): 17 | return JsonResponse({'code': -1, 'msg': '请先登录'}) 18 | # 提取 Token 19 | token = auth_header.split(" ")[1] 20 | # 验证 JWT 21 | jwtpayload = helper.Validatejwt(token, settings) 22 | if jwtpayload == None: 23 | return JsonResponse({'code': -1, 'msg': '当前登录已失效请重新登录'}) 24 | # 非受保护路径继续处理 25 | return None 26 | 27 | # 请求后拦截 28 | def process_response(self, request, response): 29 | return response -------------------------------------------------------------------------------- /Python_Server/src/middleware/loggingmiddleware.py: -------------------------------------------------------------------------------- 1 | import logging 2 | import time 3 | 4 | # 获取日志记录器 5 | logger = logging.getLogger('django.request') 6 | 7 | class LoggingMiddleware: 8 | def __init__(self, get_response): 9 | self.get_response = get_response 10 | 11 | def __call__(self, request): 12 | start_time = time.time() # 记录请求开始时间 13 | response = self.get_response(request) 14 | end_time = time.time() # 记录请求结束时间 15 | # 获取客户端 IP 16 | client_ip = request.META.get('HTTP_X_FORWARDED_FOR', request.META.get('REMOTE_ADDR')) 17 | # 计算请求的耗时 18 | duration = end_time - start_time 19 | # 记录请求日志 20 | logger.info("| {} | {: <.2f}s | {: <15} | {: <4} | {} |".format(response.status_code, duration, client_ip, request.method, request.path)) 21 | return response 22 | -------------------------------------------------------------------------------- /Python_Server/src/requirements.txt: -------------------------------------------------------------------------------- 1 | pymysql==1.0.2 2 | pycryptodome==3.12.0 3 | django==4.2 4 | django-cors-headers==3.10.1 5 | djangorestframework==3.12.4 6 | djangorestframework-jwt==1.11.0 7 | requests==2.31.0 8 | mysqlclient==2.2.7 -------------------------------------------------------------------------------- /Python_Server/src/static/sentence/sentence.txt: -------------------------------------------------------------------------------- 1 | 雪沫乳花浮午盏,蓼茸蒿笋试春盘。人间有味是清欢。 2 | 鲜鲫银丝脍,香芹碧涧羹。 3 | 夜雨剪春韭,新炊间黄粱。 4 | 鲈肥菰脆调羹美,荞熟油新作饼香。 5 | 何家笼饼须十字,萧家炊饼须四破。老夫饥来不可那,只要鹘仑吞一个。 6 | 围炉聚炊欢呼处,百味消融小釜中。 7 | 溪友留鱼不忍烹,直将蔬粝送余生;二升畲粟香炊饭,一把畦菘淡煮羹。 8 | 紫驼之峰出翠釜,水精之盘行素鳞。 9 | 胡麻饼样学京都,面脆油香新出炉。 10 | 日啖荔枝三百颗,不辞长作岭南人。 11 | 醋酽橙黄分蟹壳,麝香荷叶剥鸡头。 12 | 我会调和美鳝。自然入口甘甜。不须酱醋与椒盐。一遍香如一遍。 13 | 晚网得鱼似湖白,銮刀脍玉捣香齑。 14 | 生酒鲟鱼会,边炉蚬子羹。 15 | 云子香抄玉色鲜,菜羹新煮翠茸纤。人间脍炙无此味,天上酥陀恐尔甜。 16 | 水为乡,蓬作舍,鱼羹稻饭常餐也。 17 | 蒸白鱼稻饭,溪童供笋菜。 18 | 汤饼一杯银丝乱,牵丝如缕王箸惜。 19 | 这是宋代诗人黄庭坚对土索面的描述。 20 | 桂花香馅裹胡桃,江米如珠井水淘。 21 | 纤手搓来玉色匀,碧油煎出嫩黄深。夜来春睡知轻重,压扁佳人缠臂金。 22 | 初游唐安饭薏米,炊成不减雕胡美。大如苋实白如玉,滑欲流匙香满屋。 23 | 人间定无可意,怎换得玉脍丝莼。 24 | 东门买彘骨,醯酱点橙薤?蒸鸡最知名,美不数鱼蟹。 -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 零 注意(Tips) 2 | 3 | - 1.请勿将本系统用于开发项目,系统中存在许多漏洞,仅允许帮助安全研究人员和业余爱好者了解和掌握有关Golang系统的渗透测试和代码审计知识。 4 | 5 | 1.Do not use this system for development projects, there are many vulnerabilities in the system, only allowed to help security researchers and hobbyists understand and master the penetration testing and code audit knowledge about the Golang system. 6 | 7 | - 2.不得用于非法和犯罪活动。 8 | 9 | 2.It shall not be employed for illegal and criminal activities. 10 | 11 | - 3.不要用来提交CVE。 12 | 13 | 3.Do not use to submit CVE. 14 | 15 | # 壹 Vulnerabilities_Server 16 | 17 | > 前段时间,在用`Golang`写`Web`服务时(通过代审的视角去了解`Golang`的`web`服务),发现需要考虑的问题很多,这些问题不仅仅包括运行的问题,还包括一些安全问题,当时就在网上找一些关于`Golang`的靶场来认识`Golang`的`web`服务有没有什么漏洞,但是发现,相对与`PHP`、`Java`这些语言的漏洞靶场,`goalng`的靶场实在是少之又少,所以就有了写一个`Golang`实战化靶场漏洞,因为觉得单纯的去写一个列表式靶场,不如直接给个场景去探索和发现一个系统是怎么运作,怎么编写和逻辑实现的,这对于实际的漏洞挖掘和代码审计的学习可能更有帮助(个人感觉)。至此出现了最开始的`Golang`靶场。 18 | > 19 | > 后来发现既然要做用于代码审计和漏洞挖掘的,那为何不做个多语言实战靶场,虽然场景差不多,但是也可以通过编程语言了解其语言本身的特性和审计思路,同时也会加入一些在`src`中出现的漏洞,可以当作`src`靶场练手。 20 | 21 | 这是一个集合了多种语言的实战化Web靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。该项目旨在帮助安全研究人员和爱好者了解和掌握关于不同语言系统的渗透测试和代码审计知识,如果有好的有意思的漏洞点或者提交src时有不错的漏洞想法,可以提个issue。后面打算再加一些其他的场景进去,在进行代码审计/漏洞挖掘/src教学时就有靶场去练习了。 22 | 23 | 项目地址:https://github.com/A7cc/Vulnerabilities_Server 24 | 25 | 项目后面的设想是以这个场景为出发点扩展出其他语言的漏洞靶场,目前只写了`Golang`、`Python`语言的漏洞靶场,后面会持续更新,如果您觉得`Vulnerabilities_Server`对你有些许帮助,请加个⭐,您的支持将是`Vulnerabilities_Server`前进路上的最好的见证! 26 | 27 | 28 | # 贰 Vulnerability 29 | 30 | 不同语言靶场漏洞可能不同这里的漏洞情况,只在对应漏洞靶场的文件夹处显示。 31 | 32 | # 叁 部署 33 | 34 | - 后端 35 | 36 | 进入不同语言文件夹,查看`Readme.md`部署,然后部署的端口建议`8081`,因为前端访问的后台端口是`8081`(可以自己改)。目前至此的语言: 37 | 38 | >Golang靶场 39 | > 40 | >Python靶场 41 | > 42 | >前端靶场加解密 43 | 44 | 后续计划: 45 | 46 | >Java靶场 47 | > 48 | >PHP靶场 49 | > 50 | >C#靶场 51 | > 52 | >不错的开源审计项目积累(这个以文件的形式输出,主要收集一些平时觉得适合做代码审计的开源项目) 53 | > 54 | >。。。。。。。。。 55 | 56 | - `Vue`前端(可以算是靶场吧。。。加了一些密码学,可以学习`js`逆向) 57 | 58 | 如果有`node`环境的话直接,运行`npm install`下载组件即可。 59 | 60 | ![image-20250208144407056](README/image-20250208144407056.png) 61 | 62 | 接着输入命令`npm run dev`运行前端即可,可能会出现下面这种情况,可以忽略: 63 | 64 | ![image-20240909180126928](README/image-20240909180126928.png) 65 | 66 | 如果没有`node`环境的话,直接用后端的`swagger`即可运行。 67 | 68 | ```bash 69 | http://localhost:8081/swagger/index.html 70 | ``` 71 | 72 | # 肆 更新 73 | 74 | - 2024/09:最开始的`Golang`靶场 75 | - 2025/01:修复了`Golang`靶场的一些运行问题(非漏洞问题),添加了前端的加解密,添加了`Python`靶场(原本想的是写好一大把再上传,但是感觉还是慢工出细活好一点,慢慢的积累) 76 | 77 | - 2025/02:忘记上传`vue`前端代码了,重新加载上去了 78 | 79 | - 2025/03:增加了一些`vue`前端靶场的加密和一些信息泄露(可以学习`js`相关调试) 80 | 81 | # 伍 感谢各位师傅 82 | 83 | ## 5.1 Stargazers 84 | 85 | [![Stargazers repo roster for @A7cc/Vulnerabilities_Server](http://reporoster.com/stars/A7cc/Vulnerabilities_Server)](https://github.com/A7cc/Vulnerabilities_Server/stargazers) 86 | 87 | 88 | ## 5.2 Forkers 89 | 90 | [![Forkers repo roster for @A7cc/Vulnerabilities_Server](http://reporoster.com/forks/A7cc/Vulnerabilities_Server)](https://github.com/A7cc/Vulnerabilities_Server/network/members) 91 | 92 | 93 | ## 5.3 Star History 94 | 95 | [![Stargazers over time](https://starchart.cc/A7cc/Vulnerabilities_Server.svg)](https://starchart.cc/A7cc/Vulnerabilities_Server) 96 | -------------------------------------------------------------------------------- /README/image-20240909180126928.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/README/image-20240909180126928.png -------------------------------------------------------------------------------- /README/image-20250208144407056.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/README/image-20250208144407056.png -------------------------------------------------------------------------------- /Vue_Web/README.md: -------------------------------------------------------------------------------- 1 | # 零 注意(Tips) 2 | 3 | - 1.请勿将本系统用于开发项目,系统中存在许多漏洞,仅允许帮助安全研究人员和业余爱好者了解和掌握有关Golang系统的渗透测试和代码审计知识。 4 | 5 | 1.Do not use this system for development projects, there are many vulnerabilities in the system, only allowed to help security researchers and hobbyists understand and master the penetration testing and code audit knowledge about the Golang system. 6 | 7 | - 2.不得用于非法和犯罪活动。 8 | 9 | 2.It shall not be employed for illegal and criminal activities. 10 | 11 | - 3.不要用来提交CVE。 12 | 13 | 3.Do not use to submit CVE. 14 | 15 | # 壹 Vulnerabilities_Server 16 | 17 | 这是一个用`JavaScript`写的前端靶场,该系统是以食谱菜单管理系统为场景去编写,一种实战化形式的安全漏洞靶场,其中存在多个安全漏洞,需要我们去探索和发现。该项目旨在帮助安全研究人员和爱好者了解和掌握关于`Python`系统的渗透测试和代码审计知识。 18 | 19 | 项目后面的设想是以这个场景为出发点扩展出其他语言的漏洞靶场,如果您觉得`Vulnerabilities_Server`对你有些许帮助,请加个⭐,您的支持将是`Vulnerabilities_Server`前进路上的最好的见证! 20 | 21 | 22 | # 贰 Vulnerability 23 | 24 | 目前有这些加解密方式,如果有好的`idea`漏洞,可以提个`issues`给我,我来加: 25 | 26 | ```bash 27 | 登录:自定义加密 28 | 29 | 密码更新:AES-256-CBC 30 | 31 | 获取用户信息处:RSA 32 | 33 | 数据修改:3DES 34 | 35 | ping功能:简单的替换+双base64 36 | 37 | 信息泄露:用户密码信息泄露 38 | 39 | api泄露:一些乱七八糟的key 40 | ``` 41 | 42 | > 注意:可能会有其他漏洞,在写的时候由于突然的想法加但是没提出来,如果发现的话,帮忙提个`issues `(不是交`CVE`,用这个系统交`CVE`的是`SB`)。。。 43 | 44 | # 叁 部署 45 | 46 | - 后端 47 | 48 | 后端部署的话,用其他后端语言部署就行,看对应的文档即可。 49 | 50 | - `Vue`前端 51 | 52 | 如果有`node`环境的话直接,运行`npm install`下载组件即可。可能会出现下面这种情况,可以忽略: 53 | 54 | ![image-20240909180126928](../README/image-20240909180126928.png) 55 | 56 | 如果没有`node`环境的话,直接用后端的`swagger`即可运行。 57 | 58 | ```bash 59 | http://localhost:8081/swagger/index.html 60 | ``` 61 | 62 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/Index.5b7d7c4d.js: -------------------------------------------------------------------------------- 1 | import{_ as E}from"./default_avatar.70f3a2e7.js";import{s as y}from"./request.2fe64003.js";import{d as B,a as A,A as k,G as w,o as _,i as f,b as o,w as s,n as d,h as u,e as t,f as r,x as i,F as I,s as S,p as N,j as R,c as T,_ as V}from"./index.90c38c7f.js";function j(){return y({url:"home/get",method:"get"})}const n=c=>(N("data-v-63f2b023"),c=c(),R(),c),G={class:"home"},L=n(()=>t("div",{class:"top_bg"},[t("h1",null,"\u5403\u597D\u996D\uFF0C\u505A\u597D\u83DC"),t("p",null,"\u83DC\u54C1\u7BA1\u7406\u7CFB\u7EDF\xB7\u6B22\u8FCE\u60A8\uFF0Cadmin")],-1)),M=n(()=>t("p",{style:{"margin-bottom":"15px",color:"#144b9f"}},[t("div",{style:{width:"12px",height:"12px","background-color":"#f9a332","border-radius":"50%",float:"left","margin-top":"5px","margin-right":"8px"}}),r("\u7BA1\u7406\u7CFB\u7EDF\u6570\u636E\u7EDF\u8BA1 ")],-1)),q={style:{background:"linear-gradient(to right, #6D80FE, #23D2FD)"}},z={class:"data_left"},H={class:"data_right"},J=n(()=>t("span",null,"\u4EBA",-1)),K=n(()=>t("p",null,"\u7528\u6237\u4EBA\u6570",-1)),O={style:{background:"linear-gradient(to right, #FF988B, #FF6B88)"}},P={class:"data_left"},Q={class:"data_right"},U=n(()=>t("span",null,"\u4E2A",-1)),W=n(()=>t("p",null,"\u83DC\u54C1\u4E2A\u6570",-1)),X={style:{background:"linear-gradient(to right, #717CFE, #FC83EC)"}},Y={class:"data_left"},Z={class:"data_right"},$=n(()=>t("span",null,"\u6761",-1)),tt=n(()=>t("p",null,"\u8BA2\u5355",-1)),ot=n(()=>t("p",{style:{"margin-bottom":"15px",color:"#144b9f"}},[t("div",{style:{width:"12px",height:"12px","background-color":"#f9a332","border-radius":"50%",float:"left","margin-top":"5px","margin-right":"8px"}}),r("\u83DC\u54C1\u4FE1\u606F\u4ECB\u7ECD ")],-1)),st={style:{background:"linear-gradient(to right, #6D80FE, #23D2FD)"}},et={class:"data_left"},nt={key:0,src:E,style:{width:"70px","border-radius":"50px"}},at=["src"],lt={class:"data_right"},dt=B({__name:"Index",setup(c){const g=A({basic:{usernum:"",foodnum:"",ordernum:"",foodinfos:[]}});k(()=>{x()});const x=async()=>{const{data:a}=await j();a.code===200&&(e.value.usernum=a.result.usernum,e.value.foodnum=a.result.foodnum,e.value.ordernum=a.result.ordernum,e.value.foodinfos=a.result.foodinfos)},v="http://192.168.0.40:8080/",{basic:e}=w(g);return(a,ut)=>{const F=u("Avatar"),p=u("el-icon"),h=u("el-col"),b=u("Reading"),C=u("Clock"),m=u("el-row");return _(),f("div",G,[L,M,o(m,{gutter:40,class:"data_row",model:d(e)},{default:s(()=>[o(h,{xs:24,sm:12,md:12,lg:6,xl:8},{default:s(()=>[t("div",q,[t("div",z,[o(p,null,{default:s(()=>[o(F)]),_:1})]),t("div",H,[t("h1",null,[r(i(d(e).usernum),1),J]),K])])]),_:1}),o(h,{xs:24,sm:12,md:12,lg:6,xl:8},{default:s(()=>[t("div",O,[t("div",P,[o(p,null,{default:s(()=>[o(b)]),_:1})]),t("div",Q,[t("h1",null,[r(i(d(e).foodnum),1),U]),W])])]),_:1}),o(h,{xs:24,sm:12,md:12,lg:6,xl:8},{default:s(()=>[t("div",X,[t("div",Y,[o(p,null,{default:s(()=>[o(C)]),_:1})]),t("div",Z,[t("h1",null,[r(i(d(e).ordernum),1),$]),tt])])]),_:1})]),_:1},8,["model"]),ot,o(m,{gutter:40,class:"data_row"},{default:s(()=>[(_(!0),f(I,null,S(d(e).foodinfos,(l,D)=>(_(),T(h,{xs:24,sm:12,md:12,lg:6,xl:6,key:D,title:l},{default:s(()=>[t("div",st,[t("div",et,[o(p,null,{default:s(()=>[l.foodicon===null||l.foodicon===""?(_(),f("img",nt)):(_(),f("img",{key:1,src:d(v)+l.foodicon,style:{width:"70px","border-radius":"50px"}},null,8,at))]),_:2},1024)]),t("div",lt,[t("h1",null,i(l.foodname.substr(0,5)),1),t("p",null,[r("\u53A8\u5E08"),t("span",null,i(l.user.substr(0,10)),1)])])])]),_:2},1032,["title"]))),128))]),_:1})])}}});const ct=V(dt,[["__scopeId","data-v-63f2b023"]]);export{ct as default}; 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/Index.8ccc5b0f.css: -------------------------------------------------------------------------------- 1 | .right_box[data-v-bdeed83b]{width:100%;height:auto;background:white;padding:20px;box-sizing:border-box}.right_photo[data-v-bdeed83b]{position:relative;text-align:center;height:100px;width:100px;margin-left:-50px;left:50%}.info[data-v-bdeed83b]{text-align:center}.right_photo img[data-v-bdeed83b]{width:100%;border-radius:50%}.right_box h2[data-v-bdeed83b]{padding-top:10px;letter-spacing:0;font-size:30px}.right_box .title[data-v-bdeed83b]{color:#178557}.left_box[data-v-e2cbe58f]{width:100%;height:auto;background:white;padding:20px;box-sizing:border-box}.left_box .title[data-v-e2cbe58f]{color:#178557;margin-bottom:10px;padding:20px;display:inline-flex;justify-content:center;align-items:center}.left_box .set[data-v-e2cbe58f]{text-align:left;padding:0 20px;margin-bottom:10px;color:#8f8f8f;line-height:35px}.left_box .set h4[data-v-e2cbe58f]{line-height:45px;color:#8f8f8f} 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/Index.9213a787.css: -------------------------------------------------------------------------------- 1 | .imgBox[data-v-a375c0ac]{width:100%;height:70px}.imgBox img[data-v-a375c0ac]{margin:6%}.el-menu[data-v-a375c0ac]{height:100%;border:0px}[data-v-a375c0ac] .el-menu-item.is-active{color:#fff;background:linear-gradient(to right,#a0c594,#039759)}.hamburger-container[data-v-19bbb3bc]{padding:0 15px;height:100%;display:flex;align-items:center}.hamburger-container .icon[data-v-19bbb3bc]{font-size:24px;cursor:pointer}.more[data-v-093c6483]{background-color:gray;color:#fff}.more .tags-view-item[data-v-093c6483]{display:flex;align-items:center}.main-tabs-view[data-v-c538d1c9]{display:flex;justify-content:space-between;align-items:center;padding-left:10px;padding-right:10px;background:white}.tabs-view[data-v-c538d1c9]{flex:1;overflow:hidden;box-sizing:border-box}[data-v-c538d1c9] .el-tabs{border-top:1px solid #178557}[data-v-c538d1c9] .el-tabs .el-tabs__nav{border:none}[data-v-c538d1c9] .el-tabs .el-tabs__header .el-tabs__item{border:none;color:#ccc}[data-v-c538d1c9] .el-tabs .el-tabs__header .el-tabs__item.is-active{color:#178557;border-bottom:2px solid #178557}.main[data-v-1cd26445]{display:flex;justify-content:space-between;height:70px;box-shadow:#0000001a 0 0 10px;background:white}.linkBox[data-v-1cd26445]{height:100%;display:flex;align-items:center;text-align:center;float:right}.linkBox .el-link[data-v-1cd26445]{margin-right:25px;color:#8c8c8c}.linkBox .el-link[data-v-1cd26445]:hover{color:#30bcd7}.linkBox .el-link span[data-v-1cd26445]{margin-left:8px}.demo-rich-conent-custom img[data-v-1cd26445]{width:55px;margin:0 15px 0 0;border-radius:50px;float:left}.demo-rich-conent-custom p[data-v-1cd26445]{margin:0;white-space:nowrap;overflow:hidden;text-overflow:ellipsis}.tool-left[data-v-1cd26445]{display:flex;align-items:center;height:100%}.el-header[data-v-feca61d6]{--el-header-padding: 0px;--el-header-height: auto;height:111px;background:#F3F3F3}.el-main[data-v-feca61d6]{background:#F3F3F3}.el-container[data-v-feca61d6]{height:100%}.common-layout[data-v-feca61d6]{width:99vw;height:98vh;position:fixed;top:0;bottom:0;left:0;right:0;margin:auto;background-color:#fff;border-radius:15px;overflow:hidden}#ebg[data-v-feca61d6]{width:100%;height:100%;position:fixed;top:0;left:0;padding:10px;background-image:url(/assets/system-bg.0e8f847c.jpg);background-size:cover;background-position:center center;background-repeat:no-repeat}.el-menu-vertical-demo[data-v-feca61d6]:not(.el-menu--collapse){width:200px} 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/Index.92b93f9c.css: -------------------------------------------------------------------------------- 1 | .home[data-v-63f2b023]{width:100%}.top_bg[data-v-63f2b023]{width:100%;height:200px;background-image:url(/assets/banner01.11e9d267.jpg);background-size:cover;background-position:center;background-repeat:no-repeat;color:#fff;line-height:60px;text-align:center;margin:0 auto 10px}.top_bg h1[data-v-63f2b023]{font-size:60px;text-shadow:3px 3px 0px #515151;padding-top:50px}.top_bg p[data-v-63f2b023]{font-weight:lighter;font-size:18px}.data_row .el-col[data-v-63f2b023]{height:100px;margin-bottom:20px;overflow:hidden}.data_row .el-col>div[data-v-63f2b023]{width:100%;height:100%;border-radius:10px;color:#fff}.data_left[data-v-63f2b023]{float:left;width:40%;height:100%;display:inline-flex;justify-content:center;align-items:center;text-align:center}.data_left .el-icon[data-v-63f2b023]{font-size:60px}.data_right[data-v-63f2b023]{width:60%;float:right;margin-top:10px}.data_right h1[data-v-63f2b023]{font-size:35px}.data_right h1 span[data-v-63f2b023]{font-size:1px;margin-left:10px}.data_right p[data-v-63f2b023]{font-size:16px;font-weight:600;margin-left:3px}.data_right p span[data-v-63f2b023]{font-size:14px;margin-left:10px} 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/Login.44562630.js: -------------------------------------------------------------------------------- 1 | import{d as h,r as m,a as w,u as A,o as y,c as E,w as s,b as o,e as l,f as S,g as N,E as b,h as a,_ as B,i as T,p as R,j as q}from"./index.90c38c7f.js";import{l as G}from"./login.b9a54c7f.js";import"./request.2fe64003.js";const $="/assets/side-logo.4f6cfdbd.png",j="/assets/logo2.57506859.png",z=h({__name:"LoginForm",setup(u){const f=N(),_=m(),r=m("password"),i=m(!1),C=w({password:[{required:!0,message:"\u8BF7\u8F93\u5165\u7528\u6237\u540D",trigger:"blur"}],username:[{required:!0,message:"\u8BF7\u8F93\u5165\u5BC6\u7801",trigger:"blur"}]}),n=w({username:"admin",password:"Demo.com@0"}),V=()=>{r.value=r.value==="password"?"":"password"},g=A(),k=d=>{!d||d.validate(async t=>{if(t){i.value=!0;const{data:e}=await G({...n});e.code===200?(g.setToken(e.result.Authorization),g.setUserInfo({username:e.result.username,phone:e.result.phone,email:e.result.email,sex:e.result.sex,avatar:e.result.avatar,createTime:e.result.created_at,role:e.result.role}),await f.push({path:"/index"}),b({title:"\u767B\u5F55\u6210\u529F",message:"\u6B22\u8FCE\u767B\u5F55",type:"success",duration:3e3})):(b({title:"\u6E29\u99A8\u63D0\u793A",message:e.message,type:"error",duration:3e3}),i.value=!1)}else return console.log("error submit!"),i.value=!1,!1})};return(d,t)=>{const e=a("UserFilled"),v=a("el-icon"),F=a("el-input"),p=a("el-form-item"),D=a("GoodsFilled"),I=a("svg-icon"),L=a("el-button"),U=a("el-form");return y(),E(U,{ref_key:"ruleFormRef",ref:_,model:n,rules:C},{default:s(()=>[o(p,{label:"",prop:"username"},{default:s(()=>[o(F,{placeholder:"\u8BF7\u8F93\u5165\u7528\u6237\u540D",autoComplete:"on",style:{position:"relative"},modelValue:n.username,"onUpdate:modelValue":t[0]||(t[0]=c=>n.username=c)},{prefix:s(()=>[o(v,{class:"el-input__icon"},{default:s(()=>[o(e)]),_:1})]),_:1},8,["modelValue"])]),_:1}),o(p,{label:"",prop:"password"},{default:s(()=>[o(F,{placeholder:"\u8BF7\u8F93\u5165\u5BC6\u7801",autoComplete:"on",modelValue:n.password,"onUpdate:modelValue":t[1]||(t[1]=c=>n.password=c),type:r.value},{prefix:s(()=>[o(v,{class:"el-input__icon"},{default:s(()=>[o(D)]),_:1})]),suffix:s(()=>[l("div",{class:"show-pwd",onClick:V},[o(I,{"icon-class":r.value==="password"?"eye":"eye-open"},null,8,["icon-class"])])]),_:1},8,["modelValue","type"])]),_:1}),o(p,{style:{width:"100%"}},{default:s(()=>[o(L,{loading:i.value,class:"login-btn",type:"success",onClick:t[2]||(t[2]=c=>k(_.value))},{default:s(()=>[S("\u767B\u5F55")]),_:1},8,["loading"])]),_:1})]),_:1},8,["model","rules"])}}});const P=B(z,[["__scopeId","data-v-981ce99c"]]),x=u=>(R("data-v-f4e8b67b"),u=u(),q(),u),H={class:"login-container"},J={class:"login-box"},K=x(()=>l("div",{class:"login-left"},[l("img",{src:$})],-1)),M={class:"login-form"},O=x(()=>l("div",{class:"login-title"},[l("img",{class:"icon",src:j}),l("h2",{class:"title"},"\u98DF\u8C31\u83DC\u5355\u7BA1\u7406\u7CFB\u7EDF")],-1)),Q=h({__name:"Login",setup(u){return(f,_)=>(y(),T("div",H,[l("div",J,[K,l("div",M,[O,o(P)])])]))}});const Z=B(Q,[["__scopeId","data-v-f4e8b67b"]]);export{Z as default}; 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/Login.d8543932.css: -------------------------------------------------------------------------------- 1 | .login-btn[data-v-981ce99c]{margin-top:20px;width:100%;height:47px}.show-pwd[data-v-981ce99c]{position:absolute;right:10px;top:7px;font-size:16px;cursor:pointer;user-select:none}[data-v-981ce99c] .svg-icon{vertical-align:0}.login-container[data-v-f4e8b67b]{background-color:#f0f2f5;height:100%;width:100%;overflow:hidden;display:flex;background-image:url(/assets/login_bg.f7a2e6fc.svg);justify-content:center;align-items:center;padding:25px;box-sizing:border-box}.login-box[data-v-f4e8b67b]{position:relative;width:100%;height:100%;background-color:#fffc;border-radius:8px;display:flex;align-items:center;justify-content:center}.login-left[data-v-f4e8b67b]{width:50%}.login-left img[data-v-f4e8b67b]{width:100%;max-width:900px}.login-form[data-v-f4e8b67b]{max-width:480px;width:50%;padding:40px;border-radius:10px;box-shadow:0 2px 12px #0000001a;box-sizing:border-box}.login-title[data-v-f4e8b67b]{display:flex;align-items:center;justify-content:space-around;margin-bottom:30px}.login-title .title[data-v-f4e8b67b]{margin:0;font-size:30px;white-space:nowrap}.login-title .icon[data-v-f4e8b67b]{width:60px}[data-v-f4e8b67b] .el-input__inner{height:40px} 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/RoleList.afd4fae6.css: -------------------------------------------------------------------------------- 1 | .dialong__button--wrap[data-v-eaafdfd5],.dialong__button--wrap[data-v-68b59976]{text-align:center;margin-top:20px}.card-header[data-v-7c4cae32]{display:flex;justify-content:space-between;align-items:center}.card-header h3[data-v-7c4cae32]{display:inline-flex;justify-content:center;align-items:center}[data-v-7c4cae32] .el-card__header{border-bottom:1px solid rgb(238 238 238);color:#178557}.text[data-v-7c4cae32]{font-size:14px}.item[data-v-7c4cae32]{margin-bottom:18px}.el-card[data-v-7c4cae32]{border-radius:0;border:none}[data-v-7c4cae32] .el-pagination.is-background .el-pager li:not(.is-disabled).is-active{background-color:#178557}.el-pagination[data-v-7c4cae32]{margin-top:20px;justify-content:center}.my-header[data-v-7c4cae32]{display:flex;justify-content:flex-start}.my-button[data-v-7c4cae32]{display:flex;justify-content:space-between}[data-v-7c4cae32] .el-loading-spinner .el-loading-text{color:#178557}[data-v-7c4cae32] .el-loading-spinner .path{stroke:#178557} 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/UserList.c8bab107.css: -------------------------------------------------------------------------------- 1 | .dialong__button--wrap[data-v-1f19da1a],.dialong__button--wrap[data-v-ba5d523b]{text-align:center;margin-top:20px}.card-header[data-v-b307ee2c]{display:flex;justify-content:space-between;align-items:center}.card-header h3[data-v-b307ee2c]{display:inline-flex;justify-content:center;align-items:center}[data-v-b307ee2c] .el-card__header{border-bottom:1px solid rgb(238 238 238);color:#178557}.text[data-v-b307ee2c]{font-size:14px}.item[data-v-b307ee2c]{margin-bottom:18px}.el-card[data-v-b307ee2c]{border-radius:0;border:none}[data-v-b307ee2c] .el-pagination.is-background .el-pager li:not(.is-disabled).is-active{background-color:#178557}.el-pagination[data-v-b307ee2c]{margin-top:20px;justify-content:center}.my-header[data-v-b307ee2c]{display:flex;justify-content:flex-start}.my-button[data-v-b307ee2c]{display:flex;justify-content:space-between}[data-v-b307ee2c] .el-loading-spinner .el-loading-text{color:#178557}[data-v-b307ee2c] .el-loading-spinner .path{stroke:#178557} 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/banner01.11e9d267.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/assets/banner01.11e9d267.jpg -------------------------------------------------------------------------------- /Vue_Web/dist/assets/date.0d8a53f8.js: -------------------------------------------------------------------------------- 1 | function r(n,e){if(n){const t=new Date(n),a={"M+":t.getMonth()+1,"d+":t.getDate(),"H+":t.getHours(),"m+":t.getMinutes(),"s+":t.getSeconds(),"q+":Math.floor((t.getMonth()+3)/3),S:t.getMilliseconds()};/(y+)/.test(e)&&(e=e.replace(RegExp.$1,(t.getFullYear()+"").substr(4-RegExp.$1.length)));for(const o in a)new RegExp("("+o+")").test(e)&&(e=e.replace(RegExp.$1,RegExp.$1.length===1?a[o]:("00"+a[o]).substr((""+a[o]).length)));return e}else return""}function s(n){if(n){let e=Math.floor(new Date().getTime()/1e3)-new Date(n).getTime()/1e3;return Math.floor(e/(24*3600))}else return""}export{s as c,r as f}; 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/default_avatar.70f3a2e7.js: -------------------------------------------------------------------------------- 1 | const a="/assets/default_avatar.efdb4304.png";export{a as _}; 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/default_avatar.efdb4304.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/assets/default_avatar.efdb4304.png -------------------------------------------------------------------------------- /Vue_Web/dist/assets/default_food.31d19335.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/assets/default_food.31d19335.png -------------------------------------------------------------------------------- /Vue_Web/dist/assets/login.b9a54c7f.js: -------------------------------------------------------------------------------- 1 | import{s as o}from"./request.2fe64003.js";function n(t){return o({url:"auth/login",method:"post",data:t})}function r(){return o({url:"loginOut"})}export{r as a,n as l}; 2 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/login_bg.f7a2e6fc.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /Vue_Web/dist/assets/logo2.57506859.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/assets/logo2.57506859.png -------------------------------------------------------------------------------- /Vue_Web/dist/assets/side-logo.4f6cfdbd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/assets/side-logo.4f6cfdbd.png -------------------------------------------------------------------------------- /Vue_Web/dist/assets/system-bg.0e8f847c.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/assets/system-bg.0e8f847c.jpg -------------------------------------------------------------------------------- /Vue_Web/dist/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/dist/favicon.ico -------------------------------------------------------------------------------- /Vue_Web/dist/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 食谱菜单管理系统(漏洞靶场) 8 | 9 | 10 | 11 | 12 |
13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /Vue_Web/dist/vite.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Vue_Web/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 食谱菜单管理系统(漏洞靶场) 8 | 9 | 10 |
11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /Vue_Web/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "vue_web", 3 | "private": true, 4 | "version": "0.0.0", 5 | "type": "module", 6 | "scripts": { 7 | "dev": "vite --host 0.0.0.0", 8 | "build": "vite build --mode production", 9 | "preview": "vite preview" 10 | }, 11 | "dependencies": { 12 | "@kangc/v-md-editor": "^2.3.18", 13 | "@wangeditor/editor": "^5.1.23", 14 | "@wangeditor/editor-for-vue": "^5.1.12", 15 | "axios": "^1.2.0", 16 | "crypto-js": "^4.2.0", 17 | "element-plus": "^2.2.25", 18 | "exceljs": "^4.3.0", 19 | "jsencrypt": "^3.3.2", 20 | "jsonwebtoken": "^9.0.2", 21 | "nprogress": "^0.2.0", 22 | "pdfjs-dist": "^4.6.82", 23 | "pinia": "^2.0.27", 24 | "pinia-plugin-persistedstate": "^3.0.1", 25 | "vue": "^3.2.41", 26 | "vue-router": "^4.1.6" 27 | }, 28 | "devDependencies": { 29 | "@types/crypto-js": "^4.2.2", 30 | "@vitejs/plugin-vue": "^3.2.0", 31 | "echarts": "^5.4.1", 32 | "fast-glob": "^3.2.12", 33 | "sass": "^1.78.0", 34 | "typescript": "^4.6.4", 35 | "vite": "^3.2.3", 36 | "vite-plugin-svg-icons": "^2.0.1", 37 | "vue-tsc": "^1.0.9" 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /Vue_Web/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/public/favicon.ico -------------------------------------------------------------------------------- /Vue_Web/public/vite.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Vue_Web/src/App.vue: -------------------------------------------------------------------------------- 1 | 3 | 4 | 7 | 8 | 11 | -------------------------------------------------------------------------------- /Vue_Web/src/api/food/food.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | // 获取食物菜单信息 3 | export function getFoodListApi(data:object) { 4 | return request({ 5 | url: 'food/get', 6 | method: 'get', 7 | params: data 8 | }) 9 | } 10 | // 添加食物菜单信息 11 | export function addFoodApi(data:object) { 12 | return request({ 13 | url: 'food/add', 14 | method: 'post', 15 | data 16 | }) 17 | } 18 | 19 | // 根据ID获取食物菜单信息 20 | export function getFoodApi(id:number) { 21 | return request({ 22 | url: `food/detail?id=${id}`, 23 | method: 'get' 24 | }) 25 | } 26 | // 更新食物菜单信息 27 | export function editFoodApi(data:object) { 28 | return request({ 29 | url: 'food/update', 30 | method: 'put', 31 | data 32 | }) 33 | } 34 | // 根据ID删除食物菜单信息 35 | export function deleteFoodApi(id:number) { 36 | return request({ 37 | url: `food/delete/${id}`, 38 | method: 'delete' 39 | }) 40 | } 41 | // 更新食物icon 42 | export function upfoodicon(data:object) { 43 | return request({ 44 | url: 'food/upfoodicon', 45 | method: 'post', 46 | data 47 | }) 48 | } 49 | // 更新食物视频 50 | export function upfoodvideo(data:object) { 51 | return request({ 52 | url: 'food/upfoodvideo', 53 | method: 'post', 54 | data 55 | }) 56 | } -------------------------------------------------------------------------------- /Vue_Web/src/api/home/home.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | export function getIndexTotalApi() { 3 | return request({ 4 | url: 'home/get', 5 | method: 'get' 6 | }) 7 | } 8 | // 获取名言金句 9 | export function getSentenceApi(Url:string) { 10 | return request({ 11 | url: 'home/getsentence?url='+Url, 12 | method: 'get' 13 | }) 14 | } -------------------------------------------------------------------------------- /Vue_Web/src/api/login/login.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | export function loginApi(data:object) { 3 | return request({ 4 | url: 'auth/login', 5 | method: 'post', 6 | data 7 | }) 8 | } 9 | 10 | // 退出系统 11 | export function loginOutApi() { 12 | return request({ 13 | url: 'auth/loginout' 14 | }) 15 | } 16 | -------------------------------------------------------------------------------- /Vue_Web/src/api/order/order.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | // 获取订单列表数据 3 | export function getOrderListApi(data:object) { 4 | return request({ 5 | url: 'order/get', 6 | method: 'get', 7 | params: data 8 | }) 9 | } 10 | 11 | // 添加订单信息 12 | export function addOrderApi(data:object) { 13 | return request({ 14 | url: 'order/add', 15 | method: 'post', 16 | data 17 | }) 18 | } 19 | 20 | // 根据ID获取订单信息 21 | export function getOrderApi(id:number) { 22 | return request({ 23 | url: `order/detail?id=${id}`, 24 | method: 'get' 25 | }) 26 | } 27 | // 更新订单信息 28 | export function editOrderApi(data:object) { 29 | return request({ 30 | url: 'order/update', 31 | method: 'put', 32 | data 33 | }) 34 | } 35 | // 根据ID删除订单信息 36 | export function deleteOrderApi(id:number) { 37 | return request({ 38 | url: `order/delete/${id}`, 39 | method: 'delete' 40 | }) 41 | } 42 | 43 | // 获取所有菜品列表 44 | export function getAllFoodListApi() { 45 | return request({ 46 | url: 'food/get', 47 | method: 'get' 48 | }) 49 | } -------------------------------------------------------------------------------- /Vue_Web/src/api/request.ts: -------------------------------------------------------------------------------- 1 | import axios from 'axios' 2 | import { useUserStore } from '../store/modules/user' 3 | const service = axios.create({ 4 | baseURL: import.meta.env.VITE_APP_BASE_API, 5 | timeout: 3000000, 6 | // 跨域时候允许携带凭证 7 | // withCredentials: true 8 | }) 9 | 10 | // 在实例上设置请求拦截器 11 | service.interceptors.request.use( 12 | function(config:any) { 13 | // 在这里可以在发送请求之前做一些事情,比如设置token 14 | const { token } = useUserStore() 15 | if (token) { 16 | config.headers["Authorization"] = token; 17 | } 18 | return config; 19 | }, 20 | error => { 21 | // 请求错误处理 22 | return Promise.reject(error); 23 | } 24 | ); 25 | export default service 26 | -------------------------------------------------------------------------------- /Vue_Web/src/api/role/role.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | // 获取角色列表数据 3 | export function getRoleListApi(data:object) { 4 | return request({ 5 | url: 'role/get', 6 | method: 'get', 7 | params: data 8 | }) 9 | } 10 | 11 | // 添加角色信息 12 | export function addRoleApi(data:object) { 13 | return request({ 14 | url: 'role/add', 15 | method: 'post', 16 | data 17 | }) 18 | } 19 | 20 | // 根据ID获取角色信息 21 | export function getRoleApi(id:number) { 22 | return request({ 23 | url: `role/detail?id=${id}`, 24 | method: 'get' 25 | }) 26 | } 27 | // 更新角色信息 28 | export function editRoleApi(data:object) { 29 | return request({ 30 | url: 'role/update', 31 | method: 'put', 32 | data 33 | }) 34 | } 35 | // 根据ID删除角色信息 36 | export function deleteRoleApi(id:number) { 37 | return request({ 38 | url: `role/delete/${id}`, 39 | method: 'delete' 40 | }) 41 | } 42 | -------------------------------------------------------------------------------- /Vue_Web/src/api/settings/settings.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | 3 | // ping地址 4 | export function pingAddApi(data:string) { 5 | return request({ 6 | url: 'settings/ping', 7 | method: 'post', 8 | data: "addre="+data 9 | }) 10 | } 11 | // 备份数据库 12 | export function backupsDbApi() { 13 | return request({ 14 | url: 'settings/backupsdb', 15 | method: 'get', 16 | }) 17 | } 18 | // 获取备份数据库 19 | export function getBackupsDbApi(path:string) { 20 | return request({ 21 | url: 'settings/getdb', 22 | method: 'post', 23 | data: "dir="+path 24 | }) 25 | } 26 | // 下载备份数据库 27 | export function downBackupsDbApi(data:string) { 28 | return request({ 29 | url: 'settings/downdb', 30 | method: 'post', 31 | data: "dbfile="+data, 32 | responseType: 'blob' 33 | }).then(res=>{ 34 | // 下载资料的文件名 35 | let fileName = res.config.data.split('=')[1] 36 | let link = document.createElement('a'); 37 | link.download = fileName; 38 | link.href = URL.createObjectURL(res.data); 39 | link.target = '_blank'; 40 | link.style.display = 'none'; 41 | document.body.appendChild(link); 42 | link.click(); 43 | URL.revokeObjectURL(link.href); 44 | document.body.removeChild(link); 45 | } 46 | ) 47 | } 48 | // 删除备份数据库 49 | export function deleteBackupsDbApi(data:string) { 50 | return request({ 51 | url: 'settings/deletedb', 52 | method: 'post', 53 | data: "dbfile="+data 54 | }) 55 | } -------------------------------------------------------------------------------- /Vue_Web/src/api/user/user.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | 3 | // 获取用户列表数据 4 | export function getUserListApi(data:object) { 5 | return request({ 6 | url: 'user/get', 7 | method: 'get', 8 | params: data 9 | }) 10 | } 11 | // 添加用户信息 12 | export function addUserApi(data:object) { 13 | return request({ 14 | url: 'user/add', 15 | method: 'post', 16 | data 17 | }) 18 | } 19 | // 根据ID获取用户详情信息 20 | export function getUserApi(id:number){ 21 | return request({ 22 | url: `user/detail?id=${id}`, 23 | method: 'get' 24 | }) 25 | } 26 | // 更新用户信息 27 | export function editUserApi(data:object) { 28 | return request({ 29 | url: 'user/update', 30 | method: 'put', 31 | data 32 | }) 33 | } 34 | // 根据ID删除用户信息 35 | export function deleteUserApi(id:number) { 36 | return request({ 37 | url: `user/delete/${id}`, 38 | method: 'delete' 39 | }) 40 | } 41 | // 获取所有角色列表 42 | export function getAllRoleListApi() { 43 | return request({ 44 | url: 'role/get', 45 | method: 'get' 46 | }) 47 | } 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /Vue_Web/src/api/usersettings/usersettings.ts: -------------------------------------------------------------------------------- 1 | import request from '../request' 2 | 3 | // 更新个人信息 4 | export function updateInfoApi(data:object) { 5 | return request({ 6 | url: 'home/updateInfo', 7 | method: 'put', 8 | data 9 | }) 10 | } 11 | // 更改个人密码 12 | export function updatePwdApi(data:object) { 13 | return request({ 14 | url: 'home/updatePwd', 15 | method: 'put', 16 | data 17 | }) 18 | } 19 | // 更新头像 20 | export function upuseravatar(data:object) { 21 | return request({ 22 | url: 'home/upuseravatar', 23 | method: 'post', 24 | data 25 | }) 26 | } 27 | 28 | -------------------------------------------------------------------------------- /Vue_Web/src/assets/404_images/404.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/404_images/404.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/404_images/404_bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/404_images/404_bg.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/404_images/404_cloud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/404_images/404_cloud.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/banner01.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/banner01.jpg -------------------------------------------------------------------------------- /Vue_Web/src/assets/default_avatar.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/default_avatar.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/default_food.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/default_food.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/login/login_bg.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | -------------------------------------------------------------------------------- /Vue_Web/src/assets/login/side-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/login/side-logo.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/logo.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/logo2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/logo2.png -------------------------------------------------------------------------------- /Vue_Web/src/assets/system-bg.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/A7cc/Vulnerabilities_Server/e8b0bb4dcc5cde13a9c6cafa19a732e19b0b2071/Vue_Web/src/assets/system-bg.jpg -------------------------------------------------------------------------------- /Vue_Web/src/components/SvgIcon/index.vue: -------------------------------------------------------------------------------- 1 | 6 | 7 | 26 | 27 | 36 | -------------------------------------------------------------------------------- /Vue_Web/src/config/nprogress.ts: -------------------------------------------------------------------------------- 1 | import NProgress from 'nprogress' 2 | import "nprogress/nprogress.css" 3 | 4 | NProgress.configure({ 5 | easing: "ease", // 动画方式 6 | speed: 500, // 递增进度条的速度 7 | showSpinner: false, // 是否显示加载ico 8 | trickleSpeed: 200, // 自动递增间隔 9 | minimum: 0.3 // 初始化时的最小百分比 10 | }) 11 | export default NProgress 12 | -------------------------------------------------------------------------------- /Vue_Web/src/icons/svg/eye-open.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Vue_Web/src/icons/svg/eye.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Vue_Web/src/main.ts: -------------------------------------------------------------------------------- 1 | import { createApp } from 'vue' 2 | import './style.css' 3 | import App from './App.vue' 4 | import router from './router/index' 5 | import pinia from "./store" 6 | import ElementPlus from 'element-plus' 7 | import 'element-plus/dist/index.css' 8 | import zhCn from 'element-plus/dist/locale/zh-cn.mjs' 9 | // svg-icons注册导入 10 | import 'virtual:svg-icons-register' 11 | import SvgIcon from './components/SvgIcon/index.vue' 12 | // 导入所有ElementPlus图标 13 | import * as ElementPlusIconsVue from '@element-plus/icons-vue' 14 | const app = createApp(App) 15 | app.use(router) 16 | app.use(pinia) 17 | 18 | // 将所有图标进行全局注册 19 | for (const [key, component] of Object.entries(ElementPlusIconsVue)) { 20 | app.component(key, component) 21 | } 22 | 23 | 24 | 25 | app.component('svg-icon',SvgIcon) 26 | app.use(ElementPlus, { 27 | locale: zhCn, 28 | }) 29 | app.mount('#app') 30 | -------------------------------------------------------------------------------- /Vue_Web/src/store/index.ts: -------------------------------------------------------------------------------- 1 | import { createPinia } from 'pinia' 2 | import piniaPluginPersistedstate from "pinia-plugin-persistedstate"; 3 | const pinia = createPinia() 4 | pinia.use(piniaPluginPersistedstate) 5 | export default pinia 6 | -------------------------------------------------------------------------------- /Vue_Web/src/store/modules/menu.ts: -------------------------------------------------------------------------------- 1 | import {defineStore} from 'pinia' 2 | import {asyncRoutes, staticRouter} from "../../router"; 3 | export const useMenuStore = defineStore({ 4 | // id: 必须的,在所有 Store 中唯一 5 | id:'menuState', 6 | // state: 返回对象的函数 7 | state: ()=>({ 8 | // menu 静态路由 9 | routers:[], 10 | // 动态路由 11 | addRouters: [], 12 | // 用户角色 13 | roles: [] 14 | }), 15 | getters: {}, 16 | actions: { 17 | // 设置角色 18 | generateRoutes: function ({roles}: { roles: any }) { 19 | let accessedRoutes = filterAsyncRoutes({routes: asyncRoutes, roles: roles}) 20 | this.addRouters = accessedRoutes 21 | this.routers = staticRouter.concat(accessedRoutes) 22 | return accessedRoutes 23 | }, 24 | // 动态生成访问路由 25 | setRoles({roles}: { roles: any }) { 26 | this.roles = roles 27 | } 28 | } 29 | }) 30 | // 通过递归过滤asyncRoutes 31 | export function filterAsyncRoutes ({routes, roles}: { routes: any, roles: any }) { 32 | const res = [] 33 | routes.forEach(route => { 34 | const tmp = { ...route } 35 | if (hasPermission(roles, tmp)) { 36 | if (tmp.children) { 37 | tmp.children = filterAsyncRoutes({routes: tmp.children, roles: roles}) 38 | } 39 | res.push(tmp) 40 | } 41 | }) 42 | return res 43 | } 44 | function hasPermission (roles, route) { 45 | if (route.meta && route.meta.role) { 46 | // some() 方法用于检测数组中的元素是否满足指定条件(函数提供) 47 | return roles.some(role => route.meta.role.indexOf(role) >= 0) 48 | } else { 49 | return true 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /Vue_Web/src/store/modules/setting.ts: -------------------------------------------------------------------------------- 1 | import {defineStore} from 'pinia' 2 | export const useSettingStore = defineStore({ 3 | // id: 必须的,在所有 Store 中唯一 4 | id:'settingState', 5 | // state: 返回对象的函数 6 | state: ()=>({ 7 | // menu 是否收缩 8 | isCollapse:true, 9 | // tagsView 是否展示 默认展示 10 | showTag:true, 11 | }), 12 | getters: {}, 13 | actions:{ 14 | // 切换 Collapse 15 | setCollapse(value: boolean){ 16 | this.isCollapse = value 17 | } 18 | } 19 | }) 20 | -------------------------------------------------------------------------------- /Vue_Web/src/store/modules/tagsView.ts: -------------------------------------------------------------------------------- 1 | import {defineStore} from 'pinia' 2 | import router from "../../router" 3 | export const useTagsViewStore = defineStore({ 4 | // id: 必须的,在所有 Store 中唯一 5 | id:'tagsViewState', 6 | // state: 返回对象的函数 7 | state: ()=>({ 8 | activeTabsValue:'', 9 | visitedViews:[{path: '/home',name: 'home',meta:{title: '首页',affix: true},title: '首页'}], 10 | cachedViews:[], 11 | 12 | }), 13 | getters: {}, 14 | // 可以同步 也可以异步 15 | actions:{ 16 | setTabsMenuValue(val: string){ 17 | this.activeTabsValue = val 18 | }, 19 | addView(view: any){ 20 | this.addVisitedView(view) 21 | }, 22 | removeView(routes: string | any[]){ 23 | return new Promise((resolve, reject) => { 24 | this.visitedViews = this.visitedViews.filter(item=>!routes.includes(item.path)) 25 | resolve(null) 26 | }) 27 | }, 28 | addVisitedView(view: never){ 29 | this.setTabsMenuValue(view.path); 30 | if (this.visitedViews.some(v => v.path === view.path)) return 31 | 32 | this.visitedViews.push( 33 | Object.assign({}, view, { 34 | title: view.meta.title || 'no-name' 35 | }) 36 | ) 37 | if (view.meta.keepAlive) { 38 | this.cachedViews.push(view.name) 39 | } 40 | 41 | }, 42 | delView(activeTabPath){ 43 | return new Promise(resolve => { 44 | this.delVisitedView(activeTabPath) 45 | this.delCachedView(activeTabPath) 46 | resolve({ 47 | visitedViews: [...this.visitedViews], 48 | cachedViews: [...this.cachedViews] 49 | }) 50 | }) 51 | 52 | }, 53 | toLastView(activeTabPath){ 54 | let index = this.visitedViews.findIndex(item=>item.path===activeTabPath) 55 | const nextTab = this.visitedViews[index + 1] || this.visitedViews[index - 1]; 56 | if (!nextTab) return; 57 | router.push(nextTab.path); 58 | this.addVisitedView(nextTab) 59 | }, 60 | delVisitedView(path){ 61 | return new Promise(resolve => { 62 | this.visitedViews = this.visitedViews.filter(v=>{ 63 | return (v.path !== path||v.meta.affix) 64 | }) 65 | this.cachedViews = this.cachedViews.filter(v=>{ 66 | return (v.path !== path||v.meta.affix) 67 | }) 68 | resolve([...this.visitedViews]) 69 | }) 70 | 71 | }, 72 | delCachedView(view){ 73 | return new Promise(resolve => { 74 | const index = this.cachedViews.indexOf(view.name) 75 | index > -1 && this.cachedViews.splice(index, 1) 76 | resolve([...this.cachedViews]) 77 | }) 78 | 79 | }, 80 | clearVisitedView(){ 81 | this.delAllViews() 82 | }, 83 | delAllViews(){ 84 | return new Promise((resolve) => { 85 | this.visitedViews = this.visitedViews.filter(v=>v.meta.affix) 86 | this.cachedViews = this.visitedViews.filter(v=>v.meta.affix) 87 | resolve([...this.visitedViews]) 88 | }) 89 | }, 90 | delOtherViews(path){ 91 | this.visitedViews = this.visitedViews.filter(item => { 92 | return item.path === path || item.meta.affix; 93 | }); 94 | this.cachedViews = this.visitedViews.filter(item => { 95 | return item.path === path || item.meta.affix; 96 | }); 97 | }, 98 | goHome() { 99 | this.activeTabsValue = '/home'; 100 | router.push({path: '/home'}); 101 | }, 102 | updateVisitedView(view){ 103 | for (let v of this.visitedViews) { 104 | if (v.path === view.path) { 105 | v = Object.assign(v, view) 106 | break 107 | } 108 | } 109 | } 110 | }, 111 | 112 | }) 113 | -------------------------------------------------------------------------------- /Vue_Web/src/store/modules/user.ts: -------------------------------------------------------------------------------- 1 | import {defineStore} from 'pinia' 2 | export const useUserStore = defineStore({ 3 | // id: 必须的,在所有 Store 中唯一 4 | id:'userStore', 5 | // state: 返回对象的函数 6 | state: ()=>{ 7 | return { 8 | // 登录token 9 | token: '', 10 | // 登录用户信息 11 | userInfo:{}, 12 | // 角色 13 | role: 0, 14 | } 15 | }, 16 | getters: {}, 17 | // 可以同步 也可以异步 18 | actions:{ 19 | // 设置登录token 20 | setToken(token:string){ 21 | this.token = token; 22 | }, 23 | // 设置登录用户信息 24 | setUserInfo(userInfo:any){ 25 | this.userInfo = userInfo 26 | }, 27 | // 设置登录用户角色 28 | setRoleInfo(role:any){ 29 | this.role = role 30 | } 31 | }, 32 | persist: true 33 | }) 34 | -------------------------------------------------------------------------------- /Vue_Web/src/style.css: -------------------------------------------------------------------------------- 1 | /* 清楚默认内间距、外间距 */ 2 | * { 3 | /* 内间距 */ 4 | padding: 0; 5 | /* 外间距 */ 6 | margin: 0; 7 | } 8 | 9 | body, 10 | html { 11 | /* 默认页面所有字体为微软雅黑 */ 12 | font-family: "微软雅黑"; 13 | } 14 | 15 | /* 清楚a标签的下划线 */ 16 | a { 17 | color: #666; 18 | text-decoration: none; 19 | } 20 | 21 | a:hover { 22 | color: #2fa7b9; 23 | } 24 | 25 | /* 滚动条样式 */ 26 | ::-webkit-scrollbar-thumb { 27 | border-radius: 50px; 28 | background: linear-gradient(to bottom, #35ac5d, #65ce6d); 29 | } 30 | 31 | ::-webkit-scrollbar { 32 | width: 8px; 33 | height: 8px; 34 | } 35 | 36 | #nprogress .bar { 37 | background: #178557 !important; 38 | } 39 | -------------------------------------------------------------------------------- /Vue_Web/src/utils/date.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * @param {date} time 需要转换的时间 3 | * @param {String} fmt 需要转换的格式 如 yyyy-MM-dd、yyyy-MM-dd HH:mm:ss 4 | */ 5 | export function formatTime(time: any, fmt: string) { 6 | if (!time) return '' 7 | else { 8 | const date = new Date(time) 9 | const o = { 10 | 'M+': date.getMonth() + 1,//getMonth() 返回值是0(一月)到11(十二月)之间的一个整数 11 | 'd+': date.getDate(), // getDate() 返回值是1~31之间的一个整数 12 | 'H+': date.getHours(),// 小时,返回 Date 对象的小时 (0 ~ 23)。 13 | 'm+': date.getMinutes(),// 分钟,返回 Date 对象的分钟 (0 ~ 59)。 14 | 's+': date.getSeconds(), // 秒,返回 Date 对象的秒数 (0 ~ 59)。 15 | 'q+': Math.floor((date.getMonth() + 3) / 3),// 季度 16 | 'S': date.getMilliseconds() // 毫秒,返回 Date 对象的毫秒(0 ~ 999)。 17 | } 18 | // 处理年份 19 | // RegExp.$1指的是与正则表达式匹配的第一个 子匹配(以括号为标志)字符串 20 | // getFullYear() 返回一个表示年份的4位数字 21 | // 输出的结果如:2022-MM-dd 22 | if (/(y+)/.test(fmt)) fmt = fmt.replace(RegExp.$1, (date.getFullYear() + '').substr(4 - RegExp.$1.length)) 23 | 24 | // 遍历o对象 25 | for (const k in o) { 26 | if (new RegExp('(' + k + ')').test(fmt)) { 27 | fmt = fmt.replace(RegExp.$1, (RegExp.$1.length === 1) ? (o[k]) : (( 28 | '00' + o[k]).substr(('' + o[k]).length))) 29 | } 30 | } 31 | return fmt 32 | } 33 | } 34 | 35 | /** 36 | * 计算天数 37 | * @param time 38 | */ 39 | export function calculateDays(time:any) { 40 | if (!time) return '' 41 | else { 42 | let day = Math.floor(new Date().getTime() / 1000) - (new Date(time) 43 | .getTime() / 44 | 1000), 45 | day2 = Math.floor(day / (24 * 3600)); 46 | return day2 47 | } 48 | 49 | } 50 | 51 | -------------------------------------------------------------------------------- /Vue_Web/src/utils/exprotExcel.ts: -------------------------------------------------------------------------------- 1 | import ExcelJS from 'exceljs' 2 | 3 | export const autoWidthAction = (val,width=10)=> { 4 | if(val==null){ 5 | width = 10 6 | }else if(val.toString().charCodeAt(0)>255){ 7 | /*if chinese*/ 8 | width = val.toString().length * 2; 9 | }else { 10 | width = val.toString().length; 11 | } 12 | 13 | } 14 | 15 | // 导出普通Excel 16 | export const exportExcel = async ({column,data,filename,autoWidth,format})=>{ 17 | console.log('data----------:',data) 18 | // 创建excel工作簿 19 | const workbook = new ExcelJS.Workbook() 20 | // 设置工作簿属性 21 | workbook.creator = 'Me' 22 | workbook.title = filename 23 | workbook.created = new Date() 24 | workbook.modified = new Date() 25 | // 添加工作表 26 | const worksheet = workbook.addWorksheet(filename) 27 | // 设置列名 28 | const columnsName = [] 29 | console.log('column----------:',column) 30 | for (let item in column) { 31 | console.log('item----------:',item) 32 | } 33 | column.forEach((item,index)=>{ 34 | const obj = { 35 | header: item.label, 36 | key: item.name, 37 | width:null 38 | } 39 | if(autoWidth){ 40 | const maxArr = [autoWidthAction(item.label)] 41 | data.forEach(ite=> { 42 | const str = ite[item.name] || '' 43 | if(str){ 44 | maxArr.push(autoWidthAction(str)) 45 | } 46 | }) 47 | obj.width = Math.max(...maxArr)+5 48 | } 49 | // 设置列名、键和宽度 50 | columnsName.push(obj) 51 | }) 52 | worksheet.columns = columnsName 53 | // 添加行 54 | worksheet.addRows(data) 55 | // 写入文件 56 | const uint8Array = 57 | format === "xlsx" 58 | ? await workbook.xlsx.writeBuffer() 59 | : await workbook.csv.writeBuffer() 60 | const blob = new Blob([uint8Array],{type: 'application/octet-binary'}) 61 | // 判断是否允许用户在客户端上保存文件 62 | if(window.navigator.msSaveOrOpenBlob){ 63 | // msSaveOrOpenBlob方法返回boolean值 64 | navigator.msSaveBlob(blob, filename + `.${format}`); 65 | // 本地保存 66 | }else { 67 | const link = document.createElement("a"); // a标签下载 68 | link.href = window.URL.createObjectURL(blob); // href属性指定下载链接 69 | link.download = filename + `.${format}`; // dowload属性指定文件名 70 | link.click(); // click()事件触发下载 71 | window.URL.revokeObjectURL(link.href); // 释放内存 72 | } 73 | } 74 | -------------------------------------------------------------------------------- /Vue_Web/src/views/foods/components/LookProcedure.vue: -------------------------------------------------------------------------------- 1 | 9 | 20 | 26 | -------------------------------------------------------------------------------- /Vue_Web/src/views/foods/components/LookVideo.vue: -------------------------------------------------------------------------------- 1 | 12 | 13 | 35 | 36 | -------------------------------------------------------------------------------- /Vue_Web/src/views/foods/components/TextEditor.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 69 | -------------------------------------------------------------------------------- /Vue_Web/src/views/layout/Index.vue: -------------------------------------------------------------------------------- 1 | 25 | 26 | 36 | 37 | 82 | -------------------------------------------------------------------------------- /Vue_Web/src/views/layout/aside/Index.vue: -------------------------------------------------------------------------------- 1 | 42 | 43 | 58 | 59 | 80 | -------------------------------------------------------------------------------- /Vue_Web/src/views/layout/header/CollapseIcon.vue: -------------------------------------------------------------------------------- 1 | 7 | 8 | 17 | 18 | 30 | -------------------------------------------------------------------------------- /Vue_Web/src/views/layout/header/Hamburger.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 33 | 34 | 37 | -------------------------------------------------------------------------------- /Vue_Web/src/views/layout/tags/Index.vue: -------------------------------------------------------------------------------- 1 | 32 | 33 | 93 | 94 | 124 | -------------------------------------------------------------------------------- /Vue_Web/src/views/layout/tags/components/MoreButton.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 43 | 44 | 55 | -------------------------------------------------------------------------------- /Vue_Web/src/views/login/Login.vue: -------------------------------------------------------------------------------- 1 | 25 | 26 | 29 | 30 | 92 | -------------------------------------------------------------------------------- /Vue_Web/src/views/login/components/SIdentify.vue: -------------------------------------------------------------------------------- 1 | 6 | 7 | 139 | -------------------------------------------------------------------------------- /Vue_Web/src/views/order/components/AddOrder.vue: -------------------------------------------------------------------------------- 1 | 34 | 35 | 88 | 89 | 95 | -------------------------------------------------------------------------------- /Vue_Web/src/views/role/components/AddRole.vue: -------------------------------------------------------------------------------- 1 | 32 | 33 | 76 | 77 | 83 | -------------------------------------------------------------------------------- /Vue_Web/src/views/role/components/EditRole.vue: -------------------------------------------------------------------------------- 1 | 32 | 33 | 83 | 84 | 90 | -------------------------------------------------------------------------------- /Vue_Web/src/views/settings/components/PingAdder.vue: -------------------------------------------------------------------------------- 1 | 32 | 33 | 82 | 83 | 86 | -------------------------------------------------------------------------------- /Vue_Web/src/views/usersettings/components/UpdatePwd.vue: -------------------------------------------------------------------------------- 1 | 28 | 29 | 84 | 85 | -------------------------------------------------------------------------------- /Vue_Web/src/views/usersettings/components/UserInfo.vue: -------------------------------------------------------------------------------- 1 | 41 | 42 | 52 | 53 | 90 | -------------------------------------------------------------------------------- /Vue_Web/src/vite-env.d.ts: -------------------------------------------------------------------------------- 1 | /// 2 | 3 | declare module '*.vue' { 4 | import type { DefineComponent } from 'vue' 5 | const component: DefineComponent<{}, {}, any> 6 | export default component 7 | } 8 | -------------------------------------------------------------------------------- /Vue_Web/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "ESNext", 4 | "useDefineForClassFields": true, 5 | "module": "ESNext", 6 | "moduleResolution": "Node", 7 | "strict": true, 8 | "jsx": "preserve", 9 | "resolveJsonModule": true, 10 | "isolatedModules": true, 11 | "esModuleInterop": true, 12 | "lib": ["ESNext", "DOM"], 13 | "skipLibCheck": true, 14 | "noEmit": true 15 | }, 16 | "include": ["src/**/*.ts", "src/**/*.d.ts", "src/**/*.tsx", "src/**/*.vue"], 17 | "references": [{ "path": "./tsconfig.node.json" }] 18 | } 19 | -------------------------------------------------------------------------------- /Vue_Web/tsconfig.node.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "composite": true, 4 | "module": "ESNext", 5 | "moduleResolution": "Node", 6 | "allowSyntheticDefaultImports": true 7 | }, 8 | "include": ["vite.config.ts"] 9 | } 10 | -------------------------------------------------------------------------------- /Vue_Web/vite.config.ts: -------------------------------------------------------------------------------- 1 | import { defineConfig } from 'vite' 2 | import vue from '@vitejs/plugin-vue' 3 | import { createSvgIconsPlugin } from 'vite-plugin-svg-icons' 4 | import path from 'path' 5 | function resolve (dir) { 6 | return path.join(__dirname, '.', dir) 7 | } 8 | // https://vitejs.dev/config/ 9 | export default defineConfig({ 10 | envDir: "./viteenv",//这里使用相对路径,绝对路径其实也可以 11 | plugins: [vue(), 12 | // * 使用 svg 图标 13 | createSvgIconsPlugin({ 14 | // 指定需要缓存的图标文件夹 15 | iconDirs: [path.resolve(process.cwd(), 'src/icons/svg')], 16 | // 指定symbolId格式 17 | symbolId: 'icon-[dir]-[name]', 18 | }) 19 | ] 20 | }) 21 | -------------------------------------------------------------------------------- /Vue_Web/viteenv/.env.development: -------------------------------------------------------------------------------- 1 | # .env.develop 开发环境参数值 2 | VITE_APP_BASE_API = 'http://localhost:8081/' 3 | -------------------------------------------------------------------------------- /Vue_Web/viteenv/.env.production: -------------------------------------------------------------------------------- 1 | # .env.production 生成环境 2 | # 线上环境接口地址 3 | VITE_APP_BASE_API = 'http://localhost:8081/' 4 | --------------------------------------------------------------------------------