v0.1测试

2026-04-07 17:07:13 +08:00
parent 593973f598
commit 6b1b586fe3
80 changed files with 9073 additions and 32 deletions
--- a/backend/middleware/sanitize.py
+++ b/backend/middleware/sanitize.py
@@ -0,0 +1,121 @@
+# ===========================================
+# 班级操行分管理系统 - 后端服务
+# 
+# 开发者: Canglan
+# 联系方式: admin@sea-studio.top
+# 版权归属: Sea Network Technology Studio
+# 许可证: MIT License
+# 
+# 版权所有 © Sea Network Technology Studio
+# ===========================================
+
+from fastapi import Request
+from starlette.middleware.base import BaseHTTPMiddleware
+from typing import Dict, Any
+import re
+
+
+class SanitizeMiddleware(BaseHTTPMiddleware):
+    """输入过滤中间件"""
+    
+    async def dispatch(self, request: Request, call_next):
+        # 只处理POST、PUT、PATCH请求
+        if request.method in ["POST", "PUT", "PATCH"]:
+            # 获取请求体
+            body = await request.body()
+            if body:
+                import json
+                try:
+                    data = json.loads(body)
+                    # 清理数据
+                    cleaned_data = self._sanitize_data(data)
+                    # 替换请求体
+                    request._body = json.dumps(cleaned_data).encode()
+                except:
+                    pass
+        
+        response = await call_next(request)
+        return response
+    
+    def _sanitize_data(self, data: Any) -> Any:
+        """递归清理数据"""
+        if isinstance(data, dict):
+            return {k: self._sanitize_data(v) for k, v in data.items()}
+        elif isinstance(data, list):
+            return [self._sanitize_data(item) for item in data]
+        elif isinstance(data, str):
+            return self._sanitize_string(data)
+        else:
+            return data
+    
+    def _sanitize_string(self, value: str) -> str:
+        """清理字符串"""
+        if not value:
+            return ""
+        
+        # 去除首尾空格
+        value = value.strip()
+        
+        # 限制长度
+        if len(value) > 1000:
+            value = value[:1000]
+        
+        # 转义HTML特殊字符
+        html_chars = {
+            '&': '&amp;',
+            '<': '&lt;',
+            '>': '&gt;',
+            '"': '&quot;',
+            "'": '&#x27;',
+            '/': '&#x2F;'
+        }
+        for char, escape in html_chars.items():
+            value = value.replace(char, escape)
+        
+        return value
+
+
+def sanitize_input(value: str, max_length: int = 255) -> str:
+    """清理单个输入值"""
+    if not value:
+        return ""
+    
+    value = value.strip()
+    if len(value) > max_length:
+        value = value[:max_length]
+    
+    return value
+
+
+def validate_points(points: int, min_val: int = -100, max_val: int = 100) -> tuple:
+    """
+    验证分值
+    返回: (是否有效, 错误信息)
+    """
+    if points == 0:
+        return False, "分值不能为0"
+    if points < min_val or points > max_val:
+        return False, f"分值必须在{min_val}到{max_val}之间"
+    return True, ""
+
+
+def validate_reason(reason: str) -> tuple:
+    """
+    验证原因
+    返回: (是否有效, 错误信息)
+    """
+    if not reason or not reason.strip():
+        return False, "原因不能为空"
+    if len(reason) > 255:
+        return False, "原因长度不能超过255个字符"
+    return True, ""
+
+
+def validate_date(date_str: str) -> bool:
+    """验证日期格式 YYYY-MM-DD"""
+    if not date_str:
+        return False
+    pattern = r'^\d{4}-\d{2}-\d{2}$'
+    if not re.match(pattern, date_str):
+        return False
+    return True