ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2025-07-22 20:37:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: upgrade mongoose to v8.10.x for security (#3868)

Browse Source 
* chore: upgrade mongoose to v8.10.x for security

* chore: remove duplicate code

* fix: ts error
This commit is contained in:
Finley Ge
2025-02-26 18:32:19 +08:00
committed by GitHub
parent cf9c8e9f6a
commit 747bb303ec
7 changed files with 54 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/service/common/file/gridfs/controller.ts
View File

@@ -18,10 +18,10 @@ export function getGFSCollection(bucket: `${BucketNameEnum}`) {
MongoDatasetFileSchema; MongoDatasetFileSchema;
MongoChatFileSchema; MongoChatFileSchema;
return connectionMongo.connection.db.collection(`${bucket}.files`); return connectionMongo.connection.db!.collection(`${bucket}.files`);
} }
export function getGridBucket(bucket: `${BucketNameEnum}`) { export function getGridBucket(bucket: `${BucketNameEnum}`) {
return new connectionMongo.mongo.GridFSBucket(connectionMongo.connection.db, { return new connectionMongo.mongo.GridFSBucket(connectionMongo.connection.db!, {
bucketName: bucket, bucketName: bucket,
// @ts-ignore // @ts-ignore
readPreference: ReadPreference.SECONDARY_PREFERRED // Read from secondary node readPreference: ReadPreference.SECONDARY_PREFERRED // Read from secondary node

2
packages/service/package.json
View File

@@ -24,7 +24,7 @@
"jsonwebtoken": "^9.0.2", "jsonwebtoken": "^9.0.2",
"lodash": "^4.17.21", "lodash": "^4.17.21",
"mammoth": "^1.6.0", "mammoth": "^1.6.0",
"mongoose": "^7.0.2", "mongoose": "^8.10.1",
"multer": "1.4.5-lts.1", "multer": "1.4.5-lts.1",
"next": "14.2.5", "next": "14.2.5",
"nextjs-cors": "^2.2.0", "nextjs-cors": "^2.2.0",

2
packages/service/support/permission/controller.ts
View File

@@ -178,7 +178,7 @@ export const getClbsAndGroupsWithInfo = async ({
]); ]);
export const delResourcePermissionById = (id: string) => { export const delResourcePermissionById = (id: string) => {
return MongoResourcePermission.findByIdAndRemove(id); return MongoResourcePermission.findByIdAndDelete(id);
}; };
export const delResourcePermission = ({ export const delResourcePermission = ({
session, session,

10
packages/service/support/permission/publish/authLink.ts
View File

@@ -1,5 +1,5 @@
import { AppDetailType } from '@fastgpt/global/core/app/type'; import { AppDetailType } from '@fastgpt/global/core/app/type';
import { OutlinkAppType, OutLinkSchema } from '@fastgpt/global/support/outLink/type'; import { OutLinkSchema } from '@fastgpt/global/support/outLink/type';
import { parseHeaderCert } from '../controller'; import { parseHeaderCert } from '../controller';
import { MongoOutLink } from '../../outLink/schema'; import { MongoOutLink } from '../../outLink/schema';
import { OutLinkErrEnum } from '@fastgpt/global/common/error/code/outLink'; import { OutLinkErrEnum } from '@fastgpt/global/common/error/code/outLink';
@@ -54,15 +54,11 @@ export async function authOutLinkCrud({
} }
/* outLink exist and it app exist */ /* outLink exist and it app exist */
export async function authOutLinkValid<T extends OutlinkAppType = undefined>({ export async function authOutLinkValid({ shareId }: { shareId?: string }) {
shareId
}: {
shareId?: string;
}) {
if (!shareId) { if (!shareId) {
return Promise.reject(OutLinkErrEnum.linkUnInvalid); return Promise.reject(OutLinkErrEnum.linkUnInvalid);
} }
const outLinkConfig = (await MongoOutLink.findOne({ shareId }).lean()) as OutLinkSchema<T>; const outLinkConfig = await MongoOutLink.findOne({ shareId }).lean();
if (!outLinkConfig) { if (!outLinkConfig) {
return Promise.reject(OutLinkErrEnum.linkUnInvalid); return Promise.reject(OutLinkErrEnum.linkUnInvalid);

2
packages/service/support/permission/teamLimit.ts
View File

@@ -64,7 +64,7 @@ export const checkTeamDatasetLimit = async (teamId: string) => {
export const checkTeamAppLimit = async (teamId: string, amount = 1) => { export const checkTeamAppLimit = async (teamId: string, amount = 1) => {
const [{ standardConstants }, appCount] = await Promise.all([ const [{ standardConstants }, appCount] = await Promise.all([
getTeamStandPlan({ teamId }), getTeamStandPlan({ teamId }),
MongoApp.count({ MongoApp.countDocuments({
teamId, teamId,
type: { $in: [AppTypeEnum.simple, AppTypeEnum.workflow, AppTypeEnum.plugin] } type: { $in: [AppTypeEnum.simple, AppTypeEnum.workflow, AppTypeEnum.plugin] }
}) })

45
projects/app/src/pages/api/admin/initv481.ts
View File

@@ -10,6 +10,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
// 重命名 dataset.trainigns -> dataset_trainings // 重命名 dataset.trainigns -> dataset_trainings
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'dataset.trainings' }) .listCollections({ name: 'dataset.trainings' })
.toArray(); .toArray();
@@ -31,6 +36,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'dataset.collections' }) .listCollections({ name: 'dataset.collections' })
.toArray(); .toArray();
@@ -52,6 +62,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'dataset.datas' }) .listCollections({ name: 'dataset.datas' })
.toArray(); .toArray();
@@ -73,6 +88,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'app.versions' }) .listCollections({ name: 'app.versions' })
.toArray(); .toArray();
@@ -94,6 +114,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'buffer.rawtexts' }) .listCollections({ name: 'buffer.rawtexts' })
.toArray(); .toArray();
@@ -115,6 +140,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'buffer.tts' }) .listCollections({ name: 'buffer.tts' })
.toArray(); .toArray();
@@ -134,6 +164,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'team.members' }) .listCollections({ name: 'team.members' })
.toArray(); .toArray();
@@ -155,6 +190,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'team.tags' }) .listCollections({ name: 'team.tags' })
.toArray(); .toArray();
@@ -174,6 +214,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
} }
try { try {
if (!connectionMongo.connection.db) {
return jsonRes(res, {
message: '数据库连接失败'
});
}
const collections = await connectionMongo.connection.db const collections = await connectionMongo.connection.db
.listCollections({ name: 'team.subscriptions' }) .listCollections({ name: 'team.subscriptions' })
.toArray(); .toArray();

2
projects/app/src/pages/api/support/outLink/delete.ts
View File

@@ -16,7 +16,7 @@ async function handler(
): Promise<OutLinkDeleteResponse> { ): Promise<OutLinkDeleteResponse> {
const { id } = req.query; const { id } = req.query;
await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: OwnerPermissionVal }); await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: OwnerPermissionVal });
await MongoOutLink.findByIdAndRemove(id); await MongoOutLink.findByIdAndDelete(id);
return {}; return {};
} }