限制 “laravel-ask-database” 包的表格。

huangapple go评论77阅读模式
英文:

Restricting tables for the package "laravel-ask-database"

问题

我是新来的 Laravel 开发领域,我遇到了一个用于生成数据库自然查询的包,叫做 "laravel-ask-database",是否有办法限制这个包可以访问哪些表格?

英文:

I'm new to the world of laravel development I came across a package to generate natural queries for the database called "laravel-ask-database", is there a way I can restrict which tables this package has access to?

答案1

得分: 1

【laravel-ask-database】从数据库模式获取所有表列表 第34行

protected function getTables(string $question): array
{
    return once(function () use ($question) {
        $tables = DB::connection($this->connection)
            ->getDoctrineSchemaManager()
            ->listTables();

        if (count($tables) < config('ask-database.max_tables_before_performing_lookup')) {
            return $tables;
        }

        return $this->filterMatchingTables($question, $tables);
    });
}

没有可配置的过滤器。但是,为了保护表,您可以创建一个名为laravel-ask-database的额外的MySQL用户,并设置特定表的权限。

要将自定义的laravel-ask-database连接添加到config/database.php,请使用以下配置:

'connections' => [
...
    'laravel-ask-database' => [
        'driver' => 'mysql',
        'host' => env('DB_HOST', '127.0.0.1'),
        'port' => env('DB_PORT', '3306'),
        'database' => env('DB_DATABASE', 'forge'),
        'username' => 'laravel-ask-database',
        'password' => ...,
        ...
    ],
...
]

然后,通过.env文件更改ask-database.connection(config/ask-database.php)的默认值:

ASK_DATABASE_DB_CONNECTION=laravel-ask-database

这将不会保护受限制的表的SQL查询构建,但会保护对它们的访问。

替代方法:

  • 分支项目或创建拉取请求。
  • 避免在提示中使用受限制的表名。

希望这对您有帮助。

英文:

The laravel-ask-database is getting the all table list from db schema line 34:

protected function getTables(string $question): array
    {
        return once(function () use ($question) {
            $tables = DB::connection($this->connection)
                ->getDoctrineSchemaManager()
                ->listTables();

            if (count($tables) < config('ask-database.max_tables_before_performing_lookup')) {
                return $tables;
            }

            return $this->filterMatchingTables($question, $tables);
        });
    }

And there is no configurable filter. However, as an option to protect tables, you can create an additional MySQL user named laravel-ask-database with custom-specific table privileges.

To add the custom laravel-ask-database connection to config/database.php, use the following configuration:


'connections' => [
...
        'laravel-ask-database' => [
            'driver' => 'mysql',
            'host' => env('DB_HOST', '127.0.0.1'),
            'port' => env('DB_PORT', '3306'),
            'database' => env('DB_DATABASE', 'forge'),
            'username' => 'laravel-ask-database',
            'password' => ...,
            ...
        ],
...
]

next change the default value of ask-database.connection (config/ask-database.php) via .env file:

ASK_DATABASE_DB_CONNECTION=laravel-ask-database

This will not protect the construction of SQL queries for restricted tables, but it will protect access to them.

Alternative ways:

  • Fork the project or make a pull request.
  • Avoid using restricted table names in prompts.

hope this helps you

huangapple
  • 本文由 发表于 2023年7月27日 21:05:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76780046.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定