From 4d1bdf790c18c8c6d1a911598f7469ef30047c71 Mon Sep 17 00:00:00 2001
From: vapao <live1989@foxmail.com>
Date: Tue, 27 Jul 2021 16:57:46 +0800
Subject: [PATCH] fix #358

---
 spug_api/apps/app/views.py                    | 5 ++++-
 spug_api/apps/config/views.py                 | 8 +++++++-
 spug_api/libs/ssh.py                          | 9 +++++----
 spug_web/src/pages/config/app/Form.js         | 7 ++++++-
 spug_web/src/pages/config/environment/Form.js | 7 ++++++-
 spug_web/src/pages/config/service/Form.js     | 7 ++++++-
 spug_web/src/pages/deploy/app/Form.js         | 7 ++++++-
 7 files changed, 40 insertions(+), 10 deletions(-)

diff --git a/spug_api/apps/app/views.py b/spug_api/apps/app/views.py
index d1c69ef..0e52b5d 100644
--- a/spug_api/apps/app/views.py
+++ b/spug_api/apps/app/views.py
@@ -12,6 +12,7 @@ from apps.setting.utils import AppSetting
 import subprocess
 import json
 import os
+import re
 
 
 class AppView(View):
@@ -30,7 +31,9 @@ class AppView(View):
             Argument('desc', required=False)
         ).parse(request.body)
         if error is None:
-            form.name = form.name.replace("'", '')
+            if not re.fullmatch(r'[-\w]+', form.key, re.ASCII):
+                return json_response(error='标识符必须为字母、数字、-和下划线的组合')
+
             app = App.objects.filter(key=form.key).first()
             if app and app.id != form.id:
                 return json_response(error=f'唯一标识符 {form.key} 已存在，请更改后重试')
diff --git a/spug_api/apps/config/views.py b/spug_api/apps/config/views.py
index 9f39a55..863ad14 100644
--- a/spug_api/apps/config/views.py
+++ b/spug_api/apps/config/views.py
@@ -7,6 +7,7 @@ from libs import json_response, JsonParser, Argument
 from apps.app.models import Deploy
 from apps.config.models import *
 import json
+import re
 
 
 class EnvironmentView(View):
@@ -25,7 +26,9 @@ class EnvironmentView(View):
             Argument('desc', required=False)
         ).parse(request.body)
         if error is None:
-            form.key = form.key.replace("'", '')
+            if not re.fullmatch(r'[-\w]+', form.key, re.ASCII):
+                return json_response(error='标识符必须为字母、数字、-和下划线的组合')
+
             env = Environment.objects.filter(key=form.key).first()
             if env and env.id != form.id:
                 return json_response(error=f'唯一标识符 {form.key} 已存在，请更改后重试')
@@ -83,6 +86,9 @@ class ServiceView(View):
             Argument('desc', required=False)
         ).parse(request.body)
         if error is None:
+            if not re.fullmatch(r'[-\w]+', form.key, re.ASCII):
+                return json_response(error='标识符必须为字母、数字、-和下划线的组合')
+
             service = Service.objects.filter(key=form.key).first()
             if service and service.id != form.id:
                 return json_response(error=f'唯一标识符 {form.key} 已存在，请更改后重试')
diff --git a/spug_api/libs/ssh.py b/spug_api/libs/ssh.py
index 56f721f..4dc7071 100644
--- a/spug_api/libs/ssh.py
+++ b/spug_api/libs/ssh.py
@@ -62,7 +62,7 @@ class SSH:
             chan.settimeout(timeout)
             chan.set_combine_stderr(True)
             if environment:
-                str_env = ' '.join(f"{k}='{self._handle_env(v)}'" for k, v in environment.items())
+                str_env = ' '.join(self._handle_env(k, v) for k, v in environment.items())
                 command = f'export {str_env} && {command}'
             chan.exec_command(command)
             stdout = chan.makefile("rb", -1)
@@ -75,7 +75,7 @@ class SSH:
             chan.settimeout(timeout)
             chan.set_combine_stderr(True)
             if environment:
-                str_env = ' '.join(f"{k}='{self._handle_env(v)}'" for k, v in environment.items())
+                str_env = ' '.join(self._handle_env(k, v) for k, v in environment.items())
                 command = f'export {str_env} && {command}'
             chan.exec_command(command)
             stdout = chan.makefile("rb", -1)
@@ -106,10 +106,11 @@ class SSH:
         except UnicodeDecodeError:
             return out.decode('GBK')
 
-    def _handle_env(self, value):
+    def _handle_env(self, key, value):
+        key = key.replace('-', '_')
         if isinstance(value, str):
             value = value.replace("'", "'\"'\"'")
-        return value
+        return f"{key}='{value}'"
 
     def __enter__(self):
         if self.client is not None:
diff --git a/spug_web/src/pages/config/app/Form.js b/spug_web/src/pages/config/app/Form.js
index 7e1dcaf..c2eb2c5 100644
--- a/spug_web/src/pages/config/app/Form.js
+++ b/spug_web/src/pages/config/app/Form.js
@@ -37,7 +37,12 @@ export default observer(function () {
         <Form.Item required name="name" label="应用名称">
           <Input placeholder="请输入应用名称，例如：订单服务"/>
         </Form.Item>
-        <Form.Item required name="key" label="唯一标识符" tooltip="应用的唯一标识符，会作为生成配置的前缀。">
+        <Form.Item
+          required
+          name="key"
+          label="唯一标识符"
+          tooltip="应用的唯一标识符，会作为生成配置的前缀。"
+          extra="可以由字母、数字、-和下划线组成。">
           <Input placeholder="请输入唯一标识符，例如：api_order"/>
         </Form.Item>
         <Form.Item name="desc" label="备注信息">
diff --git a/spug_web/src/pages/config/environment/Form.js b/spug_web/src/pages/config/environment/Form.js
index 73b14a1..520d684 100644
--- a/spug_web/src/pages/config/environment/Form.js
+++ b/spug_web/src/pages/config/environment/Form.js
@@ -37,7 +37,12 @@ export default observer(function () {
         <Form.Item required name="name" label="环境名称">
           <Input placeholder="请输入环境名称，例如：开发环境"/>
         </Form.Item>
-        <Form.Item required name="key" label="唯一标识符" tooltip="环境的唯一标识符，会在配置中心API中使用，具体请参考官方文档。">
+        <Form.Item
+          required
+          name="key"
+          label="唯一标识符"
+          tooltip="环境的唯一标识符，会在配置中心API中使用，具体请参考官方文档。"
+          extra="可以由字母、数字、-和下划线组成。">
           <Input placeholder="请输入唯一标识符，例如：dev"/>
         </Form.Item>
         <Form.Item name="desc" label="备注信息">
diff --git a/spug_web/src/pages/config/service/Form.js b/spug_web/src/pages/config/service/Form.js
index 74ac755..383e08f 100644
--- a/spug_web/src/pages/config/service/Form.js
+++ b/spug_web/src/pages/config/service/Form.js
@@ -37,7 +37,12 @@ export default observer(function () {
         <Form.Item required name="name" label="服务名称">
           <Input placeholder="请输入服务名称，例如：订单数据库"/>
         </Form.Item>
-        <Form.Item required name="key" label="唯一标识符" tooltip="服务的唯一标识符，会作为生成配置的前缀。">
+        <Form.Item
+          required
+          name="key"
+          label="唯一标识符"
+          tooltip="服务的唯一标识符，会作为生成配置的前缀。"
+          extra="可以由字母、数字、-和下划线组成。">
           <Input placeholder="请输入唯一标识符，例如：mysql_order"/>
         </Form.Item>
         <Form.Item name="desc" label="备注信息">
diff --git a/spug_web/src/pages/deploy/app/Form.js b/spug_web/src/pages/deploy/app/Form.js
index 140077b..1e9adde 100644
--- a/spug_web/src/pages/deploy/app/Form.js
+++ b/spug_web/src/pages/deploy/app/Form.js
@@ -37,7 +37,12 @@ export default observer(function () {
         <Form.Item required name="name" label="应用名称">
           <Input placeholder="请输入应用名称，例如：订单服务"/>
         </Form.Item>
-        <Form.Item required name="key" label="唯一标识符" tooltip="给应用设置的唯一标识符，会用于配置中心的配置生成。">
+        <Form.Item
+          required
+          name="key"
+          label="唯一标识符"
+          tooltip="给应用设置的唯一标识符，会用于配置中心的配置生成。"
+          extra="可以由字母、数字、-和下划线组成。">
           <Input placeholder="请输入唯一标识符，例如：api_order"/>
         </Form.Item>
         <Form.Item name="desc" label="备注信息">