@anyul/koishi-plugin-rss 5.2.1 → 5.2.3

package/lib/utils/error-tracker.js

@@ -19,16 +19,28 @@ exports.setUser = setUser;
 exports.TracePerformance = TracePerformance;
 exports.wrapAsyncFunction = wrapAsyncFunction;
 exports.withErrorTracking = withErrorTracking;
+const error_handler_1 = require("./error-handler");
+const logger_1 = require("./logger");
 // 动态导入 Sentry，避免未安装时编译失败
 let Sentry = null;
+let sentryDependencyWarningShown = false;
 try {
     // eslint-disable-next-line @typescript-eslint/no-var-requires
     Sentry = require('@sentry/node');
 }
 catch {
-    // Sentry 未安装，功能将被禁用
-    console.warn('Sentry not installed. Error tracking will be disabled.');
-    console.warn('To enable error tracking, install: npm install @sentry/node');
+    Sentry = null;
+}
+function warnMissingSentryDependency() {
+    if (sentryDependencyWarningShown)
+        return;
+    sentryDependencyWarningShown = true;
+    logger_1.logger.warn('[error-tracker] Sentry not installed. Error tracking will be disabled.');
+    logger_1.logger.warn('[error-tracker] To enable error tracking, install: npm install @sentry/node');
+}
+function logSentryInitError(error) {
+    const errorMessage = error instanceof Error ? error.message : String(error);
+    logger_1.logger.error(`[error-tracker] Failed to initialize Sentry: ${errorMessage}`);
 }
 /**
  * 错误追踪器类
@@ -43,7 +55,11 @@ class ErrorTracker {
      * 初始化 Sentry
      */
     init() {
-        if (!this.config.enabled || !this.config.dsn || !Sentry) {
+        if (!this.config.enabled || !this.config.dsn) {
+            return;
+        }
+        if (!Sentry) {
+            warnMissingSentryDependency();
             return;
         }
         try {
@@ -72,7 +88,7 @@ class ErrorTracker {
             this.initialized = true;
         }
         catch (error) {
-            console.error('Failed to initialize Sentry:', error);
+            logSentryInitError(error);
         }
     }
     /**
@@ -190,7 +206,7 @@ let globalErrorTracker = null;
  * 初始化全局错误追踪器
  */
 function initErrorTracker(config) {
-    if (!globalErrorTracker) {
+    if (!globalErrorTracker || !globalErrorTracker.isInitialized()) {
         globalErrorTracker = new ErrorTracker(config);
         globalErrorTracker.init();
     }
@@ -322,14 +338,14 @@ function withErrorTracking(fn, context, errorMessage) {
             // 处理 Promise
             if (result instanceof Promise) {
                 return result.catch((error) => {
-                    trackError(error, context);
+                    trackError((0, error_handler_1.normalizeError)(error, errorMessage || 'Unknown error'), context);
                     throw error;
                 });
             }
             return result;
         }
         catch (error) {
-            trackError(error, context);
+            trackError((0, error_handler_1.normalizeError)(error, errorMessage || 'Unknown error'), context);
             throw error;
         }
     });

package/lib/utils/fetcher.js

@@ -6,8 +6,11 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createHttpFunction = exports.RequestManager = void 0;
 const axios_1 = __importDefault(require("axios"));
 const https_proxy_agent_1 = require("https-proxy-agent");
+const error_handler_1 = require("./error-handler");
+const error_tracker_1 = require("./error-tracker");
 const logger_1 = require("./logger");
 const common_1 = require("./common");
+const security_1 = require("./security");
 // 简化版 RequestManager，仅用于普通 API 请求，大文件下载建议绕过
 class RequestManager {
     queue = [];
@@ -69,14 +72,42 @@ class RequestManager {
 exports.RequestManager = RequestManager;
 const createHttpFunction = (ctx, config, requestManager) => {
     return async (url, arg, requestConfig = {}) => {
+        const isHeavyRequest = requestConfig.responseType === 'arraybuffer' || requestConfig.responseType === 'stream';
+        const requestType = isHeavyRequest ? 'heavy' : 'normal';
+        const requestTimeout = (arg.timeout || 60) * 1000;
+        const requestDebug = (0, logger_1.createDebugWithContext)(config, {
+            url,
+            requestType,
+            isHeavyRequest,
+            timeout: requestTimeout,
+        });
+        // URL 安全验证
+        try {
+            (0, security_1.validateUrlOrThrow)(url, (0, security_1.getSecurityOptions)(config));
+        }
+        catch (error) {
+            if (error instanceof security_1.SecurityError) {
+                const normalizedError = (0, error_handler_1.normalizeError)(error);
+                requestDebug(`URL 安全验证失败: ${normalizedError.message}`, 'security', 'error', {
+                    stage: 'security-validation',
+                });
+                (0, error_tracker_1.trackError)(normalizedError, {
+                    url,
+                    requestType,
+                    isHeavyRequest,
+                    stage: 'security-validation',
+                });
+                throw error;
+            }
+            throw error;
+        }
         // 关键修改：如果检测到是大文件下载（responseType 为 arraybuffer 或 stream），绕过队列直接请求
         // 这样避免视频下载阻塞 RSS 轮询，也避免因队列超时导致下载失败
-        const isHeavyRequest = requestConfig.responseType === 'arraybuffer' || requestConfig.responseType === 'stream';
         const makeRequest = async () => {
             // 基础配置
-            (0, logger_1.debug)(config, `[DEBUG_PROXY] fetcher makeRequest arg.proxyAgent: ${JSON.stringify(arg?.proxyAgent)}`, 'request', 'details');
+            requestDebug(`[DEBUG_PROXY] fetcher makeRequest arg.proxyAgent: ${JSON.stringify(arg?.proxyAgent)}`, 'request', 'details');
             let configObj = {
-                timeout: (arg.timeout || 60) * 1000,
+                timeout: requestTimeout,
                 headers: {
                     'User-Agent': config.net.userAgent || 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36'
                 },
@@ -95,10 +126,15 @@ const createHttpFunction = (ctx, config, requestManager) => {
                         port: config.net.proxyAgent.port,
                         auth: config.net.proxyAgent.auth?.enabled ? config.net.proxyAgent.auth : undefined
                     };
-                    (0, logger_1.debug)(config, `[DEBUG_PROXY] fetcher 使用防御性全局代理`, 'request', 'details');
+                    requestDebug(`[DEBUG_PROXY] fetcher 使用防御性全局代理`, 'request', 'details', {
+                        proxyEnabled: true,
+                        proxyUrl: config.net.proxyAgent.host
+                            ? `${config.net.proxyAgent.protocol}://${config.net.proxyAgent.host}:${config.net.proxyAgent.port}`
+                            : '',
+                    });
                 }
             }
-            const proxyEnabled = currentProxyAgent?.enabled;
+            const proxyEnabled = Boolean(currentProxyAgent?.enabled);
             let proxyUrl = '';
             if (proxyEnabled && currentProxyAgent.host) {
                 proxyUrl = `${currentProxyAgent.protocol}://${currentProxyAgent.host}:${currentProxyAgent.port}`;
@@ -113,13 +149,17 @@ const createHttpFunction = (ctx, config, requestManager) => {
                 delete requestConfig.headers;
             }
             const finalConfig = { ...configObj, ...requestConfig };
+            const requestContext = {
+                proxyEnabled,
+                proxyUrl,
+            };
             // 对于重请求，打印更详细的日志（包含代理状态）
             if (isHeavyRequest) {
                 const proxyInfo = proxyEnabled ? ` [代理: ${proxyUrl}]` : ' [直连]';
-                (0, logger_1.debug)(config, `Heavy Request${proxyInfo}: ${url}`, 'request', 'details');
+                requestDebug(`Heavy Request${proxyInfo}: ${url}`, 'request', 'details', requestContext);
             }
             else {
-                (0, logger_1.debug)(config, `Request: ${url}`, 'request', 'details');
+                requestDebug(`Request: ${url}`, 'request', 'details', requestContext);
             }
             let retries = 3;
             let lastError;
@@ -133,12 +173,31 @@ const createHttpFunction = (ctx, config, requestManager) => {
                     const status = error.response?.status || 'Unknown';
                     const errMsg = error.message || error.code || error;
                     if (retries > 0) {
-                        (0, logger_1.debug)(config, `[Request Retry] 剩余 ${retries} 次: ${url} [Status: ${status}] ${errMsg}`, 'request', 'info');
+                        requestDebug(`[Request Retry] 剩余 ${retries} 次: ${url} [Status: ${status}] ${errMsg}`, 'request', 'info', {
+                            ...requestContext,
+                            retryCount: 3 - retries,
+                            retriesRemaining: retries,
+                            status,
+                        });
                         await (0, common_1.sleep)(1500); // 增加重试间隔
                     }
                 }
             }
-            throw lastError || new Error('Max retries reached');
+            const normalizedError = (0, error_handler_1.normalizeError)(lastError || new Error('Max retries reached'));
+            const status = lastError?.response?.status || 'Unknown';
+            requestDebug(`Request failed after retries: ${normalizedError.message}`, 'request', 'error', {
+                ...requestContext,
+                status,
+                retriesRemaining: 0,
+            });
+            (0, error_tracker_1.trackError)(normalizedError, {
+                url,
+                requestType,
+                isHeavyRequest,
+                status,
+                ...requestContext,
+            });
+            throw normalizedError;
         };
         if (isHeavyRequest) {
             return makeRequest(); // 直接执行，不走队列

package/lib/utils/logger.d.ts

@@ -1,6 +1,8 @@
 import { Logger } from 'koishi';
 import { Config } from '../types';
 declare const logger: Logger;
+export type DebugLogType = "disable" | "error" | "info" | "details";
+export declare function shouldLog(config: Config, type: DebugLogType): boolean;
 /**
  * 增强的调试日志函数
  *
@@ -10,7 +12,7 @@ declare const logger: Logger;
  * @param type - 日志级别
  * @param context - 额外的上下文信息
  */
-export declare function debug(config: Config, message: any, name?: string, type?: "disable" | "error" | "info" | "details", context?: Record<string, any>): void;
+export declare function debug(config: Config, message: any, name?: string, type?: DebugLogType, context?: Record<string, any>): void;
 /**
  * 便捷函数：记录错误日志
  */
@@ -31,5 +33,5 @@ export declare function debugInfo(config: Config, message: any, name?: string, c
  * feedDebug('Processing feed', 'feeder', 'info')
  * // 输出会自动包含 guildId 和 platform
  */
-export declare function createDebugWithContext(config: Config, fixedContext: Record<string, any>): (message: any, name?: string, type?: "disable" | "error" | "info" | "details", additionalContext?: Record<string, any>) => void;
+export declare function createDebugWithContext(config: Config, fixedContext: Record<string, any>): (message: any, name?: string, type?: DebugLogType, additionalContext?: Record<string, any>) => void;
 export { logger };

package/lib/utils/logger.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.logger = void 0;
+exports.shouldLog = shouldLog;
 exports.debug = debug;
 exports.debugError = debugError;
 exports.debugInfo = debugInfo;
@@ -9,6 +10,132 @@ const koishi_1 = require("koishi");
 const types_1 = require("../types");
 const logger = new koishi_1.Logger('rss-owl');
 exports.logger = logger;
+function shouldLog(config, type) {
+    const typeLevel = types_1.debugLevel.findIndex(i => i === type);
+    if (typeLevel < 1)
+        return false;
+    const configLevel = types_1.debugLevel.findIndex(i => i === config.debug);
+    if (configLevel < 0)
+        return false;
+    return typeLevel <= configLevel;
+}
+/**
+ * 敏感信息模式定义
+ */
+const SENSITIVE_PATTERNS = [
+    // API Key 模式
+    { pattern: /api[_-]?key["']?\s*[:=]\s*["']?([^"'&\s,}]+)/gi, replacement: 'api_key=***' },
+    // Bearer Token
+    { pattern: /Bearer\s+([A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+)/gi, replacement: 'Bearer ***' },
+    // Basic Auth
+    { pattern: /Basic\s+([A-Za-z0-9+/=]+)/gi, replacement: 'Basic ***' },
+    // 代理认证
+    { pattern: /([a-zA-Z]+):\/\/([^:]+):([^@]+)@/gi, replacement: '$1://$2:***@' },
+    // 密码字段
+    { pattern: /["']?password["']?\s*[:=]\s*["']?([^"'&\s,}]+)/gi, replacement: 'password=***' },
+    // 密钥字段
+    { pattern: /["']?secret["']?\s*[:=]\s*["']?([^"'&\s,}]+)/gi, replacement: 'secret=***' },
+    { pattern: /["']?token["']?\s*[:=]\s*["']?([^"'&\s,}]+)/gi, replacement: 'token=***' },
+    // AWS Access Key
+    { pattern: /(AKIA|ABIA|ACCA|ASIA)[0-9A-Z]{16}/g, replacement: '***' },
+    // GitHub Token
+    { pattern: /(ghp|gho|ghu|ghs|ghr)_[A-Za-z0-9_]{36,}/g, replacement: '***' },
+    // JWT Token (更精确的匹配)
+    { pattern: /eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/g, replacement: '***' },
+];
+/**
+ * 脱敏日志消息，移除敏感信息
+ *
+ * @param message - 原始消息（字符串或对象）
+ * @returns 脱敏后的消息
+ */
+function sanitizeLogMessage(message) {
+    if (typeof message === 'string') {
+        let sanitized = message;
+        for (const { pattern, replacement } of SENSITIVE_PATTERNS) {
+            sanitized = sanitized.replace(pattern, replacement);
+        }
+        return sanitized;
+    }
+    if (message === null || message === undefined) {
+        return message;
+    }
+    if (message instanceof Error) {
+        const sanitizedError = new Error(sanitizeLogMessage(message.message));
+        sanitizedError.name = message.name;
+        return sanitizedError;
+    }
+    // 如果是对象，深度脱敏
+    if (typeof message === 'object') {
+        try {
+            // 先序列化再脱敏，然后反序列化
+            const jsonStr = JSON.stringify(message);
+            let sanitized = jsonStr;
+            for (const { pattern, replacement } of SENSITIVE_PATTERNS) {
+                sanitized = sanitized.replace(pattern, replacement);
+            }
+            return JSON.parse(sanitized);
+        }
+        catch {
+            // 如果序列化失败，返回原始对象的脱敏版本
+            return sanitizeObject(message);
+        }
+    }
+    return message;
+}
+/**
+ * 递归脱敏对象中的敏感字段
+ */
+function sanitizeObject(obj, depth = 0) {
+    // 防止无限递归
+    if (depth > 5 || obj === null || obj === undefined) {
+        return obj;
+    }
+    // 敏感字段列表
+    const sensitiveFields = new Set([
+        'password', 'passwd', 'secret', 'token', 'apiKey', 'api_key',
+        'apikey', 'accessToken', 'access_token', 'refreshToken', 'refresh_token',
+        'auth', 'authorization', 'credential', 'privateKey', 'private_key',
+        'sessionId', 'session_id', 'sessionid', 'cookie', 'x-api-key',
+        'x-api-key', 'bearer', 'basic'
+    ]);
+    if (Array.isArray(obj)) {
+        return obj.map(item => sanitizeObject(item, depth + 1));
+    }
+    if (typeof obj === 'object') {
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            const lowerKey = key.toLowerCase();
+            if (sensitiveFields.has(lowerKey) || lowerKey.includes('secret') || lowerKey.includes('token')) {
+                result[key] = '***';
+            }
+            else if (typeof value === 'object') {
+                result[key] = sanitizeObject(value, depth + 1);
+            }
+            else if (typeof value === 'string') {
+                // 检查字符串值是否包含可能的 token
+                if (value.length > 30 && /[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+/.test(value)) {
+                    result[key] = '***';
+                }
+                else {
+                    result[key] = value;
+                }
+            }
+            else {
+                result[key] = value;
+            }
+        }
+        return result;
+    }
+    return obj;
+}
+function emitLog(type, content) {
+    if (type === 'error') {
+        logger.error(content);
+        return;
+    }
+    logger.info(content);
+}
 /**
  * 增强的调试日志函数
  *
@@ -19,11 +146,16 @@ exports.logger = logger;
  * @param context - 额外的上下文信息
  */
 function debug(config, message, name = '', type = 'details', context) {
-    const typeLevel = types_1.debugLevel.findIndex(i => i == type);
-    if (typeLevel < 1)
-        return;
-    if (typeLevel > types_1.debugLevel.findIndex(i => i == config.debug))
+    if (!shouldLog(config, type))
         return;
+    // 检查是否启用日志脱敏（默认启用）
+    const sanitizeEnabled = config.logging?.sanitizeLogs !== false;
+    if (sanitizeEnabled) {
+        message = sanitizeLogMessage(message);
+        if (context) {
+            context = sanitizeObject(context);
+        }
+    }
     // 获取日志配置
     const loggingConfig = config.logging || {};
     // 格式化消息内容
@@ -31,6 +163,12 @@ function debug(config, message, name = '', type = 'details', context) {
     if (typeof message === 'string') {
         formattedMessage = message;
     }
+    else if (message instanceof Error) {
+        formattedMessage = message.message || String(message);
+    }
+    else if (typeof message === 'function') {
+        formattedMessage = String(message);
+    }
     else if (message === null || message === undefined) {
         formattedMessage = String(message);
     }
@@ -86,7 +224,7 @@ function debug(config, message, name = '', type = 'details', context) {
             }
         }
         // 输出结构化日志
-        logger.info(JSON.stringify(logEntry));
+        emitLog(type, JSON.stringify(logEntry));
     }
     else {
         // 传统文本格式
@@ -102,7 +240,7 @@ function debug(config, message, name = '', type = 'details', context) {
                 .join(' ');
             textOutput += ` | ${contextStr}`;
         }
-        logger.info(textOutput);
+        emitLog(type, textOutput);
     }
 }
 /**

package/lib/utils/media.js

@@ -57,12 +57,9 @@ exports.getCacheDir = getCacheDir;
 const writeCacheFile = async (fileUrl, config) => {
     const cacheDir = (0, exports.getCacheDir)(config);
     (0, logger_1.debug)(config, cacheDir, 'cacheDir', 'details');
-    let fileList = fs.readdirSync(cacheDir);
-    let suffix = /(?<=^data:.+?\/).+?(?=;base64)/.exec(fileUrl)[0];
-    let fileName = `${parseInt((Math.random() * 10000000).toString()).toString()}.${suffix}`;
-    while (fileList.find(i => i == fileName)) {
-        fileName = `${parseInt((Math.random() * 10000000).toString()).toString()}.${suffix}`;
-    }
+    let suffix = /(?<=^data:.+?\/).+?(?=;base64)/.exec(fileUrl)?.[0] || 'bin';
+    // 使用时间戳 + 随机数生成唯一文件名，避免竞态条件
+    let fileName = `${Date.now()}-${Math.random().toString(36).substring(2, 11)}.${suffix}`;
     let base64Data = fileUrl.replace(/^data:.+?;base64,/, "");
     let filePath = `${cacheDir}/${fileName}`;
     fs.writeFileSync(filePath, base64Data, 'base64');

package/lib/utils/sanitizer.d.ts

@@ -0,0 +1,58 @@
+import { Config } from '../types';
+/**
+ * 清理 HTML 内容，移除潜在恶意代码
+ *
+ * @param html - 要清理的 HTML 字符串
+ * @param config - 可选的额外配置
+ * @returns 清理后的 HTML 字符串
+ */
+export declare function sanitizeHtml(html: string, config?: Record<string, unknown>): string;
+/**
+ * 清理并返回纯文本（用于需要提取文本的场景）
+ *
+ * @param html - 要清理的 HTML 字符串
+ * @returns 清理后的纯文本
+ */
+export declare function sanitizeToText(html: string): string;
+/**
+ * 清理 HTML 中的图片 URL
+ *
+ * @param html - 包含图片的 HTML 字符串
+ * @returns 清理后的 HTML（图片 URL 已验证）
+ */
+export declare function sanitizeImageUrls(html: string): string;
+/**
+ * 清理链接（a 标签）
+ *
+ * @param html - 包含链接的 HTML 字符串
+ * @returns 清理后的 HTML（链接已安全化）
+ */
+export declare function sanitizeLinks(html: string): string;
+/**
+ * 创建带有 HTML 清理功能的模板内容处理函数
+ *
+ * @param config - 配置对象
+ * @returns 清理函数
+ */
+export declare function createSanitizer(config: Config): {
+    /**
+     * 清理 HTML 内容
+     */
+    sanitize: (html: string) => string;
+    /**
+     * 清理并返回纯文本
+     */
+    sanitizeToText: (html: string) => string;
+    /**
+     * 清理图片
+     */
+    sanitizeImages: (html: string) => string;
+    /**
+     * 清理链接
+     */
+    sanitizeLinks: (html: string) => string;
+    /**
+     * 检查是否启用清理
+     */
+    isEnabled: () => boolean;
+};