修复漏洞，重构初始化功能，优化媒体库 (#1024)

* 媒体库增加 普通上传、压缩上传按钮，方便媒体库直接上传图片

* 增加数据类型切换后的的校验，避免使用错误的查询条件和字典条件。

* refactor: 重构初始化逻辑

* 媒体库功能丰富

* 修复注入漏洞和路径穿越

* 修复自动化接口获取数据库表失败后未能终止的bug

* 微调媒体库样式

Co-authored-by: bypanghu <bypanghu@163.com>
Co-authored-by: tesun <36953434+tesun@users.noreply.github.com>
Co-authored-by: pnck <hio131@gmail.com>
Co-authored-by: task <121913992@qq.com>

server/source/system/view_authority_menu_postgres.go

@@ -1,27 +1,50 @@
 package system
 
 import (
+	"context"
 	"fmt"
+	"github.com/flipped-aurora/gin-vue-admin/server/service/system"
+	"gorm.io/gorm"
 	"strings"
 
 	"github.com/flipped-aurora/gin-vue-admin/server/global"
-	"github.com/flipped-aurora/gin-vue-admin/server/model/system"
+	sysModel "github.com/flipped-aurora/gin-vue-admin/server/model/system"
 	"github.com/pkg/errors"
 )
 
-var ViewAuthorityMenuPostgres = new(viewAuthorityMenuPostgres)
+const initOrderMenuViewPg = initOrderMenuAuthority + 1
 
-type viewAuthorityMenuPostgres struct{}
+type initMenuViewPg struct{}
 
-func (a *viewAuthorityMenuPostgres) TableName() string {
-	var entity system.SysMenu
-	return entity.TableName()
+// auto run
+func init() {
+	system.RegisterInit(initOrderMenuViewPg, &initMenuViewPg{})
 }
 
-func (a *viewAuthorityMenuPostgres) Initialize() error {
-	var entity AuthorityMenus
+func (i initMenuViewPg) InitializerName() string {
+	return fmt.Sprintf("postgresql 视图<%s>", sysModel.SysMenu{}.TableName())
+}
+
+func (i *initMenuViewPg) InitializeData(ctx context.Context) (context.Context, error) {
+	return ctx, nil
+}
+
+func (i *initMenuViewPg) DataInserted(ctx context.Context) bool {
+	return true // ignore
+}
+
+func (a *initMenuViewPg) MigrateTable(ctx context.Context) (context.Context, error) {
+	db, ok := ctx.Value("db").(*gorm.DB)
+	if !ok {
+		return ctx, system.ErrMissingDBContext
+	}
+	if s, ok := ctx.Value("dbtype").(string); !ok || s != "pgsql" {
+		return ctx, nil // ignore
+	}
+	joinTableName := db.Model(&sysModel.SysAuthority{}).Association("SysBaseMenus").Relationship.JoinTable.Name
+
 	sql := `
-	CREATE VIEW @table_name as
+	CREATE OR REPLACE VIEW @table_name as
 	select @menus.id                       as id,
 		   @menus.path                     as path,
 		   @menus.name                     as name,
@@ -41,18 +64,19 @@ func (a *viewAuthorityMenuPostgres) Initialize() error {
 		   @authorities_menus.sys_base_menu_id      as menu_id,
 		   @authorities_menus.sys_authority_authority_id as authority_id
 	from (@authorities_menus join @menus on ((@authorities_menus.sys_base_menu_id = @menus.id)));`
-	sql = strings.ReplaceAll(sql, "@table_name", a.TableName())
-	sql = strings.ReplaceAll(sql, "@menus", "sys_base_menus")
-	sql = strings.ReplaceAll(sql, "@authorities_menus", entity.TableName())
+	sql = strings.ReplaceAll(sql, "@table_name", sysModel.SysMenu{}.TableName())
+	sql = strings.ReplaceAll(sql, "@menus", sysModel.SysBaseMenu{}.TableName())
+	sql = strings.ReplaceAll(sql, "@authorities_menus", joinTableName)
 	if err := global.GVA_DB.Exec(sql).Error; err != nil {
-		return errors.Wrap(err, a.TableName()+"视图创建失败!")
+		return ctx, errors.Wrap(err, sysModel.SysMenu{}.TableName()+"视图创建失败!")
 	}
-	return nil
+	return ctx, nil
 }
 
-func (a *viewAuthorityMenuPostgres) CheckDataExist() bool {
-	err1 := global.GVA_DB.Find(&[]system.SysMenu{}).Error
-	err2 := errors.New(fmt.Sprintf("Error 1146: Table '%v.%v' doesn't exist", global.GVA_CONFIG.Pgsql.Dbname, a.TableName()))
+func (a *initMenuViewPg) TableCreated(ctx context.Context) bool {
+	err1 := global.GVA_DB.Find(&[]sysModel.SysMenu{}).Error
+	err2 := errors.New(fmt.Sprintf("Error 1146: Table '%v.%v' doesn't exist",
+		global.GVA_CONFIG.Pgsql.Dbname, sysModel.SysMenu{}.TableName()))
 	if errors.As(err1, &err2) {
 		return false
 	}