mirror of
https://github.com/labring/FastGPT.git
synced 2025-07-22 20:37:48 +00:00
chore: upgrade mongoose to v8.10.x for security (#3868)
* chore: upgrade mongoose to v8.10.x for security * chore: remove duplicate code * fix: ts error
This commit is contained in:
Finley Ge
@@ -18,10 +18,10 @@ export function getGFSCollection(bucket: `${BucketNameEnum}`) {
|
||||
MongoDatasetFileSchema;
|
||||
MongoChatFileSchema;
|
||||
|
||||
return connectionMongo.connection.db.collection(`${bucket}.files`);
|
||||
return connectionMongo.connection.db!.collection(`${bucket}.files`);
|
||||
}
|
||||
export function getGridBucket(bucket: `${BucketNameEnum}`) {
|
||||
return new connectionMongo.mongo.GridFSBucket(connectionMongo.connection.db, {
|
||||
return new connectionMongo.mongo.GridFSBucket(connectionMongo.connection.db!, {
|
||||
bucketName: bucket,
|
||||
// @ts-ignore
|
||||
readPreference: ReadPreference.SECONDARY_PREFERRED // Read from secondary node
|
||||
|
||||
@@ -24,7 +24,7 @@
|
||||
"jsonwebtoken": "^9.0.2",
|
||||
"lodash": "^4.17.21",
|
||||
"mammoth": "^1.6.0",
|
||||
"mongoose": "^7.0.2",
|
||||
"mongoose": "^8.10.1",
|
||||
"multer": "1.4.5-lts.1",
|
||||
"next": "14.2.5",
|
||||
"nextjs-cors": "^2.2.0",
|
||||
|
||||
@@ -178,7 +178,7 @@ export const getClbsAndGroupsWithInfo = async ({
|
||||
]);
|
||||
|
||||
export const delResourcePermissionById = (id: string) => {
|
||||
return MongoResourcePermission.findByIdAndRemove(id);
|
||||
return MongoResourcePermission.findByIdAndDelete(id);
|
||||
};
|
||||
export const delResourcePermission = ({
|
||||
session,
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { AppDetailType } from '@fastgpt/global/core/app/type';
|
||||
import { OutlinkAppType, OutLinkSchema } from '@fastgpt/global/support/outLink/type';
|
||||
import { OutLinkSchema } from '@fastgpt/global/support/outLink/type';
|
||||
import { parseHeaderCert } from '../controller';
|
||||
import { MongoOutLink } from '../../outLink/schema';
|
||||
import { OutLinkErrEnum } from '@fastgpt/global/common/error/code/outLink';
|
||||
@@ -54,15 +54,11 @@ export async function authOutLinkCrud({
|
||||
}
|
||||
|
||||
/* outLink exist and it app exist */
|
||||
export async function authOutLinkValid<T extends OutlinkAppType = undefined>({
|
||||
shareId
|
||||
}: {
|
||||
shareId?: string;
|
||||
}) {
|
||||
export async function authOutLinkValid({ shareId }: { shareId?: string }) {
|
||||
if (!shareId) {
|
||||
return Promise.reject(OutLinkErrEnum.linkUnInvalid);
|
||||
}
|
||||
const outLinkConfig = (await MongoOutLink.findOne({ shareId }).lean()) as OutLinkSchema<T>;
|
||||
const outLinkConfig = await MongoOutLink.findOne({ shareId }).lean();
|
||||
|
||||
if (!outLinkConfig) {
|
||||
return Promise.reject(OutLinkErrEnum.linkUnInvalid);
|
||||
|
||||
@@ -64,7 +64,7 @@ export const checkTeamDatasetLimit = async (teamId: string) => {
|
||||
export const checkTeamAppLimit = async (teamId: string, amount = 1) => {
|
||||
const [{ standardConstants }, appCount] = await Promise.all([
|
||||
getTeamStandPlan({ teamId }),
|
||||
MongoApp.count({
|
||||
MongoApp.countDocuments({
|
||||
teamId,
|
||||
type: { $in: [AppTypeEnum.simple, AppTypeEnum.workflow, AppTypeEnum.plugin] }
|
||||
})
|
||||
|
||||
@@ -10,6 +10,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
|
||||
// 重命名 dataset.trainigns -> dataset_trainings
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'dataset.trainings' })
|
||||
.toArray();
|
||||
@@ -31,6 +36,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'dataset.collections' })
|
||||
.toArray();
|
||||
@@ -52,6 +62,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'dataset.datas' })
|
||||
.toArray();
|
||||
@@ -73,6 +88,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'app.versions' })
|
||||
.toArray();
|
||||
@@ -94,6 +114,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'buffer.rawtexts' })
|
||||
.toArray();
|
||||
@@ -115,6 +140,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'buffer.tts' })
|
||||
.toArray();
|
||||
@@ -134,6 +164,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'team.members' })
|
||||
.toArray();
|
||||
@@ -155,6 +190,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'team.tags' })
|
||||
.toArray();
|
||||
@@ -174,6 +214,11 @@ async function handler(req: NextApiRequest, res: NextApiResponse) {
|
||||
}
|
||||
|
||||
try {
|
||||
if (!connectionMongo.connection.db) {
|
||||
return jsonRes(res, {
|
||||
message: '数据库连接失败'
|
||||
});
|
||||
}
|
||||
const collections = await connectionMongo.connection.db
|
||||
.listCollections({ name: 'team.subscriptions' })
|
||||
.toArray();
|
||||
|
||||
@@ -16,7 +16,7 @@ async function handler(
|
||||
): Promise<OutLinkDeleteResponse> {
|
||||
const { id } = req.query;
|
||||
await authOutLinkCrud({ req, outLinkId: id, authToken: true, per: OwnerPermissionVal });
|
||||
await MongoOutLink.findByIdAndRemove(id);
|
||||
await MongoOutLink.findByIdAndDelete(id);
|
||||
return {};
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user