diff --git a/web/static/css/style.css b/web/static/css/style.css index 3b254183..a8403ddf 100644 --- a/web/static/css/style.css +++ b/web/static/css/style.css @@ -9646,6 +9646,31 @@ header { background: var(--bg-secondary); border: 1px solid var(--border-color); } +.webshell-ai-msg.assistant.webshell-ai-msg-error { + max-width: 72%; + border-color: rgba(220, 53, 69, 0.35); + background: rgba(220, 53, 69, 0.06); +} +.webshell-ai-error-head { + color: var(--error-color); + font-weight: 600; + line-height: 1.45; +} +.webshell-ai-error-detail { + margin-top: 6px; + font-size: 0.82rem; +} +.webshell-ai-error-detail summary { + cursor: pointer; + color: var(--text-secondary); +} +.webshell-ai-error-detail pre { + margin-top: 6px; + max-height: 140px; + overflow: auto; + white-space: pre-wrap; + word-break: break-word; +} /* AI 助手 markdown 渲染优化:避免行间距离过大和内容横向溢出 */ .webshell-ai-msg.assistant { /* markdown 里已经有块级元素,不需要再整体 pre-wrap,否则容易在块之间产生“空行”感 */ @@ -9757,6 +9782,152 @@ header { justify-content: center; } +/* WebShell 数据库管理 Tab */ +.webshell-pane-db { + flex: 1; + min-height: 0; + flex-direction: column; + gap: 12px; + padding: 14px; + overflow: hidden; + background: linear-gradient(180deg, rgba(2, 6, 23, 0.015) 0%, rgba(2, 6, 23, 0.03) 100%); + border-radius: 10px; +} +.webshell-db-toolbar { + display: grid; + grid-template-columns: repeat(4, minmax(160px, 1fr)); + gap: 12px; + padding: 14px; + border: 1px solid rgba(15, 23, 42, 0.08); + border-radius: 12px; + background: linear-gradient(180deg, rgba(255, 255, 255, 0.98) 0%, rgba(248, 250, 252, 0.96) 100%); + box-shadow: 0 6px 20px rgba(15, 23, 42, 0.06), inset 0 1px 0 rgba(255, 255, 255, 0.9); +} +.webshell-db-toolbar label { + display: flex; + flex-direction: column; + gap: 6px; + min-width: 0; + padding: 8px 10px; + border-radius: 10px; + background: rgba(255, 255, 255, 0.82); + border: 1px solid rgba(15, 23, 42, 0.08); + transition: border-color 0.2s ease, box-shadow 0.2s ease, transform 0.2s ease; +} +.webshell-db-toolbar label:focus-within { + border-color: rgba(0, 102, 255, 0.38); + box-shadow: 0 0 0 2px rgba(0, 102, 255, 0.12); + transform: translateY(-1px); +} +.webshell-db-toolbar label span { + font-size: 0.75rem; + color: var(--text-secondary); + font-weight: 600; + letter-spacing: 0.03em; + text-transform: uppercase; +} +.webshell-db-toolbar .form-control { + height: 36px; + border-radius: 8px; + border: 1px solid rgba(15, 23, 42, 0.16); + background: #fff; + font-size: 0.9rem; + padding-left: 10px; + padding-right: 10px; + transition: border-color 0.2s ease, box-shadow 0.2s ease, background-color 0.2s ease; +} +.webshell-db-toolbar .form-control:focus { + border-color: var(--accent-color); + box-shadow: 0 0 0 2px rgba(0, 102, 255, 0.1); + background: #fff; +} +#webshell-db-sqlite-row { + grid-column: 1 / -1; +} +.webshell-db-sql { + width: 100%; + min-height: 140px; + resize: vertical; + font-family: var(--font-mono, Menlo, Monaco, Consolas, "Courier New", monospace); + padding: 10px 12px; + border-radius: 10px; + border: 1px solid var(--border-color); + background: var(--bg-primary); + line-height: 1.45; + box-shadow: 0 1px 2px rgba(15, 23, 42, 0.03); +} +.webshell-db-sql:focus { + border-color: var(--accent-color); + box-shadow: 0 0 0 2px rgba(0, 102, 255, 0.12); +} +.webshell-db-actions { + display: flex; + gap: 8px; + align-items: center; +} +.webshell-db-actions .btn-primary, +.webshell-db-actions .btn-ghost { + min-width: 96px; + height: 34px; + border-radius: 8px; +} +.webshell-db-output-wrap { + flex: 1; + min-height: 0; + border: 1px solid var(--border-color); + border-radius: 10px; + background: var(--bg-primary); + display: flex; + flex-direction: column; + box-shadow: 0 1px 2px rgba(15, 23, 42, 0.04); +} +.webshell-db-output-title { + padding: 9px 12px; + border-bottom: 1px solid var(--border-color); + font-size: 0.82rem; + font-weight: 600; + letter-spacing: 0.01em; + color: var(--text-secondary); + background: linear-gradient(180deg, rgba(2, 6, 23, 0.015) 0%, transparent 100%); +} +.webshell-db-output { + flex: 1; + margin: 0; + padding: 12px; + overflow: auto; + white-space: pre-wrap; + word-break: break-word; + font-family: var(--font-mono, Menlo, Monaco, Consolas, "Courier New", monospace); + font-size: 0.82rem; + line-height: 1.5; + color: var(--text-primary); +} +.webshell-db-output.error { + color: var(--error-color); +} +.webshell-db-hint { + border-top: 1px solid var(--border-color); + font-size: 0.76rem; + color: var(--text-secondary); + padding: 8px 12px; + background: rgba(2, 6, 23, 0.02); +} +@media (max-width: 1280px) { + .webshell-db-toolbar { + grid-template-columns: repeat(3, minmax(140px, 1fr)); + } +} +@media (max-width: 980px) { + .webshell-db-toolbar { + grid-template-columns: repeat(2, minmax(140px, 1fr)); + } +} +@media (max-width: 700px) { + .webshell-db-toolbar { + grid-template-columns: 1fr; + } +} + /* 仪表盘页面样式(最佳实践布局 + 视觉增强) */ .dashboard-page { height: 100%; diff --git a/web/static/i18n/en-US.json b/web/static/i18n/en-US.json index 1d9fd0fc..b0ddd1cb 100644 --- a/web/static/i18n/en-US.json +++ b/web/static/i18n/en-US.json @@ -373,6 +373,23 @@ "tabTerminal": "Virtual terminal", "tabFileManager": "File manager", "tabAiAssistant": "AI Assistant", + "tabDbManager": "Database Manager", + "dbType": "Database type", + "dbHost": "Host", + "dbPort": "Port", + "dbUsername": "Username", + "dbPassword": "Password", + "dbName": "Database name", + "dbSqlitePath": "SQLite file path", + "dbSqlPlaceholder": "Enter SQL, e.g. SELECT version();", + "dbRunSql": "Run SQL", + "dbTest": "Test connection", + "dbOutput": "Output", + "dbNoConn": "Please select a WebShell connection first", + "dbSqlRequired": "Please enter SQL", + "dbRunning": "Database command is running, please wait", + "dbCliHint": "If command not found appears, install mysql/psql/sqlite3/sqlcmd on the target host first", + "dbExecFailed": "Database execution failed", "aiSystemReadyMessage": "System is ready. Please enter your test requirements, and the system will automatically perform the corresponding security tests.", "aiNewConversation": "New conversation", "aiPreviousConversation": "Previous conversation", diff --git a/web/static/i18n/zh-CN.json b/web/static/i18n/zh-CN.json index 3395c1ce..289c77e4 100644 --- a/web/static/i18n/zh-CN.json +++ b/web/static/i18n/zh-CN.json @@ -373,6 +373,23 @@ "tabTerminal": "虚拟终端", "tabFileManager": "文件管理", "tabAiAssistant": "AI 助手", + "tabDbManager": "数据库管理", + "dbType": "数据库类型", + "dbHost": "主机", + "dbPort": "端口", + "dbUsername": "用户名", + "dbPassword": "密码", + "dbName": "数据库名", + "dbSqlitePath": "SQLite 文件路径", + "dbSqlPlaceholder": "输入 SQL,例如:SELECT version();", + "dbRunSql": "执行 SQL", + "dbTest": "测试连接", + "dbOutput": "执行输出", + "dbNoConn": "请先选择 WebShell 连接", + "dbSqlRequired": "请输入 SQL", + "dbRunning": "数据库命令执行中,请稍候", + "dbCliHint": "如果提示命令不存在,请先在目标主机安装对应客户端(mysql/psql/sqlite3/sqlcmd)", + "dbExecFailed": "数据库执行失败", "aiSystemReadyMessage": "系统已就绪。请输入您的测试需求,系统将自动执行相应的安全测试。", "aiNewConversation": "新对话", "aiPreviousConversation": "之前的对话", diff --git a/web/static/js/webshell.js b/web/static/js/webshell.js index c487c3b0..78185c0b 100644 --- a/web/static/js/webshell.js +++ b/web/static/js/webshell.js @@ -23,6 +23,7 @@ let webshellClearInProgress = false; // AI 助手:按连接 ID 保存对话 ID,便于多轮对话 let webshellAiConvMap = {}; let webshellAiSending = false; +let webshellDbConfigByConn = {}; // 流式打字机效果:当前会话的 response 序号,用于中止过期的打字 let webshellStreamingTypingId = 0; let webshellProbeStatusById = {}; @@ -89,6 +90,23 @@ function wsT(key) { 'webshell.tabTerminal': '虚拟终端', 'webshell.tabFileManager': '文件管理', 'webshell.tabAiAssistant': 'AI 助手', + 'webshell.tabDbManager': '数据库管理', + 'webshell.dbType': '数据库类型', + 'webshell.dbHost': '主机', + 'webshell.dbPort': '端口', + 'webshell.dbUsername': '用户名', + 'webshell.dbPassword': '密码', + 'webshell.dbName': '数据库名', + 'webshell.dbSqlitePath': 'SQLite 文件路径', + 'webshell.dbSqlPlaceholder': '输入 SQL,例如:SELECT version();', + 'webshell.dbRunSql': '执行 SQL', + 'webshell.dbTest': '测试连接', + 'webshell.dbOutput': '执行输出', + 'webshell.dbNoConn': '请先选择 WebShell 连接', + 'webshell.dbSqlRequired': '请输入 SQL', + 'webshell.dbRunning': '数据库命令执行中,请稍候', + 'webshell.dbCliHint': '如果提示命令不存在,请先在目标主机安装对应客户端(mysql/psql/sqlite3/sqlcmd)', + 'webshell.dbExecFailed': '数据库执行失败', 'webshell.aiSystemReadyMessage': '系统已就绪。请输入您的测试需求,系统将自动执行相应的安全测试。', 'webshell.aiPlaceholder': '例如:列出当前目录下的文件', 'webshell.aiSend': '发送', @@ -480,6 +498,187 @@ function escapeHtml(s) { return div.innerHTML; } +function escapeSingleQuotedShellArg(value) { + var s = value == null ? '' : String(value); + return "'" + s.replace(/'/g, "'\\''") + "'"; +} + +function safeConnIdForStorage(conn) { + if (!conn || !conn.id) return ''; + return String(conn.id).replace(/[^\w.-]/g, '_'); +} + +function getWebshellDbConfig(conn) { + var key = 'webshell_db_cfg_' + safeConnIdForStorage(conn); + if (!key) return { + type: 'mysql', host: '127.0.0.1', port: '3306', username: 'root', password: '', database: '', sqlitePath: '/tmp/test.db', sql: 'SELECT 1;' + }; + if (webshellDbConfigByConn[key]) return webshellDbConfigByConn[key]; + var def = { + type: 'mysql', + host: '127.0.0.1', + port: '3306', + username: 'root', + password: '', + database: '', + sqlitePath: '/tmp/test.db', + sql: 'SELECT 1;' + }; + try { + var raw = localStorage.getItem(key); + if (raw) { + var parsed = JSON.parse(raw); + if (parsed && typeof parsed === 'object') { + def = Object.assign(def, parsed); + } + } + } catch (e) {} + webshellDbConfigByConn[key] = def; + return def; +} + +function saveWebshellDbConfig(conn, cfg) { + var key = 'webshell_db_cfg_' + safeConnIdForStorage(conn); + if (!key || !cfg) return; + webshellDbConfigByConn[key] = cfg; + try { localStorage.setItem(key, JSON.stringify(cfg)); } catch (e) {} +} + +function webshellDbGetFieldValue(id) { + var el = document.getElementById(id); + return el && typeof el.value === 'string' ? el.value.trim() : ''; +} + +function webshellDbCollectConfig(conn) { + var cfg = { + type: webshellDbGetFieldValue('webshell-db-type') || 'mysql', + host: webshellDbGetFieldValue('webshell-db-host') || '127.0.0.1', + port: webshellDbGetFieldValue('webshell-db-port') || '', + username: webshellDbGetFieldValue('webshell-db-user') || '', + password: (document.getElementById('webshell-db-pass') || {}).value || '', + database: webshellDbGetFieldValue('webshell-db-name') || '', + sqlitePath: webshellDbGetFieldValue('webshell-db-sqlite-path') || '/tmp/test.db', + sql: (document.getElementById('webshell-db-sql') || {}).value || '' + }; + saveWebshellDbConfig(conn, cfg); + return cfg; +} + +function webshellDbUpdateFieldVisibility() { + var type = webshellDbGetFieldValue('webshell-db-type') || 'mysql'; + var isSqlite = type === 'sqlite'; + var blocks = document.querySelectorAll('.webshell-db-common-field'); + blocks.forEach(function (el) { el.style.display = isSqlite ? 'none' : ''; }); + var sqliteBlock = document.getElementById('webshell-db-sqlite-row'); + if (sqliteBlock) sqliteBlock.style.display = isSqlite ? '' : 'none'; + var portEl = document.getElementById('webshell-db-port'); + if (portEl && !String(portEl.value || '').trim()) { + if (type === 'mysql') portEl.value = '3306'; + else if (type === 'pgsql') portEl.value = '5432'; + else if (type === 'mssql') portEl.value = '1433'; + } +} + +function webshellDbSetOutput(text, isError) { + var outputEl = document.getElementById('webshell-db-output'); + if (!outputEl) return; + outputEl.textContent = text || ''; + outputEl.classList.toggle('error', !!isError); +} + +function buildWebshellDbCommand(cfg, isTestOnly) { + var type = cfg.type || 'mysql'; + var sql = String(isTestOnly ? 'SELECT 1;' : (cfg.sql || '')).trim(); + if (!sql) return { error: wsT('webshell.dbSqlRequired') || '请输入 SQL' }; + + var sqlB64 = btoa(unescape(encodeURIComponent(sql))); + var sqlB64Arg = escapeSingleQuotedShellArg(sqlB64); + var tmpFile = '/tmp/.csai_sql_$$.sql'; + var decodeToFile = 'printf %s ' + sqlB64Arg + " | base64 -d > " + tmpFile; + var cleanup = '; rc=$?; rm -f ' + tmpFile + '; echo "__CSAI_DB_RC__:$rc"; exit $rc'; + var command = ''; + + if (type === 'mysql') { + var host = escapeSingleQuotedShellArg(cfg.host || '127.0.0.1'); + var port = escapeSingleQuotedShellArg(cfg.port || '3306'); + var user = escapeSingleQuotedShellArg(cfg.username || 'root'); + var pass = escapeSingleQuotedShellArg(cfg.password || ''); + var db = cfg.database ? (' -D ' + escapeSingleQuotedShellArg(cfg.database)) : ''; + command = decodeToFile + '; MYSQL_PWD=' + pass + ' mysql -h ' + host + ' -P ' + port + ' -u ' + user + db + ' --batch --raw < ' + tmpFile + cleanup; + } else if (type === 'pgsql') { + var pHost = escapeSingleQuotedShellArg(cfg.host || '127.0.0.1'); + var pPort = escapeSingleQuotedShellArg(cfg.port || '5432'); + var pUser = escapeSingleQuotedShellArg(cfg.username || 'postgres'); + var pPass = escapeSingleQuotedShellArg(cfg.password || ''); + var pDb = escapeSingleQuotedShellArg(cfg.database || 'postgres'); + command = decodeToFile + '; PGPASSWORD=' + pPass + ' psql -h ' + pHost + ' -p ' + pPort + ' -U ' + pUser + ' -d ' + pDb + ' -f ' + tmpFile + cleanup; + } else if (type === 'sqlite') { + var sqlitePath = escapeSingleQuotedShellArg(cfg.sqlitePath || '/tmp/test.db'); + command = decodeToFile + '; sqlite3 -header -column ' + sqlitePath + ' < ' + tmpFile + cleanup; + } else if (type === 'mssql') { + var sHost = cfg.host || '127.0.0.1'; + var sPort = cfg.port || '1433'; + var sUser = escapeSingleQuotedShellArg(cfg.username || 'sa'); + var sPass = escapeSingleQuotedShellArg(cfg.password || ''); + var sDb = escapeSingleQuotedShellArg(cfg.database || 'master'); + var server = escapeSingleQuotedShellArg(sHost + ',' + sPort); + command = decodeToFile + '; sqlcmd -S ' + server + ' -U ' + sUser + ' -P ' + sPass + ' -d ' + sDb + ' -i ' + tmpFile + cleanup; + } else { + return { error: (wsT('webshell.dbExecFailed') || '数据库执行失败') + ': unsupported type ' + type }; + } + + return { command: command }; +} + +function parseWebshellDbExecOutput(rawOutput) { + var raw = String(rawOutput || ''); + var rc = null; + var cleaned = raw.replace(/__CSAI_DB_RC__:(\d+)\s*$/m, function (_, code) { + rc = parseInt(code, 10); + return ''; + }).trim(); + return { rc: rc, output: cleaned }; +} + +function simplifyWebshellAiError(rawMessage) { + var msg = String(rawMessage || '').trim(); + var lower = msg.toLowerCase(); + if ((lower.indexOf('401') !== -1 || lower.indexOf('unauthorized') !== -1) && + (lower.indexOf('api key') !== -1 || lower.indexOf('apikey') !== -1)) { + return '鉴权失败:API Key 未配置或无效(401)'; + } + if (lower.indexOf('timeout') !== -1 || lower.indexOf('timed out') !== -1) { + return '请求超时,请稍后重试'; + } + if (lower.indexOf('network') !== -1 || lower.indexOf('failed to fetch') !== -1) { + return '网络异常,请检查服务连通性'; + } + return msg || '请求失败'; +} + +function renderWebshellAiErrorMessage(targetEl, rawMessage) { + if (!targetEl) return; + var full = String(rawMessage || '').trim(); + var shortMsg = simplifyWebshellAiError(full); + targetEl.classList.add('webshell-ai-msg-error'); + targetEl.innerHTML = ''; + var head = document.createElement('div'); + head.className = 'webshell-ai-error-head'; + head.textContent = shortMsg; + targetEl.appendChild(head); + if (full && full !== shortMsg) { + var detail = document.createElement('details'); + detail.className = 'webshell-ai-error-detail'; + var summary = document.createElement('summary'); + summary.textContent = '查看详细错误'; + var pre = document.createElement('pre'); + pre.textContent = full; + detail.appendChild(summary); + detail.appendChild(pre); + targetEl.appendChild(detail); + } +} + function formatWebshellAiConvDate(updatedAt) { if (!updatedAt) return ''; var d = typeof updatedAt === 'string' ? new Date(updatedAt) : updatedAt; @@ -698,6 +897,7 @@ function selectWebshell(id) { '' + '' + '' + + '' + '' + '
' + '
' + @@ -753,6 +953,23 @@ function selectWebshell(id) { '' + '
' + '
' + + '' + + '
' + + '
' + + '' + + '' + + '' + + '' + + '' + + '' + + '' + + '
' + + '' + + '
' + + '' + + '' + + '
' + + '
' + (wsT('webshell.dbOutput') || '执行输出') + '
' + (wsT('webshell.dbCliHint') || '如果提示命令不存在,请先在目标主机安装对应客户端(mysql/psql/sqlite3/sqlcmd)') + '
' +
         '
';
 
     // Tab 切换
@@ -848,6 +1065,84 @@ function selectWebshell(id) {
         });
     }
 
+    // 数据库管理:通过 WebShell 执行数据库客户端命令
+    var dbTypeEl = document.getElementById('webshell-db-type');
+    var dbRunBtn = document.getElementById('webshell-db-run-btn');
+    var dbTestBtn = document.getElementById('webshell-db-test-btn');
+    var dbSqlEl = document.getElementById('webshell-db-sql');
+    var dbCfg = getWebshellDbConfig(conn);
+    if (dbTypeEl) dbTypeEl.value = dbCfg.type || 'mysql';
+    var dbHostEl = document.getElementById('webshell-db-host');
+    var dbPortEl = document.getElementById('webshell-db-port');
+    var dbUserEl = document.getElementById('webshell-db-user');
+    var dbPassEl = document.getElementById('webshell-db-pass');
+    var dbNameEl = document.getElementById('webshell-db-name');
+    var dbSqliteEl = document.getElementById('webshell-db-sqlite-path');
+    if (dbHostEl) dbHostEl.value = dbCfg.host || '127.0.0.1';
+    if (dbPortEl) dbPortEl.value = dbCfg.port || '';
+    if (dbUserEl) dbUserEl.value = dbCfg.username || '';
+    if (dbPassEl) dbPassEl.value = dbCfg.password || '';
+    if (dbNameEl) dbNameEl.value = dbCfg.database || '';
+    if (dbSqliteEl) dbSqliteEl.value = dbCfg.sqlitePath || '/tmp/test.db';
+    if (dbSqlEl) dbSqlEl.value = dbCfg.sql || 'SELECT 1;';
+    webshellDbUpdateFieldVisibility();
+
+    function runDbQuery(isTestOnly) {
+        if (!conn || !conn.id) {
+            webshellDbSetOutput(wsT('webshell.dbNoConn') || '请先选择 WebShell 连接', true);
+            return;
+        }
+        if (webshellRunning) {
+            webshellDbSetOutput(wsT('webshell.dbRunning') || '数据库命令执行中,请稍候', true);
+            return;
+        }
+        var cfg = webshellDbCollectConfig(conn);
+        var built = buildWebshellDbCommand(cfg, !!isTestOnly);
+        if (!built.command) {
+            webshellDbSetOutput(built.error || (wsT('webshell.dbExecFailed') || '数据库执行失败'), true);
+            return;
+        }
+        webshellDbSetOutput(wsT('webshell.running') || '执行中…', false);
+        webshellRunning = true;
+        if (dbRunBtn) dbRunBtn.disabled = true;
+        if (dbTestBtn) dbTestBtn.disabled = true;
+        execWebshellCommand(conn, built.command).then(function (out) {
+            var parsed = parseWebshellDbExecOutput(out);
+            var code = parsed.rc;
+            var content = parsed.output || '';
+            var success = (code === 0) || (code == null && content && !/error|failed|denied|unknown|not found|access/i.test(content));
+            if (isTestOnly) {
+                var maybeOne = /\b1\b/.test(content);
+                if (success && (maybeOne || content === '' || /^ok$/i.test(content))) {
+                    webshellDbSetOutput('连接测试通过');
+                } else {
+                    webshellDbSetOutput('连接测试失败' + (content ? (':\n' + content) : ''), true);
+                }
+                return;
+            }
+            if (!success) {
+                webshellDbSetOutput((wsT('webshell.dbExecFailed') || '数据库执行失败') + (content ? (':\n' + content) : ''), true);
+                return;
+            }
+            webshellDbSetOutput(content || '执行完成(无输出)');
+        }).catch(function (err) {
+            webshellDbSetOutput((wsT('webshell.dbExecFailed') || '数据库执行失败') + ': ' + (err && err.message ? err.message : String(err)), true);
+        }).finally(function () {
+            webshellRunning = false;
+            if (dbRunBtn) dbRunBtn.disabled = false;
+            if (dbTestBtn) dbTestBtn.disabled = false;
+        });
+    }
+
+    if (dbTypeEl) dbTypeEl.addEventListener('change', function () { webshellDbUpdateFieldVisibility(); webshellDbCollectConfig(conn); });
+    ['webshell-db-host', 'webshell-db-port', 'webshell-db-user', 'webshell-db-pass', 'webshell-db-name', 'webshell-db-sqlite-path'].forEach(function (id) {
+        var el = document.getElementById(id);
+        if (el) el.addEventListener('change', function () { webshellDbCollectConfig(conn); });
+    });
+    if (dbSqlEl) dbSqlEl.addEventListener('change', function () { webshellDbCollectConfig(conn); });
+    if (dbRunBtn) dbRunBtn.addEventListener('click', function () { runDbQuery(false); });
+    if (dbTestBtn) dbTestBtn.addEventListener('click', function () { runDbQuery(true); });
+
     initWebshellTerminal(conn);
 }
 
@@ -1013,7 +1308,7 @@ function runWebshellAiSend(conn, inputEl, sendBtn, messagesContainer) {
         });
     }).then(function (response) {
         if (!response.ok) {
-            assistantDiv.textContent = '请求失败: ' + response.status;
+            renderWebshellAiErrorMessage(assistantDiv, '请求失败: HTTP ' + response.status);
             return;
         }
         return response.body.getReader();
@@ -1068,7 +1363,7 @@ function runWebshellAiSend(conn, inputEl, sendBtn, messagesContainer) {
                         streamingTypingId += 1;
                         var errLabel = (typeof window.t === 'function') ? window.t('chat.error') : '错误';
                         appendTimelineItem('error', '❌ ' + errLabel, eventData.message, eventData.data);
-                        assistantDiv.textContent = errLabel + ': ' + eventData.message;
+                        renderWebshellAiErrorMessage(assistantDiv, errLabel + ': ' + eventData.message);
                     } else if (eventData.type === 'progress' && eventData.message) {
                         var progressMsg = (typeof window.translateProgressMessage === 'function')
                             ? window.translateProgressMessage(eventData.message)
@@ -1176,7 +1471,7 @@ function runWebshellAiSend(conn, inputEl, sendBtn, messagesContainer) {
             return reader.read().then(processChunk);
         });
     }).catch(function (err) {
-        assistantDiv.textContent = '请求异常: ' + (err && err.message ? err.message : String(err));
+        renderWebshellAiErrorMessage(assistantDiv, '请求异常: ' + (err && err.message ? err.message : String(err)));
     }).then(function () {
         webshellAiSending = false;
         if (sendBtn) sendBtn.disabled = false;
@@ -2024,9 +2319,11 @@ function refreshWebshellUIOnLanguageChange() {
             var tabTerminal = workspace.querySelector('.webshell-tab[data-tab="terminal"]');
             var tabFile = workspace.querySelector('.webshell-tab[data-tab="file"]');
             var tabAi = workspace.querySelector('.webshell-tab[data-tab="ai"]');
+            var tabDb = workspace.querySelector('.webshell-tab[data-tab="db"]');
             if (tabTerminal) tabTerminal.textContent = wsT('webshell.tabTerminal');
             if (tabFile) tabFile.textContent = wsT('webshell.tabFileManager');
             if (tabAi) tabAi.textContent = wsT('webshell.tabAiAssistant') || 'AI 助手';
+            if (tabDb) tabDb.textContent = wsT('webshell.tabDbManager') || '数据库管理';
 
             var quickLabel = workspace.querySelector('.webshell-quick-label');
             if (quickLabel) quickLabel.textContent = (wsT('webshell.quickCommands') || '快捷命令') + ':';
@@ -2059,6 +2356,30 @@ function refreshWebshellUIOnLanguageChange() {
             if (aiInput) aiInput.placeholder = wsT('webshell.aiPlaceholder') || '例如:列出当前目录下的文件';
             var aiSendBtn = document.getElementById('webshell-ai-send');
             if (aiSendBtn) aiSendBtn.textContent = wsT('webshell.aiSend') || '发送';
+            var dbTypeLabel = document.querySelector('#webshell-db-type') ? document.querySelector('#webshell-db-type').closest('label') : null;
+            if (dbTypeLabel && dbTypeLabel.querySelector('span')) dbTypeLabel.querySelector('span').textContent = wsT('webshell.dbType') || '数据库类型';
+            var dbHostLabel = document.querySelector('#webshell-db-host') ? document.querySelector('#webshell-db-host').closest('label') : null;
+            if (dbHostLabel && dbHostLabel.querySelector('span')) dbHostLabel.querySelector('span').textContent = wsT('webshell.dbHost') || '主机';
+            var dbPortLabel = document.querySelector('#webshell-db-port') ? document.querySelector('#webshell-db-port').closest('label') : null;
+            if (dbPortLabel && dbPortLabel.querySelector('span')) dbPortLabel.querySelector('span').textContent = wsT('webshell.dbPort') || '端口';
+            var dbUserLabel = document.querySelector('#webshell-db-user') ? document.querySelector('#webshell-db-user').closest('label') : null;
+            if (dbUserLabel && dbUserLabel.querySelector('span')) dbUserLabel.querySelector('span').textContent = wsT('webshell.dbUsername') || '用户名';
+            var dbPassLabel = document.querySelector('#webshell-db-pass') ? document.querySelector('#webshell-db-pass').closest('label') : null;
+            if (dbPassLabel && dbPassLabel.querySelector('span')) dbPassLabel.querySelector('span').textContent = wsT('webshell.dbPassword') || '密码';
+            var dbNameLabel = document.querySelector('#webshell-db-name') ? document.querySelector('#webshell-db-name').closest('label') : null;
+            if (dbNameLabel && dbNameLabel.querySelector('span')) dbNameLabel.querySelector('span').textContent = wsT('webshell.dbName') || '数据库名';
+            var dbSqliteLabel = document.querySelector('#webshell-db-sqlite-path') ? document.querySelector('#webshell-db-sqlite-path').closest('label') : null;
+            if (dbSqliteLabel && dbSqliteLabel.querySelector('span')) dbSqliteLabel.querySelector('span').textContent = wsT('webshell.dbSqlitePath') || 'SQLite 文件路径';
+            var dbRunBtn = document.getElementById('webshell-db-run-btn');
+            if (dbRunBtn) dbRunBtn.textContent = wsT('webshell.dbRunSql') || '执行 SQL';
+            var dbTestBtn = document.getElementById('webshell-db-test-btn');
+            if (dbTestBtn) dbTestBtn.textContent = wsT('webshell.dbTest') || '测试连接';
+            var dbSql = document.getElementById('webshell-db-sql');
+            if (dbSql) dbSql.placeholder = wsT('webshell.dbSqlPlaceholder') || '输入 SQL,例如:SELECT version();';
+            var dbTitle = document.querySelector('.webshell-db-output-title');
+            if (dbTitle) dbTitle.textContent = wsT('webshell.dbOutput') || '执行输出';
+            var dbHint = document.querySelector('.webshell-db-hint');
+            if (dbHint) dbHint.textContent = wsT('webshell.dbCliHint') || '如果提示命令不存在,请先在目标主机安装对应客户端(mysql/psql/sqlite3/sqlcmd)';
 
             // 如果当前 AI 对话区只有系统就绪提示(没有用户消息),用当前语言重置这条提示
             var aiMessages = document.getElementById('webshell-ai-messages');