Fix: Move wordfreqapp.db to new location

fix-vuln
徐宣 2023-06-19 14:48:35 +08:00
parent 2277473afe
commit f40a388277
6 changed files with 9 additions and 19 deletions

2
.gitignore vendored
View File

@ -7,7 +7,7 @@ app/static/usr/*.jpg
app/static/img/ app/static/img/
app/static/frequency/frequency_*.pickle app/static/frequency/frequency_*.pickle
app/static/frequency/frequency.p app/static/frequency/frequency.p
app/static/wordfreqapp.db app/wordfreqapp.db
app/static/donate-the-author.jpg app/static/donate-the-author.jpg
app/static/donate-the-author-hidden.jpg app/static/donate-the-author-hidden.jpg
app/model/__pycache__/ app/model/__pycache__/

4
Jenkinsfile vendored
View File

@ -10,8 +10,8 @@ pipeline {
stages { stages {
stage('MakeDatabasefile') { stage('MakeDatabasefile') {
steps { steps {
sh 'touch ./app/static/wordfreqapp.db && rm -f ./app/static/wordfreqapp.db' sh 'touch ./app/wordfreqapp.db && rm -f ./app/wordfreqapp.db'
sh 'cat ./app/static/wordfreqapp.sql | sqlite3 ./app/static/wordfreqapp.db' sh 'cat ./app/static/wordfreqapp.sql | sqlite3 ./app/wordfreqapp.db'
} }
} }
stage('BuildIt') { stage('BuildIt') {

View File

@ -61,15 +61,15 @@ My steps for deploying English on a Ubuntu server.
All articles are stored in the `article` table in a SQLite file called All articles are stored in the `article` table in a SQLite file called
`app/static/wordfreqapp.db`. `app/wordfreqapp.db`.
### Adding new articles ### Adding new articles
To add articles, open and edit `app/static/wordfreqapp.db` using DB Browser for SQLite (https://sqlitebrowser.org). To add articles, open and edit `app/wordfreqapp.db` using DB Browser for SQLite (https://sqlitebrowser.org).
### Extending an account's expiry date ### Extending an account's expiry date
By default, an account's expiry is 30 days after first sign-up. To extend account's expiry date, open and edit `user` table in `app/static/wordfreqapp.db`. Simply update field `expiry_date`. By default, an account's expiry is 30 days after first sign-up. To extend account's expiry date, open and edit `user` table in `app/wordfreqapp.db`. Simply update field `expiry_date`.
### Exporting the database ### Exporting the database

View File

@ -15,7 +15,7 @@ path_prefix = './' # comment this line in deployment
def total_number_of_essays(): def total_number_of_essays():
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') rq = RecordQuery(path_prefix + 'wordfreqapp.db')
rq.instructions("SELECT * FROM article") rq.instructions("SELECT * FROM article")
rq.do() rq.do()
result = rq.get_results() result = rq.get_results()
@ -33,7 +33,7 @@ def get_article_body(s):
def get_today_article(user_word_list, visited_articles): def get_today_article(user_word_list, visited_articles):
rq = RecordQuery(path_prefix + 'static/wordfreqapp.db') rq = RecordQuery(path_prefix + 'wordfreqapp.db')
if visited_articles is None: if visited_articles is None:
visited_articles = { visited_articles = {
"index" : 0, # 为 article_ids 的索引 "index" : 0, # 为 article_ids 的索引

View File

@ -56,16 +56,6 @@ def appears_in_test(word, d):
else: else:
return ','.join(d[word]) return ','.join(d[word])
@app.before_request
def restrict_file_access():
'''
禁止直接访问/static下的数据库文件
'''
requested_path = request.path
normalized_path = os.path.normpath(requested_path)
if normalized_path.startswith('/static/') and normalized_path.endswith('wordfreqapp.db'):
return abort(403)
@app.route("/mark", methods=['GET', 'POST']) @app.route("/mark", methods=['GET', 'POST'])
def mark_word(): def mark_word():
''' '''

View File

@ -1,7 +1,7 @@
from pony.orm import * from pony.orm import *
db = Database() db = Database()
db.bind("sqlite", "../static/wordfreqapp.db", create_db=True) # bind sqlite file db.bind("sqlite", "../wordfreqapp.db", create_db=True) # bind sqlite file
class User(db.Entity): class User(db.Entity):