diff --git a/backend/app/api/v1/sql_executor.py b/backend/app/api/v1/sql_executor.py index c1231c7..69f6387 100644 --- a/backend/app/api/v1/sql_executor.py +++ b/backend/app/api/v1/sql_executor.py @@ -12,7 +12,7 @@ from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.engine.result import Result import structlog -from app.core.deps import get_current_user, get_db +from app.core.deps import get_current_user, get_db, require_admin try: from app.core.simple_auth import get_current_user_simple except ImportError: @@ -57,7 +57,7 @@ def serialize_row(row: Any) -> Union[Dict[str, Any], Any]: @router.post("/execute", response_model=ResponseModel) async def execute_sql( request: Dict[str, Any], - current_user: User = Depends(get_current_user), + current_user: User = Depends(require_admin), db: AsyncSession = Depends(get_db) ) -> ResponseModel: """ @@ -74,7 +74,7 @@ async def execute_sql( - 写入操作:返回影响的行数 安全说明: - - 需要用户身份验证 + - 需要管理员权限 - 所有操作都会记录日志 - 建议在生产环境中限制可执行的 SQL 类型 """ @@ -196,11 +196,13 @@ async def execute_sql( @router.post("/validate", response_model=ResponseModel) async def validate_sql( request: Dict[str, Any], - current_user: User = Depends(get_current_user) + current_user: User = Depends(require_admin) ) -> ResponseModel: """ 验证 SQL 语句的语法(不执行) + 权限:需要管理员权限 + Args: request: 包含 sql 字段的请求 @@ -253,12 +255,14 @@ async def validate_sql( @router.get("/tables", response_model=ResponseModel) async def get_tables( - current_user: User = Depends(get_current_user), + current_user: User = Depends(require_admin), db: AsyncSession = Depends(get_db) ) -> ResponseModel: """ 获取数据库中的所有表 + 权限:需要管理员权限 + Returns: 数据库表列表 """ @@ -290,12 +294,14 @@ async def get_tables( @router.get("/table/{table_name}/schema", response_model=ResponseModel) async def get_table_schema( table_name: str, - current_user: User = Depends(get_current_user), + current_user: User = Depends(require_admin), db: AsyncSession = Depends(get_db) ) -> ResponseModel: """ 获取指定表的结构信息 + 权限:需要管理员权限 + Args: table_name: 表名