Coder Social home page Coder Social logo

koa2-blog's Introduction

Koa2-blog

node+koa2+mysql

现在最新的代码有变动,请参照最新的代码,新增了上传头像、分页、markdown语法等

教程 [Node+Koa2+Mysql 搭建简易博客]

创建数据库

登录数据库

$ mysql -u root -p

创建数据库

$ create database nodesql;

使用创建的数据库

$ use nodesql;

database: nodesql tables: users posts comment (已经在lib/mysql建表)

users   posts   comment
  id     id     id  
  name     name     name  
  pass     title     content  
 avator    content       moment  
  moment    md       postid 
   -   uid       avator  
   -   moment       - 
    -  comments       - 
    -  pv       -  
    -   avator        - 
  • id主键递增
  • name: 用户名
  • pass:密码
  • avator:头像
  • title:文章标题
  • content:文章内容和评论
  • md:markdown语法
  • uid:发表文章的用户id
  • moment:创建时间
  • comments:文章评论数
  • pv:文章浏览数
  • postid:文章id
$ git clone https://github.com/wunci/Koa2-blog.git

$ cd Koa2-blog

$ cnpm i supervisor -g

$ cnpm i 

$ npm run dev(运行项目)

$ npm test(测试项目)

koa2-blog's People

Contributors

wunci avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

zhongzefeng2014 vamgoon sanshao heyff12 caize sopherwang yafxe emmasu zhixiaoqiang linjianqiang mcjeremy super-wu inwikipedia joker123will numr rain2372 wujiefeng finderl vincent1996 chenzhaohua11 sorkindeng picnic-yu bmsherry fujianlijiahan noah611 dayongs hiwangling wendy-banzhuanke liwudi 986982229 ghlualven felixtang-only teng2015 looknd q-hi-jane zoeycheung jfs126com airliuchuan erictop3 libin1991 dinggewennuan zhiblin yunsite wsldiy xiayongtao a485477 zwzhong00 zhixunqiu beyondonly kinsonpeng han6565 sheepyellow wstreet togoog luxueyan1314 wymx limingziqiang lclangcheng cuitymiko ytianzaishui liangqi0811 shanzemin jinzhan xiaobie123 jinzaizhichi frankouyang richiechoo truexin1292 douzhao zailushang211 codinglobster lisa2015 mahugui cyxuan0926 whitewolf23 busizshen yangleiqianduan gaohelong zeng08 wenghaoping thefakeworld chensh23 mqyun zhangjiabao4 chinazdg fzs755 xuanzhaotech ccccarson tokyo-lei luobaoan yzwleo xiaochuan8818 andli0626 mingkaiwang wangzuxin kennana userand fish1023 liimin ciaosom

koa2-blog's Issues

koa2-blog v1.0.0 sql injection vulnerability

A sql injection was discovered in koa2-blog 1.0.0 .There is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via:
post http://127.0.0.1:3000/signin

Vulnerability code

// 通过名字查找用户
exports.findDataByName =  ( name ) => {
  let _sql = `select * from users where name="${name}";`
  return query( _sql)
}

POC

Trigger SQL injection vulnerability by signin,we can see that the injected statement executed successfully and the page response timed out for 5S

image

关于session

博主能不能新增在一段时间过后登陆过期,重新登录的功能

环境切换问题

如果你的开发环境跟上线环境,你是怎么切换的,手动?

mysql.js 多个数据库语句操作报错

delete from posts where id = ${id}; delete from article where postsId = ${id};
数据库执行没问题

let deleteArticle = function(id){
console.log(id)
let _sql =delete from posts where id = ${id}; delete from article where postsId = ${id};
return query(_sql)
}
ER_PARSE_ERROR: You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right syntax t
o use near 'delete from posts where folderId = 41' at line 2

md5加密的问题

你好,我是个初学者,我看了你的代码有些不是很懂,为什么密码是在服务器登录验证时加密,而不是在前端加密,前端发送的是明文密码,这样子在后端加密有什么作用?

大神你用的mysql客户端是什么版本

server is running at http://localhost:3000
(node:14693) UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 1): Error: ER_NOT_SUPPORTED_AUTH_MODE: Client does not support authentication protocol requested by server; consider upgrading MySQL client
(node:14693) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

像是sql的客户端不支持

输入中文就会报错

你好,为什么我运行之后,只要输入中文就会报错啊,自己也尝试百度把数据库编码方式改为utf8,这样还是不行

Error: ER_CANT_AGGREGATE_2COLLATIONS: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,COERCIBLE) for operation '='
at Query.Sequence._packetToError (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\sequences\Sequence.js:47:14)
at Query.ErrorPacket (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\sequences\Query.js:77:18)
at Protocol._parsePacket (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Protocol.js:278:23)
at Parser.write (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Parser.js:76:12)
at Protocol.write (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Protocol.js:38:16)
at Socket. (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:91:28)
at Socket. (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:502:10)
at Socket.emit (events.js:182:13)
at addChunk (_stream_readable.js:283:12)
at readableAddChunk (_stream_readable.js:264:11)
at Socket.Readable.push (_stream_readable.js:219:10)
at TCP.onStreamRead [as onread] (internal/stream_base_commons.js:94:17)
--------------------
at Protocol._enqueue (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Protocol.js:144:48)
at PoolConnection.query (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:200:25)
at pool.getConnection (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\lib\mysql.js:19:20)
at Ping.onOperationComplete (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Pool.js:110:5)
at Ping. (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:502:10)
at Ping._callback (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:468:16)
at Ping.Sequence.end (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\sequences\Sequence.js:83:24)
at Ping.Sequence.OkPacket (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\sequences\Sequence.js:92:8)
at Protocol._parsePacket (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Protocol.js:278:23)
at Parser.write (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Parser.js:76:12)
at Protocol.write (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\protocol\Protocol.js:38:16)
at Socket. (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:91:28)
at Socket. (C:\Users\Administrator\Desktop\文件dsd\Koa2-blog-master\node_modules\mysql\lib\Connection.js:502:10)
at Socket.emit (events.js:182:13)
at addChunk (_stream_readable.js:283:12)
at readableAddChunk (_stream_readable.js:264:11)

接口重复调用

我不知道为什么,我和你一摸一样的方法,比如发表文章这个接口,我点击发表按钮,接口那里打印
var postData = ctx.request.body
console.log('/create', postData)
像这样的打印,会打印两遍,会导致我的页面没法跳转到所有文章的列表页,我很苦恼,不知道什么原因,之前登录还是注册好像也是这样,求救!!!!!

作者 你好

我拉了这个项目有些地方不明白 可以加个微信吗

@*

let query = function( sql, values ) {

return new Promise(( resolve, reject ) => {
pool.getConnection(function(err, connection) {
if (err) {
resolve( err )--------->这里为什么不是reject啊
} else {
connection.query(sql, values, ( err, rows) => {

      if ( err ) {
        reject( err )
      } else {
        resolve( rows )
      }
      connection.release()
    })
  }
})

})

}

关于部署问题

请大佬帮忙看看如何解决这个问题?感谢
pm2 start index.js
pm2 log
wechatb05503a777188109169493583bde3629

发表文章问题

博主,我想问一下,koa-blog中的发表文章功能标题和内容有字数限制吗?

koa2-blog v1.0.0 sql injection vulnerability

A sql injection was discovered in koa2-blog 1.0.0 .There is a sql injection vulnerability which allows remote attackers to Injecting a malicious SQL statement into a server via:
post http://127.0.0.1:3000/signup

Vulnerability code

// 通过名字查找用户数量判断是否已经存在
exports.findDataCountByName =  ( name ) => {
  let _sql = `select count(*) as count from users where name="${name}";`
  return query( _sql)
}
}

POC

Trigger SQL injection vulnerability by registering new users,we can see that the injected statement executed successfully and the page response timed out for 7S

image
image

非常不错的教程。

非常不错的教程,学习了,已star。

按照教程文档一步一步下来,文档中有几个小错误,但是参考了源码后都很容易解决:
1.在“实现注册页面”那里,有一个拼写错误,singup.js,实际上应该是signup.js 。
2.在“发表文章”那里,代码 router.get('/posts/:postId'...,代码贴少了,没有处理评论的相关内容。
3.删除评论时,删除某一条时,会将这一条以及之后的所有评论删除。源码中没有这个问题。
4.安装supervisor时,要么通过-g来安装,要么就通过在package.json中加script来做。

node mysql.js

请问下 node mysql.js 为什么进程会卡住,表是创建成功了,但是想问下,该进程为什么一直保持运行状态?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.