@nocobase/plugin-workflow-sql 2.1.0-beta.11 → 2.1.0-beta.13

package/dist/client/SQLInstruction.d.ts

@@ -6,8 +6,10 @@
  * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
-import { Instruction, WorkflowVariableRawTextArea } from '@nocobase/plugin-workflow/client';
+import { Instruction, WorkflowVariableInput } from '@nocobase/plugin-workflow/client';
 import React from 'react';
+declare function SQLTextArea(props: any): React.JSX.Element;
+declare function UnsafeInjectionWarning(): React.JSX.Element;
 export default class extends Instruction {
     title: string;
     type: string;
@@ -28,6 +30,10 @@ export default class extends Instruction {
             };
             default: string;
         };
+        unsafeInjection: {
+            type: string;
+            'x-component': string;
+        };
         sql: {
             type: string;
             required: boolean;
@@ -40,6 +46,63 @@ export default class extends Instruction {
                 className: string;
             };
         };
+        variables: {
+            type: string;
+            title: string;
+            description: string;
+            'x-decorator': string;
+            'x-component': string;
+            'x-reactions': {
+                dependencies: string[];
+                fulfill: {
+                    state: {
+                        visible: string;
+                    };
+                };
+            }[];
+            items: {
+                type: string;
+                properties: {
+                    space1: {
+                        type: string;
+                        'x-component': string;
+                        properties: {
+                            name: {
+                                type: string;
+                                'x-decorator': string;
+                                'x-component': string;
+                                'x-component-props': {
+                                    placeholder: string;
+                                };
+                                required: boolean;
+                            };
+                            value: {
+                                type: string;
+                                'x-decorator': string;
+                                'x-component': string;
+                                'x-component-props': {
+                                    rows: number;
+                                    placeholder: string;
+                                };
+                                required: boolean;
+                            };
+                            remove: {
+                                type: string;
+                                'x-decorator': string;
+                                'x-component': string;
+                            };
+                        };
+                    };
+                };
+            };
+            properties: {
+                add: {
+                    type: string;
+                    'x-component': string;
+                    title: string;
+                };
+            };
+        };
         withMeta: {
             type: string;
             'x-decorator': string;
@@ -51,7 +114,17 @@ export default class extends Instruction {
         sqlDescription(): React.JSX.Element;
     };
     components: {
-        WorkflowVariableRawTextArea: typeof WorkflowVariableRawTextArea;
+        SQLTextArea: typeof SQLTextArea;
+        UnsafeInjectionWarning: typeof UnsafeInjectionWarning;
+        WorkflowVariableInput: typeof WorkflowVariableInput;
+        ArrayItems: import("@formily/react").ReactFC<React.HTMLAttributes<HTMLDivElement>> & import("@formily/antd-v5").ArrayBaseMixins & {
+            Item: import("@formily/react").ReactFC<React.HTMLAttributes<HTMLDivElement> & {
+                type?: "card" | "divide";
+            }>;
+        };
+        Space: React.ForwardRefExoticComponent<import("antd").SpaceProps & React.RefAttributes<HTMLDivElement>> & {
+            Compact: React.FC<import("antd/es/space/Compact").SpaceCompactProps>;
+        };
     };
     useVariables({ key, title }: {
         key: any;
@@ -69,3 +142,4 @@ export default class extends Instruction {
     };
     testable: boolean;
 }
+export {};

package/dist/client/index.js

@@ -7,4 +7,4 @@
  * For more information, please refer to: https://www.nocobase.com/agreement.
  */
 
-!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("react"),require("@nocobase/client"),require("@ant-design/icons"),require("@nocobase/plugin-workflow/client"),require("react-i18next")):"function"==typeof define&&define.amd?define("@nocobase/plugin-workflow-sql",["react","@nocobase/client","@ant-design/icons","@nocobase/plugin-workflow/client","react-i18next"],t):"object"==typeof exports?exports["@nocobase/plugin-workflow-sql"]=t(require("react"),require("@nocobase/client"),require("@ant-design/icons"),require("@nocobase/plugin-workflow/client"),require("react-i18next")):e["@nocobase/plugin-workflow-sql"]=t(e.react,e["@nocobase/client"],e["@ant-design/icons"],e["@nocobase/plugin-workflow/client"],e["react-i18next"])}(self,function(e,t,n,r,o){return function(){"use strict";var i={482:function(e){e.exports=n},772:function(e){e.exports=t},433:function(e){e.exports=r},156:function(t){t.exports=e},238:function(e){e.exports=o}},u={};function c(e){var t=u[e];if(void 0!==t)return t.exports;var n=u[e]={exports:{}};return i[e](n,n.exports,c),n.exports}c.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return c.d(t,{a:t}),t},c.d=function(e,t){for(var n in t)c.o(t,n)&&!c.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},c.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},c.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})};var a={};return!function(){c.r(a),c.d(a,{default:function(){return k}});var e=c(772),t=c(433),n=c(156),r=c.n(n),o=c(482),i=c(238),u="@nocobase/plugin-workflow-sql";function l(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function f(e){return(f=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function s(e,t){return(s=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function p(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(p=function(){return!!e})()}function b(){var e,t,n=(e=["\n          font-size: 80%;\n          font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace;\n        "],t||(t=e.slice(0)),Object.freeze(Object.defineProperties(e,{raw:{value:Object.freeze(t)}})));return b=function(){return n},n}var y=function(n){var c;if("function"!=typeof n&&null!==n)throw TypeError("Super expression must either be null or a function");function a(){var n,c,s;if(!(this instanceof a))throw TypeError("Cannot call a class as a function");return c=a,s=arguments,c=f(c),l(n=function(e,t){var n;if(t&&("object"==((n=t)&&"undefined"!=typeof Symbol&&n.constructor===Symbol?"symbol":typeof n)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,p()?Reflect.construct(c,s||[],f(this).constructor):c.apply(this,s)),"title",'{{t("SQL action", { ns: "'.concat(u,'" })}}')),l(n,"type","sql"),l(n,"group","collection"),l(n,"description",'{{t("Execute a SQL statement in database.", { ns: "'.concat(u,'" })}}')),l(n,"icon",r().createElement(o.ConsoleSqlOutlined,{style:{}})),l(n,"fieldset",{dataSource:{type:"string",required:!0,title:'{{t("Data source")}}',description:'{{t("Select a data source to execute SQL.", { ns: "'.concat(u,'" })}}'),"x-decorator":"FormItem","x-component":"DataSourceSelect","x-component-props":{className:"auto-width",filter:function(t){return t.options.isDBInstance||t.key===e.DEFAULT_DATA_SOURCE_KEY}},default:"main"},sql:{type:"string",required:!0,title:"SQL",description:"{{sqlDescription()}}","x-decorator":"FormItem","x-component":"WorkflowVariableRawTextArea","x-component-props":{rows:20,className:(0,e.css)(b())}},withMeta:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox","x-content":'{{t("Include meta information of this query in result", { ns: "'.concat(u,'" })}}')}}),l(n,"scope",{sqlDescription:function(){return r().createElement(i.Trans,{ns:u},"SQL query result could be used through ",r().createElement("a",{href:"https://docs-cn.nocobase.com/handbook/workflow-json-query",target:"_blank",rel:"noreferrer"},"JSON query node")," (Commercial plugin).")}}),l(n,"components",{WorkflowVariableRawTextArea:t.WorkflowVariableRawTextArea}),l(n,"testable",!0),n}return a.prototype=Object.create(n&&n.prototype,{constructor:{value:a,writable:!0,configurable:!0}}),n&&s(a,n),c=[{key:"useVariables",value:function(e,n){var r,o=e.key,i=e.title,u=(n.types,n.fieldNames),c=void 0===u?t.defaultFieldNames:u;return l(r={},c.value,o),l(r,c.label,i),r}}],function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}(a.prototype,c),a}(t.Instruction);function d(e,t,n,r,o,i,u){try{var c=e[i](u),a=c.value}catch(e){n(e);return}c.done?t(a):Promise.resolve(a).then(r,o)}function v(e){return function(){var t=this,n=arguments;return new Promise(function(r,o){var i=e.apply(t,n);function u(e){d(i,r,o,u,c,"next",e)}function c(e){d(i,r,o,u,c,"throw",e)}u(void 0)})}}function h(e,t,n){return(h=x()?Reflect.construct:function(e,t,n){var r=[null];r.push.apply(r,t);var o=new(Function.bind.apply(e,r));return n&&w(o,n.prototype),o}).apply(null,arguments)}function m(e){return(m=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function w(e,t){return(w=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function g(e){var t="function"==typeof Map?new Map:void 0;return(g=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return h(e,arguments,m(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),w(n,e)})(e)}function x(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(x=function(){return!!e})()}function O(e,t){var n,r,o,i,u={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){var a=[i,c];if(n)throw TypeError("Generator is already executing.");for(;u;)try{if(n=1,r&&(o=2&a[0]?r.return:a[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,a[1])).done)return o;switch(r=0,o&&(a=[2&a[0],o.value]),a[0]){case 0:case 1:o=a;break;case 4:return u.label++,{value:a[1],done:!1};case 5:u.label++,r=a[1],a=[0];continue;case 7:a=u.ops.pop(),u.trys.pop();continue;default:if(!(o=(o=u.trys).length>0&&o[o.length-1])&&(6===a[0]||2===a[0])){u=0;continue}if(3===a[0]&&(!o||a[1]>o[0]&&a[1]<o[3])){u.label=a[1];break}if(6===a[0]&&u.label<o[1]){u.label=o[1],o=a;break}if(o&&u.label<o[2]){u.label=o[2],u.ops.push(a);break}o[2]&&u.ops.pop(),u.trys.pop();continue}a=t.call(e,u)}catch(e){a=[6,e],r=0}finally{n=o=0}if(5&a[0])throw a[1];return{value:a[0]?a[1]:void 0,done:!0}}}}var k=function(e){var t;if("function"!=typeof e&&null!==e)throw TypeError("Super expression must either be null or a function");function n(){var e,t;if(!(this instanceof n))throw TypeError("Cannot call a class as a function");return e=n,t=arguments,e=m(e),function(e,t){var n;if(t&&("object"==((n=t)&&"undefined"!=typeof Symbol&&n.constructor===Symbol?"symbol":typeof n)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,x()?Reflect.construct(e,t||[],m(this).constructor):e.apply(this,t))}return n.prototype=Object.create(e&&e.prototype,{constructor:{value:n,writable:!0,configurable:!0}}),e&&w(n,e),t=[{key:"afterAdd",value:function(){return v(function(){return O(this,function(e){return[2]})})()}},{key:"beforeLoad",value:function(){return v(function(){return O(this,function(e){return[2]})})()}},{key:"load",value:function(){var e=this;return v(function(){return O(this,function(t){return e.app.pm.get("workflow").registerInstruction("sql",y),[2]})})()}}],function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}(n.prototype,t),n}(g(e.Plugin))}(),a}()});
+!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t(require("@nocobase/client"),require("@nocobase/plugin-workflow/client"),require("@formily/antd-v5"),require("react"),require("@formily/react"),require("@nocobase/utils/client"),require("lodash"),require("@ant-design/icons"),require("antd"),require("react-i18next")):"function"==typeof define&&define.amd?define("@nocobase/plugin-workflow-sql",["@nocobase/client","@nocobase/plugin-workflow/client","@formily/antd-v5","react","@formily/react","@nocobase/utils/client","lodash","@ant-design/icons","antd","react-i18next"],t):"object"==typeof exports?exports["@nocobase/plugin-workflow-sql"]=t(require("@nocobase/client"),require("@nocobase/plugin-workflow/client"),require("@formily/antd-v5"),require("react"),require("@formily/react"),require("@nocobase/utils/client"),require("lodash"),require("@ant-design/icons"),require("antd"),require("react-i18next")):e["@nocobase/plugin-workflow-sql"]=t(e["@nocobase/client"],e["@nocobase/plugin-workflow/client"],e["@formily/antd-v5"],e.react,e["@formily/react"],e["@nocobase/utils/client"],e.lodash,e["@ant-design/icons"],e.antd,e["react-i18next"])}(self,function(e,t,n,r,o,i,a,c,u,l){return function(){"use strict";var s={482:function(e){e.exports=c},632:function(e){e.exports=n},505:function(e){e.exports=o},772:function(t){t.exports=e},433:function(e){e.exports=t},584:function(e){e.exports=i},721:function(e){e.exports=u},467:function(e){e.exports=a},156:function(e){e.exports=r},238:function(e){e.exports=l}},f={};function p(e){var t=f[e];if(void 0!==t)return t.exports;var n=f[e]={exports:{}};return s[e](n,n.exports,p),n.exports}p.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return p.d(t,{a:t}),t},p.d=function(e,t){for(var n in t)p.o(t,n)&&!p.o(e,n)&&Object.defineProperty(e,n,{enumerable:!0,get:t[n]})},p.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},p.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})};var y={};return!function(){p.r(y),p.d(y,{default:function(){return P}});var e=p(772),t=p(632),n=p(505),r=p(721),o=p(584),i=p(467),a=p(433),c=p(156),u=p.n(c),l=p(482),s=p(238),f="@nocobase/plugin-workflow-sql";function d(e,t){(null==t||t>e.length)&&(t=e.length);for(var n=0,r=Array(t);n<t;n++)r[n]=e[n];return r}function b(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function m(e){return(m=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function v(e,t){return(v=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function h(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(h=function(){return!!e})()}function x(){var e,t,n=(e=["\n          font-size: 80%;\n          font-family: Consolas, Monaco, 'Andale Mono', 'Ubuntu Mono', monospace;\n        "],t||(t=e.slice(0)),Object.freeze(Object.defineProperties(e,{raw:{value:Object.freeze(t)}})));return x=function(){return n},n}function w(e){return(0,n.useForm)().values.unsafeInjection?u().createElement(a.WorkflowVariableRawTextArea,e):u().createElement(r.Input.TextArea,e)}function g(){var e=(0,s.useTranslation)(f).t,t=(0,n.useForm)(),a=t.values;return!a.unsafeInjection||t.disabled?null:u().createElement(r.Alert,{type:"error",showIcon:!0,message:e("Current node is using unsafe injection mode (legacy), which has SQL injection risks."),action:u().createElement(r.Button,{size:"small",type:"primary",onClick:function(){var e,n=a.sql||"",r=(0,o.parse)(n),c=function(e){if(Array.isArray(e))return d(e)}(e=new Set((r.parameters||[]).map(function(e){return e.key}).filter(function(e){return e&&"string"==typeof e})))||function(e){if("undefined"!=typeof Symbol&&null!=e[Symbol.iterator]||null!=e["@@iterator"])return Array.from(e)}(e)||function(e,t){if(e){if("string"==typeof e)return d(e,void 0);var n=Object.prototype.toString.call(e).slice(8,-1);if("Object"===n&&e.constructor&&(n=e.constructor.name),"Map"===n||"Set"===n)return Array.from(n);if("Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return d(e,t)}}(e)||function(){throw TypeError("Invalid attempt to spread non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}(),u={};c.forEach(function(e,t){(0,i.set)(u,e,":var".concat(t))});var l=c.map(function(e,t){return{name:"var".concat(t),value:"{{".concat(e,"}}")}}),s=r(u);t.setValues({sql:s,variables:l,unsafeInjection:!1})}},e("Migrate to safe mode")),style:{marginBottom:16}})}var S=function(n){var o;if("function"!=typeof n&&null!==n)throw TypeError("Super expression must either be null or a function");function i(){var n,o,c;if(!(this instanceof i))throw TypeError("Cannot call a class as a function");return o=i,c=arguments,o=m(o),b(n=function(e,t){var n;if(t&&("object"==((n=t)&&"undefined"!=typeof Symbol&&n.constructor===Symbol?"symbol":typeof n)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,h()?Reflect.construct(o,c||[],m(this).constructor):o.apply(this,c)),"title",'{{t("SQL action", { ns: "'.concat(f,'" })}}')),b(n,"type","sql"),b(n,"group","collection"),b(n,"description",'{{t("Execute a SQL statement in database.", { ns: "'.concat(f,'" })}}')),b(n,"icon",u().createElement(l.ConsoleSqlOutlined,{style:{}})),b(n,"fieldset",{dataSource:{type:"string",required:!0,title:'{{t("Data source")}}',description:'{{t("Select a data source to execute SQL.", { ns: "'.concat(f,'" })}}'),"x-decorator":"FormItem","x-component":"DataSourceSelect","x-component-props":{className:"auto-width",filter:function(t){return t.options.isDBInstance||t.key===e.DEFAULT_DATA_SOURCE_KEY}},default:"main"},unsafeInjection:{type:"void","x-component":"UnsafeInjectionWarning"},sql:{type:"string",required:!0,title:"SQL",description:"{{sqlDescription()}}","x-decorator":"FormItem","x-component":"SQLTextArea","x-component-props":{rows:20,className:(0,e.css)(x())}},variables:{type:"array",title:'{{t("Parameters", { ns: "'.concat(f,'" })}}'),description:'{{t("SQL parameters. Use :name as placeholders in SQL and provide values here.", { ns: "'.concat(f,'" })}}'),"x-decorator":"FormItem","x-component":"ArrayItems","x-reactions":[{dependencies:["unsafeInjection"],fulfill:{state:{visible:"{{!$deps[0]}}"}}}],items:{type:"object",properties:{space1:{type:"void","x-component":"Space",properties:{name:{type:"string","x-decorator":"FormItem","x-component":"Input","x-component-props":{placeholder:'{{t("Name", { ns: "'.concat(f,'" })}}')},required:!0},value:{type:"string","x-decorator":"FormItem","x-component":"WorkflowVariableInput","x-component-props":{rows:1,placeholder:'{{t("Value", { ns: "'.concat(f,'" })}}')},required:!0},remove:{type:"void","x-decorator":"FormItem","x-component":"ArrayItems.Remove"}}}}},properties:{add:{type:"void","x-component":"ArrayItems.Addition",title:'{{t("Add parameter", { ns: "'.concat(f,'" })}}')}}},withMeta:{type:"boolean","x-decorator":"FormItem","x-component":"Checkbox","x-content":'{{t("Include meta information of this query in result", { ns: "'.concat(f,'" })}}')}}),b(n,"scope",{sqlDescription:function(){return u().createElement(s.Trans,{ns:f},"SQL query result could be used through ",u().createElement("a",{href:"https://docs-cn.nocobase.com/handbook/workflow-json-query",target:"_blank",rel:"noreferrer"},"JSON query node"),".")}}),b(n,"components",{SQLTextArea:w,UnsafeInjectionWarning:g,WorkflowVariableInput:a.WorkflowVariableInput,ArrayItems:t.ArrayItems,Space:r.Space}),b(n,"testable",!0),n}return i.prototype=Object.create(n&&n.prototype,{constructor:{value:i,writable:!0,configurable:!0}}),n&&v(i,n),o=[{key:"useVariables",value:function(e,t){var n,r=e.key,o=e.title,i=(t.types,t.fieldNames),c=void 0===i?a.defaultFieldNames:i;return b(n={},c.value,r),b(n,c.label,o),n}}],function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}(i.prototype,o),i}(a.Instruction);function j(e,t,n,r,o,i,a){try{var c=e[i](a),u=c.value}catch(e){n(e);return}c.done?t(u):Promise.resolve(u).then(r,o)}function q(e){return function(){var t=this,n=arguments;return new Promise(function(r,o){var i=e.apply(t,n);function a(e){j(i,r,o,a,c,"next",e)}function c(e){j(i,r,o,a,c,"throw",e)}a(void 0)})}}function O(e,t,n){return(O=_()?Reflect.construct:function(e,t,n){var r=[null];r.push.apply(r,t);var o=new(Function.bind.apply(e,r));return n&&I(o,n.prototype),o}).apply(null,arguments)}function k(e){return(k=Object.setPrototypeOf?Object.getPrototypeOf:function(e){return e.__proto__||Object.getPrototypeOf(e)})(e)}function I(e,t){return(I=Object.setPrototypeOf||function(e,t){return e.__proto__=t,e})(e,t)}function A(e){var t="function"==typeof Map?new Map:void 0;return(A=function(e){if(null===e||-1===Function.toString.call(e).indexOf("[native code]"))return e;if("function"!=typeof e)throw TypeError("Super expression must either be null or a function");if(void 0!==t){if(t.has(e))return t.get(e);t.set(e,n)}function n(){return O(e,arguments,k(this).constructor)}return n.prototype=Object.create(e.prototype,{constructor:{value:n,enumerable:!1,writable:!0,configurable:!0}}),I(n,e)})(e)}function _(){try{var e=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch(e){}return(_=function(){return!!e})()}function E(e,t){var n,r,o,i,a={label:0,sent:function(){if(1&o[0])throw o[1];return o[1]},trys:[],ops:[]};return i={next:c(0),throw:c(1),return:c(2)},"function"==typeof Symbol&&(i[Symbol.iterator]=function(){return this}),i;function c(i){return function(c){var u=[i,c];if(n)throw TypeError("Generator is already executing.");for(;a;)try{if(n=1,r&&(o=2&u[0]?r.return:u[0]?r.throw||((o=r.return)&&o.call(r),0):r.next)&&!(o=o.call(r,u[1])).done)return o;switch(r=0,o&&(u=[2&u[0],o.value]),u[0]){case 0:case 1:o=u;break;case 4:return a.label++,{value:u[1],done:!1};case 5:a.label++,r=u[1],u=[0];continue;case 7:u=a.ops.pop(),a.trys.pop();continue;default:if(!(o=(o=a.trys).length>0&&o[o.length-1])&&(6===u[0]||2===u[0])){a=0;continue}if(3===u[0]&&(!o||u[1]>o[0]&&u[1]<o[3])){a.label=u[1];break}if(6===u[0]&&a.label<o[1]){a.label=o[1],o=u;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(u);break}o[2]&&a.ops.pop(),a.trys.pop();continue}u=t.call(e,a)}catch(e){u=[6,e],r=0}finally{n=o=0}if(5&u[0])throw u[1];return{value:u[0]?u[1]:void 0,done:!0}}}}var P=function(e){var t;if("function"!=typeof e&&null!==e)throw TypeError("Super expression must either be null or a function");function n(){var e,t;if(!(this instanceof n))throw TypeError("Cannot call a class as a function");return e=n,t=arguments,e=k(e),function(e,t){var n;if(t&&("object"==((n=t)&&"undefined"!=typeof Symbol&&n.constructor===Symbol?"symbol":typeof n)||"function"==typeof t))return t;if(void 0===e)throw ReferenceError("this hasn't been initialised - super() hasn't been called");return e}(this,_()?Reflect.construct(e,t||[],k(this).constructor):e.apply(this,t))}return n.prototype=Object.create(e&&e.prototype,{constructor:{value:n,writable:!0,configurable:!0}}),e&&I(n,e),t=[{key:"afterAdd",value:function(){return q(function(){return E(this,function(e){return[2]})})()}},{key:"beforeLoad",value:function(){return q(function(){return E(this,function(e){return[2]})})()}},{key:"load",value:function(){var e=this;return q(function(){return E(this,function(t){return e.app.pm.get("workflow").registerInstruction("sql",S),[2]})})()}}],function(e,t){for(var n=0;n<t.length;n++){var r=t[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(e,r.key,r)}}(n.prototype,t),n}(A(e.Plugin))}(),y}()});

package/dist/externalVersion.js

@@ -8,14 +8,18 @@
  */
 
 module.exports = {
-  "@nocobase/client": "2.1.0-beta.11",
-  "@nocobase/plugin-workflow": "2.1.0-beta.11",
+  "@nocobase/client": "2.1.0-beta.13",
+  "@formily/antd-v5": "1.2.3",
+  "@formily/react": "2.3.7",
+  "antd": "5.24.2",
+  "@nocobase/utils": "2.1.0-beta.13",
+  "lodash": "4.17.21",
+  "@nocobase/plugin-workflow": "2.1.0-beta.13",
   "react": "18.2.0",
   "@ant-design/icons": "5.6.1",
   "react-i18next": "11.18.6",
-  "@nocobase/server": "2.1.0-beta.11",
-  "@nocobase/data-source-manager": "2.1.0-beta.11",
-  "@nocobase/plugin-workflow-test": "2.1.0-beta.11",
-  "@nocobase/test": "2.1.0-beta.11",
-  "@nocobase/utils": "2.1.0-beta.11"
+  "@nocobase/server": "2.1.0-beta.13",
+  "@nocobase/data-source-manager": "2.1.0-beta.13",
+  "@nocobase/plugin-workflow-test": "2.1.0-beta.13",
+  "@nocobase/test": "2.1.0-beta.13"
 };

package/dist/locale/de-DE.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Führt eine SQL-Anweisung in der Datenbank aus.",
   "Include meta information of this query in result": "Metainformationen dieser Abfrage im Ergebnis einschließen",
   "SQL action": "SQL-Aktion",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL-Abfrageergebnisse können über <1>JSON-Abfrageknoten</1> verwendet werden (kommerzielles Plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL-Abfrageergebnisse können über <1>JSON-Abfrageknoten</1> verwendet werden.",
   "Select a data source to execute SQL.": "Wählen Sie eine Datenquelle zur Ausführung von SQL aus",
-  "Usage of SQL query result is not supported yet.": "Die Verwendung von SQL-Abfrageergebnissen wird noch nicht unterstützt."
+  "Usage of SQL query result is not supported yet.": "Die Verwendung von SQL-Abfrageergebnissen wird noch nicht unterstützt.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Der aktuelle Knoten verwendet den unsicheren Injektionsmodus (Legacy), der SQL-Injection-Risiken birgt.",
+  "Migrate to safe mode": "In sicheren Modus migrieren",
+  "Parameters": "Parameter",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL-Parameter. Verwenden Sie :name als Platzhalter in SQL und geben Sie hier die Werte an.",
+  "Name": "Name",
+  "Value": "Wert",
+  "Add parameter": "Parameter hinzufügen"
 }

package/dist/locale/en-US.json

@@ -3,7 +3,15 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "Parameters": "Parameters",
+  "SQL parameters. Use $1, $2, etc. as placeholders in SQL and provide values here in order.": "SQL parameters. Use $1, $2, etc. as placeholders in SQL and provide values here in order.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
   "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
 }

package/dist/locale/es-ES.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/fr-FR.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/hu-HU.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "SQL utasítás végrehajtása az adatbázisban.",
   "Include meta information of this query in result": "A lekérdezés metainformációinak belefoglalása az eredménybe",
   "SQL action": "SQL művelet",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "Az SQL lekérdezés eredménye a <1>JSON lekérdezési csomóponton</1> keresztül használható (Kereskedelmi bővítmény).",
+  "SQL query result could be used through <1>JSON query node</1>.": "Az SQL lekérdezés eredménye a <1>JSON lekérdezési csomóponton</1> keresztül használható.",
   "Select a data source to execute SQL.": "Válasszon adatforrást az SQL végrehajtásához.",
-  "Usage of SQL query result is not supported yet.": "Az SQL lekérdezési eredmény használata még nem támogatott."
+  "Usage of SQL query result is not supported yet.": "Az SQL lekérdezési eredmény használata még nem támogatott.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "A jelenlegi csomópont nem biztonságos injektálási módot (örökölt) használ, amely SQL injektálási kockázatot jelent.",
+  "Migrate to safe mode": "Migrálás biztonságos módba",
+  "Parameters": "Paraméterek",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL paraméterek. Használja a :name-t helyőrzőként az SQL-ben, és adja meg itt az értékeket.",
+  "Name": "Név",
+  "Value": "Érték",
+  "Add parameter": "Paraméter hozzáadása"
 }

package/dist/locale/id-ID.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Jalankan pernyataan SQL dalam database.",
   "Include meta information of this query in result": "Sertakan informasi meta kueri ini dalam hasil",
   "SQL action": "Tindakan SQL",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "Hasil kueri SQL dapat digunakan melalui <1>node kueri JSON</1> (Plugin Komersial).",
+  "SQL query result could be used through <1>JSON query node</1>.": "Hasil kueri SQL dapat digunakan melalui <1>node kueri JSON</1>.",
   "Select a data source to execute SQL.": "Pilih sumber data untuk menjalankan SQL.",
-  "Usage of SQL query result is not supported yet.": "Penggunaan hasil kueri SQL belum didukung."
+  "Usage of SQL query result is not supported yet.": "Penggunaan hasil kueri SQL belum didukung.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Node saat ini menggunakan mode injeksi tidak aman (legacy), yang memiliki risiko injeksi SQL.",
+  "Migrate to safe mode": "Migrasi ke mode aman",
+  "Parameters": "Parameter",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "Parameter SQL. Gunakan :name sebagai placeholder di SQL dan berikan nilainya di sini.",
+  "Name": "Nama",
+  "Value": "Nilai",
+  "Add parameter": "Tambah parameter"
 }

package/dist/locale/it-IT.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Esegui un'istruzione SQL nel database.",
   "Include meta information of this query in result": "Includi meta informazioni di questa query nel risultato",
   "SQL action": "Azione SQL",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "Il risultato della query SQL potrebbe essere utilizzato tramite il <1>nodo JSON query</1>（plugin commerciale).",
+  "SQL query result could be used through <1>JSON query node</1>.": "Il risultato della query SQL potrebbe essere utilizzato tramite il <1>nodo JSON query</1>.",
   "Select a data source to execute SQL.": "Seleziona un origine dati per eseguire SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Il nodo corrente utilizza la modalità di iniezione non sicura (legacy), che comporta rischi di SQL injection.",
+  "Migrate to safe mode": "Migra alla modalità sicura",
+  "Parameters": "Parametri",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "Parametri SQL. Usa :name come segnaposto in SQL e fornisci i valori qui.",
+  "Name": "Nome",
+  "Value": "Valore",
+  "Add parameter": "Aggiungi parametro"
 }

package/dist/locale/ja-JP.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "データベース内でSQL文を実行します。",
   "Include meta information of this query in result": "結果にこのクエリのメタ情報を含める",
   "SQL action": "SQL操作",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQLクエリ結果は<1>JSONクエリノード</1>を介して使用できます（商用プラグイン）。",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQLクエリ結果は<1>JSONクエリノード</1>を介して使用できます。",
   "Select a data source to execute SQL.": "SQLを実行するためのデータソースを選択します。",
-  "Usage of SQL query result is not supported yet.": "SQLクエリ結果はまだサポートされていません"
+  "Usage of SQL query result is not supported yet.": "SQLクエリ結果はまだサポートされていません",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "現在のノードは安全でないインジェクションモード（レガシー）を使用しており、SQLインジェクションのリスクがあります。",
+  "Migrate to safe mode": "安全モードに移行",
+  "Parameters": "パラメータ",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQLパラメータ。SQLで :name をプレースホルダとして使用し、ここで値を指定します。",
+  "Name": "名前",
+  "Value": "値",
+  "Add parameter": "パラメータを追加"
 }

package/dist/locale/ko-KR.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "데이터베이스에서 SQL 문을 실행합니다.",
   "Include meta information of this query in result": "결과에 쿼리 메타 정보 포함",
   "SQL action": "SQL 작업",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL 쿼리 결과는 <1>JSON 쿼리 노드</1>(상용 플러그인)로 사용할 수 있습니다.",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL 쿼리 결과는 <1>JSON 쿼리 노드</1>를 통해 사용할 수 있습니다.",
   "Select a data source to execute SQL.": "SQL을 실행할 데이터 소스 선택",
-  "Usage of SQL query result is not supported yet.": "SQL 쿼리 결과 사용은 아직 지원되지 않습니다."
+  "Usage of SQL query result is not supported yet.": "SQL 쿼리 결과 사용은 아직 지원되지 않습니다.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "현재 노드는 안전하지 않은 주입 모드(레거시)를 사용하고 있으며 SQL 주입 위험이 있습니다.",
+  "Migrate to safe mode": "안전 모드로 마이그레이션",
+  "Parameters": "매개변수",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL 매개변수. SQL에서 :name을 자리 표시자로 사용하고 여기에 값을 제공하세요.",
+  "Name": "이름",
+  "Value": "값",
+  "Add parameter": "매개변수 추가"
 }

package/dist/locale/nl-NL.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/pt-BR.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/ru-RU.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Выполнить SQL-запрос в базе данных.",
   "Include meta information of this query in result": "Включить метаинформацию этого запроса в результат",
   "SQL action": "Действие SQL",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "Результат SQL-запроса может быть использован через узел <1>JSON-запроса</1> (коммерческий плагин).",
+  "SQL query result could be used through <1>JSON query node</1>.": "Результат SQL-запроса может быть использован через узел <1>JSON-запроса</1>.",
   "Select a data source to execute SQL.": "Выберите источник данных для выполнения SQL.",
-  "Usage of SQL query result is not supported yet.": "Использование результата SQL-запроса пока не поддерживается."
+  "Usage of SQL query result is not supported yet.": "Использование результата SQL-запроса пока не поддерживается.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Текущий узел использует небезопасный режим инъекции (устаревший), который имеет риски SQL-инъекции.",
+  "Migrate to safe mode": "Перейти в безопасный режим",
+  "Parameters": "Параметры",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "Параметры SQL. Используйте :name в качестве заполнителей в SQL и укажите значения здесь.",
+  "Name": "Имя",
+  "Value": "Значение",
+  "Add parameter": "Добавить параметр"
 }

package/dist/locale/tr-TR.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/uk-UA.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/vi-VN.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "Current node is using unsafe injection mode (legacy), which has SQL injection risks.",
+  "Migrate to safe mode": "Migrate to safe mode",
+  "Parameters": "Parameters",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL parameters. Use :name as placeholders in SQL and provide values here.",
+  "Name": "Name",
+  "Value": "Value",
+  "Add parameter": "Add parameter"
 }

package/dist/locale/zh-CN.json

@@ -3,7 +3,15 @@
   "Execute a SQL statement in database.": "在数据库中执行一个 SQL 语句",
   "Include meta information of this query in result": "在结果中包含此查询的元信息",
   "SQL action": "SQL 操作",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL 执行的结果可在 <1>JSON 解析节点</1> 中使用（商业插件）。",
+  "Parameters": "参数",
+  "SQL parameters. Use $1, $2, etc. as placeholders in SQL and provide values here in order.": "SQL 参数。在 SQL 中使用 $1, $2 等作为占位符，并按顺序在此提供对应的值。",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "当前节点使用了不安全注入模式（遗留），存在 SQL 注入风险。",
+  "Migrate to safe mode": "迁移至安全模式",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL 参数。在 SQL 中使用 :name 作为占位符，并在此提供对应的值。",
+  "Name": "名称",
+  "Value": "值",
+  "Add parameter": "添加参数",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL 执行的结果可在 <1>JSON 解析节点</1> 中使用。",
   "Select a data source to execute SQL.": "选择一个数据源来执行 SQL",
   "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
-}
+}

package/dist/locale/zh-TW.json

@@ -3,7 +3,14 @@
   "Execute a SQL statement in database.": "Execute a SQL statement in database.",
   "Include meta information of this query in result": "Include meta information of this query in result",
   "SQL action": "SQL action",
-  "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).": "SQL query result could be used through <1>JSON query node</1> (Commercial plugin).",
+  "SQL query result could be used through <1>JSON query node</1>.": "SQL query result could be used through <1>JSON query node</1>.",
   "Select a data source to execute SQL.": "Select a data source to execute SQL.",
-  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet."
-}
+  "Usage of SQL query result is not supported yet.": "Usage of SQL query result is not supported yet.",
+  "Current node is using unsafe injection mode (legacy), which has SQL injection risks.": "當前節點使用了不安全注入模式（遺留），存在 SQL 注入風險。",
+  "Migrate to safe mode": "遷移至安全模式",
+  "SQL parameters. Use :name as placeholders in SQL and provide values here.": "SQL 參數。在 SQL 中使用 :name 作為佔位符，並在此提供對應的值。",
+  "Parameters": "參數",
+  "Name": "名稱",
+  "Value": "值",
+  "Add parameter": "添加參數"
+}

package/dist/server/SQLInstruction.d.ts

@@ -11,6 +11,11 @@ export type SQLInstructionConfig = {
     dataSource?: string;
     sql?: string;
     withMeta?: boolean;
+    unsafeInjection?: boolean;
+    variables?: Array<{
+        name: string;
+        value: any;
+    }>;
 };
 export default class extends Instruction {
     run(node: FlowNodeModel, input: any, processor: Processor): Promise<{
@@ -20,7 +25,7 @@ export default class extends Instruction {
         result: unknown[];
         status: 1;
     }>;
-    test({ dataSource, sql, withMeta }?: SQLInstructionConfig): Promise<{
+    test({ dataSource, sql: sqlConfig, withMeta, unsafeInjection, variables: variablesConfig, }?: SQLInstructionConfig): Promise<{
         result: unknown[];
         status: 1;
     } | {

package/dist/server/SQLInstruction.js

@@ -38,14 +38,28 @@ class SQLInstruction_default extends import_plugin_workflow.Instruction {
     if (!(collectionManager instanceof import_data_source_manager.SequelizeCollectionManager)) {
       throw new Error(`type of data source "${node.config.dataSource}" is not database`);
     }
-    const sql = processor.getParsedValue(node.config.sql || "", node.id).trim();
+    const { unsafeInjection = false, variables: variablesConfig = [] } = node.config;
+    let sql = "";
+    let replacements = null;
+    if (unsafeInjection) {
+      sql = processor.getParsedValue(node.config.sql || "", node.id).trim();
+    } else {
+      sql = (node.config.sql || "").trim();
+      replacements = {};
+      for (const { name, value } of variablesConfig) {
+        if (name) {
+          replacements[name] = processor.getParsedValue(value, node.id);
+        }
+      }
+    }
     if (!sql) {
       return {
         status: import_plugin_workflow.JOB_STATUS.RESOLVED
       };
     }
     const [result = null, meta = null] = await collectionManager.db.sequelize.query(sql, {
-      transaction: this.workflow.useDataSourceTransaction(dataSourceName, processor.transaction)
+      transaction: this.workflow.useDataSourceTransaction(dataSourceName, processor.transaction),
+      replacements
       // plain: true,
       // model: db.getCollection(node.config.collection).model
     }) ?? [];
@@ -54,8 +68,14 @@ class SQLInstruction_default extends import_plugin_workflow.Instruction {
       status: import_plugin_workflow.JOB_STATUS.RESOLVED
     };
   }
-  async test({ dataSource, sql, withMeta } = {}) {
-    if (!sql) {
+  async test({
+    dataSource,
+    sql: sqlConfig,
+    withMeta,
+    unsafeInjection = false,
+    variables: variablesConfig = []
+  } = {}) {
+    if (!sqlConfig) {
       return {
         result: null,
         status: import_plugin_workflow.JOB_STATUS.RESOLVED
@@ -67,7 +87,20 @@ class SQLInstruction_default extends import_plugin_workflow.Instruction {
       throw new Error(`type of data source "${dataSource}" is not database`);
     }
     try {
-      const [result = null, meta = null] = await collectionManager.db.sequelize.query(sql) ?? [];
+      let sql = "";
+      let replacements = null;
+      if (unsafeInjection) {
+        sql = sqlConfig.trim();
+      } else {
+        sql = sqlConfig.trim();
+        replacements = {};
+        for (const { name, value } of variablesConfig) {
+          if (name) {
+            replacements[name] = value;
+          }
+        }
+      }
+      const [result = null, meta = null] = await collectionManager.db.sequelize.query(sql, { replacements }) ?? [];
       return {
         result: withMeta ? [result, meta] : result,
         status: import_plugin_workflow.JOB_STATUS.RESOLVED

package/dist/server/migrations/20260327120000-add-unsafe-injection-flag.d.ts

@@ -0,0 +1,13 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+import { Migration } from '@nocobase/server';
+export default class extends Migration {
+    appVersion: string;
+    up(): Promise<void>;
+}

package/dist/server/migrations/20260327120000-add-unsafe-injection-flag.js

@@ -0,0 +1,65 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var add_unsafe_injection_flag_exports = {};
+__export(add_unsafe_injection_flag_exports, {
+  default: () => add_unsafe_injection_flag_default
+});
+module.exports = __toCommonJS(add_unsafe_injection_flag_exports);
+var import_server = require("@nocobase/server");
+var import_utils = require("@nocobase/utils");
+class add_unsafe_injection_flag_default extends import_server.Migration {
+  appVersion = "<2.0.30";
+  async up() {
+    const { db } = this.context;
+    const NodeRepo = db.getRepository("flow_nodes");
+    await db.sequelize.transaction(async (transaction) => {
+      const nodes = await NodeRepo.find({
+        filter: {
+          type: "sql"
+        },
+        transaction
+      });
+      await nodes.reduce(
+        (promise, node) => promise.then(() => {
+          var _a, _b;
+          const sql = ((_a = node.config) == null ? void 0 : _a.sql) || "";
+          const template = (0, import_utils.parse)(sql);
+          if (!((_b = template.parameters) == null ? void 0 : _b.length)) {
+            return;
+          }
+          node.set("config", { ...node.config, unsafeInjection: true });
+          node.changed("config", true);
+          return node.save({
+            silent: true,
+            transaction
+          });
+        }),
+        Promise.resolve()
+      );
+    });
+  }
+}

package/package.json

@@ -6,7 +6,7 @@
   "description": "Execute SQL statements in workflow.",
   "description.ru-RU": "Выполняет SQL-запросы в рамках рабочего процесса.",
   "description.zh-CN": "可用于在工作流中对数据库执行任意 SQL 语句。",
-  "version": "2.1.0-beta.11",
+  "version": "2.1.0-beta.13",
   "license": "Apache-2.0",
   "main": "./dist/server/index.js",
   "homepage": "https://docs.nocobase.com/handbook/workflow-sql",
@@ -24,7 +24,7 @@
     "@nocobase/server": "2.x",
     "@nocobase/test": "2.x"
   },
-  "gitHead": "b02e78b928f476d848b88bc545d3acddca00fe3c",
+  "gitHead": "691716e5f4e5f8bd3859d65bc8a29b4e3c32209b",
   "keywords": [
     "Workflow"
   ]