From f18585d5e95df6b46346f253a3fab8484a0c4dc3 Mon Sep 17 00:00:00 2001
From: zuohuaijun <zuohuaijun@163.com>
Date: Fri, 27 Jun 2025 01:29:49 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=98=8E1=E3=80=81=E4=BC=98=E5=8C=96?=
 =?UTF-8?q?=E4=BB=93=E5=82=A8=E6=89=A9=E5=B1=95=E5=8F=AF=E8=83=BD=E5=BC=95?=
 =?UTF-8?q?=E5=8F=91sql=E6=B3=A8=E5=85=A5=E9=97=AE=E9=A2=98=20=202?=
 =?UTF-8?q?=E3=80=81=E4=BC=98=E5=8C=96=E6=8E=A5=E5=8F=A3=E5=8E=8B=E6=B5=8B?=
 =?UTF-8?q?=E9=A1=B5=E9=9D=A2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Extension/RepositoryExtension.cs          | 10 ++++----
 Web/src/views/system/stressTest/index.vue     | 25 ++++++++++++-------
 2 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/Admin.NET/Admin.NET.Core/Extension/RepositoryExtension.cs b/Admin.NET/Admin.NET.Core/Extension/RepositoryExtension.cs
index f730e1d8..37a80069 100644
--- a/Admin.NET/Admin.NET.Core/Extension/RepositoryExtension.cs
+++ b/Admin.NET/Admin.NET.Core/Extension/RepositoryExtension.cs
@@ -145,12 +145,12 @@ public static class RepositoryExtension
         typeAdapterConfig.ForType<T, BasePageInput>().IgnoreNullValues(true);
         Mapper mapper = new(typeAdapterConfig); // 务必将mapper设为单实例
         var nowPagerInput = mapper.Map<BasePageInput>(pageInput);
-        // 排序是否可用-排序字段和排序顺序都为非空才启用排序
-        if (!string.IsNullOrEmpty(nowPagerInput.Field) && !string.IsNullOrEmpty(nowPagerInput.Order))
+        // 排序是否可用-排序字段为非空才启用排序，排序顺序默认为倒序
+        if (!string.IsNullOrEmpty(nowPagerInput.Field))
         {
-            var col = queryable.Context.EntityMaintenance.GetEntityInfo<T>().Columns.FirstOrDefault(u => u.PropertyName.Equals(nowPagerInput.Field, StringComparison.CurrentCultureIgnoreCase));
-            var dbColumnName = col != null ? col.DbColumnName : nowPagerInput.Field;
-            orderStr = $"{prefix}{iSqlBuilder.GetTranslationColumnName(dbColumnName)} {(nowPagerInput.Order == nowPagerInput.DescStr ? "Desc" : "Asc")}";
+            nowPagerInput.Field = Regex.Replace(nowPagerInput.Field, @"[\s;()\-'@=/%]", ""); //过滤掉一些关键字符防止构造特殊SQL语句注入
+            var orderByDbName = queryable.Context.EntityMaintenance.GetDbColumnName<T>(nowPagerInput.Field);//防止注入，类中只要不存在属性名就会报错
+            orderStr = $"{prefix}{iSqlBuilder.GetTranslationColumnName(orderByDbName)} {(string.IsNullOrEmpty(nowPagerInput.Order) || nowPagerInput.Order.Equals(nowPagerInput.DescStr, StringComparison.OrdinalIgnoreCase) ? "Desc" : "Asc")}";
         }
         return queryable.OrderByIF(!string.IsNullOrWhiteSpace(orderStr), orderStr);
     }
diff --git a/Web/src/views/system/stressTest/index.vue b/Web/src/views/system/stressTest/index.vue
index a57e6eac..da73516f 100644
--- a/Web/src/views/system/stressTest/index.vue
+++ b/Web/src/views/system/stressTest/index.vue
@@ -166,13 +166,20 @@ onMounted(async () => {
 // 获取接口分组列表
 const getApiGroupList = async () => {
 	try {
-		const html = await request(`/index.html`, { method: 'get' }).then(({ data }) => data);
-		const prefixText = "var configObject = JSON.parse('";
-		const jsonStr = html
-			.substring(html.indexOf(prefixText) + prefixText.length, html.indexOf('var oauthConfigObject = JSON.parse('))
-			?.trim()
-			.replace("');", '');
-		return JSON.parse(jsonStr).urls;
+		const response = await request('/swagger-resources', { method: 'get' });
+		return response.data
+			.filter((resource: { name: string; url: string }) => !resource.url.toLowerCase().includes('all%20groups'))
+			.map((resource: { name: string; url: string }) => {
+				const rawUrl = resource.url || '';
+				let fixedUrl = rawUrl.startsWith('//') ? rawUrl.substring(1) : rawUrl;
+				if (!fixedUrl.startsWith('/') && !fixedUrl.includes('://')) {
+					fixedUrl = '/' + fixedUrl;
+				}
+				return {
+					name: decodeURIComponent(resource.name || ''),
+					url: fixedUrl,
+				};
+			});
 	} catch {
 		return [];
 	}
@@ -181,10 +188,10 @@ const getApiGroupList = async () => {
 // 获取所有接口列表
 const getApiList = (keywords: string | undefined) => {
 	const emojiPattern =
-		/[\u{1F600}-\u{1F64F}\u{1F300}-\u{1F5FF}\u{1F680}-\u{1F6FF}\u{1F700}-\u{1F77F}\u{1F780}-\u{1F7FF}\u{1F800}-\u{1F8FF}\u{1F900}-\u{1F9FF}\u{1FA00}-\u{1FA6F}\u{1FA70}-\u{1FAFF}\u{2600}-\u{26FF}\u{2700}-\u{27BF}]/gu;
+		/[\u{2139}\u{2B05}-\u{2B07}\u{1F600}-\u{1F64F}\u{1F300}-\u{1F5FF}\u{1F680}-\u{1F6FF}\u{1F700}-\u{1F77F}\u{1F780}-\u{1F7FF}\u{1F800}-\u{1F8FF}\u{1F900}-\u{1F9FF}\u{1FA00}-\u{1FA6F}\u{1FA70}-\u{1FAFF}\u{2600}-\u{26FF}\u{2700}-\u{27BF}]/gu;
 	return request(state.swaggerUrl, { method: 'get' }).then(({ data }) => {
 		const pathMap = data.paths;
-		const result = data.tags.map((e: any) => ({ path: e.name, summary: e.description.replaceAll(emojiPattern, ''), children: [] }));
+		const result = data.tags.map((e: any) => ({ path: e.name, summary: e.description?.replaceAll(emojiPattern, '') || e.name, children: [] }));
 		Object.keys(pathMap).map((path) => {
 			const method = Object.keys(pathMap[path])[0];
 			const apiInfo = pathMap[path][method];