# CGP协议安全模式

## 安全模式操作概述

1. 在DbPoxy中通过cmd.json预定义数据库操作，定义CmdID作为触发索引
2. 通过CGP协议触发cmd.json预定义数据库操作.

### mongodb数据库操作演练

1.在DbPoxy所在路径下的data目录创建cmd.json文件

```
{
  "database_type": "mongodb",//数据库类型，此值必须与dbpoxy.yml配置一致
  "enable": true, //本配置文件是否启用
  "inject": "$", //全局防注入字符串，多个以英文半角豆号分隔
  "cmd": [
    {
      "db_name": "DbPoxyTestDB", //数据库名
      "table_name": "test", //表名
      "op_name": "insert", //操作符,支持insert,update,query,delete
      "inject": "$", //单指令防注入字符串，多个以英文半角豆号分隔
      "cmd_id": 1,
      "value": { //数据库操作指令
        "datetime": "{0}",
        "number": "{1}",
        "string": "{2}"
      },
      "param_count": 3 //数据库操作指令参数数量,内核会以此值验证CGP消息
    }
  ]
}
```

2.CGP协议消息指令&#x20;

```
{
"token":"password",
"msg_id":1,
"ref_topic":"dbpoxy/mongodb/result",
"ref_qos":0,
//上半部份与CGP协议一致
"save_mode":true, //使用安全模式
"cmd_id":1, //指定需要触发的预定义指令，此值填写cmd.json中的cmd_id索引
//params为操作预定义消息参数，mongodb以json形式定义消息，{0}等值对应预定义指令参数影射
"params":{"{0}":"2018-10-12T10:10:12+08:00","{1}":12345.12345655889977,"{2}":"djkfjdkfj" }
}
```

### SQL数据库操作演练

0.本次以mysql为例，先到数据库创业测试库(ldh)及users表

<div align="left"><img src="/files/-LYKHAhL3LrhOzCS4qbi" alt=""></div>

<div align="left"><img src="/files/-LYKGmunTtwz8V6J2_0S" alt=""></div>

1.在DbPoxy所在路径下的data目录创建cmd.json文件

```
{
  "database_type": "mysql",//数据库类型，此值必须与dbpoxy.yml配置一致
  "enable": true,//本配置文件是否启用
  "inject": "=",//全局防注入字符串，多个以英文半角豆号分隔
  "cmd": [
    {//新增一条数据库记录预定义，操作id,cmd_id为1，通过cmd_id对应触发
      "db_name": "ldh",//数据库名
      "table_name": "users",//表名
      "op_name": "insert",//操作符,支持insert,update,query,delete，work(事务)
      "inject": "=",//单指令防注入字符串，多个以英文半角豆号分隔
      "cmd_id": 1,
      "value": { //数据库操作指令,insert,update,delete指令使用sql_exec定义
        "sql_exec": "INSERT INTO users(age, name, num, createat) VALUES ({0}, {1}, {2}, {3})"
      },
      "param_count": 4//数据库操作指令参数数量,内核会以此值验证CGP消息
    },
    {
      "db_name": "ldh",//数据库名
      "table_name":"users",//表名
      "op_name":"query",//操作符,支持insert,update,query,delete，work(事务)
      "cmd_id": 2,
      "value": {//数据库操作指令,insert,update,delete指令使用sql_query定义
        "sql_query":"SELECT * FROM users;"
      },
      "param_count": 0
    },
    {
      "db_name": "ldh",//数据库名
      "table_name":"users",//表名
      "op_name":"work",//操作符,支持insert,update,query,delete，work(事务)
      "cmd_id": 3,
      "sql_works":[//数据库操作指令,insert,update,delete指令使用sql_works定义
        {"table_name":"users", "work":"INSERT INTO users(age, name, num, createat) VALUES ({0}, {1}, {2}, {3})","id_alias":"insertid"},
        {"table_name":"users", "work":"UPDATE users SET age={4}, name={5}  WHERE id=insertid"},
        {"table_name":"users", "work":"DELETE FROM users WHERE id=insertid"}
      ],
      "param_count": 6
    }
  ]
}
```

2.CGP协议消息指令&#x20;

2.1触发cmd.json中的cmd\_id:1指令(定义中为insert操作)

```
{
"token":"password",
"msg_id":1,
"ref_topic":"dbpoxy/mongodb/result",
"ref_qos":0,
"save_mode":true,
"cmd_id":1, //指定cmd.json中的cmd_id触发预定指令
"params":{"{0}":36, "{1}":"dfdfdf","{2}":12345.12345655889977,"{3}":"2011-12-18 13:17:17" }
}
```

返回值

```
{
  "msg_id": 1,
  "result_op": true,
  "result_changes": 1,
  "result_data": [
    {
      "id": 4
    }
  ]
}
```

2.2触发cmd.json中的cmd\_id:2指令(定义中为query操作)

```
{
"token":"password",
"msg_id":1,
"ref_topic":"dbpoxy/mongodb/result",
"ref_qos":0,
"save_mode":true,
"cmd_id":2//指定cmd.json中的cmd_id触发预定指令
}
```

返回值

```
{
  "msg_id": 1,
  "result_op": true,
  "result_changes": 4,
  "result_data": [
    {
      "age": 36,
      "createat": "2011-12-18 13:17:17",
      "id": 1,
      "name": "dfdfdf",
      "num": 12345.1
    },
    {
      "age": 36,
      "createat": "2011-12-18 13:17:17",
      "id": 2,
      "name": "dfdfdf",
      "num": 12345.1
    },
    {
      "age": 36,
      "createat": "2011-12-18 13:17:17",
      "id": 3,
      "name": "dfdfdf",
      "num": 12345.1
    },
    {
      "age": 36,
      "createat": "2011-12-18 13:17:17",
      "id": 4,
      "name": "dfdfdf",
      "num": 12345.1
    }
  ]
}
```

2.3触发cmd.json中的cmd\_id:3指令(定义中为work事务操作)

```
{
"token":"password",
"msg_id":1,
"ref_topic":"dbpoxy/mongodb/result",
"ref_qos":0,
"save_mode":true,
"cmd_id":3, //指定cmd.json中的cmd_id触发预定指令
"params":{"work": [{"{0}":36, "{1}":"dfdfdf","{2}":12345.12345655889977,"{3}":"2011-12-18 13:17:17"},{"{4}":11, "{5}":"jacob"}] }
}
```

返回值

```
{
  "msg_id": 1,
  "result_op": true,
  "result_changes": 3,
  "result_data": [
    {
      "0": 5,
      "1": 1,
      "2": 1
    }
  ]
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://coolpy7.gitbook.io/coolpy7book/cgpcoolpy-general-protocol-tong-yong-iot-wu-lian-wang-kong-zhi-xie-yi-1/cgp-xie-yi-an-quan-mo-shi.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.