Browse Source

Merge pull request #2278 from nocodb/fix/sanitize

fix: sanitize project title
pull/2290/head
navi 3 years ago committed by GitHub
parent
commit
ffad5a318a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 759
      packages/nocodb/package-lock.json
  2. 1
      packages/nocodb/package.json
  3. 33
      packages/nocodb/src/lib/meta/api/projectApis.ts

759
packages/nocodb/package-lock.json generated

File diff suppressed because it is too large Load Diff

1
packages/nocodb/package.json

@ -133,6 +133,7 @@
"ioredis": "^4.28.5", "ioredis": "^4.28.5",
"ioredis-mock": "^7.1.0", "ioredis-mock": "^7.1.0",
"is-docker": "^2.2.1", "is-docker": "^2.2.1",
"isomorphic-dompurify": "^0.19.0",
"js-beautify": "^1.11.0", "js-beautify": "^1.11.0",
"jsep": "^1.3.6", "jsep": "^1.3.6",
"json2csv": "^5.0.6", "json2csv": "^5.0.6",

33
packages/nocodb/src/lib/meta/api/projectApis.ts

@ -1,7 +1,7 @@
import { Request, Response } from 'express'; import { Request, Response } from 'express';
import Project from '../../models/Project'; import Project from '../../models/Project';
import { ModelTypes, ProjectListType, UITypes } from 'nocodb-sdk'; import { ModelTypes, ProjectListType, UITypes } from 'nocodb-sdk';
import DOMPurify from 'isomorphic-dompurify';
import { PagedResponseImpl } from '../helpers/PagedResponse'; import { PagedResponseImpl } from '../helpers/PagedResponse';
import syncMigration from '../helpers/syncMigration'; import syncMigration from '../helpers/syncMigration';
import { IGNORE_TABLES } from '../../utils/common/BaseApiBuilder'; import { IGNORE_TABLES } from '../../utils/common/BaseApiBuilder';
@ -98,7 +98,8 @@ async function projectCreate(req: Request<any, any>, res) {
if (await Project.getByTitle(projectBody?.title)) { if (await Project.getByTitle(projectBody?.title)) {
NcError.badRequest('Project title already in use'); NcError.badRequest('Project title already in use');
} }
// todo: sanitize
projectBody.title = DOMPurify.sanitize(projectBody.title);
projectBody.slug = projectBody.title; projectBody.slug = projectBody.title;
const project = await Project.createProject(projectBody); const project = await Project.createProject(projectBody);
@ -391,20 +392,24 @@ export async function projectInfoGet(req, res) {
} }
export async function projectCost(req, res) { export async function projectCost(req, res) {
let cost = 0 let cost = 0;
const project = await Project.getWithInfo(req.params.projectId); const project = await Project.getWithInfo(req.params.projectId);
const sqlClient = NcConnectionMgrv2.getSqlClient(project.bases[0]); const sqlClient = NcConnectionMgrv2.getSqlClient(project.bases[0]);
const userCount = await ProjectUser.getUsersCount(req.query) const userCount = await ProjectUser.getUsersCount(req.query);
const recordCount = (await sqlClient.totalRecords())?.data.TotalRecords const recordCount = (await sqlClient.totalRecords())?.data.TotalRecords;
if (recordCount > 100000) { // 36,000 or $79/user/month if (recordCount > 100000) {
cost = Math.max(36000, 948 * userCount) // 36,000 or $79/user/month
} else if (recordCount > 50000) { // $36,000 or $50/user/month cost = Math.max(36000, 948 * userCount);
cost = Math.max(36000, 600 * userCount) } else if (recordCount > 50000) {
} else if (recordCount > 10000) { // $240/user/yr // $36,000 or $50/user/month
cost = Math.min(240 * userCount, 36000) cost = Math.max(36000, 600 * userCount);
} else if (recordCount > 1000) { // $120/user/yr } else if (recordCount > 10000) {
cost = Math.min(120 * userCount, 36000) // $240/user/yr
cost = Math.min(240 * userCount, 36000);
} else if (recordCount > 1000) {
// $120/user/yr
cost = Math.min(120 * userCount, 36000);
} }
res.json({ cost }); res.json({ cost });

Loading…
Cancel
Save